upstream/oracle/userland-gate: comparison components/openstack/glance/files/glance-api.conf

equal deleted inserted replaced

-:a477397bba8b
+:c9748fcc32de
 [DEFAULT]
-# Show more verbose log output (sets INFO log level output)
-#verbose = False
+#
+# From glance.api
-# Show debugging output in logs (sets DEBUG log level output)
+#
-#debug = False
+# When true, this option sets the owner of an image to be the tenant.
-# Which backend scheme should Glance use by default is not specified
+# Otherwise, the owner of the  image will be the authenticated user
-# in a request to add a new image to Glance? Known schemes are determined
+# issuing the request. (boolean value)
-# by the known_stores option below.
+#owner_is_tenant = true
-# Default: 'file'
-default_store = file
+# Role used to identify an authenticated user as administrator.
+# (string value)
-# Maximum image size (in bytes) that may be uploaded through the
+#admin_role = admin
-# Glance API server. Defaults to 1 TB.
-# WARNING: this value should only be increased after careful consideration
+# Allow unauthenticated users to access the API with read-only
-# and must be set to a value under 8 EB (9223372036854775808).
+# privileges. This only applies when using ContextMiddleware. (boolean
+# value)
+#allow_anonymous_access = false
+# Public url to use for versions endpoint. The default is None, which
+# will use the request's host_url attribute to populate the URL base.
+# If Glance is operating behind a proxy, you will want to change this
+# to represent the proxy's URL. (string value)
+#public_endpoint = <None>
+# Whether to allow users to specify image properties beyond what the
+# image schema provides (boolean value)
+#allow_additional_image_properties = true
+# Maximum number of image members per image. Negative values evaluate
+# to unlimited. (integer value)
+#image_member_quota = 128
+# Maximum number of properties allowed on an image. Negative values
+# evaluate to unlimited. (integer value)
+#image_property_quota = 128
+# Maximum number of tags allowed on an image. Negative values evaluate
+# to unlimited. (integer value)
+#image_tag_quota = 128
+# Maximum number of locations allowed on an image. Negative values
+# evaluate to unlimited. (integer value)
+#image_location_quota = 10
+# Python module path of data access API (string value)
+#data_api = glance.db.sqlalchemy.api
+# Default value for the number of items returned by a request if not
+# specified explicitly in the request (integer value)
+#limit_param_default = 25
+# Maximum permissible number of items that could be returned by a
+# request (integer value)
+#api_limit_max = 1000
+# Whether to include the backend image storage location in image
+# properties. Revealing storage location can be a security risk, so
+# use this setting with caution! (boolean value)
+#show_image_direct_url = false
+# Whether to include the backend image locations in image properties.
+# For example, if using the file system store a URL of
+# "file:///path/to/image" will be returned to the user in the
+# 'direct_url' meta-data field. Revealing storage location can be a
+# security risk, so use this setting with caution!  The overrides
+# show_image_direct_url. (boolean value)
+#show_multiple_locations = false
+# Maximum size of image a user can upload in bytes. Defaults to
+# 1099511627776 bytes (1 TB).WARNING: this value should only be
+# increased after careful consideration and must be set to a value
+# under 8 EB (9223372036854775808). (integer value)
 #image_size_cap = 1099511627776
-# Address to bind the API server
+# Set a system wide quota for every user. This value is the total
-bind_host = 0.0.0.0
+# capacity that a user can use across all storage systems. A value of
+# 0 means unlimited.Optional unit can be specified for the value.
-# Port the bind the API server to
+# Accepted units are B, KB, MB, GB and TB representing Bytes,
-bind_port = 9292
+# KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
+# unit is specified then Bytes is assumed. Note that there should not
-# Log to this file. Make sure you do not set the same log file for both the API
+# be any space between value and unit and units are case sensitive.
-# and registry servers!
+# (string value)
-#
+#user_storage_quota = 0
-# If `log_file` is omitted and `use_syslog` is false, then log messages are
-# sent to stdout as a fallback.
+# Deploy the v1 OpenStack Images API. (boolean value)
-log_file = /var/log/glance/api.log
+#enable_v1_api = true
-# Backlog requests when creating socket
+# Deploy the v2 OpenStack Images API. (boolean value)
-backlog = 4096
+#enable_v2_api = true
-# TCP_KEEPIDLE value in seconds when creating socket.
+# Deploy the v1 OpenStack Registry API. (boolean value)
-# Not supported on OS X.
+#enable_v1_registry = true
+# Deploy the v2 OpenStack Registry API. (boolean value)
+#enable_v2_registry = true
+# The hostname/IP of the pydev process listening for debug connections
+# (string value)
+#pydev_worker_debug_host = <None>
+# The port on which a pydev process is listening for connections.
+# (integer value)
+#pydev_worker_debug_port = 5678
+# AES key for encrypting store 'location' metadata. This includes, if
+# used, Swift or S3 credentials. Should be set to a random string of
+# length 16, 24 or 32 bytes (string value)
+#metadata_encryption_key = <None>
+# Digest algorithm which will be used for digital signature; the
+# default is sha1 the default in Kilo for a smooth upgrade process,
+# and it will be updated with sha256 in next release(L). Use the
+# command "openssl list-message-digest-algorithms" to get the
+# available algorithms supported by the version of OpenSSL on the
+# platform. Examples are "sha1", "sha256", "sha512", etc. (string
+# value)
+#digest_algorithm = sha1
+# This value sets what strategy will be used to determine the image
+# location order. Currently two strategies are packaged with Glance
+# 'location_order' and 'store_type'. (string value)
+# Allowed values: location_order, store_type
+#location_strategy = location_order
+# The location of the property protection file.This file contains the
+# rules for property protections and the roles/policies associated
+# with it. If this config value is not specified, by default, property
+# protections won't be enforced. If a value is specified and the file
+# is not found, then the glance-api service will not start. (string
+# value)
+#property_protection_file = <None>
+# This config value indicates whether "roles" or "policies" are used
+# in the property protection file. (string value)
+# Allowed values: roles, policies
+#property_protection_rule_format = roles
+# Modules of exceptions that are permitted to be recreated upon
+# receiving exception data from an rpc call. (list value)
+#allowed_rpc_exception_modules = openstack.common.exception,glance.common.exception,exceptions
+# Address to bind the server.  Useful when selecting a particular
+# network interface. (string value)
+#bind_host = 0.0.0.0
+# The port on which the server will listen. (integer value)
+#bind_port = <None>
+# The number of child process workers that will be created to service
+# requests. The default will be equal to the number of CPUs available.
+# (integer value)
+workers = 1
+# Maximum line size of message headers to be accepted. max_header_line
+# may need to be increased when using large tokens (typically those
+# generated by the Keystone v3 API with big service catalogs (integer
+# value)
+#max_header_line = 16384
+# If False, server will return the header "Connection: close", If
+# True, server will return "Connection: Keep-Alive" in its responses.
+# In order to close the client socket connection explicitly after the
+# response is sent and read successfully by the client, you simply
+# have to set this option to False when you create a wsgi server.
+# (boolean value)
+#http_keepalive = true
+# Timeout for client connections' socket operations. If an incoming
+# connection is idle for this number of seconds it will be closed. A
+# value of '0' means wait forever. (integer value)
+#client_socket_timeout = 0
+# The backlog value that will be used when creating the TCP listener
+# socket. (integer value)
+#backlog = 4096
+# The value for the socket option TCP_KEEPIDLE.  This is the time in
+# seconds that the connection must be idle before TCP starts sending
+# keepalive probes. (integer value)
 #tcp_keepidle = 600
-# API to use for accessing data. Default value points to sqlalchemy
+# CA certificate file to use to verify connecting clients. (string
-# package, it is also possible to use: glance.db.registry.api
+# value)
-# data_api = glance.db.sqlalchemy.api
+#ca_file = <None>
-# The number of child process workers that will be
+# Certificate file to use when starting API server securely. (string
-# created to service API requests. The default will be
+# value)
-# equal to the number of CPUs available. (integer value)
+#cert_file = <None>
-workers = 1
+# Private key file to use when starting API server securely. (string
-# Maximum line size of message headers to be accepted.
+# value)
-# max_header_line may need to be increased when using large tokens
+#key_file = <None>
-# (typically those generated by the Keystone v3 API with big service
-# catalogs)
+# The path to the sqlite file database that will be used for image
-# max_header_line = 16384
+# cache management. (string value)
+#image_cache_sqlite_db = cache.db
-# Role used to identify an authenticated user as administrator
-#admin_role = admin
+# The driver to use for image cache management. (string value)
+#image_cache_driver = sqlite
-# Allow unauthenticated users to access the API with read-only
-# privileges. This only applies when using ContextMiddleware.
+# The upper limit (the maximum size of accumulated cache in bytes)
-#allow_anonymous_access = False
+# beyond which pruner, if running, starts cleaning the images cache.
+# (integer value)
-# Allow access to version 1 of glance api
+#image_cache_max_size = 10737418240
-#enable_v1_api = True
+# The amount of time to let an image remain in the cache without being
-# Allow access to version 2 of glance api
+# accessed. (integer value)
-#enable_v2_api = True
+#image_cache_stall_time = 86400
-# Return the URL that references where the data is stored on
+# Base directory that the Image Cache uses. (string value)
-# the backend storage system.  For example, if using the
+#image_cache_dir = <None>
-# file system store a URL of 'file:///path/to/image' will
-# be returned to the user in the 'direct_url' meta-data field.
+# Default publisher_id for outgoing notifications. (string value)
-# The default value is false.
+#default_publisher_id = image.localhost
-#show_image_direct_url = False
+# List of disabled notifications. A notification can be given either
-# Send headers containing user and tenant information when making requests to
+# as a notification type to disable a single event, or as a
-# the v1 glance registry. This allows the registry to function as if a user is
+# notification group prefix to disable all events within a group.
-# authenticated without the need to authenticate a user itself using the
+# Example: if this config option is set to ["image.create",
-# auth_token middleware.
+# "metadef_namespace"], then "image.create" notification will not be
-# The default value is false.
+# sent after image is created and none of the notifications for
-#send_identity_headers = False
+# metadefinition namespaces will be sent. (list value)
+#disabled_notifications =
-# Supported values for the 'container_format' image attribute
-container_formats=ami,ari,aki,bare,ovf,ova,uar
+# Address to find the registry server. (string value)
+#registry_host = 0.0.0.0
-# Supported values for the 'disk_format' image attribute
-disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,zfs
+# Port the registry server is listening on. (integer value)
+#registry_port = 9191
-# Directory to use for lock files. Default to a temp directory
-# (string value). This setting needs to be the same for both
+# Whether to pass through the user token when making requests to the
-# glance-scrubber and glance-api.
+# registry. (boolean value)
-#lock_path=<None>
+# WARNING: DO NOT CHANGE THIS VALUE.  Setting use_user_token to False
+# allows for unintended privilege escalation within the Glance API server.
-# Property Protections config file
+# See https://wiki.openstack.org/wiki/OSSN/OSSN-0060
-# This file contains the rules for property protections and the roles/policies
+#use_user_token = true
-# associated with it.
-# If this config value is not specified, by default, property protections
+# The administrators user name. If "use_user_token" is not in effect,
-# won't be enforced.
+# then admin credentials can be specified. (string value)
-# If a value is specified and the file is not found, then the glance-api
+#admin_user = <None>
-# service will not start.
-#property_protection_file =
+# The administrators password. If "use_user_token" is not in effect,
+# then admin credentials can be specified. (string value)
-# Specify whether 'roles' or 'policies' are used in the
+#admin_password = <None>
-# property_protection_file.
-# The default value for property_protection_rule_format is 'roles'.
+# The tenant name of the administrative user. If "use_user_token" is
-#property_protection_rule_format = roles
+# not in effect, then admin tenant name can be specified. (string
+# value)
-# This value sets what strategy will be used to determine the image location
+#admin_tenant_name = <None>
-# order. Currently two strategies are packaged with Glance 'location_order'
-# and 'store_type'.
+# The URL to the keystone service. If "use_user_token" is not in
-#location_strategy = location_order
+# effect and using keystone auth, then URL of keystone can be
+# specified. (string value)
-# ================= Syslog Options ============================
+#auth_url = <None>
-# Send logs to syslog (/dev/log) instead of to file specified
+# The strategy to use for authentication. If "use_user_token" is not
-# by `log_file`
+# in effect, then auth strategy can be specified. (string value)
-#use_syslog = False
+#auth_strategy = noauth
-# Facility to use. If unset defaults to LOG_USER.
+# The region for the authentication service. If "use_user_token" is
-#syslog_log_facility = LOG_LOCAL0
+# not in effect and using keystone auth, then region name can be
+# specified. (string value)
-# ================= SSL Options ===============================
+#auth_region = <None>
-# Certificate file to use when starting API server securely
+# The protocol to use for communication with the registry server.
-#cert_file = /path/to/certfile
+# Either http or https. (string value)
+#registry_client_protocol = http
-# Private key file to use when starting API server securely
-#key_file = /path/to/keyfile
+# The path to the key file to use in SSL connections to the registry
+# server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE
-# CA certificate file to use to verify connecting clients
+# environment variable to a filepath of the key file (string value)
-#ca_file = /path/to/cafile
+#registry_client_key_file = <None>
-# ================= Security Options ==========================
+# The path to the cert file to use in SSL connections to the registry
+# server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE
-# AES key for encrypting store 'location' metadata, including
+# environment variable to a filepath of the CA cert file (string
-# -- if used -- Swift or S3 credentials
+# value)
-# Should be set to a random string of length 16, 24 or 32 bytes
+#registry_client_cert_file = <None>
-#metadata_encryption_key = <16, 24 or 32 char registry metadata key>
+# The path to the certifying authority cert file to use in SSL
-# ============ Registry Options ===============================
+# connections to the registry server, if any. Alternately, you may set
+# the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the
-# Address to find the registry server
+# CA cert file. (string value)
-registry_host = 0.0.0.0
+#registry_client_ca_file = <None>
-# Port the registry server is listening on
-registry_port = 9191
-# What protocol to use when connecting to the registry server?
-# Set to https for secure HTTP communication
-registry_client_protocol = http
-# The path to the key file to use in SSL connections to the
-# registry server, if any. Alternately, you may set the
-# GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file
-#registry_client_key_file = /path/to/key/file
-# The path to the cert file to use in SSL connections to the
-# registry server, if any. Alternately, you may set the
-# GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file
-#registry_client_cert_file = /path/to/cert/file
-# The path to the certifying authority cert file to use in SSL connections
-# to the registry server, if any. Alternately, you may set the
-# GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file
-#registry_client_ca_file = /path/to/ca/file
 # When using SSL in connections to the registry server, do not require
-# validation via a certifying authority. This is the registry's equivalent of
+# validation via a certifying authority. This is the registry's
-# specifying --insecure on the command line using glanceclient for the API
+# equivalent of specifying --insecure on the command line using
-# Default: False
+# glanceclient for the API. (boolean value)
-#registry_client_insecure = False
+#registry_client_insecure = false
-# The period of time, in seconds, that the API server will wait for a registry
+# The period of time, in seconds, that the API server will wait for a
-# request to complete. A value of '0' implies no timeout.
+# registry request to complete. A value of 0 implies no timeout.
-# Default: 600
+# (integer value)
 #registry_client_timeout = 600
-# Whether to automatically create the database tables.
+# Whether to pass through headers containing user and tenant
-# Default: False
+# information when making requests to the registry. This allows the
-#db_auto_create = False
+# registry to use the context middleware without keystonemiddleware's
+# auth_token middleware, removing calls to the keystone auth service.
-# Enable DEBUG log messages from sqlalchemy which prints every database
+# It is recommended that when using this option, secure communication
-# query and response.
+# between glance api and glance registry is ensured by means other
-# Default: False
+# than auth_token middleware. (boolean value)
-#sqlalchemy_debug = True
+#send_identity_headers = false
-# Pass the user's token through for API requests to the registry.
+# Directory that the scrubber will use to track information about what
-# Default: True
+# to delete. Make sure this is set in glance-api.conf and glance-
-#use_user_token = True
+# scrubber.conf. (string value)
+#scrubber_datadir = /var/lib/glance/scrubber
-# If 'use_user_token' is not in effect then admin credentials
-# can be specified. Requests to the registry on behalf of
+# The amount of time in seconds to delay before performing a delete.
-# the API will use these credentials.
+# (integer value)
-# Admin user name
+#scrub_time = 0
-#admin_user = None
-# Admin password
+# A boolean that determines if the scrubber should clean up the files
-#admin_password = None
+# it uses for taking data. Only one server in your deployment should
-# Admin tenant name
+# be designated the cleanup host. (boolean value)
-#admin_tenant_name = None
+#cleanup_scrubber = false
-# Keystone endpoint
-#auth_url = None
+# Turn on/off delayed delete. (boolean value)
-# Keystone region
+#delayed_delete = false
-#auth_region = None
-# Auth strategy
+# Items must have a modified time that is older than this value in
-#auth_strategy = keystone
+# order to be candidates for cleanup. (integer value)
+#cleanup_scrubber_time = 86400
-# ============ Notification System Options =====================
+#
-# Driver or drivers to handle sending notifications. Set to
+# From oslo.log
-# 'messaging' to send notifications to a message queue.
+#
-# notification_driver = noop
+# Print debugging output (set logging level to DEBUG instead of
-# Default publisher_id for outgoing notifications.
+# default WARNING level). (boolean value)
-# default_publisher_id = image.localhost
+#debug = false
-# Messaging driver used for 'messaging' notifications driver
+# Print more verbose output (set logging level to INFO instead of
-# rpc_backend = 'rabbit'
+# default WARNING level). (boolean value)
+#verbose = false
-# Configuration options if sending notifications via rabbitmq (these are
-# the defaults)
+# The name of a logging configuration file. This file is appended to
-rabbit_host = localhost
+# any existing logging configuration files. For details about logging
-rabbit_port = 5672
+# configuration files, see the Python logging module documentation.
-rabbit_use_ssl = false
+# (string value)
-rabbit_userid = guest
+# Deprecated group/name - [DEFAULT]/log_config
-rabbit_password = guest
+#log_config_append = <None>
-rabbit_virtual_host = /
-rabbit_notification_exchange = glance
+# DEPRECATED. A logging.Formatter log message format string which may
-rabbit_notification_topic = notifications
+# use any of the available logging.LogRecord attributes. This option
-rabbit_durable_queues = False
+# is deprecated.  Please use logging_context_format_string and
+# logging_default_format_string instead. (string value)
-# Configuration options if sending notifications via Qpid (these are
+#log_format = <None>
-# the defaults)
-qpid_notification_exchange = glance
+# Format string for %%(asctime)s in log records. Default: %(default)s
-qpid_notification_topic = notifications
+# . (string value)
-qpid_hostname = localhost
+#log_date_format = %Y-%m-%d %H:%M:%S
-qpid_port = 5672
-qpid_username =
+# (Optional) Name of log file to output to. If no default is set,
-qpid_password =
+# logging will go to stdout. (string value)
-qpid_sasl_mechanisms =
+# Deprecated group/name - [DEFAULT]/logfile
-qpid_reconnect_timeout = 0
+#log_file = <None>
-qpid_reconnect_limit = 0
-qpid_reconnect_interval_min = 0
+# (Optional) The base directory used for relative --log-file paths.
-qpid_reconnect_interval_max = 0
+# (string value)
-qpid_reconnect_interval = 0
+# Deprecated group/name - [DEFAULT]/logdir
-qpid_heartbeat = 5
+#log_dir = <None>
-# Set to 'ssl' to enable SSL
-qpid_protocol = tcp
+# Use syslog for logging. Existing syslog format is DEPRECATED during
-qpid_tcp_nodelay = True
+# I, and will change in J to honor RFC5424. (boolean value)
+#use_syslog = false
-# ============ Delayed Delete Options =============================
+# (Optional) Enables or disables syslog rfc5424 format for logging. If
-# Turn on/off delayed delete
+# enabled, prefixes the MSG part of the syslog message with APP-NAME
-delayed_delete = False
+# (RFC5424). The format without the APP-NAME is deprecated in I, and
+# will be removed in J. (boolean value)
-# Delayed delete time in seconds
+#use_syslog_rfc_format = false
-scrub_time = 43200
+# Syslog facility to receive log lines. (string value)
-# Directory that the scrubber will use to remind itself of what to delete
+#syslog_log_facility = LOG_USER
-# Make sure this is also set in glance-scrubber.conf
-scrubber_datadir = /var/lib/glance/scrubber
+# Log output to standard error. (boolean value)
+#use_stderr = true
-# =============== Quota Options ==================================
+# Format string to use for log messages with context. (string value)
-# The maximum number of image members allowed per image
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
-#image_member_quota = 128
+# Format string to use for log messages without context. (string
-# The maximum number of image properties allowed per image
+# value)
-#image_property_quota = 128
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
-# The maximum number of tags allowed per image
+# Data to append to log format when level is DEBUG. (string value)
-#image_tag_quota = 128
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
-# The maximum number of locations allowed per image
+# Prefix each line of exception output with this format. (string
-#image_location_quota = 10
+# value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
-# Set a system wide quota for every user.  This value is the total number
-# of bytes that a user can use across all storage systems.  A value of
+# List of logger=LEVEL pairs. (list value)
-# 0 means unlimited.
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
-#user_storage_quota = 0
+# Enables or disables publication of error events. (boolean value)
-# =============== Image Cache Options =============================
+#publish_errors = false
-# Base directory that the Image Cache uses
+# Enables or disables fatal status of deprecations. (boolean value)
-image_cache_dir = /var/lib/glance/image-cache/
+#fatal_deprecations = false
-# =============== Database Options =================================
+# The format for an instance that is passed with the log message.
+# (string value)
+#instance_format = "[instance: %(uuid)s] "
+# The format for an instance UUID that is passed with the log message.
+# (string value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+#
+# From oslo.messaging
+#
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet
+# interface, or IP. The "host" option should point or resolve to this
+# address. (string value)
+#rpc_zmq_bind_address = *
+# MatchMaker driver. (string value)
+#rpc_zmq_matchmaker = local
+# ZeroMQ receiver listening port. (integer value)
+#rpc_zmq_port = 9501
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+#rpc_zmq_contexts = 1
+# Maximum number of ingress messages to locally buffer per topic.
+# Default is unlimited. (integer value)
+#rpc_zmq_topic_backlog = <None>
+# Directory for holding IPC sockets. (string value)
+#rpc_zmq_ipc_dir = /var/run/openstack
+# Name of this node. Must be a valid hostname, FQDN, or IP address.
+# Must match "host" option, if running Nova. (string value)
+#rpc_zmq_host = localhost
+# Seconds to wait before a cast expires (TTL). Only supported by
+# impl_zmq. (integer value)
+#rpc_cast_timeout = 30
+# Heartbeat frequency. (integer value)
+#matchmaker_heartbeat_freq = 300
+# Heartbeat time-to-live. (integer value)
+#matchmaker_heartbeat_ttl = 600
+# Size of RPC thread pool. (integer value)
+#rpc_thread_pool_size = 64
+# Driver or drivers to handle sending notifications. (multi valued)
+#notification_driver =
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+#notification_topics = notifications
+# Seconds to wait for a response from a call. (integer value)
+#rpc_response_timeout = 60
+# A URL representing the messaging driver to use and its full
+# configuration. If not set, we fall back to the rpc_backend option
+# and driver specific configuration. (string value)
+#transport_url = <None>
+# The messaging driver to use, defaults to rabbit. Other drivers
+# include qpid and zmq. (string value)
+#rpc_backend = rabbit
+# The default exchange under which topics are scoped. May be
+# overridden by an exchange name specified in the transport_url
+# option. (string value)
+#control_exchange = openstack
 [database]
-# The file name to use with SQLite (string value)
+#
+# From oslo.db
+#
+# The file name to use with SQLite. (string value)
+# Deprecated group/name - [DEFAULT]/sqlite_db
 #sqlite_db = oslo.sqlite
-# If True, SQLite uses synchronous mode (boolean value)
+# If True, SQLite uses synchronous mode. (boolean value)
-#sqlite_synchronous = True
+# Deprecated group/name - [DEFAULT]/sqlite_synchronous
+#sqlite_synchronous = true
-# The backend to use for db (string value)
+# The back end to use for the database. (string value)
 # Deprecated group/name - [DEFAULT]/db_backend
 #backend = sqlalchemy
-# The SQLAlchemy connection string used to connect to the
+# The SQLAlchemy connection string to use to connect to the database.
-# database (string value)
+# (string value)
 # Deprecated group/name - [DEFAULT]/sql_connection
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 connection = mysql://%SERVICE_USER%:%SERVICE_PASSWORD%@localhost/glance
-# The SQL mode to be used for MySQL sessions. This option,
+# The SQLAlchemy connection string to use to connect to the slave
-# including the default, overrides any server-set SQL mode. To
+# database. (string value)
-# use whatever SQL mode is set by the server configuration,
+#slave_connection = <None>
-# set this to no value. Example: mysql_sql_mode= (string
-# value)
+# The SQL mode to be used for MySQL sessions. This option, including
+# the default, overrides any server-set SQL mode. To use whatever SQL
+# mode is set by the server configuration, set this to no value.
+# Example: mysql_sql_mode= (string value)
 #mysql_sql_mode = TRADITIONAL
-# Timeout before idle sql connections are reaped (integer
+# Timeout before idle SQL connections are reaped. (integer value)
-# value)
 # Deprecated group/name - [DEFAULT]/sql_idle_timeout
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
 # Deprecated group/name - [sql]/idle_timeout
 #idle_timeout = 3600
-# Minimum number of SQL connections to keep open in a pool
+# Minimum number of SQL connections to keep open in a pool. (integer
-# (integer value)
+# value)
 # Deprecated group/name - [DEFAULT]/sql_min_pool_size
 # Deprecated group/name - [DATABASE]/sql_min_pool_size
 #min_pool_size = 1
-# Maximum number of SQL connections to keep open in a pool
+# Maximum number of SQL connections to keep open in a pool. (integer
-# (integer value)
+# value)
 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
 # Deprecated group/name - [DATABASE]/sql_max_pool_size
 #max_pool_size = <None>
-# Maximum db connection retries during startup. (setting -1
+# Maximum number of database connection retries during startup. Set to
-# implies an infinite retry count) (integer value)
+# -1 to specify an infinite retry count. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_max_retries
 # Deprecated group/name - [DATABASE]/sql_max_retries
 #max_retries = 10
-# Interval between retries of opening a sql connection
+# Interval between retries of opening a SQL connection. (integer
-# (integer value)
+# value)
 # Deprecated group/name - [DEFAULT]/sql_retry_interval
 # Deprecated group/name - [DATABASE]/reconnect_interval
 #retry_interval = 10
-# If set, use this value for max_overflow with sqlalchemy
+# If set, use this value for max_overflow with SQLAlchemy. (integer
-# (integer value)
+# value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
 #max_overflow = <None>
-# Verbosity of SQL debugging information. 0=None,
+# Verbosity of SQL debugging information: 0=None, 100=Everything.
-# 100=Everything (integer value)
+# (integer value)
 # Deprecated group/name - [DEFAULT]/sql_connection_debug
 #connection_debug = 0
-# Add python stack traces to SQL as comment strings (boolean
+# Add Python stack traces to SQL as comment strings. (boolean value)
-# value)
 # Deprecated group/name - [DEFAULT]/sql_connection_trace
-#connection_trace = False
+#connection_trace = false
-# If set, use this value for pool_timeout with sqlalchemy
+# If set, use this value for pool_timeout with SQLAlchemy. (integer
-# (integer value)
+# value)
 # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
 #pool_timeout = <None>
-# Enable the experimental use of database reconnect on
+# Enable the experimental use of database reconnect on connection
-# connection lost (boolean value)
+# lost. (boolean value)
-#use_db_reconnect = False
+#use_db_reconnect = false
-# seconds between db connection retries (integer value)
+# Seconds between retries of a database transaction. (integer value)
 #db_retry_interval = 1
-# Whether to increase interval between db connection retries,
+# If True, increases the interval between retries of a database
-# up to db_max_retry_interval (boolean value)
+# operation up to db_max_retry_interval. (boolean value)
-#db_inc_retry_interval = True
+#db_inc_retry_interval = true
-# max seconds between db connection retries, if
+# If db_inc_retry_interval is set, the maximum seconds between retries
-# db_inc_retry_interval is enabled (integer value)
+# of a database operation. (integer value)
 #db_max_retry_interval = 10
-# maximum db connection retries before error is raised.
+# Maximum retries in case of connection error or deadlock error before
-# (setting -1 implies an infinite retry count) (integer value)
+# error is raised. Set to -1 to specify an infinite retry count.
+# (integer value)
 #db_max_retries = 20
-[keystone_authtoken]
+#
-auth_uri = http://127.0.0.1:5000/v2.0/
+# From oslo.db.concurrency
-identity_uri = http://127.0.0.1:35357/
+#
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
+# Enable the experimental use of thread pooling for all DB API calls
-admin_password = %SERVICE_PASSWORD%
+# (boolean value)
-revocation_cache_time = 10
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
-signing_dir = /var/lib/glance/keystone-signing
+#use_tpool = false
-[paste_deploy]
-# Name of the paste configuration file that defines the available pipelines
-#config_file = glance-api-paste.ini
-# Partial name of a pipeline in your paste configuration file with the
-# service name removed. For example, if your paste section name is
-# [pipeline:glance-api-keystone], you would configure the flavor below
-# as 'keystone'.
-flavor=keystone
-[store_type_location_strategy]
-# The scheme list to use to get store preference order. The scheme must be
-# registered by one of the stores defined by the 'known_stores' config option.
-# This option will be applied when you using 'store_type' option as image
-# location strategy defined by the 'location_strategy' config option.
-#store_type_preference =
-[profiler]
-# If False fully disable profiling feature.
-#enabled = False
-# If False doesn't trace SQL requests.
-#trace_sqlalchemy = False
-[task]
-# ================= Glance Tasks Options ============================
-# Specifies how long (in hours) a task is supposed to live in the tasks DB
-# after succeeding or failing before getting soft-deleted.
-# The default value for task_time_to_live is 48 hours.
-# task_time_to_live = 48
-# Specifies which task executor to be used to run the task scripts.
-# The default value for task_executor is eventlet.
-# task_executor = eventlet
-# Specifies the maximum number of eventlet threads which can be spun up by
-# the eventlet based task executor to perform execution of Glance tasks.
-# eventlet_executor_pool_size = 1000
 [glance_store]
-# List of which store classes and store class locations are
-# currently known to glance at startup.
+#
-# Existing but disabled stores:
+# From glance.store
-#      glance.store.rbd.Store,
+#
-#      glance.store.s3.Store,
-#      glance.store.swift.Store,
+# List of stores enabled (list value)
-#      glance.store.sheepdog.Store,
+#stores = file,http
-#      glance.store.cinder.Store,
-#      glance.store.gridfs.Store,
+# Default scheme to use to store image data. The scheme must be
-#      glance.store.vmware_datastore.Store,
+# registered by one of the stores defined by the 'stores' config
-#stores = glance.store.filesystem.Store,
+# option. (string value)
-#         glance.store.http.Store
+#default_store = file
-# ============ Filesystem Store Options ========================
+# Minimum interval seconds to execute updating dynamic storage
+# capabilities based on backend status then. It's not a periodic
-# Directory that the Filesystem backend store
+# routine, the update logic will be executed only when interval
-# writes image data to
+# seconds elapsed and an operation of store has triggered. The feature
-filesystem_store_datadir = /var/lib/glance/images/
+# will be enabled only when the option value greater then zero.
+# (integer value)
-# A list of directories where image data can be stored.
+#store_capabilities_update_min_interval = 0
-# This option may be specified multiple times for specifying multiple store
-# directories. Either one of filesystem_store_datadirs or
+#
-# filesystem_store_datadir option is required. A priority number may be given
+# From glance.store
-# after each directory entry, separated by a ":".
+#
-# When adding an image, the highest priority directory will be selected, unless
-# there is not enough space available in cases where the image size is already
+# Images will be chunked into objects of this size (in megabytes). For
-# known. If no priority is given, it is assumed to be zero and the directory
+# best performance, this should be a power of two. (integer value)
-# will be considered for selection last. If multiple directories have the same
+#sheepdog_store_chunk_size = 64
-# priority, then the one with the most free space available is selected.
-# If same store is specified multiple times then BadStoreConfiguration
+# Port of sheep daemon. (integer value)
-# exception will be raised.
+#sheepdog_store_port = 7000
-#filesystem_store_datadirs = /var/lib/glance/images/:1
+# IP address of sheep daemon. (string value)
-# A path to a JSON file that contains metadata describing the storage
+#sheepdog_store_address = localhost
-# system.  When show_multiple_locations is True the information in this
-# file will be returned with any location that is contained in this
+# RADOS images will be chunked into objects of this size (in
-# store.
+# megabytes). For best performance, this should be a power of two.
-#filesystem_store_metadata_file = None
+# (integer value)
+#rbd_store_chunk_size = 8
-# ============ Swift Store Options =============================
+# RADOS pool in which images are stored. (string value)
-# Version of the authentication service to use
+#rbd_store_pool = images
-# Valid versions are '2' for keystone and '1' for swauth and rackspace
-swift_store_auth_version = 2
+# RADOS user to authenticate as (only applicable if using Cephx. If
+# <None>, a default will be chosen based on the client. section in
-# Address where the Swift authentication service lives
+# rbd_store_ceph_conf) (string value)
-# Valid schemes are 'http://' and 'https://'
+#rbd_store_user = <None>
-# If no scheme specified,  default to 'https://'
-# For swauth, use something like '127.0.0.1:8080/v1.0/'
+# Ceph configuration file path. If <None>, librados will locate the
-swift_store_auth_address = 127.0.0.1:5000/v2.0/
+# default config. If using cephx authentication, this file should
+# include a reference to the right keyring in a client.<USER> section
-# User to authenticate against the Swift authentication service
+# (string value)
-# If you use Swift authentication service, set it to 'account':'user'
+#rbd_store_ceph_conf = /etc/ceph/ceph.conf
-# where 'account' is a Swift storage account and 'user'
-# is a user in that account
+# The host where the S3 server is listening. (string value)
-swift_store_user = jdoe:jdoe
+#s3_store_host = <None>
-# Auth key for the user authenticating against the
+# The S3 query token access key. (string value)
-# Swift authentication service
+#s3_store_access_key = <None>
-swift_store_key = a86850deb2742ec3cb41518e26aa2d89
+# The S3 query token secret key. (string value)
-# Container within the account that the account should use
+#s3_store_secret_key = <None>
-# for storing images in Swift
-swift_store_container = glance
+# The S3 bucket to be used to store the Glance data. (string value)
+#s3_store_bucket = <None>
-# Do we create the container if it does not exist?
-swift_store_create_container_on_put = False
+# The local directory where uploads will be staged before they are
+# transferred into S3. (string value)
-# What size, in MB, should Glance start chunking image files
+#s3_store_object_buffer_dir = <None>
-# and do a large object manifest in Swift? By default, this is
-# the maximum object size in Swift, which is 5GB
+# A boolean to determine if the S3 bucket should be created on upload
-swift_store_large_object_size = 5120
+# if it does not exist or if an error should be returned to the user.
+# (boolean value)
-# swift_store_config_file = glance-swift.conf
+#s3_store_create_bucket_on_put = false
-# This file contains references for each of the configured
-# Swift accounts/backing stores. If used, this option can prevent
+# The S3 calling format used to determine the bucket. Either subdomain
-# credentials being stored in the database. Using Swift references
+# or path can be used. (string value)
-# is disabled if this config is left blank.
-# The reference to the default Swift parameters to use for adding new images.
-# default_swift_reference = 'ref1'
-# When doing a large object manifest, what size, in MB, should
-# Glance write chunks to Swift? This amount of data is written
-# to a temporary disk buffer during the process of chunking
-# the image file, and the default is 200MB
-swift_store_large_object_chunk_size = 200
-# Whether to use ServiceNET to communicate with the Swift storage servers.
-# (If you aren't RACKSPACE, leave this False!)
-#
-# To use ServiceNET for authentication, prefix hostname of
-# `swift_store_auth_address` with 'snet-'.
-# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
-swift_enable_snet = False
-# If set to True enables multi-tenant storage mode which causes Glance images
-# to be stored in tenant specific Swift accounts.
-#swift_store_multi_tenant = False
-# A list of swift ACL strings that will be applied as both read and
-# write ACLs to the containers created by Glance in multi-tenant
-# mode. This grants the specified tenants/users read and write access
-# to all newly created image objects. The standard swift ACL string
-# formats are allowed, including:
-# <tenant_id>:<username>
-# <tenant_name>:<username>
-# *:<username>
-# Multiple ACLs can be combined using a comma separated list, for
-# example: swift_store_admin_tenants = service:glance,*:admin
-#swift_store_admin_tenants =
-# The region of the swift endpoint to be used for single tenant. This setting
-# is only necessary if the tenant has multiple swift endpoints.
-#swift_store_region =
-# If set to False, disables SSL layer compression of https swift requests.
-# Setting to 'False' may improve performance for images which are already
-# in a compressed format, eg qcow2. If set to True, enables SSL layer
-# compression (provided it is supported by the target swift proxy).
-#swift_store_ssl_compression = True
-# The number of times a Swift download will be retried before the
-# request fails
-#swift_store_retry_get_count = 0
-# Bypass SSL verification for Swift
-#swift_store_auth_insecure = False
-# ============ S3 Store Options =============================
-# Address where the S3 authentication service lives
-# Valid schemes are 'http://' and 'https://'
-# If no scheme specified,  default to 'http://'
-s3_store_host = 127.0.0.1:8080/v1.0/
-# User to authenticate against the S3 authentication service
-s3_store_access_key = <20-char AWS access key>
-# Auth key for the user authenticating against the
-# S3 authentication service
-s3_store_secret_key = <40-char AWS secret key>
-# Container within the account that the account should use
-# for storing images in S3. Note that S3 has a flat namespace,
-# so you need a unique bucket name for your glance images. An
-# easy way to do this is append your AWS access key to "glance".
-# S3 buckets in AWS *must* be lowercased, so remember to lowercase
-# your AWS access key if you use it in your bucket name below!
-s3_store_bucket = <lowercased 20-char aws access key>glance
-# Do we create the bucket if it does not exist?
-s3_store_create_bucket_on_put = False
-# When sending images to S3, the data will first be written to a
-# temporary buffer on disk. By default the platform's temporary directory
-# will be used. If required, an alternative directory can be specified here.
-#s3_store_object_buffer_dir = /path/to/dir
-# When forming a bucket url, boto will either set the bucket name as the
-# subdomain or as the first token of the path. Amazon's S3 service will
-# accept it as the subdomain, but Swift's S3 middleware requires it be
-# in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'.
 #s3_store_bucket_url_format = subdomain
-# Size, in MB, should S3 start chunking image files
+# What size, in MB, should S3 start chunking image files and do a
-# and do a multipart upload in S3. The default is 100MB.
+# multipart upload in S3. (integer value)
 #s3_store_large_object_size = 100
-# Multipart upload part size, in MB, should S3 use when uploading
+# What multipart upload part size, in MB, should S3 use when uploading
-# parts. The size must be greater than or equal to
+# parts. The size must be greater than or equal to 5M. (integer value)
-# 5MB. The default is 10MB.
 #s3_store_large_object_chunk_size = 10
-# The number of thread pools to perform a multipart upload
+# The number of thread pools to perform a multipart upload in S3.
-# in S3. The default is 10.
+# (integer value)
 #s3_store_thread_pools = 10
-# ============ RBD Store Options =============================
+# Hostname or IP address of the instance to connect to, or a mongodb
+# URI, or a list of hostnames / mongodb URIs. If host is an IPv6
-# Ceph configuration file path
+# literal it must be enclosed in '[' and ']' characters following the
-# If using cephx authentication, this file should
+# RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value)
-# include a reference to the right keyring
+#mongodb_store_uri = <None>
-# in a client.<USER> section
-#rbd_store_ceph_conf = /etc/ceph/ceph.conf
+# Database to use (string value)
+#mongodb_store_db = <None>
-# RADOS user to authenticate as (only applicable if using cephx)
-# If <None>, a default will be chosen based on the client. section
+# Info to match when looking for cinder in the service catalog. Format
-# in rbd_store_ceph_conf
+# is : separated values of the form:
-#rbd_store_user = <None>
-# RADOS pool in which images are stored
-#rbd_store_pool = images
-# RADOS images will be chunked into objects of this size (in megabytes).
-# For best performance, this should be a power of two
-#rbd_store_chunk_size = 8
-# ============ Sheepdog Store Options =============================
-sheepdog_store_address = localhost
-sheepdog_store_port = 7000
-# Images will be chunked into objects of this size (in megabytes).
-# For best performance, this should be a power of two
-sheepdog_store_chunk_size = 64
-# ============ Cinder Store Options ===============================
-# Info to match when looking for cinder in the service catalog
-# Format is : separated values of the form:
 # <service_type>:<service_name>:<endpoint_type> (string value)
 #cinder_catalog_info = volume:cinder:publicURL
 # Override service catalog lookup with template for cinder endpoint
 # e.g. http://localhost:8776/v1/%(project_id)s (string value)
 #cinder_endpoint_template = <None>
 # Region name of this node (string value)
 #os_region_name = <None>
-# Location of ca certicates file to use for cinder client requests
+# Location of ca certicates file to use for cinder client requests.
 # (string value)
 #cinder_ca_certificates_file = <None>
 # Number of cinderclient retries on failed http calls (integer value)
 #cinder_http_retries = 3
 # Allow to perform insecure SSL requests to cinder (boolean value)
-#cinder_api_insecure = False
+#cinder_api_insecure = false
-# ============ VMware Datastore Store Options =====================
+# Directory to which the Filesystem backend store writes images.
+# (string value)
-# ESX/ESXi or vCenter Server target system.
+filesystem_store_datadir = /var/lib/glance/images/
-# The server value can be an IP address or a DNS name
-# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com
+# List of directories and its priorities to which the Filesystem
+# backend store writes images. (multi valued)
+#filesystem_store_datadirs =
+# The path to a file which contains the metadata to be returned with
+# any location associated with this store.  The file must contain a
+# valid JSON object. The object should contain the keys 'id' and
+# 'mountpoint'. The value for both keys should be 'string'. (string
+# value)
+#filesystem_store_metadata_file = <None>
+# The required permission for created image file. In this way the user
+# other service used, e.g. Nova, who consumes the image could be the
+# exclusive member of the group that owns the files created. Assigning
+# it less then or equal to zero means don't change the default
+# permission of the file. This value will be decoded as an octal
+# digit. (integer value)
+#filesystem_store_file_perm = 0
+# Version of the authentication service to use. Valid versions are 2
+# for keystone and 1 for swauth and rackspace. (deprecated) (string
+# value)
+#swift_store_auth_version = 2
+# If True, swiftclient won't check for a valid SSL certificate when
+# authenticating. (boolean value)
+#swift_store_auth_insecure = false
+# A string giving the CA certificate file to use in SSL connections
+# for verifying certs. (string value)
+#swift_store_cacert = <None>
+# The region of the swift endpoint to be used for single tenant. This
+# setting is only necessary if the tenant has multiple swift
+# endpoints. (string value)
+#swift_store_region = <None>
+# If set, the configured endpoint will be used. If None, the storage
+# url from the auth response will be used. (string value)
+#swift_store_endpoint = <None>
+# A string giving the endpoint type of the swift service to use
+# (publicURL, adminURL or internalURL). This setting is only used if
+# swift_store_auth_version is 2. (string value)
+#swift_store_endpoint_type = publicURL
+# A string giving the service type of the swift service to use. This
+# setting is only used if swift_store_auth_version is 2. (string
+# value)
+#swift_store_service_type = object-store
+# Container within the account that the account should use for storing
+# images in Swift when using single container mode. In multiple
+# container mode, this will be the prefix for all containers. (string
+# value)
+#swift_store_container = glance
+# The size, in MB, that Glance will start chunking image files and do
+# a large object manifest in Swift. (integer value)
+#swift_store_large_object_size = 5120
+# The amount of data written to a temporary disk buffer during the
+# process of chunking the image file. (integer value)
+#swift_store_large_object_chunk_size = 200
+# A boolean value that determines if we create the container if it
+# does not exist. (boolean value)
+#swift_store_create_container_on_put = false
+# If set to True, enables multi-tenant storage mode which causes
+# Glance images to be stored in tenant specific Swift accounts.
+# (boolean value)
+#swift_store_multi_tenant = false
+# When set to 0, a single-tenant store will only use one container to
+# store all images. When set to an integer value between 1 and 32, a
+# single-tenant store will use multiple containers to store images,
+# and this value will determine how many containers are created.Used
+# only when swift_store_multi_tenant is disabled. The total number of
+# containers that will be used is equal to 16^N, so if this config
+# option is set to 2, then 16^2=256 containers will be used to store
+# images. (integer value)
+#swift_store_multiple_containers_seed = 0
+# A list of tenants that will be granted read/write access on all
+# Swift containers created by Glance in multi-tenant mode. (list
+# value)
+#swift_store_admin_tenants =
+# If set to False, disables SSL layer compression of https swift
+# requests. Setting to False may improve performance for images which
+# are already in a compressed format, eg qcow2. (boolean value)
+#swift_store_ssl_compression = true
+# The number of times a Swift download will be retried before the
+# request fails. (integer value)
+#swift_store_retry_get_count = 0
+# The reference to the default swift account/backing store parameters
+# to use for adding new images. (string value)
+#default_swift_reference = ref1
+# The address where the Swift authentication service is
+# listening.(deprecated) (string value)
+#swift_store_auth_address = <None>
+# The user to authenticate against the Swift authentication service
+# (deprecated) (string value)
+#swift_store_user = <None>
+# Auth key for the user authenticating against the Swift
+# authentication service. (deprecated) (string value)
+#swift_store_key = <None>
+# The config file that has the swift account(s)configs. (string value)
+#swift_store_config_file = <None>
+# ESX/ESXi or vCenter Server target system. The server value can be an
+# IP address or a DNS name. (string value)
 #vmware_server_host = <None>
-# Server username (string value)
+# Username for authenticating with VMware ESX/VC server. (string
+# value)
 #vmware_server_username = <None>
-# Server password (string value)
+# Password for authenticating with VMware ESX/VC server. (string
+# value)
 #vmware_server_password = <None>
-# Inventory path to a datacenter (string value)
+# DEPRECATED. Inventory path to a datacenter. If the
-# Value optional when vmware_server_ip is an ESX/ESXi host: if specified
+# vmware_server_host specified is an ESX/ESXi, the
-# should be `ha-datacenter`.
+# vmware_datacenter_path is optional. If specified, it should be "ha-
-#vmware_datacenter_path = <None>
+# datacenter". This option is deprecated in favor of vmware_datastores
+# and will be removed in the Liberty release. (string value)
-# Datastore associated with the datacenter (string value)
+#vmware_datacenter_path = ha-datacenter
+# DEPRECATED. Datastore associated with the datacenter. This option is
+# deprecated in favor of vmware_datastores and will be removed in the
+# Liberty release. (string value)
 #vmware_datastore_name = <None>
-# The number of times we retry on failures
+# Number of times VMware ESX/VC server API must be retried upon
-# e.g., socket error, etc (integer value)
+# connection related issues. (integer value)
 #vmware_api_retry_count = 10
-# The interval used for polling remote tasks
+# The interval used for polling remote tasks invoked on VMware ESX/VC
-# invoked on VMware ESX/VC server in seconds (integer value)
+# server. (integer value)
 #vmware_task_poll_interval = 5
-# Absolute path of the folder containing the images in the datastore
+# The name of the directory where the glance images will be stored in
+# the VMware datastore. (string value)
+#vmware_store_image_dir = /openstack_glance
+# Allow to perform insecure SSL requests to ESX/VC. (boolean value)
+#vmware_api_insecure = false
+# A list of datastores where the image can be stored. This option may
+# be specified multiple times for specifying multiple datastores.
+# Either one of vmware_datastore_name or vmware_datastores is
+# required. The datastore name should be specified after its
+# datacenter path, seperated by ":". An optional weight may be given
+# after the datastore name, seperated again by ":". Thus, the required
+# format becomes <datacenter_path>:<datastore_name>:<optional_weight>.
+# When adding an image, the datastore with highest weight will be
+# selected, unless there is not enough free space available in cases
+# where the image size is already known. If no weight is given, it is
+# assumed to be zero and the directory will be considered for
+# selection last. If multiple datastores have the same weight, then
+# the one with the most free space available is selected. (multi
+# valued)
+#vmware_datastores =
+[image_format]
+#
+# From glance.api
+#
+# Supported values for the 'container_format' image attribute (list
+# value)
+# Deprecated group/name - [DEFAULT]/container_formats
+#container_formats = ami,ari,aki,bare,ovf,ova,uar
+# Supported values for the 'disk_format' image attribute (list value)
+# Deprecated group/name - [DEFAULT]/disk_formats
+#disk_formats = ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,zfs
+[keystone_authtoken]
+#
+# From keystonemiddleware.auth_token
+#
+# Complete public Identity API endpoint. (string value)
+auth_uri = http://127.0.0.1:5000/v2.0/
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+# Do not handle authorization requests within the middleware, but
+# delegate the authorization decision to downstream WSGI components.
+# (boolean value)
+#delay_auth_decision = false
+# Request timeout value for communicating with Identity API server.
+# (integer value)
+#http_connect_timeout = <None>
+# How many times are we trying to reconnect when communicating with
+# Identity API Server. (integer value)
+#http_request_max_retries = 3
+# Env key for the swift cache. (string value)
+#cache = <None>
+# Required if identity server requires client certificate (string
+# value)
+#certfile = <None>
+# Required if identity server requires client certificate (string
+# value)
+#keyfile = <None>
+# A PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. Defaults to system CAs. (string value)
+#cafile = <None>
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+# Directory used to cache files related to PKI tokens. (string value)
+signing_dir = /var/lib/glance/keystone-signing
+# Optionally specify a list of memcached server(s) to use for caching.
+# If left undefined, tokens will instead be cached in-process. (list
+# value)
+# Deprecated group/name - [DEFAULT]/memcache_servers
+#memcached_servers = <None>
+# In order to prevent excessive effort spent validating tokens, the
+# middleware caches previously-seen tokens for a configurable duration
+# (in seconds). Set to -1 to disable caching completely. (integer
+# value)
+#token_cache_time = 300
+# Determines the frequency at which the list of revoked tokens is
+# retrieved from the Identity service (in seconds). A high number of
+# revocation events combined with a low cache duration may
+# significantly reduce performance. (integer value)
+#revocation_cache_time = 10
+# (Optional) If defined, indicate whether token data should be
+# authenticated or authenticated and encrypted. Acceptable values are
+# MAC or ENCRYPT.  If MAC, token data is authenticated (with HMAC) in
+# the cache. If ENCRYPT, token data is encrypted and authenticated in
+# the cache. If the value is not one of these options or empty,
+# auth_token will raise an exception on initialization. (string value)
+#memcache_security_strategy = <None>
+# (Optional, mandatory if memcache_security_strategy is defined) This
+# string is used for key derivation. (string value)
+#memcache_secret_key = <None>
+# (Optional) Number of seconds memcached server is considered dead
+# before it is tried again. (integer value)
+#memcache_pool_dead_retry = 300
+# (Optional) Maximum total number of open connections to every
+# memcached server. (integer value)
+#memcache_pool_maxsize = 10
+# (Optional) Socket timeout in seconds for communicating with a
+# memcache server. (integer value)
+#memcache_pool_socket_timeout = 3
+# (Optional) Number of seconds a connection to memcached is held
+# unused in the pool before it is closed. (integer value)
+#memcache_pool_unused_timeout = 60
+# (Optional) Number of seconds that an operation will wait to get a
+# memcache client connection from the pool. (integer value)
+#memcache_pool_conn_get_timeout = 10
+# (Optional) Use the advanced (eventlet safe) memcache client pool.
+# The advanced pool will only work under python 2.x. (boolean value)
+#memcache_use_advanced_pool = false
+# (Optional) Indicate whether to set the X-Service-Catalog header. If
+# False, middleware will not ask for service catalog on token
+# validation and will not set the X-Service-Catalog header. (boolean
+# value)
+#include_service_catalog = true
+# Used to control the use and type of token binding. Can be set to:
+# "disabled" to not check token binding. "permissive" (default) to
+# validate binding information if the bind type is of a form known to
+# the server and ignore it if not. "strict" like "permissive" but if
+# the bind type is unknown the token will be rejected. "required" any
+# form of token binding is needed to be allowed. Finally the name of a
+# binding method that must be present in tokens. (string value)
+#enforce_token_bind = permissive
+# If true, the revocation list will be checked for cached tokens. This
+# requires that PKI tokens are configured on the identity server.
+# (boolean value)
+#check_revocations_for_cached = false
+# Hash algorithms to use for hashing PKI tokens. This may be a single
+# algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given,
+# so put the preferred one first for performance. The result of the
+# first hash will be stored in the cache. This will typically be set
+# to multiple values only while migrating from a less secure algorithm
+# to a more secure one. Once all the old tokens are expired this
+# option should be set to a single value for better performance. (list
+# value)
+#hash_algorithms = md5
+# Prefix to prepend at the beginning of the path. Deprecated, use
+# identity_uri. (string value)
+#auth_admin_prefix =
+# Host providing the admin Identity API endpoint. Deprecated, use
+# identity_uri. (string value)
+#auth_host = 127.0.0.1
+# Port of the admin Identity API endpoint. Deprecated, use
+# identity_uri. (integer value)
+#auth_port = 35357
+# Protocol of the admin Identity API endpoint (http or https).
+# Deprecated, use identity_uri. (string value)
+#auth_protocol = https
+# Complete admin Identity API endpoint. This should specify the
+# unversioned root endpoint e.g. https://localhost:35357/ (string
+# value)
+identity_uri = http://127.0.0.1:35357/
+# This option is deprecated and may be removed in a future release.
+# Single shared secret with the Keystone configuration used for
+# bootstrapping a Keystone installation, or otherwise bypassing the
+# normal authentication process. This option should not be used, use
+# `admin_user` and `admin_password` instead. (string value)
+#admin_token = <None>
+# Service username. (string value)
+admin_user = %SERVICE_USER%
+# Service user password. (string value)
+admin_password = %SERVICE_PASSWORD%
+# Service tenant name. (string value)
+admin_tenant_name = %SERVICE_TENANT_NAME%
+# Name of the plugin to load (string value)
+#auth_plugin = <None>
+# Config Section from which to load plugin specific options (string
+# value)
+#auth_section = <None>
+[matchmaker_redis]
+#
+# From oslo.messaging
+#
+# Host to locate redis. (string value)
+#host = 127.0.0.1
+# Use this port to connect to redis host. (integer value)
+#port = 6379
+# Password for Redis server (optional). (string value)
+#password = <None>
+[matchmaker_ring]
+#
+# From oslo.messaging
+#
+# Matchmaker ring file (JSON). (string value)
+# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
+#ringfile = /etc/oslo/matchmaker_ring.json
+[oslo_concurrency]
+#
+# From oslo.concurrency
+#
+# Enables or disables inter-process locks. (boolean value)
+# Deprecated group/name - [DEFAULT]/disable_process_locking
+#disable_process_locking = false
+# Directory to use for lock files.  For security, the specified
+# directory should only be writable by the user running the processes
+# that need locking. Defaults to environment variable OSLO_LOCK_PATH.
+# If external locks are used, a lock path must be set. (string value)
+# Deprecated group/name - [DEFAULT]/lock_path
+#lock_path = <None>
+[oslo_messaging_amqp]
+#
+# From oslo.messaging
+#
+# address prefix used when sending to a specific server (string value)
+# Deprecated group/name - [amqp1]/server_request_prefix
+#server_request_prefix = exclusive
+# address prefix used when broadcasting to all servers (string value)
+# Deprecated group/name - [amqp1]/broadcast_prefix
+#broadcast_prefix = broadcast
+# address prefix when sending to any server in group (string value)
+# Deprecated group/name - [amqp1]/group_request_prefix
+#group_request_prefix = unicast
+# Name for the AMQP container (string value)
+# Deprecated group/name - [amqp1]/container_name
+#container_name = <None>
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+#idle_timeout = 0
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+#trace = false
+# CA certificate PEM file for verifing server certificate (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+#ssl_ca_file =
+# Identifying certificate PEM file to present to clients (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+#ssl_cert_file =
+# Private key PEM file used to sign cert_file certificate (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+#ssl_key_file =
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+#ssl_key_password = <None>
+# Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
+#allow_insecure_clients = false
+[oslo_messaging_qpid]
+#
+# From oslo.messaging
+#
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues = false
+# Auto-delete queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_auto_delete
+#amqp_auto_delete = false
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+#rpc_conn_pool_size = 30
+# Qpid broker hostname. (string value)
+# Deprecated group/name - [DEFAULT]/qpid_hostname
+#qpid_hostname = localhost
+# Qpid broker port. (integer value)
+# Deprecated group/name - [DEFAULT]/qpid_port
+#qpid_port = 5672
+# Qpid HA cluster host:port pairs. (list value)
+# Deprecated group/name - [DEFAULT]/qpid_hosts
+#qpid_hosts = $qpid_hostname:$qpid_port
+# Username for Qpid connection. (string value)
+# Deprecated group/name - [DEFAULT]/qpid_username
+#qpid_username =
+# Password for Qpid connection. (string value)
+# Deprecated group/name - [DEFAULT]/qpid_password
+#qpid_password =
+# Space separated list of SASL mechanisms to use for auth. (string
+# value)
+# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms
+#qpid_sasl_mechanisms =
+# Seconds between connection keepalive heartbeats. (integer value)
+# Deprecated group/name - [DEFAULT]/qpid_heartbeat
+#qpid_heartbeat = 60
+# Transport to use, either 'tcp' or 'ssl'. (string value)
+# Deprecated group/name - [DEFAULT]/qpid_protocol
+#qpid_protocol = tcp
+# Whether to disable the Nagle algorithm. (boolean value)
+# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay
+#qpid_tcp_nodelay = true
+# The number of prefetched messages held by receiver. (integer value)
+# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity
+#qpid_receiver_capacity = 1
+# The qpid topology version to use.  Version 1 is what was originally
+# used by impl_qpid.  Version 2 includes some backwards-incompatible
+# changes that allow broker federation to work.  Users should update
+# to version 2 when they are able to take everything down, as it
+# requires a clean break. (integer value)
+# Deprecated group/name - [DEFAULT]/qpid_topology_version
+#qpid_topology_version = 1
+[oslo_messaging_rabbit]
+#
+# From oslo.messaging
+#
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues = false
+# Auto-delete queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_auto_delete
+#amqp_auto_delete = false
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+#rpc_conn_pool_size = 30
+# SSL version to use (valid only if SSL enabled). Valid values are
+# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
+# available on some distributions. (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_version
+#kombu_ssl_version =
+# SSL key file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
+#kombu_ssl_keyfile =
+# SSL cert file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
+#kombu_ssl_certfile =
+# SSL certification authority file (valid only if SSL enabled).
 # (string value)
-#vmware_store_image_dir = /openstack_glance
+# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
+#kombu_ssl_ca_certs =
-# Allow to perform insecure SSL requests to the target system (boolean value)
-#vmware_api_insecure = False
+# How long to wait before reconnecting in response to an AMQP consumer
+# cancel notification. (floating point value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
+#kombu_reconnect_delay = 1.0
+# The RabbitMQ broker address where a single node is used. (string
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_host
+#rabbit_host = localhost
+# The RabbitMQ broker port where a single node is used. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_port
+#rabbit_port = 5672
+# RabbitMQ HA cluster host:port pairs. (list value)
+# Deprecated group/name - [DEFAULT]/rabbit_hosts
+#rabbit_hosts = $rabbit_host:$rabbit_port
+# Connect over SSL for RabbitMQ. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
+#rabbit_use_ssl = false
+# The RabbitMQ userid. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_userid
+#rabbit_userid = guest
+# The RabbitMQ password. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_password
+#rabbit_password = guest
+# The RabbitMQ login method. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_login_method
+#rabbit_login_method = AMQPLAIN
+# The RabbitMQ virtual host. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+#rabbit_virtual_host = /
+# How frequently to retry connecting with RabbitMQ. (integer value)
+#rabbit_retry_interval = 1
+# How long to backoff for between retries when connecting to RabbitMQ.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
+#rabbit_retry_backoff = 2
+# Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
+# Deprecated group/name - [DEFAULT]/rabbit_max_retries
+#rabbit_max_retries = 0
+# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this
+# option, you must wipe the RabbitMQ database. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
+#rabbit_ha_queues = false
+# Number of seconds after which the Rabbit broker is considered down
+# if heartbeat's keep-alive fails (0 disables the heartbeat, >0
+# enables it. Enabling heartbeats requires kombu>=3.0.7 and
+# amqp>=1.4.0). EXPERIMENTAL (integer value)
+#heartbeat_timeout_threshold = 0
+# How often times during the heartbeat_timeout_threshold we check the
+# heartbeat. (integer value)
+#heartbeat_rate = 2
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/fake_rabbit
+#fake_rabbit = false
+[oslo_policy]
+#
+# From oslo.policy
+#
+# The JSON file that defines policies. (string value)
+# Deprecated group/name - [DEFAULT]/policy_file
+#policy_file = policy.json
+# Default rule. Enforced when a requested rule is not found. (string
+# value)
+# Deprecated group/name - [DEFAULT]/policy_default_rule
+#policy_default_rule = default
+# Directories where policy configuration files are stored. They can be
+# relative to any directory in the search path defined by the
+# config_dir option, or absolute paths. The file defined by
+# policy_file must exist for these directories to be searched.
+# Missing or empty directories are ignored. (multi valued)
+# Deprecated group/name - [DEFAULT]/policy_dirs
+#policy_dirs = policy.d
+[paste_deploy]
+#
+# From glance.api
+#
+# Partial name of a pipeline in your paste configuration file with the
+# service name removed. For example, if your paste section name is
+# [pipeline:glance-api-keystone] use the value "keystone" (string
+# value)
+flavor = keystone
+# Name of the paste configuration file. (string value)
+#config_file = <None>
+[profiler]
+#
+# From glance.api
+#
+# If False fully disable profiling feature. (boolean value)
+#enabled = false
+# If False doesn't trace SQL requests. (boolean value)
+#trace_sqlalchemy = false
+[store_type_location_strategy]
+#
+# From glance.api
+#
+# The store names to use to get store preference order. The name must
+# be registered by one of the stores defined by the 'stores' config
+# option. This option will be applied when you using 'store_type'
+# option as image location strategy defined by the 'location_strategy'
+# config option. (list value)
+#store_type_preference =
+[task]
+#
+# From glance.api
+#
+# Time in hours for which a task lives after, either succeeding or
+# failing (integer value)
+# Deprecated group/name - [DEFAULT]/task_time_to_live
+#task_time_to_live = 48
+# Specifies which task executor to be used to run the task scripts.
+# (string value)
+#task_executor = taskflow
+# Work dir for asynchronous task operations. The directory set here
+# will be used to operate over images - normally before they are
+# imported in the destination store. When providing work dir, make
+# sure enough space is provided for concurrent tasks to run
+# efficiently without running out of space. A rough estimation can be
+# done by multiplying the number of `max_workers` - or the N of
+# workers running - by an average image size (e.g 500MB). The image
+# size estimation should be done based on the average size in your
+# deployment. Note that depending on the tasks running you may need to
+# multiply this number by some factor depending on what the task does.
+# For example, you may want to double the available size if image
+# conversion is enabled. All this being said, remember these are just
+# estimations and you should do them based on the worst case scenario
+# and be prepared to act in case they were wrong. (string value)
+#work_dir = <None>
+[taskflow_executor]
+#
+# From glance.api
+#
+# The mode in which the engine will run. Can be 'serial' or
+# 'parallel'. (string value)
+# Allowed values: serial, parallel
+#engine_mode = parallel
+# The number of parallel activities executed at the same time by the
+# engine. The value can be greater than one when the engine mode is
+# 'parallel'. (integer value)
+# Deprecated group/name - [task]/eventlet_executor_pool_size
+#max_workers = 10

branch	s11u3-sru
changeset 6035	c9748fcc32de
parent 4072	db0cec748ec0