diff -r f984e52b96bb -r bf55de364b19 components/openstack/glance/files/glance-registry.conf --- a/components/openstack/glance/files/glance-registry.conf Wed Sep 07 14:48:41 2016 -0700 +++ b/components/openstack/glance/files/glance-registry.conf Wed Sep 07 14:48:42 2016 -0700 @@ -5,7 +5,7 @@ # # When true, this option sets the owner of an image to be the tenant. -# Otherwise, the owner of the image will be the authenticated user +# Otherwise, the owner of the image will be the authenticated user # issuing the request. (boolean value) #owner_is_tenant = true @@ -18,6 +18,9 @@ # value) #allow_anonymous_access = false +# Limits request ID length. (integer value) +#max_request_id_length = 64 + # Whether to allow users to specify image properties beyond what the # image schema provides (boolean value) #allow_additional_image_properties = true @@ -58,19 +61,20 @@ # For example, if using the file system store a URL of # "file:///path/to/image" will be returned to the user in the # 'direct_url' meta-data field. Revealing storage location can be a -# security risk, so use this setting with caution! The overrides -# show_image_direct_url. (boolean value) +# security risk, so use this setting with caution! Setting this to +# true overrides the show_image_direct_url option. (boolean value) #show_multiple_locations = false # Maximum size of image a user can upload in bytes. Defaults to -# 1099511627776 bytes (1 TB).WARNING: this value should only be +# 1099511627776 bytes (1 TB). WARNING: this value should only be # increased after careful consideration and must be set to a value # under 8 EB (9223372036854775808). (integer value) +# Maximum value: 9223372036854775808 #image_size_cap = 1099511627776 # Set a system wide quota for every user. This value is the total # capacity that a user can use across all storage systems. A value of -# 0 means unlimited.Optional unit can be specified for the value. +# 0 means unlimited. Optional unit can be specified for the value. # Accepted units are B, KB, MB, GB and TB representing Bytes, # KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no # unit is specified then Bytes is assumed. Note that there should not @@ -95,7 +99,9 @@ #pydev_worker_debug_host = # The port on which a pydev process is listening for connections. -# (integer value) +# (port value) +# Minimum value: 0 +# Maximum value: 65535 #pydev_worker_debug_port = 5678 # AES key for encrypting store 'location' metadata. This includes, if @@ -103,20 +109,20 @@ # length 16, 24 or 32 bytes (string value) #metadata_encryption_key = -# Digest algorithm which will be used for digital signature; the -# default is sha1 the default in Kilo for a smooth upgrade process, -# and it will be updated with sha256 in next release(L). Use the +# Digest algorithm which will be used for digital signature. Use the # command "openssl list-message-digest-algorithms" to get the # available algorithms supported by the version of OpenSSL on the # platform. Examples are "sha1", "sha256", "sha512", etc. (string # value) -#digest_algorithm = sha1 +#digest_algorithm = sha256 # Address to bind the server. Useful when selecting a particular # network interface. (string value) #bind_host = 0.0.0.0 -# The port on which the server will listen. (integer value) +# The port on which the server will listen. (port value) +# Minimum value: 0 +# Maximum value: 65535 #bind_port = # The backlog value that will be used when creating the TCP listener @@ -162,86 +168,94 @@ # Timeout for client connections' socket operations. If an incoming # connection is idle for this number of seconds it will be closed. A # value of '0' means wait forever. (integer value) -#client_socket_timeout = 0 +#client_socket_timeout = 900 # # From oslo.log # -# Print debugging output (set logging level to DEBUG instead of -# default WARNING level). (boolean value) +# If set to true, the logging level will be set to DEBUG instead of +# the default INFO level. (boolean value) #debug = false -# Print more verbose output (set logging level to INFO instead of -# default WARNING level). (boolean value) -#verbose = false +# If set to false, the logging level will be set to WARNING instead of +# the default INFO level. (boolean value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +#verbose = true # The name of a logging configuration file. This file is appended to # any existing logging configuration files. For details about logging # configuration files, see the Python logging module documentation. -# (string value) +# Note that when logging configuration files are used then all logging +# configuration is set in the configuration file and other logging +# configuration options are ignored (for example, +# logging_context_format_string). (string value) # Deprecated group/name - [DEFAULT]/log_config #log_config_append = -# DEPRECATED. A logging.Formatter log message format string which may -# use any of the available logging.LogRecord attributes. This option -# is deprecated. Please use logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format = - -# Format string for %%(asctime)s in log records. Default: %(default)s -# . (string value) +# Defines the format string for %%(asctime)s in log records. Default: +# %(default)s . This option is ignored if log_config_append is set. +# (string value) #log_date_format = %Y-%m-%d %H:%M:%S -# (Optional) Name of log file to output to. If no default is set, -# logging will go to stdout. (string value) +# (Optional) Name of log file to send logging output to. If no default +# is set, logging will go to stderr as defined by use_stderr. This +# option is ignored if log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logfile #log_file = -# (Optional) The base directory used for relative --log-file paths. -# (string value) +# (Optional) The base directory used for relative log_file paths. +# This option is ignored if log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logdir #log_dir = -# Use syslog for logging. Existing syslog format is DEPRECATED during -# I, and will change in J to honor RFC5424. (boolean value) +# Uses logging handler designed to watch file system. When log file is +# moved or removed this handler will open a new log file with +# specified path instantaneously. It makes sense only if log_file +# option is specified and Linux platform is used. This option is +# ignored if log_config_append is set. (boolean value) +#watch_log_file = false + +# Use syslog for logging. Existing syslog format is DEPRECATED and +# will be changed later to honor RFC5424. This option is ignored if +# log_config_append is set. (boolean value) #use_syslog = false -# (Optional) Enables or disables syslog rfc5424 format for logging. If -# enabled, prefixes the MSG part of the syslog message with APP-NAME -# (RFC5424). The format without the APP-NAME is deprecated in I, and -# will be removed in J. (boolean value) -#use_syslog_rfc_format = false - -# Syslog facility to receive log lines. (string value) +# Syslog facility to receive log lines. This option is ignored if +# log_config_append is set. (string value) #syslog_log_facility = LOG_USER -# Log output to standard error. (boolean value) +# Log output to standard error. This option is ignored if +# log_config_append is set. (boolean value) #use_stderr = true # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s -# Format string to use for log messages without context. (string -# value) +# Format string to use for log messages when context is undefined. +# (string value) #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s -# Data to append to log format when level is DEBUG. (string value) +# Additional data to append to log message when logging level for the +# message is DEBUG. (string value) #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d # Prefix each line of exception output with this format. (string # value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s -# List of logger=LEVEL pairs. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN +# Defines the format string for %(user_identity)s that is used in +# logging_context_format_string. (string value) +#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s + +# List of package logging levels in logger=LEVEL pairs. This option is +# ignored if log_config_append is set. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO # Enables or disables publication of error events. (boolean value) #publish_errors = false -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - # The format for an instance that is passed with the log message. # (string value) #instance_format = "[instance: %(uuid)s] " @@ -250,20 +264,29 @@ # (string value) #instance_uuid_format = "[instance: %(uuid)s] " +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false + # # From oslo.messaging # +# Size of RPC connection pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size +#rpc_conn_pool_size = 30 + # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve to this # address. (string value) #rpc_zmq_bind_address = * # MatchMaker driver. (string value) -#rpc_zmq_matchmaker = local +# Allowed values: redis, dummy +#rpc_zmq_matchmaker = redis -# ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port = 9501 +# Type of concurrency used. Either "native" or "eventlet" (string +# value) +#rpc_zmq_concurrency = eventlet # Number of ZeroMQ contexts, defaults to 1. (integer value) #rpc_zmq_contexts = 1 @@ -279,25 +302,41 @@ # Must match "host" option, if running Nova. (string value) #rpc_zmq_host = localhost -# Seconds to wait before a cast expires (TTL). Only supported by -# impl_zmq. (integer value) -#rpc_cast_timeout = 30 +# Seconds to wait before a cast expires (TTL). The default value of -1 +# specifies an infinite linger period. The value of 0 specifies no +# linger period. Pending messages shall be discarded immediately when +# the socket is closed. Only supported by impl_zmq. (integer value) +#rpc_cast_timeout = -1 -# Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq = 300 +# The default number of seconds that poll should wait. Poll raises +# timeout exception when timeout expired. (integer value) +#rpc_poll_timeout = 1 -# Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl = 600 +# Expiration timeout in seconds of a name service record about +# existing target ( < 0 means no timeout). (integer value) +#zmq_target_expire = 120 + +# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. +# (boolean value) +#use_pub_sub = true -# Size of RPC thread pool. (integer value) -#rpc_thread_pool_size = 64 +# Minimal port number for random ports range. (port value) +# Minimum value: 0 +# Maximum value: 65535 +#rpc_zmq_min_port = 49152 -# Driver or drivers to handle sending notifications. (multi valued) -#notification_driver = +# Maximal port number for random ports range. (integer value) +# Minimum value: 1 +# Maximum value: 65536 +#rpc_zmq_max_port = 65536 -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -#notification_topics = notifications +# Number of retries to find free port number before fail with +# ZMQBindError. (integer value) +#rpc_zmq_bind_port_retries = 100 + +# Size of executor thread pool. (integer value) +# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size +#executor_thread_pool_size = 64 # Seconds to wait for a response from a call. (integer value) #rpc_response_timeout = 60 @@ -308,7 +347,7 @@ #transport_url = # The messaging driver to use, defaults to rabbit. Other drivers -# include qpid and zmq. (string value) +# include amqp and zmq. (string value) #rpc_backend = rabbit # The default exchange under which topics are scoped. May be @@ -317,6 +356,66 @@ #control_exchange = openstack +[cors] + +# +# From oslo.middleware +# + +# Indicate whether this resource may be shared with the domain +# received in the requests "origin" header. (list value) +#allowed_origin = + +# Indicate that the actual request can include user credentials +# (boolean value) +#allow_credentials = true + +# Indicate which headers are safe to expose to the API. Defaults to +# HTTP Simple Headers. (list value) +#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma + +# Maximum cache age of CORS preflight requests. (integer value) +#max_age = 3600 + +# Indicate which methods can be used during the actual request. (list +# value) +#allow_methods = GET,POST,PUT,DELETE,OPTIONS + +# Indicate which header field names may be used during the actual +# request. (list value) +#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma + + +[cors.subdomain] + +# +# From oslo.middleware +# + +# Indicate whether this resource may be shared with the domain +# received in the requests "origin" header. (list value) +#allowed_origin = + +# Indicate that the actual request can include user credentials +# (boolean value) +#allow_credentials = true + +# Indicate which headers are safe to expose to the API. Defaults to +# HTTP Simple Headers. (list value) +#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma + +# Maximum cache age of CORS preflight requests. (integer value) +#max_age = 3600 + +# Indicate which methods can be used during the actual request. (list +# value) +#allow_methods = GET,POST,PUT,DELETE,OPTIONS + +# Indicate which header field names may be used during the actual +# request. (list value) +#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma + + [database] # @@ -352,12 +451,6 @@ # Example: mysql_sql_mode= (string value) #mysql_sql_mode = TRADITIONAL -# This configures the MySQL storage engine. This allows for OpenStack to -# support different storage engines such as InnoDB, NDB, etc. By Default, -# this value will be set to InnoDB. For MySQL Cluster, set to NDBCLUSTER. -# Example: mysql_storage_engine=(string value) -#mysql_storage_engine = InnoDB - # Timeout before idle SQL connections are reaped. (integer value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout @@ -392,7 +485,7 @@ # value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = +#max_overflow = 50 # Verbosity of SQL debugging information: 0=None, 100=Everything. # (integer value) @@ -428,6 +521,15 @@ # (integer value) #db_max_retries = 20 +# +# From oslo.db.concurrency +# + +# Enable the experimental use of thread pooling for all DB API calls +# (boolean value) +# Deprecated group/name - [DEFAULT]/dbapi_use_tpool +#use_tpool = false + [glance_store] @@ -435,7 +537,8 @@ # From glance.store # -# List of stores enabled (list value) +# List of stores enabled. Valid stores are: cinder, file, http, rbd, +# sheepdog, swift, s3, vsphere (list value) #stores = file,http # Default scheme to use to store image data. The scheme must be @@ -451,10 +554,6 @@ # (integer value) #store_capabilities_update_min_interval = 0 -# -# From glance.store -# - # Images will be chunked into objects of this size (in megabytes). For # best performance, this should be a power of two. (integer value) #sheepdog_store_chunk_size = 64 @@ -484,9 +583,31 @@ # (string value) #rbd_store_ceph_conf = /etc/ceph/ceph.conf +# Timeout value (in seconds) used when connecting to ceph cluster. If +# value <= 0, no timeout is set and default librados value is used. +# (integer value) +#rados_connect_timeout = 0 + +# Specify the path to the CA bundle file to use in verifying the +# remote server certificate. (string value) +#https_ca_certificates_file = + +# If true, the remote server certificate is not verified. If false, +# then the default CA truststore is used for verification. This option +# is ignored if "https_ca_certificates_file" is set. (boolean value) +#https_insecure = true + +# Specify the http/https proxy information that should be used to +# connect to the remote server. The proxy information should be a key +# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can +# specify proxies for multiple schemes by seperating the key value +# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080. +# (dict value) +#http_proxy_information = + # Directory to which the Filesystem backend store writes images. # (string value) -filesystem_store_datadir = /var/lib/glance/images/ +#filesystem_store_datadir = /var/lib/glance/images # List of directories and its priorities to which the Filesystem # backend store writes images. (multi valued) @@ -507,15 +628,6 @@ # digit. (integer value) #filesystem_store_file_perm = 0 -# Hostname or IP address of the instance to connect to, or a mongodb -# URI, or a list of hostnames / mongodb URIs. If host is an IPv6 -# literal it must be enclosed in '[' and ']' characters following the -# RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value) -#mongodb_store_uri = - -# Database to use (string value) -#mongodb_store_db = - # The host where the S3 server is listening. (string value) #s3_store_host = @@ -553,6 +665,21 @@ # (integer value) #s3_store_thread_pools = 10 +# Enable the use of a proxy. (boolean value) +#s3_store_enable_proxy = false + +# Address or hostname for the proxy server. (string value) +#s3_store_proxy_host = + +# The port to use when connecting over a proxy. (integer value) +#s3_store_proxy_port = 8080 + +# The username to connect to the proxy. (string value) +#s3_store_proxy_user = + +# The password to use when connecting over a proxy. (string value) +#s3_store_proxy_password = + # ESX/ESXi or vCenter Server target system. The server value can be an # IP address or a DNS name. (string value) #vmware_server_host = @@ -565,18 +692,6 @@ # value) #vmware_server_password = -# DEPRECATED. Inventory path to a datacenter. If the -# vmware_server_host specified is an ESX/ESXi, the -# vmware_datacenter_path is optional. If specified, it should be "ha- -# datacenter". This option is deprecated in favor of vmware_datastores -# and will be removed in the Liberty release. (string value) -#vmware_datacenter_path = ha-datacenter - -# DEPRECATED. Datastore associated with the datacenter. This option is -# deprecated in favor of vmware_datastores and will be removed in the -# Liberty release. (string value) -#vmware_datastore_name = - # Number of times VMware ESX/VC server API must be retried upon # connection related issues. (integer value) #vmware_api_retry_count = 10 @@ -589,36 +704,43 @@ # the VMware datastore. (string value) #vmware_store_image_dir = /openstack_glance -# Allow to perform insecure SSL requests to ESX/VC. (boolean value) -#vmware_api_insecure = false +# If true, the ESX/vCenter server certificate is not verified. If +# false, then the default CA truststore is used for verification. This +# option is ignored if "vmware_ca_file" is set. (boolean value) +# Deprecated group/name - [DEFAULT]/vmware_api_insecure +#vmware_insecure = false + +# Specify a CA bundle file to use in verifying the ESX/vCenter server +# certificate. (string value) +#vmware_ca_file = # A list of datastores where the image can be stored. This option may -# be specified multiple times for specifying multiple datastores. -# Either one of vmware_datastore_name or vmware_datastores is -# required. The datastore name should be specified after its -# datacenter path, seperated by ":". An optional weight may be given -# after the datastore name, seperated again by ":". Thus, the required -# format becomes ::. -# When adding an image, the datastore with highest weight will be -# selected, unless there is not enough free space available in cases -# where the image size is already known. If no weight is given, it is -# assumed to be zero and the directory will be considered for -# selection last. If multiple datastores have the same weight, then -# the one with the most free space available is selected. (multi -# valued) +# be specified multiple times for specifying multiple datastores. The +# datastore name should be specified after its datacenter path, +# seperated by ":". An optional weight may be given after the +# datastore name, seperated again by ":". Thus, the required format +# becomes ::. When +# adding an image, the datastore with highest weight will be selected, +# unless there is not enough free space available in cases where the +# image size is already known. If no weight is given, it is assumed to +# be zero and the directory will be considered for selection last. If +# multiple datastores have the same weight, then the one with the most +# free space available is selected. (multi valued) #vmware_datastores = # Info to match when looking for cinder in the service catalog. Format # is : separated values of the form: # :: (string value) -#cinder_catalog_info = volume:cinder:publicURL +#cinder_catalog_info = volumev2::publicURL # Override service catalog lookup with template for cinder endpoint -# e.g. http://localhost:8776/v1/%(project_id)s (string value) +# e.g. http://localhost:8776/v2/%(tenant)s (string value) #cinder_endpoint_template = -# Region name of this node (string value) -#os_region_name = +# Region name of this node. If specified, it will be used to locate +# OpenStack services for stores. (string value) +# Deprecated group/name - [DEFAULT]/os_region_name +#cinder_os_region_name = # Location of ca certicates file to use for cinder client requests. # (string value) @@ -627,13 +749,33 @@ # Number of cinderclient retries on failed http calls (integer value) #cinder_http_retries = 3 +# Time period of time in seconds to wait for a cinder volume +# transition to complete. (integer value) +#cinder_state_transition_timeout = 300 + # Allow to perform insecure SSL requests to cinder (boolean value) #cinder_api_insecure = false -# Version of the authentication service to use. Valid versions are 2 -# for keystone and 1 for swauth and rackspace. (deprecated) (string +# The address where the Cinder authentication service is listening. If +# , the cinder endpoint in the service catalog is used. (string # value) -#swift_store_auth_version = 2 +#cinder_store_auth_address = + +# User name to authenticate against Cinder. If , the user of +# current context is used. (string value) +#cinder_store_user_name = + +# Password for the user authenticating against Cinder. If , the +# current context auth token is used. (string value) +#cinder_store_password = + +# Project name where the image is stored in Cinder. If , the +# project in current context is used. (string value) +#cinder_store_project_name = + +# Path to the rootwrap configuration file to use for running commands +# as root. (string value) +#rootwrap_config = /etc/glance/rootwrap.conf # If True, swiftclient won't check for a valid SSL certificate when # authenticating. (boolean value) @@ -688,7 +830,7 @@ # When set to 0, a single-tenant store will only use one container to # store all images. When set to an integer value between 1 and 32, a # single-tenant store will use multiple containers to store images, -# and this value will determine how many containers are created.Used +# and this value will determine how many containers are created. Used # only when swift_store_multi_tenant is disabled. The total number of # containers that will be used is equal to 16^N, so if this config # option is set to 2, then 16^2=256 containers will be used to store @@ -709,20 +851,42 @@ # request fails. (integer value) #swift_store_retry_get_count = 0 +# The period of time (in seconds) before token expirationwhen +# glance_store will try to reques new user token. Default value 60 sec +# means that if token is going to expire in 1 min then glance_store +# request new user token. (integer value) +#swift_store_expire_soon_interval = 60 + +# If set to True create a trust for each add/get request to Multi- +# tenant store in order to prevent authentication token to be expired +# during uploading/downloading data. If set to False then user token +# is used for Swift connection (so no overhead on trust creation). +# Please note that this option is considered only and only if +# swift_store_multi_tenant=True (boolean value) +#swift_store_use_trusts = true + # The reference to the default swift account/backing store parameters # to use for adding new images. (string value) #default_swift_reference = ref1 -# The address where the Swift authentication service is -# listening.(deprecated) (string value) +# Version of the authentication service to use. Valid versions are 2 +# and 3 for keystone and 1 (deprecated) for swauth and rackspace. +# (deprecated - use "auth_version" in swift_store_config_file) (string +# value) +#swift_store_auth_version = 2 + +# The address where the Swift authentication service is listening. +# (deprecated - use "auth_address" in swift_store_config_file) (string +# value) #swift_store_auth_address = # The user to authenticate against the Swift authentication service -# (deprecated) (string value) +# (deprecated - use "user" in swift_store_config_file) (string value) #swift_store_user = # Auth key for the user authenticating against the Swift -# authentication service. (deprecated) (string value) +# authentication service. (deprecated - use "key" in +# swift_store_config_file) (string value) #swift_store_key = # The config file that has the swift account(s)configs. (string value) @@ -772,6 +936,9 @@ # Verify HTTPS connections. (boolean value) #insecure = false +# The region in which the identity server can be found. (string value) +#region_name = + # Directory used to cache files related to PKI tokens. (string value) signing_dir = /var/lib/glance/keystone-signing @@ -794,12 +961,13 @@ #revocation_cache_time = 10 # (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable values are -# MAC or ENCRYPT. If MAC, token data is authenticated (with HMAC) in -# the cache. If ENCRYPT, token data is encrypted and authenticated in -# the cache. If the value is not one of these options or empty, -# auth_token will raise an exception on initialization. (string value) -#memcache_security_strategy = +# authenticated or authenticated and encrypted. If MAC, token data is +# authenticated (with HMAC) in the cache. If ENCRYPT, token data is +# encrypted and authenticated in the cache. If the value is not one of +# these options or empty, auth_token will raise an exception on +# initialization. (string value) +# Allowed values: None, MAC, ENCRYPT +#memcache_security_strategy = None # (Optional, mandatory if memcache_security_strategy is defined) This # string is used for key derivation. (string value) @@ -814,7 +982,7 @@ #memcache_pool_maxsize = 10 # (Optional) Socket timeout in seconds for communicating with a -# memcache server. (integer value) +# memcached server. (integer value) #memcache_pool_socket_timeout = 3 # (Optional) Number of seconds a connection to memcached is held @@ -822,10 +990,10 @@ #memcache_pool_unused_timeout = 60 # (Optional) Number of seconds that an operation will wait to get a -# memcache client connection from the pool. (integer value) +# memcached client connection from the pool. (integer value) #memcache_pool_conn_get_timeout = 10 -# (Optional) Use the advanced (eventlet safe) memcache client pool. +# (Optional) Use the advanced (eventlet safe) memcached client pool. # The advanced pool will only work under python 2.x. (boolean value) #memcache_use_advanced_pool = false @@ -860,34 +1028,18 @@ # value) #hash_algorithms = md5 -# Prefix to prepend at the beginning of the path. Deprecated, use -# identity_uri. (string value) -#auth_admin_prefix = - -# Host providing the admin Identity API endpoint. Deprecated, use -# identity_uri. (string value) -#auth_host = 127.0.0.1 - -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port = 35357 +# Authentication type to load (unknown value) +# Deprecated group/name - [DEFAULT]/auth_plugin +#auth_type = -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol = https +# Config Section from which to load plugin specific options (unknown +# value) +#auth_section = -# Complete admin Identity API endpoint. This should specify the -# unversioned root endpoint e.g. https://localhost:35357/ (string -# value) +# Complete admin Identity API endpoint. This should specify the unversioned +# root endpoint e.g. https://localhost:35357/ (string value) identity_uri = http://127.0.0.1:35357/ -# This option is deprecated and may be removed in a future release. -# Single shared secret with the Keystone configuration used for -# bootstrapping a Keystone installation, or otherwise bypassing the -# normal authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token = - # Service username. (string value) admin_user = %SERVICE_USER% @@ -897,13 +1049,6 @@ # Service tenant name. (string value) admin_tenant_name = %SERVICE_TENANT_NAME% -# Name of the plugin to load (string value) -#auth_plugin = - -# Config Section from which to load plugin specific options (string -# value) -#auth_section = - [matchmaker_redis] @@ -914,22 +1059,29 @@ # Host to locate redis. (string value) #host = 127.0.0.1 -# Use this port to connect to redis host. (integer value) +# Use this port to connect to redis host. (port value) +# Minimum value: 0 +# Maximum value: 65535 #port = 6379 # Password for Redis server (optional). (string value) -#password = +#password = +# List of Redis Sentinel hosts (fault tolerance mode) e.g. +# [host:port, host1:port ... ] (list value) +#sentinel_hosts = -[matchmaker_ring] +# Redis replica set name. (string value) +#sentinel_group_name = oslo-messaging-zeromq -# -# From oslo.messaging -# +# Time in ms to wait between connection attempts. (integer value) +#wait_timeout = 500 -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile = /etc/oslo/matchmaker_ring.json +# Time in ms to wait before the transaction is killed. (integer value) +#check_timeout = 20000 + +# Timeout in ms on blocking socket operations (integer value) +#socket_timeout = 1000 [oslo_concurrency] @@ -947,7 +1099,7 @@ # that need locking. Defaults to environment variable OSLO_LOCK_PATH. # If external locks are used, a lock path must be set. (string value) # Deprecated group/name - [DEFAULT]/lock_path -#lock_path = +lock_path = /var/lib/glance/lock [oslo_messaging_amqp] @@ -980,8 +1132,7 @@ # Deprecated group/name - [amqp1]/trace #trace = false -# CA certificate PEM file for verifing server certificate (string -# value) +# CA certificate PEM file to verify server certificate (string value) # Deprecated group/name - [amqp1]/ssl_ca_file #ssl_ca_file = @@ -1003,73 +1154,49 @@ # Deprecated group/name - [amqp1]/allow_insecure_clients #allow_insecure_clients = false +# Space separated list of acceptable SASL mechanisms (string value) +# Deprecated group/name - [amqp1]/sasl_mechanisms +#sasl_mechanisms = -[oslo_messaging_qpid] +# Path to directory that contains the SASL configuration (string +# value) +# Deprecated group/name - [amqp1]/sasl_config_dir +#sasl_config_dir = + +# Name of configuration file (without .conf suffix) (string value) +# Deprecated group/name - [amqp1]/sasl_config_name +#sasl_config_name = + +# User name for message broker authentication (string value) +# Deprecated group/name - [amqp1]/username +#username = + +# Password for message broker authentication (string value) +# Deprecated group/name - [amqp1]/password +#password = + + +[oslo_messaging_notifications] # # From oslo.messaging # -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete = false - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size = 30 - -# Qpid broker hostname. (string value) -# Deprecated group/name - [DEFAULT]/qpid_hostname -#qpid_hostname = localhost - -# Qpid broker port. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_port -#qpid_port = 5672 - -# Qpid HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/qpid_hosts -#qpid_hosts = $qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_username -#qpid_username = +# The Drivers(s) to handle sending notifications. Possible values are +# messaging, messagingv2, routing, log, test, noop (multi valued) +# Deprecated group/name - [DEFAULT]/notification_driver +#driver = -# Password for Qpid connection. (string value) -# Deprecated group/name - [DEFAULT]/qpid_password -#qpid_password = - -# Space separated list of SASL mechanisms to use for auth. (string -# value) -# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms -#qpid_sasl_mechanisms = - -# Seconds between connection keepalive heartbeats. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_heartbeat -#qpid_heartbeat = 60 +# A URL representing the messaging driver to use for notifications. If +# not set, we fall back to the same configuration used for RPC. +# (string value) +# Deprecated group/name - [DEFAULT]/notification_transport_url +#transport_url = -# Transport to use, either 'tcp' or 'ssl'. (string value) -# Deprecated group/name - [DEFAULT]/qpid_protocol -#qpid_protocol = tcp - -# Whether to disable the Nagle algorithm. (boolean value) -# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay -#qpid_tcp_nodelay = true - -# The number of prefetched messages held by receiver. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity -#qpid_receiver_capacity = 1 - -# The qpid topology version to use. Version 1 is what was originally -# used by impl_qpid. Version 2 includes some backwards-incompatible -# changes that allow broker federation to work. Users should update -# to version 2 when they are able to take everything down, as it -# requires a clean break. (integer value) -# Deprecated group/name - [DEFAULT]/qpid_topology_version -#qpid_topology_version = 1 +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +# Deprecated group/name - [DEFAULT]/notification_topics +#topics = notifications [oslo_messaging_rabbit] @@ -1079,6 +1206,7 @@ # # Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/amqp_durable_queues # Deprecated group/name - [DEFAULT]/rabbit_durable_queues #amqp_durable_queues = false @@ -1086,10 +1214,6 @@ # Deprecated group/name - [DEFAULT]/amqp_auto_delete #amqp_auto_delete = false -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size = 30 - # SSL version to use (valid only if SSL enabled). Valid values are # TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be # available on some distributions. (string value) @@ -1114,13 +1238,31 @@ # Deprecated group/name - [DEFAULT]/kombu_reconnect_delay #kombu_reconnect_delay = 1.0 +# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression +# will not be used. This option may notbe available in future +# versions. (string value) +#kombu_compression = + +# How long to wait a missing client beforce abandoning to send it its +# replies. This value should not be longer than rpc_response_timeout. +# (integer value) +# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout +#kombu_missing_consumer_retry_timeout = 60 + +# Determines how the next RabbitMQ node is chosen in case the one we +# are currently connected to becomes unavailable. Takes effect only if +# more than one RabbitMQ node is provided in config. (string value) +# Allowed values: round-robin, shuffle +#kombu_failover_strategy = round-robin + # The RabbitMQ broker address where a single node is used. (string # value) # Deprecated group/name - [DEFAULT]/rabbit_host #rabbit_host = localhost -# The RabbitMQ broker port where a single node is used. (integer -# value) +# The RabbitMQ broker port where a single node is used. (port value) +# Minimum value: 0 +# Maximum value: 65535 # Deprecated group/name - [DEFAULT]/rabbit_port #rabbit_port = 5672 @@ -1156,21 +1298,40 @@ # Deprecated group/name - [DEFAULT]/rabbit_retry_backoff #rabbit_retry_backoff = 2 +# Maximum interval of RabbitMQ connection retries. Default is 30 +# seconds. (integer value) +#rabbit_interval_max = 30 + # Maximum number of RabbitMQ connection retries. Default is 0 # (infinite retry count). (integer value) # Deprecated group/name - [DEFAULT]/rabbit_max_retries #rabbit_max_retries = 0 -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this -# option, you must wipe the RabbitMQ database. (boolean value) +# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, +# queue mirroring is no longer controlled by the x-ha-policy argument +# when declaring a queue. If you just want to make sure that all +# queues (except those with auto-generated names) are mirrored across +# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha- +# mode": "all"}' " (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_ha_queues #rabbit_ha_queues = false +# Positive integer representing duration in seconds for queue TTL +# (x-expires). Queues which are unused for the duration of the TTL are +# automatically deleted. The parameter affects only reply and fanout +# queues. (integer value) +# Minimum value: 1 +#rabbit_transient_queues_ttl = 1800 + +# Specifies the number of messages to prefetch. Setting to zero allows +# unlimited messages. (integer value) +#rabbit_qos_prefetch_count = 0 + # Number of seconds after which the Rabbit broker is considered down -# if heartbeat's keep-alive fails (0 disables the heartbeat, >0 -# enables it. Enabling heartbeats requires kombu>=3.0.7 and -# amqp>=1.4.0). EXPERIMENTAL (integer value) -#heartbeat_timeout_threshold = 0 +# if heartbeat's keep-alive fails (0 disable the heartbeat). +# EXPERIMENTAL (integer value) +#heartbeat_timeout_threshold = 60 # How often times during the heartbeat_timeout_threshold we check the # heartbeat. (integer value) @@ -1181,6 +1342,129 @@ # Deprecated group/name - [DEFAULT]/fake_rabbit #fake_rabbit = false +# Maximum number of channels to allow (integer value) +#channel_max = + +# The maximum byte size for an AMQP frame (integer value) +#frame_max = + +# How often to send heartbeats for consumer's connections (integer +# value) +#heartbeat_interval = 1 + +# Enable SSL (boolean value) +#ssl = + +# Arguments passed to ssl.wrap_socket (dict value) +#ssl_options = + +# Set socket timeout in seconds for connection's socket (floating +# point value) +#socket_timeout = 0.25 + +# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating +# point value) +#tcp_user_timeout = 0.25 + +# Set delay for reconnection to some host which has connection error +# (floating point value) +#host_connection_reconnect_delay = 0.25 + +# Maximum number of connections to keep queued. (integer value) +#pool_max_size = 10 + +# Maximum number of connections to create above `pool_max_size`. +# (integer value) +#pool_max_overflow = 0 + +# Default number of seconds to wait for a connections to available +# (integer value) +#pool_timeout = 30 + +# Lifetime of a connection (since creation) in seconds or None for no +# recycling. Expired connections are closed on acquire. (integer +# value) +#pool_recycle = 600 + +# Threshold at which inactive (since release) connections are +# considered stale in seconds or None for no staleness. Stale +# connections are closed on acquire. (integer value) +#pool_stale = 60 + +# Persist notification messages. (boolean value) +#notification_persistence = false + +# Exchange name for for sending notifications (string value) +#default_notification_exchange = ${control_exchange}_notification + +# Max number of not acknowledged message which RabbitMQ can send to +# notification listener. (integer value) +#notification_listener_prefetch_count = 100 + +# Reconnecting retry count in case of connectivity problem during +# sending notification, -1 means infinite retry. (integer value) +#default_notification_retry_attempts = -1 + +# Reconnecting retry delay in case of connectivity problem during +# sending notification message (floating point value) +#notification_retry_delay = 0.25 + +# Time to live for rpc queues without consumers in seconds. (integer +# value) +#rpc_queue_expiration = 60 + +# Exchange name for sending RPC messages (string value) +#default_rpc_exchange = ${control_exchange}_rpc + +# Exchange name for receiving RPC replies (string value) +#rpc_reply_exchange = ${control_exchange}_rpc_reply + +# Max number of not acknowledged message which RabbitMQ can send to +# rpc listener. (integer value) +#rpc_listener_prefetch_count = 100 + +# Max number of not acknowledged message which RabbitMQ can send to +# rpc reply listener. (integer value) +#rpc_reply_listener_prefetch_count = 100 + +# Reconnecting retry count in case of connectivity problem during +# sending reply. -1 means infinite retry during rpc_timeout (integer +# value) +#rpc_reply_retry_attempts = -1 + +# Reconnecting retry delay in case of connectivity problem during +# sending reply. (floating point value) +#rpc_reply_retry_delay = 0.25 + +# Reconnecting retry count in case of connectivity problem during +# sending RPC message, -1 means infinite retry. If actual retry +# attempts in not 0 the rpc request could be processed more then one +# time (integer value) +#default_rpc_retry_attempts = -1 + +# Reconnecting retry delay in case of connectivity problem during +# sending RPC message (floating point value) +#rpc_retry_delay = 0.25 + + +[oslo_middleware] + +# +# From oslo.middleware +# + +# The maximum body size for each request, in bytes. (integer value) +# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size +# Deprecated group/name - [DEFAULT]/max_request_body_size +#max_request_body_size = 114688 + +# The HTTP Header that will be used to determine what the original +# request protocol scheme was, even if it was hidden by an SSL +# termination proxy. (string value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +#secure_proxy_ssl_header = X-Forwarded-Proto + [oslo_policy] @@ -1233,3 +1517,7 @@ # If False doesn't trace SQL requests. (boolean value) #trace_sqlalchemy = false + +# Secret key to use to sign Glance API and Glance Registry services +# tracing messages. (string value) +#hmac_keys = SECRET_KEY