upstream/oracle/userland-gate: comparison components/openstack/glance/files/glance-cache.conf

equal deleted inserted replaced

-:f984e52b96bb
+:bf55de364b19
 # Whether to include the backend image locations in image properties.
 # For example, if using the file system store a URL of
 # "file:///path/to/image" will be returned to the user in the
 # 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution!  The overrides
+# security risk, so use this setting with caution! Setting this to
-# show_image_direct_url. (boolean value)
+# true overrides the show_image_direct_url option. (boolean value)
 #show_multiple_locations = false
 # Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
+# 1099511627776 bytes (1 TB). WARNING: this value should only be
 # increased after careful consideration and must be set to a value
 # under 8 EB (9223372036854775808). (integer value)
+# Maximum value: 9223372036854775808
 #image_size_cap = 1099511627776
 # Set a system wide quota for every user. This value is the total
 # capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
+# 0 means unlimited. Optional unit can be specified for the value.
 # Accepted units are B, KB, MB, GB and TB representing Bytes,
 # KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
 # unit is specified then Bytes is assumed. Note that there should not
 # be any space between value and unit and units are case sensitive.
 # (string value)
 # The hostname/IP of the pydev process listening for debug connections
 # (string value)
 #pydev_worker_debug_host = <None>
 # The port on which a pydev process is listening for connections.
-# (integer value)
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #pydev_worker_debug_port = 5678
 # AES key for encrypting store 'location' metadata. This includes, if
 # used, Swift or S3 credentials. Should be set to a random string of
 # length 16, 24 or 32 bytes (string value)
 #metadata_encryption_key = <None>
-# Digest algorithm which will be used for digital signature; the
+# Digest algorithm which will be used for digital signature. Use the
-# default is sha1 the default in Kilo for a smooth upgrade process,
-# and it will be updated with sha256 in next release(L). Use the
 # command "openssl list-message-digest-algorithms" to get the
 # available algorithms supported by the version of OpenSSL on the
 # platform. Examples are "sha1", "sha256", "sha512", etc. (string
 # value)
-#digest_algorithm = sha1
+#digest_algorithm = sha256
 # The path to the sqlite file database that will be used for image
 # cache management. (string value)
 #image_cache_sqlite_db = cache.db
 # The driver to use for image cache management. (string value)
 #image_cache_driver = sqlite
 # The upper limit (the maximum size of accumulated cache in bytes)
-# beyond which pruner, if running, starts cleaning the images cache.
+# beyond which the cache pruner, if running, starts cleaning the image
-# (integer value)
+# cache. (integer value)
 #image_cache_max_size = 10737418240
-# The amount of time to let an image remain in the cache without being
+# The amount of time to let an incomplete image remain in the cache,
-# accessed. (integer value)
+# before the cache cleaner, if running, will remove the incomplete
+# image. (integer value)
 #image_cache_stall_time = 86400
-# Base directory that the Image Cache uses. (string value)
+# Base directory that the image cache uses. (string value)
 #image_cache_dir = <None>
 # Address to find the registry server. (string value)
 #registry_host = 0.0.0.0
-# Port the registry server is listening on. (integer value)
+# Port the registry server is listening on. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #registry_port = 9191
 # Whether to pass through the user token when making requests to the
-# registry. (boolean value)
+# registry. To prevent failures with token expiration during big files
-# WARNING: DO NOT CHANGE THIS VALUE.  Setting use_user_token to False
+# upload, it is recommended to set this parameter to False. If
-# allows for unintended privilege escalation within the Glance API server.
+# "use_user_token" is not in effect, then admin credentials can be
-# See https://wiki.openstack.org/wiki/OSSN/OSSN-0060
+# specified. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #use_user_token = true
 # The administrators user name. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_user = %SERVICE_USER%
 # The administrators password. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_password = %SERVICE_PASSWORD%
 # The tenant name of the administrative user. If "use_user_token" is
 # not in effect, then admin tenant name can be specified. (string
 # value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_tenant_name = %SERVICE_TENANT_NAME%
 # The URL to the keystone service. If "use_user_token" is not in
 # effect and using keystone auth, then URL of keystone can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 auth_url = http://127.0.0.1:5000/v2.0/
 # The strategy to use for authentication. If "use_user_token" is not
 # in effect, then auth strategy can be specified. (string value)
-#auth_strategy = noauth
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
+auth_strategy = keystone
 # The region for the authentication service. If "use_user_token" is
 # not in effect and using keystone auth, then region name can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_region = <None>
 #
 # From oslo.log
 #
-# Print debugging output (set logging level to DEBUG instead of
+# If set to true, the logging level will be set to DEBUG instead of
-# default WARNING level). (boolean value)
+# the default INFO level. (boolean value)
 #debug = false
-# Print more verbose output (set logging level to INFO instead of
+# If set to false, the logging level will be set to WARNING instead of
-# default WARNING level). (boolean value)
+# the default INFO level. (boolean value)
-#verbose = false
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
 # The name of a logging configuration file. This file is appended to
 # any existing logging configuration files. For details about logging
 # configuration files, see the Python logging module documentation.
-# (string value)
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
-# DEPRECATED. A logging.Formatter log message format string which may
+# Defines the format string for %%(asctime)s in log records. Default:
-# use any of the available logging.LogRecord attributes. This option
+# %(default)s . This option is ignored if log_config_append is set.
-# is deprecated.  Please use logging_context_format_string and
+# (string value)
-# logging_default_format_string instead. (string value)
-#log_format = <None>
-# Format string for %%(asctime)s in log records. Default: %(default)s
-# . (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
-# (Optional) Name of log file to output to. If no default is set,
+# (Optional) Name of log file to send logging output to. If no default
-# logging will go to stdout. (string value)
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
-# (Optional) The base directory used for relative --log-file paths.
+# (Optional) The base directory used for relative log_file paths.
-# (string value)
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
-# Use syslog for logging. Existing syslog format is DEPRECATED during
+# Uses logging handler designed to watch file system. When log file is
-# I, and will change in J to honor RFC5424. (boolean value)
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
+#watch_log_file = false
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
-# (Optional) Enables or disables syslog rfc5424 format for logging. If
+# Syslog facility to receive log lines. This option is ignored if
-# enabled, prefixes the MSG part of the syslog message with APP-NAME
+# log_config_append is set. (string value)
-# (RFC5424). The format without the APP-NAME is deprecated in I, and
-# will be removed in J. (boolean value)
-#use_syslog_rfc_format = false
-# Syslog facility to receive log lines. (string value)
 #syslog_log_facility = LOG_USER
-# Log output to standard error. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = true
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
-# Format string to use for log messages without context. (string
+# Format string to use for log messages when context is undefined.
-# value)
+# (string value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
-# Data to append to log format when level is DEBUG. (string value)
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 # Prefix each line of exception output with this format. (string
 # value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
-# List of logger=LEVEL pairs. (list value)
+# Defines the format string for %(user_identity)s that is used in
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
+# The format for an instance that is passed with the log message.
+# (string value)
+#instance_format = "[instance: %(uuid)s] "
+# The format for an instance UUID that is passed with the log message.
+# (string value)
+#instance_uuid_format = "[instance: %(uuid)s] "
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
-# The format for an instance that is passed with the log message.
-# (string value)
-#instance_format = "[instance: %(uuid)s] "
-# The format for an instance UUID that is passed with the log message.
-# (string value)
-#instance_uuid_format = "[instance: %(uuid)s] "
 [glance_store]
 #
 # From glance.store
 #
-# List of stores enabled (list value)
+# List of stores enabled. Valid stores are: cinder, file, http, rbd,
+# sheepdog, swift, s3, vsphere (list value)
 #stores = file,http
 # Default scheme to use to store image data. The scheme must be
 # registered by one of the stores defined by the 'stores' config
 # option. (string value)
 # seconds elapsed and an operation of store has triggered. The feature
 # will be enabled only when the option value greater then zero.
 # (integer value)
 #store_capabilities_update_min_interval = 0
-#
-# From glance.store
-#
 # Images will be chunked into objects of this size (in megabytes). For
 # best performance, this should be a power of two. (integer value)
 #sheepdog_store_chunk_size = 64
 # Port of sheep daemon. (integer value)
 # default config. If using cephx authentication, this file should
 # include a reference to the right keyring in a client.<USER> section
 # (string value)
 #rbd_store_ceph_conf = /etc/ceph/ceph.conf
+# Timeout value (in seconds) used when connecting to ceph cluster. If
+# value <= 0, no timeout is set and default librados value is used.
+# (integer value)
+#rados_connect_timeout = 0
+# Specify the path to the CA bundle file to use in verifying the
+# remote server certificate. (string value)
+#https_ca_certificates_file = <None>
+# If true, the remote server certificate is not verified. If false,
+# then the default CA truststore is used for verification. This option
+# is ignored if "https_ca_certificates_file" is set. (boolean value)
+#https_insecure = true
+# Specify the http/https proxy information that should be used to
+# connect to the remote server. The proxy information should be a key
+# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can
+# specify proxies for multiple schemes by seperating the key value
+# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.
+# (dict value)
+#http_proxy_information =
 # Directory to which the Filesystem backend store writes images.
 # (string value)
-filesystem_store_datadir = /var/lib/glance/images/
+#filesystem_store_datadir = /var/lib/glance/images
 # List of directories and its priorities to which the Filesystem
 # backend store writes images. (multi valued)
 #filesystem_store_datadirs =
 # it less then or equal to zero means don't change the default
 # permission of the file. This value will be decoded as an octal
 # digit. (integer value)
 #filesystem_store_file_perm = 0
-# Hostname or IP address of the instance to connect to, or a mongodb
-# URI, or a list of hostnames / mongodb URIs. If host is an IPv6
-# literal it must be enclosed in '[' and ']' characters following the
-# RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value)
-#mongodb_store_uri = <None>
-# Database to use (string value)
-#mongodb_store_db = <None>
 # The host where the S3 server is listening. (string value)
 #s3_store_host = <None>
 # The S3 query token access key. (string value)
 #s3_store_access_key = <None>
 # The number of thread pools to perform a multipart upload in S3.
 # (integer value)
 #s3_store_thread_pools = 10
+# Enable the use of a proxy. (boolean value)
+#s3_store_enable_proxy = false
+# Address or hostname for the proxy server. (string value)
+#s3_store_proxy_host = <None>
+# The port to use when connecting over a proxy. (integer value)
+#s3_store_proxy_port = 8080
+# The username to connect to the proxy. (string value)
+#s3_store_proxy_user = <None>
+# The password to use when connecting over a proxy. (string value)
+#s3_store_proxy_password = <None>
 # ESX/ESXi or vCenter Server target system. The server value can be an
 # IP address or a DNS name. (string value)
 #vmware_server_host = <None>
 # Username for authenticating with VMware ESX/VC server. (string
 # Password for authenticating with VMware ESX/VC server. (string
 # value)
 #vmware_server_password = <None>
-# DEPRECATED. Inventory path to a datacenter. If the
-# vmware_server_host specified is an ESX/ESXi, the
-# vmware_datacenter_path is optional. If specified, it should be "ha-
-# datacenter". This option is deprecated in favor of vmware_datastores
-# and will be removed in the Liberty release. (string value)
-#vmware_datacenter_path = ha-datacenter
-# DEPRECATED. Datastore associated with the datacenter. This option is
-# deprecated in favor of vmware_datastores and will be removed in the
-# Liberty release. (string value)
-#vmware_datastore_name = <None>
 # Number of times VMware ESX/VC server API must be retried upon
 # connection related issues. (integer value)
 #vmware_api_retry_count = 10
 # The interval used for polling remote tasks invoked on VMware ESX/VC
 # The name of the directory where the glance images will be stored in
 # the VMware datastore. (string value)
 #vmware_store_image_dir = /openstack_glance
-# Allow to perform insecure SSL requests to ESX/VC. (boolean value)
+# If true, the ESX/vCenter server certificate is not verified. If
-#vmware_api_insecure = false
+# false, then the default CA truststore is used for verification. This
+# option is ignored if "vmware_ca_file" is set. (boolean value)
+# Deprecated group/name - [DEFAULT]/vmware_api_insecure
+#vmware_insecure = false
+# Specify a CA bundle file to use in verifying the ESX/vCenter server
+# certificate. (string value)
+#vmware_ca_file = <None>
 # A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores.
+# be specified multiple times for specifying multiple datastores. The
-# Either one of vmware_datastore_name or vmware_datastores is
+# datastore name should be specified after its datacenter path,
-# required. The datastore name should be specified after its
+# seperated by ":". An optional weight may be given after the
-# datacenter path, seperated by ":". An optional weight may be given
+# datastore name, seperated again by ":". Thus, the required format
-# after the datastore name, seperated again by ":". Thus, the required
+# becomes <datacenter_path>:<datastore_name>:<optional_weight>. When
-# format becomes <datacenter_path>:<datastore_name>:<optional_weight>.
+# adding an image, the datastore with highest weight will be selected,
-# When adding an image, the datastore with highest weight will be
+# unless there is not enough free space available in cases where the
-# selected, unless there is not enough free space available in cases
+# image size is already known. If no weight is given, it is assumed to
-# where the image size is already known. If no weight is given, it is
+# be zero and the directory will be considered for selection last. If
-# assumed to be zero and the directory will be considered for
+# multiple datastores have the same weight, then the one with the most
-# selection last. If multiple datastores have the same weight, then
+# free space available is selected. (multi valued)
-# the one with the most free space available is selected. (multi
-# valued)
 #vmware_datastores =
 # Info to match when looking for cinder in the service catalog. Format
 # is : separated values of the form:
 # <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volume:cinder:publicURL
+#cinder_catalog_info = volumev2::publicURL
 # Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v1/%(project_id)s (string value)
+# e.g. http://localhost:8776/v2/%(tenant)s (string value)
 #cinder_endpoint_template = <None>
-# Region name of this node (string value)
+# Region name of this node. If specified, it will be used to locate
-#os_region_name = <None>
+# OpenStack services for stores. (string value)
+# Deprecated group/name - [DEFAULT]/os_region_name
+#cinder_os_region_name = <None>
 # Location of ca certicates file to use for cinder client requests.
 # (string value)
 #cinder_ca_certificates_file = <None>
 # Number of cinderclient retries on failed http calls (integer value)
 #cinder_http_retries = 3
+# Time period of time in seconds to wait for a cinder volume
+# transition to complete. (integer value)
+#cinder_state_transition_timeout = 300
 # Allow to perform insecure SSL requests to cinder (boolean value)
 #cinder_api_insecure = false
-# Version of the authentication service to use. Valid versions are 2
+# The address where the Cinder authentication service is listening. If
-# for keystone and 1 for swauth and rackspace. (deprecated) (string
+# <None>, the cinder endpoint in the service catalog is used. (string
 # value)
-#swift_store_auth_version = 2
+#cinder_store_auth_address = <None>
+# User name to authenticate against Cinder. If <None>, the user of
+# current context is used. (string value)
+#cinder_store_user_name = <None>
+# Password for the user authenticating against Cinder. If <None>, the
+# current context auth token is used. (string value)
+#cinder_store_password = <None>
+# Project name where the image is stored in Cinder. If <None>, the
+# project in current context is used. (string value)
+#cinder_store_project_name = <None>
+# Path to the rootwrap configuration file to use for running commands
+# as root. (string value)
+#rootwrap_config = /etc/glance/rootwrap.conf
 # If True, swiftclient won't check for a valid SSL certificate when
 # authenticating. (boolean value)
 #swift_store_auth_insecure = false
 #swift_store_multi_tenant = false
 # When set to 0, a single-tenant store will only use one container to
 # store all images. When set to an integer value between 1 and 32, a
 # single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
+# and this value will determine how many containers are created. Used
 # only when swift_store_multi_tenant is disabled. The total number of
 # containers that will be used is equal to 16^N, so if this config
 # option is set to 2, then 16^2=256 containers will be used to store
 # images. (integer value)
 #swift_store_multiple_containers_seed = 0
 # The number of times a Swift download will be retried before the
 # request fails. (integer value)
 #swift_store_retry_get_count = 0
+# The period of time (in seconds) before token expirationwhen
+# glance_store will try to reques new user token. Default value 60 sec
+# means that if token is going to expire in 1 min then glance_store
+# request new user token. (integer value)
+#swift_store_expire_soon_interval = 60
+# If set to True create a trust for each add/get request to Multi-
+# tenant store in order to prevent authentication token to be expired
+# during uploading/downloading data. If set to False then user token
+# is used for Swift connection (so no overhead on trust creation).
+# Please note that this option is considered only and only if
+# swift_store_multi_tenant=True (boolean value)
+#swift_store_use_trusts = true
 # The reference to the default swift account/backing store parameters
 # to use for adding new images. (string value)
 #default_swift_reference = ref1
-# The address where the Swift authentication service is
+# Version of the authentication service to use. Valid versions are 2
-# listening.(deprecated) (string value)
+# and 3 for keystone and 1 (deprecated) for swauth and rackspace.
+# (deprecated - use "auth_version" in swift_store_config_file) (string
+# value)
+#swift_store_auth_version = 2
+# The address where the Swift authentication service is listening.
+# (deprecated - use "auth_address" in swift_store_config_file) (string
+# value)
 #swift_store_auth_address = <None>
 # The user to authenticate against the Swift authentication service
-# (deprecated) (string value)
+# (deprecated - use "user" in swift_store_config_file) (string value)
 #swift_store_user = <None>
 # Auth key for the user authenticating against the Swift
-# authentication service. (deprecated) (string value)
+# authentication service. (deprecated - use "key" in
+# swift_store_config_file) (string value)
 #swift_store_key = <None>
 # The config file that has the swift account(s)configs. (string value)
 #swift_store_config_file = <None>
 # Directory to use for lock files.  For security, the specified
 # directory should only be writable by the user running the processes
 # that need locking. Defaults to environment variable OSLO_LOCK_PATH.
 # If external locks are used, a lock path must be set. (string value)
 # Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
+lock_path = /var/lib/glance/lock
 [oslo_policy]
 #

changeset 6852	bf55de364b19
parent 6176	8b75bcaa9d4d