1 [DEFAULT] |
1 [DEFAULT] |
2 # Show more verbose log output (sets INFO log level output) |
2 |
3 #verbose = False |
3 # |
4 |
4 # From glance.api |
5 # Show debugging output in logs (sets DEBUG log level output) |
5 # |
6 #debug = False |
6 |
7 |
7 # When true, this option sets the owner of an image to be the tenant. |
8 # Which backend scheme should Glance use by default is not specified |
8 # Otherwise, the owner of the image will be the authenticated user |
9 # in a request to add a new image to Glance? Known schemes are determined |
9 # issuing the request. (boolean value) |
10 # by the known_stores option below. |
10 #owner_is_tenant = true |
11 # Default: 'file' |
11 |
12 default_store = file |
12 # Role used to identify an authenticated user as administrator. |
13 |
13 # (string value) |
14 # Maximum image size (in bytes) that may be uploaded through the |
14 #admin_role = admin |
15 # Glance API server. Defaults to 1 TB. |
15 |
16 # WARNING: this value should only be increased after careful consideration |
16 # Allow unauthenticated users to access the API with read-only |
17 # and must be set to a value under 8 EB (9223372036854775808). |
17 # privileges. This only applies when using ContextMiddleware. (boolean |
|
18 # value) |
|
19 #allow_anonymous_access = false |
|
20 |
|
21 # Public url to use for versions endpoint. The default is None, which |
|
22 # will use the request's host_url attribute to populate the URL base. |
|
23 # If Glance is operating behind a proxy, you will want to change this |
|
24 # to represent the proxy's URL. (string value) |
|
25 #public_endpoint = <None> |
|
26 |
|
27 # Whether to allow users to specify image properties beyond what the |
|
28 # image schema provides (boolean value) |
|
29 #allow_additional_image_properties = true |
|
30 |
|
31 # Maximum number of image members per image. Negative values evaluate |
|
32 # to unlimited. (integer value) |
|
33 #image_member_quota = 128 |
|
34 |
|
35 # Maximum number of properties allowed on an image. Negative values |
|
36 # evaluate to unlimited. (integer value) |
|
37 #image_property_quota = 128 |
|
38 |
|
39 # Maximum number of tags allowed on an image. Negative values evaluate |
|
40 # to unlimited. (integer value) |
|
41 #image_tag_quota = 128 |
|
42 |
|
43 # Maximum number of locations allowed on an image. Negative values |
|
44 # evaluate to unlimited. (integer value) |
|
45 #image_location_quota = 10 |
|
46 |
|
47 # Python module path of data access API (string value) |
|
48 #data_api = glance.db.sqlalchemy.api |
|
49 |
|
50 # Default value for the number of items returned by a request if not |
|
51 # specified explicitly in the request (integer value) |
|
52 #limit_param_default = 25 |
|
53 |
|
54 # Maximum permissible number of items that could be returned by a |
|
55 # request (integer value) |
|
56 #api_limit_max = 1000 |
|
57 |
|
58 # Whether to include the backend image storage location in image |
|
59 # properties. Revealing storage location can be a security risk, so |
|
60 # use this setting with caution! (boolean value) |
|
61 #show_image_direct_url = false |
|
62 |
|
63 # Whether to include the backend image locations in image properties. |
|
64 # For example, if using the file system store a URL of |
|
65 # "file:///path/to/image" will be returned to the user in the |
|
66 # 'direct_url' meta-data field. Revealing storage location can be a |
|
67 # security risk, so use this setting with caution! The overrides |
|
68 # show_image_direct_url. (boolean value) |
|
69 #show_multiple_locations = false |
|
70 |
|
71 # Maximum size of image a user can upload in bytes. Defaults to |
|
72 # 1099511627776 bytes (1 TB).WARNING: this value should only be |
|
73 # increased after careful consideration and must be set to a value |
|
74 # under 8 EB (9223372036854775808). (integer value) |
18 #image_size_cap = 1099511627776 |
75 #image_size_cap = 1099511627776 |
19 |
76 |
20 # Address to bind the API server |
77 # Set a system wide quota for every user. This value is the total |
21 bind_host = 0.0.0.0 |
78 # capacity that a user can use across all storage systems. A value of |
22 |
79 # 0 means unlimited.Optional unit can be specified for the value. |
23 # Port the bind the API server to |
80 # Accepted units are B, KB, MB, GB and TB representing Bytes, |
24 bind_port = 9292 |
81 # KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no |
25 |
82 # unit is specified then Bytes is assumed. Note that there should not |
26 # Log to this file. Make sure you do not set the same log file for both the API |
83 # be any space between value and unit and units are case sensitive. |
27 # and registry servers! |
84 # (string value) |
28 # |
85 #user_storage_quota = 0 |
29 # If `log_file` is omitted and `use_syslog` is false, then log messages are |
86 |
30 # sent to stdout as a fallback. |
87 # Deploy the v1 OpenStack Images API. (boolean value) |
31 log_file = /var/log/glance/api.log |
88 #enable_v1_api = true |
32 |
89 |
33 # Backlog requests when creating socket |
90 # Deploy the v2 OpenStack Images API. (boolean value) |
34 backlog = 4096 |
91 #enable_v2_api = true |
35 |
92 |
36 # TCP_KEEPIDLE value in seconds when creating socket. |
93 # Deploy the v1 OpenStack Registry API. (boolean value) |
37 # Not supported on OS X. |
94 #enable_v1_registry = true |
|
95 |
|
96 # Deploy the v2 OpenStack Registry API. (boolean value) |
|
97 #enable_v2_registry = true |
|
98 |
|
99 # The hostname/IP of the pydev process listening for debug connections |
|
100 # (string value) |
|
101 #pydev_worker_debug_host = <None> |
|
102 |
|
103 # The port on which a pydev process is listening for connections. |
|
104 # (integer value) |
|
105 #pydev_worker_debug_port = 5678 |
|
106 |
|
107 # AES key for encrypting store 'location' metadata. This includes, if |
|
108 # used, Swift or S3 credentials. Should be set to a random string of |
|
109 # length 16, 24 or 32 bytes (string value) |
|
110 #metadata_encryption_key = <None> |
|
111 |
|
112 # Digest algorithm which will be used for digital signature; the |
|
113 # default is sha1 the default in Kilo for a smooth upgrade process, |
|
114 # and it will be updated with sha256 in next release(L). Use the |
|
115 # command "openssl list-message-digest-algorithms" to get the |
|
116 # available algorithms supported by the version of OpenSSL on the |
|
117 # platform. Examples are "sha1", "sha256", "sha512", etc. (string |
|
118 # value) |
|
119 #digest_algorithm = sha1 |
|
120 |
|
121 # This value sets what strategy will be used to determine the image |
|
122 # location order. Currently two strategies are packaged with Glance |
|
123 # 'location_order' and 'store_type'. (string value) |
|
124 # Allowed values: location_order, store_type |
|
125 #location_strategy = location_order |
|
126 |
|
127 # The location of the property protection file.This file contains the |
|
128 # rules for property protections and the roles/policies associated |
|
129 # with it. If this config value is not specified, by default, property |
|
130 # protections won't be enforced. If a value is specified and the file |
|
131 # is not found, then the glance-api service will not start. (string |
|
132 # value) |
|
133 #property_protection_file = <None> |
|
134 |
|
135 # This config value indicates whether "roles" or "policies" are used |
|
136 # in the property protection file. (string value) |
|
137 # Allowed values: roles, policies |
|
138 #property_protection_rule_format = roles |
|
139 |
|
140 # Modules of exceptions that are permitted to be recreated upon |
|
141 # receiving exception data from an rpc call. (list value) |
|
142 #allowed_rpc_exception_modules = openstack.common.exception,glance.common.exception,exceptions |
|
143 |
|
144 # Address to bind the server. Useful when selecting a particular |
|
145 # network interface. (string value) |
|
146 #bind_host = 0.0.0.0 |
|
147 |
|
148 # The port on which the server will listen. (integer value) |
|
149 #bind_port = <None> |
|
150 |
|
151 # The number of child process workers that will be created to service |
|
152 # requests. The default will be equal to the number of CPUs available. |
|
153 # (integer value) |
|
154 workers = 1 |
|
155 |
|
156 # Maximum line size of message headers to be accepted. max_header_line |
|
157 # may need to be increased when using large tokens (typically those |
|
158 # generated by the Keystone v3 API with big service catalogs (integer |
|
159 # value) |
|
160 #max_header_line = 16384 |
|
161 |
|
162 # If False, server will return the header "Connection: close", If |
|
163 # True, server will return "Connection: Keep-Alive" in its responses. |
|
164 # In order to close the client socket connection explicitly after the |
|
165 # response is sent and read successfully by the client, you simply |
|
166 # have to set this option to False when you create a wsgi server. |
|
167 # (boolean value) |
|
168 #http_keepalive = true |
|
169 |
|
170 # Timeout for client connections' socket operations. If an incoming |
|
171 # connection is idle for this number of seconds it will be closed. A |
|
172 # value of '0' means wait forever. (integer value) |
|
173 #client_socket_timeout = 0 |
|
174 |
|
175 # The backlog value that will be used when creating the TCP listener |
|
176 # socket. (integer value) |
|
177 #backlog = 4096 |
|
178 |
|
179 # The value for the socket option TCP_KEEPIDLE. This is the time in |
|
180 # seconds that the connection must be idle before TCP starts sending |
|
181 # keepalive probes. (integer value) |
38 #tcp_keepidle = 600 |
182 #tcp_keepidle = 600 |
39 |
183 |
40 # API to use for accessing data. Default value points to sqlalchemy |
184 # CA certificate file to use to verify connecting clients. (string |
41 # package, it is also possible to use: glance.db.registry.api |
185 # value) |
42 # data_api = glance.db.sqlalchemy.api |
186 #ca_file = <None> |
43 |
187 |
44 # The number of child process workers that will be |
188 # Certificate file to use when starting API server securely. (string |
45 # created to service API requests. The default will be |
189 # value) |
46 # equal to the number of CPUs available. (integer value) |
190 #cert_file = <None> |
47 workers = 1 |
191 |
48 |
192 # Private key file to use when starting API server securely. (string |
49 # Maximum line size of message headers to be accepted. |
193 # value) |
50 # max_header_line may need to be increased when using large tokens |
194 #key_file = <None> |
51 # (typically those generated by the Keystone v3 API with big service |
195 |
52 # catalogs) |
196 # The path to the sqlite file database that will be used for image |
53 # max_header_line = 16384 |
197 # cache management. (string value) |
54 |
198 #image_cache_sqlite_db = cache.db |
55 # Role used to identify an authenticated user as administrator |
199 |
56 #admin_role = admin |
200 # The driver to use for image cache management. (string value) |
57 |
201 #image_cache_driver = sqlite |
58 # Allow unauthenticated users to access the API with read-only |
202 |
59 # privileges. This only applies when using ContextMiddleware. |
203 # The upper limit (the maximum size of accumulated cache in bytes) |
60 #allow_anonymous_access = False |
204 # beyond which pruner, if running, starts cleaning the images cache. |
61 |
205 # (integer value) |
62 # Allow access to version 1 of glance api |
206 #image_cache_max_size = 10737418240 |
63 #enable_v1_api = True |
207 |
64 |
208 # The amount of time to let an image remain in the cache without being |
65 # Allow access to version 2 of glance api |
209 # accessed. (integer value) |
66 #enable_v2_api = True |
210 #image_cache_stall_time = 86400 |
67 |
211 |
68 # Return the URL that references where the data is stored on |
212 # Base directory that the Image Cache uses. (string value) |
69 # the backend storage system. For example, if using the |
213 #image_cache_dir = <None> |
70 # file system store a URL of 'file:///path/to/image' will |
214 |
71 # be returned to the user in the 'direct_url' meta-data field. |
215 # Default publisher_id for outgoing notifications. (string value) |
72 # The default value is false. |
216 #default_publisher_id = image.localhost |
73 #show_image_direct_url = False |
217 |
74 |
218 # List of disabled notifications. A notification can be given either |
75 # Send headers containing user and tenant information when making requests to |
219 # as a notification type to disable a single event, or as a |
76 # the v1 glance registry. This allows the registry to function as if a user is |
220 # notification group prefix to disable all events within a group. |
77 # authenticated without the need to authenticate a user itself using the |
221 # Example: if this config option is set to ["image.create", |
78 # auth_token middleware. |
222 # "metadef_namespace"], then "image.create" notification will not be |
79 # The default value is false. |
223 # sent after image is created and none of the notifications for |
80 #send_identity_headers = False |
224 # metadefinition namespaces will be sent. (list value) |
81 |
225 #disabled_notifications = |
82 # Supported values for the 'container_format' image attribute |
226 |
83 container_formats=ami,ari,aki,bare,ovf,ova,uar |
227 # Address to find the registry server. (string value) |
84 |
228 #registry_host = 0.0.0.0 |
85 # Supported values for the 'disk_format' image attribute |
229 |
86 disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,zfs |
230 # Port the registry server is listening on. (integer value) |
87 |
231 #registry_port = 9191 |
88 # Directory to use for lock files. Default to a temp directory |
232 |
89 # (string value). This setting needs to be the same for both |
233 # Whether to pass through the user token when making requests to the |
90 # glance-scrubber and glance-api. |
234 # registry. (boolean value) |
91 #lock_path=<None> |
235 # WARNING: DO NOT CHANGE THIS VALUE. Setting use_user_token to False |
92 |
236 # allows for unintended privilege escalation within the Glance API server. |
93 # Property Protections config file |
237 # See https://wiki.openstack.org/wiki/OSSN/OSSN-0060 |
94 # This file contains the rules for property protections and the roles/policies |
238 #use_user_token = true |
95 # associated with it. |
239 |
96 # If this config value is not specified, by default, property protections |
240 # The administrators user name. If "use_user_token" is not in effect, |
97 # won't be enforced. |
241 # then admin credentials can be specified. (string value) |
98 # If a value is specified and the file is not found, then the glance-api |
242 #admin_user = <None> |
99 # service will not start. |
243 |
100 #property_protection_file = |
244 # The administrators password. If "use_user_token" is not in effect, |
101 |
245 # then admin credentials can be specified. (string value) |
102 # Specify whether 'roles' or 'policies' are used in the |
246 #admin_password = <None> |
103 # property_protection_file. |
247 |
104 # The default value for property_protection_rule_format is 'roles'. |
248 # The tenant name of the administrative user. If "use_user_token" is |
105 #property_protection_rule_format = roles |
249 # not in effect, then admin tenant name can be specified. (string |
106 |
250 # value) |
107 # This value sets what strategy will be used to determine the image location |
251 #admin_tenant_name = <None> |
108 # order. Currently two strategies are packaged with Glance 'location_order' |
252 |
109 # and 'store_type'. |
253 # The URL to the keystone service. If "use_user_token" is not in |
110 #location_strategy = location_order |
254 # effect and using keystone auth, then URL of keystone can be |
111 |
255 # specified. (string value) |
112 # ================= Syslog Options ============================ |
256 #auth_url = <None> |
113 |
257 |
114 # Send logs to syslog (/dev/log) instead of to file specified |
258 # The strategy to use for authentication. If "use_user_token" is not |
115 # by `log_file` |
259 # in effect, then auth strategy can be specified. (string value) |
116 #use_syslog = False |
260 #auth_strategy = noauth |
117 |
261 |
118 # Facility to use. If unset defaults to LOG_USER. |
262 # The region for the authentication service. If "use_user_token" is |
119 #syslog_log_facility = LOG_LOCAL0 |
263 # not in effect and using keystone auth, then region name can be |
120 |
264 # specified. (string value) |
121 # ================= SSL Options =============================== |
265 #auth_region = <None> |
122 |
266 |
123 # Certificate file to use when starting API server securely |
267 # The protocol to use for communication with the registry server. |
124 #cert_file = /path/to/certfile |
268 # Either http or https. (string value) |
125 |
269 #registry_client_protocol = http |
126 # Private key file to use when starting API server securely |
270 |
127 #key_file = /path/to/keyfile |
271 # The path to the key file to use in SSL connections to the registry |
128 |
272 # server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE |
129 # CA certificate file to use to verify connecting clients |
273 # environment variable to a filepath of the key file (string value) |
130 #ca_file = /path/to/cafile |
274 #registry_client_key_file = <None> |
131 |
275 |
132 # ================= Security Options ========================== |
276 # The path to the cert file to use in SSL connections to the registry |
133 |
277 # server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE |
134 # AES key for encrypting store 'location' metadata, including |
278 # environment variable to a filepath of the CA cert file (string |
135 # -- if used -- Swift or S3 credentials |
279 # value) |
136 # Should be set to a random string of length 16, 24 or 32 bytes |
280 #registry_client_cert_file = <None> |
137 #metadata_encryption_key = <16, 24 or 32 char registry metadata key> |
281 |
138 |
282 # The path to the certifying authority cert file to use in SSL |
139 # ============ Registry Options =============================== |
283 # connections to the registry server, if any. Alternately, you may set |
140 |
284 # the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the |
141 # Address to find the registry server |
285 # CA cert file. (string value) |
142 registry_host = 0.0.0.0 |
286 #registry_client_ca_file = <None> |
143 |
|
144 # Port the registry server is listening on |
|
145 registry_port = 9191 |
|
146 |
|
147 # What protocol to use when connecting to the registry server? |
|
148 # Set to https for secure HTTP communication |
|
149 registry_client_protocol = http |
|
150 |
|
151 # The path to the key file to use in SSL connections to the |
|
152 # registry server, if any. Alternately, you may set the |
|
153 # GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file |
|
154 #registry_client_key_file = /path/to/key/file |
|
155 |
|
156 # The path to the cert file to use in SSL connections to the |
|
157 # registry server, if any. Alternately, you may set the |
|
158 # GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file |
|
159 #registry_client_cert_file = /path/to/cert/file |
|
160 |
|
161 # The path to the certifying authority cert file to use in SSL connections |
|
162 # to the registry server, if any. Alternately, you may set the |
|
163 # GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file |
|
164 #registry_client_ca_file = /path/to/ca/file |
|
165 |
287 |
166 # When using SSL in connections to the registry server, do not require |
288 # When using SSL in connections to the registry server, do not require |
167 # validation via a certifying authority. This is the registry's equivalent of |
289 # validation via a certifying authority. This is the registry's |
168 # specifying --insecure on the command line using glanceclient for the API |
290 # equivalent of specifying --insecure on the command line using |
169 # Default: False |
291 # glanceclient for the API. (boolean value) |
170 #registry_client_insecure = False |
292 #registry_client_insecure = false |
171 |
293 |
172 # The period of time, in seconds, that the API server will wait for a registry |
294 # The period of time, in seconds, that the API server will wait for a |
173 # request to complete. A value of '0' implies no timeout. |
295 # registry request to complete. A value of 0 implies no timeout. |
174 # Default: 600 |
296 # (integer value) |
175 #registry_client_timeout = 600 |
297 #registry_client_timeout = 600 |
176 |
298 |
177 # Whether to automatically create the database tables. |
299 # Whether to pass through headers containing user and tenant |
178 # Default: False |
300 # information when making requests to the registry. This allows the |
179 #db_auto_create = False |
301 # registry to use the context middleware without keystonemiddleware's |
180 |
302 # auth_token middleware, removing calls to the keystone auth service. |
181 # Enable DEBUG log messages from sqlalchemy which prints every database |
303 # It is recommended that when using this option, secure communication |
182 # query and response. |
304 # between glance api and glance registry is ensured by means other |
183 # Default: False |
305 # than auth_token middleware. (boolean value) |
184 #sqlalchemy_debug = True |
306 #send_identity_headers = false |
185 |
307 |
186 # Pass the user's token through for API requests to the registry. |
308 # Directory that the scrubber will use to track information about what |
187 # Default: True |
309 # to delete. Make sure this is set in glance-api.conf and glance- |
188 #use_user_token = True |
310 # scrubber.conf. (string value) |
189 |
311 #scrubber_datadir = /var/lib/glance/scrubber |
190 # If 'use_user_token' is not in effect then admin credentials |
312 |
191 # can be specified. Requests to the registry on behalf of |
313 # The amount of time in seconds to delay before performing a delete. |
192 # the API will use these credentials. |
314 # (integer value) |
193 # Admin user name |
315 #scrub_time = 0 |
194 #admin_user = None |
316 |
195 # Admin password |
317 # A boolean that determines if the scrubber should clean up the files |
196 #admin_password = None |
318 # it uses for taking data. Only one server in your deployment should |
197 # Admin tenant name |
319 # be designated the cleanup host. (boolean value) |
198 #admin_tenant_name = None |
320 #cleanup_scrubber = false |
199 # Keystone endpoint |
321 |
200 #auth_url = None |
322 # Turn on/off delayed delete. (boolean value) |
201 # Keystone region |
323 #delayed_delete = false |
202 #auth_region = None |
324 |
203 # Auth strategy |
325 # Items must have a modified time that is older than this value in |
204 #auth_strategy = keystone |
326 # order to be candidates for cleanup. (integer value) |
205 |
327 #cleanup_scrubber_time = 86400 |
206 # ============ Notification System Options ===================== |
328 |
207 |
329 # |
208 # Driver or drivers to handle sending notifications. Set to |
330 # From oslo.log |
209 # 'messaging' to send notifications to a message queue. |
331 # |
210 # notification_driver = noop |
332 |
211 |
333 # Print debugging output (set logging level to DEBUG instead of |
212 # Default publisher_id for outgoing notifications. |
334 # default WARNING level). (boolean value) |
213 # default_publisher_id = image.localhost |
335 #debug = false |
214 |
336 |
215 # Messaging driver used for 'messaging' notifications driver |
337 # Print more verbose output (set logging level to INFO instead of |
216 # rpc_backend = 'rabbit' |
338 # default WARNING level). (boolean value) |
217 |
339 #verbose = false |
218 # Configuration options if sending notifications via rabbitmq (these are |
340 |
219 # the defaults) |
341 # The name of a logging configuration file. This file is appended to |
220 rabbit_host = localhost |
342 # any existing logging configuration files. For details about logging |
221 rabbit_port = 5672 |
343 # configuration files, see the Python logging module documentation. |
222 rabbit_use_ssl = false |
344 # (string value) |
223 rabbit_userid = guest |
345 # Deprecated group/name - [DEFAULT]/log_config |
224 rabbit_password = guest |
346 #log_config_append = <None> |
225 rabbit_virtual_host = / |
347 |
226 rabbit_notification_exchange = glance |
348 # DEPRECATED. A logging.Formatter log message format string which may |
227 rabbit_notification_topic = notifications |
349 # use any of the available logging.LogRecord attributes. This option |
228 rabbit_durable_queues = False |
350 # is deprecated. Please use logging_context_format_string and |
229 |
351 # logging_default_format_string instead. (string value) |
230 # Configuration options if sending notifications via Qpid (these are |
352 #log_format = <None> |
231 # the defaults) |
353 |
232 qpid_notification_exchange = glance |
354 # Format string for %%(asctime)s in log records. Default: %(default)s |
233 qpid_notification_topic = notifications |
355 # . (string value) |
234 qpid_hostname = localhost |
356 #log_date_format = %Y-%m-%d %H:%M:%S |
235 qpid_port = 5672 |
357 |
236 qpid_username = |
358 # (Optional) Name of log file to output to. If no default is set, |
237 qpid_password = |
359 # logging will go to stdout. (string value) |
238 qpid_sasl_mechanisms = |
360 # Deprecated group/name - [DEFAULT]/logfile |
239 qpid_reconnect_timeout = 0 |
361 #log_file = <None> |
240 qpid_reconnect_limit = 0 |
362 |
241 qpid_reconnect_interval_min = 0 |
363 # (Optional) The base directory used for relative --log-file paths. |
242 qpid_reconnect_interval_max = 0 |
364 # (string value) |
243 qpid_reconnect_interval = 0 |
365 # Deprecated group/name - [DEFAULT]/logdir |
244 qpid_heartbeat = 5 |
366 #log_dir = <None> |
245 # Set to 'ssl' to enable SSL |
367 |
246 qpid_protocol = tcp |
368 # Use syslog for logging. Existing syslog format is DEPRECATED during |
247 qpid_tcp_nodelay = True |
369 # I, and will change in J to honor RFC5424. (boolean value) |
248 |
370 #use_syslog = false |
249 # ============ Delayed Delete Options ============================= |
371 |
250 |
372 # (Optional) Enables or disables syslog rfc5424 format for logging. If |
251 # Turn on/off delayed delete |
373 # enabled, prefixes the MSG part of the syslog message with APP-NAME |
252 delayed_delete = False |
374 # (RFC5424). The format without the APP-NAME is deprecated in I, and |
253 |
375 # will be removed in J. (boolean value) |
254 # Delayed delete time in seconds |
376 #use_syslog_rfc_format = false |
255 scrub_time = 43200 |
377 |
256 |
378 # Syslog facility to receive log lines. (string value) |
257 # Directory that the scrubber will use to remind itself of what to delete |
379 #syslog_log_facility = LOG_USER |
258 # Make sure this is also set in glance-scrubber.conf |
380 |
259 scrubber_datadir = /var/lib/glance/scrubber |
381 # Log output to standard error. (boolean value) |
260 |
382 #use_stderr = true |
261 # =============== Quota Options ================================== |
383 |
262 |
384 # Format string to use for log messages with context. (string value) |
263 # The maximum number of image members allowed per image |
385 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s |
264 #image_member_quota = 128 |
386 |
265 |
387 # Format string to use for log messages without context. (string |
266 # The maximum number of image properties allowed per image |
388 # value) |
267 #image_property_quota = 128 |
389 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s |
268 |
390 |
269 # The maximum number of tags allowed per image |
391 # Data to append to log format when level is DEBUG. (string value) |
270 #image_tag_quota = 128 |
392 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d |
271 |
393 |
272 # The maximum number of locations allowed per image |
394 # Prefix each line of exception output with this format. (string |
273 #image_location_quota = 10 |
395 # value) |
274 |
396 #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s |
275 # Set a system wide quota for every user. This value is the total number |
397 |
276 # of bytes that a user can use across all storage systems. A value of |
398 # List of logger=LEVEL pairs. (list value) |
277 # 0 means unlimited. |
399 #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN |
278 #user_storage_quota = 0 |
400 |
279 |
401 # Enables or disables publication of error events. (boolean value) |
280 # =============== Image Cache Options ============================= |
402 #publish_errors = false |
281 |
403 |
282 # Base directory that the Image Cache uses |
404 # Enables or disables fatal status of deprecations. (boolean value) |
283 image_cache_dir = /var/lib/glance/image-cache/ |
405 #fatal_deprecations = false |
284 |
406 |
285 # =============== Database Options ================================= |
407 # The format for an instance that is passed with the log message. |
|
408 # (string value) |
|
409 #instance_format = "[instance: %(uuid)s] " |
|
410 |
|
411 # The format for an instance UUID that is passed with the log message. |
|
412 # (string value) |
|
413 #instance_uuid_format = "[instance: %(uuid)s] " |
|
414 |
|
415 # |
|
416 # From oslo.messaging |
|
417 # |
|
418 |
|
419 # ZeroMQ bind address. Should be a wildcard (*), an ethernet |
|
420 # interface, or IP. The "host" option should point or resolve to this |
|
421 # address. (string value) |
|
422 #rpc_zmq_bind_address = * |
|
423 |
|
424 # MatchMaker driver. (string value) |
|
425 #rpc_zmq_matchmaker = local |
|
426 |
|
427 # ZeroMQ receiver listening port. (integer value) |
|
428 #rpc_zmq_port = 9501 |
|
429 |
|
430 # Number of ZeroMQ contexts, defaults to 1. (integer value) |
|
431 #rpc_zmq_contexts = 1 |
|
432 |
|
433 # Maximum number of ingress messages to locally buffer per topic. |
|
434 # Default is unlimited. (integer value) |
|
435 #rpc_zmq_topic_backlog = <None> |
|
436 |
|
437 # Directory for holding IPC sockets. (string value) |
|
438 #rpc_zmq_ipc_dir = /var/run/openstack |
|
439 |
|
440 # Name of this node. Must be a valid hostname, FQDN, or IP address. |
|
441 # Must match "host" option, if running Nova. (string value) |
|
442 #rpc_zmq_host = localhost |
|
443 |
|
444 # Seconds to wait before a cast expires (TTL). Only supported by |
|
445 # impl_zmq. (integer value) |
|
446 #rpc_cast_timeout = 30 |
|
447 |
|
448 # Heartbeat frequency. (integer value) |
|
449 #matchmaker_heartbeat_freq = 300 |
|
450 |
|
451 # Heartbeat time-to-live. (integer value) |
|
452 #matchmaker_heartbeat_ttl = 600 |
|
453 |
|
454 # Size of RPC thread pool. (integer value) |
|
455 #rpc_thread_pool_size = 64 |
|
456 |
|
457 # Driver or drivers to handle sending notifications. (multi valued) |
|
458 #notification_driver = |
|
459 |
|
460 # AMQP topic used for OpenStack notifications. (list value) |
|
461 # Deprecated group/name - [rpc_notifier2]/topics |
|
462 #notification_topics = notifications |
|
463 |
|
464 # Seconds to wait for a response from a call. (integer value) |
|
465 #rpc_response_timeout = 60 |
|
466 |
|
467 # A URL representing the messaging driver to use and its full |
|
468 # configuration. If not set, we fall back to the rpc_backend option |
|
469 # and driver specific configuration. (string value) |
|
470 #transport_url = <None> |
|
471 |
|
472 # The messaging driver to use, defaults to rabbit. Other drivers |
|
473 # include qpid and zmq. (string value) |
|
474 #rpc_backend = rabbit |
|
475 |
|
476 # The default exchange under which topics are scoped. May be |
|
477 # overridden by an exchange name specified in the transport_url |
|
478 # option. (string value) |
|
479 #control_exchange = openstack |
|
480 |
286 |
481 |
287 [database] |
482 [database] |
288 # The file name to use with SQLite (string value) |
483 |
|
484 # |
|
485 # From oslo.db |
|
486 # |
|
487 |
|
488 # The file name to use with SQLite. (string value) |
|
489 # Deprecated group/name - [DEFAULT]/sqlite_db |
289 #sqlite_db = oslo.sqlite |
490 #sqlite_db = oslo.sqlite |
290 |
491 |
291 # If True, SQLite uses synchronous mode (boolean value) |
492 # If True, SQLite uses synchronous mode. (boolean value) |
292 #sqlite_synchronous = True |
493 # Deprecated group/name - [DEFAULT]/sqlite_synchronous |
293 |
494 #sqlite_synchronous = true |
294 # The backend to use for db (string value) |
495 |
|
496 # The back end to use for the database. (string value) |
295 # Deprecated group/name - [DEFAULT]/db_backend |
497 # Deprecated group/name - [DEFAULT]/db_backend |
296 #backend = sqlalchemy |
498 #backend = sqlalchemy |
297 |
499 |
298 # The SQLAlchemy connection string used to connect to the |
500 # The SQLAlchemy connection string to use to connect to the database. |
299 # database (string value) |
501 # (string value) |
300 # Deprecated group/name - [DEFAULT]/sql_connection |
502 # Deprecated group/name - [DEFAULT]/sql_connection |
301 # Deprecated group/name - [DATABASE]/sql_connection |
503 # Deprecated group/name - [DATABASE]/sql_connection |
302 # Deprecated group/name - [sql]/connection |
504 # Deprecated group/name - [sql]/connection |
303 connection = mysql://%SERVICE_USER%:%SERVICE_PASSWORD%@localhost/glance |
505 connection = mysql://%SERVICE_USER%:%SERVICE_PASSWORD%@localhost/glance |
304 |
506 |
305 # The SQL mode to be used for MySQL sessions. This option, |
507 # The SQLAlchemy connection string to use to connect to the slave |
306 # including the default, overrides any server-set SQL mode. To |
508 # database. (string value) |
307 # use whatever SQL mode is set by the server configuration, |
509 #slave_connection = <None> |
308 # set this to no value. Example: mysql_sql_mode= (string |
510 |
309 # value) |
511 # The SQL mode to be used for MySQL sessions. This option, including |
|
512 # the default, overrides any server-set SQL mode. To use whatever SQL |
|
513 # mode is set by the server configuration, set this to no value. |
|
514 # Example: mysql_sql_mode= (string value) |
310 #mysql_sql_mode = TRADITIONAL |
515 #mysql_sql_mode = TRADITIONAL |
311 |
516 |
312 # Timeout before idle sql connections are reaped (integer |
517 # Timeout before idle SQL connections are reaped. (integer value) |
313 # value) |
|
314 # Deprecated group/name - [DEFAULT]/sql_idle_timeout |
518 # Deprecated group/name - [DEFAULT]/sql_idle_timeout |
315 # Deprecated group/name - [DATABASE]/sql_idle_timeout |
519 # Deprecated group/name - [DATABASE]/sql_idle_timeout |
316 # Deprecated group/name - [sql]/idle_timeout |
520 # Deprecated group/name - [sql]/idle_timeout |
317 #idle_timeout = 3600 |
521 #idle_timeout = 3600 |
318 |
522 |
319 # Minimum number of SQL connections to keep open in a pool |
523 # Minimum number of SQL connections to keep open in a pool. (integer |
320 # (integer value) |
524 # value) |
321 # Deprecated group/name - [DEFAULT]/sql_min_pool_size |
525 # Deprecated group/name - [DEFAULT]/sql_min_pool_size |
322 # Deprecated group/name - [DATABASE]/sql_min_pool_size |
526 # Deprecated group/name - [DATABASE]/sql_min_pool_size |
323 #min_pool_size = 1 |
527 #min_pool_size = 1 |
324 |
528 |
325 # Maximum number of SQL connections to keep open in a pool |
529 # Maximum number of SQL connections to keep open in a pool. (integer |
326 # (integer value) |
530 # value) |
327 # Deprecated group/name - [DEFAULT]/sql_max_pool_size |
531 # Deprecated group/name - [DEFAULT]/sql_max_pool_size |
328 # Deprecated group/name - [DATABASE]/sql_max_pool_size |
532 # Deprecated group/name - [DATABASE]/sql_max_pool_size |
329 #max_pool_size = <None> |
533 #max_pool_size = <None> |
330 |
534 |
331 # Maximum db connection retries during startup. (setting -1 |
535 # Maximum number of database connection retries during startup. Set to |
332 # implies an infinite retry count) (integer value) |
536 # -1 to specify an infinite retry count. (integer value) |
333 # Deprecated group/name - [DEFAULT]/sql_max_retries |
537 # Deprecated group/name - [DEFAULT]/sql_max_retries |
334 # Deprecated group/name - [DATABASE]/sql_max_retries |
538 # Deprecated group/name - [DATABASE]/sql_max_retries |
335 #max_retries = 10 |
539 #max_retries = 10 |
336 |
540 |
337 # Interval between retries of opening a sql connection |
541 # Interval between retries of opening a SQL connection. (integer |
338 # (integer value) |
542 # value) |
339 # Deprecated group/name - [DEFAULT]/sql_retry_interval |
543 # Deprecated group/name - [DEFAULT]/sql_retry_interval |
340 # Deprecated group/name - [DATABASE]/reconnect_interval |
544 # Deprecated group/name - [DATABASE]/reconnect_interval |
341 #retry_interval = 10 |
545 #retry_interval = 10 |
342 |
546 |
343 # If set, use this value for max_overflow with sqlalchemy |
547 # If set, use this value for max_overflow with SQLAlchemy. (integer |
344 # (integer value) |
548 # value) |
345 # Deprecated group/name - [DEFAULT]/sql_max_overflow |
549 # Deprecated group/name - [DEFAULT]/sql_max_overflow |
346 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow |
550 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow |
347 #max_overflow = <None> |
551 #max_overflow = <None> |
348 |
552 |
349 # Verbosity of SQL debugging information. 0=None, |
553 # Verbosity of SQL debugging information: 0=None, 100=Everything. |
350 # 100=Everything (integer value) |
554 # (integer value) |
351 # Deprecated group/name - [DEFAULT]/sql_connection_debug |
555 # Deprecated group/name - [DEFAULT]/sql_connection_debug |
352 #connection_debug = 0 |
556 #connection_debug = 0 |
353 |
557 |
354 # Add python stack traces to SQL as comment strings (boolean |
558 # Add Python stack traces to SQL as comment strings. (boolean value) |
355 # value) |
|
356 # Deprecated group/name - [DEFAULT]/sql_connection_trace |
559 # Deprecated group/name - [DEFAULT]/sql_connection_trace |
357 #connection_trace = False |
560 #connection_trace = false |
358 |
561 |
359 # If set, use this value for pool_timeout with sqlalchemy |
562 # If set, use this value for pool_timeout with SQLAlchemy. (integer |
360 # (integer value) |
563 # value) |
361 # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout |
564 # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout |
362 #pool_timeout = <None> |
565 #pool_timeout = <None> |
363 |
566 |
364 # Enable the experimental use of database reconnect on |
567 # Enable the experimental use of database reconnect on connection |
365 # connection lost (boolean value) |
568 # lost. (boolean value) |
366 #use_db_reconnect = False |
569 #use_db_reconnect = false |
367 |
570 |
368 # seconds between db connection retries (integer value) |
571 # Seconds between retries of a database transaction. (integer value) |
369 #db_retry_interval = 1 |
572 #db_retry_interval = 1 |
370 |
573 |
371 # Whether to increase interval between db connection retries, |
574 # If True, increases the interval between retries of a database |
372 # up to db_max_retry_interval (boolean value) |
575 # operation up to db_max_retry_interval. (boolean value) |
373 #db_inc_retry_interval = True |
576 #db_inc_retry_interval = true |
374 |
577 |
375 # max seconds between db connection retries, if |
578 # If db_inc_retry_interval is set, the maximum seconds between retries |
376 # db_inc_retry_interval is enabled (integer value) |
579 # of a database operation. (integer value) |
377 #db_max_retry_interval = 10 |
580 #db_max_retry_interval = 10 |
378 |
581 |
379 # maximum db connection retries before error is raised. |
582 # Maximum retries in case of connection error or deadlock error before |
380 # (setting -1 implies an infinite retry count) (integer value) |
583 # error is raised. Set to -1 to specify an infinite retry count. |
|
584 # (integer value) |
381 #db_max_retries = 20 |
585 #db_max_retries = 20 |
382 |
586 |
383 [keystone_authtoken] |
587 # |
384 auth_uri = http://127.0.0.1:5000/v2.0/ |
588 # From oslo.db.concurrency |
385 identity_uri = http://127.0.0.1:35357/ |
589 # |
386 admin_tenant_name = %SERVICE_TENANT_NAME% |
590 |
387 admin_user = %SERVICE_USER% |
591 # Enable the experimental use of thread pooling for all DB API calls |
388 admin_password = %SERVICE_PASSWORD% |
592 # (boolean value) |
389 revocation_cache_time = 10 |
593 # Deprecated group/name - [DEFAULT]/dbapi_use_tpool |
390 signing_dir = /var/lib/glance/keystone-signing |
594 #use_tpool = false |
391 |
595 |
392 [paste_deploy] |
|
393 # Name of the paste configuration file that defines the available pipelines |
|
394 #config_file = glance-api-paste.ini |
|
395 |
|
396 # Partial name of a pipeline in your paste configuration file with the |
|
397 # service name removed. For example, if your paste section name is |
|
398 # [pipeline:glance-api-keystone], you would configure the flavor below |
|
399 # as 'keystone'. |
|
400 flavor=keystone |
|
401 |
|
402 [store_type_location_strategy] |
|
403 # The scheme list to use to get store preference order. The scheme must be |
|
404 # registered by one of the stores defined by the 'known_stores' config option. |
|
405 # This option will be applied when you using 'store_type' option as image |
|
406 # location strategy defined by the 'location_strategy' config option. |
|
407 #store_type_preference = |
|
408 |
|
409 [profiler] |
|
410 # If False fully disable profiling feature. |
|
411 #enabled = False |
|
412 |
|
413 # If False doesn't trace SQL requests. |
|
414 #trace_sqlalchemy = False |
|
415 |
|
416 [task] |
|
417 # ================= Glance Tasks Options ============================ |
|
418 |
|
419 # Specifies how long (in hours) a task is supposed to live in the tasks DB |
|
420 # after succeeding or failing before getting soft-deleted. |
|
421 # The default value for task_time_to_live is 48 hours. |
|
422 # task_time_to_live = 48 |
|
423 |
|
424 # Specifies which task executor to be used to run the task scripts. |
|
425 # The default value for task_executor is eventlet. |
|
426 # task_executor = eventlet |
|
427 |
|
428 # Specifies the maximum number of eventlet threads which can be spun up by |
|
429 # the eventlet based task executor to perform execution of Glance tasks. |
|
430 # eventlet_executor_pool_size = 1000 |
|
431 |
596 |
432 [glance_store] |
597 [glance_store] |
433 # List of which store classes and store class locations are |
598 |
434 # currently known to glance at startup. |
599 # |
435 # Existing but disabled stores: |
600 # From glance.store |
436 # glance.store.rbd.Store, |
601 # |
437 # glance.store.s3.Store, |
602 |
438 # glance.store.swift.Store, |
603 # List of stores enabled (list value) |
439 # glance.store.sheepdog.Store, |
604 #stores = file,http |
440 # glance.store.cinder.Store, |
605 |
441 # glance.store.gridfs.Store, |
606 # Default scheme to use to store image data. The scheme must be |
442 # glance.store.vmware_datastore.Store, |
607 # registered by one of the stores defined by the 'stores' config |
443 #stores = glance.store.filesystem.Store, |
608 # option. (string value) |
444 # glance.store.http.Store |
609 #default_store = file |
445 |
610 |
446 # ============ Filesystem Store Options ======================== |
611 # Minimum interval seconds to execute updating dynamic storage |
447 |
612 # capabilities based on backend status then. It's not a periodic |
448 # Directory that the Filesystem backend store |
613 # routine, the update logic will be executed only when interval |
449 # writes image data to |
614 # seconds elapsed and an operation of store has triggered. The feature |
450 filesystem_store_datadir = /var/lib/glance/images/ |
615 # will be enabled only when the option value greater then zero. |
451 |
616 # (integer value) |
452 # A list of directories where image data can be stored. |
617 #store_capabilities_update_min_interval = 0 |
453 # This option may be specified multiple times for specifying multiple store |
618 |
454 # directories. Either one of filesystem_store_datadirs or |
619 # |
455 # filesystem_store_datadir option is required. A priority number may be given |
620 # From glance.store |
456 # after each directory entry, separated by a ":". |
621 # |
457 # When adding an image, the highest priority directory will be selected, unless |
622 |
458 # there is not enough space available in cases where the image size is already |
623 # Images will be chunked into objects of this size (in megabytes). For |
459 # known. If no priority is given, it is assumed to be zero and the directory |
624 # best performance, this should be a power of two. (integer value) |
460 # will be considered for selection last. If multiple directories have the same |
625 #sheepdog_store_chunk_size = 64 |
461 # priority, then the one with the most free space available is selected. |
626 |
462 # If same store is specified multiple times then BadStoreConfiguration |
627 # Port of sheep daemon. (integer value) |
463 # exception will be raised. |
628 #sheepdog_store_port = 7000 |
464 #filesystem_store_datadirs = /var/lib/glance/images/:1 |
629 |
465 |
630 # IP address of sheep daemon. (string value) |
466 # A path to a JSON file that contains metadata describing the storage |
631 #sheepdog_store_address = localhost |
467 # system. When show_multiple_locations is True the information in this |
632 |
468 # file will be returned with any location that is contained in this |
633 # RADOS images will be chunked into objects of this size (in |
469 # store. |
634 # megabytes). For best performance, this should be a power of two. |
470 #filesystem_store_metadata_file = None |
635 # (integer value) |
471 |
636 #rbd_store_chunk_size = 8 |
472 # ============ Swift Store Options ============================= |
637 |
473 |
638 # RADOS pool in which images are stored. (string value) |
474 # Version of the authentication service to use |
639 #rbd_store_pool = images |
475 # Valid versions are '2' for keystone and '1' for swauth and rackspace |
640 |
476 swift_store_auth_version = 2 |
641 # RADOS user to authenticate as (only applicable if using Cephx. If |
477 |
642 # <None>, a default will be chosen based on the client. section in |
478 # Address where the Swift authentication service lives |
643 # rbd_store_ceph_conf) (string value) |
479 # Valid schemes are 'http://' and 'https://' |
644 #rbd_store_user = <None> |
480 # If no scheme specified, default to 'https://' |
645 |
481 # For swauth, use something like '127.0.0.1:8080/v1.0/' |
646 # Ceph configuration file path. If <None>, librados will locate the |
482 swift_store_auth_address = 127.0.0.1:5000/v2.0/ |
647 # default config. If using cephx authentication, this file should |
483 |
648 # include a reference to the right keyring in a client.<USER> section |
484 # User to authenticate against the Swift authentication service |
649 # (string value) |
485 # If you use Swift authentication service, set it to 'account':'user' |
650 #rbd_store_ceph_conf = /etc/ceph/ceph.conf |
486 # where 'account' is a Swift storage account and 'user' |
651 |
487 # is a user in that account |
652 # The host where the S3 server is listening. (string value) |
488 swift_store_user = jdoe:jdoe |
653 #s3_store_host = <None> |
489 |
654 |
490 # Auth key for the user authenticating against the |
655 # The S3 query token access key. (string value) |
491 # Swift authentication service |
656 #s3_store_access_key = <None> |
492 swift_store_key = a86850deb2742ec3cb41518e26aa2d89 |
657 |
493 |
658 # The S3 query token secret key. (string value) |
494 # Container within the account that the account should use |
659 #s3_store_secret_key = <None> |
495 # for storing images in Swift |
660 |
496 swift_store_container = glance |
661 # The S3 bucket to be used to store the Glance data. (string value) |
497 |
662 #s3_store_bucket = <None> |
498 # Do we create the container if it does not exist? |
663 |
499 swift_store_create_container_on_put = False |
664 # The local directory where uploads will be staged before they are |
500 |
665 # transferred into S3. (string value) |
501 # What size, in MB, should Glance start chunking image files |
666 #s3_store_object_buffer_dir = <None> |
502 # and do a large object manifest in Swift? By default, this is |
667 |
503 # the maximum object size in Swift, which is 5GB |
668 # A boolean to determine if the S3 bucket should be created on upload |
504 swift_store_large_object_size = 5120 |
669 # if it does not exist or if an error should be returned to the user. |
505 |
670 # (boolean value) |
506 # swift_store_config_file = glance-swift.conf |
671 #s3_store_create_bucket_on_put = false |
507 # This file contains references for each of the configured |
672 |
508 # Swift accounts/backing stores. If used, this option can prevent |
673 # The S3 calling format used to determine the bucket. Either subdomain |
509 # credentials being stored in the database. Using Swift references |
674 # or path can be used. (string value) |
510 # is disabled if this config is left blank. |
|
511 |
|
512 # The reference to the default Swift parameters to use for adding new images. |
|
513 # default_swift_reference = 'ref1' |
|
514 |
|
515 # When doing a large object manifest, what size, in MB, should |
|
516 # Glance write chunks to Swift? This amount of data is written |
|
517 # to a temporary disk buffer during the process of chunking |
|
518 # the image file, and the default is 200MB |
|
519 swift_store_large_object_chunk_size = 200 |
|
520 |
|
521 # Whether to use ServiceNET to communicate with the Swift storage servers. |
|
522 # (If you aren't RACKSPACE, leave this False!) |
|
523 # |
|
524 # To use ServiceNET for authentication, prefix hostname of |
|
525 # `swift_store_auth_address` with 'snet-'. |
|
526 # Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ |
|
527 swift_enable_snet = False |
|
528 |
|
529 # If set to True enables multi-tenant storage mode which causes Glance images |
|
530 # to be stored in tenant specific Swift accounts. |
|
531 #swift_store_multi_tenant = False |
|
532 |
|
533 # A list of swift ACL strings that will be applied as both read and |
|
534 # write ACLs to the containers created by Glance in multi-tenant |
|
535 # mode. This grants the specified tenants/users read and write access |
|
536 # to all newly created image objects. The standard swift ACL string |
|
537 # formats are allowed, including: |
|
538 # <tenant_id>:<username> |
|
539 # <tenant_name>:<username> |
|
540 # *:<username> |
|
541 # Multiple ACLs can be combined using a comma separated list, for |
|
542 # example: swift_store_admin_tenants = service:glance,*:admin |
|
543 #swift_store_admin_tenants = |
|
544 |
|
545 # The region of the swift endpoint to be used for single tenant. This setting |
|
546 # is only necessary if the tenant has multiple swift endpoints. |
|
547 #swift_store_region = |
|
548 |
|
549 # If set to False, disables SSL layer compression of https swift requests. |
|
550 # Setting to 'False' may improve performance for images which are already |
|
551 # in a compressed format, eg qcow2. If set to True, enables SSL layer |
|
552 # compression (provided it is supported by the target swift proxy). |
|
553 #swift_store_ssl_compression = True |
|
554 |
|
555 # The number of times a Swift download will be retried before the |
|
556 # request fails |
|
557 #swift_store_retry_get_count = 0 |
|
558 |
|
559 # Bypass SSL verification for Swift |
|
560 #swift_store_auth_insecure = False |
|
561 |
|
562 # ============ S3 Store Options ============================= |
|
563 |
|
564 # Address where the S3 authentication service lives |
|
565 # Valid schemes are 'http://' and 'https://' |
|
566 # If no scheme specified, default to 'http://' |
|
567 s3_store_host = 127.0.0.1:8080/v1.0/ |
|
568 |
|
569 # User to authenticate against the S3 authentication service |
|
570 s3_store_access_key = <20-char AWS access key> |
|
571 |
|
572 # Auth key for the user authenticating against the |
|
573 # S3 authentication service |
|
574 s3_store_secret_key = <40-char AWS secret key> |
|
575 |
|
576 # Container within the account that the account should use |
|
577 # for storing images in S3. Note that S3 has a flat namespace, |
|
578 # so you need a unique bucket name for your glance images. An |
|
579 # easy way to do this is append your AWS access key to "glance". |
|
580 # S3 buckets in AWS *must* be lowercased, so remember to lowercase |
|
581 # your AWS access key if you use it in your bucket name below! |
|
582 s3_store_bucket = <lowercased 20-char aws access key>glance |
|
583 |
|
584 # Do we create the bucket if it does not exist? |
|
585 s3_store_create_bucket_on_put = False |
|
586 |
|
587 # When sending images to S3, the data will first be written to a |
|
588 # temporary buffer on disk. By default the platform's temporary directory |
|
589 # will be used. If required, an alternative directory can be specified here. |
|
590 #s3_store_object_buffer_dir = /path/to/dir |
|
591 |
|
592 # When forming a bucket url, boto will either set the bucket name as the |
|
593 # subdomain or as the first token of the path. Amazon's S3 service will |
|
594 # accept it as the subdomain, but Swift's S3 middleware requires it be |
|
595 # in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'. |
|
596 #s3_store_bucket_url_format = subdomain |
675 #s3_store_bucket_url_format = subdomain |
597 |
676 |
598 # Size, in MB, should S3 start chunking image files |
677 # What size, in MB, should S3 start chunking image files and do a |
599 # and do a multipart upload in S3. The default is 100MB. |
678 # multipart upload in S3. (integer value) |
600 #s3_store_large_object_size = 100 |
679 #s3_store_large_object_size = 100 |
601 |
680 |
602 # Multipart upload part size, in MB, should S3 use when uploading |
681 # What multipart upload part size, in MB, should S3 use when uploading |
603 # parts. The size must be greater than or equal to |
682 # parts. The size must be greater than or equal to 5M. (integer value) |
604 # 5MB. The default is 10MB. |
|
605 #s3_store_large_object_chunk_size = 10 |
683 #s3_store_large_object_chunk_size = 10 |
606 |
684 |
607 # The number of thread pools to perform a multipart upload |
685 # The number of thread pools to perform a multipart upload in S3. |
608 # in S3. The default is 10. |
686 # (integer value) |
609 #s3_store_thread_pools = 10 |
687 #s3_store_thread_pools = 10 |
610 |
688 |
611 # ============ RBD Store Options ============================= |
689 # Hostname or IP address of the instance to connect to, or a mongodb |
612 |
690 # URI, or a list of hostnames / mongodb URIs. If host is an IPv6 |
613 # Ceph configuration file path |
691 # literal it must be enclosed in '[' and ']' characters following the |
614 # If using cephx authentication, this file should |
692 # RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value) |
615 # include a reference to the right keyring |
693 #mongodb_store_uri = <None> |
616 # in a client.<USER> section |
694 |
617 #rbd_store_ceph_conf = /etc/ceph/ceph.conf |
695 # Database to use (string value) |
618 |
696 #mongodb_store_db = <None> |
619 # RADOS user to authenticate as (only applicable if using cephx) |
697 |
620 # If <None>, a default will be chosen based on the client. section |
698 # Info to match when looking for cinder in the service catalog. Format |
621 # in rbd_store_ceph_conf |
699 # is : separated values of the form: |
622 #rbd_store_user = <None> |
|
623 |
|
624 # RADOS pool in which images are stored |
|
625 #rbd_store_pool = images |
|
626 |
|
627 # RADOS images will be chunked into objects of this size (in megabytes). |
|
628 # For best performance, this should be a power of two |
|
629 #rbd_store_chunk_size = 8 |
|
630 |
|
631 # ============ Sheepdog Store Options ============================= |
|
632 |
|
633 sheepdog_store_address = localhost |
|
634 |
|
635 sheepdog_store_port = 7000 |
|
636 |
|
637 # Images will be chunked into objects of this size (in megabytes). |
|
638 # For best performance, this should be a power of two |
|
639 sheepdog_store_chunk_size = 64 |
|
640 |
|
641 # ============ Cinder Store Options =============================== |
|
642 |
|
643 # Info to match when looking for cinder in the service catalog |
|
644 # Format is : separated values of the form: |
|
645 # <service_type>:<service_name>:<endpoint_type> (string value) |
700 # <service_type>:<service_name>:<endpoint_type> (string value) |
646 #cinder_catalog_info = volume:cinder:publicURL |
701 #cinder_catalog_info = volume:cinder:publicURL |
647 |
702 |
648 # Override service catalog lookup with template for cinder endpoint |
703 # Override service catalog lookup with template for cinder endpoint |
649 # e.g. http://localhost:8776/v1/%(project_id)s (string value) |
704 # e.g. http://localhost:8776/v1/%(project_id)s (string value) |
650 #cinder_endpoint_template = <None> |
705 #cinder_endpoint_template = <None> |
651 |
706 |
652 # Region name of this node (string value) |
707 # Region name of this node (string value) |
653 #os_region_name = <None> |
708 #os_region_name = <None> |
654 |
709 |
655 # Location of ca certicates file to use for cinder client requests |
710 # Location of ca certicates file to use for cinder client requests. |
656 # (string value) |
711 # (string value) |
657 #cinder_ca_certificates_file = <None> |
712 #cinder_ca_certificates_file = <None> |
658 |
713 |
659 # Number of cinderclient retries on failed http calls (integer value) |
714 # Number of cinderclient retries on failed http calls (integer value) |
660 #cinder_http_retries = 3 |
715 #cinder_http_retries = 3 |
661 |
716 |
662 # Allow to perform insecure SSL requests to cinder (boolean value) |
717 # Allow to perform insecure SSL requests to cinder (boolean value) |
663 #cinder_api_insecure = False |
718 #cinder_api_insecure = false |
664 |
719 |
665 # ============ VMware Datastore Store Options ===================== |
720 # Directory to which the Filesystem backend store writes images. |
666 |
721 # (string value) |
667 # ESX/ESXi or vCenter Server target system. |
722 filesystem_store_datadir = /var/lib/glance/images/ |
668 # The server value can be an IP address or a DNS name |
723 |
669 # e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com |
724 # List of directories and its priorities to which the Filesystem |
|
725 # backend store writes images. (multi valued) |
|
726 #filesystem_store_datadirs = |
|
727 |
|
728 # The path to a file which contains the metadata to be returned with |
|
729 # any location associated with this store. The file must contain a |
|
730 # valid JSON object. The object should contain the keys 'id' and |
|
731 # 'mountpoint'. The value for both keys should be 'string'. (string |
|
732 # value) |
|
733 #filesystem_store_metadata_file = <None> |
|
734 |
|
735 # The required permission for created image file. In this way the user |
|
736 # other service used, e.g. Nova, who consumes the image could be the |
|
737 # exclusive member of the group that owns the files created. Assigning |
|
738 # it less then or equal to zero means don't change the default |
|
739 # permission of the file. This value will be decoded as an octal |
|
740 # digit. (integer value) |
|
741 #filesystem_store_file_perm = 0 |
|
742 |
|
743 # Version of the authentication service to use. Valid versions are 2 |
|
744 # for keystone and 1 for swauth and rackspace. (deprecated) (string |
|
745 # value) |
|
746 #swift_store_auth_version = 2 |
|
747 |
|
748 # If True, swiftclient won't check for a valid SSL certificate when |
|
749 # authenticating. (boolean value) |
|
750 #swift_store_auth_insecure = false |
|
751 |
|
752 # A string giving the CA certificate file to use in SSL connections |
|
753 # for verifying certs. (string value) |
|
754 #swift_store_cacert = <None> |
|
755 |
|
756 # The region of the swift endpoint to be used for single tenant. This |
|
757 # setting is only necessary if the tenant has multiple swift |
|
758 # endpoints. (string value) |
|
759 #swift_store_region = <None> |
|
760 |
|
761 # If set, the configured endpoint will be used. If None, the storage |
|
762 # url from the auth response will be used. (string value) |
|
763 #swift_store_endpoint = <None> |
|
764 |
|
765 # A string giving the endpoint type of the swift service to use |
|
766 # (publicURL, adminURL or internalURL). This setting is only used if |
|
767 # swift_store_auth_version is 2. (string value) |
|
768 #swift_store_endpoint_type = publicURL |
|
769 |
|
770 # A string giving the service type of the swift service to use. This |
|
771 # setting is only used if swift_store_auth_version is 2. (string |
|
772 # value) |
|
773 #swift_store_service_type = object-store |
|
774 |
|
775 # Container within the account that the account should use for storing |
|
776 # images in Swift when using single container mode. In multiple |
|
777 # container mode, this will be the prefix for all containers. (string |
|
778 # value) |
|
779 #swift_store_container = glance |
|
780 |
|
781 # The size, in MB, that Glance will start chunking image files and do |
|
782 # a large object manifest in Swift. (integer value) |
|
783 #swift_store_large_object_size = 5120 |
|
784 |
|
785 # The amount of data written to a temporary disk buffer during the |
|
786 # process of chunking the image file. (integer value) |
|
787 #swift_store_large_object_chunk_size = 200 |
|
788 |
|
789 # A boolean value that determines if we create the container if it |
|
790 # does not exist. (boolean value) |
|
791 #swift_store_create_container_on_put = false |
|
792 |
|
793 # If set to True, enables multi-tenant storage mode which causes |
|
794 # Glance images to be stored in tenant specific Swift accounts. |
|
795 # (boolean value) |
|
796 #swift_store_multi_tenant = false |
|
797 |
|
798 # When set to 0, a single-tenant store will only use one container to |
|
799 # store all images. When set to an integer value between 1 and 32, a |
|
800 # single-tenant store will use multiple containers to store images, |
|
801 # and this value will determine how many containers are created.Used |
|
802 # only when swift_store_multi_tenant is disabled. The total number of |
|
803 # containers that will be used is equal to 16^N, so if this config |
|
804 # option is set to 2, then 16^2=256 containers will be used to store |
|
805 # images. (integer value) |
|
806 #swift_store_multiple_containers_seed = 0 |
|
807 |
|
808 # A list of tenants that will be granted read/write access on all |
|
809 # Swift containers created by Glance in multi-tenant mode. (list |
|
810 # value) |
|
811 #swift_store_admin_tenants = |
|
812 |
|
813 # If set to False, disables SSL layer compression of https swift |
|
814 # requests. Setting to False may improve performance for images which |
|
815 # are already in a compressed format, eg qcow2. (boolean value) |
|
816 #swift_store_ssl_compression = true |
|
817 |
|
818 # The number of times a Swift download will be retried before the |
|
819 # request fails. (integer value) |
|
820 #swift_store_retry_get_count = 0 |
|
821 |
|
822 # The reference to the default swift account/backing store parameters |
|
823 # to use for adding new images. (string value) |
|
824 #default_swift_reference = ref1 |
|
825 |
|
826 # The address where the Swift authentication service is |
|
827 # listening.(deprecated) (string value) |
|
828 #swift_store_auth_address = <None> |
|
829 |
|
830 # The user to authenticate against the Swift authentication service |
|
831 # (deprecated) (string value) |
|
832 #swift_store_user = <None> |
|
833 |
|
834 # Auth key for the user authenticating against the Swift |
|
835 # authentication service. (deprecated) (string value) |
|
836 #swift_store_key = <None> |
|
837 |
|
838 # The config file that has the swift account(s)configs. (string value) |
|
839 #swift_store_config_file = <None> |
|
840 |
|
841 # ESX/ESXi or vCenter Server target system. The server value can be an |
|
842 # IP address or a DNS name. (string value) |
670 #vmware_server_host = <None> |
843 #vmware_server_host = <None> |
671 |
844 |
672 # Server username (string value) |
845 # Username for authenticating with VMware ESX/VC server. (string |
|
846 # value) |
673 #vmware_server_username = <None> |
847 #vmware_server_username = <None> |
674 |
848 |
675 # Server password (string value) |
849 # Password for authenticating with VMware ESX/VC server. (string |
|
850 # value) |
676 #vmware_server_password = <None> |
851 #vmware_server_password = <None> |
677 |
852 |
678 # Inventory path to a datacenter (string value) |
853 # DEPRECATED. Inventory path to a datacenter. If the |
679 # Value optional when vmware_server_ip is an ESX/ESXi host: if specified |
854 # vmware_server_host specified is an ESX/ESXi, the |
680 # should be `ha-datacenter`. |
855 # vmware_datacenter_path is optional. If specified, it should be "ha- |
681 #vmware_datacenter_path = <None> |
856 # datacenter". This option is deprecated in favor of vmware_datastores |
682 |
857 # and will be removed in the Liberty release. (string value) |
683 # Datastore associated with the datacenter (string value) |
858 #vmware_datacenter_path = ha-datacenter |
|
859 |
|
860 # DEPRECATED. Datastore associated with the datacenter. This option is |
|
861 # deprecated in favor of vmware_datastores and will be removed in the |
|
862 # Liberty release. (string value) |
684 #vmware_datastore_name = <None> |
863 #vmware_datastore_name = <None> |
685 |
864 |
686 # The number of times we retry on failures |
865 # Number of times VMware ESX/VC server API must be retried upon |
687 # e.g., socket error, etc (integer value) |
866 # connection related issues. (integer value) |
688 #vmware_api_retry_count = 10 |
867 #vmware_api_retry_count = 10 |
689 |
868 |
690 # The interval used for polling remote tasks |
869 # The interval used for polling remote tasks invoked on VMware ESX/VC |
691 # invoked on VMware ESX/VC server in seconds (integer value) |
870 # server. (integer value) |
692 #vmware_task_poll_interval = 5 |
871 #vmware_task_poll_interval = 5 |
693 |
872 |
694 # Absolute path of the folder containing the images in the datastore |
873 # The name of the directory where the glance images will be stored in |
|
874 # the VMware datastore. (string value) |
|
875 #vmware_store_image_dir = /openstack_glance |
|
876 |
|
877 # Allow to perform insecure SSL requests to ESX/VC. (boolean value) |
|
878 #vmware_api_insecure = false |
|
879 |
|
880 # A list of datastores where the image can be stored. This option may |
|
881 # be specified multiple times for specifying multiple datastores. |
|
882 # Either one of vmware_datastore_name or vmware_datastores is |
|
883 # required. The datastore name should be specified after its |
|
884 # datacenter path, seperated by ":". An optional weight may be given |
|
885 # after the datastore name, seperated again by ":". Thus, the required |
|
886 # format becomes <datacenter_path>:<datastore_name>:<optional_weight>. |
|
887 # When adding an image, the datastore with highest weight will be |
|
888 # selected, unless there is not enough free space available in cases |
|
889 # where the image size is already known. If no weight is given, it is |
|
890 # assumed to be zero and the directory will be considered for |
|
891 # selection last. If multiple datastores have the same weight, then |
|
892 # the one with the most free space available is selected. (multi |
|
893 # valued) |
|
894 #vmware_datastores = |
|
895 |
|
896 |
|
897 [image_format] |
|
898 |
|
899 # |
|
900 # From glance.api |
|
901 # |
|
902 |
|
903 # Supported values for the 'container_format' image attribute (list |
|
904 # value) |
|
905 # Deprecated group/name - [DEFAULT]/container_formats |
|
906 #container_formats = ami,ari,aki,bare,ovf,ova,uar |
|
907 |
|
908 # Supported values for the 'disk_format' image attribute (list value) |
|
909 # Deprecated group/name - [DEFAULT]/disk_formats |
|
910 #disk_formats = ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,zfs |
|
911 |
|
912 |
|
913 [keystone_authtoken] |
|
914 |
|
915 # |
|
916 # From keystonemiddleware.auth_token |
|
917 # |
|
918 |
|
919 # Complete public Identity API endpoint. (string value) |
|
920 auth_uri = http://127.0.0.1:5000/v2.0/ |
|
921 |
|
922 # API version of the admin Identity API endpoint. (string value) |
|
923 #auth_version = <None> |
|
924 |
|
925 # Do not handle authorization requests within the middleware, but |
|
926 # delegate the authorization decision to downstream WSGI components. |
|
927 # (boolean value) |
|
928 #delay_auth_decision = false |
|
929 |
|
930 # Request timeout value for communicating with Identity API server. |
|
931 # (integer value) |
|
932 #http_connect_timeout = <None> |
|
933 |
|
934 # How many times are we trying to reconnect when communicating with |
|
935 # Identity API Server. (integer value) |
|
936 #http_request_max_retries = 3 |
|
937 |
|
938 # Env key for the swift cache. (string value) |
|
939 #cache = <None> |
|
940 |
|
941 # Required if identity server requires client certificate (string |
|
942 # value) |
|
943 #certfile = <None> |
|
944 |
|
945 # Required if identity server requires client certificate (string |
|
946 # value) |
|
947 #keyfile = <None> |
|
948 |
|
949 # A PEM encoded Certificate Authority to use when verifying HTTPs |
|
950 # connections. Defaults to system CAs. (string value) |
|
951 #cafile = <None> |
|
952 |
|
953 # Verify HTTPS connections. (boolean value) |
|
954 #insecure = false |
|
955 |
|
956 # Directory used to cache files related to PKI tokens. (string value) |
|
957 signing_dir = /var/lib/glance/keystone-signing |
|
958 |
|
959 # Optionally specify a list of memcached server(s) to use for caching. |
|
960 # If left undefined, tokens will instead be cached in-process. (list |
|
961 # value) |
|
962 # Deprecated group/name - [DEFAULT]/memcache_servers |
|
963 #memcached_servers = <None> |
|
964 |
|
965 # In order to prevent excessive effort spent validating tokens, the |
|
966 # middleware caches previously-seen tokens for a configurable duration |
|
967 # (in seconds). Set to -1 to disable caching completely. (integer |
|
968 # value) |
|
969 #token_cache_time = 300 |
|
970 |
|
971 # Determines the frequency at which the list of revoked tokens is |
|
972 # retrieved from the Identity service (in seconds). A high number of |
|
973 # revocation events combined with a low cache duration may |
|
974 # significantly reduce performance. (integer value) |
|
975 #revocation_cache_time = 10 |
|
976 |
|
977 # (Optional) If defined, indicate whether token data should be |
|
978 # authenticated or authenticated and encrypted. Acceptable values are |
|
979 # MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in |
|
980 # the cache. If ENCRYPT, token data is encrypted and authenticated in |
|
981 # the cache. If the value is not one of these options or empty, |
|
982 # auth_token will raise an exception on initialization. (string value) |
|
983 #memcache_security_strategy = <None> |
|
984 |
|
985 # (Optional, mandatory if memcache_security_strategy is defined) This |
|
986 # string is used for key derivation. (string value) |
|
987 #memcache_secret_key = <None> |
|
988 |
|
989 # (Optional) Number of seconds memcached server is considered dead |
|
990 # before it is tried again. (integer value) |
|
991 #memcache_pool_dead_retry = 300 |
|
992 |
|
993 # (Optional) Maximum total number of open connections to every |
|
994 # memcached server. (integer value) |
|
995 #memcache_pool_maxsize = 10 |
|
996 |
|
997 # (Optional) Socket timeout in seconds for communicating with a |
|
998 # memcache server. (integer value) |
|
999 #memcache_pool_socket_timeout = 3 |
|
1000 |
|
1001 # (Optional) Number of seconds a connection to memcached is held |
|
1002 # unused in the pool before it is closed. (integer value) |
|
1003 #memcache_pool_unused_timeout = 60 |
|
1004 |
|
1005 # (Optional) Number of seconds that an operation will wait to get a |
|
1006 # memcache client connection from the pool. (integer value) |
|
1007 #memcache_pool_conn_get_timeout = 10 |
|
1008 |
|
1009 # (Optional) Use the advanced (eventlet safe) memcache client pool. |
|
1010 # The advanced pool will only work under python 2.x. (boolean value) |
|
1011 #memcache_use_advanced_pool = false |
|
1012 |
|
1013 # (Optional) Indicate whether to set the X-Service-Catalog header. If |
|
1014 # False, middleware will not ask for service catalog on token |
|
1015 # validation and will not set the X-Service-Catalog header. (boolean |
|
1016 # value) |
|
1017 #include_service_catalog = true |
|
1018 |
|
1019 # Used to control the use and type of token binding. Can be set to: |
|
1020 # "disabled" to not check token binding. "permissive" (default) to |
|
1021 # validate binding information if the bind type is of a form known to |
|
1022 # the server and ignore it if not. "strict" like "permissive" but if |
|
1023 # the bind type is unknown the token will be rejected. "required" any |
|
1024 # form of token binding is needed to be allowed. Finally the name of a |
|
1025 # binding method that must be present in tokens. (string value) |
|
1026 #enforce_token_bind = permissive |
|
1027 |
|
1028 # If true, the revocation list will be checked for cached tokens. This |
|
1029 # requires that PKI tokens are configured on the identity server. |
|
1030 # (boolean value) |
|
1031 #check_revocations_for_cached = false |
|
1032 |
|
1033 # Hash algorithms to use for hashing PKI tokens. This may be a single |
|
1034 # algorithm or multiple. The algorithms are those supported by Python |
|
1035 # standard hashlib.new(). The hashes will be tried in the order given, |
|
1036 # so put the preferred one first for performance. The result of the |
|
1037 # first hash will be stored in the cache. This will typically be set |
|
1038 # to multiple values only while migrating from a less secure algorithm |
|
1039 # to a more secure one. Once all the old tokens are expired this |
|
1040 # option should be set to a single value for better performance. (list |
|
1041 # value) |
|
1042 #hash_algorithms = md5 |
|
1043 |
|
1044 # Prefix to prepend at the beginning of the path. Deprecated, use |
|
1045 # identity_uri. (string value) |
|
1046 #auth_admin_prefix = |
|
1047 |
|
1048 # Host providing the admin Identity API endpoint. Deprecated, use |
|
1049 # identity_uri. (string value) |
|
1050 #auth_host = 127.0.0.1 |
|
1051 |
|
1052 # Port of the admin Identity API endpoint. Deprecated, use |
|
1053 # identity_uri. (integer value) |
|
1054 #auth_port = 35357 |
|
1055 |
|
1056 # Protocol of the admin Identity API endpoint (http or https). |
|
1057 # Deprecated, use identity_uri. (string value) |
|
1058 #auth_protocol = https |
|
1059 |
|
1060 # Complete admin Identity API endpoint. This should specify the |
|
1061 # unversioned root endpoint e.g. https://localhost:35357/ (string |
|
1062 # value) |
|
1063 identity_uri = http://127.0.0.1:35357/ |
|
1064 |
|
1065 # This option is deprecated and may be removed in a future release. |
|
1066 # Single shared secret with the Keystone configuration used for |
|
1067 # bootstrapping a Keystone installation, or otherwise bypassing the |
|
1068 # normal authentication process. This option should not be used, use |
|
1069 # `admin_user` and `admin_password` instead. (string value) |
|
1070 #admin_token = <None> |
|
1071 |
|
1072 # Service username. (string value) |
|
1073 admin_user = %SERVICE_USER% |
|
1074 |
|
1075 # Service user password. (string value) |
|
1076 admin_password = %SERVICE_PASSWORD% |
|
1077 |
|
1078 # Service tenant name. (string value) |
|
1079 admin_tenant_name = %SERVICE_TENANT_NAME% |
|
1080 |
|
1081 # Name of the plugin to load (string value) |
|
1082 #auth_plugin = <None> |
|
1083 |
|
1084 # Config Section from which to load plugin specific options (string |
|
1085 # value) |
|
1086 #auth_section = <None> |
|
1087 |
|
1088 |
|
1089 [matchmaker_redis] |
|
1090 |
|
1091 # |
|
1092 # From oslo.messaging |
|
1093 # |
|
1094 |
|
1095 # Host to locate redis. (string value) |
|
1096 #host = 127.0.0.1 |
|
1097 |
|
1098 # Use this port to connect to redis host. (integer value) |
|
1099 #port = 6379 |
|
1100 |
|
1101 # Password for Redis server (optional). (string value) |
|
1102 #password = <None> |
|
1103 |
|
1104 |
|
1105 [matchmaker_ring] |
|
1106 |
|
1107 # |
|
1108 # From oslo.messaging |
|
1109 # |
|
1110 |
|
1111 # Matchmaker ring file (JSON). (string value) |
|
1112 # Deprecated group/name - [DEFAULT]/matchmaker_ringfile |
|
1113 #ringfile = /etc/oslo/matchmaker_ring.json |
|
1114 |
|
1115 |
|
1116 [oslo_concurrency] |
|
1117 |
|
1118 # |
|
1119 # From oslo.concurrency |
|
1120 # |
|
1121 |
|
1122 # Enables or disables inter-process locks. (boolean value) |
|
1123 # Deprecated group/name - [DEFAULT]/disable_process_locking |
|
1124 #disable_process_locking = false |
|
1125 |
|
1126 # Directory to use for lock files. For security, the specified |
|
1127 # directory should only be writable by the user running the processes |
|
1128 # that need locking. Defaults to environment variable OSLO_LOCK_PATH. |
|
1129 # If external locks are used, a lock path must be set. (string value) |
|
1130 # Deprecated group/name - [DEFAULT]/lock_path |
|
1131 #lock_path = <None> |
|
1132 |
|
1133 |
|
1134 [oslo_messaging_amqp] |
|
1135 |
|
1136 # |
|
1137 # From oslo.messaging |
|
1138 # |
|
1139 |
|
1140 # address prefix used when sending to a specific server (string value) |
|
1141 # Deprecated group/name - [amqp1]/server_request_prefix |
|
1142 #server_request_prefix = exclusive |
|
1143 |
|
1144 # address prefix used when broadcasting to all servers (string value) |
|
1145 # Deprecated group/name - [amqp1]/broadcast_prefix |
|
1146 #broadcast_prefix = broadcast |
|
1147 |
|
1148 # address prefix when sending to any server in group (string value) |
|
1149 # Deprecated group/name - [amqp1]/group_request_prefix |
|
1150 #group_request_prefix = unicast |
|
1151 |
|
1152 # Name for the AMQP container (string value) |
|
1153 # Deprecated group/name - [amqp1]/container_name |
|
1154 #container_name = <None> |
|
1155 |
|
1156 # Timeout for inactive connections (in seconds) (integer value) |
|
1157 # Deprecated group/name - [amqp1]/idle_timeout |
|
1158 #idle_timeout = 0 |
|
1159 |
|
1160 # Debug: dump AMQP frames to stdout (boolean value) |
|
1161 # Deprecated group/name - [amqp1]/trace |
|
1162 #trace = false |
|
1163 |
|
1164 # CA certificate PEM file for verifing server certificate (string |
|
1165 # value) |
|
1166 # Deprecated group/name - [amqp1]/ssl_ca_file |
|
1167 #ssl_ca_file = |
|
1168 |
|
1169 # Identifying certificate PEM file to present to clients (string |
|
1170 # value) |
|
1171 # Deprecated group/name - [amqp1]/ssl_cert_file |
|
1172 #ssl_cert_file = |
|
1173 |
|
1174 # Private key PEM file used to sign cert_file certificate (string |
|
1175 # value) |
|
1176 # Deprecated group/name - [amqp1]/ssl_key_file |
|
1177 #ssl_key_file = |
|
1178 |
|
1179 # Password for decrypting ssl_key_file (if encrypted) (string value) |
|
1180 # Deprecated group/name - [amqp1]/ssl_key_password |
|
1181 #ssl_key_password = <None> |
|
1182 |
|
1183 # Accept clients using either SSL or plain TCP (boolean value) |
|
1184 # Deprecated group/name - [amqp1]/allow_insecure_clients |
|
1185 #allow_insecure_clients = false |
|
1186 |
|
1187 |
|
1188 [oslo_messaging_qpid] |
|
1189 |
|
1190 # |
|
1191 # From oslo.messaging |
|
1192 # |
|
1193 |
|
1194 # Use durable queues in AMQP. (boolean value) |
|
1195 # Deprecated group/name - [DEFAULT]/rabbit_durable_queues |
|
1196 #amqp_durable_queues = false |
|
1197 |
|
1198 # Auto-delete queues in AMQP. (boolean value) |
|
1199 # Deprecated group/name - [DEFAULT]/amqp_auto_delete |
|
1200 #amqp_auto_delete = false |
|
1201 |
|
1202 # Size of RPC connection pool. (integer value) |
|
1203 # Deprecated group/name - [DEFAULT]/rpc_conn_pool_size |
|
1204 #rpc_conn_pool_size = 30 |
|
1205 |
|
1206 # Qpid broker hostname. (string value) |
|
1207 # Deprecated group/name - [DEFAULT]/qpid_hostname |
|
1208 #qpid_hostname = localhost |
|
1209 |
|
1210 # Qpid broker port. (integer value) |
|
1211 # Deprecated group/name - [DEFAULT]/qpid_port |
|
1212 #qpid_port = 5672 |
|
1213 |
|
1214 # Qpid HA cluster host:port pairs. (list value) |
|
1215 # Deprecated group/name - [DEFAULT]/qpid_hosts |
|
1216 #qpid_hosts = $qpid_hostname:$qpid_port |
|
1217 |
|
1218 # Username for Qpid connection. (string value) |
|
1219 # Deprecated group/name - [DEFAULT]/qpid_username |
|
1220 #qpid_username = |
|
1221 |
|
1222 # Password for Qpid connection. (string value) |
|
1223 # Deprecated group/name - [DEFAULT]/qpid_password |
|
1224 #qpid_password = |
|
1225 |
|
1226 # Space separated list of SASL mechanisms to use for auth. (string |
|
1227 # value) |
|
1228 # Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms |
|
1229 #qpid_sasl_mechanisms = |
|
1230 |
|
1231 # Seconds between connection keepalive heartbeats. (integer value) |
|
1232 # Deprecated group/name - [DEFAULT]/qpid_heartbeat |
|
1233 #qpid_heartbeat = 60 |
|
1234 |
|
1235 # Transport to use, either 'tcp' or 'ssl'. (string value) |
|
1236 # Deprecated group/name - [DEFAULT]/qpid_protocol |
|
1237 #qpid_protocol = tcp |
|
1238 |
|
1239 # Whether to disable the Nagle algorithm. (boolean value) |
|
1240 # Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay |
|
1241 #qpid_tcp_nodelay = true |
|
1242 |
|
1243 # The number of prefetched messages held by receiver. (integer value) |
|
1244 # Deprecated group/name - [DEFAULT]/qpid_receiver_capacity |
|
1245 #qpid_receiver_capacity = 1 |
|
1246 |
|
1247 # The qpid topology version to use. Version 1 is what was originally |
|
1248 # used by impl_qpid. Version 2 includes some backwards-incompatible |
|
1249 # changes that allow broker federation to work. Users should update |
|
1250 # to version 2 when they are able to take everything down, as it |
|
1251 # requires a clean break. (integer value) |
|
1252 # Deprecated group/name - [DEFAULT]/qpid_topology_version |
|
1253 #qpid_topology_version = 1 |
|
1254 |
|
1255 |
|
1256 [oslo_messaging_rabbit] |
|
1257 |
|
1258 # |
|
1259 # From oslo.messaging |
|
1260 # |
|
1261 |
|
1262 # Use durable queues in AMQP. (boolean value) |
|
1263 # Deprecated group/name - [DEFAULT]/rabbit_durable_queues |
|
1264 #amqp_durable_queues = false |
|
1265 |
|
1266 # Auto-delete queues in AMQP. (boolean value) |
|
1267 # Deprecated group/name - [DEFAULT]/amqp_auto_delete |
|
1268 #amqp_auto_delete = false |
|
1269 |
|
1270 # Size of RPC connection pool. (integer value) |
|
1271 # Deprecated group/name - [DEFAULT]/rpc_conn_pool_size |
|
1272 #rpc_conn_pool_size = 30 |
|
1273 |
|
1274 # SSL version to use (valid only if SSL enabled). Valid values are |
|
1275 # TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be |
|
1276 # available on some distributions. (string value) |
|
1277 # Deprecated group/name - [DEFAULT]/kombu_ssl_version |
|
1278 #kombu_ssl_version = |
|
1279 |
|
1280 # SSL key file (valid only if SSL enabled). (string value) |
|
1281 # Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile |
|
1282 #kombu_ssl_keyfile = |
|
1283 |
|
1284 # SSL cert file (valid only if SSL enabled). (string value) |
|
1285 # Deprecated group/name - [DEFAULT]/kombu_ssl_certfile |
|
1286 #kombu_ssl_certfile = |
|
1287 |
|
1288 # SSL certification authority file (valid only if SSL enabled). |
695 # (string value) |
1289 # (string value) |
696 #vmware_store_image_dir = /openstack_glance |
1290 # Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs |
697 |
1291 #kombu_ssl_ca_certs = |
698 # Allow to perform insecure SSL requests to the target system (boolean value) |
1292 |
699 #vmware_api_insecure = False |
1293 # How long to wait before reconnecting in response to an AMQP consumer |
|
1294 # cancel notification. (floating point value) |
|
1295 # Deprecated group/name - [DEFAULT]/kombu_reconnect_delay |
|
1296 #kombu_reconnect_delay = 1.0 |
|
1297 |
|
1298 # The RabbitMQ broker address where a single node is used. (string |
|
1299 # value) |
|
1300 # Deprecated group/name - [DEFAULT]/rabbit_host |
|
1301 #rabbit_host = localhost |
|
1302 |
|
1303 # The RabbitMQ broker port where a single node is used. (integer |
|
1304 # value) |
|
1305 # Deprecated group/name - [DEFAULT]/rabbit_port |
|
1306 #rabbit_port = 5672 |
|
1307 |
|
1308 # RabbitMQ HA cluster host:port pairs. (list value) |
|
1309 # Deprecated group/name - [DEFAULT]/rabbit_hosts |
|
1310 #rabbit_hosts = $rabbit_host:$rabbit_port |
|
1311 |
|
1312 # Connect over SSL for RabbitMQ. (boolean value) |
|
1313 # Deprecated group/name - [DEFAULT]/rabbit_use_ssl |
|
1314 #rabbit_use_ssl = false |
|
1315 |
|
1316 # The RabbitMQ userid. (string value) |
|
1317 # Deprecated group/name - [DEFAULT]/rabbit_userid |
|
1318 #rabbit_userid = guest |
|
1319 |
|
1320 # The RabbitMQ password. (string value) |
|
1321 # Deprecated group/name - [DEFAULT]/rabbit_password |
|
1322 #rabbit_password = guest |
|
1323 |
|
1324 # The RabbitMQ login method. (string value) |
|
1325 # Deprecated group/name - [DEFAULT]/rabbit_login_method |
|
1326 #rabbit_login_method = AMQPLAIN |
|
1327 |
|
1328 # The RabbitMQ virtual host. (string value) |
|
1329 # Deprecated group/name - [DEFAULT]/rabbit_virtual_host |
|
1330 #rabbit_virtual_host = / |
|
1331 |
|
1332 # How frequently to retry connecting with RabbitMQ. (integer value) |
|
1333 #rabbit_retry_interval = 1 |
|
1334 |
|
1335 # How long to backoff for between retries when connecting to RabbitMQ. |
|
1336 # (integer value) |
|
1337 # Deprecated group/name - [DEFAULT]/rabbit_retry_backoff |
|
1338 #rabbit_retry_backoff = 2 |
|
1339 |
|
1340 # Maximum number of RabbitMQ connection retries. Default is 0 |
|
1341 # (infinite retry count). (integer value) |
|
1342 # Deprecated group/name - [DEFAULT]/rabbit_max_retries |
|
1343 #rabbit_max_retries = 0 |
|
1344 |
|
1345 # Use HA queues in RabbitMQ (x-ha-policy: all). If you change this |
|
1346 # option, you must wipe the RabbitMQ database. (boolean value) |
|
1347 # Deprecated group/name - [DEFAULT]/rabbit_ha_queues |
|
1348 #rabbit_ha_queues = false |
|
1349 |
|
1350 # Number of seconds after which the Rabbit broker is considered down |
|
1351 # if heartbeat's keep-alive fails (0 disables the heartbeat, >0 |
|
1352 # enables it. Enabling heartbeats requires kombu>=3.0.7 and |
|
1353 # amqp>=1.4.0). EXPERIMENTAL (integer value) |
|
1354 #heartbeat_timeout_threshold = 0 |
|
1355 |
|
1356 # How often times during the heartbeat_timeout_threshold we check the |
|
1357 # heartbeat. (integer value) |
|
1358 #heartbeat_rate = 2 |
|
1359 |
|
1360 # Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake |
|
1361 # (boolean value) |
|
1362 # Deprecated group/name - [DEFAULT]/fake_rabbit |
|
1363 #fake_rabbit = false |
|
1364 |
|
1365 |
|
1366 [oslo_policy] |
|
1367 |
|
1368 # |
|
1369 # From oslo.policy |
|
1370 # |
|
1371 |
|
1372 # The JSON file that defines policies. (string value) |
|
1373 # Deprecated group/name - [DEFAULT]/policy_file |
|
1374 #policy_file = policy.json |
|
1375 |
|
1376 # Default rule. Enforced when a requested rule is not found. (string |
|
1377 # value) |
|
1378 # Deprecated group/name - [DEFAULT]/policy_default_rule |
|
1379 #policy_default_rule = default |
|
1380 |
|
1381 # Directories where policy configuration files are stored. They can be |
|
1382 # relative to any directory in the search path defined by the |
|
1383 # config_dir option, or absolute paths. The file defined by |
|
1384 # policy_file must exist for these directories to be searched. |
|
1385 # Missing or empty directories are ignored. (multi valued) |
|
1386 # Deprecated group/name - [DEFAULT]/policy_dirs |
|
1387 #policy_dirs = policy.d |
|
1388 |
|
1389 |
|
1390 [paste_deploy] |
|
1391 |
|
1392 # |
|
1393 # From glance.api |
|
1394 # |
|
1395 |
|
1396 # Partial name of a pipeline in your paste configuration file with the |
|
1397 # service name removed. For example, if your paste section name is |
|
1398 # [pipeline:glance-api-keystone] use the value "keystone" (string |
|
1399 # value) |
|
1400 flavor = keystone |
|
1401 |
|
1402 # Name of the paste configuration file. (string value) |
|
1403 #config_file = <None> |
|
1404 |
|
1405 |
|
1406 [profiler] |
|
1407 |
|
1408 # |
|
1409 # From glance.api |
|
1410 # |
|
1411 |
|
1412 # If False fully disable profiling feature. (boolean value) |
|
1413 #enabled = false |
|
1414 |
|
1415 # If False doesn't trace SQL requests. (boolean value) |
|
1416 #trace_sqlalchemy = false |
|
1417 |
|
1418 |
|
1419 [store_type_location_strategy] |
|
1420 |
|
1421 # |
|
1422 # From glance.api |
|
1423 # |
|
1424 |
|
1425 # The store names to use to get store preference order. The name must |
|
1426 # be registered by one of the stores defined by the 'stores' config |
|
1427 # option. This option will be applied when you using 'store_type' |
|
1428 # option as image location strategy defined by the 'location_strategy' |
|
1429 # config option. (list value) |
|
1430 #store_type_preference = |
|
1431 |
|
1432 |
|
1433 [task] |
|
1434 |
|
1435 # |
|
1436 # From glance.api |
|
1437 # |
|
1438 |
|
1439 # Time in hours for which a task lives after, either succeeding or |
|
1440 # failing (integer value) |
|
1441 # Deprecated group/name - [DEFAULT]/task_time_to_live |
|
1442 #task_time_to_live = 48 |
|
1443 |
|
1444 # Specifies which task executor to be used to run the task scripts. |
|
1445 # (string value) |
|
1446 #task_executor = taskflow |
|
1447 |
|
1448 # Work dir for asynchronous task operations. The directory set here |
|
1449 # will be used to operate over images - normally before they are |
|
1450 # imported in the destination store. When providing work dir, make |
|
1451 # sure enough space is provided for concurrent tasks to run |
|
1452 # efficiently without running out of space. A rough estimation can be |
|
1453 # done by multiplying the number of `max_workers` - or the N of |
|
1454 # workers running - by an average image size (e.g 500MB). The image |
|
1455 # size estimation should be done based on the average size in your |
|
1456 # deployment. Note that depending on the tasks running you may need to |
|
1457 # multiply this number by some factor depending on what the task does. |
|
1458 # For example, you may want to double the available size if image |
|
1459 # conversion is enabled. All this being said, remember these are just |
|
1460 # estimations and you should do them based on the worst case scenario |
|
1461 # and be prepared to act in case they were wrong. (string value) |
|
1462 #work_dir = <None> |
|
1463 |
|
1464 |
|
1465 [taskflow_executor] |
|
1466 |
|
1467 # |
|
1468 # From glance.api |
|
1469 # |
|
1470 |
|
1471 # The mode in which the engine will run. Can be 'serial' or |
|
1472 # 'parallel'. (string value) |
|
1473 # Allowed values: serial, parallel |
|
1474 #engine_mode = parallel |
|
1475 |
|
1476 # The number of parallel activities executed at the same time by the |
|
1477 # engine. The value can be greater than one when the engine mode is |
|
1478 # 'parallel'. (integer value) |
|
1479 # Deprecated group/name - [task]/eventlet_executor_pool_size |
|
1480 #max_workers = 10 |