--- a/components/openstack/glance/files/glance-registry.conf Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/files/glance-registry.conf Wed Sep 07 14:48:42 2016 -0700
@@ -5,7 +5,7 @@
#
# When true, this option sets the owner of an image to be the tenant.
-# Otherwise, the owner of the image will be the authenticated user
+# Otherwise, the owner of the image will be the authenticated user
# issuing the request. (boolean value)
#owner_is_tenant = true
@@ -18,6 +18,9 @@
# value)
#allow_anonymous_access = false
+# Limits request ID length. (integer value)
+#max_request_id_length = 64
+
# Whether to allow users to specify image properties beyond what the
# image schema provides (boolean value)
#allow_additional_image_properties = true
@@ -58,19 +61,20 @@
# For example, if using the file system store a URL of
# "file:///path/to/image" will be returned to the user in the
# 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution! The overrides
-# show_image_direct_url. (boolean value)
+# security risk, so use this setting with caution! Setting this to
+# true overrides the show_image_direct_url option. (boolean value)
#show_multiple_locations = false
# Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
+# 1099511627776 bytes (1 TB). WARNING: this value should only be
# increased after careful consideration and must be set to a value
# under 8 EB (9223372036854775808). (integer value)
+# Maximum value: 9223372036854775808
#image_size_cap = 1099511627776
# Set a system wide quota for every user. This value is the total
# capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
+# 0 means unlimited. Optional unit can be specified for the value.
# Accepted units are B, KB, MB, GB and TB representing Bytes,
# KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
# unit is specified then Bytes is assumed. Note that there should not
@@ -95,7 +99,9 @@
#pydev_worker_debug_host = <None>
# The port on which a pydev process is listening for connections.
-# (integer value)
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
#pydev_worker_debug_port = 5678
# AES key for encrypting store 'location' metadata. This includes, if
@@ -103,20 +109,20 @@
# length 16, 24 or 32 bytes (string value)
#metadata_encryption_key = <None>
-# Digest algorithm which will be used for digital signature; the
-# default is sha1 the default in Kilo for a smooth upgrade process,
-# and it will be updated with sha256 in next release(L). Use the
+# Digest algorithm which will be used for digital signature. Use the
# command "openssl list-message-digest-algorithms" to get the
# available algorithms supported by the version of OpenSSL on the
# platform. Examples are "sha1", "sha256", "sha512", etc. (string
# value)
-#digest_algorithm = sha1
+#digest_algorithm = sha256
# Address to bind the server. Useful when selecting a particular
# network interface. (string value)
#bind_host = 0.0.0.0
-# The port on which the server will listen. (integer value)
+# The port on which the server will listen. (port value)
+# Minimum value: 0
+# Maximum value: 65535
#bind_port = <None>
# The backlog value that will be used when creating the TCP listener
@@ -162,86 +168,94 @@
# Timeout for client connections' socket operations. If an incoming
# connection is idle for this number of seconds it will be closed. A
# value of '0' means wait forever. (integer value)
-#client_socket_timeout = 0
+#client_socket_timeout = 900
#
# From oslo.log
#
-# Print debugging output (set logging level to DEBUG instead of
-# default WARNING level). (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
#debug = false
-# Print more verbose output (set logging level to INFO instead of
-# default WARNING level). (boolean value)
-#verbose = false
+# If set to false, the logging level will be set to WARNING instead of
+# the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
# The name of a logging configuration file. This file is appended to
# any existing logging configuration files. For details about logging
# configuration files, see the Python logging module documentation.
-# (string value)
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
# Deprecated group/name - [DEFAULT]/log_config
#log_config_append = <None>
-# DEPRECATED. A logging.Formatter log message format string which may
-# use any of the available logging.LogRecord attributes. This option
-# is deprecated. Please use logging_context_format_string and
-# logging_default_format_string instead. (string value)
-#log_format = <None>
-
-# Format string for %%(asctime)s in log records. Default: %(default)s
-# . (string value)
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
#log_date_format = %Y-%m-%d %H:%M:%S
-# (Optional) Name of log file to output to. If no default is set,
-# logging will go to stdout. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logfile
#log_file = <None>
-# (Optional) The base directory used for relative --log-file paths.
-# (string value)
+# (Optional) The base directory used for relative log_file paths.
+# This option is ignored if log_config_append is set. (string value)
# Deprecated group/name - [DEFAULT]/logdir
#log_dir = <None>
-# Use syslog for logging. Existing syslog format is DEPRECATED during
-# I, and will change in J to honor RFC5424. (boolean value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
#use_syslog = false
-# (Optional) Enables or disables syslog rfc5424 format for logging. If
-# enabled, prefixes the MSG part of the syslog message with APP-NAME
-# (RFC5424). The format without the APP-NAME is deprecated in I, and
-# will be removed in J. (boolean value)
-#use_syslog_rfc_format = false
-
-# Syslog facility to receive log lines. (string value)
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
#syslog_log_facility = LOG_USER
-# Log output to standard error. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
#use_stderr = true
# Format string to use for log messages with context. (string value)
#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
-# Format string to use for log messages without context. (string
-# value)
+# Format string to use for log messages when context is undefined.
+# (string value)
#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
-# Data to append to log format when level is DEBUG. (string value)
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
# Prefix each line of exception output with this format. (string
# value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
-# List of logger=LEVEL pairs. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
# Enables or disables publication of error events. (boolean value)
#publish_errors = false
-# Enables or disables fatal status of deprecations. (boolean value)
-#fatal_deprecations = false
-
# The format for an instance that is passed with the log message.
# (string value)
#instance_format = "[instance: %(uuid)s] "
@@ -250,20 +264,29 @@
# (string value)
#instance_uuid_format = "[instance: %(uuid)s] "
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
#
# From oslo.messaging
#
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+#rpc_conn_pool_size = 30
+
# ZeroMQ bind address. Should be a wildcard (*), an ethernet
# interface, or IP. The "host" option should point or resolve to this
# address. (string value)
#rpc_zmq_bind_address = *
# MatchMaker driver. (string value)
-#rpc_zmq_matchmaker = local
+# Allowed values: redis, dummy
+#rpc_zmq_matchmaker = redis
-# ZeroMQ receiver listening port. (integer value)
-#rpc_zmq_port = 9501
+# Type of concurrency used. Either "native" or "eventlet" (string
+# value)
+#rpc_zmq_concurrency = eventlet
# Number of ZeroMQ contexts, defaults to 1. (integer value)
#rpc_zmq_contexts = 1
@@ -279,25 +302,41 @@
# Must match "host" option, if running Nova. (string value)
#rpc_zmq_host = localhost
-# Seconds to wait before a cast expires (TTL). Only supported by
-# impl_zmq. (integer value)
-#rpc_cast_timeout = 30
+# Seconds to wait before a cast expires (TTL). The default value of -1
+# specifies an infinite linger period. The value of 0 specifies no
+# linger period. Pending messages shall be discarded immediately when
+# the socket is closed. Only supported by impl_zmq. (integer value)
+#rpc_cast_timeout = -1
-# Heartbeat frequency. (integer value)
-#matchmaker_heartbeat_freq = 300
+# The default number of seconds that poll should wait. Poll raises
+# timeout exception when timeout expired. (integer value)
+#rpc_poll_timeout = 1
-# Heartbeat time-to-live. (integer value)
-#matchmaker_heartbeat_ttl = 600
+# Expiration timeout in seconds of a name service record about
+# existing target ( < 0 means no timeout). (integer value)
+#zmq_target_expire = 120
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
+# (boolean value)
+#use_pub_sub = true
-# Size of RPC thread pool. (integer value)
-#rpc_thread_pool_size = 64
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#rpc_zmq_min_port = 49152
-# Driver or drivers to handle sending notifications. (multi valued)
-#notification_driver =
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+#rpc_zmq_max_port = 65536
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-#notification_topics = notifications
+# Number of retries to find free port number before fail with
+# ZMQBindError. (integer value)
+#rpc_zmq_bind_port_retries = 100
+
+# Size of executor thread pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size = 64
# Seconds to wait for a response from a call. (integer value)
#rpc_response_timeout = 60
@@ -308,7 +347,7 @@
#transport_url = <None>
# The messaging driver to use, defaults to rabbit. Other drivers
-# include qpid and zmq. (string value)
+# include amqp and zmq. (string value)
#rpc_backend = rabbit
# The default exchange under which topics are scoped. May be
@@ -317,6 +356,66 @@
#control_exchange = openstack
+[cors]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+
+[cors.subdomain]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+
[database]
#
@@ -352,12 +451,6 @@
# Example: mysql_sql_mode= (string value)
#mysql_sql_mode = TRADITIONAL
-# This configures the MySQL storage engine. This allows for OpenStack to
-# support different storage engines such as InnoDB, NDB, etc. By Default,
-# this value will be set to InnoDB. For MySQL Cluster, set to NDBCLUSTER.
-# Example: mysql_storage_engine=(string value)
-#mysql_storage_engine = InnoDB
-
# Timeout before idle SQL connections are reaped. (integer value)
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
# Deprecated group/name - [DATABASE]/sql_idle_timeout
@@ -392,7 +485,7 @@
# value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow = <None>
+#max_overflow = 50
# Verbosity of SQL debugging information: 0=None, 100=Everything.
# (integer value)
@@ -428,6 +521,15 @@
# (integer value)
#db_max_retries = 20
+#
+# From oslo.db.concurrency
+#
+
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
+
[glance_store]
@@ -435,7 +537,8 @@
# From glance.store
#
-# List of stores enabled (list value)
+# List of stores enabled. Valid stores are: cinder, file, http, rbd,
+# sheepdog, swift, s3, vsphere (list value)
#stores = file,http
# Default scheme to use to store image data. The scheme must be
@@ -451,10 +554,6 @@
# (integer value)
#store_capabilities_update_min_interval = 0
-#
-# From glance.store
-#
-
# Images will be chunked into objects of this size (in megabytes). For
# best performance, this should be a power of two. (integer value)
#sheepdog_store_chunk_size = 64
@@ -484,9 +583,31 @@
# (string value)
#rbd_store_ceph_conf = /etc/ceph/ceph.conf
+# Timeout value (in seconds) used when connecting to ceph cluster. If
+# value <= 0, no timeout is set and default librados value is used.
+# (integer value)
+#rados_connect_timeout = 0
+
+# Specify the path to the CA bundle file to use in verifying the
+# remote server certificate. (string value)
+#https_ca_certificates_file = <None>
+
+# If true, the remote server certificate is not verified. If false,
+# then the default CA truststore is used for verification. This option
+# is ignored if "https_ca_certificates_file" is set. (boolean value)
+#https_insecure = true
+
+# Specify the http/https proxy information that should be used to
+# connect to the remote server. The proxy information should be a key
+# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can
+# specify proxies for multiple schemes by seperating the key value
+# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.
+# (dict value)
+#http_proxy_information =
+
# Directory to which the Filesystem backend store writes images.
# (string value)
-filesystem_store_datadir = /var/lib/glance/images/
+#filesystem_store_datadir = /var/lib/glance/images
# List of directories and its priorities to which the Filesystem
# backend store writes images. (multi valued)
@@ -507,15 +628,6 @@
# digit. (integer value)
#filesystem_store_file_perm = 0
-# Hostname or IP address of the instance to connect to, or a mongodb
-# URI, or a list of hostnames / mongodb URIs. If host is an IPv6
-# literal it must be enclosed in '[' and ']' characters following the
-# RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value)
-#mongodb_store_uri = <None>
-
-# Database to use (string value)
-#mongodb_store_db = <None>
-
# The host where the S3 server is listening. (string value)
#s3_store_host = <None>
@@ -553,6 +665,21 @@
# (integer value)
#s3_store_thread_pools = 10
+# Enable the use of a proxy. (boolean value)
+#s3_store_enable_proxy = false
+
+# Address or hostname for the proxy server. (string value)
+#s3_store_proxy_host = <None>
+
+# The port to use when connecting over a proxy. (integer value)
+#s3_store_proxy_port = 8080
+
+# The username to connect to the proxy. (string value)
+#s3_store_proxy_user = <None>
+
+# The password to use when connecting over a proxy. (string value)
+#s3_store_proxy_password = <None>
+
# ESX/ESXi or vCenter Server target system. The server value can be an
# IP address or a DNS name. (string value)
#vmware_server_host = <None>
@@ -565,18 +692,6 @@
# value)
#vmware_server_password = <None>
-# DEPRECATED. Inventory path to a datacenter. If the
-# vmware_server_host specified is an ESX/ESXi, the
-# vmware_datacenter_path is optional. If specified, it should be "ha-
-# datacenter". This option is deprecated in favor of vmware_datastores
-# and will be removed in the Liberty release. (string value)
-#vmware_datacenter_path = ha-datacenter
-
-# DEPRECATED. Datastore associated with the datacenter. This option is
-# deprecated in favor of vmware_datastores and will be removed in the
-# Liberty release. (string value)
-#vmware_datastore_name = <None>
-
# Number of times VMware ESX/VC server API must be retried upon
# connection related issues. (integer value)
#vmware_api_retry_count = 10
@@ -589,36 +704,43 @@
# the VMware datastore. (string value)
#vmware_store_image_dir = /openstack_glance
-# Allow to perform insecure SSL requests to ESX/VC. (boolean value)
-#vmware_api_insecure = false
+# If true, the ESX/vCenter server certificate is not verified. If
+# false, then the default CA truststore is used for verification. This
+# option is ignored if "vmware_ca_file" is set. (boolean value)
+# Deprecated group/name - [DEFAULT]/vmware_api_insecure
+#vmware_insecure = false
+
+# Specify a CA bundle file to use in verifying the ESX/vCenter server
+# certificate. (string value)
+#vmware_ca_file = <None>
# A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores.
-# Either one of vmware_datastore_name or vmware_datastores is
-# required. The datastore name should be specified after its
-# datacenter path, seperated by ":". An optional weight may be given
-# after the datastore name, seperated again by ":". Thus, the required
-# format becomes <datacenter_path>:<datastore_name>:<optional_weight>.
-# When adding an image, the datastore with highest weight will be
-# selected, unless there is not enough free space available in cases
-# where the image size is already known. If no weight is given, it is
-# assumed to be zero and the directory will be considered for
-# selection last. If multiple datastores have the same weight, then
-# the one with the most free space available is selected. (multi
-# valued)
+# be specified multiple times for specifying multiple datastores. The
+# datastore name should be specified after its datacenter path,
+# seperated by ":". An optional weight may be given after the
+# datastore name, seperated again by ":". Thus, the required format
+# becomes <datacenter_path>:<datastore_name>:<optional_weight>. When
+# adding an image, the datastore with highest weight will be selected,
+# unless there is not enough free space available in cases where the
+# image size is already known. If no weight is given, it is assumed to
+# be zero and the directory will be considered for selection last. If
+# multiple datastores have the same weight, then the one with the most
+# free space available is selected. (multi valued)
#vmware_datastores =
# Info to match when looking for cinder in the service catalog. Format
# is : separated values of the form:
# <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volume:cinder:publicURL
+#cinder_catalog_info = volumev2::publicURL
# Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v1/%(project_id)s (string value)
+# e.g. http://localhost:8776/v2/%(tenant)s (string value)
#cinder_endpoint_template = <None>
-# Region name of this node (string value)
-#os_region_name = <None>
+# Region name of this node. If specified, it will be used to locate
+# OpenStack services for stores. (string value)
+# Deprecated group/name - [DEFAULT]/os_region_name
+#cinder_os_region_name = <None>
# Location of ca certicates file to use for cinder client requests.
# (string value)
@@ -627,13 +749,33 @@
# Number of cinderclient retries on failed http calls (integer value)
#cinder_http_retries = 3
+# Time period of time in seconds to wait for a cinder volume
+# transition to complete. (integer value)
+#cinder_state_transition_timeout = 300
+
# Allow to perform insecure SSL requests to cinder (boolean value)
#cinder_api_insecure = false
-# Version of the authentication service to use. Valid versions are 2
-# for keystone and 1 for swauth and rackspace. (deprecated) (string
+# The address where the Cinder authentication service is listening. If
+# <None>, the cinder endpoint in the service catalog is used. (string
# value)
-#swift_store_auth_version = 2
+#cinder_store_auth_address = <None>
+
+# User name to authenticate against Cinder. If <None>, the user of
+# current context is used. (string value)
+#cinder_store_user_name = <None>
+
+# Password for the user authenticating against Cinder. If <None>, the
+# current context auth token is used. (string value)
+#cinder_store_password = <None>
+
+# Project name where the image is stored in Cinder. If <None>, the
+# project in current context is used. (string value)
+#cinder_store_project_name = <None>
+
+# Path to the rootwrap configuration file to use for running commands
+# as root. (string value)
+#rootwrap_config = /etc/glance/rootwrap.conf
# If True, swiftclient won't check for a valid SSL certificate when
# authenticating. (boolean value)
@@ -688,7 +830,7 @@
# When set to 0, a single-tenant store will only use one container to
# store all images. When set to an integer value between 1 and 32, a
# single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
+# and this value will determine how many containers are created. Used
# only when swift_store_multi_tenant is disabled. The total number of
# containers that will be used is equal to 16^N, so if this config
# option is set to 2, then 16^2=256 containers will be used to store
@@ -709,20 +851,42 @@
# request fails. (integer value)
#swift_store_retry_get_count = 0
+# The period of time (in seconds) before token expirationwhen
+# glance_store will try to reques new user token. Default value 60 sec
+# means that if token is going to expire in 1 min then glance_store
+# request new user token. (integer value)
+#swift_store_expire_soon_interval = 60
+
+# If set to True create a trust for each add/get request to Multi-
+# tenant store in order to prevent authentication token to be expired
+# during uploading/downloading data. If set to False then user token
+# is used for Swift connection (so no overhead on trust creation).
+# Please note that this option is considered only and only if
+# swift_store_multi_tenant=True (boolean value)
+#swift_store_use_trusts = true
+
# The reference to the default swift account/backing store parameters
# to use for adding new images. (string value)
#default_swift_reference = ref1
-# The address where the Swift authentication service is
-# listening.(deprecated) (string value)
+# Version of the authentication service to use. Valid versions are 2
+# and 3 for keystone and 1 (deprecated) for swauth and rackspace.
+# (deprecated - use "auth_version" in swift_store_config_file) (string
+# value)
+#swift_store_auth_version = 2
+
+# The address where the Swift authentication service is listening.
+# (deprecated - use "auth_address" in swift_store_config_file) (string
+# value)
#swift_store_auth_address = <None>
# The user to authenticate against the Swift authentication service
-# (deprecated) (string value)
+# (deprecated - use "user" in swift_store_config_file) (string value)
#swift_store_user = <None>
# Auth key for the user authenticating against the Swift
-# authentication service. (deprecated) (string value)
+# authentication service. (deprecated - use "key" in
+# swift_store_config_file) (string value)
#swift_store_key = <None>
# The config file that has the swift account(s)configs. (string value)
@@ -772,6 +936,9 @@
# Verify HTTPS connections. (boolean value)
#insecure = false
+# The region in which the identity server can be found. (string value)
+#region_name = <None>
+
# Directory used to cache files related to PKI tokens. (string value)
signing_dir = /var/lib/glance/keystone-signing
@@ -794,12 +961,13 @@
#revocation_cache_time = 10
# (Optional) If defined, indicate whether token data should be
-# authenticated or authenticated and encrypted. Acceptable values are
-# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in
-# the cache. If ENCRYPT, token data is encrypted and authenticated in
-# the cache. If the value is not one of these options or empty,
-# auth_token will raise an exception on initialization. (string value)
-#memcache_security_strategy = <None>
+# authenticated or authenticated and encrypted. If MAC, token data is
+# authenticated (with HMAC) in the cache. If ENCRYPT, token data is
+# encrypted and authenticated in the cache. If the value is not one of
+# these options or empty, auth_token will raise an exception on
+# initialization. (string value)
+# Allowed values: None, MAC, ENCRYPT
+#memcache_security_strategy = None
# (Optional, mandatory if memcache_security_strategy is defined) This
# string is used for key derivation. (string value)
@@ -814,7 +982,7 @@
#memcache_pool_maxsize = 10
# (Optional) Socket timeout in seconds for communicating with a
-# memcache server. (integer value)
+# memcached server. (integer value)
#memcache_pool_socket_timeout = 3
# (Optional) Number of seconds a connection to memcached is held
@@ -822,10 +990,10 @@
#memcache_pool_unused_timeout = 60
# (Optional) Number of seconds that an operation will wait to get a
-# memcache client connection from the pool. (integer value)
+# memcached client connection from the pool. (integer value)
#memcache_pool_conn_get_timeout = 10
-# (Optional) Use the advanced (eventlet safe) memcache client pool.
+# (Optional) Use the advanced (eventlet safe) memcached client pool.
# The advanced pool will only work under python 2.x. (boolean value)
#memcache_use_advanced_pool = false
@@ -860,34 +1028,18 @@
# value)
#hash_algorithms = md5
-# Prefix to prepend at the beginning of the path. Deprecated, use
-# identity_uri. (string value)
-#auth_admin_prefix =
-
-# Host providing the admin Identity API endpoint. Deprecated, use
-# identity_uri. (string value)
-#auth_host = 127.0.0.1
-
-# Port of the admin Identity API endpoint. Deprecated, use
-# identity_uri. (integer value)
-#auth_port = 35357
+# Authentication type to load (unknown value)
+# Deprecated group/name - [DEFAULT]/auth_plugin
+#auth_type = <None>
-# Protocol of the admin Identity API endpoint (http or https).
-# Deprecated, use identity_uri. (string value)
-#auth_protocol = https
+# Config Section from which to load plugin specific options (unknown
+# value)
+#auth_section = <None>
-# Complete admin Identity API endpoint. This should specify the
-# unversioned root endpoint e.g. https://localhost:35357/ (string
-# value)
+# Complete admin Identity API endpoint. This should specify the unversioned
+# root endpoint e.g. https://localhost:35357/ (string value)
identity_uri = http://127.0.0.1:35357/
-# This option is deprecated and may be removed in a future release.
-# Single shared secret with the Keystone configuration used for
-# bootstrapping a Keystone installation, or otherwise bypassing the
-# normal authentication process. This option should not be used, use
-# `admin_user` and `admin_password` instead. (string value)
-#admin_token = <None>
-
# Service username. (string value)
admin_user = %SERVICE_USER%
@@ -897,13 +1049,6 @@
# Service tenant name. (string value)
admin_tenant_name = %SERVICE_TENANT_NAME%
-# Name of the plugin to load (string value)
-#auth_plugin = <None>
-
-# Config Section from which to load plugin specific options (string
-# value)
-#auth_section = <None>
-
[matchmaker_redis]
@@ -914,22 +1059,29 @@
# Host to locate redis. (string value)
#host = 127.0.0.1
-# Use this port to connect to redis host. (integer value)
+# Use this port to connect to redis host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
#port = 6379
# Password for Redis server (optional). (string value)
-#password = <None>
+#password =
+# List of Redis Sentinel hosts (fault tolerance mode) e.g.
+# [host:port, host1:port ... ] (list value)
+#sentinel_hosts =
-[matchmaker_ring]
+# Redis replica set name. (string value)
+#sentinel_group_name = oslo-messaging-zeromq
-#
-# From oslo.messaging
-#
+# Time in ms to wait between connection attempts. (integer value)
+#wait_timeout = 500
-# Matchmaker ring file (JSON). (string value)
-# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
-#ringfile = /etc/oslo/matchmaker_ring.json
+# Time in ms to wait before the transaction is killed. (integer value)
+#check_timeout = 20000
+
+# Timeout in ms on blocking socket operations (integer value)
+#socket_timeout = 1000
[oslo_concurrency]
@@ -947,7 +1099,7 @@
# that need locking. Defaults to environment variable OSLO_LOCK_PATH.
# If external locks are used, a lock path must be set. (string value)
# Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
+lock_path = /var/lib/glance/lock
[oslo_messaging_amqp]
@@ -980,8 +1132,7 @@
# Deprecated group/name - [amqp1]/trace
#trace = false
-# CA certificate PEM file for verifing server certificate (string
-# value)
+# CA certificate PEM file to verify server certificate (string value)
# Deprecated group/name - [amqp1]/ssl_ca_file
#ssl_ca_file =
@@ -1003,73 +1154,49 @@
# Deprecated group/name - [amqp1]/allow_insecure_clients
#allow_insecure_clients = false
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
-[oslo_messaging_qpid]
+# Path to directory that contains the SASL configuration (string
+# value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+
+[oslo_messaging_notifications]
#
# From oslo.messaging
#
-# Use durable queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues = false
-
-# Auto-delete queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_auto_delete
-#amqp_auto_delete = false
-
-# Size of RPC connection pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
-#rpc_conn_pool_size = 30
-
-# Qpid broker hostname. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_hostname
-#qpid_hostname = localhost
-
-# Qpid broker port. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_port
-#qpid_port = 5672
-
-# Qpid HA cluster host:port pairs. (list value)
-# Deprecated group/name - [DEFAULT]/qpid_hosts
-#qpid_hosts = $qpid_hostname:$qpid_port
-
-# Username for Qpid connection. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_username
-#qpid_username =
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
-# Password for Qpid connection. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_password
-#qpid_password =
-
-# Space separated list of SASL mechanisms to use for auth. (string
-# value)
-# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms
-#qpid_sasl_mechanisms =
-
-# Seconds between connection keepalive heartbeats. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_heartbeat
-#qpid_heartbeat = 60
+# A URL representing the messaging driver to use for notifications. If
+# not set, we fall back to the same configuration used for RPC.
+# (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
-# Transport to use, either 'tcp' or 'ssl'. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_protocol
-#qpid_protocol = tcp
-
-# Whether to disable the Nagle algorithm. (boolean value)
-# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay
-#qpid_tcp_nodelay = true
-
-# The number of prefetched messages held by receiver. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity
-#qpid_receiver_capacity = 1
-
-# The qpid topology version to use. Version 1 is what was originally
-# used by impl_qpid. Version 2 includes some backwards-incompatible
-# changes that allow broker federation to work. Users should update
-# to version 2 when they are able to take everything down, as it
-# requires a clean break. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_topology_version
-#qpid_topology_version = 1
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
[oslo_messaging_rabbit]
@@ -1079,6 +1206,7 @@
#
# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
#amqp_durable_queues = false
@@ -1086,10 +1214,6 @@
# Deprecated group/name - [DEFAULT]/amqp_auto_delete
#amqp_auto_delete = false
-# Size of RPC connection pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
-#rpc_conn_pool_size = 30
-
# SSL version to use (valid only if SSL enabled). Valid values are
# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
# available on some distributions. (string value)
@@ -1114,13 +1238,31 @@
# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
#kombu_reconnect_delay = 1.0
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
+# will not be used. This option may notbe available in future
+# versions. (string value)
+#kombu_compression = <None>
+
+# How long to wait a missing client beforce abandoning to send it its
+# replies. This value should not be longer than rpc_response_timeout.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout = 60
+
+# Determines how the next RabbitMQ node is chosen in case the one we
+# are currently connected to becomes unavailable. Takes effect only if
+# more than one RabbitMQ node is provided in config. (string value)
+# Allowed values: round-robin, shuffle
+#kombu_failover_strategy = round-robin
+
# The RabbitMQ broker address where a single node is used. (string
# value)
# Deprecated group/name - [DEFAULT]/rabbit_host
#rabbit_host = localhost
-# The RabbitMQ broker port where a single node is used. (integer
-# value)
+# The RabbitMQ broker port where a single node is used. (port value)
+# Minimum value: 0
+# Maximum value: 65535
# Deprecated group/name - [DEFAULT]/rabbit_port
#rabbit_port = 5672
@@ -1156,21 +1298,40 @@
# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
#rabbit_retry_backoff = 2
+# Maximum interval of RabbitMQ connection retries. Default is 30
+# seconds. (integer value)
+#rabbit_interval_max = 30
+
# Maximum number of RabbitMQ connection retries. Default is 0
# (infinite retry count). (integer value)
# Deprecated group/name - [DEFAULT]/rabbit_max_retries
#rabbit_max_retries = 0
-# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this
-# option, you must wipe the RabbitMQ database. (boolean value)
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change
+# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
+# queue mirroring is no longer controlled by the x-ha-policy argument
+# when declaring a queue. If you just want to make sure that all
+# queues (except those with auto-generated names) are mirrored across
+# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-
+# mode": "all"}' " (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
#rabbit_ha_queues = false
+# Positive integer representing duration in seconds for queue TTL
+# (x-expires). Queues which are unused for the duration of the TTL are
+# automatically deleted. The parameter affects only reply and fanout
+# queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
+#rabbit_qos_prefetch_count = 0
+
# Number of seconds after which the Rabbit broker is considered down
-# if heartbeat's keep-alive fails (0 disables the heartbeat, >0
-# enables it. Enabling heartbeats requires kombu>=3.0.7 and
-# amqp>=1.4.0). EXPERIMENTAL (integer value)
-#heartbeat_timeout_threshold = 0
+# if heartbeat's keep-alive fails (0 disable the heartbeat).
+# EXPERIMENTAL (integer value)
+#heartbeat_timeout_threshold = 60
# How often times during the heartbeat_timeout_threshold we check the
# heartbeat. (integer value)
@@ -1181,6 +1342,129 @@
# Deprecated group/name - [DEFAULT]/fake_rabbit
#fake_rabbit = false
+# Maximum number of channels to allow (integer value)
+#channel_max = <None>
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max = <None>
+
+# How often to send heartbeats for consumer's connections (integer
+# value)
+#heartbeat_interval = 1
+
+# Enable SSL (boolean value)
+#ssl = <None>
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options = <None>
+
+# Set socket timeout in seconds for connection's socket (floating
+# point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating
+# point value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error
+# (floating point value)
+#host_connection_reconnect_delay = 0.25
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size = 10
+
+# Maximum number of connections to create above `pool_max_size`.
+# (integer value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available
+# (integer value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no
+# recycling. Expired connections are closed on acquire. (integer
+# value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are
+# considered stale in seconds or None for no staleness. Stale
+# connections are closed on acquire. (integer value)
+#pool_stale = 60
+
+# Persist notification messages. (boolean value)
+#notification_persistence = false
+
+# Exchange name for for sending notifications (string value)
+#default_notification_exchange = ${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# notification listener. (integer value)
+#notification_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending notification message (floating point value)
+#notification_retry_delay = 0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer
+# value)
+#rpc_queue_expiration = 60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange = ${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange = ${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc listener. (integer value)
+#rpc_listener_prefetch_count = 100
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc reply listener. (integer value)
+#rpc_reply_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending reply. -1 means infinite retry during rpc_timeout (integer
+# value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending reply. (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during
+# sending RPC message, -1 means infinite retry. If actual retry
+# attempts in not 0 the rpc request could be processed more then one
+# time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending RPC message (floating point value)
+#rpc_retry_delay = 0.25
+
+
+[oslo_middleware]
+
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+
+# The HTTP Header that will be used to determine what the original
+# request protocol scheme was, even if it was hidden by an SSL
+# termination proxy. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#secure_proxy_ssl_header = X-Forwarded-Proto
+
[oslo_policy]
@@ -1233,3 +1517,7 @@
# If False doesn't trace SQL requests. (boolean value)
#trace_sqlalchemy = false
+
+# Secret key to use to sign Glance API and Glance Registry services
+# tracing messages. (string value)
+#hmac_keys = SECRET_KEY