--- a/components/openstack/glance/files/glance-registry.conf	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/files/glance-registry.conf	Wed Sep 07 14:48:42 2016 -0700
@@ -5,7 +5,7 @@
 #
 
 # When true, this option sets the owner of an image to be the tenant.
-# Otherwise, the owner of the  image will be the authenticated user
+# Otherwise, the owner of the image will be the authenticated user
 # issuing the request. (boolean value)
 #owner_is_tenant = true
 
@@ -18,6 +18,9 @@
 # value)
 #allow_anonymous_access = false
 
+# Limits request ID length. (integer value)
+#max_request_id_length = 64
+
 # Whether to allow users to specify image properties beyond what the
 # image schema provides (boolean value)
 #allow_additional_image_properties = true
@@ -58,19 +61,20 @@
 # For example, if using the file system store a URL of
 # "file:///path/to/image" will be returned to the user in the
 # 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution!  The overrides
-# show_image_direct_url. (boolean value)
+# security risk, so use this setting with caution! Setting this to
+# true overrides the show_image_direct_url option. (boolean value)
 #show_multiple_locations = false
 
 # Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
+# 1099511627776 bytes (1 TB). WARNING: this value should only be
 # increased after careful consideration and must be set to a value
 # under 8 EB (9223372036854775808). (integer value)
+# Maximum value: 9223372036854775808
 #image_size_cap = 1099511627776
 
 # Set a system wide quota for every user. This value is the total
 # capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
+# 0 means unlimited. Optional unit can be specified for the value.
 # Accepted units are B, KB, MB, GB and TB representing Bytes,
 # KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
 # unit is specified then Bytes is assumed. Note that there should not
@@ -95,7 +99,9 @@
 #pydev_worker_debug_host = <None>
 
 # The port on which a pydev process is listening for connections.
-# (integer value)
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #pydev_worker_debug_port = 5678
 
 # AES key for encrypting store 'location' metadata. This includes, if
@@ -103,20 +109,20 @@
 # length 16, 24 or 32 bytes (string value)
 #metadata_encryption_key = <None>
 
-# Digest algorithm which will be used for digital signature; the
-# default is sha1 the default in Kilo for a smooth upgrade process,
-# and it will be updated with sha256 in next release(L). Use the
+# Digest algorithm which will be used for digital signature. Use the
 # command "openssl list-message-digest-algorithms" to get the
 # available algorithms supported by the version of OpenSSL on the
 # platform. Examples are "sha1", "sha256", "sha512", etc. (string
 # value)
-#digest_algorithm = sha1
+#digest_algorithm = sha256
 
 # Address to bind the server.  Useful when selecting a particular
 # network interface. (string value)
 #bind_host = 0.0.0.0
 
-# The port on which the server will listen. (integer value)
+# The port on which the server will listen. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #bind_port = <None>
 
 # The backlog value that will be used when creating the TCP listener
@@ -162,86 +168,94 @@
 # Timeout for client connections' socket operations. If an incoming
 # connection is idle for this number of seconds it will be closed. A
 # value of '0' means wait forever. (integer value)
-#client_socket_timeout = 0
+#client_socket_timeout = 900
 
 #
 # From oslo.log
 #
 
-# Print debugging output (set logging level to DEBUG instead of
-# default WARNING level). (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 #debug = false
 
-# Print more verbose output (set logging level to INFO instead of
-# default WARNING level). (boolean value)
-#verbose = false
+# If set to false, the logging level will be set to WARNING instead of
+# the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
 
 # The name of a logging configuration file. This file is appended to
 # any existing logging configuration files. For details about logging
 # configuration files, see the Python logging module documentation.
-# (string value)
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
-# DEPRECATED. A logging.Formatter log message format string which may
-# use any of the available logging.LogRecord attributes. This option
-# is deprecated.  Please use logging_context_format_string and
-# logging_default_format_string instead. (string value)
-#log_format = <None>
-
-# Format string for %%(asctime)s in log records. Default: %(default)s
-# . (string value)
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to output to. If no default is set,
-# logging will go to stdout. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
 
-# (Optional) The base directory used for relative --log-file paths.
-# (string value)
+# (Optional) The base directory used for relative log_file paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Use syslog for logging. Existing syslog format is DEPRECATED during
-# I, and will change in J to honor RFC5424. (boolean value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
 
-# (Optional) Enables or disables syslog rfc5424 format for logging. If
-# enabled, prefixes the MSG part of the syslog message with APP-NAME
-# (RFC5424). The format without the APP-NAME is deprecated in I, and
-# will be removed in J. (boolean value)
-#use_syslog_rfc_format = false
-
-# Syslog facility to receive log lines. (string value)
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = true
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages without context. (string
-# value)
+# Format string to use for log messages when context is undefined.
+# (string value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Data to append to log format when level is DEBUG. (string value)
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
 # Prefix each line of exception output with this format. (string
 # value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
-# List of logger=LEVEL pairs. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# Enables or disables fatal status of deprecations. (boolean value)
-#fatal_deprecations = false
-
 # The format for an instance that is passed with the log message.
 # (string value)
 #instance_format = "[instance: %(uuid)s] "
@@ -250,20 +264,29 @@
 # (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
 #
 # From oslo.messaging
 #
 
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+#rpc_conn_pool_size = 30
+
 # ZeroMQ bind address. Should be a wildcard (*), an ethernet
 # interface, or IP. The "host" option should point or resolve to this
 # address. (string value)
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
-#rpc_zmq_matchmaker = local
+# Allowed values: redis, dummy
+#rpc_zmq_matchmaker = redis
 
-# ZeroMQ receiver listening port. (integer value)
-#rpc_zmq_port = 9501
+# Type of concurrency used. Either "native" or "eventlet" (string
+# value)
+#rpc_zmq_concurrency = eventlet
 
 # Number of ZeroMQ contexts, defaults to 1. (integer value)
 #rpc_zmq_contexts = 1
@@ -279,25 +302,41 @@
 # Must match "host" option, if running Nova. (string value)
 #rpc_zmq_host = localhost
 
-# Seconds to wait before a cast expires (TTL). Only supported by
-# impl_zmq. (integer value)
-#rpc_cast_timeout = 30
+# Seconds to wait before a cast expires (TTL). The default value of -1
+# specifies an infinite linger period. The value of 0 specifies no
+# linger period. Pending messages shall be discarded immediately when
+# the socket is closed. Only supported by impl_zmq. (integer value)
+#rpc_cast_timeout = -1
 
-# Heartbeat frequency. (integer value)
-#matchmaker_heartbeat_freq = 300
+# The default number of seconds that poll should wait. Poll raises
+# timeout exception when timeout expired. (integer value)
+#rpc_poll_timeout = 1
 
-# Heartbeat time-to-live. (integer value)
-#matchmaker_heartbeat_ttl = 600
+# Expiration timeout in seconds of a name service record about
+# existing target ( < 0 means no timeout). (integer value)
+#zmq_target_expire = 120
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
+# (boolean value)
+#use_pub_sub = true
 
-# Size of RPC thread pool. (integer value)
-#rpc_thread_pool_size = 64
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#rpc_zmq_min_port = 49152
 
-# Driver or drivers to handle sending notifications. (multi valued)
-#notification_driver =
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+#rpc_zmq_max_port = 65536
 
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-#notification_topics = notifications
+# Number of retries to find free port number before fail with
+# ZMQBindError. (integer value)
+#rpc_zmq_bind_port_retries = 100
+
+# Size of executor thread pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size = 64
 
 # Seconds to wait for a response from a call. (integer value)
 #rpc_response_timeout = 60
@@ -308,7 +347,7 @@
 #transport_url = <None>
 
 # The messaging driver to use, defaults to rabbit. Other drivers
-# include qpid and zmq. (string value)
+# include amqp and zmq. (string value)
 #rpc_backend = rabbit
 
 # The default exchange under which topics are scoped. May be
@@ -317,6 +356,66 @@
 #control_exchange = openstack
 
 
+[cors]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+
+[cors.subdomain]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+
 [database]
 
 #
@@ -352,12 +451,6 @@
 # Example: mysql_sql_mode= (string value)
 #mysql_sql_mode = TRADITIONAL
 
-# This configures the MySQL storage engine. This allows for OpenStack to
-# support different storage engines such as InnoDB, NDB, etc. By Default,
-# this value will be set to InnoDB. For MySQL Cluster, set to NDBCLUSTER.
-# Example: mysql_storage_engine=(string value)
-#mysql_storage_engine = InnoDB
-
 # Timeout before idle SQL connections are reaped. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_idle_timeout
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
@@ -392,7 +485,7 @@
 # value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow = <None>
+#max_overflow = 50
 
 # Verbosity of SQL debugging information: 0=None, 100=Everything.
 # (integer value)
@@ -428,6 +521,15 @@
 # (integer value)
 #db_max_retries = 20
 
+#
+# From oslo.db.concurrency
+#
+
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
+
 
 [glance_store]
 
@@ -435,7 +537,8 @@
 # From glance.store
 #
 
-# List of stores enabled (list value)
+# List of stores enabled. Valid stores are: cinder, file, http, rbd,
+# sheepdog, swift, s3, vsphere (list value)
 #stores = file,http
 
 # Default scheme to use to store image data. The scheme must be
@@ -451,10 +554,6 @@
 # (integer value)
 #store_capabilities_update_min_interval = 0
 
-#
-# From glance.store
-#
-
 # Images will be chunked into objects of this size (in megabytes). For
 # best performance, this should be a power of two. (integer value)
 #sheepdog_store_chunk_size = 64
@@ -484,9 +583,31 @@
 # (string value)
 #rbd_store_ceph_conf = /etc/ceph/ceph.conf
 
+# Timeout value (in seconds) used when connecting to ceph cluster. If
+# value <= 0, no timeout is set and default librados value is used.
+# (integer value)
+#rados_connect_timeout = 0
+
+# Specify the path to the CA bundle file to use in verifying the
+# remote server certificate. (string value)
+#https_ca_certificates_file = <None>
+
+# If true, the remote server certificate is not verified. If false,
+# then the default CA truststore is used for verification. This option
+# is ignored if "https_ca_certificates_file" is set. (boolean value)
+#https_insecure = true
+
+# Specify the http/https proxy information that should be used to
+# connect to the remote server. The proxy information should be a key
+# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can
+# specify proxies for multiple schemes by seperating the key value
+# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.
+# (dict value)
+#http_proxy_information =
+
 # Directory to which the Filesystem backend store writes images.
 # (string value)
-filesystem_store_datadir = /var/lib/glance/images/
+#filesystem_store_datadir = /var/lib/glance/images
 
 # List of directories and its priorities to which the Filesystem
 # backend store writes images. (multi valued)
@@ -507,15 +628,6 @@
 # digit. (integer value)
 #filesystem_store_file_perm = 0
 
-# Hostname or IP address of the instance to connect to, or a mongodb
-# URI, or a list of hostnames / mongodb URIs. If host is an IPv6
-# literal it must be enclosed in '[' and ']' characters following the
-# RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value)
-#mongodb_store_uri = <None>
-
-# Database to use (string value)
-#mongodb_store_db = <None>
-
 # The host where the S3 server is listening. (string value)
 #s3_store_host = <None>
 
@@ -553,6 +665,21 @@
 # (integer value)
 #s3_store_thread_pools = 10
 
+# Enable the use of a proxy. (boolean value)
+#s3_store_enable_proxy = false
+
+# Address or hostname for the proxy server. (string value)
+#s3_store_proxy_host = <None>
+
+# The port to use when connecting over a proxy. (integer value)
+#s3_store_proxy_port = 8080
+
+# The username to connect to the proxy. (string value)
+#s3_store_proxy_user = <None>
+
+# The password to use when connecting over a proxy. (string value)
+#s3_store_proxy_password = <None>
+
 # ESX/ESXi or vCenter Server target system. The server value can be an
 # IP address or a DNS name. (string value)
 #vmware_server_host = <None>
@@ -565,18 +692,6 @@
 # value)
 #vmware_server_password = <None>
 
-# DEPRECATED. Inventory path to a datacenter. If the
-# vmware_server_host specified is an ESX/ESXi, the
-# vmware_datacenter_path is optional. If specified, it should be "ha-
-# datacenter". This option is deprecated in favor of vmware_datastores
-# and will be removed in the Liberty release. (string value)
-#vmware_datacenter_path = ha-datacenter
-
-# DEPRECATED. Datastore associated with the datacenter. This option is
-# deprecated in favor of vmware_datastores and will be removed in the
-# Liberty release. (string value)
-#vmware_datastore_name = <None>
-
 # Number of times VMware ESX/VC server API must be retried upon
 # connection related issues. (integer value)
 #vmware_api_retry_count = 10
@@ -589,36 +704,43 @@
 # the VMware datastore. (string value)
 #vmware_store_image_dir = /openstack_glance
 
-# Allow to perform insecure SSL requests to ESX/VC. (boolean value)
-#vmware_api_insecure = false
+# If true, the ESX/vCenter server certificate is not verified. If
+# false, then the default CA truststore is used for verification. This
+# option is ignored if "vmware_ca_file" is set. (boolean value)
+# Deprecated group/name - [DEFAULT]/vmware_api_insecure
+#vmware_insecure = false
+
+# Specify a CA bundle file to use in verifying the ESX/vCenter server
+# certificate. (string value)
+#vmware_ca_file = <None>
 
 # A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores.
-# Either one of vmware_datastore_name or vmware_datastores is
-# required. The datastore name should be specified after its
-# datacenter path, seperated by ":". An optional weight may be given
-# after the datastore name, seperated again by ":". Thus, the required
-# format becomes <datacenter_path>:<datastore_name>:<optional_weight>.
-# When adding an image, the datastore with highest weight will be
-# selected, unless there is not enough free space available in cases
-# where the image size is already known. If no weight is given, it is
-# assumed to be zero and the directory will be considered for
-# selection last. If multiple datastores have the same weight, then
-# the one with the most free space available is selected. (multi
-# valued)
+# be specified multiple times for specifying multiple datastores. The
+# datastore name should be specified after its datacenter path,
+# seperated by ":". An optional weight may be given after the
+# datastore name, seperated again by ":". Thus, the required format
+# becomes <datacenter_path>:<datastore_name>:<optional_weight>. When
+# adding an image, the datastore with highest weight will be selected,
+# unless there is not enough free space available in cases where the
+# image size is already known. If no weight is given, it is assumed to
+# be zero and the directory will be considered for selection last. If
+# multiple datastores have the same weight, then the one with the most
+# free space available is selected. (multi valued)
 #vmware_datastores =
 
 # Info to match when looking for cinder in the service catalog. Format
 # is : separated values of the form:
 # <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volume:cinder:publicURL
+#cinder_catalog_info = volumev2::publicURL
 
 # Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v1/%(project_id)s (string value)
+# e.g. http://localhost:8776/v2/%(tenant)s (string value)
 #cinder_endpoint_template = <None>
 
-# Region name of this node (string value)
-#os_region_name = <None>
+# Region name of this node. If specified, it will be used to locate
+# OpenStack services for stores. (string value)
+# Deprecated group/name - [DEFAULT]/os_region_name
+#cinder_os_region_name = <None>
 
 # Location of ca certicates file to use for cinder client requests.
 # (string value)
@@ -627,13 +749,33 @@
 # Number of cinderclient retries on failed http calls (integer value)
 #cinder_http_retries = 3
 
+# Time period of time in seconds to wait for a cinder volume
+# transition to complete. (integer value)
+#cinder_state_transition_timeout = 300
+
 # Allow to perform insecure SSL requests to cinder (boolean value)
 #cinder_api_insecure = false
 
-# Version of the authentication service to use. Valid versions are 2
-# for keystone and 1 for swauth and rackspace. (deprecated) (string
+# The address where the Cinder authentication service is listening. If
+# <None>, the cinder endpoint in the service catalog is used. (string
 # value)
-#swift_store_auth_version = 2
+#cinder_store_auth_address = <None>
+
+# User name to authenticate against Cinder. If <None>, the user of
+# current context is used. (string value)
+#cinder_store_user_name = <None>
+
+# Password for the user authenticating against Cinder. If <None>, the
+# current context auth token is used. (string value)
+#cinder_store_password = <None>
+
+# Project name where the image is stored in Cinder. If <None>, the
+# project in current context is used. (string value)
+#cinder_store_project_name = <None>
+
+# Path to the rootwrap configuration file to use for running commands
+# as root. (string value)
+#rootwrap_config = /etc/glance/rootwrap.conf
 
 # If True, swiftclient won't check for a valid SSL certificate when
 # authenticating. (boolean value)
@@ -688,7 +830,7 @@
 # When set to 0, a single-tenant store will only use one container to
 # store all images. When set to an integer value between 1 and 32, a
 # single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
+# and this value will determine how many containers are created. Used
 # only when swift_store_multi_tenant is disabled. The total number of
 # containers that will be used is equal to 16^N, so if this config
 # option is set to 2, then 16^2=256 containers will be used to store
@@ -709,20 +851,42 @@
 # request fails. (integer value)
 #swift_store_retry_get_count = 0
 
+# The period of time (in seconds) before token expirationwhen
+# glance_store will try to reques new user token. Default value 60 sec
+# means that if token is going to expire in 1 min then glance_store
+# request new user token. (integer value)
+#swift_store_expire_soon_interval = 60
+
+# If set to True create a trust for each add/get request to Multi-
+# tenant store in order to prevent authentication token to be expired
+# during uploading/downloading data. If set to False then user token
+# is used for Swift connection (so no overhead on trust creation).
+# Please note that this option is considered only and only if
+# swift_store_multi_tenant=True (boolean value)
+#swift_store_use_trusts = true
+
 # The reference to the default swift account/backing store parameters
 # to use for adding new images. (string value)
 #default_swift_reference = ref1
 
-# The address where the Swift authentication service is
-# listening.(deprecated) (string value)
+# Version of the authentication service to use. Valid versions are 2
+# and 3 for keystone and 1 (deprecated) for swauth and rackspace.
+# (deprecated - use "auth_version" in swift_store_config_file) (string
+# value)
+#swift_store_auth_version = 2
+
+# The address where the Swift authentication service is listening.
+# (deprecated - use "auth_address" in swift_store_config_file) (string
+# value)
 #swift_store_auth_address = <None>
 
 # The user to authenticate against the Swift authentication service
-# (deprecated) (string value)
+# (deprecated - use "user" in swift_store_config_file) (string value)
 #swift_store_user = <None>
 
 # Auth key for the user authenticating against the Swift
-# authentication service. (deprecated) (string value)
+# authentication service. (deprecated - use "key" in
+# swift_store_config_file) (string value)
 #swift_store_key = <None>
 
 # The config file that has the swift account(s)configs. (string value)
@@ -772,6 +936,9 @@
 # Verify HTTPS connections. (boolean value)
 #insecure = false
 
+# The region in which the identity server can be found. (string value)
+#region_name = <None>
+
 # Directory used to cache files related to PKI tokens. (string value)
 signing_dir = /var/lib/glance/keystone-signing
 
@@ -794,12 +961,13 @@
 #revocation_cache_time = 10
 
 # (Optional) If defined, indicate whether token data should be
-# authenticated or authenticated and encrypted. Acceptable values are
-# MAC or ENCRYPT.  If MAC, token data is authenticated (with HMAC) in
-# the cache. If ENCRYPT, token data is encrypted and authenticated in
-# the cache. If the value is not one of these options or empty,
-# auth_token will raise an exception on initialization. (string value)
-#memcache_security_strategy = <None>
+# authenticated or authenticated and encrypted. If MAC, token data is
+# authenticated (with HMAC) in the cache. If ENCRYPT, token data is
+# encrypted and authenticated in the cache. If the value is not one of
+# these options or empty, auth_token will raise an exception on
+# initialization. (string value)
+# Allowed values: None, MAC, ENCRYPT
+#memcache_security_strategy = None
 
 # (Optional, mandatory if memcache_security_strategy is defined) This
 # string is used for key derivation. (string value)
@@ -814,7 +982,7 @@
 #memcache_pool_maxsize = 10
 
 # (Optional) Socket timeout in seconds for communicating with a
-# memcache server. (integer value)
+# memcached server. (integer value)
 #memcache_pool_socket_timeout = 3
 
 # (Optional) Number of seconds a connection to memcached is held
@@ -822,10 +990,10 @@
 #memcache_pool_unused_timeout = 60
 
 # (Optional) Number of seconds that an operation will wait to get a
-# memcache client connection from the pool. (integer value)
+# memcached client connection from the pool. (integer value)
 #memcache_pool_conn_get_timeout = 10
 
-# (Optional) Use the advanced (eventlet safe) memcache client pool.
+# (Optional) Use the advanced (eventlet safe) memcached client pool.
 # The advanced pool will only work under python 2.x. (boolean value)
 #memcache_use_advanced_pool = false
 
@@ -860,34 +1028,18 @@
 # value)
 #hash_algorithms = md5
 
-# Prefix to prepend at the beginning of the path. Deprecated, use
-# identity_uri. (string value)
-#auth_admin_prefix =
-
-# Host providing the admin Identity API endpoint. Deprecated, use
-# identity_uri. (string value)
-#auth_host = 127.0.0.1
-
-# Port of the admin Identity API endpoint. Deprecated, use
-# identity_uri. (integer value)
-#auth_port = 35357
+# Authentication type to load (unknown value)
+# Deprecated group/name - [DEFAULT]/auth_plugin
+#auth_type = <None>
 
-# Protocol of the admin Identity API endpoint (http or https).
-# Deprecated, use identity_uri. (string value)
-#auth_protocol = https
+# Config Section from which to load plugin specific options (unknown
+# value)
+#auth_section = <None>
 
-# Complete admin Identity API endpoint. This should specify the
-# unversioned root endpoint e.g. https://localhost:35357/ (string
-# value)
+# Complete admin Identity API endpoint. This should specify the unversioned
+# root endpoint e.g. https://localhost:35357/ (string value)
 identity_uri = http://127.0.0.1:35357/
 
-# This option is deprecated and may be removed in a future release.
-# Single shared secret with the Keystone configuration used for
-# bootstrapping a Keystone installation, or otherwise bypassing the
-# normal authentication process. This option should not be used, use
-# `admin_user` and `admin_password` instead. (string value)
-#admin_token = <None>
-
 # Service username. (string value)
 admin_user = %SERVICE_USER%
 
@@ -897,13 +1049,6 @@
 # Service tenant name. (string value)
 admin_tenant_name = %SERVICE_TENANT_NAME%
 
-# Name of the plugin to load (string value)
-#auth_plugin = <None>
-
-# Config Section from which to load plugin specific options (string
-# value)
-#auth_section = <None>
-
 
 [matchmaker_redis]
 
@@ -914,22 +1059,29 @@
 # Host to locate redis. (string value)
 #host = 127.0.0.1
 
-# Use this port to connect to redis host. (integer value)
+# Use this port to connect to redis host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #port = 6379
 
 # Password for Redis server (optional). (string value)
-#password = <None>
+#password =
 
+# List of Redis Sentinel hosts (fault tolerance mode) e.g.
+# [host:port, host1:port ... ] (list value)
+#sentinel_hosts =
 
-[matchmaker_ring]
+# Redis replica set name. (string value)
+#sentinel_group_name = oslo-messaging-zeromq
 
-#
-# From oslo.messaging
-#
+# Time in ms to wait between connection attempts. (integer value)
+#wait_timeout = 500
 
-# Matchmaker ring file (JSON). (string value)
-# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
-#ringfile = /etc/oslo/matchmaker_ring.json
+# Time in ms to wait before the transaction is killed. (integer value)
+#check_timeout = 20000
+
+# Timeout in ms on blocking socket operations (integer value)
+#socket_timeout = 1000
 
 
 [oslo_concurrency]
@@ -947,7 +1099,7 @@
 # that need locking. Defaults to environment variable OSLO_LOCK_PATH.
 # If external locks are used, a lock path must be set. (string value)
 # Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
+lock_path = /var/lib/glance/lock
 
 
 [oslo_messaging_amqp]
@@ -980,8 +1132,7 @@
 # Deprecated group/name - [amqp1]/trace
 #trace = false
 
-# CA certificate PEM file for verifing server certificate (string
-# value)
+# CA certificate PEM file to verify server certificate (string value)
 # Deprecated group/name - [amqp1]/ssl_ca_file
 #ssl_ca_file =
 
@@ -1003,73 +1154,49 @@
 # Deprecated group/name - [amqp1]/allow_insecure_clients
 #allow_insecure_clients = false
 
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
 
-[oslo_messaging_qpid]
+# Path to directory that contains the SASL configuration (string
+# value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+
+[oslo_messaging_notifications]
 
 #
 # From oslo.messaging
 #
 
-# Use durable queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues = false
-
-# Auto-delete queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_auto_delete
-#amqp_auto_delete = false
-
-# Size of RPC connection pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
-#rpc_conn_pool_size = 30
-
-# Qpid broker hostname. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_hostname
-#qpid_hostname = localhost
-
-# Qpid broker port. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_port
-#qpid_port = 5672
-
-# Qpid HA cluster host:port pairs. (list value)
-# Deprecated group/name - [DEFAULT]/qpid_hosts
-#qpid_hosts = $qpid_hostname:$qpid_port
-
-# Username for Qpid connection. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_username
-#qpid_username =
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
 
-# Password for Qpid connection. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_password
-#qpid_password =
-
-# Space separated list of SASL mechanisms to use for auth. (string
-# value)
-# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms
-#qpid_sasl_mechanisms =
-
-# Seconds between connection keepalive heartbeats. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_heartbeat
-#qpid_heartbeat = 60
+# A URL representing the messaging driver to use for notifications. If
+# not set, we fall back to the same configuration used for RPC.
+# (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
 
-# Transport to use, either 'tcp' or 'ssl'. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_protocol
-#qpid_protocol = tcp
-
-# Whether to disable the Nagle algorithm. (boolean value)
-# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay
-#qpid_tcp_nodelay = true
-
-# The number of prefetched messages held by receiver. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity
-#qpid_receiver_capacity = 1
-
-# The qpid topology version to use.  Version 1 is what was originally
-# used by impl_qpid.  Version 2 includes some backwards-incompatible
-# changes that allow broker federation to work.  Users should update
-# to version 2 when they are able to take everything down, as it
-# requires a clean break. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_topology_version
-#qpid_topology_version = 1
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
 
 
 [oslo_messaging_rabbit]
@@ -1079,6 +1206,7 @@
 #
 
 # Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
 # Deprecated group/name - [DEFAULT]/rabbit_durable_queues
 #amqp_durable_queues = false
 
@@ -1086,10 +1214,6 @@
 # Deprecated group/name - [DEFAULT]/amqp_auto_delete
 #amqp_auto_delete = false
 
-# Size of RPC connection pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
-#rpc_conn_pool_size = 30
-
 # SSL version to use (valid only if SSL enabled). Valid values are
 # TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
 # available on some distributions. (string value)
@@ -1114,13 +1238,31 @@
 # Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
 #kombu_reconnect_delay = 1.0
 
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
+# will not be used. This option may notbe available in future
+# versions. (string value)
+#kombu_compression = <None>
+
+# How long to wait a missing client beforce abandoning to send it its
+# replies. This value should not be longer than rpc_response_timeout.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout = 60
+
+# Determines how the next RabbitMQ node is chosen in case the one we
+# are currently connected to becomes unavailable. Takes effect only if
+# more than one RabbitMQ node is provided in config. (string value)
+# Allowed values: round-robin, shuffle
+#kombu_failover_strategy = round-robin
+
 # The RabbitMQ broker address where a single node is used. (string
 # value)
 # Deprecated group/name - [DEFAULT]/rabbit_host
 #rabbit_host = localhost
 
-# The RabbitMQ broker port where a single node is used. (integer
-# value)
+# The RabbitMQ broker port where a single node is used. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 # Deprecated group/name - [DEFAULT]/rabbit_port
 #rabbit_port = 5672
 
@@ -1156,21 +1298,40 @@
 # Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
 #rabbit_retry_backoff = 2
 
+# Maximum interval of RabbitMQ connection retries. Default is 30
+# seconds. (integer value)
+#rabbit_interval_max = 30
+
 # Maximum number of RabbitMQ connection retries. Default is 0
 # (infinite retry count). (integer value)
 # Deprecated group/name - [DEFAULT]/rabbit_max_retries
 #rabbit_max_retries = 0
 
-# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this
-# option, you must wipe the RabbitMQ database. (boolean value)
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change
+# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
+# queue mirroring is no longer controlled by the x-ha-policy argument
+# when declaring a queue. If you just want to make sure that all
+# queues (except those with auto-generated names) are mirrored across
+# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-
+# mode": "all"}' " (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_ha_queues
 #rabbit_ha_queues = false
 
+# Positive integer representing duration in seconds for queue TTL
+# (x-expires). Queues which are unused for the duration of the TTL are
+# automatically deleted. The parameter affects only reply and fanout
+# queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
+#rabbit_qos_prefetch_count = 0
+
 # Number of seconds after which the Rabbit broker is considered down
-# if heartbeat's keep-alive fails (0 disables the heartbeat, >0
-# enables it. Enabling heartbeats requires kombu>=3.0.7 and
-# amqp>=1.4.0). EXPERIMENTAL (integer value)
-#heartbeat_timeout_threshold = 0
+# if heartbeat's keep-alive fails (0 disable the heartbeat).
+# EXPERIMENTAL (integer value)
+#heartbeat_timeout_threshold = 60
 
 # How often times during the heartbeat_timeout_threshold we check the
 # heartbeat. (integer value)
@@ -1181,6 +1342,129 @@
 # Deprecated group/name - [DEFAULT]/fake_rabbit
 #fake_rabbit = false
 
+# Maximum number of channels to allow (integer value)
+#channel_max = <None>
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max = <None>
+
+# How often to send heartbeats for consumer's connections (integer
+# value)
+#heartbeat_interval = 1
+
+# Enable SSL (boolean value)
+#ssl = <None>
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options = <None>
+
+# Set socket timeout in seconds for connection's socket (floating
+# point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating
+# point value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error
+# (floating point value)
+#host_connection_reconnect_delay = 0.25
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size = 10
+
+# Maximum number of connections to create above `pool_max_size`.
+# (integer value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available
+# (integer value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no
+# recycling. Expired connections are closed on acquire. (integer
+# value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are
+# considered stale in seconds or None for no staleness. Stale
+# connections are closed on acquire. (integer value)
+#pool_stale = 60
+
+# Persist notification messages. (boolean value)
+#notification_persistence = false
+
+# Exchange name for for sending notifications (string value)
+#default_notification_exchange = ${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# notification listener. (integer value)
+#notification_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending notification message (floating point value)
+#notification_retry_delay = 0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer
+# value)
+#rpc_queue_expiration = 60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange = ${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange = ${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc listener. (integer value)
+#rpc_listener_prefetch_count = 100
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc reply listener. (integer value)
+#rpc_reply_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending reply. -1 means infinite retry during rpc_timeout (integer
+# value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending reply. (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during
+# sending RPC message, -1 means infinite retry. If actual retry
+# attempts in not 0 the rpc request could be processed more then one
+# time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending RPC message (floating point value)
+#rpc_retry_delay = 0.25
+
+
+[oslo_middleware]
+
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+
+# The HTTP Header that will be used to determine what the original
+# request protocol scheme was, even if it was hidden by an SSL
+# termination proxy. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#secure_proxy_ssl_header = X-Forwarded-Proto
+
 
 [oslo_policy]
 
@@ -1233,3 +1517,7 @@
 
 # If False doesn't trace SQL requests. (boolean value)
 #trace_sqlalchemy = false
+
+# Secret key to use to sign Glance API and Glance Registry services
+# tracing messages. (string value)
+#hmac_keys = SECRET_KEY