--- a/components/openstack/glance/files/glance-scrubber.conf	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/files/glance-scrubber.conf	Wed Sep 07 14:48:42 2016 -0700
@@ -44,19 +44,20 @@
 # For example, if using the file system store a URL of
 # "file:///path/to/image" will be returned to the user in the
 # 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution!  The overrides
-# show_image_direct_url. (boolean value)
+# security risk, so use this setting with caution! Setting this to
+# true overrides the show_image_direct_url option. (boolean value)
 #show_multiple_locations = false
 
 # Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
+# 1099511627776 bytes (1 TB). WARNING: this value should only be
 # increased after careful consideration and must be set to a value
 # under 8 EB (9223372036854775808). (integer value)
+# Maximum value: 9223372036854775808
 #image_size_cap = 1099511627776
 
 # Set a system wide quota for every user. This value is the total
 # capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
+# 0 means unlimited. Optional unit can be specified for the value.
 # Accepted units are B, KB, MB, GB and TB representing Bytes,
 # KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
 # unit is specified then Bytes is assumed. Note that there should not
@@ -81,7 +82,9 @@
 #pydev_worker_debug_host = <None>
 
 # The port on which a pydev process is listening for connections.
-# (integer value)
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #pydev_worker_debug_port = 5678
 
 # AES key for encrypting store 'location' metadata. This includes, if
@@ -89,35 +92,38 @@
 # length 16, 24 or 32 bytes (string value)
 #metadata_encryption_key = <None>
 
-# Digest algorithm which will be used for digital signature; the
-# default is sha1 the default in Kilo for a smooth upgrade process,
-# and it will be updated with sha256 in next release(L). Use the
+# Digest algorithm which will be used for digital signature. Use the
 # command "openssl list-message-digest-algorithms" to get the
 # available algorithms supported by the version of OpenSSL on the
 # platform. Examples are "sha1", "sha256", "sha512", etc. (string
 # value)
-#digest_algorithm = sha1
-
-# Directory that the scrubber will use to track information about what
-# to delete. Make sure this is set in glance-api.conf and glance-
-# scrubber.conf. (string value)
-#scrubber_datadir = /var/lib/glance/scrubber
+#digest_algorithm = sha256
 
 # The amount of time in seconds to delay before performing a delete.
 # (integer value)
 #scrub_time = 0
 
-# A boolean that determines if the scrubber should clean up the files
-# it uses for taking data. Only one server in your deployment should
-# be designated the cleanup host. (boolean value)
-#cleanup_scrubber = false
+# The size of thread pool to be used for scrubbing images. The default
+# is one, which signifies serial scrubbing. Any value above one
+# indicates the max number of images that may be scrubbed in parallel.
+# (integer value)
+#scrub_pool_size = 1
 
 # Turn on/off delayed delete. (boolean value)
 #delayed_delete = false
 
-# Items must have a modified time that is older than this value in
-# order to be candidates for cleanup. (integer value)
-#cleanup_scrubber_time = 86400
+# Role used to identify an authenticated user as administrator.
+# (string value)
+#admin_role = admin
+
+# Whether to pass through headers containing user and tenant
+# information when making requests to the registry. This allows the
+# registry to use the context middleware without keystonemiddleware's
+# auth_token middleware, removing calls to the keystone auth service.
+# It is recommended that when using this option, secure communication
+# between glance api and glance registry is ensured by means other
+# than auth_token middleware. (boolean value)
+#send_identity_headers = false
 
 # Loop time between checking for new items to schedule for delete.
 # (integer value)
@@ -129,121 +135,208 @@
 # (boolean value)
 daemon = true
 
+# The protocol to use for communication with the registry server.
+# Either http or https. (string value)
+#registry_client_protocol = http
+
+# The path to the key file to use in SSL connections to the registry
+# server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE
+# environment variable to a filepath of the key file (string value)
+#registry_client_key_file = <None>
+
+# The path to the cert file to use in SSL connections to the registry
+# server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE
+# environment variable to a filepath of the CA cert file (string
+# value)
+#registry_client_cert_file = <None>
+
+# The path to the certifying authority cert file to use in SSL
+# connections to the registry server, if any. Alternately, you may set
+# the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the
+# CA cert file. (string value)
+#registry_client_ca_file = <None>
+
+# When using SSL in connections to the registry server, do not require
+# validation via a certifying authority. This is the registry's
+# equivalent of specifying --insecure on the command line using
+# glanceclient for the API. (boolean value)
+#registry_client_insecure = false
+
+# The period of time, in seconds, that the API server will wait for a
+# registry request to complete. A value of 0 implies no timeout.
+# (integer value)
+#registry_client_timeout = 600
+
 # Whether to pass through the user token when making requests to the
-# registry. (boolean value)
+# registry. To prevent failures with token expiration during big files
+# upload, it is recommended to set this parameter to False. If
+# "use_user_token" is not in effect, then admin credentials can be
+# specified. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #use_user_token = true
 
 # The administrators user name. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_user = %SERVICE_USER%
 
 # The administrators password. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_password = %SERVICE_PASSWORD%
 
 # The tenant name of the administrative user. If "use_user_token" is
 # not in effect, then admin tenant name can be specified. (string
 # value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_tenant_name = %SERVICE_TENANT_NAME%
 
 # The URL to the keystone service. If "use_user_token" is not in
 # effect and using keystone auth, then URL of keystone can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 auth_url = http://127.0.0.1:5000/v2.0/
 
 # The strategy to use for authentication. If "use_user_token" is not
 # in effect, then auth strategy can be specified. (string value)
-#auth_strategy = noauth
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
+auth_strategy = keystone
 
 # The region for the authentication service. If "use_user_token" is
 # not in effect and using keystone auth, then region name can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_region = <None>
 
 # Address to find the registry server. (string value)
 #registry_host = 0.0.0.0
 
-# Port the registry server is listening on. (integer value)
+# Port the registry server is listening on. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #registry_port = 9191
 
 #
 # From oslo.log
 #
 
-# Print debugging output (set logging level to DEBUG instead of
-# default WARNING level). (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 #debug = false
 
-# Print more verbose output (set logging level to INFO instead of
-# default WARNING level). (boolean value)
-#verbose = false
+# If set to false, the logging level will be set to WARNING instead of
+# the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
 
 # The name of a logging configuration file. This file is appended to
 # any existing logging configuration files. For details about logging
 # configuration files, see the Python logging module documentation.
-# (string value)
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
-# DEPRECATED. A logging.Formatter log message format string which may
-# use any of the available logging.LogRecord attributes. This option
-# is deprecated.  Please use logging_context_format_string and
-# logging_default_format_string instead. (string value)
-#log_format = <None>
-
-# Format string for %%(asctime)s in log records. Default: %(default)s
-# . (string value)
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to output to. If no default is set,
-# logging will go to stdout. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
 
-# (Optional) The base directory used for relative --log-file paths.
-# (string value)
+# (Optional) The base directory used for relative log_file paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Use syslog for logging. Existing syslog format is DEPRECATED during
-# I, and will change in J to honor RFC5424. (boolean value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
 
-# (Optional) Enables or disables syslog rfc5424 format for logging. If
-# enabled, prefixes the MSG part of the syslog message with APP-NAME
-# (RFC5424). The format without the APP-NAME is deprecated in I, and
-# will be removed in J. (boolean value)
-#use_syslog_rfc_format = false
-
-# Syslog facility to receive log lines. (string value)
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = true
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages without context. (string
-# value)
+# Format string to use for log messages when context is undefined.
+# (string value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Data to append to log format when level is DEBUG. (string value)
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
 # Prefix each line of exception output with this format. (string
 # value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
-# List of logger=LEVEL pairs. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# Enables or disables fatal status of deprecations. (boolean value)
-#fatal_deprecations = false
-
 # The format for an instance that is passed with the log message.
 # (string value)
 #instance_format = "[instance: %(uuid)s] "
@@ -252,305 +345,123 @@
 # (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
 
-[glance_store]
+
+[database]
 
 #
-# From glance.store
-#
-
-# List of stores enabled (list value)
-#stores = file,http
-
-# Default scheme to use to store image data. The scheme must be
-# registered by one of the stores defined by the 'stores' config
-# option. (string value)
-#default_store = file
-
-# Minimum interval seconds to execute updating dynamic storage
-# capabilities based on backend status then. It's not a periodic
-# routine, the update logic will be executed only when interval
-# seconds elapsed and an operation of store has triggered. The feature
-# will be enabled only when the option value greater then zero.
-# (integer value)
-#store_capabilities_update_min_interval = 0
-
-#
-# From glance.store
+# From oslo.db
 #
 
-# Images will be chunked into objects of this size (in megabytes). For
-# best performance, this should be a power of two. (integer value)
-#sheepdog_store_chunk_size = 64
-
-# Port of sheep daemon. (integer value)
-#sheepdog_store_port = 7000
-
-# IP address of sheep daemon. (string value)
-#sheepdog_store_address = localhost
-
-# RADOS images will be chunked into objects of this size (in
-# megabytes). For best performance, this should be a power of two.
-# (integer value)
-#rbd_store_chunk_size = 8
+# The file name to use with SQLite. (string value)
+# Deprecated group/name - [DEFAULT]/sqlite_db
+#sqlite_db = oslo.sqlite
 
-# RADOS pool in which images are stored. (string value)
-#rbd_store_pool = images
-
-# RADOS user to authenticate as (only applicable if using Cephx. If
-# <None>, a default will be chosen based on the client. section in
-# rbd_store_ceph_conf) (string value)
-#rbd_store_user = <None>
-
-# Ceph configuration file path. If <None>, librados will locate the
-# default config. If using cephx authentication, this file should
-# include a reference to the right keyring in a client.<USER> section
-# (string value)
-#rbd_store_ceph_conf = /etc/ceph/ceph.conf
-
-# Directory to which the Filesystem backend store writes images.
-# (string value)
-filesystem_store_datadir = /var/lib/glance/images/
+# If True, SQLite uses synchronous mode. (boolean value)
+# Deprecated group/name - [DEFAULT]/sqlite_synchronous
+#sqlite_synchronous = true
 
-# List of directories and its priorities to which the Filesystem
-# backend store writes images. (multi valued)
-#filesystem_store_datadirs =
-
-# The path to a file which contains the metadata to be returned with
-# any location associated with this store.  The file must contain a
-# valid JSON object. The object should contain the keys 'id' and
-# 'mountpoint'. The value for both keys should be 'string'. (string
-# value)
-#filesystem_store_metadata_file = <None>
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
 
-# The required permission for created image file. In this way the user
-# other service used, e.g. Nova, who consumes the image could be the
-# exclusive member of the group that owns the files created. Assigning
-# it less then or equal to zero means don't change the default
-# permission of the file. This value will be decoded as an octal
-# digit. (integer value)
-#filesystem_store_file_perm = 0
+# The SQLAlchemy connection string to use to connect to the database.
+# (string value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
+connection = mysql://%SERVICE_USER%:%SERVICE_PASSWORD%@localhost/glance
 
-# Hostname or IP address of the instance to connect to, or a mongodb
-# URI, or a list of hostnames / mongodb URIs. If host is an IPv6
-# literal it must be enclosed in '[' and ']' characters following the
-# RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value)
-#mongodb_store_uri = <None>
-
-# Database to use (string value)
-#mongodb_store_db = <None>
-
-# The host where the S3 server is listening. (string value)
-#s3_store_host = <None>
-
-# The S3 query token access key. (string value)
-#s3_store_access_key = <None>
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
+#slave_connection = <None>
 
-# The S3 query token secret key. (string value)
-#s3_store_secret_key = <None>
-
-# The S3 bucket to be used to store the Glance data. (string value)
-#s3_store_bucket = <None>
-
-# The local directory where uploads will be staged before they are
-# transferred into S3. (string value)
-#s3_store_object_buffer_dir = <None>
-
-# A boolean to determine if the S3 bucket should be created on upload
-# if it does not exist or if an error should be returned to the user.
-# (boolean value)
-#s3_store_create_bucket_on_put = false
+# The SQL mode to be used for MySQL sessions. This option, including
+# the default, overrides any server-set SQL mode. To use whatever SQL
+# mode is set by the server configuration, set this to no value.
+# Example: mysql_sql_mode= (string value)
+#mysql_sql_mode = TRADITIONAL
 
-# The S3 calling format used to determine the bucket. Either subdomain
-# or path can be used. (string value)
-#s3_store_bucket_url_format = subdomain
-
-# What size, in MB, should S3 start chunking image files and do a
-# multipart upload in S3. (integer value)
-#s3_store_large_object_size = 100
-
-# What multipart upload part size, in MB, should S3 use when uploading
-# parts. The size must be greater than or equal to 5M. (integer value)
-#s3_store_large_object_chunk_size = 10
-
-# The number of thread pools to perform a multipart upload in S3.
-# (integer value)
-#s3_store_thread_pools = 10
+# Timeout before idle SQL connections are reaped. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#idle_timeout = 3600
 
-# ESX/ESXi or vCenter Server target system. The server value can be an
-# IP address or a DNS name. (string value)
-#vmware_server_host = <None>
-
-# Username for authenticating with VMware ESX/VC server. (string
+# Minimum number of SQL connections to keep open in a pool. (integer
 # value)
-#vmware_server_username = <None>
-
-# Password for authenticating with VMware ESX/VC server. (string
-# value)
-#vmware_server_password = <None>
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+#min_pool_size = 1
 
-# DEPRECATED. Inventory path to a datacenter. If the
-# vmware_server_host specified is an ESX/ESXi, the
-# vmware_datacenter_path is optional. If specified, it should be "ha-
-# datacenter". This option is deprecated in favor of vmware_datastores
-# and will be removed in the Liberty release. (string value)
-#vmware_datacenter_path = ha-datacenter
-
-# DEPRECATED. Datastore associated with the datacenter. This option is
-# deprecated in favor of vmware_datastores and will be removed in the
-# Liberty release. (string value)
-#vmware_datastore_name = <None>
+# Maximum number of SQL connections to keep open in a pool. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size = <None>
 
-# Number of times VMware ESX/VC server API must be retried upon
-# connection related issues. (integer value)
-#vmware_api_retry_count = 10
-
-# The interval used for polling remote tasks invoked on VMware ESX/VC
-# server. (integer value)
-#vmware_task_poll_interval = 5
-
-# The name of the directory where the glance images will be stored in
-# the VMware datastore. (string value)
-#vmware_store_image_dir = /openstack_glance
+# Maximum number of database connection retries during startup. Set to
+# -1 to specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries = 10
 
-# Allow to perform insecure SSL requests to ESX/VC. (boolean value)
-#vmware_api_insecure = false
+# Interval between retries of opening a SQL connection. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval = 10
 
-# A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores.
-# Either one of vmware_datastore_name or vmware_datastores is
-# required. The datastore name should be specified after its
-# datacenter path, seperated by ":". An optional weight may be given
-# after the datastore name, seperated again by ":". Thus, the required
-# format becomes <datacenter_path>:<datastore_name>:<optional_weight>.
-# When adding an image, the datastore with highest weight will be
-# selected, unless there is not enough free space available in cases
-# where the image size is already known. If no weight is given, it is
-# assumed to be zero and the directory will be considered for
-# selection last. If multiple datastores have the same weight, then
-# the one with the most free space available is selected. (multi
-# valued)
-#vmware_datastores =
-
-# Info to match when looking for cinder in the service catalog. Format
-# is : separated values of the form:
-# <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volume:cinder:publicURL
-
-# Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v1/%(project_id)s (string value)
-#cinder_endpoint_template = <None>
-
-# Region name of this node (string value)
-#os_region_name = <None>
+# If set, use this value for max_overflow with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow = 50
 
-# Location of ca certicates file to use for cinder client requests.
-# (string value)
-#cinder_ca_certificates_file = <None>
-
-# Number of cinderclient retries on failed http calls (integer value)
-#cinder_http_retries = 3
-
-# Allow to perform insecure SSL requests to cinder (boolean value)
-#cinder_api_insecure = false
-
-# Version of the authentication service to use. Valid versions are 2
-# for keystone and 1 for swauth and rackspace. (deprecated) (string
-# value)
-#swift_store_auth_version = 2
+# Verbosity of SQL debugging information: 0=None, 100=Everything.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug = 0
 
-# If True, swiftclient won't check for a valid SSL certificate when
-# authenticating. (boolean value)
-#swift_store_auth_insecure = false
-
-# A string giving the CA certificate file to use in SSL connections
-# for verifying certs. (string value)
-#swift_store_cacert = <None>
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace = false
 
-# The region of the swift endpoint to be used for single tenant. This
-# setting is only necessary if the tenant has multiple swift
-# endpoints. (string value)
-#swift_store_region = <None>
-
-# If set, the configured endpoint will be used. If None, the storage
-# url from the auth response will be used. (string value)
-#swift_store_endpoint = <None>
-
-# A string giving the endpoint type of the swift service to use
-# (publicURL, adminURL or internalURL). This setting is only used if
-# swift_store_auth_version is 2. (string value)
-#swift_store_endpoint_type = publicURL
+# If set, use this value for pool_timeout with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout = <None>
 
-# A string giving the service type of the swift service to use. This
-# setting is only used if swift_store_auth_version is 2. (string
-# value)
-#swift_store_service_type = object-store
-
-# Container within the account that the account should use for storing
-# images in Swift when using single container mode. In multiple
-# container mode, this will be the prefix for all containers. (string
-# value)
-#swift_store_container = glance
+# Enable the experimental use of database reconnect on connection
+# lost. (boolean value)
+#use_db_reconnect = false
 
-# The size, in MB, that Glance will start chunking image files and do
-# a large object manifest in Swift. (integer value)
-#swift_store_large_object_size = 5120
-
-# The amount of data written to a temporary disk buffer during the
-# process of chunking the image file. (integer value)
-#swift_store_large_object_chunk_size = 200
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval = 1
 
-# A boolean value that determines if we create the container if it
-# does not exist. (boolean value)
-#swift_store_create_container_on_put = false
-
-# If set to True, enables multi-tenant storage mode which causes
-# Glance images to be stored in tenant specific Swift accounts.
-# (boolean value)
-#swift_store_multi_tenant = false
+# If True, increases the interval between retries of a database
+# operation up to db_max_retry_interval. (boolean value)
+#db_inc_retry_interval = true
 
-# When set to 0, a single-tenant store will only use one container to
-# store all images. When set to an integer value between 1 and 32, a
-# single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
-# only when swift_store_multi_tenant is disabled. The total number of
-# containers that will be used is equal to 16^N, so if this config
-# option is set to 2, then 16^2=256 containers will be used to store
-# images. (integer value)
-#swift_store_multiple_containers_seed = 0
+# If db_inc_retry_interval is set, the maximum seconds between retries
+# of a database operation. (integer value)
+#db_max_retry_interval = 10
 
-# A list of tenants that will be granted read/write access on all
-# Swift containers created by Glance in multi-tenant mode. (list
-# value)
-#swift_store_admin_tenants =
-
-# If set to False, disables SSL layer compression of https swift
-# requests. Setting to False may improve performance for images which
-# are already in a compressed format, eg qcow2. (boolean value)
-#swift_store_ssl_compression = true
+# Maximum retries in case of connection error or deadlock error before
+# error is raised. Set to -1 to specify an infinite retry count.
+# (integer value)
+#db_max_retries = 20
 
-# The number of times a Swift download will be retried before the
-# request fails. (integer value)
-#swift_store_retry_get_count = 0
-
-# The reference to the default swift account/backing store parameters
-# to use for adding new images. (string value)
-#default_swift_reference = ref1
+#
+# From oslo.db.concurrency
+#
 
-# The address where the Swift authentication service is
-# listening.(deprecated) (string value)
-#swift_store_auth_address = <None>
-
-# The user to authenticate against the Swift authentication service
-# (deprecated) (string value)
-#swift_store_user = <None>
-
-# Auth key for the user authenticating against the Swift
-# authentication service. (deprecated) (string value)
-#swift_store_key = <None>
-
-# The config file that has the swift account(s)configs. (string value)
-#swift_store_config_file = <None>
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
 
 
 [oslo_concurrency]
@@ -568,7 +479,7 @@
 # that need locking. Defaults to environment variable OSLO_LOCK_PATH.
 # If external locks are used, a lock path must be set. (string value)
 # Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
+lock_path = /var/lib/glance/lock
 
 
 [oslo_policy]