|
1 [DEFAULT] |
|
2 # Show more verbose log output (sets INFO log level output) |
|
3 #verbose = False |
|
4 |
|
5 # Show debugging output in logs (sets DEBUG log level output) |
|
6 #debug = False |
|
7 |
|
8 # Which backend scheme should Glance use by default is not specified |
|
9 # in a request to add a new image to Glance? Known schemes are determined |
|
10 # by the known_stores option below. |
|
11 # Default: 'file' |
|
12 default_store = file |
|
13 |
|
14 # List of which store classes and store class locations are |
|
15 # currently known to glance at startup. |
|
16 #known_stores = glance.store.filesystem.Store, |
|
17 # glance.store.http.Store, |
|
18 # glance.store.rbd.Store, |
|
19 # glance.store.s3.Store, |
|
20 # glance.store.swift.Store, |
|
21 |
|
22 |
|
23 # Maximum image size (in bytes) that may be uploaded through the |
|
24 # Glance API server. Defaults to 1 TB. |
|
25 # WARNING: this value should only be increased after careful consideration |
|
26 # and must be set to a value under 8 EB (9223372036854775808). |
|
27 #image_size_cap = 1099511627776 |
|
28 |
|
29 # Address to bind the API server |
|
30 bind_host = 0.0.0.0 |
|
31 |
|
32 # Port the bind the API server to |
|
33 bind_port = 9292 |
|
34 |
|
35 # Log to this file. Make sure you do not set the same log |
|
36 # file for both the API and registry servers! |
|
37 log_file = /var/log/glance/api.log |
|
38 |
|
39 # Backlog requests when creating socket |
|
40 backlog = 4096 |
|
41 |
|
42 # TCP_KEEPIDLE value in seconds when creating socket. |
|
43 # Not supported on OS X. |
|
44 #tcp_keepidle = 600 |
|
45 |
|
46 # SQLAlchemy connection string for the reference implementation |
|
47 # registry server. Any valid SQLAlchemy connection string is fine. |
|
48 # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine |
|
49 sql_connection = sqlite:////var/lib/glance/glance.sqlite |
|
50 |
|
51 # Period in seconds after which SQLAlchemy should reestablish its connection |
|
52 # to the database. |
|
53 # |
|
54 # MySQL uses a default `wait_timeout` of 8 hours, after which it will drop |
|
55 # idle connections. This can result in 'MySQL Gone Away' exceptions. If you |
|
56 # notice this, you can lower this value to ensure that SQLAlchemy reconnects |
|
57 # before MySQL can drop the connection. |
|
58 sql_idle_timeout = 3600 |
|
59 |
|
60 # Number of Glance API worker processes to start. |
|
61 # On machines with more than one CPU increasing this value |
|
62 # may improve performance (especially if using SSL with |
|
63 # compression turned on). It is typically recommended to set |
|
64 # this value to the number of CPUs present on your machine. |
|
65 workers = 1 |
|
66 |
|
67 # Role used to identify an authenticated user as administrator |
|
68 #admin_role = admin |
|
69 |
|
70 # Allow unauthenticated users to access the API with read-only |
|
71 # privileges. This only applies when using ContextMiddleware. |
|
72 #allow_anonymous_access = False |
|
73 |
|
74 # Allow access to version 1 of glance api |
|
75 #enable_v1_api = True |
|
76 |
|
77 # Allow access to version 2 of glance api |
|
78 #enable_v2_api = True |
|
79 |
|
80 # Return the URL that references where the data is stored on |
|
81 # the backend storage system. For example, if using the |
|
82 # file system store a URL of 'file:///path/to/image' will |
|
83 # be returned to the user in the 'direct_url' meta-data field. |
|
84 # The default value is false. |
|
85 #show_image_direct_url = False |
|
86 |
|
87 # ================= Syslog Options ============================ |
|
88 |
|
89 # Send logs to syslog (/dev/log) instead of to file specified |
|
90 # by `log_file` |
|
91 #use_syslog = False |
|
92 |
|
93 # Facility to use. If unset defaults to LOG_USER. |
|
94 #syslog_log_facility = LOG_LOCAL0 |
|
95 |
|
96 # ================= SSL Options =============================== |
|
97 |
|
98 # Certificate file to use when starting API server securely |
|
99 #cert_file = /path/to/certfile |
|
100 |
|
101 # Private key file to use when starting API server securely |
|
102 #key_file = /path/to/keyfile |
|
103 |
|
104 # CA certificate file to use to verify connecting clients |
|
105 #ca_file = /path/to/cafile |
|
106 |
|
107 # ================= Security Options ========================== |
|
108 |
|
109 # AES key for encrypting store 'location' metadata, including |
|
110 # -- if used -- Swift or S3 credentials |
|
111 # Should be set to a random string of length 16, 24 or 32 bytes |
|
112 #metadata_encryption_key = <16, 24 or 32 char registry metadata key> |
|
113 |
|
114 # ============ Registry Options =============================== |
|
115 |
|
116 # Address to find the registry server |
|
117 registry_host = 0.0.0.0 |
|
118 |
|
119 # Port the registry server is listening on |
|
120 registry_port = 9191 |
|
121 |
|
122 # What protocol to use when connecting to the registry server? |
|
123 # Set to https for secure HTTP communication |
|
124 registry_client_protocol = http |
|
125 |
|
126 # The path to the key file to use in SSL connections to the |
|
127 # registry server, if any. Alternately, you may set the |
|
128 # GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file |
|
129 #registry_client_key_file = /path/to/key/file |
|
130 |
|
131 # The path to the cert file to use in SSL connections to the |
|
132 # registry server, if any. Alternately, you may set the |
|
133 # GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file |
|
134 #registry_client_cert_file = /path/to/cert/file |
|
135 |
|
136 # The path to the certifying authority cert file to use in SSL connections |
|
137 # to the registry server, if any. Alternately, you may set the |
|
138 # GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file |
|
139 #registry_client_ca_file = /path/to/ca/file |
|
140 |
|
141 # When using SSL in connections to the registry server, do not require |
|
142 # validation via a certifying authority. This is the registry's equivalent of |
|
143 # specifying --insecure on the command line using glanceclient for the API |
|
144 # Default: False |
|
145 #registry_client_insecure = False |
|
146 |
|
147 # The period of time, in seconds, that the API server will wait for a registry |
|
148 # request to complete. A value of '0' implies no timeout. |
|
149 # Default: 600 |
|
150 #registry_client_timeout = 600 |
|
151 |
|
152 # Whether to automatically create the database tables. |
|
153 # Default: False |
|
154 #db_auto_create = False |
|
155 |
|
156 # ============ Notification System Options ===================== |
|
157 |
|
158 # Notifications can be sent when images are create, updated or deleted. |
|
159 # There are three methods of sending notifications, logging (via the |
|
160 # log_file directive), rabbit (via a rabbitmq queue), qpid (via a Qpid |
|
161 # message queue), or noop (no notifications sent, the default) |
|
162 notifier_strategy = noop |
|
163 |
|
164 # Configuration options if sending notifications via rabbitmq (these are |
|
165 # the defaults) |
|
166 rabbit_host = localhost |
|
167 rabbit_port = 5672 |
|
168 rabbit_use_ssl = false |
|
169 rabbit_userid = guest |
|
170 rabbit_password = guest |
|
171 rabbit_virtual_host = / |
|
172 rabbit_notification_exchange = glance |
|
173 rabbit_notification_topic = notifications |
|
174 rabbit_durable_queues = False |
|
175 |
|
176 # Configuration options if sending notifications via Qpid (these are |
|
177 # the defaults) |
|
178 qpid_notification_exchange = glance |
|
179 qpid_notification_topic = notifications |
|
180 qpid_host = localhost |
|
181 qpid_port = 5672 |
|
182 qpid_username = |
|
183 qpid_password = |
|
184 qpid_sasl_mechanisms = |
|
185 qpid_reconnect_timeout = 0 |
|
186 qpid_reconnect_limit = 0 |
|
187 qpid_reconnect_interval_min = 0 |
|
188 qpid_reconnect_interval_max = 0 |
|
189 qpid_reconnect_interval = 0 |
|
190 qpid_heartbeat = 5 |
|
191 # Set to 'ssl' to enable SSL |
|
192 qpid_protocol = tcp |
|
193 qpid_tcp_nodelay = True |
|
194 |
|
195 # ============ Filesystem Store Options ======================== |
|
196 |
|
197 # Directory that the Filesystem backend store |
|
198 # writes image data to |
|
199 filesystem_store_datadir = /var/lib/glance/images/ |
|
200 |
|
201 # ============ Swift Store Options ============================= |
|
202 |
|
203 # Version of the authentication service to use |
|
204 # Valid versions are '2' for keystone and '1' for swauth and rackspace |
|
205 swift_store_auth_version = 2 |
|
206 |
|
207 # Address where the Swift authentication service lives |
|
208 # Valid schemes are 'http://' and 'https://' |
|
209 # If no scheme specified, default to 'https://' |
|
210 # For swauth, use something like '127.0.0.1:8080/v1.0/' |
|
211 swift_store_auth_address = 127.0.0.1:5000/v2.0/ |
|
212 |
|
213 # User to authenticate against the Swift authentication service |
|
214 # If you use Swift authentication service, set it to 'account':'user' |
|
215 # where 'account' is a Swift storage account and 'user' |
|
216 # is a user in that account |
|
217 swift_store_user = jdoe:jdoe |
|
218 |
|
219 # Auth key for the user authenticating against the |
|
220 # Swift authentication service |
|
221 swift_store_key = a86850deb2742ec3cb41518e26aa2d89 |
|
222 |
|
223 # Container within the account that the account should use |
|
224 # for storing images in Swift |
|
225 swift_store_container = glance |
|
226 |
|
227 # Do we create the container if it does not exist? |
|
228 swift_store_create_container_on_put = False |
|
229 |
|
230 # What size, in MB, should Glance start chunking image files |
|
231 # and do a large object manifest in Swift? By default, this is |
|
232 # the maximum object size in Swift, which is 5GB |
|
233 swift_store_large_object_size = 5120 |
|
234 |
|
235 # When doing a large object manifest, what size, in MB, should |
|
236 # Glance write chunks to Swift? This amount of data is written |
|
237 # to a temporary disk buffer during the process of chunking |
|
238 # the image file, and the default is 200MB |
|
239 swift_store_large_object_chunk_size = 200 |
|
240 |
|
241 # Whether to use ServiceNET to communicate with the Swift storage servers. |
|
242 # (If you aren't RACKSPACE, leave this False!) |
|
243 # |
|
244 # To use ServiceNET for authentication, prefix hostname of |
|
245 # `swift_store_auth_address` with 'snet-'. |
|
246 # Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ |
|
247 swift_enable_snet = False |
|
248 |
|
249 # If set to True enables multi-tenant storage mode which causes Glance images |
|
250 # to be stored in tenant specific Swift accounts. |
|
251 #swift_store_multi_tenant = False |
|
252 |
|
253 # A list of swift ACL strings that will be applied as both read and |
|
254 # write ACLs to the containers created by Glance in multi-tenant |
|
255 # mode. This grants the specified tenants/users read and write access |
|
256 # to all newly created image objects. The standard swift ACL string |
|
257 # formats are allowed, including: |
|
258 # <tenant_id>:<username> |
|
259 # <tenant_name>:<username> |
|
260 # *:<username> |
|
261 # Multiple ACLs can be combined using a comma separated list, for |
|
262 # example: swift_store_admin_tenants = service:glance,*:admin |
|
263 #swift_store_admin_tenants = |
|
264 |
|
265 # The region of the swift endpoint to be used for single tenant. This setting |
|
266 # is only necessary if the tenant has multiple swift endpoints. |
|
267 #swift_store_region = |
|
268 |
|
269 # ============ S3 Store Options ============================= |
|
270 |
|
271 # Address where the S3 authentication service lives |
|
272 # Valid schemes are 'http://' and 'https://' |
|
273 # If no scheme specified, default to 'http://' |
|
274 s3_store_host = 127.0.0.1:8080/v1.0/ |
|
275 |
|
276 # User to authenticate against the S3 authentication service |
|
277 s3_store_access_key = <20-char AWS access key> |
|
278 |
|
279 # Auth key for the user authenticating against the |
|
280 # S3 authentication service |
|
281 s3_store_secret_key = <40-char AWS secret key> |
|
282 |
|
283 # Container within the account that the account should use |
|
284 # for storing images in S3. Note that S3 has a flat namespace, |
|
285 # so you need a unique bucket name for your glance images. An |
|
286 # easy way to do this is append your AWS access key to "glance". |
|
287 # S3 buckets in AWS *must* be lowercased, so remember to lowercase |
|
288 # your AWS access key if you use it in your bucket name below! |
|
289 s3_store_bucket = <lowercased 20-char aws access key>glance |
|
290 |
|
291 # Do we create the bucket if it does not exist? |
|
292 s3_store_create_bucket_on_put = False |
|
293 |
|
294 # When sending images to S3, the data will first be written to a |
|
295 # temporary buffer on disk. By default the platform's temporary directory |
|
296 # will be used. If required, an alternative directory can be specified here. |
|
297 #s3_store_object_buffer_dir = /path/to/dir |
|
298 |
|
299 # When forming a bucket url, boto will either set the bucket name as the |
|
300 # subdomain or as the first token of the path. Amazon's S3 service will |
|
301 # accept it as the subdomain, but Swift's S3 middleware requires it be |
|
302 # in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'. |
|
303 #s3_store_bucket_url_format = subdomain |
|
304 |
|
305 # ============ RBD Store Options ============================= |
|
306 |
|
307 # Ceph configuration file path |
|
308 # If using cephx authentication, this file should |
|
309 # include a reference to the right keyring |
|
310 # in a client.<USER> section |
|
311 rbd_store_ceph_conf = /etc/ceph/ceph.conf |
|
312 |
|
313 # RADOS user to authenticate as (only applicable if using cephx) |
|
314 rbd_store_user = glance |
|
315 |
|
316 # RADOS pool in which images are stored |
|
317 rbd_store_pool = images |
|
318 |
|
319 # Images will be chunked into objects of this size (in megabytes). |
|
320 # For best performance, this should be a power of two |
|
321 rbd_store_chunk_size = 8 |
|
322 |
|
323 # ============ Delayed Delete Options ============================= |
|
324 |
|
325 # Turn on/off delayed delete |
|
326 delayed_delete = False |
|
327 |
|
328 # Delayed delete time in seconds |
|
329 scrub_time = 43200 |
|
330 |
|
331 # Directory that the scrubber will use to remind itself of what to delete |
|
332 # Make sure this is also set in glance-scrubber.conf |
|
333 scrubber_datadir = /var/lib/glance/scrubber |
|
334 |
|
335 # =============== Image Cache Options ============================= |
|
336 |
|
337 # Base directory that the Image Cache uses |
|
338 image_cache_dir = /var/lib/glance/image-cache/ |
|
339 |
|
340 [keystone_authtoken] |
|
341 auth_host = 127.0.0.1 |
|
342 auth_port = 35357 |
|
343 auth_protocol = http |
|
344 admin_tenant_name = %SERVICE_TENANT_NAME% |
|
345 admin_user = %SERVICE_USER% |
|
346 admin_password = %SERVICE_PASSWORD% |
|
347 |
|
348 [paste_deploy] |
|
349 # Name of the paste configuration file that defines the available pipelines |
|
350 #config_file = glance-api-paste.ini |
|
351 |
|
352 # Partial name of a pipeline in your paste configuration file with the |
|
353 # service name removed. For example, if your paste section name is |
|
354 # [pipeline:glance-api-keystone], you would configure the flavor below |
|
355 # as 'keystone'. |
|
356 #flavor= |