24465632 Update Glance for the Mitaka release
authorLaszlo Peter <laszlo.peter@oracle.com>
Wed, 07 Sep 2016 14:48:42 -0700
changeset 6852 bf55de364b19
parent 6851 f984e52b96bb
child 6853 cf1567491b1b
24465632 Update Glance for the Mitaka release
components/openstack/glance/Makefile
components/openstack/glance/files/glance-api.conf
components/openstack/glance/files/glance-api.xml
components/openstack/glance/files/glance-cache.conf
components/openstack/glance/files/glance-glare.conf
components/openstack/glance/files/glance-manage.conf
components/openstack/glance/files/glance-registry.conf
components/openstack/glance/files/glance-registry.xml
components/openstack/glance/files/glance-scrubber.conf
components/openstack/glance/files/glance-upgrade
components/openstack/glance/glance.p5m
components/openstack/glance/patches/01-nopycrypto.patch
components/openstack/glance/patches/02-zfs-uar-formats.patch
components/openstack/glance/patches/03-Partial_Content.patch
components/openstack/glance/patches/04-requirements.patch
components/openstack/glance/patches/05-launchpad-1496012.patch
components/openstack/glance/patches/06-launchpad-1500361.patch
components/openstack/glance/patches/07-profiler_opts.patch
components/openstack/glance/patches/08-CVE-2016-0757.patch
components/openstack/glance/patches/09-glance-conf.patch
components/openstack/glance/patches/10-glance-wsgi.patch
components/openstack/glance/patches/14-launchpad-1471080.patch
components/openstack/glance/patches/15-mysql_cluster_support.patch
--- a/components/openstack/glance/Makefile	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/Makefile	Wed Sep 07 14:48:42 2016 -0700
@@ -26,20 +26,19 @@
 include ../../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		glance
-COMPONENT_CODENAME=	kilo
-COMPONENT_VERSION=	2015.1.2
-COMPONENT_BE_VERSION=	2015.1
+COMPONENT_CODENAME=	mitaka
+COMPONENT_VERSION=	12.0.0
+COMPONENT_BE_VERSION=	2016.1
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:e46bc6648a74a643cef3825dcd44c7e275ed3385b96cab83ef50c4c514932541
-COMPONENT_ARCHIVE_URL=	http://launchpad.net/$(COMPONENT_NAME)/$(COMPONENT_CODENAME)/$(COMPONENT_VERSION)/+download/$(COMPONENT_ARCHIVE)
+    sha256:42213a4cd59bbcaa5f34d09ff48494a4d9831de9f27fc8541726a685a4c4f509
+COMPONENT_ARCHIVE_URL=	https://tarballs.openstack.org/$(COMPONENT_NAME)/$(COMPONENT_ARCHIVE)
 COMPONENT_SIG_URL=	$(COMPONENT_ARCHIVE_URL).asc
 COMPONENT_PROJECT_URL=	http://www.openstack.org/
 COMPONENT_BUGDB=	service/glance
-IPS_COMPONENT_VERSION=	0.$(COMPONENT_VERSION)
 
-TPNO=			25785
+TPNO=			30299
 
 PKG_VARS +=		COMPONENT_BE_VERSION
 
@@ -85,14 +84,10 @@
 REQUIRED_PACKAGES += library/python/eventlet-27
 REQUIRED_PACKAGES += library/python/glance_store-27
 REQUIRED_PACKAGES += library/python/iniparse-27
-REQUIRED_PACKAGES += library/python/m2crypto-27
 REQUIRED_PACKAGES += library/python/oslo.config-27
 REQUIRED_PACKAGES += library/python/oslo.messaging-27
-REQUIRED_PACKAGES += library/python/oslo.serialization-27
 REQUIRED_PACKAGES += library/python/oslo.utils-27
-REQUIRED_PACKAGES += library/python/osprofiler-27
 REQUIRED_PACKAGES += library/python/six-27
 REQUIRED_PACKAGES += library/python/sqlalchemy-27
 REQUIRED_PACKAGES += library/python/sqlalchemy-migrate-27
-REQUIRED_PACKAGES += library/python/webob-27
 REQUIRED_PACKAGES += system/core-os
--- a/components/openstack/glance/files/glance-api.conf	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/files/glance-api.conf	Wed Sep 07 14:48:42 2016 -0700
@@ -5,7 +5,7 @@
 #
 
 # When true, this option sets the owner of an image to be the tenant.
-# Otherwise, the owner of the  image will be the authenticated user
+# Otherwise, the owner of the image will be the authenticated user
 # issuing the request. (boolean value)
 #owner_is_tenant = true
 
@@ -18,6 +18,9 @@
 # value)
 #allow_anonymous_access = false
 
+# Limits request ID length. (integer value)
+#max_request_id_length = 64
+
 # Public url to use for versions endpoint. The default is None, which
 # will use the request's host_url attribute to populate the URL base.
 # If Glance is operating behind a proxy, you will want to change this
@@ -64,19 +67,20 @@
 # For example, if using the file system store a URL of
 # "file:///path/to/image" will be returned to the user in the
 # 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution!  The overrides
-# show_image_direct_url. (boolean value)
+# security risk, so use this setting with caution! Setting this to
+# true overrides the show_image_direct_url option. (boolean value)
 #show_multiple_locations = false
 
 # Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
+# 1099511627776 bytes (1 TB). WARNING: this value should only be
 # increased after careful consideration and must be set to a value
 # under 8 EB (9223372036854775808). (integer value)
+# Maximum value: 9223372036854775808
 #image_size_cap = 1099511627776
 
 # Set a system wide quota for every user. This value is the total
 # capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
+# 0 means unlimited. Optional unit can be specified for the value.
 # Accepted units are B, KB, MB, GB and TB representing Bytes,
 # KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
 # unit is specified then Bytes is assumed. Note that there should not
@@ -101,7 +105,9 @@
 #pydev_worker_debug_host = <None>
 
 # The port on which a pydev process is listening for connections.
-# (integer value)
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #pydev_worker_debug_port = 5678
 
 # AES key for encrypting store 'location' metadata. This includes, if
@@ -109,14 +115,12 @@
 # length 16, 24 or 32 bytes (string value)
 #metadata_encryption_key = <None>
 
-# Digest algorithm which will be used for digital signature; the
-# default is sha1 the default in Kilo for a smooth upgrade process,
-# and it will be updated with sha256 in next release(L). Use the
+# Digest algorithm which will be used for digital signature. Use the
 # command "openssl list-message-digest-algorithms" to get the
 # available algorithms supported by the version of OpenSSL on the
 # platform. Examples are "sha1", "sha256", "sha512", etc. (string
 # value)
-#digest_algorithm = sha1
+#digest_algorithm = sha256
 
 # This value sets what strategy will be used to determine the image
 # location order. Currently two strategies are packaged with Glance
@@ -124,7 +128,7 @@
 # Allowed values: location_order, store_type
 #location_strategy = location_order
 
-# The location of the property protection file.This file contains the
+# The location of the property protection file. This file contains the
 # rules for property protections and the roles/policies associated
 # with it. If this config value is not specified, by default, property
 # protections won't be enforced. If a value is specified and the file
@@ -139,13 +143,15 @@
 
 # Modules of exceptions that are permitted to be recreated upon
 # receiving exception data from an rpc call. (list value)
-#allowed_rpc_exception_modules = openstack.common.exception,glance.common.exception,exceptions
+#allowed_rpc_exception_modules = glance.common.exception,builtins,exceptions
 
 # Address to bind the server.  Useful when selecting a particular
 # network interface. (string value)
 #bind_host = 0.0.0.0
 
-# The port on which the server will listen. (integer value)
+# The port on which the server will listen. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #bind_port = <None>
 
 # The number of child process workers that will be created to service
@@ -170,7 +176,7 @@
 # Timeout for client connections' socket operations. If an incoming
 # connection is idle for this number of seconds it will be closed. A
 # value of '0' means wait forever. (integer value)
-#client_socket_timeout = 0
+#client_socket_timeout = 900
 
 # The backlog value that will be used when creating the TCP listener
 # socket. (integer value)
@@ -201,15 +207,16 @@
 #image_cache_driver = sqlite
 
 # The upper limit (the maximum size of accumulated cache in bytes)
-# beyond which pruner, if running, starts cleaning the images cache.
-# (integer value)
+# beyond which the cache pruner, if running, starts cleaning the image
+# cache. (integer value)
 #image_cache_max_size = 10737418240
 
-# The amount of time to let an image remain in the cache without being
-# accessed. (integer value)
+# The amount of time to let an incomplete image remain in the cache,
+# before the cache cleaner, if running, will remove the incomplete
+# image. (integer value)
 #image_cache_stall_time = 86400
 
-# Base directory that the Image Cache uses. (string value)
+# Base directory that the image cache uses. (string value)
 #image_cache_dir = <None>
 
 # Default publisher_id for outgoing notifications. (string value)
@@ -227,41 +234,85 @@
 # Address to find the registry server. (string value)
 #registry_host = 0.0.0.0
 
-# Port the registry server is listening on. (integer value)
+# Port the registry server is listening on. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #registry_port = 9191
 
 # Whether to pass through the user token when making requests to the
-# registry. (boolean value)
-# WARNING: DO NOT CHANGE THIS VALUE.  Setting use_user_token to False
-# allows for unintended privilege escalation within the Glance API server.
-# See https://wiki.openstack.org/wiki/OSSN/OSSN-0060
+# registry. To prevent failures with token expiration during big files
+# upload, it is recommended to set this parameter to False. If
+# "use_user_token" is not in effect, then admin credentials can be
+# specified. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #use_user_token = true
 
 # The administrators user name. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_user = <None>
 
 # The administrators password. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_password = <None>
 
 # The tenant name of the administrative user. If "use_user_token" is
 # not in effect, then admin tenant name can be specified. (string
 # value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_tenant_name = <None>
 
 # The URL to the keystone service. If "use_user_token" is not in
 # effect and using keystone auth, then URL of keystone can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_url = <None>
 
 # The strategy to use for authentication. If "use_user_token" is not
 # in effect, then auth strategy can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_strategy = noauth
 
 # The region for the authentication service. If "use_user_token" is
 # not in effect and using keystone auth, then region name can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_region = <None>
 
 # The protocol to use for communication with the registry server.
@@ -305,105 +356,105 @@
 # than auth_token middleware. (boolean value)
 #send_identity_headers = false
 
-# Directory that the scrubber will use to track information about what
-# to delete. Make sure this is set in glance-api.conf and glance-
-# scrubber.conf. (string value)
-#scrubber_datadir = /var/lib/glance/scrubber
-
 # The amount of time in seconds to delay before performing a delete.
 # (integer value)
 #scrub_time = 0
 
-# A boolean that determines if the scrubber should clean up the files
-# it uses for taking data. Only one server in your deployment should
-# be designated the cleanup host. (boolean value)
-#cleanup_scrubber = false
+# The size of thread pool to be used for scrubbing images. The default
+# is one, which signifies serial scrubbing. Any value above one
+# indicates the max number of images that may be scrubbed in parallel.
+# (integer value)
+#scrub_pool_size = 1
 
 # Turn on/off delayed delete. (boolean value)
 #delayed_delete = false
 
-# Items must have a modified time that is older than this value in
-# order to be candidates for cleanup. (integer value)
-#cleanup_scrubber_time = 86400
-
 #
 # From oslo.log
 #
 
-# Print debugging output (set logging level to DEBUG instead of
-# default WARNING level). (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 #debug = false
 
-# Print more verbose output (set logging level to INFO instead of
-# default WARNING level). (boolean value)
-#verbose = false
+# If set to false, the logging level will be set to WARNING instead of
+# the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
 
 # The name of a logging configuration file. This file is appended to
 # any existing logging configuration files. For details about logging
 # configuration files, see the Python logging module documentation.
-# (string value)
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
-# DEPRECATED. A logging.Formatter log message format string which may
-# use any of the available logging.LogRecord attributes. This option
-# is deprecated.  Please use logging_context_format_string and
-# logging_default_format_string instead. (string value)
-#log_format = <None>
-
-# Format string for %%(asctime)s in log records. Default: %(default)s
-# . (string value)
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to output to. If no default is set,
-# logging will go to stdout. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
 
-# (Optional) The base directory used for relative --log-file paths.
-# (string value)
+# (Optional) The base directory used for relative log_file paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Use syslog for logging. Existing syslog format is DEPRECATED during
-# I, and will change in J to honor RFC5424. (boolean value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
 
-# (Optional) Enables or disables syslog rfc5424 format for logging. If
-# enabled, prefixes the MSG part of the syslog message with APP-NAME
-# (RFC5424). The format without the APP-NAME is deprecated in I, and
-# will be removed in J. (boolean value)
-#use_syslog_rfc_format = false
-
-# Syslog facility to receive log lines. (string value)
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = true
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages without context. (string
-# value)
+# Format string to use for log messages when context is undefined.
+# (string value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Data to append to log format when level is DEBUG. (string value)
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
 # Prefix each line of exception output with this format. (string
 # value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
-# List of logger=LEVEL pairs. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# Enables or disables fatal status of deprecations. (boolean value)
-#fatal_deprecations = false
-
 # The format for an instance that is passed with the log message.
 # (string value)
 #instance_format = "[instance: %(uuid)s] "
@@ -412,20 +463,29 @@
 # (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
 #
 # From oslo.messaging
 #
 
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+#rpc_conn_pool_size = 30
+
 # ZeroMQ bind address. Should be a wildcard (*), an ethernet
 # interface, or IP. The "host" option should point or resolve to this
 # address. (string value)
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
-#rpc_zmq_matchmaker = local
+# Allowed values: redis, dummy
+#rpc_zmq_matchmaker = redis
 
-# ZeroMQ receiver listening port. (integer value)
-#rpc_zmq_port = 9501
+# Type of concurrency used. Either "native" or "eventlet" (string
+# value)
+#rpc_zmq_concurrency = eventlet
 
 # Number of ZeroMQ contexts, defaults to 1. (integer value)
 #rpc_zmq_contexts = 1
@@ -441,25 +501,41 @@
 # Must match "host" option, if running Nova. (string value)
 #rpc_zmq_host = localhost
 
-# Seconds to wait before a cast expires (TTL). Only supported by
-# impl_zmq. (integer value)
-#rpc_cast_timeout = 30
+# Seconds to wait before a cast expires (TTL). The default value of -1
+# specifies an infinite linger period. The value of 0 specifies no
+# linger period. Pending messages shall be discarded immediately when
+# the socket is closed. Only supported by impl_zmq. (integer value)
+#rpc_cast_timeout = -1
 
-# Heartbeat frequency. (integer value)
-#matchmaker_heartbeat_freq = 300
+# The default number of seconds that poll should wait. Poll raises
+# timeout exception when timeout expired. (integer value)
+#rpc_poll_timeout = 1
 
-# Heartbeat time-to-live. (integer value)
-#matchmaker_heartbeat_ttl = 600
+# Expiration timeout in seconds of a name service record about
+# existing target ( < 0 means no timeout). (integer value)
+#zmq_target_expire = 120
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
+# (boolean value)
+#use_pub_sub = true
 
-# Size of RPC thread pool. (integer value)
-#rpc_thread_pool_size = 64
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#rpc_zmq_min_port = 49152
 
-# Driver or drivers to handle sending notifications. (multi valued)
-#notification_driver =
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+#rpc_zmq_max_port = 65536
 
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-#notification_topics = notifications
+# Number of retries to find free port number before fail with
+# ZMQBindError. (integer value)
+#rpc_zmq_bind_port_retries = 100
+
+# Size of executor thread pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size = 64
 
 # Seconds to wait for a response from a call. (integer value)
 #rpc_response_timeout = 60
@@ -470,7 +546,7 @@
 #transport_url = <None>
 
 # The messaging driver to use, defaults to rabbit. Other drivers
-# include qpid and zmq. (string value)
+# include amqp and zmq. (string value)
 #rpc_backend = rabbit
 
 # The default exchange under which topics are scoped. May be
@@ -479,6 +555,66 @@
 #control_exchange = openstack
 
 
+[cors]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
+
+
+[cors.subdomain]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,PUT,POST,DELETE,PATCH
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
+
+
 [database]
 
 #
@@ -514,12 +650,6 @@
 # Example: mysql_sql_mode= (string value)
 #mysql_sql_mode = TRADITIONAL
 
-# This configures the MySQL storage engine. This allows for OpenStack to
-# support different storage engines such as InnoDB, NDB, etc. By Default,
-# this value will be set to InnoDB. For MySQL Cluster, set to NDBCLUSTER.
-# Example: mysql_storage_engine=(string value)
-#mysql_storage_engine = InnoDB
-
 # Timeout before idle SQL connections are reaped. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_idle_timeout
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
@@ -554,7 +684,7 @@
 # value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow = <None>
+#max_overflow = 50
 
 # Verbosity of SQL debugging information: 0=None, 100=Everything.
 # (integer value)
@@ -590,6 +720,15 @@
 # (integer value)
 #db_max_retries = 20
 
+#
+# From oslo.db.concurrency
+#
+
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
+
 
 [glance_store]
 
@@ -597,7 +736,8 @@
 # From glance.store
 #
 
-# List of stores enabled (list value)
+# List of stores enabled. Valid stores are: cinder, file, http, rbd,
+# sheepdog, swift, s3, vsphere (list value)
 #stores = file,http
 
 # Default scheme to use to store image data. The scheme must be
@@ -613,10 +753,6 @@
 # (integer value)
 #store_capabilities_update_min_interval = 0
 
-#
-# From glance.store
-#
-
 # Images will be chunked into objects of this size (in megabytes). For
 # best performance, this should be a power of two. (integer value)
 #sheepdog_store_chunk_size = 64
@@ -646,9 +782,31 @@
 # (string value)
 #rbd_store_ceph_conf = /etc/ceph/ceph.conf
 
+# Timeout value (in seconds) used when connecting to ceph cluster. If
+# value <= 0, no timeout is set and default librados value is used.
+# (integer value)
+#rados_connect_timeout = 0
+
+# Specify the path to the CA bundle file to use in verifying the
+# remote server certificate. (string value)
+#https_ca_certificates_file = <None>
+
+# If true, the remote server certificate is not verified. If false,
+# then the default CA truststore is used for verification. This option
+# is ignored if "https_ca_certificates_file" is set. (boolean value)
+#https_insecure = true
+
+# Specify the http/https proxy information that should be used to
+# connect to the remote server. The proxy information should be a key
+# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can
+# specify proxies for multiple schemes by seperating the key value
+# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.
+# (dict value)
+#http_proxy_information =
+
 # Directory to which the Filesystem backend store writes images.
 # (string value)
-filesystem_store_datadir = /var/lib/glance/images/
+#filesystem_store_datadir = /var/lib/glance/images
 
 # List of directories and its priorities to which the Filesystem
 # backend store writes images. (multi valued)
@@ -669,15 +827,6 @@
 # digit. (integer value)
 #filesystem_store_file_perm = 0
 
-# Hostname or IP address of the instance to connect to, or a mongodb
-# URI, or a list of hostnames / mongodb URIs. If host is an IPv6
-# literal it must be enclosed in '[' and ']' characters following the
-# RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value)
-#mongodb_store_uri = <None>
-
-# Database to use (string value)
-#mongodb_store_db = <None>
-
 # The host where the S3 server is listening. (string value)
 #s3_store_host = <None>
 
@@ -715,6 +864,21 @@
 # (integer value)
 #s3_store_thread_pools = 10
 
+# Enable the use of a proxy. (boolean value)
+#s3_store_enable_proxy = false
+
+# Address or hostname for the proxy server. (string value)
+#s3_store_proxy_host = <None>
+
+# The port to use when connecting over a proxy. (integer value)
+#s3_store_proxy_port = 8080
+
+# The username to connect to the proxy. (string value)
+#s3_store_proxy_user = <None>
+
+# The password to use when connecting over a proxy. (string value)
+#s3_store_proxy_password = <None>
+
 # ESX/ESXi or vCenter Server target system. The server value can be an
 # IP address or a DNS name. (string value)
 #vmware_server_host = <None>
@@ -727,18 +891,6 @@
 # value)
 #vmware_server_password = <None>
 
-# DEPRECATED. Inventory path to a datacenter. If the
-# vmware_server_host specified is an ESX/ESXi, the
-# vmware_datacenter_path is optional. If specified, it should be "ha-
-# datacenter". This option is deprecated in favor of vmware_datastores
-# and will be removed in the Liberty release. (string value)
-#vmware_datacenter_path = ha-datacenter
-
-# DEPRECATED. Datastore associated with the datacenter. This option is
-# deprecated in favor of vmware_datastores and will be removed in the
-# Liberty release. (string value)
-#vmware_datastore_name = <None>
-
 # Number of times VMware ESX/VC server API must be retried upon
 # connection related issues. (integer value)
 #vmware_api_retry_count = 10
@@ -751,36 +903,43 @@
 # the VMware datastore. (string value)
 #vmware_store_image_dir = /openstack_glance
 
-# Allow to perform insecure SSL requests to ESX/VC. (boolean value)
-#vmware_api_insecure = false
+# If true, the ESX/vCenter server certificate is not verified. If
+# false, then the default CA truststore is used for verification. This
+# option is ignored if "vmware_ca_file" is set. (boolean value)
+# Deprecated group/name - [DEFAULT]/vmware_api_insecure
+#vmware_insecure = false
+
+# Specify a CA bundle file to use in verifying the ESX/vCenter server
+# certificate. (string value)
+#vmware_ca_file = <None>
 
 # A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores.
-# Either one of vmware_datastore_name or vmware_datastores is
-# required. The datastore name should be specified after its
-# datacenter path, seperated by ":". An optional weight may be given
-# after the datastore name, seperated again by ":". Thus, the required
-# format becomes <datacenter_path>:<datastore_name>:<optional_weight>.
-# When adding an image, the datastore with highest weight will be
-# selected, unless there is not enough free space available in cases
-# where the image size is already known. If no weight is given, it is
-# assumed to be zero and the directory will be considered for
-# selection last. If multiple datastores have the same weight, then
-# the one with the most free space available is selected. (multi
-# valued)
+# be specified multiple times for specifying multiple datastores. The
+# datastore name should be specified after its datacenter path,
+# seperated by ":". An optional weight may be given after the
+# datastore name, seperated again by ":". Thus, the required format
+# becomes <datacenter_path>:<datastore_name>:<optional_weight>. When
+# adding an image, the datastore with highest weight will be selected,
+# unless there is not enough free space available in cases where the
+# image size is already known. If no weight is given, it is assumed to
+# be zero and the directory will be considered for selection last. If
+# multiple datastores have the same weight, then the one with the most
+# free space available is selected. (multi valued)
 #vmware_datastores =
 
 # Info to match when looking for cinder in the service catalog. Format
 # is : separated values of the form:
 # <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volume:cinder:publicURL
+#cinder_catalog_info = volumev2::publicURL
 
 # Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v1/%(project_id)s (string value)
+# e.g. http://localhost:8776/v2/%(tenant)s (string value)
 #cinder_endpoint_template = <None>
 
-# Region name of this node (string value)
-#os_region_name = <None>
+# Region name of this node. If specified, it will be used to locate
+# OpenStack services for stores. (string value)
+# Deprecated group/name - [DEFAULT]/os_region_name
+#cinder_os_region_name = <None>
 
 # Location of ca certicates file to use for cinder client requests.
 # (string value)
@@ -789,13 +948,33 @@
 # Number of cinderclient retries on failed http calls (integer value)
 #cinder_http_retries = 3
 
+# Time period of time in seconds to wait for a cinder volume
+# transition to complete. (integer value)
+#cinder_state_transition_timeout = 300
+
 # Allow to perform insecure SSL requests to cinder (boolean value)
 #cinder_api_insecure = false
 
-# Version of the authentication service to use. Valid versions are 2
-# for keystone and 1 for swauth and rackspace. (deprecated) (string
+# The address where the Cinder authentication service is listening. If
+# <None>, the cinder endpoint in the service catalog is used. (string
 # value)
-#swift_store_auth_version = 2
+#cinder_store_auth_address = <None>
+
+# User name to authenticate against Cinder. If <None>, the user of
+# current context is used. (string value)
+#cinder_store_user_name = <None>
+
+# Password for the user authenticating against Cinder. If <None>, the
+# current context auth token is used. (string value)
+#cinder_store_password = <None>
+
+# Project name where the image is stored in Cinder. If <None>, the
+# project in current context is used. (string value)
+#cinder_store_project_name = <None>
+
+# Path to the rootwrap configuration file to use for running commands
+# as root. (string value)
+#rootwrap_config = /etc/glance/rootwrap.conf
 
 # If True, swiftclient won't check for a valid SSL certificate when
 # authenticating. (boolean value)
@@ -850,7 +1029,7 @@
 # When set to 0, a single-tenant store will only use one container to
 # store all images. When set to an integer value between 1 and 32, a
 # single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
+# and this value will determine how many containers are created. Used
 # only when swift_store_multi_tenant is disabled. The total number of
 # containers that will be used is equal to 16^N, so if this config
 # option is set to 2, then 16^2=256 containers will be used to store
@@ -871,20 +1050,42 @@
 # request fails. (integer value)
 #swift_store_retry_get_count = 0
 
+# The period of time (in seconds) before token expirationwhen
+# glance_store will try to reques new user token. Default value 60 sec
+# means that if token is going to expire in 1 min then glance_store
+# request new user token. (integer value)
+#swift_store_expire_soon_interval = 60
+
+# If set to True create a trust for each add/get request to Multi-
+# tenant store in order to prevent authentication token to be expired
+# during uploading/downloading data. If set to False then user token
+# is used for Swift connection (so no overhead on trust creation).
+# Please note that this option is considered only and only if
+# swift_store_multi_tenant=True (boolean value)
+#swift_store_use_trusts = true
+
 # The reference to the default swift account/backing store parameters
 # to use for adding new images. (string value)
 #default_swift_reference = ref1
 
-# The address where the Swift authentication service is
-# listening.(deprecated) (string value)
+# Version of the authentication service to use. Valid versions are 2
+# and 3 for keystone and 1 (deprecated) for swauth and rackspace.
+# (deprecated - use "auth_version" in swift_store_config_file) (string
+# value)
+#swift_store_auth_version = 2
+
+# The address where the Swift authentication service is listening.
+# (deprecated - use "auth_address" in swift_store_config_file) (string
+# value)
 #swift_store_auth_address = <None>
 
 # The user to authenticate against the Swift authentication service
-# (deprecated) (string value)
+# (deprecated - use "user" in swift_store_config_file) (string value)
 #swift_store_user = <None>
 
 # Auth key for the user authenticating against the Swift
-# authentication service. (deprecated) (string value)
+# authentication service. (deprecated - use "key" in
+# swift_store_config_file) (string value)
 #swift_store_key = <None>
 
 # The config file that has the swift account(s)configs. (string value)
@@ -900,7 +1101,7 @@
 # Supported values for the 'container_format' image attribute (list
 # value)
 # Deprecated group/name - [DEFAULT]/container_formats
-#container_formats = ami,ari,aki,bare,ovf,ova,uar
+#container_formats = ami,ari,aki,bare,ovf,ova,docker,uar
 
 # Supported values for the 'disk_format' image attribute (list value)
 # Deprecated group/name - [DEFAULT]/disk_formats
@@ -950,6 +1151,9 @@
 # Verify HTTPS connections. (boolean value)
 #insecure = false
 
+# The region in which the identity server can be found. (string value)
+#region_name = <None>
+
 # Directory used to cache files related to PKI tokens. (string value)
 signing_dir = /var/lib/glance/keystone-signing
 
@@ -972,12 +1176,13 @@
 #revocation_cache_time = 10
 
 # (Optional) If defined, indicate whether token data should be
-# authenticated or authenticated and encrypted. Acceptable values are
-# MAC or ENCRYPT.  If MAC, token data is authenticated (with HMAC) in
-# the cache. If ENCRYPT, token data is encrypted and authenticated in
-# the cache. If the value is not one of these options or empty,
-# auth_token will raise an exception on initialization. (string value)
-#memcache_security_strategy = <None>
+# authenticated or authenticated and encrypted. If MAC, token data is
+# authenticated (with HMAC) in the cache. If ENCRYPT, token data is
+# encrypted and authenticated in the cache. If the value is not one of
+# these options or empty, auth_token will raise an exception on
+# initialization. (string value)
+# Allowed values: None, MAC, ENCRYPT
+#memcache_security_strategy = None
 
 # (Optional, mandatory if memcache_security_strategy is defined) This
 # string is used for key derivation. (string value)
@@ -992,7 +1197,7 @@
 #memcache_pool_maxsize = 10
 
 # (Optional) Socket timeout in seconds for communicating with a
-# memcache server. (integer value)
+# memcached server. (integer value)
 #memcache_pool_socket_timeout = 3
 
 # (Optional) Number of seconds a connection to memcached is held
@@ -1000,10 +1205,10 @@
 #memcache_pool_unused_timeout = 60
 
 # (Optional) Number of seconds that an operation will wait to get a
-# memcache client connection from the pool. (integer value)
+# memcached client connection from the pool. (integer value)
 #memcache_pool_conn_get_timeout = 10
 
-# (Optional) Use the advanced (eventlet safe) memcache client pool.
+# (Optional) Use the advanced (eventlet safe) memcached client pool.
 # The advanced pool will only work under python 2.x. (boolean value)
 #memcache_use_advanced_pool = false
 
@@ -1038,34 +1243,18 @@
 # value)
 #hash_algorithms = md5
 
-# Prefix to prepend at the beginning of the path. Deprecated, use
-# identity_uri. (string value)
-#auth_admin_prefix =
-
-# Host providing the admin Identity API endpoint. Deprecated, use
-# identity_uri. (string value)
-#auth_host = 127.0.0.1
-
-# Port of the admin Identity API endpoint. Deprecated, use
-# identity_uri. (integer value)
-#auth_port = 35357
+# Authentication type to load (unknown value)
+# Deprecated group/name - [DEFAULT]/auth_plugin
+#auth_type = <None>
 
-# Protocol of the admin Identity API endpoint (http or https).
-# Deprecated, use identity_uri. (string value)
-#auth_protocol = https
+# Config Section from which to load plugin specific options (unknown
+# value)
+#auth_section = <None>
 
-# Complete admin Identity API endpoint. This should specify the
-# unversioned root endpoint e.g. https://localhost:35357/ (string
-# value)
+# Complete admin Identity API endpoint. This should specify the unversioned
+# root endpoint e.g. https://localhost:35357/ (string value)
 identity_uri = http://127.0.0.1:35357/
 
-# This option is deprecated and may be removed in a future release.
-# Single shared secret with the Keystone configuration used for
-# bootstrapping a Keystone installation, or otherwise bypassing the
-# normal authentication process. This option should not be used, use
-# `admin_user` and `admin_password` instead. (string value)
-#admin_token = <None>
-
 # Service username. (string value)
 admin_user = %SERVICE_USER%
 
@@ -1075,13 +1264,6 @@
 # Service tenant name. (string value)
 admin_tenant_name = %SERVICE_TENANT_NAME%
 
-# Name of the plugin to load (string value)
-#auth_plugin = <None>
-
-# Config Section from which to load plugin specific options (string
-# value)
-#auth_section = <None>
-
 
 [matchmaker_redis]
 
@@ -1092,22 +1274,29 @@
 # Host to locate redis. (string value)
 #host = 127.0.0.1
 
-# Use this port to connect to redis host. (integer value)
+# Use this port to connect to redis host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #port = 6379
 
 # Password for Redis server (optional). (string value)
-#password = <None>
+#password =
 
+# List of Redis Sentinel hosts (fault tolerance mode) e.g.
+# [host:port, host1:port ... ] (list value)
+#sentinel_hosts =
 
-[matchmaker_ring]
+# Redis replica set name. (string value)
+#sentinel_group_name = oslo-messaging-zeromq
 
-#
-# From oslo.messaging
-#
+# Time in ms to wait between connection attempts. (integer value)
+#wait_timeout = 500
 
-# Matchmaker ring file (JSON). (string value)
-# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
-#ringfile = /etc/oslo/matchmaker_ring.json
+# Time in ms to wait before the transaction is killed. (integer value)
+#check_timeout = 20000
+
+# Timeout in ms on blocking socket operations (integer value)
+#socket_timeout = 1000
 
 
 [oslo_concurrency]
@@ -1125,7 +1314,7 @@
 # that need locking. Defaults to environment variable OSLO_LOCK_PATH.
 # If external locks are used, a lock path must be set. (string value)
 # Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
+lock_path = /var/lib/glance/lock
 
 
 [oslo_messaging_amqp]
@@ -1158,8 +1347,7 @@
 # Deprecated group/name - [amqp1]/trace
 #trace = false
 
-# CA certificate PEM file for verifing server certificate (string
-# value)
+# CA certificate PEM file to verify server certificate (string value)
 # Deprecated group/name - [amqp1]/ssl_ca_file
 #ssl_ca_file =
 
@@ -1181,73 +1369,49 @@
 # Deprecated group/name - [amqp1]/allow_insecure_clients
 #allow_insecure_clients = false
 
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
 
-[oslo_messaging_qpid]
+# Path to directory that contains the SASL configuration (string
+# value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+
+[oslo_messaging_notifications]
 
 #
 # From oslo.messaging
 #
 
-# Use durable queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues = false
-
-# Auto-delete queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_auto_delete
-#amqp_auto_delete = false
-
-# Size of RPC connection pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
-#rpc_conn_pool_size = 30
-
-# Qpid broker hostname. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_hostname
-#qpid_hostname = localhost
-
-# Qpid broker port. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_port
-#qpid_port = 5672
-
-# Qpid HA cluster host:port pairs. (list value)
-# Deprecated group/name - [DEFAULT]/qpid_hosts
-#qpid_hosts = $qpid_hostname:$qpid_port
-
-# Username for Qpid connection. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_username
-#qpid_username =
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
 
-# Password for Qpid connection. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_password
-#qpid_password =
-
-# Space separated list of SASL mechanisms to use for auth. (string
-# value)
-# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms
-#qpid_sasl_mechanisms =
-
-# Seconds between connection keepalive heartbeats. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_heartbeat
-#qpid_heartbeat = 60
+# A URL representing the messaging driver to use for notifications. If
+# not set, we fall back to the same configuration used for RPC.
+# (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
 
-# Transport to use, either 'tcp' or 'ssl'. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_protocol
-#qpid_protocol = tcp
-
-# Whether to disable the Nagle algorithm. (boolean value)
-# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay
-#qpid_tcp_nodelay = true
-
-# The number of prefetched messages held by receiver. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity
-#qpid_receiver_capacity = 1
-
-# The qpid topology version to use.  Version 1 is what was originally
-# used by impl_qpid.  Version 2 includes some backwards-incompatible
-# changes that allow broker federation to work.  Users should update
-# to version 2 when they are able to take everything down, as it
-# requires a clean break. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_topology_version
-#qpid_topology_version = 1
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
 
 
 [oslo_messaging_rabbit]
@@ -1257,6 +1421,7 @@
 #
 
 # Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
 # Deprecated group/name - [DEFAULT]/rabbit_durable_queues
 #amqp_durable_queues = false
 
@@ -1264,10 +1429,6 @@
 # Deprecated group/name - [DEFAULT]/amqp_auto_delete
 #amqp_auto_delete = false
 
-# Size of RPC connection pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
-#rpc_conn_pool_size = 30
-
 # SSL version to use (valid only if SSL enabled). Valid values are
 # TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
 # available on some distributions. (string value)
@@ -1292,13 +1453,31 @@
 # Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
 #kombu_reconnect_delay = 1.0
 
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
+# will not be used. This option may notbe available in future
+# versions. (string value)
+#kombu_compression = <None>
+
+# How long to wait a missing client beforce abandoning to send it its
+# replies. This value should not be longer than rpc_response_timeout.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout = 60
+
+# Determines how the next RabbitMQ node is chosen in case the one we
+# are currently connected to becomes unavailable. Takes effect only if
+# more than one RabbitMQ node is provided in config. (string value)
+# Allowed values: round-robin, shuffle
+#kombu_failover_strategy = round-robin
+
 # The RabbitMQ broker address where a single node is used. (string
 # value)
 # Deprecated group/name - [DEFAULT]/rabbit_host
 #rabbit_host = localhost
 
-# The RabbitMQ broker port where a single node is used. (integer
-# value)
+# The RabbitMQ broker port where a single node is used. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 # Deprecated group/name - [DEFAULT]/rabbit_port
 #rabbit_port = 5672
 
@@ -1334,21 +1513,40 @@
 # Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
 #rabbit_retry_backoff = 2
 
+# Maximum interval of RabbitMQ connection retries. Default is 30
+# seconds. (integer value)
+#rabbit_interval_max = 30
+
 # Maximum number of RabbitMQ connection retries. Default is 0
 # (infinite retry count). (integer value)
 # Deprecated group/name - [DEFAULT]/rabbit_max_retries
 #rabbit_max_retries = 0
 
-# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this
-# option, you must wipe the RabbitMQ database. (boolean value)
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change
+# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
+# queue mirroring is no longer controlled by the x-ha-policy argument
+# when declaring a queue. If you just want to make sure that all
+# queues (except those with auto-generated names) are mirrored across
+# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-
+# mode": "all"}' " (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_ha_queues
 #rabbit_ha_queues = false
 
+# Positive integer representing duration in seconds for queue TTL
+# (x-expires). Queues which are unused for the duration of the TTL are
+# automatically deleted. The parameter affects only reply and fanout
+# queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
+#rabbit_qos_prefetch_count = 0
+
 # Number of seconds after which the Rabbit broker is considered down
-# if heartbeat's keep-alive fails (0 disables the heartbeat, >0
-# enables it. Enabling heartbeats requires kombu>=3.0.7 and
-# amqp>=1.4.0). EXPERIMENTAL (integer value)
-#heartbeat_timeout_threshold = 0
+# if heartbeat's keep-alive fails (0 disable the heartbeat).
+# EXPERIMENTAL (integer value)
+#heartbeat_timeout_threshold = 60
 
 # How often times during the heartbeat_timeout_threshold we check the
 # heartbeat. (integer value)
@@ -1359,6 +1557,129 @@
 # Deprecated group/name - [DEFAULT]/fake_rabbit
 #fake_rabbit = false
 
+# Maximum number of channels to allow (integer value)
+#channel_max = <None>
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max = <None>
+
+# How often to send heartbeats for consumer's connections (integer
+# value)
+#heartbeat_interval = 1
+
+# Enable SSL (boolean value)
+#ssl = <None>
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options = <None>
+
+# Set socket timeout in seconds for connection's socket (floating
+# point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating
+# point value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error
+# (floating point value)
+#host_connection_reconnect_delay = 0.25
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size = 10
+
+# Maximum number of connections to create above `pool_max_size`.
+# (integer value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available
+# (integer value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no
+# recycling. Expired connections are closed on acquire. (integer
+# value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are
+# considered stale in seconds or None for no staleness. Stale
+# connections are closed on acquire. (integer value)
+#pool_stale = 60
+
+# Persist notification messages. (boolean value)
+#notification_persistence = false
+
+# Exchange name for for sending notifications (string value)
+#default_notification_exchange = ${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# notification listener. (integer value)
+#notification_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending notification message (floating point value)
+#notification_retry_delay = 0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer
+# value)
+#rpc_queue_expiration = 60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange = ${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange = ${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc listener. (integer value)
+#rpc_listener_prefetch_count = 100
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc reply listener. (integer value)
+#rpc_reply_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending reply. -1 means infinite retry during rpc_timeout (integer
+# value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending reply. (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during
+# sending RPC message, -1 means infinite retry. If actual retry
+# attempts in not 0 the rpc request could be processed more then one
+# time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending RPC message (floating point value)
+#rpc_retry_delay = 0.25
+
+
+[oslo_middleware]
+
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+
+# The HTTP Header that will be used to determine what the original
+# request protocol scheme was, even if it was hidden by an SSL
+# termination proxy. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#secure_proxy_ssl_header = X-Forwarded-Proto
+
 
 [oslo_policy]
 
@@ -1412,6 +1733,10 @@
 # If False doesn't trace SQL requests. (boolean value)
 #trace_sqlalchemy = false
 
+# Secret key to use to sign Glance API and Glance Registry services
+# tracing messages. (string value)
+#hmac_keys = SECRET_KEY
+
 
 [store_type_location_strategy]
 
--- a/components/openstack/glance/files/glance-api.xml	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/files/glance-api.xml	Wed Sep 07 14:48:42 2016 -0700
@@ -64,6 +64,11 @@
     <exec_method timeout_seconds="60" type="method" name="stop"
       exec=":kill"/>
 
+    <property_group name="startd" type="framework">
+      <!-- glance-api manages its children so we should ignore their death -->
+      <propval name='ignore_error' type='astring' value='signal' />
+    </property_group>
+
     <instance name='default' enabled='false'>
       <!-- to start/stop/refresh the service -->
       <property_group name='general' type='framework'>
--- a/components/openstack/glance/files/glance-cache.conf	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/files/glance-cache.conf	Wed Sep 07 14:48:42 2016 -0700
@@ -44,19 +44,20 @@
 # For example, if using the file system store a URL of
 # "file:///path/to/image" will be returned to the user in the
 # 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution!  The overrides
-# show_image_direct_url. (boolean value)
+# security risk, so use this setting with caution! Setting this to
+# true overrides the show_image_direct_url option. (boolean value)
 #show_multiple_locations = false
 
 # Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
+# 1099511627776 bytes (1 TB). WARNING: this value should only be
 # increased after careful consideration and must be set to a value
 # under 8 EB (9223372036854775808). (integer value)
+# Maximum value: 9223372036854775808
 #image_size_cap = 1099511627776
 
 # Set a system wide quota for every user. This value is the total
 # capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
+# 0 means unlimited. Optional unit can be specified for the value.
 # Accepted units are B, KB, MB, GB and TB representing Bytes,
 # KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
 # unit is specified then Bytes is assumed. Note that there should not
@@ -81,7 +82,9 @@
 #pydev_worker_debug_host = <None>
 
 # The port on which a pydev process is listening for connections.
-# (integer value)
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #pydev_worker_debug_port = 5678
 
 # AES key for encrypting store 'location' metadata. This includes, if
@@ -89,14 +92,12 @@
 # length 16, 24 or 32 bytes (string value)
 #metadata_encryption_key = <None>
 
-# Digest algorithm which will be used for digital signature; the
-# default is sha1 the default in Kilo for a smooth upgrade process,
-# and it will be updated with sha256 in next release(L). Use the
+# Digest algorithm which will be used for digital signature. Use the
 # command "openssl list-message-digest-algorithms" to get the
 # available algorithms supported by the version of OpenSSL on the
 # platform. Examples are "sha1", "sha256", "sha512", etc. (string
 # value)
-#digest_algorithm = sha1
+#digest_algorithm = sha256
 
 # The path to the sqlite file database that will be used for image
 # cache management. (string value)
@@ -106,135 +107,188 @@
 #image_cache_driver = sqlite
 
 # The upper limit (the maximum size of accumulated cache in bytes)
-# beyond which pruner, if running, starts cleaning the images cache.
-# (integer value)
+# beyond which the cache pruner, if running, starts cleaning the image
+# cache. (integer value)
 #image_cache_max_size = 10737418240
 
-# The amount of time to let an image remain in the cache without being
-# accessed. (integer value)
+# The amount of time to let an incomplete image remain in the cache,
+# before the cache cleaner, if running, will remove the incomplete
+# image. (integer value)
 #image_cache_stall_time = 86400
 
-# Base directory that the Image Cache uses. (string value)
+# Base directory that the image cache uses. (string value)
 #image_cache_dir = <None>
 
 # Address to find the registry server. (string value)
 #registry_host = 0.0.0.0
 
-# Port the registry server is listening on. (integer value)
+# Port the registry server is listening on. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #registry_port = 9191
 
 # Whether to pass through the user token when making requests to the
-# registry. (boolean value)
-# WARNING: DO NOT CHANGE THIS VALUE.  Setting use_user_token to False
-# allows for unintended privilege escalation within the Glance API server.
-# See https://wiki.openstack.org/wiki/OSSN/OSSN-0060
+# registry. To prevent failures with token expiration during big files
+# upload, it is recommended to set this parameter to False. If
+# "use_user_token" is not in effect, then admin credentials can be
+# specified. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #use_user_token = true
 
 # The administrators user name. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_user = %SERVICE_USER%
 
 # The administrators password. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_password = %SERVICE_PASSWORD%
 
 # The tenant name of the administrative user. If "use_user_token" is
 # not in effect, then admin tenant name can be specified. (string
 # value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_tenant_name = %SERVICE_TENANT_NAME%
 
 # The URL to the keystone service. If "use_user_token" is not in
 # effect and using keystone auth, then URL of keystone can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 auth_url = http://127.0.0.1:5000/v2.0/
 
 # The strategy to use for authentication. If "use_user_token" is not
 # in effect, then auth strategy can be specified. (string value)
-#auth_strategy = noauth
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
+auth_strategy = keystone
 
 # The region for the authentication service. If "use_user_token" is
 # not in effect and using keystone auth, then region name can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_region = <None>
 
 #
 # From oslo.log
 #
 
-# Print debugging output (set logging level to DEBUG instead of
-# default WARNING level). (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 #debug = false
 
-# Print more verbose output (set logging level to INFO instead of
-# default WARNING level). (boolean value)
-#verbose = false
+# If set to false, the logging level will be set to WARNING instead of
+# the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
 
 # The name of a logging configuration file. This file is appended to
 # any existing logging configuration files. For details about logging
 # configuration files, see the Python logging module documentation.
-# (string value)
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
-# DEPRECATED. A logging.Formatter log message format string which may
-# use any of the available logging.LogRecord attributes. This option
-# is deprecated.  Please use logging_context_format_string and
-# logging_default_format_string instead. (string value)
-#log_format = <None>
-
-# Format string for %%(asctime)s in log records. Default: %(default)s
-# . (string value)
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to output to. If no default is set,
-# logging will go to stdout. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
 
-# (Optional) The base directory used for relative --log-file paths.
-# (string value)
+# (Optional) The base directory used for relative log_file paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Use syslog for logging. Existing syslog format is DEPRECATED during
-# I, and will change in J to honor RFC5424. (boolean value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
 
-# (Optional) Enables or disables syslog rfc5424 format for logging. If
-# enabled, prefixes the MSG part of the syslog message with APP-NAME
-# (RFC5424). The format without the APP-NAME is deprecated in I, and
-# will be removed in J. (boolean value)
-#use_syslog_rfc_format = false
-
-# Syslog facility to receive log lines. (string value)
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = true
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages without context. (string
-# value)
+# Format string to use for log messages when context is undefined.
+# (string value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Data to append to log format when level is DEBUG. (string value)
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
 # Prefix each line of exception output with this format. (string
 # value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
-# List of logger=LEVEL pairs. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# Enables or disables fatal status of deprecations. (boolean value)
-#fatal_deprecations = false
-
 # The format for an instance that is passed with the log message.
 # (string value)
 #instance_format = "[instance: %(uuid)s] "
@@ -243,6 +297,9 @@
 # (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
 
 [glance_store]
 
@@ -250,7 +307,8 @@
 # From glance.store
 #
 
-# List of stores enabled (list value)
+# List of stores enabled. Valid stores are: cinder, file, http, rbd,
+# sheepdog, swift, s3, vsphere (list value)
 #stores = file,http
 
 # Default scheme to use to store image data. The scheme must be
@@ -266,10 +324,6 @@
 # (integer value)
 #store_capabilities_update_min_interval = 0
 
-#
-# From glance.store
-#
-
 # Images will be chunked into objects of this size (in megabytes). For
 # best performance, this should be a power of two. (integer value)
 #sheepdog_store_chunk_size = 64
@@ -299,9 +353,31 @@
 # (string value)
 #rbd_store_ceph_conf = /etc/ceph/ceph.conf
 
+# Timeout value (in seconds) used when connecting to ceph cluster. If
+# value <= 0, no timeout is set and default librados value is used.
+# (integer value)
+#rados_connect_timeout = 0
+
+# Specify the path to the CA bundle file to use in verifying the
+# remote server certificate. (string value)
+#https_ca_certificates_file = <None>
+
+# If true, the remote server certificate is not verified. If false,
+# then the default CA truststore is used for verification. This option
+# is ignored if "https_ca_certificates_file" is set. (boolean value)
+#https_insecure = true
+
+# Specify the http/https proxy information that should be used to
+# connect to the remote server. The proxy information should be a key
+# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can
+# specify proxies for multiple schemes by seperating the key value
+# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.
+# (dict value)
+#http_proxy_information =
+
 # Directory to which the Filesystem backend store writes images.
 # (string value)
-filesystem_store_datadir = /var/lib/glance/images/
+#filesystem_store_datadir = /var/lib/glance/images
 
 # List of directories and its priorities to which the Filesystem
 # backend store writes images. (multi valued)
@@ -322,15 +398,6 @@
 # digit. (integer value)
 #filesystem_store_file_perm = 0
 
-# Hostname or IP address of the instance to connect to, or a mongodb
-# URI, or a list of hostnames / mongodb URIs. If host is an IPv6
-# literal it must be enclosed in '[' and ']' characters following the
-# RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value)
-#mongodb_store_uri = <None>
-
-# Database to use (string value)
-#mongodb_store_db = <None>
-
 # The host where the S3 server is listening. (string value)
 #s3_store_host = <None>
 
@@ -368,6 +435,21 @@
 # (integer value)
 #s3_store_thread_pools = 10
 
+# Enable the use of a proxy. (boolean value)
+#s3_store_enable_proxy = false
+
+# Address or hostname for the proxy server. (string value)
+#s3_store_proxy_host = <None>
+
+# The port to use when connecting over a proxy. (integer value)
+#s3_store_proxy_port = 8080
+
+# The username to connect to the proxy. (string value)
+#s3_store_proxy_user = <None>
+
+# The password to use when connecting over a proxy. (string value)
+#s3_store_proxy_password = <None>
+
 # ESX/ESXi or vCenter Server target system. The server value can be an
 # IP address or a DNS name. (string value)
 #vmware_server_host = <None>
@@ -380,18 +462,6 @@
 # value)
 #vmware_server_password = <None>
 
-# DEPRECATED. Inventory path to a datacenter. If the
-# vmware_server_host specified is an ESX/ESXi, the
-# vmware_datacenter_path is optional. If specified, it should be "ha-
-# datacenter". This option is deprecated in favor of vmware_datastores
-# and will be removed in the Liberty release. (string value)
-#vmware_datacenter_path = ha-datacenter
-
-# DEPRECATED. Datastore associated with the datacenter. This option is
-# deprecated in favor of vmware_datastores and will be removed in the
-# Liberty release. (string value)
-#vmware_datastore_name = <None>
-
 # Number of times VMware ESX/VC server API must be retried upon
 # connection related issues. (integer value)
 #vmware_api_retry_count = 10
@@ -404,36 +474,43 @@
 # the VMware datastore. (string value)
 #vmware_store_image_dir = /openstack_glance
 
-# Allow to perform insecure SSL requests to ESX/VC. (boolean value)
-#vmware_api_insecure = false
+# If true, the ESX/vCenter server certificate is not verified. If
+# false, then the default CA truststore is used for verification. This
+# option is ignored if "vmware_ca_file" is set. (boolean value)
+# Deprecated group/name - [DEFAULT]/vmware_api_insecure
+#vmware_insecure = false
+
+# Specify a CA bundle file to use in verifying the ESX/vCenter server
+# certificate. (string value)
+#vmware_ca_file = <None>
 
 # A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores.
-# Either one of vmware_datastore_name or vmware_datastores is
-# required. The datastore name should be specified after its
-# datacenter path, seperated by ":". An optional weight may be given
-# after the datastore name, seperated again by ":". Thus, the required
-# format becomes <datacenter_path>:<datastore_name>:<optional_weight>.
-# When adding an image, the datastore with highest weight will be
-# selected, unless there is not enough free space available in cases
-# where the image size is already known. If no weight is given, it is
-# assumed to be zero and the directory will be considered for
-# selection last. If multiple datastores have the same weight, then
-# the one with the most free space available is selected. (multi
-# valued)
+# be specified multiple times for specifying multiple datastores. The
+# datastore name should be specified after its datacenter path,
+# seperated by ":". An optional weight may be given after the
+# datastore name, seperated again by ":". Thus, the required format
+# becomes <datacenter_path>:<datastore_name>:<optional_weight>. When
+# adding an image, the datastore with highest weight will be selected,
+# unless there is not enough free space available in cases where the
+# image size is already known. If no weight is given, it is assumed to
+# be zero and the directory will be considered for selection last. If
+# multiple datastores have the same weight, then the one with the most
+# free space available is selected. (multi valued)
 #vmware_datastores =
 
 # Info to match when looking for cinder in the service catalog. Format
 # is : separated values of the form:
 # <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volume:cinder:publicURL
+#cinder_catalog_info = volumev2::publicURL
 
 # Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v1/%(project_id)s (string value)
+# e.g. http://localhost:8776/v2/%(tenant)s (string value)
 #cinder_endpoint_template = <None>
 
-# Region name of this node (string value)
-#os_region_name = <None>
+# Region name of this node. If specified, it will be used to locate
+# OpenStack services for stores. (string value)
+# Deprecated group/name - [DEFAULT]/os_region_name
+#cinder_os_region_name = <None>
 
 # Location of ca certicates file to use for cinder client requests.
 # (string value)
@@ -442,13 +519,33 @@
 # Number of cinderclient retries on failed http calls (integer value)
 #cinder_http_retries = 3
 
+# Time period of time in seconds to wait for a cinder volume
+# transition to complete. (integer value)
+#cinder_state_transition_timeout = 300
+
 # Allow to perform insecure SSL requests to cinder (boolean value)
 #cinder_api_insecure = false
 
-# Version of the authentication service to use. Valid versions are 2
-# for keystone and 1 for swauth and rackspace. (deprecated) (string
+# The address where the Cinder authentication service is listening. If
+# <None>, the cinder endpoint in the service catalog is used. (string
 # value)
-#swift_store_auth_version = 2
+#cinder_store_auth_address = <None>
+
+# User name to authenticate against Cinder. If <None>, the user of
+# current context is used. (string value)
+#cinder_store_user_name = <None>
+
+# Password for the user authenticating against Cinder. If <None>, the
+# current context auth token is used. (string value)
+#cinder_store_password = <None>
+
+# Project name where the image is stored in Cinder. If <None>, the
+# project in current context is used. (string value)
+#cinder_store_project_name = <None>
+
+# Path to the rootwrap configuration file to use for running commands
+# as root. (string value)
+#rootwrap_config = /etc/glance/rootwrap.conf
 
 # If True, swiftclient won't check for a valid SSL certificate when
 # authenticating. (boolean value)
@@ -503,7 +600,7 @@
 # When set to 0, a single-tenant store will only use one container to
 # store all images. When set to an integer value between 1 and 32, a
 # single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
+# and this value will determine how many containers are created. Used
 # only when swift_store_multi_tenant is disabled. The total number of
 # containers that will be used is equal to 16^N, so if this config
 # option is set to 2, then 16^2=256 containers will be used to store
@@ -524,20 +621,42 @@
 # request fails. (integer value)
 #swift_store_retry_get_count = 0
 
+# The period of time (in seconds) before token expirationwhen
+# glance_store will try to reques new user token. Default value 60 sec
+# means that if token is going to expire in 1 min then glance_store
+# request new user token. (integer value)
+#swift_store_expire_soon_interval = 60
+
+# If set to True create a trust for each add/get request to Multi-
+# tenant store in order to prevent authentication token to be expired
+# during uploading/downloading data. If set to False then user token
+# is used for Swift connection (so no overhead on trust creation).
+# Please note that this option is considered only and only if
+# swift_store_multi_tenant=True (boolean value)
+#swift_store_use_trusts = true
+
 # The reference to the default swift account/backing store parameters
 # to use for adding new images. (string value)
 #default_swift_reference = ref1
 
-# The address where the Swift authentication service is
-# listening.(deprecated) (string value)
+# Version of the authentication service to use. Valid versions are 2
+# and 3 for keystone and 1 (deprecated) for swauth and rackspace.
+# (deprecated - use "auth_version" in swift_store_config_file) (string
+# value)
+#swift_store_auth_version = 2
+
+# The address where the Swift authentication service is listening.
+# (deprecated - use "auth_address" in swift_store_config_file) (string
+# value)
 #swift_store_auth_address = <None>
 
 # The user to authenticate against the Swift authentication service
-# (deprecated) (string value)
+# (deprecated - use "user" in swift_store_config_file) (string value)
 #swift_store_user = <None>
 
 # Auth key for the user authenticating against the Swift
-# authentication service. (deprecated) (string value)
+# authentication service. (deprecated - use "key" in
+# swift_store_config_file) (string value)
 #swift_store_key = <None>
 
 # The config file that has the swift account(s)configs. (string value)
@@ -559,7 +678,7 @@
 # that need locking. Defaults to environment variable OSLO_LOCK_PATH.
 # If external locks are used, a lock path must be set. (string value)
 # Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
+lock_path = /var/lib/glance/lock
 
 
 [oslo_policy]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/glance/files/glance-glare.conf	Wed Sep 07 14:48:42 2016 -0700
@@ -0,0 +1,1439 @@
+[DEFAULT]
+
+#
+# From glance.glare
+#
+
+# When true, this option sets the owner of an image to be the tenant.
+# Otherwise, the owner of the image will be the authenticated user
+# issuing the request. (boolean value)
+#owner_is_tenant = true
+
+# Role used to identify an authenticated user as administrator.
+# (string value)
+#admin_role = admin
+
+# Allow unauthenticated users to access the API with read-only
+# privileges. This only applies when using ContextMiddleware. (boolean
+# value)
+#allow_anonymous_access = false
+
+# Limits request ID length. (integer value)
+#max_request_id_length = 64
+
+# Public url to use for versions endpoint. The default is None, which
+# will use the request's host_url attribute to populate the URL base.
+# If Glance is operating behind a proxy, you will want to change this
+# to represent the proxy's URL. (string value)
+#public_endpoint = <None>
+
+# Address to bind the server.  Useful when selecting a particular
+# network interface. (string value)
+#bind_host = 0.0.0.0
+
+# The port on which the server will listen. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#bind_port = <None>
+
+# The number of child process workers that will be created to service
+# requests. The default will be equal to the number of CPUs available.
+# (integer value)
+workers = 1
+
+# Maximum line size of message headers to be accepted. max_header_line
+# may need to be increased when using large tokens (typically those
+# generated by the Keystone v3 API with big service catalogs (integer
+# value)
+#max_header_line = 16384
+
+# If False, server will return the header "Connection: close", If
+# True, server will return "Connection: Keep-Alive" in its responses.
+# In order to close the client socket connection explicitly after the
+# response is sent and read successfully by the client, you simply
+# have to set this option to False when you create a wsgi server.
+# (boolean value)
+#http_keepalive = true
+
+# Timeout for client connections' socket operations. If an incoming
+# connection is idle for this number of seconds it will be closed. A
+# value of '0' means wait forever. (integer value)
+#client_socket_timeout = 900
+
+# The backlog value that will be used when creating the TCP listener
+# socket. (integer value)
+#backlog = 4096
+
+# The value for the socket option TCP_KEEPIDLE.  This is the time in
+# seconds that the connection must be idle before TCP starts sending
+# keepalive probes. (integer value)
+#tcp_keepidle = 600
+
+# CA certificate file to use to verify connecting clients. (string
+# value)
+#ca_file = <None>
+
+# Certificate file to use when starting API server securely. (string
+# value)
+#cert_file = <None>
+
+# Private key file to use when starting API server securely. (string
+# value)
+#key_file = <None>
+
+# If False fully disable profiling feature. (boolean value)
+#enabled = false
+
+# If False doesn't trace SQL requests. (boolean value)
+#trace_sqlalchemy = false
+
+# Secret key to use to sign Glance API and Glance Registry services
+# tracing messages. (string value)
+#hmac_keys = SECRET_KEY
+
+# Default publisher_id for outgoing notifications. (string value)
+#default_publisher_id = image.localhost
+
+# List of disabled notifications. A notification can be given either
+# as a notification type to disable a single event, or as a
+# notification group prefix to disable all events within a group.
+# Example: if this config option is set to ["image.create",
+# "metadef_namespace"], then "image.create" notification will not be
+# sent after image is created and none of the notifications for
+# metadefinition namespaces will be sent. (list value)
+#disabled_notifications =
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
+#debug = false
+
+# If set to false, the logging level will be set to WARNING instead of
+# the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
+
+# The name of a logging configuration file. This file is appended to
+# any existing logging configuration files. For details about logging
+# configuration files, see the Python logging module documentation.
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = <None>
+
+# (Optional) The base directory used for relative log_file paths.
+# This option is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
+#use_syslog = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
+#use_stderr = true
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined.
+# (string value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string
+# value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message.
+# (string value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message.
+# (string value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
+#
+# From oslo.messaging
+#
+
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+#rpc_conn_pool_size = 30
+
+# ZeroMQ bind address. Should be a wildcard (*), an ethernet
+# interface, or IP. The "host" option should point or resolve to this
+# address. (string value)
+#rpc_zmq_bind_address = *
+
+# MatchMaker driver. (string value)
+# Allowed values: redis, dummy
+#rpc_zmq_matchmaker = redis
+
+# Type of concurrency used. Either "native" or "eventlet" (string
+# value)
+#rpc_zmq_concurrency = eventlet
+
+# Number of ZeroMQ contexts, defaults to 1. (integer value)
+#rpc_zmq_contexts = 1
+
+# Maximum number of ingress messages to locally buffer per topic.
+# Default is unlimited. (integer value)
+#rpc_zmq_topic_backlog = <None>
+
+# Directory for holding IPC sockets. (string value)
+#rpc_zmq_ipc_dir = /var/run/openstack
+
+# Name of this node. Must be a valid hostname, FQDN, or IP address.
+# Must match "host" option, if running Nova. (string value)
+#rpc_zmq_host = localhost
+
+# Seconds to wait before a cast expires (TTL). The default value of -1
+# specifies an infinite linger period. The value of 0 specifies no
+# linger period. Pending messages shall be discarded immediately when
+# the socket is closed. Only supported by impl_zmq. (integer value)
+#rpc_cast_timeout = -1
+
+# The default number of seconds that poll should wait. Poll raises
+# timeout exception when timeout expired. (integer value)
+#rpc_poll_timeout = 1
+
+# Expiration timeout in seconds of a name service record about
+# existing target ( < 0 means no timeout). (integer value)
+#zmq_target_expire = 120
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
+# (boolean value)
+#use_pub_sub = true
+
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#rpc_zmq_min_port = 49152
+
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+#rpc_zmq_max_port = 65536
+
+# Number of retries to find free port number before fail with
+# ZMQBindError. (integer value)
+#rpc_zmq_bind_port_retries = 100
+
+# Size of executor thread pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size = 64
+
+# Seconds to wait for a response from a call. (integer value)
+#rpc_response_timeout = 60
+
+# A URL representing the messaging driver to use and its full
+# configuration. If not set, we fall back to the rpc_backend option
+# and driver specific configuration. (string value)
+#transport_url = <None>
+
+# The messaging driver to use, defaults to rabbit. Other drivers
+# include amqp and zmq. (string value)
+#rpc_backend = rabbit
+
+# The default exchange under which topics are scoped. May be
+# overridden by an exchange name specified in the transport_url
+# option. (string value)
+#control_exchange = openstack
+
+
+[cors]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+
+[cors.subdomain]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+
+[database]
+
+#
+# From oslo.db
+#
+
+# The file name to use with SQLite. (string value)
+# Deprecated group/name - [DEFAULT]/sqlite_db
+#sqlite_db = oslo.sqlite
+
+# If True, SQLite uses synchronous mode. (boolean value)
+# Deprecated group/name - [DEFAULT]/sqlite_synchronous
+#sqlite_synchronous = true
+
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
+
+# The SQLAlchemy connection string to use to connect to the database.
+# (string value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
+connection = mysql://%SERVICE_USER%:%SERVICE_PASSWORD%@localhost/glance
+
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
+#slave_connection = <None>
+
+# The SQL mode to be used for MySQL sessions. This option, including
+# the default, overrides any server-set SQL mode. To use whatever SQL
+# mode is set by the server configuration, set this to no value.
+# Example: mysql_sql_mode= (string value)
+#mysql_sql_mode = TRADITIONAL
+
+# Timeout before idle SQL connections are reaped. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#idle_timeout = 3600
+
+# Minimum number of SQL connections to keep open in a pool. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+#min_pool_size = 1
+
+# Maximum number of SQL connections to keep open in a pool. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size = <None>
+
+# Maximum number of database connection retries during startup. Set to
+# -1 to specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries = 10
+
+# Interval between retries of opening a SQL connection. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval = 10
+
+# If set, use this value for max_overflow with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow = 50
+
+# Verbosity of SQL debugging information: 0=None, 100=Everything.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug = 0
+
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace = false
+
+# If set, use this value for pool_timeout with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout = <None>
+
+# Enable the experimental use of database reconnect on connection
+# lost. (boolean value)
+#use_db_reconnect = false
+
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval = 1
+
+# If True, increases the interval between retries of a database
+# operation up to db_max_retry_interval. (boolean value)
+#db_inc_retry_interval = true
+
+# If db_inc_retry_interval is set, the maximum seconds between retries
+# of a database operation. (integer value)
+#db_max_retry_interval = 10
+
+# Maximum retries in case of connection error or deadlock error before
+# error is raised. Set to -1 to specify an infinite retry count.
+# (integer value)
+#db_max_retries = 20
+
+#
+# From oslo.db.concurrency
+#
+
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
+
+
+[glance_store]
+
+#
+# From glance.store
+#
+
+# List of stores enabled. Valid stores are: cinder, file, http, rbd,
+# sheepdog, swift, s3, vsphere (list value)
+#stores = file,http
+
+# Default scheme to use to store image data. The scheme must be
+# registered by one of the stores defined by the 'stores' config
+# option. (string value)
+#default_store = file
+
+# Minimum interval seconds to execute updating dynamic storage
+# capabilities based on backend status then. It's not a periodic
+# routine, the update logic will be executed only when interval
+# seconds elapsed and an operation of store has triggered. The feature
+# will be enabled only when the option value greater then zero.
+# (integer value)
+#store_capabilities_update_min_interval = 0
+
+# Images will be chunked into objects of this size (in megabytes). For
+# best performance, this should be a power of two. (integer value)
+#sheepdog_store_chunk_size = 64
+
+# Port of sheep daemon. (integer value)
+#sheepdog_store_port = 7000
+
+# IP address of sheep daemon. (string value)
+#sheepdog_store_address = localhost
+
+# RADOS images will be chunked into objects of this size (in
+# megabytes). For best performance, this should be a power of two.
+# (integer value)
+#rbd_store_chunk_size = 8
+
+# RADOS pool in which images are stored. (string value)
+#rbd_store_pool = images
+
+# RADOS user to authenticate as (only applicable if using Cephx. If
+# <None>, a default will be chosen based on the client. section in
+# rbd_store_ceph_conf) (string value)
+#rbd_store_user = <None>
+
+# Ceph configuration file path. If <None>, librados will locate the
+# default config. If using cephx authentication, this file should
+# include a reference to the right keyring in a client.<USER> section
+# (string value)
+#rbd_store_ceph_conf = /etc/ceph/ceph.conf
+
+# Timeout value (in seconds) used when connecting to ceph cluster. If
+# value <= 0, no timeout is set and default librados value is used.
+# (integer value)
+#rados_connect_timeout = 0
+
+# Specify the path to the CA bundle file to use in verifying the
+# remote server certificate. (string value)
+#https_ca_certificates_file = <None>
+
+# If true, the remote server certificate is not verified. If false,
+# then the default CA truststore is used for verification. This option
+# is ignored if "https_ca_certificates_file" is set. (boolean value)
+#https_insecure = true
+
+# Specify the http/https proxy information that should be used to
+# connect to the remote server. The proxy information should be a key
+# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can
+# specify proxies for multiple schemes by seperating the key value
+# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.
+# (dict value)
+#http_proxy_information =
+
+# Directory to which the Filesystem backend store writes images.
+# (string value)
+#filesystem_store_datadir = /var/lib/glance/images
+
+# List of directories and its priorities to which the Filesystem
+# backend store writes images. (multi valued)
+#filesystem_store_datadirs =
+
+# The path to a file which contains the metadata to be returned with
+# any location associated with this store.  The file must contain a
+# valid JSON object. The object should contain the keys 'id' and
+# 'mountpoint'. The value for both keys should be 'string'. (string
+# value)
+#filesystem_store_metadata_file = <None>
+
+# The required permission for created image file. In this way the user
+# other service used, e.g. Nova, who consumes the image could be the
+# exclusive member of the group that owns the files created. Assigning
+# it less then or equal to zero means don't change the default
+# permission of the file. This value will be decoded as an octal
+# digit. (integer value)
+#filesystem_store_file_perm = 0
+
+# The host where the S3 server is listening. (string value)
+#s3_store_host = <None>
+
+# The S3 query token access key. (string value)
+#s3_store_access_key = <None>
+
+# The S3 query token secret key. (string value)
+#s3_store_secret_key = <None>
+
+# The S3 bucket to be used to store the Glance data. (string value)
+#s3_store_bucket = <None>
+
+# The local directory where uploads will be staged before they are
+# transferred into S3. (string value)
+#s3_store_object_buffer_dir = <None>
+
+# A boolean to determine if the S3 bucket should be created on upload
+# if it does not exist or if an error should be returned to the user.
+# (boolean value)
+#s3_store_create_bucket_on_put = false
+
+# The S3 calling format used to determine the bucket. Either subdomain
+# or path can be used. (string value)
+#s3_store_bucket_url_format = subdomain
+
+# What size, in MB, should S3 start chunking image files and do a
+# multipart upload in S3. (integer value)
+#s3_store_large_object_size = 100
+
+# What multipart upload part size, in MB, should S3 use when uploading
+# parts. The size must be greater than or equal to 5M. (integer value)
+#s3_store_large_object_chunk_size = 10
+
+# The number of thread pools to perform a multipart upload in S3.
+# (integer value)
+#s3_store_thread_pools = 10
+
+# Enable the use of a proxy. (boolean value)
+#s3_store_enable_proxy = false
+
+# Address or hostname for the proxy server. (string value)
+#s3_store_proxy_host = <None>
+
+# The port to use when connecting over a proxy. (integer value)
+#s3_store_proxy_port = 8080
+
+# The username to connect to the proxy. (string value)
+#s3_store_proxy_user = <None>
+
+# The password to use when connecting over a proxy. (string value)
+#s3_store_proxy_password = <None>
+
+# ESX/ESXi or vCenter Server target system. The server value can be an
+# IP address or a DNS name. (string value)
+#vmware_server_host = <None>
+
+# Username for authenticating with VMware ESX/VC server. (string
+# value)
+#vmware_server_username = <None>
+
+# Password for authenticating with VMware ESX/VC server. (string
+# value)
+#vmware_server_password = <None>
+
+# Number of times VMware ESX/VC server API must be retried upon
+# connection related issues. (integer value)
+#vmware_api_retry_count = 10
+
+# The interval used for polling remote tasks invoked on VMware ESX/VC
+# server. (integer value)
+#vmware_task_poll_interval = 5
+
+# The name of the directory where the glance images will be stored in
+# the VMware datastore. (string value)
+#vmware_store_image_dir = /openstack_glance
+
+# If true, the ESX/vCenter server certificate is not verified. If
+# false, then the default CA truststore is used for verification. This
+# option is ignored if "vmware_ca_file" is set. (boolean value)
+# Deprecated group/name - [DEFAULT]/vmware_api_insecure
+#vmware_insecure = false
+
+# Specify a CA bundle file to use in verifying the ESX/vCenter server
+# certificate. (string value)
+#vmware_ca_file = <None>
+
+# A list of datastores where the image can be stored. This option may
+# be specified multiple times for specifying multiple datastores. The
+# datastore name should be specified after its datacenter path,
+# seperated by ":". An optional weight may be given after the
+# datastore name, seperated again by ":". Thus, the required format
+# becomes <datacenter_path>:<datastore_name>:<optional_weight>. When
+# adding an image, the datastore with highest weight will be selected,
+# unless there is not enough free space available in cases where the
+# image size is already known. If no weight is given, it is assumed to
+# be zero and the directory will be considered for selection last. If
+# multiple datastores have the same weight, then the one with the most
+# free space available is selected. (multi valued)
+#vmware_datastores =
+
+# Info to match when looking for cinder in the service catalog. Format
+# is : separated values of the form:
+# <service_type>:<service_name>:<endpoint_type> (string value)
+#cinder_catalog_info = volumev2::publicURL
+
+# Override service catalog lookup with template for cinder endpoint
+# e.g. http://localhost:8776/v2/%(tenant)s (string value)
+#cinder_endpoint_template = <None>
+
+# Region name of this node. If specified, it will be used to locate
+# OpenStack services for stores. (string value)
+# Deprecated group/name - [DEFAULT]/os_region_name
+#cinder_os_region_name = <None>
+
+# Location of ca certicates file to use for cinder client requests.
+# (string value)
+#cinder_ca_certificates_file = <None>
+
+# Number of cinderclient retries on failed http calls (integer value)
+#cinder_http_retries = 3
+
+# Time period of time in seconds to wait for a cinder volume
+# transition to complete. (integer value)
+#cinder_state_transition_timeout = 300
+
+# Allow to perform insecure SSL requests to cinder (boolean value)
+#cinder_api_insecure = false
+
+# The address where the Cinder authentication service is listening. If
+# <None>, the cinder endpoint in the service catalog is used. (string
+# value)
+#cinder_store_auth_address = <None>
+
+# User name to authenticate against Cinder. If <None>, the user of
+# current context is used. (string value)
+#cinder_store_user_name = <None>
+
+# Password for the user authenticating against Cinder. If <None>, the
+# current context auth token is used. (string value)
+#cinder_store_password = <None>
+
+# Project name where the image is stored in Cinder. If <None>, the
+# project in current context is used. (string value)
+#cinder_store_project_name = <None>
+
+# Path to the rootwrap configuration file to use for running commands
+# as root. (string value)
+#rootwrap_config = /etc/glance/rootwrap.conf
+
+# If True, swiftclient won't check for a valid SSL certificate when
+# authenticating. (boolean value)
+#swift_store_auth_insecure = false
+
+# A string giving the CA certificate file to use in SSL connections
+# for verifying certs. (string value)
+#swift_store_cacert = <None>
+
+# The region of the swift endpoint to be used for single tenant. This
+# setting is only necessary if the tenant has multiple swift
+# endpoints. (string value)
+#swift_store_region = <None>
+
+# If set, the configured endpoint will be used. If None, the storage
+# url from the auth response will be used. (string value)
+#swift_store_endpoint = <None>
+
+# A string giving the endpoint type of the swift service to use
+# (publicURL, adminURL or internalURL). This setting is only used if
+# swift_store_auth_version is 2. (string value)
+#swift_store_endpoint_type = publicURL
+
+# A string giving the service type of the swift service to use. This
+# setting is only used if swift_store_auth_version is 2. (string
+# value)
+#swift_store_service_type = object-store
+
+# Container within the account that the account should use for storing
+# images in Swift when using single container mode. In multiple
+# container mode, this will be the prefix for all containers. (string
+# value)
+#swift_store_container = glance
+
+# The size, in MB, that Glance will start chunking image files and do
+# a large object manifest in Swift. (integer value)
+#swift_store_large_object_size = 5120
+
+# The amount of data written to a temporary disk buffer during the
+# process of chunking the image file. (integer value)
+#swift_store_large_object_chunk_size = 200
+
+# A boolean value that determines if we create the container if it
+# does not exist. (boolean value)
+#swift_store_create_container_on_put = false
+
+# If set to True, enables multi-tenant storage mode which causes
+# Glance images to be stored in tenant specific Swift accounts.
+# (boolean value)
+#swift_store_multi_tenant = false
+
+# When set to 0, a single-tenant store will only use one container to
+# store all images. When set to an integer value between 1 and 32, a
+# single-tenant store will use multiple containers to store images,
+# and this value will determine how many containers are created. Used
+# only when swift_store_multi_tenant is disabled. The total number of
+# containers that will be used is equal to 16^N, so if this config
+# option is set to 2, then 16^2=256 containers will be used to store
+# images. (integer value)
+#swift_store_multiple_containers_seed = 0
+
+# A list of tenants that will be granted read/write access on all
+# Swift containers created by Glance in multi-tenant mode. (list
+# value)
+#swift_store_admin_tenants =
+
+# If set to False, disables SSL layer compression of https swift
+# requests. Setting to False may improve performance for images which
+# are already in a compressed format, eg qcow2. (boolean value)
+#swift_store_ssl_compression = true
+
+# The number of times a Swift download will be retried before the
+# request fails. (integer value)
+#swift_store_retry_get_count = 0
+
+# The period of time (in seconds) before token expirationwhen
+# glance_store will try to reques new user token. Default value 60 sec
+# means that if token is going to expire in 1 min then glance_store
+# request new user token. (integer value)
+#swift_store_expire_soon_interval = 60
+
+# If set to True create a trust for each add/get request to Multi-
+# tenant store in order to prevent authentication token to be expired
+# during uploading/downloading data. If set to False then user token
+# is used for Swift connection (so no overhead on trust creation).
+# Please note that this option is considered only and only if
+# swift_store_multi_tenant=True (boolean value)
+#swift_store_use_trusts = true
+
+# The reference to the default swift account/backing store parameters
+# to use for adding new images. (string value)
+#default_swift_reference = ref1
+
+# Version of the authentication service to use. Valid versions are 2
+# and 3 for keystone and 1 (deprecated) for swauth and rackspace.
+# (deprecated - use "auth_version" in swift_store_config_file) (string
+# value)
+#swift_store_auth_version = 2
+
+# The address where the Swift authentication service is listening.
+# (deprecated - use "auth_address" in swift_store_config_file) (string
+# value)
+#swift_store_auth_address = <None>
+
+# The user to authenticate against the Swift authentication service
+# (deprecated - use "user" in swift_store_config_file) (string value)
+#swift_store_user = <None>
+
+# Auth key for the user authenticating against the Swift
+# authentication service. (deprecated - use "key" in
+# swift_store_config_file) (string value)
+#swift_store_key = <None>
+
+# The config file that has the swift account(s)configs. (string value)
+#swift_store_config_file = <None>
+
+
+[keystone_authtoken]
+
+#
+# From keystonemiddleware.auth_token
+#
+
+# Complete public Identity API endpoint. (string value)
+auth_uri = http://127.0.0.1:5000/v2.0/
+
+# API version of the admin Identity API endpoint. (string value)
+#auth_version = <None>
+
+# Do not handle authorization requests within the middleware, but
+# delegate the authorization decision to downstream WSGI components.
+# (boolean value)
+#delay_auth_decision = false
+
+# Request timeout value for communicating with Identity API server.
+# (integer value)
+#http_connect_timeout = <None>
+
+# How many times are we trying to reconnect when communicating with
+# Identity API Server. (integer value)
+#http_request_max_retries = 3
+
+# Env key for the swift cache. (string value)
+#cache = <None>
+
+# Required if identity server requires client certificate (string
+# value)
+#certfile = <None>
+
+# Required if identity server requires client certificate (string
+# value)
+#keyfile = <None>
+
+# A PEM encoded Certificate Authority to use when verifying HTTPs
+# connections. Defaults to system CAs. (string value)
+#cafile = <None>
+
+# Verify HTTPS connections. (boolean value)
+#insecure = false
+
+# The region in which the identity server can be found. (string value)
+#region_name = <None>
+
+# Directory used to cache files related to PKI tokens. (string value)
+signing_dir = /var/lib/glance/keystone-signing
+
+# Optionally specify a list of memcached server(s) to use for caching.
+# If left undefined, tokens will instead be cached in-process. (list
+# value)
+# Deprecated group/name - [DEFAULT]/memcache_servers
+#memcached_servers = <None>
+
+# In order to prevent excessive effort spent validating tokens, the
+# middleware caches previously-seen tokens for a configurable duration
+# (in seconds). Set to -1 to disable caching completely. (integer
+# value)
+#token_cache_time = 300
+
+# Determines the frequency at which the list of revoked tokens is
+# retrieved from the Identity service (in seconds). A high number of
+# revocation events combined with a low cache duration may
+# significantly reduce performance. (integer value)
+#revocation_cache_time = 10
+
+# (Optional) If defined, indicate whether token data should be
+# authenticated or authenticated and encrypted. If MAC, token data is
+# authenticated (with HMAC) in the cache. If ENCRYPT, token data is
+# encrypted and authenticated in the cache. If the value is not one of
+# these options or empty, auth_token will raise an exception on
+# initialization. (string value)
+# Allowed values: None, MAC, ENCRYPT
+#memcache_security_strategy = None
+
+# (Optional, mandatory if memcache_security_strategy is defined) This
+# string is used for key derivation. (string value)
+#memcache_secret_key = <None>
+
+# (Optional) Number of seconds memcached server is considered dead
+# before it is tried again. (integer value)
+#memcache_pool_dead_retry = 300
+
+# (Optional) Maximum total number of open connections to every
+# memcached server. (integer value)
+#memcache_pool_maxsize = 10
+
+# (Optional) Socket timeout in seconds for communicating with a
+# memcached server. (integer value)
+#memcache_pool_socket_timeout = 3
+
+# (Optional) Number of seconds a connection to memcached is held
+# unused in the pool before it is closed. (integer value)
+#memcache_pool_unused_timeout = 60
+
+# (Optional) Number of seconds that an operation will wait to get a
+# memcached client connection from the pool. (integer value)
+#memcache_pool_conn_get_timeout = 10
+
+# (Optional) Use the advanced (eventlet safe) memcached client pool.
+# The advanced pool will only work under python 2.x. (boolean value)
+#memcache_use_advanced_pool = false
+
+# (Optional) Indicate whether to set the X-Service-Catalog header. If
+# False, middleware will not ask for service catalog on token
+# validation and will not set the X-Service-Catalog header. (boolean
+# value)
+#include_service_catalog = true
+
+# Used to control the use and type of token binding. Can be set to:
+# "disabled" to not check token binding. "permissive" (default) to
+# validate binding information if the bind type is of a form known to
+# the server and ignore it if not. "strict" like "permissive" but if
+# the bind type is unknown the token will be rejected. "required" any
+# form of token binding is needed to be allowed. Finally the name of a
+# binding method that must be present in tokens. (string value)
+#enforce_token_bind = permissive
+
+# If true, the revocation list will be checked for cached tokens. This
+# requires that PKI tokens are configured on the identity server.
+# (boolean value)
+#check_revocations_for_cached = false
+
+# Hash algorithms to use for hashing PKI tokens. This may be a single
+# algorithm or multiple. The algorithms are those supported by Python
+# standard hashlib.new(). The hashes will be tried in the order given,
+# so put the preferred one first for performance. The result of the
+# first hash will be stored in the cache. This will typically be set
+# to multiple values only while migrating from a less secure algorithm
+# to a more secure one. Once all the old tokens are expired this
+# option should be set to a single value for better performance. (list
+# value)
+#hash_algorithms = md5
+
+# Authentication type to load (unknown value)
+# Deprecated group/name - [DEFAULT]/auth_plugin
+#auth_type = <None>
+
+# Config Section from which to load plugin specific options (unknown
+# value)
+#auth_section = <None>
+
+# Complete admin Identity API endpoint. This should specify the unversioned
+# root endpoint e.g. https://localhost:35357/ (string value)
+identity_uri = http://127.0.0.1:35357/
+
+# Service username. (string value)
+admin_user = %SERVICE_USER%
+
+# Service user password. (string value)
+admin_password = %SERVICE_PASSWORD%
+
+# Service tenant name. (string value)
+admin_tenant_name = %SERVICE_TENANT_NAME%
+
+
+[matchmaker_redis]
+
+#
+# From oslo.messaging
+#
+
+# Host to locate redis. (string value)
+#host = 127.0.0.1
+
+# Use this port to connect to redis host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#port = 6379
+
+# Password for Redis server (optional). (string value)
+#password =
+
+# List of Redis Sentinel hosts (fault tolerance mode) e.g.
+# [host:port, host1:port ... ] (list value)
+#sentinel_hosts =
+
+# Redis replica set name. (string value)
+#sentinel_group_name = oslo-messaging-zeromq
+
+# Time in ms to wait between connection attempts. (integer value)
+#wait_timeout = 500
+
+# Time in ms to wait before the transaction is killed. (integer value)
+#check_timeout = 20000
+
+# Timeout in ms on blocking socket operations (integer value)
+#socket_timeout = 1000
+
+
+[oslo_concurrency]
+
+#
+# From oslo.concurrency
+#
+
+# Enables or disables inter-process locks. (boolean value)
+# Deprecated group/name - [DEFAULT]/disable_process_locking
+#disable_process_locking = false
+
+# Directory to use for lock files.  For security, the specified
+# directory should only be writable by the user running the processes
+# that need locking. Defaults to environment variable OSLO_LOCK_PATH.
+# If external locks are used, a lock path must be set. (string value)
+# Deprecated group/name - [DEFAULT]/lock_path
+lock_path = /var/lib/glance/lock
+
+
+[oslo_messaging_amqp]
+
+#
+# From oslo.messaging
+#
+
+# address prefix used when sending to a specific server (string value)
+# Deprecated group/name - [amqp1]/server_request_prefix
+#server_request_prefix = exclusive
+
+# address prefix used when broadcasting to all servers (string value)
+# Deprecated group/name - [amqp1]/broadcast_prefix
+#broadcast_prefix = broadcast
+
+# address prefix when sending to any server in group (string value)
+# Deprecated group/name - [amqp1]/group_request_prefix
+#group_request_prefix = unicast
+
+# Name for the AMQP container (string value)
+# Deprecated group/name - [amqp1]/container_name
+#container_name = <None>
+
+# Timeout for inactive connections (in seconds) (integer value)
+# Deprecated group/name - [amqp1]/idle_timeout
+#idle_timeout = 0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+# Deprecated group/name - [amqp1]/trace
+#trace = false
+
+# CA certificate PEM file to verify server certificate (string value)
+# Deprecated group/name - [amqp1]/ssl_ca_file
+#ssl_ca_file =
+
+# Identifying certificate PEM file to present to clients (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_cert_file
+#ssl_cert_file =
+
+# Private key PEM file used to sign cert_file certificate (string
+# value)
+# Deprecated group/name - [amqp1]/ssl_key_file
+#ssl_key_file =
+
+# Password for decrypting ssl_key_file (if encrypted) (string value)
+# Deprecated group/name - [amqp1]/ssl_key_password
+#ssl_key_password = <None>
+
+# Accept clients using either SSL or plain TCP (boolean value)
+# Deprecated group/name - [amqp1]/allow_insecure_clients
+#allow_insecure_clients = false
+
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
+
+# Path to directory that contains the SASL configuration (string
+# value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+
+[oslo_messaging_notifications]
+
+#
+# From oslo.messaging
+#
+
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
+
+# A URL representing the messaging driver to use for notifications. If
+# not set, we fall back to the same configuration used for RPC.
+# (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
+
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
+
+
+[oslo_messaging_rabbit]
+
+#
+# From oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues = false
+
+# Auto-delete queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_auto_delete
+#amqp_auto_delete = false
+
+# SSL version to use (valid only if SSL enabled). Valid values are
+# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
+# available on some distributions. (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_version
+#kombu_ssl_version =
+
+# SSL key file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile
+#kombu_ssl_keyfile =
+
+# SSL cert file (valid only if SSL enabled). (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile
+#kombu_ssl_certfile =
+
+# SSL certification authority file (valid only if SSL enabled).
+# (string value)
+# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs
+#kombu_ssl_ca_certs =
+
+# How long to wait before reconnecting in response to an AMQP consumer
+# cancel notification. (floating point value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
+#kombu_reconnect_delay = 1.0
+
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
+# will not be used. This option may notbe available in future
+# versions. (string value)
+#kombu_compression = <None>
+
+# How long to wait a missing client beforce abandoning to send it its
+# replies. This value should not be longer than rpc_response_timeout.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout = 60
+
+# Determines how the next RabbitMQ node is chosen in case the one we
+# are currently connected to becomes unavailable. Takes effect only if
+# more than one RabbitMQ node is provided in config. (string value)
+# Allowed values: round-robin, shuffle
+#kombu_failover_strategy = round-robin
+
+# The RabbitMQ broker address where a single node is used. (string
+# value)
+# Deprecated group/name - [DEFAULT]/rabbit_host
+#rabbit_host = localhost
+
+# The RabbitMQ broker port where a single node is used. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+# Deprecated group/name - [DEFAULT]/rabbit_port
+#rabbit_port = 5672
+
+# RabbitMQ HA cluster host:port pairs. (list value)
+# Deprecated group/name - [DEFAULT]/rabbit_hosts
+#rabbit_hosts = $rabbit_host:$rabbit_port
+
+# Connect over SSL for RabbitMQ. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_use_ssl
+#rabbit_use_ssl = false
+
+# The RabbitMQ userid. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_userid
+#rabbit_userid = guest
+
+# The RabbitMQ password. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_password
+#rabbit_password = guest
+
+# The RabbitMQ login method. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_login_method
+#rabbit_login_method = AMQPLAIN
+
+# The RabbitMQ virtual host. (string value)
+# Deprecated group/name - [DEFAULT]/rabbit_virtual_host
+#rabbit_virtual_host = /
+
+# How frequently to retry connecting with RabbitMQ. (integer value)
+#rabbit_retry_interval = 1
+
+# How long to backoff for between retries when connecting to RabbitMQ.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
+#rabbit_retry_backoff = 2
+
+# Maximum interval of RabbitMQ connection retries. Default is 30
+# seconds. (integer value)
+#rabbit_interval_max = 30
+
+# Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
+# Deprecated group/name - [DEFAULT]/rabbit_max_retries
+#rabbit_max_retries = 0
+
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change
+# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
+# queue mirroring is no longer controlled by the x-ha-policy argument
+# when declaring a queue. If you just want to make sure that all
+# queues (except those with auto-generated names) are mirrored across
+# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-
+# mode": "all"}' " (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_ha_queues
+#rabbit_ha_queues = false
+
+# Positive integer representing duration in seconds for queue TTL
+# (x-expires). Queues which are unused for the duration of the TTL are
+# automatically deleted. The parameter affects only reply and fanout
+# queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
+#rabbit_qos_prefetch_count = 0
+
+# Number of seconds after which the Rabbit broker is considered down
+# if heartbeat's keep-alive fails (0 disable the heartbeat).
+# EXPERIMENTAL (integer value)
+#heartbeat_timeout_threshold = 60
+
+# How often times during the heartbeat_timeout_threshold we check the
+# heartbeat. (integer value)
+#heartbeat_rate = 2
+
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/fake_rabbit
+#fake_rabbit = false
+
+# Maximum number of channels to allow (integer value)
+#channel_max = <None>
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max = <None>
+
+# How often to send heartbeats for consumer's connections (integer
+# value)
+#heartbeat_interval = 1
+
+# Enable SSL (boolean value)
+#ssl = <None>
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options = <None>
+
+# Set socket timeout in seconds for connection's socket (floating
+# point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating
+# point value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error
+# (floating point value)
+#host_connection_reconnect_delay = 0.25
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size = 10
+
+# Maximum number of connections to create above `pool_max_size`.
+# (integer value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available
+# (integer value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no
+# recycling. Expired connections are closed on acquire. (integer
+# value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are
+# considered stale in seconds or None for no staleness. Stale
+# connections are closed on acquire. (integer value)
+#pool_stale = 60
+
+# Persist notification messages. (boolean value)
+#notification_persistence = false
+
+# Exchange name for for sending notifications (string value)
+#default_notification_exchange = ${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# notification listener. (integer value)
+#notification_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending notification message (floating point value)
+#notification_retry_delay = 0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer
+# value)
+#rpc_queue_expiration = 60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange = ${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange = ${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc listener. (integer value)
+#rpc_listener_prefetch_count = 100
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc reply listener. (integer value)
+#rpc_reply_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending reply. -1 means infinite retry during rpc_timeout (integer
+# value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending reply. (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during
+# sending RPC message, -1 means infinite retry. If actual retry
+# attempts in not 0 the rpc request could be processed more then one
+# time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending RPC message (floating point value)
+#rpc_retry_delay = 0.25
+
+
+[oslo_middleware]
+
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+
+# The HTTP Header that will be used to determine what the original
+# request protocol scheme was, even if it was hidden by an SSL
+# termination proxy. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#secure_proxy_ssl_header = X-Forwarded-Proto
+
+
+[oslo_policy]
+
+#
+# From oslo.policy
+#
+
+# The JSON file that defines policies. (string value)
+# Deprecated group/name - [DEFAULT]/policy_file
+#policy_file = policy.json
+
+# Default rule. Enforced when a requested rule is not found. (string
+# value)
+# Deprecated group/name - [DEFAULT]/policy_default_rule
+#policy_default_rule = default
+
+# Directories where policy configuration files are stored. They can be
+# relative to any directory in the search path defined by the
+# config_dir option, or absolute paths. The file defined by
+# policy_file must exist for these directories to be searched.
+# Missing or empty directories are ignored. (multi valued)
+# Deprecated group/name - [DEFAULT]/policy_dirs
+#policy_dirs = policy.d
+
+
+[paste_deploy]
+
+#
+# From glance.glare
+#
+
+# Partial name of a pipeline in your paste configuration file with the
+# service name removed. For example, if your paste section name is
+# [pipeline:glance-api-keystone] use the value "keystone" (string
+# value)
+flavor = keystone
+
+# Name of the paste configuration file. (string value)
+#config_file = <None>
--- a/components/openstack/glance/files/glance-manage.conf	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/files/glance-manage.conf	Wed Sep 07 14:48:42 2016 -0700
@@ -11,80 +11,88 @@
 # From oslo.log
 #
 
-# Print debugging output (set logging level to DEBUG instead of
-# default WARNING level). (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 #debug = false
 
-# Print more verbose output (set logging level to INFO instead of
-# default WARNING level). (boolean value)
-#verbose = false
+# If set to false, the logging level will be set to WARNING instead of
+# the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
 
 # The name of a logging configuration file. This file is appended to
 # any existing logging configuration files. For details about logging
 # configuration files, see the Python logging module documentation.
-# (string value)
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
-# DEPRECATED. A logging.Formatter log message format string which may
-# use any of the available logging.LogRecord attributes. This option
-# is deprecated.  Please use logging_context_format_string and
-# logging_default_format_string instead. (string value)
-#log_format = <None>
-
-# Format string for %%(asctime)s in log records. Default: %(default)s
-# . (string value)
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to output to. If no default is set,
-# logging will go to stdout. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
 
-# (Optional) The base directory used for relative --log-file paths.
-# (string value)
+# (Optional) The base directory used for relative log_file paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Use syslog for logging. Existing syslog format is DEPRECATED during
-# I, and will change in J to honor RFC5424. (boolean value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
 
-# (Optional) Enables or disables syslog rfc5424 format for logging. If
-# enabled, prefixes the MSG part of the syslog message with APP-NAME
-# (RFC5424). The format without the APP-NAME is deprecated in I, and
-# will be removed in J. (boolean value)
-#use_syslog_rfc_format = false
-
-# Syslog facility to receive log lines. (string value)
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = true
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages without context. (string
-# value)
+# Format string to use for log messages when context is undefined.
+# (string value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Data to append to log format when level is DEBUG. (string value)
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
 # Prefix each line of exception output with this format. (string
 # value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
-# List of logger=LEVEL pairs. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# Enables or disables fatal status of deprecations. (boolean value)
-#fatal_deprecations = false
-
 # The format for an instance that is passed with the log message.
 # (string value)
 #instance_format = "[instance: %(uuid)s] "
@@ -93,6 +101,9 @@
 # (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
 
 [database]
 
@@ -163,7 +174,7 @@
 # value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow = <None>
+#max_overflow = 50
 
 # Verbosity of SQL debugging information: 0=None, 100=Everything.
 # (integer value)
@@ -199,344 +210,11 @@
 # (integer value)
 #db_max_retries = 20
 
-
-[glance_store]
-
 #
-# From glance.store
-#
-
-# List of stores enabled (list value)
-#stores = file,http
-
-# Default scheme to use to store image data. The scheme must be
-# registered by one of the stores defined by the 'stores' config
-# option. (string value)
-#default_store = file
-
-# Minimum interval seconds to execute updating dynamic storage
-# capabilities based on backend status then. It's not a periodic
-# routine, the update logic will be executed only when interval
-# seconds elapsed and an operation of store has triggered. The feature
-# will be enabled only when the option value greater then zero.
-# (integer value)
-#store_capabilities_update_min_interval = 0
-
-#
-# From glance.store
+# From oslo.db.concurrency
 #
 
-# Images will be chunked into objects of this size (in megabytes). For
-# best performance, this should be a power of two. (integer value)
-#sheepdog_store_chunk_size = 64
-
-# Port of sheep daemon. (integer value)
-#sheepdog_store_port = 7000
-
-# IP address of sheep daemon. (string value)
-#sheepdog_store_address = localhost
-
-# RADOS images will be chunked into objects of this size (in
-# megabytes). For best performance, this should be a power of two.
-# (integer value)
-#rbd_store_chunk_size = 8
-
-# RADOS pool in which images are stored. (string value)
-#rbd_store_pool = images
-
-# RADOS user to authenticate as (only applicable if using Cephx. If
-# <None>, a default will be chosen based on the client. section in
-# rbd_store_ceph_conf) (string value)
-#rbd_store_user = <None>
-
-# Ceph configuration file path. If <None>, librados will locate the
-# default config. If using cephx authentication, this file should
-# include a reference to the right keyring in a client.<USER> section
-# (string value)
-#rbd_store_ceph_conf = /etc/ceph/ceph.conf
-
-# Directory to which the Filesystem backend store writes images.
-# (string value)
-filesystem_store_datadir = /var/lib/glance/images/
-
-# List of directories and its priorities to which the Filesystem
-# backend store writes images. (multi valued)
-#filesystem_store_datadirs =
-
-# The path to a file which contains the metadata to be returned with
-# any location associated with this store.  The file must contain a
-# valid JSON object. The object should contain the keys 'id' and
-# 'mountpoint'. The value for both keys should be 'string'. (string
-# value)
-#filesystem_store_metadata_file = <None>
-
-# The required permission for created image file. In this way the user
-# other service used, e.g. Nova, who consumes the image could be the
-# exclusive member of the group that owns the files created. Assigning
-# it less then or equal to zero means don't change the default
-# permission of the file. This value will be decoded as an octal
-# digit. (integer value)
-#filesystem_store_file_perm = 0
-
-# Hostname or IP address of the instance to connect to, or a mongodb
-# URI, or a list of hostnames / mongodb URIs. If host is an IPv6
-# literal it must be enclosed in '[' and ']' characters following the
-# RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value)
-#mongodb_store_uri = <None>
-
-# Database to use (string value)
-#mongodb_store_db = <None>
-
-# The host where the S3 server is listening. (string value)
-#s3_store_host = <None>
-
-# The S3 query token access key. (string value)
-#s3_store_access_key = <None>
-
-# The S3 query token secret key. (string value)
-#s3_store_secret_key = <None>
-
-# The S3 bucket to be used to store the Glance data. (string value)
-#s3_store_bucket = <None>
-
-# The local directory where uploads will be staged before they are
-# transferred into S3. (string value)
-#s3_store_object_buffer_dir = <None>
-
-# A boolean to determine if the S3 bucket should be created on upload
-# if it does not exist or if an error should be returned to the user.
+# Enable the experimental use of thread pooling for all DB API calls
 # (boolean value)
-#s3_store_create_bucket_on_put = false
-
-# The S3 calling format used to determine the bucket. Either subdomain
-# or path can be used. (string value)
-#s3_store_bucket_url_format = subdomain
-
-# What size, in MB, should S3 start chunking image files and do a
-# multipart upload in S3. (integer value)
-#s3_store_large_object_size = 100
-
-# What multipart upload part size, in MB, should S3 use when uploading
-# parts. The size must be greater than or equal to 5M. (integer value)
-#s3_store_large_object_chunk_size = 10
-
-# The number of thread pools to perform a multipart upload in S3.
-# (integer value)
-#s3_store_thread_pools = 10
-
-# ESX/ESXi or vCenter Server target system. The server value can be an
-# IP address or a DNS name. (string value)
-#vmware_server_host = <None>
-
-# Username for authenticating with VMware ESX/VC server. (string
-# value)
-#vmware_server_username = <None>
-
-# Password for authenticating with VMware ESX/VC server. (string
-# value)
-#vmware_server_password = <None>
-
-# DEPRECATED. Inventory path to a datacenter. If the
-# vmware_server_host specified is an ESX/ESXi, the
-# vmware_datacenter_path is optional. If specified, it should be "ha-
-# datacenter". This option is deprecated in favor of vmware_datastores
-# and will be removed in the Liberty release. (string value)
-#vmware_datacenter_path = ha-datacenter
-
-# DEPRECATED. Datastore associated with the datacenter. This option is
-# deprecated in favor of vmware_datastores and will be removed in the
-# Liberty release. (string value)
-#vmware_datastore_name = <None>
-
-# Number of times VMware ESX/VC server API must be retried upon
-# connection related issues. (integer value)
-#vmware_api_retry_count = 10
-
-# The interval used for polling remote tasks invoked on VMware ESX/VC
-# server. (integer value)
-#vmware_task_poll_interval = 5
-
-# The name of the directory where the glance images will be stored in
-# the VMware datastore. (string value)
-#vmware_store_image_dir = /openstack_glance
-
-# Allow to perform insecure SSL requests to ESX/VC. (boolean value)
-#vmware_api_insecure = false
-
-# A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores.
-# Either one of vmware_datastore_name or vmware_datastores is
-# required. The datastore name should be specified after its
-# datacenter path, seperated by ":". An optional weight may be given
-# after the datastore name, seperated again by ":". Thus, the required
-# format becomes <datacenter_path>:<datastore_name>:<optional_weight>.
-# When adding an image, the datastore with highest weight will be
-# selected, unless there is not enough free space available in cases
-# where the image size is already known. If no weight is given, it is
-# assumed to be zero and the directory will be considered for
-# selection last. If multiple datastores have the same weight, then
-# the one with the most free space available is selected. (multi
-# valued)
-#vmware_datastores =
-
-# Info to match when looking for cinder in the service catalog. Format
-# is : separated values of the form:
-# <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volume:cinder:publicURL
-
-# Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v1/%(project_id)s (string value)
-#cinder_endpoint_template = <None>
-
-# Region name of this node (string value)
-#os_region_name = <None>
-
-# Location of ca certicates file to use for cinder client requests.
-# (string value)
-#cinder_ca_certificates_file = <None>
-
-# Number of cinderclient retries on failed http calls (integer value)
-#cinder_http_retries = 3
-
-# Allow to perform insecure SSL requests to cinder (boolean value)
-#cinder_api_insecure = false
-
-# Version of the authentication service to use. Valid versions are 2
-# for keystone and 1 for swauth and rackspace. (deprecated) (string
-# value)
-#swift_store_auth_version = 2
-
-# If True, swiftclient won't check for a valid SSL certificate when
-# authenticating. (boolean value)
-#swift_store_auth_insecure = false
-
-# A string giving the CA certificate file to use in SSL connections
-# for verifying certs. (string value)
-#swift_store_cacert = <None>
-
-# The region of the swift endpoint to be used for single tenant. This
-# setting is only necessary if the tenant has multiple swift
-# endpoints. (string value)
-#swift_store_region = <None>
-
-# If set, the configured endpoint will be used. If None, the storage
-# url from the auth response will be used. (string value)
-#swift_store_endpoint = <None>
-
-# A string giving the endpoint type of the swift service to use
-# (publicURL, adminURL or internalURL). This setting is only used if
-# swift_store_auth_version is 2. (string value)
-#swift_store_endpoint_type = publicURL
-
-# A string giving the service type of the swift service to use. This
-# setting is only used if swift_store_auth_version is 2. (string
-# value)
-#swift_store_service_type = object-store
-
-# Container within the account that the account should use for storing
-# images in Swift when using single container mode. In multiple
-# container mode, this will be the prefix for all containers. (string
-# value)
-#swift_store_container = glance
-
-# The size, in MB, that Glance will start chunking image files and do
-# a large object manifest in Swift. (integer value)
-#swift_store_large_object_size = 5120
-
-# The amount of data written to a temporary disk buffer during the
-# process of chunking the image file. (integer value)
-#swift_store_large_object_chunk_size = 200
-
-# A boolean value that determines if we create the container if it
-# does not exist. (boolean value)
-#swift_store_create_container_on_put = false
-
-# If set to True, enables multi-tenant storage mode which causes
-# Glance images to be stored in tenant specific Swift accounts.
-# (boolean value)
-#swift_store_multi_tenant = false
-
-# When set to 0, a single-tenant store will only use one container to
-# store all images. When set to an integer value between 1 and 32, a
-# single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
-# only when swift_store_multi_tenant is disabled. The total number of
-# containers that will be used is equal to 16^N, so if this config
-# option is set to 2, then 16^2=256 containers will be used to store
-# images. (integer value)
-#swift_store_multiple_containers_seed = 0
-
-# A list of tenants that will be granted read/write access on all
-# Swift containers created by Glance in multi-tenant mode. (list
-# value)
-#swift_store_admin_tenants =
-
-# If set to False, disables SSL layer compression of https swift
-# requests. Setting to False may improve performance for images which
-# are already in a compressed format, eg qcow2. (boolean value)
-#swift_store_ssl_compression = true
-
-# The number of times a Swift download will be retried before the
-# request fails. (integer value)
-#swift_store_retry_get_count = 0
-
-# The reference to the default swift account/backing store parameters
-# to use for adding new images. (string value)
-#default_swift_reference = ref1
-
-# The address where the Swift authentication service is
-# listening.(deprecated) (string value)
-#swift_store_auth_address = <None>
-
-# The user to authenticate against the Swift authentication service
-# (deprecated) (string value)
-#swift_store_user = <None>
-
-# Auth key for the user authenticating against the Swift
-# authentication service. (deprecated) (string value)
-#swift_store_key = <None>
-
-# The config file that has the swift account(s)configs. (string value)
-#swift_store_config_file = <None>
-
-
-[oslo_concurrency]
-
-#
-# From oslo.concurrency
-#
-
-# Enables or disables inter-process locks. (boolean value)
-# Deprecated group/name - [DEFAULT]/disable_process_locking
-#disable_process_locking = false
-
-# Directory to use for lock files.  For security, the specified
-# directory should only be writable by the user running the processes
-# that need locking. Defaults to environment variable OSLO_LOCK_PATH.
-# If external locks are used, a lock path must be set. (string value)
-# Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
-
-
-[oslo_policy]
-
-#
-# From oslo.policy
-#
-
-# The JSON file that defines policies. (string value)
-# Deprecated group/name - [DEFAULT]/policy_file
-#policy_file = policy.json
-
-# Default rule. Enforced when a requested rule is not found. (string
-# value)
-# Deprecated group/name - [DEFAULT]/policy_default_rule
-#policy_default_rule = default
-
-# Directories where policy configuration files are stored. They can be
-# relative to any directory in the search path defined by the
-# config_dir option, or absolute paths. The file defined by
-# policy_file must exist for these directories to be searched.
-# Missing or empty directories are ignored. (multi valued)
-# Deprecated group/name - [DEFAULT]/policy_dirs
-#policy_dirs = policy.d
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
--- a/components/openstack/glance/files/glance-registry.conf	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/files/glance-registry.conf	Wed Sep 07 14:48:42 2016 -0700
@@ -5,7 +5,7 @@
 #
 
 # When true, this option sets the owner of an image to be the tenant.
-# Otherwise, the owner of the  image will be the authenticated user
+# Otherwise, the owner of the image will be the authenticated user
 # issuing the request. (boolean value)
 #owner_is_tenant = true
 
@@ -18,6 +18,9 @@
 # value)
 #allow_anonymous_access = false
 
+# Limits request ID length. (integer value)
+#max_request_id_length = 64
+
 # Whether to allow users to specify image properties beyond what the
 # image schema provides (boolean value)
 #allow_additional_image_properties = true
@@ -58,19 +61,20 @@
 # For example, if using the file system store a URL of
 # "file:///path/to/image" will be returned to the user in the
 # 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution!  The overrides
-# show_image_direct_url. (boolean value)
+# security risk, so use this setting with caution! Setting this to
+# true overrides the show_image_direct_url option. (boolean value)
 #show_multiple_locations = false
 
 # Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
+# 1099511627776 bytes (1 TB). WARNING: this value should only be
 # increased after careful consideration and must be set to a value
 # under 8 EB (9223372036854775808). (integer value)
+# Maximum value: 9223372036854775808
 #image_size_cap = 1099511627776
 
 # Set a system wide quota for every user. This value is the total
 # capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
+# 0 means unlimited. Optional unit can be specified for the value.
 # Accepted units are B, KB, MB, GB and TB representing Bytes,
 # KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
 # unit is specified then Bytes is assumed. Note that there should not
@@ -95,7 +99,9 @@
 #pydev_worker_debug_host = <None>
 
 # The port on which a pydev process is listening for connections.
-# (integer value)
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #pydev_worker_debug_port = 5678
 
 # AES key for encrypting store 'location' metadata. This includes, if
@@ -103,20 +109,20 @@
 # length 16, 24 or 32 bytes (string value)
 #metadata_encryption_key = <None>
 
-# Digest algorithm which will be used for digital signature; the
-# default is sha1 the default in Kilo for a smooth upgrade process,
-# and it will be updated with sha256 in next release(L). Use the
+# Digest algorithm which will be used for digital signature. Use the
 # command "openssl list-message-digest-algorithms" to get the
 # available algorithms supported by the version of OpenSSL on the
 # platform. Examples are "sha1", "sha256", "sha512", etc. (string
 # value)
-#digest_algorithm = sha1
+#digest_algorithm = sha256
 
 # Address to bind the server.  Useful when selecting a particular
 # network interface. (string value)
 #bind_host = 0.0.0.0
 
-# The port on which the server will listen. (integer value)
+# The port on which the server will listen. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #bind_port = <None>
 
 # The backlog value that will be used when creating the TCP listener
@@ -162,86 +168,94 @@
 # Timeout for client connections' socket operations. If an incoming
 # connection is idle for this number of seconds it will be closed. A
 # value of '0' means wait forever. (integer value)
-#client_socket_timeout = 0
+#client_socket_timeout = 900
 
 #
 # From oslo.log
 #
 
-# Print debugging output (set logging level to DEBUG instead of
-# default WARNING level). (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 #debug = false
 
-# Print more verbose output (set logging level to INFO instead of
-# default WARNING level). (boolean value)
-#verbose = false
+# If set to false, the logging level will be set to WARNING instead of
+# the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
 
 # The name of a logging configuration file. This file is appended to
 # any existing logging configuration files. For details about logging
 # configuration files, see the Python logging module documentation.
-# (string value)
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
-# DEPRECATED. A logging.Formatter log message format string which may
-# use any of the available logging.LogRecord attributes. This option
-# is deprecated.  Please use logging_context_format_string and
-# logging_default_format_string instead. (string value)
-#log_format = <None>
-
-# Format string for %%(asctime)s in log records. Default: %(default)s
-# . (string value)
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to output to. If no default is set,
-# logging will go to stdout. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
 
-# (Optional) The base directory used for relative --log-file paths.
-# (string value)
+# (Optional) The base directory used for relative log_file paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Use syslog for logging. Existing syslog format is DEPRECATED during
-# I, and will change in J to honor RFC5424. (boolean value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
 
-# (Optional) Enables or disables syslog rfc5424 format for logging. If
-# enabled, prefixes the MSG part of the syslog message with APP-NAME
-# (RFC5424). The format without the APP-NAME is deprecated in I, and
-# will be removed in J. (boolean value)
-#use_syslog_rfc_format = false
-
-# Syslog facility to receive log lines. (string value)
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = true
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages without context. (string
-# value)
+# Format string to use for log messages when context is undefined.
+# (string value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Data to append to log format when level is DEBUG. (string value)
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
 # Prefix each line of exception output with this format. (string
 # value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
-# List of logger=LEVEL pairs. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# Enables or disables fatal status of deprecations. (boolean value)
-#fatal_deprecations = false
-
 # The format for an instance that is passed with the log message.
 # (string value)
 #instance_format = "[instance: %(uuid)s] "
@@ -250,20 +264,29 @@
 # (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
 #
 # From oslo.messaging
 #
 
+# Size of RPC connection pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
+#rpc_conn_pool_size = 30
+
 # ZeroMQ bind address. Should be a wildcard (*), an ethernet
 # interface, or IP. The "host" option should point or resolve to this
 # address. (string value)
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
-#rpc_zmq_matchmaker = local
+# Allowed values: redis, dummy
+#rpc_zmq_matchmaker = redis
 
-# ZeroMQ receiver listening port. (integer value)
-#rpc_zmq_port = 9501
+# Type of concurrency used. Either "native" or "eventlet" (string
+# value)
+#rpc_zmq_concurrency = eventlet
 
 # Number of ZeroMQ contexts, defaults to 1. (integer value)
 #rpc_zmq_contexts = 1
@@ -279,25 +302,41 @@
 # Must match "host" option, if running Nova. (string value)
 #rpc_zmq_host = localhost
 
-# Seconds to wait before a cast expires (TTL). Only supported by
-# impl_zmq. (integer value)
-#rpc_cast_timeout = 30
+# Seconds to wait before a cast expires (TTL). The default value of -1
+# specifies an infinite linger period. The value of 0 specifies no
+# linger period. Pending messages shall be discarded immediately when
+# the socket is closed. Only supported by impl_zmq. (integer value)
+#rpc_cast_timeout = -1
 
-# Heartbeat frequency. (integer value)
-#matchmaker_heartbeat_freq = 300
+# The default number of seconds that poll should wait. Poll raises
+# timeout exception when timeout expired. (integer value)
+#rpc_poll_timeout = 1
 
-# Heartbeat time-to-live. (integer value)
-#matchmaker_heartbeat_ttl = 600
+# Expiration timeout in seconds of a name service record about
+# existing target ( < 0 means no timeout). (integer value)
+#zmq_target_expire = 120
+
+# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
+# (boolean value)
+#use_pub_sub = true
 
-# Size of RPC thread pool. (integer value)
-#rpc_thread_pool_size = 64
+# Minimal port number for random ports range. (port value)
+# Minimum value: 0
+# Maximum value: 65535
+#rpc_zmq_min_port = 49152
 
-# Driver or drivers to handle sending notifications. (multi valued)
-#notification_driver =
+# Maximal port number for random ports range. (integer value)
+# Minimum value: 1
+# Maximum value: 65536
+#rpc_zmq_max_port = 65536
 
-# AMQP topic used for OpenStack notifications. (list value)
-# Deprecated group/name - [rpc_notifier2]/topics
-#notification_topics = notifications
+# Number of retries to find free port number before fail with
+# ZMQBindError. (integer value)
+#rpc_zmq_bind_port_retries = 100
+
+# Size of executor thread pool. (integer value)
+# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size
+#executor_thread_pool_size = 64
 
 # Seconds to wait for a response from a call. (integer value)
 #rpc_response_timeout = 60
@@ -308,7 +347,7 @@
 #transport_url = <None>
 
 # The messaging driver to use, defaults to rabbit. Other drivers
-# include qpid and zmq. (string value)
+# include amqp and zmq. (string value)
 #rpc_backend = rabbit
 
 # The default exchange under which topics are scoped. May be
@@ -317,6 +356,66 @@
 #control_exchange = openstack
 
 
+[cors]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+
+[cors.subdomain]
+
+#
+# From oslo.middleware
+#
+
+# Indicate whether this resource may be shared with the domain
+# received in the requests "origin" header. (list value)
+#allowed_origin = <None>
+
+# Indicate that the actual request can include user credentials
+# (boolean value)
+#allow_credentials = true
+
+# Indicate which headers are safe to expose to the API. Defaults to
+# HTTP Simple Headers. (list value)
+#expose_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+# Maximum cache age of CORS preflight requests. (integer value)
+#max_age = 3600
+
+# Indicate which methods can be used during the actual request. (list
+# value)
+#allow_methods = GET,POST,PUT,DELETE,OPTIONS
+
+# Indicate which header field names may be used during the actual
+# request. (list value)
+#allow_headers = Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma
+
+
 [database]
 
 #
@@ -352,12 +451,6 @@
 # Example: mysql_sql_mode= (string value)
 #mysql_sql_mode = TRADITIONAL
 
-# This configures the MySQL storage engine. This allows for OpenStack to
-# support different storage engines such as InnoDB, NDB, etc. By Default,
-# this value will be set to InnoDB. For MySQL Cluster, set to NDBCLUSTER.
-# Example: mysql_storage_engine=(string value)
-#mysql_storage_engine = InnoDB
-
 # Timeout before idle SQL connections are reaped. (integer value)
 # Deprecated group/name - [DEFAULT]/sql_idle_timeout
 # Deprecated group/name - [DATABASE]/sql_idle_timeout
@@ -392,7 +485,7 @@
 # value)
 # Deprecated group/name - [DEFAULT]/sql_max_overflow
 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
-#max_overflow = <None>
+#max_overflow = 50
 
 # Verbosity of SQL debugging information: 0=None, 100=Everything.
 # (integer value)
@@ -428,6 +521,15 @@
 # (integer value)
 #db_max_retries = 20
 
+#
+# From oslo.db.concurrency
+#
+
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
+
 
 [glance_store]
 
@@ -435,7 +537,8 @@
 # From glance.store
 #
 
-# List of stores enabled (list value)
+# List of stores enabled. Valid stores are: cinder, file, http, rbd,
+# sheepdog, swift, s3, vsphere (list value)
 #stores = file,http
 
 # Default scheme to use to store image data. The scheme must be
@@ -451,10 +554,6 @@
 # (integer value)
 #store_capabilities_update_min_interval = 0
 
-#
-# From glance.store
-#
-
 # Images will be chunked into objects of this size (in megabytes). For
 # best performance, this should be a power of two. (integer value)
 #sheepdog_store_chunk_size = 64
@@ -484,9 +583,31 @@
 # (string value)
 #rbd_store_ceph_conf = /etc/ceph/ceph.conf
 
+# Timeout value (in seconds) used when connecting to ceph cluster. If
+# value <= 0, no timeout is set and default librados value is used.
+# (integer value)
+#rados_connect_timeout = 0
+
+# Specify the path to the CA bundle file to use in verifying the
+# remote server certificate. (string value)
+#https_ca_certificates_file = <None>
+
+# If true, the remote server certificate is not verified. If false,
+# then the default CA truststore is used for verification. This option
+# is ignored if "https_ca_certificates_file" is set. (boolean value)
+#https_insecure = true
+
+# Specify the http/https proxy information that should be used to
+# connect to the remote server. The proxy information should be a key
+# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can
+# specify proxies for multiple schemes by seperating the key value
+# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.
+# (dict value)
+#http_proxy_information =
+
 # Directory to which the Filesystem backend store writes images.
 # (string value)
-filesystem_store_datadir = /var/lib/glance/images/
+#filesystem_store_datadir = /var/lib/glance/images
 
 # List of directories and its priorities to which the Filesystem
 # backend store writes images. (multi valued)
@@ -507,15 +628,6 @@
 # digit. (integer value)
 #filesystem_store_file_perm = 0
 
-# Hostname or IP address of the instance to connect to, or a mongodb
-# URI, or a list of hostnames / mongodb URIs. If host is an IPv6
-# literal it must be enclosed in '[' and ']' characters following the
-# RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value)
-#mongodb_store_uri = <None>
-
-# Database to use (string value)
-#mongodb_store_db = <None>
-
 # The host where the S3 server is listening. (string value)
 #s3_store_host = <None>
 
@@ -553,6 +665,21 @@
 # (integer value)
 #s3_store_thread_pools = 10
 
+# Enable the use of a proxy. (boolean value)
+#s3_store_enable_proxy = false
+
+# Address or hostname for the proxy server. (string value)
+#s3_store_proxy_host = <None>
+
+# The port to use when connecting over a proxy. (integer value)
+#s3_store_proxy_port = 8080
+
+# The username to connect to the proxy. (string value)
+#s3_store_proxy_user = <None>
+
+# The password to use when connecting over a proxy. (string value)
+#s3_store_proxy_password = <None>
+
 # ESX/ESXi or vCenter Server target system. The server value can be an
 # IP address or a DNS name. (string value)
 #vmware_server_host = <None>
@@ -565,18 +692,6 @@
 # value)
 #vmware_server_password = <None>
 
-# DEPRECATED. Inventory path to a datacenter. If the
-# vmware_server_host specified is an ESX/ESXi, the
-# vmware_datacenter_path is optional. If specified, it should be "ha-
-# datacenter". This option is deprecated in favor of vmware_datastores
-# and will be removed in the Liberty release. (string value)
-#vmware_datacenter_path = ha-datacenter
-
-# DEPRECATED. Datastore associated with the datacenter. This option is
-# deprecated in favor of vmware_datastores and will be removed in the
-# Liberty release. (string value)
-#vmware_datastore_name = <None>
-
 # Number of times VMware ESX/VC server API must be retried upon
 # connection related issues. (integer value)
 #vmware_api_retry_count = 10
@@ -589,36 +704,43 @@
 # the VMware datastore. (string value)
 #vmware_store_image_dir = /openstack_glance
 
-# Allow to perform insecure SSL requests to ESX/VC. (boolean value)
-#vmware_api_insecure = false
+# If true, the ESX/vCenter server certificate is not verified. If
+# false, then the default CA truststore is used for verification. This
+# option is ignored if "vmware_ca_file" is set. (boolean value)
+# Deprecated group/name - [DEFAULT]/vmware_api_insecure
+#vmware_insecure = false
+
+# Specify a CA bundle file to use in verifying the ESX/vCenter server
+# certificate. (string value)
+#vmware_ca_file = <None>
 
 # A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores.
-# Either one of vmware_datastore_name or vmware_datastores is
-# required. The datastore name should be specified after its
-# datacenter path, seperated by ":". An optional weight may be given
-# after the datastore name, seperated again by ":". Thus, the required
-# format becomes <datacenter_path>:<datastore_name>:<optional_weight>.
-# When adding an image, the datastore with highest weight will be
-# selected, unless there is not enough free space available in cases
-# where the image size is already known. If no weight is given, it is
-# assumed to be zero and the directory will be considered for
-# selection last. If multiple datastores have the same weight, then
-# the one with the most free space available is selected. (multi
-# valued)
+# be specified multiple times for specifying multiple datastores. The
+# datastore name should be specified after its datacenter path,
+# seperated by ":". An optional weight may be given after the
+# datastore name, seperated again by ":". Thus, the required format
+# becomes <datacenter_path>:<datastore_name>:<optional_weight>. When
+# adding an image, the datastore with highest weight will be selected,
+# unless there is not enough free space available in cases where the
+# image size is already known. If no weight is given, it is assumed to
+# be zero and the directory will be considered for selection last. If
+# multiple datastores have the same weight, then the one with the most
+# free space available is selected. (multi valued)
 #vmware_datastores =
 
 # Info to match when looking for cinder in the service catalog. Format
 # is : separated values of the form:
 # <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volume:cinder:publicURL
+#cinder_catalog_info = volumev2::publicURL
 
 # Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v1/%(project_id)s (string value)
+# e.g. http://localhost:8776/v2/%(tenant)s (string value)
 #cinder_endpoint_template = <None>
 
-# Region name of this node (string value)
-#os_region_name = <None>
+# Region name of this node. If specified, it will be used to locate
+# OpenStack services for stores. (string value)
+# Deprecated group/name - [DEFAULT]/os_region_name
+#cinder_os_region_name = <None>
 
 # Location of ca certicates file to use for cinder client requests.
 # (string value)
@@ -627,13 +749,33 @@
 # Number of cinderclient retries on failed http calls (integer value)
 #cinder_http_retries = 3
 
+# Time period of time in seconds to wait for a cinder volume
+# transition to complete. (integer value)
+#cinder_state_transition_timeout = 300
+
 # Allow to perform insecure SSL requests to cinder (boolean value)
 #cinder_api_insecure = false
 
-# Version of the authentication service to use. Valid versions are 2
-# for keystone and 1 for swauth and rackspace. (deprecated) (string
+# The address where the Cinder authentication service is listening. If
+# <None>, the cinder endpoint in the service catalog is used. (string
 # value)
-#swift_store_auth_version = 2
+#cinder_store_auth_address = <None>
+
+# User name to authenticate against Cinder. If <None>, the user of
+# current context is used. (string value)
+#cinder_store_user_name = <None>
+
+# Password for the user authenticating against Cinder. If <None>, the
+# current context auth token is used. (string value)
+#cinder_store_password = <None>
+
+# Project name where the image is stored in Cinder. If <None>, the
+# project in current context is used. (string value)
+#cinder_store_project_name = <None>
+
+# Path to the rootwrap configuration file to use for running commands
+# as root. (string value)
+#rootwrap_config = /etc/glance/rootwrap.conf
 
 # If True, swiftclient won't check for a valid SSL certificate when
 # authenticating. (boolean value)
@@ -688,7 +830,7 @@
 # When set to 0, a single-tenant store will only use one container to
 # store all images. When set to an integer value between 1 and 32, a
 # single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
+# and this value will determine how many containers are created. Used
 # only when swift_store_multi_tenant is disabled. The total number of
 # containers that will be used is equal to 16^N, so if this config
 # option is set to 2, then 16^2=256 containers will be used to store
@@ -709,20 +851,42 @@
 # request fails. (integer value)
 #swift_store_retry_get_count = 0
 
+# The period of time (in seconds) before token expirationwhen
+# glance_store will try to reques new user token. Default value 60 sec
+# means that if token is going to expire in 1 min then glance_store
+# request new user token. (integer value)
+#swift_store_expire_soon_interval = 60
+
+# If set to True create a trust for each add/get request to Multi-
+# tenant store in order to prevent authentication token to be expired
+# during uploading/downloading data. If set to False then user token
+# is used for Swift connection (so no overhead on trust creation).
+# Please note that this option is considered only and only if
+# swift_store_multi_tenant=True (boolean value)
+#swift_store_use_trusts = true
+
 # The reference to the default swift account/backing store parameters
 # to use for adding new images. (string value)
 #default_swift_reference = ref1
 
-# The address where the Swift authentication service is
-# listening.(deprecated) (string value)
+# Version of the authentication service to use. Valid versions are 2
+# and 3 for keystone and 1 (deprecated) for swauth and rackspace.
+# (deprecated - use "auth_version" in swift_store_config_file) (string
+# value)
+#swift_store_auth_version = 2
+
+# The address where the Swift authentication service is listening.
+# (deprecated - use "auth_address" in swift_store_config_file) (string
+# value)
 #swift_store_auth_address = <None>
 
 # The user to authenticate against the Swift authentication service
-# (deprecated) (string value)
+# (deprecated - use "user" in swift_store_config_file) (string value)
 #swift_store_user = <None>
 
 # Auth key for the user authenticating against the Swift
-# authentication service. (deprecated) (string value)
+# authentication service. (deprecated - use "key" in
+# swift_store_config_file) (string value)
 #swift_store_key = <None>
 
 # The config file that has the swift account(s)configs. (string value)
@@ -772,6 +936,9 @@
 # Verify HTTPS connections. (boolean value)
 #insecure = false
 
+# The region in which the identity server can be found. (string value)
+#region_name = <None>
+
 # Directory used to cache files related to PKI tokens. (string value)
 signing_dir = /var/lib/glance/keystone-signing
 
@@ -794,12 +961,13 @@
 #revocation_cache_time = 10
 
 # (Optional) If defined, indicate whether token data should be
-# authenticated or authenticated and encrypted. Acceptable values are
-# MAC or ENCRYPT.  If MAC, token data is authenticated (with HMAC) in
-# the cache. If ENCRYPT, token data is encrypted and authenticated in
-# the cache. If the value is not one of these options or empty,
-# auth_token will raise an exception on initialization. (string value)
-#memcache_security_strategy = <None>
+# authenticated or authenticated and encrypted. If MAC, token data is
+# authenticated (with HMAC) in the cache. If ENCRYPT, token data is
+# encrypted and authenticated in the cache. If the value is not one of
+# these options or empty, auth_token will raise an exception on
+# initialization. (string value)
+# Allowed values: None, MAC, ENCRYPT
+#memcache_security_strategy = None
 
 # (Optional, mandatory if memcache_security_strategy is defined) This
 # string is used for key derivation. (string value)
@@ -814,7 +982,7 @@
 #memcache_pool_maxsize = 10
 
 # (Optional) Socket timeout in seconds for communicating with a
-# memcache server. (integer value)
+# memcached server. (integer value)
 #memcache_pool_socket_timeout = 3
 
 # (Optional) Number of seconds a connection to memcached is held
@@ -822,10 +990,10 @@
 #memcache_pool_unused_timeout = 60
 
 # (Optional) Number of seconds that an operation will wait to get a
-# memcache client connection from the pool. (integer value)
+# memcached client connection from the pool. (integer value)
 #memcache_pool_conn_get_timeout = 10
 
-# (Optional) Use the advanced (eventlet safe) memcache client pool.
+# (Optional) Use the advanced (eventlet safe) memcached client pool.
 # The advanced pool will only work under python 2.x. (boolean value)
 #memcache_use_advanced_pool = false
 
@@ -860,34 +1028,18 @@
 # value)
 #hash_algorithms = md5
 
-# Prefix to prepend at the beginning of the path. Deprecated, use
-# identity_uri. (string value)
-#auth_admin_prefix =
-
-# Host providing the admin Identity API endpoint. Deprecated, use
-# identity_uri. (string value)
-#auth_host = 127.0.0.1
-
-# Port of the admin Identity API endpoint. Deprecated, use
-# identity_uri. (integer value)
-#auth_port = 35357
+# Authentication type to load (unknown value)
+# Deprecated group/name - [DEFAULT]/auth_plugin
+#auth_type = <None>
 
-# Protocol of the admin Identity API endpoint (http or https).
-# Deprecated, use identity_uri. (string value)
-#auth_protocol = https
+# Config Section from which to load plugin specific options (unknown
+# value)
+#auth_section = <None>
 
-# Complete admin Identity API endpoint. This should specify the
-# unversioned root endpoint e.g. https://localhost:35357/ (string
-# value)
+# Complete admin Identity API endpoint. This should specify the unversioned
+# root endpoint e.g. https://localhost:35357/ (string value)
 identity_uri = http://127.0.0.1:35357/
 
-# This option is deprecated and may be removed in a future release.
-# Single shared secret with the Keystone configuration used for
-# bootstrapping a Keystone installation, or otherwise bypassing the
-# normal authentication process. This option should not be used, use
-# `admin_user` and `admin_password` instead. (string value)
-#admin_token = <None>
-
 # Service username. (string value)
 admin_user = %SERVICE_USER%
 
@@ -897,13 +1049,6 @@
 # Service tenant name. (string value)
 admin_tenant_name = %SERVICE_TENANT_NAME%
 
-# Name of the plugin to load (string value)
-#auth_plugin = <None>
-
-# Config Section from which to load plugin specific options (string
-# value)
-#auth_section = <None>
-
 
 [matchmaker_redis]
 
@@ -914,22 +1059,29 @@
 # Host to locate redis. (string value)
 #host = 127.0.0.1
 
-# Use this port to connect to redis host. (integer value)
+# Use this port to connect to redis host. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #port = 6379
 
 # Password for Redis server (optional). (string value)
-#password = <None>
+#password =
 
+# List of Redis Sentinel hosts (fault tolerance mode) e.g.
+# [host:port, host1:port ... ] (list value)
+#sentinel_hosts =
 
-[matchmaker_ring]
+# Redis replica set name. (string value)
+#sentinel_group_name = oslo-messaging-zeromq
 
-#
-# From oslo.messaging
-#
+# Time in ms to wait between connection attempts. (integer value)
+#wait_timeout = 500
 
-# Matchmaker ring file (JSON). (string value)
-# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
-#ringfile = /etc/oslo/matchmaker_ring.json
+# Time in ms to wait before the transaction is killed. (integer value)
+#check_timeout = 20000
+
+# Timeout in ms on blocking socket operations (integer value)
+#socket_timeout = 1000
 
 
 [oslo_concurrency]
@@ -947,7 +1099,7 @@
 # that need locking. Defaults to environment variable OSLO_LOCK_PATH.
 # If external locks are used, a lock path must be set. (string value)
 # Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
+lock_path = /var/lib/glance/lock
 
 
 [oslo_messaging_amqp]
@@ -980,8 +1132,7 @@
 # Deprecated group/name - [amqp1]/trace
 #trace = false
 
-# CA certificate PEM file for verifing server certificate (string
-# value)
+# CA certificate PEM file to verify server certificate (string value)
 # Deprecated group/name - [amqp1]/ssl_ca_file
 #ssl_ca_file =
 
@@ -1003,73 +1154,49 @@
 # Deprecated group/name - [amqp1]/allow_insecure_clients
 #allow_insecure_clients = false
 
+# Space separated list of acceptable SASL mechanisms (string value)
+# Deprecated group/name - [amqp1]/sasl_mechanisms
+#sasl_mechanisms =
 
-[oslo_messaging_qpid]
+# Path to directory that contains the SASL configuration (string
+# value)
+# Deprecated group/name - [amqp1]/sasl_config_dir
+#sasl_config_dir =
+
+# Name of configuration file (without .conf suffix) (string value)
+# Deprecated group/name - [amqp1]/sasl_config_name
+#sasl_config_name =
+
+# User name for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/username
+#username =
+
+# Password for message broker authentication (string value)
+# Deprecated group/name - [amqp1]/password
+#password =
+
+
+[oslo_messaging_notifications]
 
 #
 # From oslo.messaging
 #
 
-# Use durable queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues = false
-
-# Auto-delete queues in AMQP. (boolean value)
-# Deprecated group/name - [DEFAULT]/amqp_auto_delete
-#amqp_auto_delete = false
-
-# Size of RPC connection pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
-#rpc_conn_pool_size = 30
-
-# Qpid broker hostname. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_hostname
-#qpid_hostname = localhost
-
-# Qpid broker port. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_port
-#qpid_port = 5672
-
-# Qpid HA cluster host:port pairs. (list value)
-# Deprecated group/name - [DEFAULT]/qpid_hosts
-#qpid_hosts = $qpid_hostname:$qpid_port
-
-# Username for Qpid connection. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_username
-#qpid_username =
+# The Drivers(s) to handle sending notifications. Possible values are
+# messaging, messagingv2, routing, log, test, noop (multi valued)
+# Deprecated group/name - [DEFAULT]/notification_driver
+#driver =
 
-# Password for Qpid connection. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_password
-#qpid_password =
-
-# Space separated list of SASL mechanisms to use for auth. (string
-# value)
-# Deprecated group/name - [DEFAULT]/qpid_sasl_mechanisms
-#qpid_sasl_mechanisms =
-
-# Seconds between connection keepalive heartbeats. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_heartbeat
-#qpid_heartbeat = 60
+# A URL representing the messaging driver to use for notifications. If
+# not set, we fall back to the same configuration used for RPC.
+# (string value)
+# Deprecated group/name - [DEFAULT]/notification_transport_url
+#transport_url = <None>
 
-# Transport to use, either 'tcp' or 'ssl'. (string value)
-# Deprecated group/name - [DEFAULT]/qpid_protocol
-#qpid_protocol = tcp
-
-# Whether to disable the Nagle algorithm. (boolean value)
-# Deprecated group/name - [DEFAULT]/qpid_tcp_nodelay
-#qpid_tcp_nodelay = true
-
-# The number of prefetched messages held by receiver. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_receiver_capacity
-#qpid_receiver_capacity = 1
-
-# The qpid topology version to use.  Version 1 is what was originally
-# used by impl_qpid.  Version 2 includes some backwards-incompatible
-# changes that allow broker federation to work.  Users should update
-# to version 2 when they are able to take everything down, as it
-# requires a clean break. (integer value)
-# Deprecated group/name - [DEFAULT]/qpid_topology_version
-#qpid_topology_version = 1
+# AMQP topic used for OpenStack notifications. (list value)
+# Deprecated group/name - [rpc_notifier2]/topics
+# Deprecated group/name - [DEFAULT]/notification_topics
+#topics = notifications
 
 
 [oslo_messaging_rabbit]
@@ -1079,6 +1206,7 @@
 #
 
 # Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/amqp_durable_queues
 # Deprecated group/name - [DEFAULT]/rabbit_durable_queues
 #amqp_durable_queues = false
 
@@ -1086,10 +1214,6 @@
 # Deprecated group/name - [DEFAULT]/amqp_auto_delete
 #amqp_auto_delete = false
 
-# Size of RPC connection pool. (integer value)
-# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size
-#rpc_conn_pool_size = 30
-
 # SSL version to use (valid only if SSL enabled). Valid values are
 # TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be
 # available on some distributions. (string value)
@@ -1114,13 +1238,31 @@
 # Deprecated group/name - [DEFAULT]/kombu_reconnect_delay
 #kombu_reconnect_delay = 1.0
 
+# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression
+# will not be used. This option may notbe available in future
+# versions. (string value)
+#kombu_compression = <None>
+
+# How long to wait a missing client beforce abandoning to send it its
+# replies. This value should not be longer than rpc_response_timeout.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout
+#kombu_missing_consumer_retry_timeout = 60
+
+# Determines how the next RabbitMQ node is chosen in case the one we
+# are currently connected to becomes unavailable. Takes effect only if
+# more than one RabbitMQ node is provided in config. (string value)
+# Allowed values: round-robin, shuffle
+#kombu_failover_strategy = round-robin
+
 # The RabbitMQ broker address where a single node is used. (string
 # value)
 # Deprecated group/name - [DEFAULT]/rabbit_host
 #rabbit_host = localhost
 
-# The RabbitMQ broker port where a single node is used. (integer
-# value)
+# The RabbitMQ broker port where a single node is used. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 # Deprecated group/name - [DEFAULT]/rabbit_port
 #rabbit_port = 5672
 
@@ -1156,21 +1298,40 @@
 # Deprecated group/name - [DEFAULT]/rabbit_retry_backoff
 #rabbit_retry_backoff = 2
 
+# Maximum interval of RabbitMQ connection retries. Default is 30
+# seconds. (integer value)
+#rabbit_interval_max = 30
+
 # Maximum number of RabbitMQ connection retries. Default is 0
 # (infinite retry count). (integer value)
 # Deprecated group/name - [DEFAULT]/rabbit_max_retries
 #rabbit_max_retries = 0
 
-# Use HA queues in RabbitMQ (x-ha-policy: all). If you change this
-# option, you must wipe the RabbitMQ database. (boolean value)
+# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change
+# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0,
+# queue mirroring is no longer controlled by the x-ha-policy argument
+# when declaring a queue. If you just want to make sure that all
+# queues (except those with auto-generated names) are mirrored across
+# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-
+# mode": "all"}' " (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_ha_queues
 #rabbit_ha_queues = false
 
+# Positive integer representing duration in seconds for queue TTL
+# (x-expires). Queues which are unused for the duration of the TTL are
+# automatically deleted. The parameter affects only reply and fanout
+# queues. (integer value)
+# Minimum value: 1
+#rabbit_transient_queues_ttl = 1800
+
+# Specifies the number of messages to prefetch. Setting to zero allows
+# unlimited messages. (integer value)
+#rabbit_qos_prefetch_count = 0
+
 # Number of seconds after which the Rabbit broker is considered down
-# if heartbeat's keep-alive fails (0 disables the heartbeat, >0
-# enables it. Enabling heartbeats requires kombu>=3.0.7 and
-# amqp>=1.4.0). EXPERIMENTAL (integer value)
-#heartbeat_timeout_threshold = 0
+# if heartbeat's keep-alive fails (0 disable the heartbeat).
+# EXPERIMENTAL (integer value)
+#heartbeat_timeout_threshold = 60
 
 # How often times during the heartbeat_timeout_threshold we check the
 # heartbeat. (integer value)
@@ -1181,6 +1342,129 @@
 # Deprecated group/name - [DEFAULT]/fake_rabbit
 #fake_rabbit = false
 
+# Maximum number of channels to allow (integer value)
+#channel_max = <None>
+
+# The maximum byte size for an AMQP frame (integer value)
+#frame_max = <None>
+
+# How often to send heartbeats for consumer's connections (integer
+# value)
+#heartbeat_interval = 1
+
+# Enable SSL (boolean value)
+#ssl = <None>
+
+# Arguments passed to ssl.wrap_socket (dict value)
+#ssl_options = <None>
+
+# Set socket timeout in seconds for connection's socket (floating
+# point value)
+#socket_timeout = 0.25
+
+# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating
+# point value)
+#tcp_user_timeout = 0.25
+
+# Set delay for reconnection to some host which has connection error
+# (floating point value)
+#host_connection_reconnect_delay = 0.25
+
+# Maximum number of connections to keep queued. (integer value)
+#pool_max_size = 10
+
+# Maximum number of connections to create above `pool_max_size`.
+# (integer value)
+#pool_max_overflow = 0
+
+# Default number of seconds to wait for a connections to available
+# (integer value)
+#pool_timeout = 30
+
+# Lifetime of a connection (since creation) in seconds or None for no
+# recycling. Expired connections are closed on acquire. (integer
+# value)
+#pool_recycle = 600
+
+# Threshold at which inactive (since release) connections are
+# considered stale in seconds or None for no staleness. Stale
+# connections are closed on acquire. (integer value)
+#pool_stale = 60
+
+# Persist notification messages. (boolean value)
+#notification_persistence = false
+
+# Exchange name for for sending notifications (string value)
+#default_notification_exchange = ${control_exchange}_notification
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# notification listener. (integer value)
+#notification_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending notification, -1 means infinite retry. (integer value)
+#default_notification_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending notification message (floating point value)
+#notification_retry_delay = 0.25
+
+# Time to live for rpc queues without consumers in seconds. (integer
+# value)
+#rpc_queue_expiration = 60
+
+# Exchange name for sending RPC messages (string value)
+#default_rpc_exchange = ${control_exchange}_rpc
+
+# Exchange name for receiving RPC replies (string value)
+#rpc_reply_exchange = ${control_exchange}_rpc_reply
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc listener. (integer value)
+#rpc_listener_prefetch_count = 100
+
+# Max number of not acknowledged message which RabbitMQ can send to
+# rpc reply listener. (integer value)
+#rpc_reply_listener_prefetch_count = 100
+
+# Reconnecting retry count in case of connectivity problem during
+# sending reply. -1 means infinite retry during rpc_timeout (integer
+# value)
+#rpc_reply_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending reply. (floating point value)
+#rpc_reply_retry_delay = 0.25
+
+# Reconnecting retry count in case of connectivity problem during
+# sending RPC message, -1 means infinite retry. If actual retry
+# attempts in not 0 the rpc request could be processed more then one
+# time (integer value)
+#default_rpc_retry_attempts = -1
+
+# Reconnecting retry delay in case of connectivity problem during
+# sending RPC message (floating point value)
+#rpc_retry_delay = 0.25
+
+
+[oslo_middleware]
+
+#
+# From oslo.middleware
+#
+
+# The maximum body size for each request, in bytes. (integer value)
+# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
+# Deprecated group/name - [DEFAULT]/max_request_body_size
+#max_request_body_size = 114688
+
+# The HTTP Header that will be used to determine what the original
+# request protocol scheme was, even if it was hidden by an SSL
+# termination proxy. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#secure_proxy_ssl_header = X-Forwarded-Proto
+
 
 [oslo_policy]
 
@@ -1233,3 +1517,7 @@
 
 # If False doesn't trace SQL requests. (boolean value)
 #trace_sqlalchemy = false
+
+# Secret key to use to sign Glance API and Glance Registry services
+# tracing messages. (string value)
+#hmac_keys = SECRET_KEY
--- a/components/openstack/glance/files/glance-registry.xml	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/files/glance-registry.xml	Wed Sep 07 14:48:42 2016 -0700
@@ -64,6 +64,12 @@
     <exec_method timeout_seconds="60" type="method" name="stop"
       exec=":kill"/>
 
+    <property_group name="startd" type="framework">
+      <!-- glance-registry manages its children so we should ignore their
+           death -->
+      <propval name='ignore_error' type='astring' value='signal' />
+    </property_group>
+
     <instance name='default' enabled='false'>
       <!-- to start/stop/refresh the service -->
       <property_group name='general' type='framework'>
--- a/components/openstack/glance/files/glance-scrubber.conf	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/files/glance-scrubber.conf	Wed Sep 07 14:48:42 2016 -0700
@@ -44,19 +44,20 @@
 # For example, if using the file system store a URL of
 # "file:///path/to/image" will be returned to the user in the
 # 'direct_url' meta-data field. Revealing storage location can be a
-# security risk, so use this setting with caution!  The overrides
-# show_image_direct_url. (boolean value)
+# security risk, so use this setting with caution! Setting this to
+# true overrides the show_image_direct_url option. (boolean value)
 #show_multiple_locations = false
 
 # Maximum size of image a user can upload in bytes. Defaults to
-# 1099511627776 bytes (1 TB).WARNING: this value should only be
+# 1099511627776 bytes (1 TB). WARNING: this value should only be
 # increased after careful consideration and must be set to a value
 # under 8 EB (9223372036854775808). (integer value)
+# Maximum value: 9223372036854775808
 #image_size_cap = 1099511627776
 
 # Set a system wide quota for every user. This value is the total
 # capacity that a user can use across all storage systems. A value of
-# 0 means unlimited.Optional unit can be specified for the value.
+# 0 means unlimited. Optional unit can be specified for the value.
 # Accepted units are B, KB, MB, GB and TB representing Bytes,
 # KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no
 # unit is specified then Bytes is assumed. Note that there should not
@@ -81,7 +82,9 @@
 #pydev_worker_debug_host = <None>
 
 # The port on which a pydev process is listening for connections.
-# (integer value)
+# (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #pydev_worker_debug_port = 5678
 
 # AES key for encrypting store 'location' metadata. This includes, if
@@ -89,35 +92,38 @@
 # length 16, 24 or 32 bytes (string value)
 #metadata_encryption_key = <None>
 
-# Digest algorithm which will be used for digital signature; the
-# default is sha1 the default in Kilo for a smooth upgrade process,
-# and it will be updated with sha256 in next release(L). Use the
+# Digest algorithm which will be used for digital signature. Use the
 # command "openssl list-message-digest-algorithms" to get the
 # available algorithms supported by the version of OpenSSL on the
 # platform. Examples are "sha1", "sha256", "sha512", etc. (string
 # value)
-#digest_algorithm = sha1
-
-# Directory that the scrubber will use to track information about what
-# to delete. Make sure this is set in glance-api.conf and glance-
-# scrubber.conf. (string value)
-#scrubber_datadir = /var/lib/glance/scrubber
+#digest_algorithm = sha256
 
 # The amount of time in seconds to delay before performing a delete.
 # (integer value)
 #scrub_time = 0
 
-# A boolean that determines if the scrubber should clean up the files
-# it uses for taking data. Only one server in your deployment should
-# be designated the cleanup host. (boolean value)
-#cleanup_scrubber = false
+# The size of thread pool to be used for scrubbing images. The default
+# is one, which signifies serial scrubbing. Any value above one
+# indicates the max number of images that may be scrubbed in parallel.
+# (integer value)
+#scrub_pool_size = 1
 
 # Turn on/off delayed delete. (boolean value)
 #delayed_delete = false
 
-# Items must have a modified time that is older than this value in
-# order to be candidates for cleanup. (integer value)
-#cleanup_scrubber_time = 86400
+# Role used to identify an authenticated user as administrator.
+# (string value)
+#admin_role = admin
+
+# Whether to pass through headers containing user and tenant
+# information when making requests to the registry. This allows the
+# registry to use the context middleware without keystonemiddleware's
+# auth_token middleware, removing calls to the keystone auth service.
+# It is recommended that when using this option, secure communication
+# between glance api and glance registry is ensured by means other
+# than auth_token middleware. (boolean value)
+#send_identity_headers = false
 
 # Loop time between checking for new items to schedule for delete.
 # (integer value)
@@ -129,121 +135,208 @@
 # (boolean value)
 daemon = true
 
+# The protocol to use for communication with the registry server.
+# Either http or https. (string value)
+#registry_client_protocol = http
+
+# The path to the key file to use in SSL connections to the registry
+# server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE
+# environment variable to a filepath of the key file (string value)
+#registry_client_key_file = <None>
+
+# The path to the cert file to use in SSL connections to the registry
+# server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE
+# environment variable to a filepath of the CA cert file (string
+# value)
+#registry_client_cert_file = <None>
+
+# The path to the certifying authority cert file to use in SSL
+# connections to the registry server, if any. Alternately, you may set
+# the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the
+# CA cert file. (string value)
+#registry_client_ca_file = <None>
+
+# When using SSL in connections to the registry server, do not require
+# validation via a certifying authority. This is the registry's
+# equivalent of specifying --insecure on the command line using
+# glanceclient for the API. (boolean value)
+#registry_client_insecure = false
+
+# The period of time, in seconds, that the API server will wait for a
+# registry request to complete. A value of 0 implies no timeout.
+# (integer value)
+#registry_client_timeout = 600
+
 # Whether to pass through the user token when making requests to the
-# registry. (boolean value)
+# registry. To prevent failures with token expiration during big files
+# upload, it is recommended to set this parameter to False. If
+# "use_user_token" is not in effect, then admin credentials can be
+# specified. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #use_user_token = true
 
 # The administrators user name. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_user = %SERVICE_USER%
 
 # The administrators password. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_password = %SERVICE_PASSWORD%
 
 # The tenant name of the administrative user. If "use_user_token" is
 # not in effect, then admin tenant name can be specified. (string
 # value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 admin_tenant_name = %SERVICE_TENANT_NAME%
 
 # The URL to the keystone service. If "use_user_token" is not in
 # effect and using keystone auth, then URL of keystone can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 auth_url = http://127.0.0.1:5000/v2.0/
 
 # The strategy to use for authentication. If "use_user_token" is not
 # in effect, then auth strategy can be specified. (string value)
-#auth_strategy = noauth
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
+auth_strategy = keystone
 
 # The region for the authentication service. If "use_user_token" is
 # not in effect and using keystone auth, then region name can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_region = <None>
 
 # Address to find the registry server. (string value)
 #registry_host = 0.0.0.0
 
-# Port the registry server is listening on. (integer value)
+# Port the registry server is listening on. (port value)
+# Minimum value: 0
+# Maximum value: 65535
 #registry_port = 9191
 
 #
 # From oslo.log
 #
 
-# Print debugging output (set logging level to DEBUG instead of
-# default WARNING level). (boolean value)
+# If set to true, the logging level will be set to DEBUG instead of
+# the default INFO level. (boolean value)
 #debug = false
 
-# Print more verbose output (set logging level to INFO instead of
-# default WARNING level). (boolean value)
-#verbose = false
+# If set to false, the logging level will be set to WARNING instead of
+# the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
 
 # The name of a logging configuration file. This file is appended to
 # any existing logging configuration files. For details about logging
 # configuration files, see the Python logging module documentation.
-# (string value)
+# Note that when logging configuration files are used then all logging
+# configuration is set in the configuration file and other logging
+# configuration options are ignored (for example,
+# logging_context_format_string). (string value)
 # Deprecated group/name - [DEFAULT]/log_config
 #log_config_append = <None>
 
-# DEPRECATED. A logging.Formatter log message format string which may
-# use any of the available logging.LogRecord attributes. This option
-# is deprecated.  Please use logging_context_format_string and
-# logging_default_format_string instead. (string value)
-#log_format = <None>
-
-# Format string for %%(asctime)s in log records. Default: %(default)s
-# . (string value)
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set.
+# (string value)
 #log_date_format = %Y-%m-%d %H:%M:%S
 
-# (Optional) Name of log file to output to. If no default is set,
-# logging will go to stdout. (string value)
+# (Optional) Name of log file to send logging output to. If no default
+# is set, logging will go to stderr as defined by use_stderr. This
+# option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logfile
 #log_file = <None>
 
-# (Optional) The base directory used for relative --log-file paths.
-# (string value)
+# (Optional) The base directory used for relative log_file paths.
+# This option is ignored if log_config_append is set. (string value)
 # Deprecated group/name - [DEFAULT]/logdir
 #log_dir = <None>
 
-# Use syslog for logging. Existing syslog format is DEPRECATED during
-# I, and will change in J to honor RFC5424. (boolean value)
+# Uses logging handler designed to watch file system. When log file is
+# moved or removed this handler will open a new log file with
+# specified path instantaneously. It makes sense only if log_file
+# option is specified and Linux platform is used. This option is
+# ignored if log_config_append is set. (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and
+# will be changed later to honor RFC5424. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_syslog = false
 
-# (Optional) Enables or disables syslog rfc5424 format for logging. If
-# enabled, prefixes the MSG part of the syslog message with APP-NAME
-# (RFC5424). The format without the APP-NAME is deprecated in I, and
-# will be removed in J. (boolean value)
-#use_syslog_rfc_format = false
-
-# Syslog facility to receive log lines. (string value)
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
 #syslog_log_facility = LOG_USER
 
-# Log output to standard error. (boolean value)
+# Log output to standard error. This option is ignored if
+# log_config_append is set. (boolean value)
 #use_stderr = true
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
 
-# Format string to use for log messages without context. (string
-# value)
+# Format string to use for log messages when context is undefined.
+# (string value)
 #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
 
-# Data to append to log format when level is DEBUG. (string value)
+# Additional data to append to log message when logging level for the
+# message is DEBUG. (string value)
 #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
 
 # Prefix each line of exception output with this format. (string
 # value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
 
-# List of logger=LEVEL pairs. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is
+# ignored if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
 
 # Enables or disables publication of error events. (boolean value)
 #publish_errors = false
 
-# Enables or disables fatal status of deprecations. (boolean value)
-#fatal_deprecations = false
-
 # The format for an instance that is passed with the log message.
 # (string value)
 #instance_format = "[instance: %(uuid)s] "
@@ -252,305 +345,123 @@
 # (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
 
-[glance_store]
+
+[database]
 
 #
-# From glance.store
-#
-
-# List of stores enabled (list value)
-#stores = file,http
-
-# Default scheme to use to store image data. The scheme must be
-# registered by one of the stores defined by the 'stores' config
-# option. (string value)
-#default_store = file
-
-# Minimum interval seconds to execute updating dynamic storage
-# capabilities based on backend status then. It's not a periodic
-# routine, the update logic will be executed only when interval
-# seconds elapsed and an operation of store has triggered. The feature
-# will be enabled only when the option value greater then zero.
-# (integer value)
-#store_capabilities_update_min_interval = 0
-
-#
-# From glance.store
+# From oslo.db
 #
 
-# Images will be chunked into objects of this size (in megabytes). For
-# best performance, this should be a power of two. (integer value)
-#sheepdog_store_chunk_size = 64
-
-# Port of sheep daemon. (integer value)
-#sheepdog_store_port = 7000
-
-# IP address of sheep daemon. (string value)
-#sheepdog_store_address = localhost
-
-# RADOS images will be chunked into objects of this size (in
-# megabytes). For best performance, this should be a power of two.
-# (integer value)
-#rbd_store_chunk_size = 8
+# The file name to use with SQLite. (string value)
+# Deprecated group/name - [DEFAULT]/sqlite_db
+#sqlite_db = oslo.sqlite
 
-# RADOS pool in which images are stored. (string value)
-#rbd_store_pool = images
-
-# RADOS user to authenticate as (only applicable if using Cephx. If
-# <None>, a default will be chosen based on the client. section in
-# rbd_store_ceph_conf) (string value)
-#rbd_store_user = <None>
-
-# Ceph configuration file path. If <None>, librados will locate the
-# default config. If using cephx authentication, this file should
-# include a reference to the right keyring in a client.<USER> section
-# (string value)
-#rbd_store_ceph_conf = /etc/ceph/ceph.conf
-
-# Directory to which the Filesystem backend store writes images.
-# (string value)
-filesystem_store_datadir = /var/lib/glance/images/
+# If True, SQLite uses synchronous mode. (boolean value)
+# Deprecated group/name - [DEFAULT]/sqlite_synchronous
+#sqlite_synchronous = true
 
-# List of directories and its priorities to which the Filesystem
-# backend store writes images. (multi valued)
-#filesystem_store_datadirs =
-
-# The path to a file which contains the metadata to be returned with
-# any location associated with this store.  The file must contain a
-# valid JSON object. The object should contain the keys 'id' and
-# 'mountpoint'. The value for both keys should be 'string'. (string
-# value)
-#filesystem_store_metadata_file = <None>
+# The back end to use for the database. (string value)
+# Deprecated group/name - [DEFAULT]/db_backend
+#backend = sqlalchemy
 
-# The required permission for created image file. In this way the user
-# other service used, e.g. Nova, who consumes the image could be the
-# exclusive member of the group that owns the files created. Assigning
-# it less then or equal to zero means don't change the default
-# permission of the file. This value will be decoded as an octal
-# digit. (integer value)
-#filesystem_store_file_perm = 0
+# The SQLAlchemy connection string to use to connect to the database.
+# (string value)
+# Deprecated group/name - [DEFAULT]/sql_connection
+# Deprecated group/name - [DATABASE]/sql_connection
+# Deprecated group/name - [sql]/connection
+connection = mysql://%SERVICE_USER%:%SERVICE_PASSWORD%@localhost/glance
 
-# Hostname or IP address of the instance to connect to, or a mongodb
-# URI, or a list of hostnames / mongodb URIs. If host is an IPv6
-# literal it must be enclosed in '[' and ']' characters following the
-# RFC2732 URL syntax (e.g. '[::1]' for localhost) (string value)
-#mongodb_store_uri = <None>
-
-# Database to use (string value)
-#mongodb_store_db = <None>
-
-# The host where the S3 server is listening. (string value)
-#s3_store_host = <None>
-
-# The S3 query token access key. (string value)
-#s3_store_access_key = <None>
+# The SQLAlchemy connection string to use to connect to the slave
+# database. (string value)
+#slave_connection = <None>
 
-# The S3 query token secret key. (string value)
-#s3_store_secret_key = <None>
-
-# The S3 bucket to be used to store the Glance data. (string value)
-#s3_store_bucket = <None>
-
-# The local directory where uploads will be staged before they are
-# transferred into S3. (string value)
-#s3_store_object_buffer_dir = <None>
-
-# A boolean to determine if the S3 bucket should be created on upload
-# if it does not exist or if an error should be returned to the user.
-# (boolean value)
-#s3_store_create_bucket_on_put = false
+# The SQL mode to be used for MySQL sessions. This option, including
+# the default, overrides any server-set SQL mode. To use whatever SQL
+# mode is set by the server configuration, set this to no value.
+# Example: mysql_sql_mode= (string value)
+#mysql_sql_mode = TRADITIONAL
 
-# The S3 calling format used to determine the bucket. Either subdomain
-# or path can be used. (string value)
-#s3_store_bucket_url_format = subdomain
-
-# What size, in MB, should S3 start chunking image files and do a
-# multipart upload in S3. (integer value)
-#s3_store_large_object_size = 100
-
-# What multipart upload part size, in MB, should S3 use when uploading
-# parts. The size must be greater than or equal to 5M. (integer value)
-#s3_store_large_object_chunk_size = 10
-
-# The number of thread pools to perform a multipart upload in S3.
-# (integer value)
-#s3_store_thread_pools = 10
+# Timeout before idle SQL connections are reaped. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_idle_timeout
+# Deprecated group/name - [DATABASE]/sql_idle_timeout
+# Deprecated group/name - [sql]/idle_timeout
+#idle_timeout = 3600
 
-# ESX/ESXi or vCenter Server target system. The server value can be an
-# IP address or a DNS name. (string value)
-#vmware_server_host = <None>
-
-# Username for authenticating with VMware ESX/VC server. (string
+# Minimum number of SQL connections to keep open in a pool. (integer
 # value)
-#vmware_server_username = <None>
-
-# Password for authenticating with VMware ESX/VC server. (string
-# value)
-#vmware_server_password = <None>
+# Deprecated group/name - [DEFAULT]/sql_min_pool_size
+# Deprecated group/name - [DATABASE]/sql_min_pool_size
+#min_pool_size = 1
 
-# DEPRECATED. Inventory path to a datacenter. If the
-# vmware_server_host specified is an ESX/ESXi, the
-# vmware_datacenter_path is optional. If specified, it should be "ha-
-# datacenter". This option is deprecated in favor of vmware_datastores
-# and will be removed in the Liberty release. (string value)
-#vmware_datacenter_path = ha-datacenter
-
-# DEPRECATED. Datastore associated with the datacenter. This option is
-# deprecated in favor of vmware_datastores and will be removed in the
-# Liberty release. (string value)
-#vmware_datastore_name = <None>
+# Maximum number of SQL connections to keep open in a pool. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_max_pool_size
+# Deprecated group/name - [DATABASE]/sql_max_pool_size
+#max_pool_size = <None>
 
-# Number of times VMware ESX/VC server API must be retried upon
-# connection related issues. (integer value)
-#vmware_api_retry_count = 10
-
-# The interval used for polling remote tasks invoked on VMware ESX/VC
-# server. (integer value)
-#vmware_task_poll_interval = 5
-
-# The name of the directory where the glance images will be stored in
-# the VMware datastore. (string value)
-#vmware_store_image_dir = /openstack_glance
+# Maximum number of database connection retries during startup. Set to
+# -1 to specify an infinite retry count. (integer value)
+# Deprecated group/name - [DEFAULT]/sql_max_retries
+# Deprecated group/name - [DATABASE]/sql_max_retries
+#max_retries = 10
 
-# Allow to perform insecure SSL requests to ESX/VC. (boolean value)
-#vmware_api_insecure = false
+# Interval between retries of opening a SQL connection. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_retry_interval
+# Deprecated group/name - [DATABASE]/reconnect_interval
+#retry_interval = 10
 
-# A list of datastores where the image can be stored. This option may
-# be specified multiple times for specifying multiple datastores.
-# Either one of vmware_datastore_name or vmware_datastores is
-# required. The datastore name should be specified after its
-# datacenter path, seperated by ":". An optional weight may be given
-# after the datastore name, seperated again by ":". Thus, the required
-# format becomes <datacenter_path>:<datastore_name>:<optional_weight>.
-# When adding an image, the datastore with highest weight will be
-# selected, unless there is not enough free space available in cases
-# where the image size is already known. If no weight is given, it is
-# assumed to be zero and the directory will be considered for
-# selection last. If multiple datastores have the same weight, then
-# the one with the most free space available is selected. (multi
-# valued)
-#vmware_datastores =
-
-# Info to match when looking for cinder in the service catalog. Format
-# is : separated values of the form:
-# <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volume:cinder:publicURL
-
-# Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v1/%(project_id)s (string value)
-#cinder_endpoint_template = <None>
-
-# Region name of this node (string value)
-#os_region_name = <None>
+# If set, use this value for max_overflow with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DEFAULT]/sql_max_overflow
+# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
+#max_overflow = 50
 
-# Location of ca certicates file to use for cinder client requests.
-# (string value)
-#cinder_ca_certificates_file = <None>
-
-# Number of cinderclient retries on failed http calls (integer value)
-#cinder_http_retries = 3
-
-# Allow to perform insecure SSL requests to cinder (boolean value)
-#cinder_api_insecure = false
-
-# Version of the authentication service to use. Valid versions are 2
-# for keystone and 1 for swauth and rackspace. (deprecated) (string
-# value)
-#swift_store_auth_version = 2
+# Verbosity of SQL debugging information: 0=None, 100=Everything.
+# (integer value)
+# Deprecated group/name - [DEFAULT]/sql_connection_debug
+#connection_debug = 0
 
-# If True, swiftclient won't check for a valid SSL certificate when
-# authenticating. (boolean value)
-#swift_store_auth_insecure = false
-
-# A string giving the CA certificate file to use in SSL connections
-# for verifying certs. (string value)
-#swift_store_cacert = <None>
+# Add Python stack traces to SQL as comment strings. (boolean value)
+# Deprecated group/name - [DEFAULT]/sql_connection_trace
+#connection_trace = false
 
-# The region of the swift endpoint to be used for single tenant. This
-# setting is only necessary if the tenant has multiple swift
-# endpoints. (string value)
-#swift_store_region = <None>
-
-# If set, the configured endpoint will be used. If None, the storage
-# url from the auth response will be used. (string value)
-#swift_store_endpoint = <None>
-
-# A string giving the endpoint type of the swift service to use
-# (publicURL, adminURL or internalURL). This setting is only used if
-# swift_store_auth_version is 2. (string value)
-#swift_store_endpoint_type = publicURL
+# If set, use this value for pool_timeout with SQLAlchemy. (integer
+# value)
+# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
+#pool_timeout = <None>
 
-# A string giving the service type of the swift service to use. This
-# setting is only used if swift_store_auth_version is 2. (string
-# value)
-#swift_store_service_type = object-store
-
-# Container within the account that the account should use for storing
-# images in Swift when using single container mode. In multiple
-# container mode, this will be the prefix for all containers. (string
-# value)
-#swift_store_container = glance
+# Enable the experimental use of database reconnect on connection
+# lost. (boolean value)
+#use_db_reconnect = false
 
-# The size, in MB, that Glance will start chunking image files and do
-# a large object manifest in Swift. (integer value)
-#swift_store_large_object_size = 5120
-
-# The amount of data written to a temporary disk buffer during the
-# process of chunking the image file. (integer value)
-#swift_store_large_object_chunk_size = 200
+# Seconds between retries of a database transaction. (integer value)
+#db_retry_interval = 1
 
-# A boolean value that determines if we create the container if it
-# does not exist. (boolean value)
-#swift_store_create_container_on_put = false
-
-# If set to True, enables multi-tenant storage mode which causes
-# Glance images to be stored in tenant specific Swift accounts.
-# (boolean value)
-#swift_store_multi_tenant = false
+# If True, increases the interval between retries of a database
+# operation up to db_max_retry_interval. (boolean value)
+#db_inc_retry_interval = true
 
-# When set to 0, a single-tenant store will only use one container to
-# store all images. When set to an integer value between 1 and 32, a
-# single-tenant store will use multiple containers to store images,
-# and this value will determine how many containers are created.Used
-# only when swift_store_multi_tenant is disabled. The total number of
-# containers that will be used is equal to 16^N, so if this config
-# option is set to 2, then 16^2=256 containers will be used to store
-# images. (integer value)
-#swift_store_multiple_containers_seed = 0
+# If db_inc_retry_interval is set, the maximum seconds between retries
+# of a database operation. (integer value)
+#db_max_retry_interval = 10
 
-# A list of tenants that will be granted read/write access on all
-# Swift containers created by Glance in multi-tenant mode. (list
-# value)
-#swift_store_admin_tenants =
-
-# If set to False, disables SSL layer compression of https swift
-# requests. Setting to False may improve performance for images which
-# are already in a compressed format, eg qcow2. (boolean value)
-#swift_store_ssl_compression = true
+# Maximum retries in case of connection error or deadlock error before
+# error is raised. Set to -1 to specify an infinite retry count.
+# (integer value)
+#db_max_retries = 20
 
-# The number of times a Swift download will be retried before the
-# request fails. (integer value)
-#swift_store_retry_get_count = 0
-
-# The reference to the default swift account/backing store parameters
-# to use for adding new images. (string value)
-#default_swift_reference = ref1
+#
+# From oslo.db.concurrency
+#
 
-# The address where the Swift authentication service is
-# listening.(deprecated) (string value)
-#swift_store_auth_address = <None>
-
-# The user to authenticate against the Swift authentication service
-# (deprecated) (string value)
-#swift_store_user = <None>
-
-# Auth key for the user authenticating against the Swift
-# authentication service. (deprecated) (string value)
-#swift_store_key = <None>
-
-# The config file that has the swift account(s)configs. (string value)
-#swift_store_config_file = <None>
+# Enable the experimental use of thread pooling for all DB API calls
+# (boolean value)
+# Deprecated group/name - [DEFAULT]/dbapi_use_tpool
+#use_tpool = false
 
 
 [oslo_concurrency]
@@ -568,7 +479,7 @@
 # that need locking. Defaults to environment variable OSLO_LOCK_PATH.
 # If external locks are used, a lock path must be set. (string value)
 # Deprecated group/name - [DEFAULT]/lock_path
-#lock_path = <None>
+lock_path = /var/lib/glance/lock
 
 
 [oslo_policy]
--- a/components/openstack/glance/files/glance-upgrade	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/files/glance-upgrade	Wed Sep 07 14:48:42 2016 -0700
@@ -28,37 +28,28 @@
 
 
 GLANCE_API_MAPPINGS = {
-    # Deprecated group/name
-    ('DEFAULT', 'container_formats'): ('image_format', 'container_formats'),
-    ('DEFAULT', 'disk_formats'): ('image_format', 'disk_formats'),
-    ('DEFAULT', 'matchmaker_ringfile'): ('matchmaker_ring', 'ringfile'),
-    ('DEFAULT', 'rabbit_durable_queues'): ('oslo_messaging_qpid',
-                                           'amqp_durable_queues'),
-    ('DEFAULT', 'qpid_hostname'): ('oslo_messaging_qpid', 'qpid_hostname'),
-    ('DEFAULT', 'qpid_port'): ('oslo_messaging_qpid', 'qpid_port'),
-    ('DEFAULT', 'qpid_username'): ('oslo_messaging_qpid', 'qpid_username'),
-    ('DEFAULT', 'qpid_password'): ('oslo_messaging_qpid', 'qpid_password'),
-    ('DEFAULT', 'qpid_sasl_mechanisms'): ('oslo_messaging_qpid',
-                                          'qpid_sasl_mechanisms'),
-    ('DEFAULT', 'qpid_heartbeat'): ('oslo_messaging_qpid', 'qpid_heartbeat'),
-    ('DEFAULT', 'qpid_protocol'): ('oslo_messaging_qpid', 'qpid_protocol'),
-    ('DEFAULT', 'qpid_tcp_nodelay'): ('oslo_messaging_qpid',
-                                      'qpid_tcp_nodelay'),
-    ('DEFAULT', 'rabbit_host'): ('oslo_messaging_rabbit', 'rabbit_host'),
-    ('DEFAULT', 'rabbit_port'): ('oslo_messaging_rabbit', 'rabbit_port'),
-    ('DEFAULT', 'rabbit_use_ssl'): ('oslo_messaging_rabbit', 'rabbit_use_ssl'),
-    ('DEFAULT', 'rabbit_userid'): ('oslo_messaging_rabbit', 'rabbit_userid'),
-    ('DEFAULT', 'rabbit_password'): ('oslo_messaging_rabbit',
-                                     'rabbit_password'),
-    ('DEFAULT', 'rabbit_virtual_host'): ('oslo_messaging_rabbit',
-                                         'rabbit_virtual_host'),
-    ('task', 'eventlet_executor_pool_size'):
-        ('taskflow_executor', 'max_workers'),
-    ('DEFAULT', 'log-format'): (None, None),
+    # Deprecated from Kilo to Mitaka
     ('DEFAULT', 'log_format'): (None, None),
     ('DEFAULT', 'use-syslog'): (None, None),
-    ('glance_store', 'vmware_datacenter_path'): (None, None),
-    ('glance_store', 'vmware_datastore_name'): (None, None),
+    ('DEFAULT', 'rpc_thread_pool_size'):
+        ('DEFAULT', 'executor_thread_pool_size'),
+    ('DEFAULT', 'notification_driver'):
+        ('oslo_messaging_notifications', 'driver'),
+    ('DEFAULT', 'notification_topics'):
+        ('oslo_messaging_notifications', 'topics'),
+    ('glance_store', 'os_region_name'):
+        ('glance_store', 'cinder_os_region_name'),
+    ('keystone_authtoken', 'auth_plugin'):
+        ('keystone_authtoken', 'auth_type'),
+    ('DEFAULT', 'scrubber_datadir'): (None, None),
+    ('DEFAULT', 'cleanup_scrubber'): (None, None),
+    ('DEFAULT', 'cleanup_scrubber_time'): (None, None),
+    ('DEFAULT', 'use_syslog_rfc_format'): (None, None),
+    ('DEFAULT', 'rpc_zmq_port'): (None, None),
+    ('DEFAULT', 'matchmaker_heartbeat_freq'): (None, None),
+    ('DEFAULT', 'matchmaker_heartbeat_ttl'): (None, None),
+    ('glance_store', 'mongodb_store_uri'): (None, None),
+    ('glance_store', 'mongodb_store_db'): (None, None),
 }
 
 GLANCE_API_EXCEPTIONS = [
@@ -125,6 +116,13 @@
     ('oslo_messaging_qpid', 'qpid_tcp_nodelay'),
 ]
 
+GLANCE_CACHE_MAPPINGS = {
+    # Deprecated group/name
+    ('DEFAULT', 'log_format'): (None, None),
+    ('DEFAULT', 'use-syslog'): (None, None),
+    ('DEFAULT', 'use_syslog_rfc_format'): (None, None),
+}
+
 GLANCE_CACHE_EXCEPTIONS = [
     ('DEFAULT', 'log_file'),
     ('DEFAULT', 'image_cache_dir'),
@@ -140,27 +138,24 @@
 ]
 
 GLANCE_REGISTRY_MAPPINGS = {
-    # Deprecate group/name
-    ('DEFAULT', 'rabbit_durable_queues'): ('oslo_messaging_qpid',
-                                           'rabbit_durable_queues'),
-    ('DEFAULT', 'qpid_hostname'): ('oslo_messaging_qpid', 'qpid_hostname'),
-    ('DEFAULT', 'qpid_port'): ('oslo_messaging_qpid', 'qpid_port'),
-    ('DEFAULT', 'qpid_username'): ('oslo_messaging_qpid', 'qpid_username'),
-    ('DEFAULT', 'qpid_password'): ('oslo_messaging_qpid', 'qpid_password'),
-    ('DEFAULT', 'qpid_sasl_mechanisms'): ('oslo_messaging_qpid',
-                                          'qpid_sasl_mechanisms'),
-    ('DEFAULT', 'qpid_heartbeat'): ('oslo_messaging_qpid', 'qpid_heartbeat'),
-    ('DEFAULT', 'qpid_protocol'): ('oslo_messaging_qpid', 'qpid_protocol'),
-    ('DEFAULT', 'qpid_tcp_nodelay'): ('oslo_messaging_qpid',
-                                      'qpid_tcp_nodelay'),
-    ('DEFAULT', 'rabbit_host'): ('oslo_messaging_rabbit', 'rabbit_host'),
-    ('DEFAULT', 'rabbit_port'): ('oslo_messaging_rabbit', 'rabbit_port'),
-    ('DEFAULT', 'rabbit_use_ssl'): ('oslo_messaging_rabbit', 'rabbit_use_ssl'),
-    ('DEFAULT', 'rabbit_userid'): ('oslo_messaging_rabbit', 'rabbit_userid'),
-    ('DEFAULT', 'rabbit_password'): ('oslo_messaging_rabbit',
-                                     'rabbit_password'),
-    ('DEFAULT', 'rabbit_virtual_host'): ('oslo_messaging_rabbit',
-                                         'rabbit_virtual_host'),
+    # Deprecated group/name
+    ('DEFAULT', 'log_format'): (None, None),
+    ('DEFAULT', 'use-syslog'): (None, None),
+    ('DEFAULT', 'rpc_zmq_port'): (None, None),
+    ('DEFAULT', 'matchmaker_heartbeat_freq'): (None, None),
+    ('DEFAULT', 'matchmaker_heartbeat_ttl'): (None, None),
+    ('DEFAULT', 'rpc_thread_pool_size'):
+        ('DEFAULT', 'executor_thread_pool_size'),
+    ('DEFAULT', 'notification_driver'):
+        ('oslo_messaging_notifications', 'driver'),
+    ('DEFAULT', 'notification_topics'):
+        ('oslo_messaging_notifications', 'topics'),
+    ('glance_store', 'mongodb_store_uri'): (None, None),
+    ('glance_store', 'mongodb_store_db'): (None, None),
+    ('glance_store', 'os_region_name'):
+        ('glance_store', 'cinder_os_region_name'),
+    ('keystone_authtoken', 'auth_plugin'):
+        ('keystone_authtoken', 'auth_type'),
 }
 
 GLANCE_REGISTRY_EXCEPTIONS = [
@@ -204,8 +199,11 @@
     ('paste_deploy', 'flavor'),
 ]
 
-# TODO: Add mappings?
-# GLANCE_SCRUBBER_MAPPINGS
+GLANCE_SCRUBBER_MAPPINGS = {
+    # Deprecated group/name
+    ('DEFAULT', 'log_format'): (None, None),
+    ('DEFAULT', 'use_syslog_rfc_format'): (None, None),
+}
 
 GLANCE_SCRUBBER_EXCEPTIONS = [
     ('DEFAULT', 'log_file'),
@@ -252,14 +250,14 @@
         modify_conf('/etc/glance/glance-api.conf', GLANCE_API_MAPPINGS,
                     GLANCE_API_EXCEPTIONS)
         modify_conf('/etc/glance/glance-api-paste.ini')
-        modify_conf('/etc/glance/glance-cache.conf',
-                    exception_list=GLANCE_CACHE_EXCEPTIONS)
+        modify_conf('/etc/glance/glance-cache.conf', GLANCE_CACHE_MAPPINGS,
+                    GLANCE_CACHE_EXCEPTIONS)
         modify_conf('/etc/glance/glance-registry.conf',
                     GLANCE_REGISTRY_MAPPINGS,
                     exception_list=GLANCE_REGISTRY_EXCEPTIONS)
         modify_conf('/etc/glance/glance-registry-paste.ini')
         modify_conf('/etc/glance/glance-scrubber.conf',
-                    exception_list=GLANCE_SCRUBBER_EXCEPTIONS)
+                    GLANCE_SCRUBBER_MAPPINGS, GLANCE_SCRUBBER_EXCEPTIONS)
 
     config = iniparse.RawConfigParser()
     config.read('/etc/glance/glance-api.conf')
--- a/components/openstack/glance/glance.p5m	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/glance.p5m	Wed Sep 07 14:48:42 2016 -0700
@@ -28,7 +28,7 @@
 set name=pkg.summary value="OpenStack Glance (Image Service)"
 set name=pkg.description \
     value="OpenStack Glance provides services for discovering, registering, and retrieving virtual machine images. Glance has a RESTful API that allows querying of VM image metadata as well as retrieval of the actual image. VM images made available through Glance can be stored in a variety of locations from simple file systems to object-storage systems like OpenStack Swift."
-set name=pkg.human-version value="Kilo $(COMPONENT_VERSION)"
+set name=pkg.human-version value="Mitaka $(COMPONENT_VERSION)"
 set name=com.oracle.info.description value="Glance, the OpenStack image service"
 set name=com.oracle.info.tpno value=$(TPNO)
 set name=info.classification \
@@ -41,7 +41,8 @@
 set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
 set name=openstack.upgrade-id reboot-needed=true value=$(COMPONENT_BE_VERSION)
 set name=org.opensolaris.arc-caseid value=PSARC/2013/350 value=PSARC/2014/055 \
-    value=PSARC/2014/207 value=PSARC/2015/110 value=PSARC/2015/535
+    value=PSARC/2014/207 value=PSARC/2015/110 value=PSARC/2015/535 \
+    value=PSARC/2016/455
 set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
 #
 dir  path=etc/glance owner=glance group=glance mode=0700
@@ -62,6 +63,18 @@
 file etc/glance-swift.conf.sample path=etc/glance/glance-swift.conf \
     owner=glance group=glance mode=0644 overlay=allow preserve=renamenew
 file etc/metadefs/README path=etc/glance/metadefs/README
+file etc/metadefs/cim-processor-allocation-setting-data.json \
+    path=etc/glance/metadefs/cim-processor-allocation-setting-data.json \
+    owner=glance group=glance mode=0644 overlay=allow preserve=renamenew
+file etc/metadefs/cim-resource-allocation-setting-data.json \
+    path=etc/glance/metadefs/cim-resource-allocation-setting-data.json \
+    owner=glance group=glance mode=0644 overlay=allow preserve=renamenew
+file etc/metadefs/cim-storage-allocation-setting-data.json \
+    path=etc/glance/metadefs/cim-storage-allocation-setting-data.json \
+    owner=glance group=glance mode=0644 overlay=allow preserve=renamenew
+file etc/metadefs/cim-virtual-system-setting-data.json \
+    path=etc/glance/metadefs/cim-virtual-system-setting-data.json \
+    owner=glance group=glance mode=0644 overlay=allow preserve=renamenew
 file etc/metadefs/compute-aggr-disk-filter.json \
     path=etc/glance/metadefs/compute-aggr-disk-filter.json owner=glance \
     group=glance mode=0644 overlay=allow preserve=renamenew
@@ -71,6 +84,12 @@
 file etc/metadefs/compute-aggr-num-instances.json \
     path=etc/glance/metadefs/compute-aggr-num-instances.json owner=glance \
     group=glance mode=0644 overlay=allow preserve=renamenew
+file etc/metadefs/compute-cpu-pinning.json \
+    path=etc/glance/metadefs/compute-cpu-pinning.json owner=glance \
+    group=glance mode=0644 overlay=allow preserve=renamenew
+file etc/metadefs/compute-guest-memory-backing.json \
+    path=etc/glance/metadefs/compute-guest-memory-backing.json owner=glance \
+    group=glance mode=0644 overlay=allow preserve=renamenew
 file etc/metadefs/compute-guest-shutdown.json \
     path=etc/glance/metadefs/compute-guest-shutdown.json owner=glance \
     group=glance mode=0644 overlay=allow preserve=renamenew
@@ -131,6 +150,11 @@
 file etc/metadefs/software-webservers.json \
     path=etc/glance/metadefs/software-webservers.json owner=glance \
     group=glance mode=0644 overlay=allow preserve=renamenew
+file etc/metadefs/storage-volume-type.json \
+    path=etc/glance/metadefs/storage-volume-type.json owner=glance \
+    group=glance mode=0644 overlay=allow preserve=renamenew
+file etc/ovf-metadata.json.sample path=etc/glance/ovf-metadata.json \
+    owner=glance group=glance mode=0644 overlay=allow preserve=renamenew
 file etc/policy.json path=etc/glance/policy.json owner=glance group=glance \
     mode=0644 overlay=allow preserve=renamenew
 file etc/property-protections-policies.conf.sample \
@@ -140,7 +164,7 @@
     path=etc/glance/property-protections-roles.conf owner=glance group=glance \
     mode=0644 overlay=allow preserve=renamenew
 file etc/schema-image.json path=etc/glance/schema-image.json owner=glance \
-    group=glance
+    group=glance mode=0644 overlay=allow preserve=renamenew
 file files/glance.auth_attr \
     path=etc/security/auth_attr.d/cloud:openstack:glance group=sys
 file files/glance.exec_attr \
@@ -167,6 +191,7 @@
     mode=0555
 file usr/bin/glance-cache-pruner path=usr/lib/glance/glance-cache-pruner \
     mode=0555
+file usr/bin/glance-glare path=usr/lib/glance/glance-glare mode=0555
 file usr/bin/glance-registry path=usr/lib/glance/glance-registry mode=0555
 file usr/bin/glance-scrubber path=usr/lib/glance/glance-scrubber mode=0555
 file path=usr/lib/python$(PYVER)/vendor-packages/glance-$(COMPONENT_VERSION)-py$(PYVER).egg-info/PKG-INFO
@@ -182,6 +207,11 @@
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/authorization.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/cached_images.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/common.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/glare/__init__.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/glare/v0_1/__init__.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/glare/v0_1/glare.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/glare/v0_1/router.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/glare/versions.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/middleware/__init__.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/middleware/cache.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/middleware/cache_manage.py
@@ -218,57 +248,60 @@
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/v2/router.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/v2/schemas.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/v2/tasks.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/v3/__init__.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/v3/router.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/api/versions.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/artifacts/__init__.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/async/__init__.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/async/flows/__init__.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/async/flows/base_import.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/async/flows/convert.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/async/flows/introspect.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/async/flows/ovf_process.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/async/taskflow_executor.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/async/utils.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/agent_notification.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/api.py \
+    pkg.depend.bypass-generate=.*/notifier.* \
     pkg.depend.bypass-generate=.*/oslo_log.* \
-    pkg.depend.bypass-generate=.*/oslo_messaging.*
+    pkg.depend.bypass-generate=.*/osprofiler.*
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/cache_cleaner.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/cache_manage.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/cache_manage.py \
+    pkg.depend.bypass-generate=.*/prettytable.* \
+    pkg.depend.bypass-generate=.*/six.*
 file \
     path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/cache_prefetcher.py \
     pkg.depend.bypass-generate=.*/oslo_log.*
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/cache_pruner.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/control.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/index.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/glare.py \
+    pkg.depend.bypass-generate=.*/notifier.* \
+    pkg.depend.bypass-generate=.*/oslo_log.* \
+    pkg.depend.bypass-generate=.*/osprofiler.*
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/manage.py \
     pkg.depend.bypass-generate=.*/oslo_db.* \
-    pkg.depend.bypass-generate=.*/oslo_log.*
+    pkg.depend.bypass-generate=.*/oslo_log.* \
+    pkg.depend.bypass-generate=.*/sqlalchemy.*
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/registry.py \
     pkg.depend.bypass-generate=.*/oslo_log.* \
-    pkg.depend.bypass-generate=.*/oslo_messaging.*
+    pkg.depend.bypass-generate=.*/osprofiler.* \
+    pkg.depend.bypass-generate=.*/registry.*
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/replicator.py \
     pkg.depend.bypass-generate=.*/oslo_log.* \
-    pkg.depend.bypass-generate=.*/six.*
+    pkg.depend.bypass-generate=.*/oslo_serialization.* \
+    pkg.depend.bypass-generate=.*/six.* pkg.depend.bypass-generate=.*/webob.*
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/scrubber.py \
     pkg.depend.bypass-generate=.*/oslo_log.*
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/cmd/search.py \
-    pkg.depend.bypass-generate=.*/oslo_log.* \
-    pkg.depend.bypass-generate=.*/oslo_messaging.*
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/artifacts/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/artifacts/declarative.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/artifacts/definitions.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/artifacts/loader.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/artifacts/serialization.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/auth.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/client.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/config.py \
-    pkg.depend.bypass-generate=.*/oslo_concurrency.* \
-    pkg.depend.bypass-generate=.*/oslo_policy.* \
-    pkg.depend.bypass-generate=.*/paste.*
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/crypt.py \
-    pkg.depend.bypass-generate=.*/six.*
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/config.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/crypt.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/exception.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/glare/__init__.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/glare/declarative.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/glare/definitions.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/glare/loader.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/glare/serialization.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/jsonpatchvalidator.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/location_strategy/__init__.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/location_strategy/location_order.py
@@ -280,8 +313,11 @@
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/scripts/image_import/main.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/scripts/utils.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/semver_db.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/signature_utils.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/store_utils.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/swift_store_utils.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/timeutils.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/trust_auth.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/utils.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/wsgi.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/common/wsme_utils.py
@@ -316,7 +352,7 @@
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/simple/api.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/__init__.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/api.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/artifacts.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/glare.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/metadata.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/metadef_api/__init__.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/metadef_api/namespace.py
@@ -384,13 +420,23 @@
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/migrate_repo/versions/039_add_changes_to_satisfy_models_metadef.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/migrate_repo/versions/040_add_changes_to_satisfy_metadefs_tags.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/migrate_repo/versions/041_add_artifact_tables.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/migrate_repo/versions/042_add_changes_to_reinstall_unique_metadef_constraints.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/migrate_repo/versions/043_add_image_created_updated_idx.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/migrate_repo/versions/044_update_metadef_os_nova_server.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/migrate_repo/versions/__init__.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/models.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/models_artifacts.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/models_glare.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/db/sqlalchemy/models_metadef.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/domain/__init__.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/domain/proxy.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/gateway.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/glare/__init__.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/glare/dependency.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/glare/domain/__init__.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/glare/domain/proxy.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/glare/gateway.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/glare/location.py
+file path=usr/lib/python$(PYVER)/vendor-packages/glance/glare/updater.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/hacking/__init__.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/hacking/checks.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/i18n.py
@@ -404,20 +450,8 @@
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/image_cache/drivers/xattr.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/image_cache/prefetcher.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/image_cache/pruner.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/listener.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/location.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/notifier.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/openstack/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/openstack/common/README
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/openstack/common/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/openstack/common/_i18n.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/openstack/common/eventlet_backdoor.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/openstack/common/fileutils.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/openstack/common/local.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/openstack/common/loopingcall.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/openstack/common/service.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/openstack/common/systemd.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/openstack/common/threadgroup.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/opts.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/quota/__init__.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/registry/__init__.py
@@ -436,19 +470,6 @@
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/registry/client/v2/client.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/schema.py
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/scrubber.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/search/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/search/api/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/search/api/v0_1/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/search/api/v0_1/router.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/search/api/v0_1/search.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/search/plugins/__init__.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/search/plugins/base.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/search/plugins/images.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/search/plugins/images_notification_handler.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/search/plugins/metadefs.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/search/plugins/metadefs_notification_handler.py
-file path=usr/lib/python$(PYVER)/vendor-packages/glance/service.py \
-    pkg.depend.bypass-generate=.*/oslo_log.*
 file path=usr/lib/python$(PYVER)/vendor-packages/glance/version.py
 dir  path=var/lib/glance owner=glance group=glance mode=0700
 dir  path=var/log/glance owner=glance group=glance mode=0700
@@ -463,32 +484,61 @@
 # to flush this out.
 depend type=group fmri=library/python/dnspython-$(PYV)
 
+# force a group dependency on the optional glanceclient; pkgdepend work is
+# needed to flush this out.
+depend type=group fmri=library/python/glanceclient-$(PYV)
+
 # force a group dependency on the optional pysendfile; pkgdepend work is needed
 # to flush this out.
 depend type=group fmri=library/python/pysendfile-$(PYV)
 
-# To upgrade to Kilo version, Juno version of the package must be on the system
-depend type=origin fmri=cloud/openstack/[email protected] root-image=true
+# To upgrade to the Mitaka version, the Kilo version of the package must be on
+# the system
+depend type=origin fmri=cloud/openstack/[email protected] root-image=true
+
+# force a dependency on castellan; pkgdepend work is needed to flush this out.
+depend type=require fmri=library/python/castellan-$(PYV)
+
+# force a dependency on cryptography; pkgdepend work is needed to flush this
+# out.
+depend type=require fmri=library/python/cryptography-$(PYV)
+
+# force a dependency on debtcollector; pkgdepend work is needed to flush this
+# out.
+depend type=require fmri=library/python/debtcollector-$(PYV)
 
 # force a dependency on enum; pkgdepend work is needed to flush this out.
 depend type=require fmri=library/python/enum-$(PYV)
 
-# force a dependency on glanceclient; pkgdepend work is needed to flush this
-# out.
-depend type=require fmri=library/python/glanceclient-$(PYV)
-
-# force a dependency on greenlet; pkgdepend work is needed to flush this out.
-depend type=require fmri=library/python/greenlet-$(PYV)
+# force a dependency on futurist; pkgdepend work is needed to flush this out.
+depend type=require fmri=library/python/futurist-$(PYV)
 
 # force a dependency on httplib2; pkgdepend work is needed to flush this out.
 depend type=require fmri=library/python/httplib2-$(PYV)
 
+# force a dependency on iso8601; pkgdepend work is needed to flush this out.
+depend type=require fmri=library/python/iso8601-$(PYV)
+
 # force a dependency on jsonschema; pkgdepend work is needed to flush this out.
 depend type=require fmri=library/python/jsonschema-$(PYV)
 
+# force a dependency on keystoneauth1; pkgdepend work is needed to flush this
+# out.
+depend type=require fmri=library/python/keystoneauth1-$(PYV)
+
+# force a dependency on keystoneclient; pkgdepend work is needed to flush this
+# out.
+depend type=require fmri=library/python/keystoneclient-$(PYV)
+
 # force a dependency on keystonemiddleware; used via a paste.deploy filter
 depend type=require fmri=library/python/keystonemiddleware-$(PYV)
 
+# force a dependency on m2crypto; pkgdepend work is needed to flush this out.
+depend type=require fmri=library/python/m2crypto-$(PYV)
+
+# force a dependency on monotonic; pkgdepend work is needed to flush this out.
+depend type=require fmri=library/python/monotonic-$(PYV)
+
 # force a dependency on oslo.concurrency; pkgdepend work is needed to flush this
 # out.
 depend type=require fmri=library/python/oslo.concurrency-$(PYV)
@@ -506,9 +556,20 @@
 # force a dependency on oslo.log; pkgdepend work is needed to flush this out.
 depend type=require fmri=library/python/oslo.log-$(PYV)
 
+# force a dependency on oslo.middleware; pkgdepend work is needed to flush this
+# out.
+depend type=require fmri=library/python/oslo.middleware-$(PYV)
+
 # force a dependency on oslo.policy; pkgdepend work is needed to flush this out.
 depend type=require fmri=library/python/oslo.policy-$(PYV)
 
+# force a dependency on oslo.serialization; pkgdepend work is needed to flush
+# this out.
+depend type=require fmri=library/python/oslo.serialization-$(PYV)
+
+# force a dependency on osprofiler; pkgdepend work is needed to flush this out.
+depend type=require fmri=library/python/osprofiler-$(PYV)
+
 # force a dependency on paste; pkgdepend work is needed to flush this out.
 depend type=require fmri=library/python/paste-$(PYV)
 
@@ -519,6 +580,9 @@
 # force a dependency on pbr; pkgdepend work is needed to flush this out.
 depend type=require fmri=library/python/pbr-$(PYV)
 
+# force a dependency on prettytable; pkgdepend work is needed to flush this out.
+depend type=require fmri=library/python/prettytable-$(PYV)
+
 # force a dependency on pyopenssl; pkgdepend work is needed to flush this out.
 depend type=require fmri=library/python/pyopenssl-$(PYV)
 
@@ -541,6 +605,9 @@
 # force a dependency on taskflow; pkgdepend work is needed to flush this out.
 depend type=require fmri=library/python/taskflow-$(PYV)
 
+# force a dependency on webob; pkgdepend work is needed to flush this out.
+depend type=require fmri=library/python/webob-$(PYV)
+
 # force a dependency on wsme; pkgdepend work is needed to flush this out.
 depend type=require fmri=library/python/wsme-$(PYV)
 
--- a/components/openstack/glance/patches/01-nopycrypto.patch	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/patches/01-nopycrypto.patch	Wed Sep 07 14:48:42 2016 -0700
@@ -4,9 +4,9 @@
 Convert urlsafe_encrypt() and urlsafe_decrypt() to use M2Crypto instead
 of PyCrypto.
 
---- glance-2015.1.2/glance/common/crypt.py.~1~	2015-10-13 09:38:23.000000000 -0700
-+++ glance-2015.1.2/glance/common/crypt.py	2016-01-24 16:48:24.788282369 -0800
[email protected]@ -20,14 +20,30 @@ Routines for URL-safe encrypting/decrypt
+--- glance-12.0.0.0rc1/glance/common/crypt.py.~1~	2016-03-16 06:18:49.000000000 -0700
++++ glance-12.0.0.0rc1/glance/common/crypt.py	2016-03-30 02:26:55.580507508 -0700
[email protected]@ -18,14 +18,28 @@ Routines for URL-safe encrypting/decrypt
  """
  
  import base64
@@ -15,13 +15,15 @@
 -from Crypto.Cipher import AES
 -from Crypto import Random
 -from Crypto.Random import random
-+from glance.common import exception
+ from oslo_utils import encodeutils
+ import six
+-# NOTE(jokke): simplified transition to py3, behaves like py2 xrange
+-from six.moves import range
 +
 +from M2Crypto.EVP import Cipher
- # NOTE(jokke): simplified transition to py3, behaves like py2 xrange
- from six.moves import range
- 
- 
++
++from glance.common import exception
++
 +def _key_to_alg(key):
 +    """Return a M2Crypto-compatible AES-CBC algorithm name given a key."""
 +    aes_algs = {
@@ -35,14 +37,12 @@
 +        msg = ('Invalid AES key length, %d bits') % keylen
 +        raise exception.Invalid(msg)
 +    return aes_algs[keylen]
-+
-+
+ 
+ 
  def urlsafe_encrypt(key, plaintext, blocksize=16):
-     """
-     Encrypts plaintext. Resulting ciphertext will contain URL-safe characters
[email protected]@ -37,20 +53,12 @@ def urlsafe_encrypt(key, plaintext, bloc
[email protected]@ -39,23 +53,14 @@ def urlsafe_encrypt(key, plaintext, bloc
  
-     :returns : Resulting ciphertext
+     :returns: Resulting ciphertext
      """
 -    def pad(text):
 -        """
@@ -50,29 +50,34 @@
 -        """
 -        pad_length = (blocksize - len(text) % blocksize)
 -        sr = random.StrongRandom()
--        pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1))
+-        pad = b''.join(six.int2byte(sr.randint(1, 0xFF))
+-                       for i in range(pad_length - 1))
 -        # We use chr(0) as a delimiter between text and padding
--        return text + chr(0) + pad
+-        return text + b'\0' + pad
  
+     plaintext = encodeutils.to_utf8(plaintext)
+     key = encodeutils.to_utf8(key)
      # random initial 16 bytes for CBC
 -    init_vector = Random.get_random_bytes(16)
 -    cypher = AES.new(key, AES.MODE_CBC, init_vector)
--    padded = cypher.encrypt(pad(str(plaintext)))
+-    padded = cypher.encrypt(pad(six.binary_type(plaintext)))
 +    init_vector = os.urandom(16)
 +    cipher = Cipher(alg=_key_to_alg(key), key=key, iv=init_vector, op=1)
 +    padded = cipher.update(str(plaintext))
 +    padded = padded + cipher.final()
-     return base64.urlsafe_b64encode(init_vector + padded)
- 
- 
[email protected]@ -64,6 +72,7 @@ def urlsafe_decrypt(key, ciphertext):
-     """
-     # Cast from unicode
-     ciphertext = base64.urlsafe_b64decode(str(ciphertext))
+     encoded = base64.urlsafe_b64encode(init_vector + padded)
+     if six.PY3:
+         encoded = encoded.decode('ascii')
[email protected]@ -76,9 +81,9 @@ def urlsafe_decrypt(key, ciphertext):
+     ciphertext = encodeutils.to_utf8(ciphertext)
+     key = encodeutils.to_utf8(key)
+     ciphertext = base64.urlsafe_b64decode(ciphertext)
 -    cypher = AES.new(key, AES.MODE_CBC, ciphertext[:16])
 -    padded = cypher.decrypt(ciphertext[16:])
--    return padded[:padded.rfind(chr(0))]
+-    text = padded[:padded.rfind(b'\0')]
 +    cipher = Cipher(alg=_key_to_alg(key), key=key, iv=ciphertext[:16], op=0)
 +    padded = cipher.update(ciphertext[16:])
-+    padded = padded + cipher.final()
-+    return padded
++    text = padded + cipher.final()
+     if six.PY3:
+         text = text.decode('utf-8')
+     return text
--- a/components/openstack/glance/patches/02-zfs-uar-formats.patch	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/patches/02-zfs-uar-formats.patch	Wed Sep 07 14:48:42 2016 -0700
@@ -1,14 +1,14 @@
 In-house patch to add 'uar' and 'zfs' container and disk formats to
 registered image types.  Patch has not yet been submitted upstream.
 
---- glance-2015.1.2/glance/common/config.py.~1~	2015-10-13 09:38:23.000000000 -0700
-+++ glance-2015.1.2/glance/common/config.py	2016-01-19 12:23:11.283140667 -0800
[email protected]@ -47,14 +47,14 @@ paste_deploy_opts = [
+--- glance-12.0.0/glance/common/config.py.~1~	2016-04-07 00:37:11.000000000 -0700
++++ glance-12.0.0/glance/common/config.py	2016-06-27 18:46:02.569983220 -0700
[email protected]@ -42,14 +42,14 @@ paste_deploy_opts = [
  ]
  image_format_opts = [
      cfg.ListOpt('container_formats',
--                default=['ami', 'ari', 'aki', 'bare', 'ovf', 'ova'],
-+                default=['ami', 'ari', 'aki', 'bare', 'ovf', 'ova', 'uar'],
+-                default=['ami', 'ari', 'aki', 'bare', 'ovf', 'ova', 'docker'],
++                default=['ami', 'ari', 'aki', 'bare', 'ovf', 'ova', 'docker', 'uar'],
                  help=_("Supported values for the 'container_format' "
                         "image attribute"),
                  deprecated_opts=[cfg.DeprecatedOpt('container_formats',
--- a/components/openstack/glance/patches/03-Partial_Content.patch	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/patches/03-Partial_Content.patch	Wed Sep 07 14:48:42 2016 -0700
@@ -5,9 +5,9 @@
  https://bugs.launchpad.net/glance/+bug/1399851
  https://bugs.launchpad.net/glance/+bug/1417069
 
---- glance-2015.1.2/glance/api/v2/image_data.py.~1~	2015-10-13 09:38:23.000000000 -0700
-+++ glance-2015.1.2/glance/api/v2/image_data.py	2016-01-19 12:23:11.296863244 -0800
[email protected]@ -211,6 +211,8 @@ class ResponseSerializer(wsgi.JSONRespon
+--- glance-12.0.0/glance/api/v2/image_data.py.~1~	2016-04-07 00:37:11.000000000 -0700
++++ glance-12.0.0/glance/api/v2/image_data.py	2016-06-27 18:46:02.584760065 -0700
[email protected]@ -281,6 +281,8 @@ class ResponseSerializer(wsgi.JSONRespon
  
      def download(self, response, image):
          offset, chunk_size = 0, None
@@ -16,7 +16,7 @@
          range_val = response.request.get_content_range()
  
          if range_val:
[email protected]@ -222,6 +224,21 @@ class ResponseSerializer(wsgi.JSONRespon
[email protected]@ -292,6 +294,21 @@ class ResponseSerializer(wsgi.JSONRespon
              if range_val.stop is not None:
                  chunk_size = range_val.stop - offset
  
@@ -38,7 +38,7 @@
          response.headers['Content-Type'] = 'application/octet-stream'
  
          try:
[email protected]@ -246,7 +263,9 @@ class ResponseSerializer(wsgi.JSONRespon
[email protected]@ -317,7 +334,9 @@ class ResponseSerializer(wsgi.JSONRespon
              response.headers['Content-MD5'] = image.checksum
          # NOTE(markwash): "response.app_iter = ..." also erroneously resets the
          # content-length
@@ -49,9 +49,9 @@
  
      def upload(self, response, result):
          response.status_int = 204
---- glance-2015.1.2/glance/common/wsgi.py.~1~	2015-10-13 09:38:23.000000000 -0700
-+++ glance-2015.1.2/glance/common/wsgi.py	2016-01-19 12:23:11.297682604 -0800
[email protected]@ -752,7 +752,7 @@ class Request(webob.Request):
+--- glance-12.0.0/glance/common/wsgi.py.~1~	2016-04-07 00:37:13.000000000 -0700
++++ glance-12.0.0/glance/common/wsgi.py	2016-06-27 18:46:02.583921325 -0700
[email protected]@ -762,7 +762,7 @@ class Request(webob.Request):
          return self.accept_language.best_match(langs)
  
      def get_content_range(self):
@@ -60,7 +60,7 @@
          range_str = self.headers.get('Content-Range')
          if range_str is not None:
              range_ = webob.byterange.ContentRange.parse(range_str)
[email protected]@ -761,6 +761,16 @@ class Request(webob.Request):
[email protected]@ -771,6 +771,16 @@ class Request(webob.Request):
                  raise webob.exc.HTTPBadRequest(explanation=msg)
              return range_
  
--- a/components/openstack/glance/patches/04-requirements.patch	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/patches/04-requirements.patch	Wed Sep 07 14:48:42 2016 -0700
@@ -1,91 +1,33 @@
 In-house patch to remove unnecessary dependencies from Glance's
 requirements files. The specific reasons are as follows:
 
-anyjson			Not applicable
-
 iso8601			Not applicable
 
-kombu			Not applicable
-
-oslo.vmware		Not applicable
-
-posix-ipc		Not applicable
-
 pycrypto		Not applicable to Solaris (M2Crypto used instead)
 
 python-keystoneclient	Not applicable
 
-python-swiftclient	Not applicable
-
---- glance-2015.1.2/glance.egg-info/requires.txt.~1~	2015-10-13 09:41:01.000000000 -0700
-+++ glance-2015.1.2/glance.egg-info/requires.txt	2016-01-24 20:34:20.750596736 -0800
[email protected]@ -1,16 +1,12 @@
- pbr!=0.7,<1.0,>=0.6
- greenlet>=0.3.2
- SQLAlchemy<=0.9.99,>=0.9.7
--anyjson>=0.3.3
- eventlet!=0.17.0,>=0.16.1
- PasteDeploy>=1.5.0
- Routes!=2.0,>=1.12.3
- WebOb>=1.2.3
- sqlalchemy-migrate!=0.9.8,<0.10.0,>=0.9.5
- httplib2>=0.7.5
--kombu>=2.5.0
--pycrypto>=2.6
--iso8601>=0.1.9
- oslo.config<1.10.0,>=1.9.3 # Apache-2.0
- oslo.concurrency<1.9.0,>=1.8.2 # Apache-2.0
- oslo.context<0.3.0,>=0.2.0 # Apache-2.0
[email protected]@ -19,12 +15,8 @@ stevedore<1.4.0,>=1.3.0 # Apache-2.0
- taskflow<0.8.0,>=0.7.1
- keystonemiddleware<1.6.0,>=1.5.0
- WSME<0.7,>=0.6
--posix-ipc
--python-swiftclient<2.5.0,>=2.2.0
--oslo.vmware<0.12.0,>=0.11.1 # Apache-2.0
- Paste
- jsonschema<3.0.0,>=2.0.0
--python-keystoneclient<1.4.0,>=1.2.0
- pyOpenSSL>=0.11
- six>=1.9.0
- oslo.db<1.8.0,>=1.7.0 # Apache-2.0
---- glance-2015.1.2/requirements.txt.~1~	2015-10-13 09:38:23.000000000 -0700
-+++ glance-2015.1.2/requirements.txt	2016-01-24 20:43:04.064101395 -0800
[email protected]@ -11,16 +11,12 @@ greenlet>=0.3.2
+--- glance-12.0.0.0rc1/requirements.txt.~4~	2016-03-16 06:18:49.000000000 -0700
++++ glance-12.0.0.0rc1/requirements.txt	2016-03-30 02:29:36.594153408 -0700
[email protected]@ -13,7 +13,6 @@ Routes!=2.0,>=1.12.3;python_version!='2.
+ WebOb>=1.2.3 # MIT
+ sqlalchemy-migrate>=0.9.6 # Apache-2.0
+ httplib2>=0.7.5 # MIT
+-pycrypto>=2.6 # Public Domain
+ oslo.config>=3.7.0 # Apache-2.0
+ oslo.concurrency>=3.5.0 # Apache-2.0
+ oslo.context>=0.2.0 # Apache-2.0
[email protected]@ -31,7 +30,6 @@ PrettyTable<0.8,>=0.7 # BSD
+ Paste # MIT
  
- # < 0.8.0/0.8 does not work, see https://bugs.launchpad.net/bugs/1153983
- SQLAlchemy<=0.9.99,>=0.9.7
--anyjson>=0.3.3
- eventlet!=0.17.0,>=0.16.1
- PasteDeploy>=1.5.0
- Routes!=2.0,>=1.12.3
- WebOb>=1.2.3
- sqlalchemy-migrate!=0.9.8,<0.10.0,>=0.9.5
- httplib2>=0.7.5
--kombu>=2.5.0
--pycrypto>=2.6
--iso8601>=0.1.9
- oslo.config<1.10.0,>=1.9.3 # Apache-2.0
- oslo.concurrency<1.9.0,>=1.8.2 # Apache-2.0
- oslo.context<0.3.0,>=0.2.0 # Apache-2.0
[email protected]@ -29,20 +25,11 @@ stevedore<1.4.0,>=1.3.0 # Apache-2.0
- taskflow<0.8.0,>=0.7.1
- keystonemiddleware<1.6.0,>=1.5.0
- WSME<0.7,>=0.6
--# For openstack/common/lockutils
--posix-ipc
--
--# For Swift storage backend.
--python-swiftclient<2.5.0,>=2.2.0
--
--# For VMware storage backed.
--oslo.vmware<0.12.0,>=0.11.1 # Apache-2.0
+ jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT
+-python-keystoneclient!=1.8.0,!=2.1.0,>=1.6.0 # Apache-2.0
+ pyOpenSSL>=0.14 # Apache-2.0
+ # Required by openstack.common libraries
+ six>=1.9.0 # MIT
[email protected]@ -59,5 +57,4 @@ cryptography>=1.0 # BSD/Apache-2.0
+ debtcollector>=1.2.0 # Apache-2.0
  
- # For paste.util.template used in keystone.common.template
- Paste
- 
- jsonschema<3.0.0,>=2.0.0
--python-keystoneclient<1.4.0,>=1.2.0
- pyOpenSSL>=0.11
- # Required by openstack.common libraries
- six>=1.9.0
+ # timeutils
+-iso8601>=0.1.9 # MIT
+ monotonic>=0.6 # Apache-2.0
--- a/components/openstack/glance/patches/05-launchpad-1496012.patch	Wed Sep 07 14:48:41 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,45 +0,0 @@
-This patch has been integrated into Glance 11.0.0 in Liberty but has
-not yet been back-ported to Kilo.
-
-commit fa30891cf659360207b71d9345666478d4554582
-Author: Erno Kuvaja <[email protected]>
-Date:   Tue Sep 15 14:57:29 2015 +0000
-
-    Update Glance example configs to reflect Liberty
-    
-    Adding taskflow_executor_opts into the opts so they will be included.
-    
-    Closes-bug: #1496012
-    
-    Depends-On: I52ebf810f4699826baa2bdf91d28e24d902cf950
-    Change-Id: I9c0988a70f691482258f5f3ba9a5cf5601a81ddf
-
-diff --git a/glance/opts.py b/glance/opts.py
-index 1542d13..a626a3b 100644
---- a/glance/opts.py
-+++ b/glance/opts.py
[email protected]@ -25,6 +25,7 @@ import itertools
- 
- import glance.api.middleware.context
- import glance.api.versions
-+import glance.async.taskflow_executor
- import glance.common.config
- import glance.common.location_strategy
- import glance.common.location_strategy.store_type
[email protected]@ -51,6 +52,7 @@ _api_opts = [
-         glance.common.wsgi.bind_opts,
-         glance.common.wsgi.eventlet_opts,
-         glance.common.wsgi.socket_opts,
-+        glance.common.wsgi.profiler_opts,
-         glance.image_cache.drivers.sqlite.sqlite_opts,
-         glance.image_cache.image_cache_opts,
-         glance.notifier.notifier_opts,
[email protected]@ -61,6 +63,8 @@ _api_opts = [
-         glance.scrubber.scrubber_opts))),
-     ('image_format', glance.common.config.image_format_opts),
-     ('task', glance.common.config.task_opts),
-+    ('taskflow_executor',
-+     glance.async.taskflow_executor.taskflow_executor_opts),
-     ('store_type_location_strategy',
-      glance.common.location_strategy.store_type.store_type_opts),
-     ('paste_deploy', glance.common.config.paste_deploy_opts)
--- a/components/openstack/glance/patches/06-launchpad-1500361.patch	Wed Sep 07 14:48:41 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,39 +0,0 @@
-This patch has been integrated into Glance 11.0.0 in Liberty but has
-not yet been back-ported to Kilo.
-
-commit b7fb5bf0f89f657ead98024ee0168f2c2fa7a776
-Author: Erno Kuvaja <[email protected]>
-Date:   Mon Sep 28 10:44:38 2015 +0000
-
-    Return missing authtoken options
-    
-    Example configs were missing keystone_authtoken section after moving
-    to generated config files. This change returns that to generation.
-    
-    Closes-Bug: #1500361
-    
-    Change-Id: I6ee82c38061d483cea7254d155d9a72436880e84
-    (cherry picked from commit b1d2d938d282ccd51986e57a638f8ea5bec56b0f)
-
-diff --git a/etc/oslo-config-generator/glance-api.conf b/etc/oslo-config-generator/glance-api.conf
-index d60dc12..3f24718 100644
---- a/etc/oslo-config-generator/glance-api.conf
-+++ b/etc/oslo-config-generator/glance-api.conf
[email protected]@ -7,5 +7,5 @@ namespace = oslo.messaging
- namespace = oslo.db
- namespace = oslo.db.concurrency
- namespace = oslo.policy
--namespace = keystoneclient.middleware.auth_token
-+namespace = keystonemiddleware.auth_token
- namespace = oslo.log
-diff --git a/etc/oslo-config-generator/glance-registry.conf b/etc/oslo-config-generator/glance-registry.conf
-index 0663fc1..961abd9 100644
---- a/etc/oslo-config-generator/glance-registry.conf
-+++ b/etc/oslo-config-generator/glance-registry.conf
[email protected]@ -6,5 +6,5 @@ namespace = oslo.messaging
- namespace = oslo.db
- namespace = oslo.db.concurrency
- namespace = oslo.policy
--namespace = keystoneclient.middleware.auth_token
-+namespace = keystonemiddleware.auth_token
- namespace = oslo.log
--- a/components/openstack/glance/patches/07-profiler_opts.patch	Wed Sep 07 14:48:41 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,32 +0,0 @@
-This internal patch is cherry picked from commit
-3bdb51e947e0595d4a0514f3cf29b321cd6f9483 and addresses an issue where
-the [profiler] options appears in the wrong section. This change will
-appear in the initial Mitaka release but has not yet been back-ported
-to Kilo.
-
---- glance-2015.1.2/glance/opts.py.~2~	2016-01-24 16:51:48.000000000 -0800
-+++ glance-2015.1.2/glance/opts.py	2016-01-25 19:10:40.596155047 -0800
[email protected]@ -52,7 +52,6 @@ _api_opts = [
-         glance.common.wsgi.bind_opts,
-         glance.common.wsgi.eventlet_opts,
-         glance.common.wsgi.socket_opts,
--        glance.common.wsgi.profiler_opts,
-         glance.image_cache.drivers.sqlite.sqlite_opts,
-         glance.image_cache.image_cache_opts,
-         glance.notifier.notifier_opts,
[email protected]@ -67,6 +66,7 @@ _api_opts = [
-      glance.async.taskflow_executor.taskflow_executor_opts),
-     ('store_type_location_strategy',
-      glance.common.location_strategy.store_type.store_type_opts),
-+    ('profiler', glance.common.wsgi.profiler_opts),
-     ('paste_deploy', glance.common.config.paste_deploy_opts)
- ]
- _registry_opts = [
[email protected]@ -76,6 +76,7 @@ _registry_opts = [
-         glance.common.wsgi.bind_opts,
-         glance.common.wsgi.socket_opts,
-         glance.common.wsgi.eventlet_opts))),
-+    ('profiler', glance.common.wsgi.profiler_opts),
-     ('paste_deploy', glance.common.config.paste_deploy_opts)
- ]
- _scrubber_opts = [
--- a/components/openstack/glance/patches/08-CVE-2016-0757.patch	Wed Sep 07 14:48:41 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,338 +0,0 @@
-This fix will be included in future 2015.1.3 (kilo) and 11.0.2
-(liberty) releases.
-
-From c5c731c7153d6d46c27260474d2811d504dfac5c Mon Sep 17 00:00:00 2001
-From: Erno Kuvaja <[email protected]>
-Date: Tue, 19 Jan 2016 13:37:05 +0000
-Subject: [PATCH] Prevent user to remove last location of the image
-
-If the last location of the image is removed, image transitions back to queued.
-This allows user to upload new data into the existing image record. By
-preventing removal of the last location we prevent the image transition back to
-queued.
-
-This change also prevents doing the same operation via replacing the locations
-with empty list.
-
-SecurityImpact
-DocImpact
-APIImpact
-
-Conflicts:
-	glance/tests/unit/v2/test_images_resource.py
-
-Conflicts:
-	glance/api/v2/images.py
-
-Change-Id: Ieb03aaba887492819f9c58aa67f7acfcea81720e
-Closes-Bug: #1525915
-(cherry picked from commit e9e45baa9aaf58e69964419b6b4fb2048d115a0c)
----
- glance/api/v2/images.py                            |  19 +++-
- glance/tests/functional/v2/test_images.py          |  14 ---
- glance/tests/unit/v2/test_images_resource.py       | 122 ++++-----------------
- ...oving-last-image-location-d5ee3e00efe14f34.yaml |  10 ++
- 4 files changed, 44 insertions(+), 121 deletions(-)
- create mode 100644 releasenotes/notes/Prevent-removing-last-image-location-d5ee3e00efe14f34.yaml
-
-diff --git a/glance/api/v2/images.py b/glance/api/v2/images.py
-index 22c8e70..90435ac 100644
---- a/glance/api/v2/images.py
-+++ b/glance/api/v2/images.py
[email protected]@ -168,7 +168,10 @@ class ImagesController(object):
-         path = change['path']
-         path_root = path[0]
-         value = change['value']
--        if path_root == 'locations':
-+        if path_root == 'locations' and value == []:
-+            msg = _("Cannot set locations to empty list.")
-+            raise webob.exc.HTTPForbidden(message=msg)
-+        elif path_root == 'locations' and value != []:
-             self._do_replace_locations(image, value)
-         else:
-             if hasattr(image, path_root):
[email protected]@ -201,7 +204,10 @@ class ImagesController(object):
-         path = change['path']
-         path_root = path[0]
-         if path_root == 'locations':
--            self._do_remove_locations(image, path[1])
-+            try:
-+                self._do_remove_locations(image, path[1])
-+            except exception.Forbidden as e:
-+                raise webob.exc.HTTPForbidden(e.msg)
-         else:
-             if hasattr(image, path_root):
-                 msg = _("Property %s may not be removed.")
[email protected]@ -285,6 +291,11 @@ class ImagesController(object):
-                 explanation=utils.exception_to_str(ve))
- 
-     def _do_remove_locations(self, image, path_pos):
-+        if len(image.locations) == 1:
-+            LOG.debug("User forbidden to remove last location of image %s",
-+                      image.image_id)
-+            msg = _("Cannot remove last location in the image.")
-+            raise exception.Forbidden(message=msg)
-         pos = self._get_locations_op_pos(path_pos,
-                                          len(image.locations), False)
-         if pos is None:
[email protected]@ -294,11 +305,11 @@ class ImagesController(object):
-             # NOTE(zhiyan): this actually deletes the location
-             # from the backend store.
-             image.locations.pop(pos)
-+        # TODO(jokke): Fix this, we should catch what store throws and
-+        # provide definitely something else than IternalServerError to user.
-         except Exception as e:
-             raise webob.exc.HTTPInternalServerError(
-                 explanation=utils.exception_to_str(e))
--        if len(image.locations) == 0 and image.status == 'active':
--            image.status = 'queued'
- 
- 
- class RequestDeserializer(wsgi.JSONRequestDeserializer):
-diff --git a/glance/tests/functional/v2/test_images.py b/glance/tests/functional/v2/test_images.py
-index 35d3ab2..c27c27f 100644
---- a/glance/tests/functional/v2/test_images.py
-+++ b/glance/tests/functional/v2/test_images.py
[email protected]@ -489,20 +489,6 @@ class TestImages(functional.FunctionalTest):
-         response = requests.patch(path, headers=headers, data=data)
-         self.assertEqual(200, response.status_code, response.text)
- 
--        # Remove all locations of the image then the image size shouldn't be
--        # able to access
--        path = self._url('/v2/images/%s' % image2_id)
--        media_type = 'application/openstack-images-v2.1-json-patch'
--        headers = self._headers({'content-type': media_type})
--        doc = [{'op': 'replace', 'path': '/locations', 'value': []}]
--        data = jsonutils.dumps(doc)
--        response = requests.patch(path, headers=headers, data=data)
--        self.assertEqual(200, response.status_code, response.text)
--        image = jsonutils.loads(response.text)
--        self.assertIsNone(image['size'])
--        self.assertIsNone(image['virtual_size'])
--        self.assertEqual('queued', image['status'])
--
-         # Deletion should work. Deleting image-1
-         path = self._url('/v2/images/%s' % image_id)
-         response = requests.delete(path, headers=self._headers())
-diff --git a/glance/tests/unit/v2/test_images_resource.py b/glance/tests/unit/v2/test_images_resource.py
-index be4e60a..9cc1f25 100644
---- a/glance/tests/unit/v2/test_images_resource.py
-+++ b/glance/tests/unit/v2/test_images_resource.py
[email protected]@ -1323,26 +1323,6 @@ class TestImagesController(base.IsolatedUnitTest):
-         self.assertRaises(webob.exc.HTTPConflict, self.controller.update,
-                           another_request, created_image.image_id, changes)
- 
--    def test_update_replace_locations(self):
--        self.stubs.Set(store, 'get_size_from_backend',
--                       unit_test_utils.fake_get_size_from_backend)
--        request = unit_test_utils.get_fake_request()
--        changes = [{'op': 'replace', 'path': ['locations'], 'value': []}]
--        output = self.controller.update(request, UUID1, changes)
--        self.assertEqual(UUID1, output.image_id)
--        self.assertEqual(0, len(output.locations))
--        self.assertEqual('queued', output.status)
--        self.assertIsNone(output.size)
--
--        new_location = {'url': '%s/fake_location' % BASE_URI, 'metadata': {}}
--        changes = [{'op': 'replace', 'path': ['locations'],
--                    'value': [new_location]}]
--        output = self.controller.update(request, UUID1, changes)
--        self.assertEqual(UUID1, output.image_id)
--        self.assertEqual(1, len(output.locations))
--        self.assertEqual(new_location, output.locations[0])
--        self.assertEqual('active', output.status)
--
-     def test_update_replace_locations_non_empty(self):
-         new_location = {'url': '%s/fake_location' % BASE_URI, 'metadata': {}}
-         request = unit_test_utils.get_fake_request()
[email protected]@ -1354,35 +1334,9 @@ class TestImagesController(base.IsolatedUnitTest):
-     def test_update_replace_locations_invalid(self):
-         request = unit_test_utils.get_fake_request()
-         changes = [{'op': 'replace', 'path': ['locations'], 'value': []}]
--        output = self.controller.update(request, UUID1, changes)
--        self.assertEqual(UUID1, output.image_id)
--        self.assertEqual(0, len(output.locations))
--        self.assertEqual('queued', output.status)
--
--        request = unit_test_utils.get_fake_request()
--        changes = [{'op': 'replace', 'path': ['locations'],
--                    'value': [{'url': 'unknow://foo', 'metadata': {}}]}]
--        self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update,
-+        self.assertRaises(webob.exc.HTTPForbidden, self.controller.update,
-                           request, UUID1, changes)
- 
--    def test_update_replace_locations_status_exception(self):
--        self.stubs.Set(store, 'get_size_from_backend',
--                       unit_test_utils.fake_get_size_from_backend)
--        request = unit_test_utils.get_fake_request()
--        changes = [{'op': 'replace', 'path': ['locations'], 'value': []}]
--        output = self.controller.update(request, UUID2, changes)
--        self.assertEqual(UUID2, output.image_id)
--        self.assertEqual(0, len(output.locations))
--        self.assertEqual('queued', output.status)
--
--        self.db.image_update(None, UUID2, {'disk_format': None})
--
--        new_location = {'url': '%s/fake_location' % BASE_URI, 'metadata': {}}
--        changes = [{'op': 'replace', 'path': ['locations'],
--                    'value': [new_location]}]
--        self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update,
--                          request, UUID2, changes)
--
-     def test_update_add_property(self):
-         request = unit_test_utils.get_fake_request()
- 
[email protected]@ -1506,24 +1460,6 @@ class TestImagesController(base.IsolatedUnitTest):
-         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update,
-                           request, UUID1, changes)
- 
--    def test_update_add_locations_status_exception(self):
--        self.stubs.Set(store, 'get_size_from_backend',
--                       unit_test_utils.fake_get_size_from_backend)
--        request = unit_test_utils.get_fake_request()
--        changes = [{'op': 'replace', 'path': ['locations'], 'value': []}]
--        output = self.controller.update(request, UUID2, changes)
--        self.assertEqual(UUID2, output.image_id)
--        self.assertEqual(0, len(output.locations))
--        self.assertEqual('queued', output.status)
--
--        self.db.image_update(None, UUID2, {'disk_format': None})
--
--        new_location = {'url': '%s/fake_location' % BASE_URI, 'metadata': {}}
--        changes = [{'op': 'add', 'path': ['locations', '-'],
--                    'value': new_location}]
--        self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update,
--                          request, UUID2, changes)
--
-     def test_update_add_duplicate_locations(self):
-         new_location = {'url': '%s/fake_location' % BASE_URI, 'metadata': {}}
-         request = unit_test_utils.get_fake_request()
[email protected]@ -1537,23 +1473,6 @@ class TestImagesController(base.IsolatedUnitTest):
-         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update,
-                           request, UUID1, changes)
- 
--    def test_update_replace_duplicate_locations(self):
--        self.stubs.Set(store, 'get_size_from_backend',
--                       unit_test_utils.fake_get_size_from_backend)
--        request = unit_test_utils.get_fake_request()
--        changes = [{'op': 'replace', 'path': ['locations'], 'value': []}]
--        output = self.controller.update(request, UUID1, changes)
--        self.assertEqual(UUID1, output.image_id)
--        self.assertEqual(0, len(output.locations))
--        self.assertEqual('queued', output.status)
--
--        new_location = {'url': '%s/fake_location' % BASE_URI, 'metadata': {}}
--        changes = [{'op': 'replace', 'path': ['locations'],
--                    'value': [new_location, new_location]}]
--
--        self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update,
--                          request, UUID1, changes)
--
-     def test_update_add_too_many_locations(self):
-         self.config(image_location_quota=1)
-         request = unit_test_utils.get_fake_request()
[email protected]@ -1654,9 +1573,12 @@ class TestImagesController(base.IsolatedUnitTest):
-             {'op': 'add', 'path': ['locations', '-'],
-              'value': {'url': '%s/fake_location_1' % BASE_URI,
-                        'metadata': {}}},
-+            {'op': 'add', 'path': ['locations', '-'],
-+             'value': {'url': '%s/fake_location_2' % BASE_URI,
-+                       'metadata': {}}},
-         ]
-         self.controller.update(request, UUID1, changes)
--        self.config(image_location_quota=1)
-+        self.config(image_location_quota=2)
- 
-         # We must remove two properties to avoid being
-         # over the limit of 1 property
[email protected]@ -1669,8 +1591,8 @@ class TestImagesController(base.IsolatedUnitTest):
-         ]
-         output = self.controller.update(request, UUID1, changes)
-         self.assertEqual(UUID1, output.image_id)
--        self.assertEqual(1, len(output.locations))
--        self.assertIn('fake_location_3', output.locations[0]['url'])
-+        self.assertEqual(2, len(output.locations))
-+        self.assertIn('fake_location_3', output.locations[1]['url'])
-         self.assertNotEqual(output.created_at, output.updated_at)
- 
-     def test_update_remove_base_property(self):
[email protected]@ -1711,24 +1633,23 @@ class TestImagesController(base.IsolatedUnitTest):
-                        unit_test_utils.fake_get_size_from_backend)
- 
-         request = unit_test_utils.get_fake_request()
--        changes = [{'op': 'remove', 'path': ['locations', '0']}]
--        output = self.controller.update(request, UUID1, changes)
--        self.assertEqual(output.image_id, UUID1)
--        self.assertEqual(0, len(output.locations))
--        self.assertEqual('queued', output.status)
--        self.assertIsNone(output.size)
--
-         new_location = {'url': '%s/fake_location' % BASE_URI, 'metadata': {}}
-         changes = [{'op': 'add', 'path': ['locations', '-'],
-                     'value': new_location}]
-+        self.controller.update(request, UUID1, changes)
-+        changes = [{'op': 'remove', 'path': ['locations', '0']}]
-         output = self.controller.update(request, UUID1, changes)
-         self.assertEqual(UUID1, output.image_id)
-         self.assertEqual(1, len(output.locations))
--        self.assertEqual(new_location, output.locations[0])
-         self.assertEqual('active', output.status)
- 
-     def test_update_remove_location_invalid_pos(self):
-         request = unit_test_utils.get_fake_request()
-+        changes = [
-+            {'op': 'add', 'path': ['locations', '-'],
-+             'value': {'url': '%s/fake_location' % BASE_URI,
-+                       'metadata': {}}}]
-+        self.controller.update(request, UUID1, changes)
-         changes = [{'op': 'remove', 'path': ['locations', None]}]
-         self.assertRaises(webob.exc.HTTPBadRequest, self.controller.update,
-                           request, UUID1, changes)
[email protected]@ -1750,6 +1671,11 @@ class TestImagesController(base.IsolatedUnitTest):
-                        fake_delete_image_location_from_backend)
- 
-         request = unit_test_utils.get_fake_request()
-+        changes = [
-+            {'op': 'add', 'path': ['locations', '-'],
-+             'value': {'url': '%s/fake_location' % BASE_URI,
-+                       'metadata': {}}}]
-+        self.controller.update(request, UUID1, changes)
-         changes = [{'op': 'remove', 'path': ['locations', '0']}]
-         self.assertRaises(webob.exc.HTTPInternalServerError,
-                           self.controller.update, request, UUID1, changes)
[email protected]@ -2036,16 +1962,6 @@ class TestImagesControllerPolicies(base.IsolatedUnitTest):
-         self.assertRaises(webob.exc.HTTPForbidden, self.controller.update,
-                           request, UUID1, changes)
- 
--        self.stubs.Set(self.store_utils, 'delete_image_location_from_backend',
--                       fake_delete_image_location_from_backend)
--
--        changes = [{'op': 'replace', 'path': ['locations'], 'value': []}]
--        self.controller.update(request, UUID1, changes)
--        changes = [{'op': 'replace', 'path': ['locations'],
--                    'value': [new_location]}]
--        self.assertRaises(webob.exc.HTTPForbidden, self.controller.update,
--                          request, UUID1, changes)
--
-     def test_update_delete_image_location_unauthorized(self):
-         rules = {"delete_image_location": False}
-         self.policy.set_rules(rules)
-diff --git a/releasenotes/notes/Prevent-removing-last-image-location-d5ee3e00efe14f34.yaml b/releasenotes/notes/Prevent-removing-last-image-location-d5ee3e00efe14f34.yaml
-new file mode 100644
-index 0000000..344e6e5
---- /dev/null
-+++ b/releasenotes/notes/Prevent-removing-last-image-location-d5ee3e00efe14f34.yaml
[email protected]@ -0,0 +1,10 @@
-+---
-+security:
-+  - Fixing bug 1525915; image might be transitioning
-+    from active to queued by regular user by removing
-+    last location of image (or replacing locations
-+    with empty list). This allows user to re-upload
-+    data to the image breaking Glance's promise of
-+    image data immutability. From now on, last
-+    location cannot be removed and locations cannot
-+    be replaced with empty list.
--- 
-1.9.1
-
--- a/components/openstack/glance/patches/09-glance-conf.patch	Wed Sep 07 14:48:41 2016 -0700
+++ b/components/openstack/glance/patches/09-glance-conf.patch	Wed Sep 07 14:48:42 2016 -0700
@@ -3,72 +3,38 @@
 These changes are meant as a follow-on to Launchpad bug 1500361 but
 they have not yet been submitted upstream.
 
---- glance-2015.1.2/etc/oslo-config-generator/glance-api.conf.orig	Mon Mar  7 09:53:06 2016
-+++ glance-2015.1.2/etc/oslo-config-generator/glance-api.conf	Tue Mar  8 10:41:39 2016
[email protected]@ -1,11 +1,12 @@
- [DEFAULT]
- output_file = etc/glance-api.conf.sample
- namespace = glance.api
-+namespace = glance.index
-+namespace = glance.manage
- namespace = glance.store
-+namespace = keystonemiddleware.auth_token
- namespace = oslo.concurrency
--namespace = oslo.messaging
- namespace = oslo.db
--namespace = oslo.db.concurrency
--namespace = oslo.policy
--namespace = keystonemiddleware.auth_token
+--- glance-12.0.0/etc/oslo-config-generator/glance-api.conf.~1~	2016-04-07 00:37:11.000000000 -0700
++++ glance-12.0.0/etc/oslo-config-generator/glance-api.conf	2016-07-30 00:39:05.833802230 -0700
[email protected]@ -9,4 +9,4 @@ namespace = oslo.db.concurrency
+ namespace = oslo.policy
+ namespace = keystonemiddleware.auth_token
  namespace = oslo.log
-+namespace = oslo.messaging
-+namespace = oslo.policy
---- glance-2015.1.2/etc/oslo-config-generator/glance-cache.conf.orig	Tue Oct 13 09:38:21 2015
-+++ glance-2015.1.2/etc/oslo-config-generator/glance-cache.conf	Wed Mar  9 23:44:29 2016
[email protected]@ -1,5 +1,7 @@
- [DEFAULT]
- output_file = etc/glance-cache.conf.sample
+-namespace = oslo.middleware.cors
++namespace = oslo.middleware
+--- glance-12.0.0/etc/oslo-config-generator/glance-cache.conf.~1~	2016-04-07 00:37:11.000000000 -0700
++++ glance-12.0.0/etc/oslo-config-generator/glance-cache.conf	2016-07-30 00:39:33.080265565 -0700
[email protected]@ -3,3 +3,5 @@ output_file = etc/glance-cache.conf.samp
  namespace = glance.cache
-+namespace = glance.store
-+namespace = oslo.concurrency
  namespace = oslo.log
  namespace = oslo.policy
---- glance-2015.1.2/etc/oslo-config-generator/glance-manage.conf.orig	Tue Oct 13 09:38:21 2015
-+++ glance-2015.1.2/etc/oslo-config-generator/glance-manage.conf	Thu Mar 10 01:06:41 2016
[email protected]@ -1,6 +1,8 @@
- [DEFAULT]
- output_file = etc/glance-manage.conf.sample
- namespace = glance.manage
 +namespace = glance.store
 +namespace = oslo.concurrency
- namespace = oslo.db
--namespace = oslo.db.concurrency
+--- glance-12.0.0/etc/oslo-config-generator/glance-glare.conf.~1~	2016-04-07 00:37:11.000000000 -0700
++++ glance-12.0.0/etc/oslo-config-generator/glance-glare.conf	2016-07-30 00:39:05.834807800 -0700
[email protected]@ -6,4 +6,7 @@ namespace = oslo.db
+ namespace = oslo.db.concurrency
+ namespace = keystonemiddleware.auth_token
  namespace = oslo.log
-+namespace = oslo.policy
---- glance-2015.1.2/etc/oslo-config-generator/glance-registry.conf.orig	Mon Mar  7 09:53:06 2016
-+++ glance-2015.1.2/etc/oslo-config-generator/glance-registry.conf	Thu Mar 10 00:57:58 2016
[email protected]@ -2,9 +2,9 @@
- output_file = etc/glance-registry.conf.sample
- namespace = glance.registry
- namespace = glance.store
--namespace = oslo.messaging
--namespace = oslo.db
--namespace = oslo.db.concurrency
--namespace = oslo.policy
- namespace = keystonemiddleware.auth_token
+-namespace = oslo.middleware.cors
++namespace = oslo.middleware
 +namespace = oslo.concurrency
-+namespace = oslo.db
- namespace = oslo.log
 +namespace = oslo.messaging
 +namespace = oslo.policy
---- glance-2015.1.2/etc/oslo-config-generator/glance-scrubber.conf.orig	Tue Oct 13 09:38:21 2015
-+++ glance-2015.1.2/etc/oslo-config-generator/glance-scrubber.conf	Thu Mar 10 01:21:02 2016
[email protected]@ -1,8 +1,7 @@
- [DEFAULT]
- output_file = etc/glance-scrubber.conf.sample
- namespace = glance.scrubber
-+namespace = glance.store
- namespace = oslo.concurrency
--namespace = oslo.db
--namespace = oslo.db.concurrency
+--- glance-12.0.0/etc/oslo-config-generator/glance-registry.conf.~1~	2016-04-07 00:37:11.000000000 -0700
++++ glance-12.0.0/etc/oslo-config-generator/glance-registry.conf	2016-07-30 00:39:05.835268420 -0700
[email protected]@ -8,3 +8,5 @@ namespace = oslo.db.concurrency
+ namespace = oslo.policy
+ namespace = keystonemiddleware.auth_token
  namespace = oslo.log
- namespace = oslo.policy
++namespace = oslo.concurrency
++namespace = oslo.middleware
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/glance/patches/10-glance-wsgi.patch	Wed Sep 07 14:48:42 2016 -0700
@@ -0,0 +1,16 @@
+In-house patch to fix glance-api to not respawn a new child when it knows it is
+terminating. This patch is Solaris specific and not necassarily suitable for
+upstream.
+
+--- glance-12.0.0/glance/common/wsgi.py.~2~	2016-06-29 08:34:58.341184299 -0700
++++ glance-12.0.0/glance/common/wsgi.py		2016-06-29 08:35:31.903341381 -0700
[email protected]@ -359,7 +359,8 @@ class Server(object):
+                 pid, status = os.wait()
+                 if os.WIFEXITED(status) or os.WIFSIGNALED(status):
+                     self._remove_children(pid)
+-                    self._verify_and_respawn_children(pid, status)
++                    if self.running:
++                        self._verify_and_respawn_children(pid, status)
+             except OSError as err:
+                 if err.errno not in (errno.EINTR, errno.ECHILD):
+                     raise
--- a/components/openstack/glance/patches/14-launchpad-1471080.patch	Wed Sep 07 14:48:41 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,40 +0,0 @@
-commit 356e66c2397a4a1ae3dd1fca2870958f5969aceb
-Author: wangxiyuan <[email protected]>
-Date:   Fri Jul 3 11:45:57 2015 +0800
-
-    Fix wrong check when create image without data.
-    
-    The default value of 'locations' is [].So there is a wrong check in
-    db/sqlalchemy/api.py.
-    When create an image without data, The function '_image_locations_set'
-    should not be executed.
-    
-    Change-Id: Ie4cb29ab0d714d3ce67f717d5eaf641424efa5b7
-    Closes-bug:#1471080
-
---- glance-2015.1.2/glance/db/sqlalchemy/api.py.~1~	2015-10-13 09:38:23.000000000 -0700
-+++ glance-2015.1.2/glance/db/sqlalchemy/api.py	2016-03-04 01:02:00.749647525 -0800
[email protected]@ -790,7 +790,7 @@ def _image_update(context, values, image
-         _set_properties_for_image(context, image_ref, properties, purge_props,
-                                   session)
- 
--        if location_data is not None:
-+        if location_data:
-             _image_locations_set(context, image_ref.id, location_data,
-                                  session=session)
- 
---- glance-2015.1.2/glance/tests/functional/db/base.py.~1~	2015-10-13 09:38:23.000000000 -0700
-+++ glance-2015.1.2/glance/tests/functional/db/base.py	2016-03-04 01:02:00.751553768 -0800
[email protected]@ -191,6 +191,12 @@ class DriverTests(object):
-                   for l in image['locations']]
-         self.assertEqual(locations, actual)
- 
-+    def test_image_create_without_locations(self):
-+        locations = []
-+        fixture = {'status': 'queued',
-+                   'locations': locations}
-+        self.db_api.image_create(self.context, fixture)
-+
-     def test_image_create_with_location_data(self):
-         location_data = [{'url': 'a', 'metadata': {'key': 'value'},
-                           'status': 'active'},
--- a/components/openstack/glance/patches/15-mysql_cluster_support.patch	Wed Sep 07 14:48:41 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1215 +0,0 @@
-This patchset is for bug:
-
-22725863 - Glance needs to support MySQL Cluster
-
-This fixes the following aspects of Glance:
-1. Implementation of an oslo.db configuration parameter to specify the MySQL
-   storage engine (mysql_storage_engine).
-2. Replacement of hardcoded SQL statements that set the engine to "InnoDB"
-   to the above configuration value.
-3. Logic to handle SQL differences between MySQL InnoDB and MySQL Cluster (NDB).
-   This includes column lengths, constraints, foreign keys, and indexes.
-
-This has not been committed upstream, but has been filed in launchpad:
-
-https://bugs.launchpad.net/glance/+bug/1564110
-
-
---- glance-2015.1.2/glance/tests/unit/test_migrations.py.orig	2016-07-29 11:30:42.506075746 -0600
-+++ glance-2015.1.2/glance/tests/unit/test_migrations.py	2016-07-28 18:16:26.555277376 -0600
[email protected]@ -127,7 +127,7 @@ class MigrationsMixin(test_migrations.Wa
-                                                         sqlalchemy.Boolean(),
-                                                         nullable=False,
-                                                         default=False),
--                                      mysql_engine='InnoDB')
-+                                      mysql_engine=CONF.database.mysql_storage_engine)
-         images_001.create()
- 
-     def test_version_control_existing_db(self):
[email protected]@ -1650,10 +1650,10 @@ class TestMysqlMigrations(test_base.MySQ
-         noninnodb = self.migrate_engine.execute(
-             "SELECT count(*) "
-             "FROM information_schema.TABLES "
--            "WHERE TABLE_SCHEMA='%s' "
--            "AND ENGINE!='InnoDB' "
-+            "WHERE TABLE_SCHEMA='%(table_schema)s' "
-+            "AND ENGINE!='%(mysql_storage_engine)s' "
-             "AND TABLE_NAME!='migrate_version'"
--            % self.migrate_engine.url.database)
-+            % dict(table_schema=self.migrate_engine.url.database, mysql_storage_engine=CONF.database.mysql_storage_engine))
-         count = noninnodb.scalar()
-         self.assertEqual(count, 0, "%d non InnoDB tables created" % count)
- 
---- glance-2015.1.2/glance/db/sqlalchemy/models_metadef.py.orig	2016-07-29 11:30:50.672701806 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/models_metadef.py	2016-07-29 11:37:23.040809599 -0600
[email protected]@ -16,6 +16,7 @@
- SQLAlchemy models for glance metadata schema
- """
- 
-+from oslo_config import cfg
- from oslo_db.sqlalchemy import models
- from oslo_utils import timeutils
- from sqlalchemy import Boolean
[email protected]@ -31,6 +32,7 @@ from sqlalchemy import Text
- 
- from glance.db.sqlalchemy.models import JSONEncodedDict
- 
-+CONF = cfg.CONF
- 
- class DictionaryBase(models.ModelBase):
-     metadata = None
[email protected]@ -48,7 +50,7 @@ BASE_DICT = declarative_base(cls=Diction
- class GlanceMetadefBase(models.TimestampMixin):
-     """Base class for Glance Metadef Models."""
- 
--    __table_args__ = {'mysql_engine': 'InnoDB'}
-+    __table_args__ = {'mysql_engine': CONF.database.mysql_storage_engine}
-     __table_initialized__ = False
-     __protected_attributes__ = set(["created_at", "updated_at"])
- 
---- glance-2015.1.2/glance/db/sqlalchemy/models_artifacts.py.orig	2016-07-29 11:30:58.519236555 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/models_artifacts.py	2016-07-28 18:16:26.556002509 -0600
[email protected]@ -14,6 +14,8 @@
- 
- import uuid
- 
-+from oslo_config import cfg
-+from oslo_db import options as db_options
- from oslo_db.sqlalchemy import models
- from oslo_utils import timeutils
- from sqlalchemy import BigInteger
[email protected]@ -36,6 +38,9 @@ from glance.common import semver_db
- from glance import i18n
- from oslo_log import log as os_logging
- 
-+CONF = cfg.CONF
-+db_options.set_defaults(CONF)
-+
- BASE = declarative.declarative_base()
- LOG = os_logging.getLogger(__name__)
- _LW = i18n._LW
[email protected]@ -44,7 +49,7 @@ _LW = i18n._LW
- class ArtifactBase(models.ModelBase, models.TimestampMixin):
-     """Base class for Artifact Models."""
- 
--    __table_args__ = {'mysql_engine': 'InnoDB'}
-+    __table_args__ = {'mysql_engine': CONF.database.mysql_storage_engine}
-     __table_initialized__ = False
-     __protected_attributes__ = set([
-         "created_at", "updated_at"])
[email protected]@ -102,7 +107,7 @@ class Artifact(BASE, ArtifactBase):
-         Index('ix_artifact_state', 'state'),
-         Index('ix_artifact_owner', 'owner'),
-         Index('ix_artifact_visibility', 'visibility'),
--        {'mysql_engine': 'InnoDB'})
-+        {'mysql_engine': CONF.database.mysql_storage_engine})
- 
-     __protected_attributes__ = ArtifactBase.__protected_attributes__.union(
-         set(['published_at', 'deleted_at']))
[email protected]@ -219,7 +224,7 @@ class ArtifactDependency(BASE, ArtifactB
-                             'artifact_dest'),
-                       Index('ix_artifact_dependencies_direct_dependencies',
-                             'artifact_source', 'is_direct'),
--                      {'mysql_engine': 'InnoDB'})
-+                      {'mysql_engine': CONF.database.mysql_storage_engine})
- 
-     id = Column(String(36), primary_key=True, nullable=False,
-                 default=lambda: str(uuid.uuid4()))
[email protected]@ -248,7 +253,7 @@ class ArtifactTag(BASE, ArtifactBase):
-     __table_args__ = (Index('ix_artifact_tags_artifact_id', 'artifact_id'),
-                       Index('ix_artifact_tags_artifact_id_tag_value',
-                             'artifact_id', 'value'),
--                      {'mysql_engine': 'InnoDB'},)
-+                      {'mysql_engine': CONF.database.mysql_storage_engine},)
- 
-     id = Column(String(36), primary_key=True, nullable=False,
-                 default=lambda: str(uuid.uuid4()))
[email protected]@ -265,7 +270,7 @@ class ArtifactProperty(BASE, ArtifactBas
-     __table_args__ = (
-         Index('ix_artifact_properties_artifact_id', 'artifact_id'),
-         Index('ix_artifact_properties_name', 'name'),
--        {'mysql_engine': 'InnoDB'},)
-+        {'mysql_engine': CONF.database.mysql_storage_engine},)
-     id = Column(String(36), primary_key=True, nullable=False,
-                 default=lambda: str(uuid.uuid4()))
-     artifact_id = Column(String(36), ForeignKey('artifacts.id'),
[email protected]@ -287,7 +292,7 @@ class ArtifactBlob(BASE, ArtifactBase):
-     __table_args__ = (
-         Index('ix_artifact_blobs_artifact_id', 'artifact_id'),
-         Index('ix_artifact_blobs_name', 'name'),
--        {'mysql_engine': 'InnoDB'},)
-+        {'mysql_engine': CONF.database.mysql_storage_engine},)
-     id = Column(String(36), primary_key=True, nullable=False,
-                 default=lambda: str(uuid.uuid4()))
-     artifact_id = Column(String(36), ForeignKey('artifacts.id'),
[email protected]@ -306,7 +311,7 @@ class ArtifactBlobLocation(BASE, Artifac
-     __tablename__ = 'artifact_blob_locations'
-     __table_args__ = (Index('ix_artifact_blob_locations_blob_id',
-                             'blob_id'),
--                      {'mysql_engine': 'InnoDB'})
-+                      {'mysql_engine': CONF.database.mysql_storage_engine})
- 
-     id = Column(String(36), primary_key=True, nullable=False,
-                 default=lambda: str(uuid.uuid4()))
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/007_add_owner.py.orig	2016-07-29 11:31:06.067376033 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/007_add_owner.py	2016-07-29 11:38:21.570131052 -0600
[email protected]@ -14,12 +14,14 @@
- #    under the License.
- 
- from migrate.changeset import *  # noqa
-+from oslo_config import cfg
- from sqlalchemy import *  # noqa
- 
- from glance.db.sqlalchemy.migrate_repo.schema import (
-     Boolean, DateTime, BigInteger, Integer, String,
-     Text, from_migration_import)  # noqa
- 
-+CONF = cfg.CONF
- 
- def get_images_table(meta):
-     """
[email protected]@ -50,7 +52,7 @@ def get_images_table(meta):
-                           index=True),
-                    Column('checksum', String(32)),
-                    Column('owner', String(255)),
--                   mysql_engine='InnoDB',
-+                   mysql_engine=CONF.database.mysql_storage_engine,
-                    extend_existing=True)
- 
-     return images
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/003_add_disk_format.py.orig	2016-07-29 11:31:13.058662840 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/003_add_disk_format.py	2016-07-29 11:38:43.705439106 -0600
[email protected]@ -14,11 +14,13 @@
- #    under the License.
- 
- from migrate.changeset import *  # noqa
-+from oslo_config import cfg
- from sqlalchemy import *  # noqa
- 
- from glance.db.sqlalchemy.migrate_repo.schema import (
-     Boolean, DateTime, Integer, String, Text, from_migration_import)  # noqa
- 
-+CONF = cfg.CONF
- 
- def get_images_table(meta):
-     """
[email protected]@ -47,7 +49,7 @@ def get_images_table(meta):
-                           nullable=False,
-                           default=False,
-                           index=True),
--                   mysql_engine='InnoDB',
-+                   mysql_engine=CONF.database.mysql_storage_engine,
-                    extend_existing=True)
- 
-     return images
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/005_size_big_integer.py.orig	2016-07-29 11:31:20.152951372 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/005_size_big_integer.py	2016-07-29 11:39:04.202176317 -0600
[email protected]@ -14,12 +14,14 @@
- #    under the License.
- 
- from migrate.changeset import *  # noqa
-+from oslo_config import cfg
- from sqlalchemy import *  # noqa
- 
- from glance.db.sqlalchemy.migrate_repo.schema import (
-     Boolean, DateTime, BigInteger, Integer, String,
-     Text, from_migration_import)  # noqa
- 
-+CONF = cfg.CONF
- 
- def get_images_table(meta):
-     """
[email protected]@ -48,7 +50,7 @@ def get_images_table(meta):
-                           nullable=False,
-                           default=False,
-                           index=True),
--                   mysql_engine='InnoDB',
-+                   mysql_engine=CONF.database.mysql_storage_engine,
-                    extend_existing=True)
- 
-     return images
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/022_image_member_index.py.orig	2016-07-29 11:31:30.015287184 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/022_image_member_index.py	2016-07-29 11:39:26.850998479 -0600
[email protected]@ -16,11 +16,13 @@
- import re
- 
- from migrate.changeset import UniqueConstraint
-+from oslo_config import cfg
- from oslo_db import exception as db_exception
- from sqlalchemy import and_, func, orm
- from sqlalchemy import MetaData, Table
- from sqlalchemy.exc import OperationalError, ProgrammingError
- 
-+CONF = cfg.CONF
- 
- NEW_KEYNAME = 'image_members_image_id_member_deleted_at_key'
- ORIGINAL_KEYNAME_RE = re.compile('image_members_image_id.*_key')
[email protected]@ -28,21 +30,24 @@ ORIGINAL_KEYNAME_RE = re.compile('image_
- 
- def upgrade(migrate_engine):
-     image_members = _get_image_members_table(migrate_engine)
--
--    if migrate_engine.name in ('mysql', 'postgresql'):
--        try:
--            UniqueConstraint('image_id',
--                             name=_get_original_keyname(migrate_engine.name),
--                             table=image_members).drop()
--        except (OperationalError, ProgrammingError, db_exception.DBError):
--            UniqueConstraint('image_id',
--                             name=_infer_original_keyname(image_members),
--                             table=image_members).drop()
--        UniqueConstraint('image_id',
--                         'member',
--                         'deleted_at',
--                         name=NEW_KEYNAME,
--                         table=image_members).create()
-+    # MySQL Cluster, a.k.a. NDB does not support the original constraint and index.
-+    # Only if we are not using MySQL Cluster, will the index be dropped.
-+    if CONF.database.mysql_storage_engine != "NDBCLUSTER":
-+        if migrate_engine.name in ('mysql', 'postgresql'):
-+            try:
-+                UniqueConstraint('image_id',
-+                                 name=_get_original_keyname(migrate_engine.name),
-+                                 table=image_members).drop()
-+            except (OperationalError, ProgrammingError, db_exception.DBError):
-+                UniqueConstraint('image_id',
-+                                 name=_infer_original_keyname(image_members),
-+                                 table=image_members).drop()
-+        
-+    UniqueConstraint('image_id',
-+                     'member',
-+                     'deleted_at',
-+                     name=NEW_KEYNAME,
-+                     table=image_members).create()
- 
- 
- def downgrade(migrate_engine):
[email protected]@ -53,10 +58,13 @@ def downgrade(migrate_engine):
-         UniqueConstraint('image_id',
-                          name=NEW_KEYNAME,
-                          table=image_members).drop()
--        UniqueConstraint('image_id',
--                         'member',
--                         name=_get_original_keyname(migrate_engine.name),
--                         table=image_members).create()
-+        # MySQL Cluster, a.k.a. NDB does not support the original constraint and index.
-+        # Only if we are not using MySQL Cluster, will the index be created.
-+        if CONF.database.mysql_storage_engine != "NDBCLUSTER":
-+            UniqueConstraint('image_id',
-+                             'member',
-+                             name=_get_original_keyname(migrate_engine.name),
-+                             table=image_members).create()
- 
- 
- def _get_image_members_table(migrate_engine):
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/040_add_changes_to_satisfy_metadefs_tags.py.orig	2016-07-29 11:31:37.098719056 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/040_add_changes_to_satisfy_metadefs_tags.py	2016-07-29 11:40:01.035865900 -0600
[email protected]@ -10,15 +10,18 @@
- #    License for the specific language governing permissions and limitations
- #    under the License.
- 
--
-+from oslo_config import cfg
- import sqlalchemy
- from sqlalchemy import (Table, Index)
- 
-+CONF = cfg.CONF
- 
- def upgrade(migrate_engine):
-     if migrate_engine.name == 'mysql':
-         meta = sqlalchemy.MetaData()
-         meta.bind = migrate_engine
-         metadef_tags = Table('metadef_tags', meta, autoload=True)
--        Index('namespace_id', metadef_tags.c.namespace_id,
--              metadef_tags.c.name).drop()
-+        # MySQL Cluster, a.k.a NDB, does not support this index drop.
-+        if CONF.database.mysql_storage_engine != "NDBCLUSTER":
-+            Index('namespace_id', metadef_tags.c.namespace_id,
-+                  metadef_tags.c.name).drop()
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/001_add_images_table.py.orig	2016-07-29 11:31:43.878178070 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/001_add_images_table.py	2016-07-29 11:40:32.274838992 -0600
[email protected]@ -13,11 +13,13 @@
- #    License for the specific language governing permissions and limitations
- #    under the License.
- 
-+from oslo_config import cfg
- from sqlalchemy.schema import (Column, MetaData, Table)
- 
- from glance.db.sqlalchemy.migrate_repo.schema import (
-     Boolean, DateTime, Integer, String, Text, create_tables, drop_tables)  # noqa
- 
-+CONF = cfg.CONF
- 
- def define_images_table(meta):
-     images = Table('images',
[email protected]@ -41,7 +43,7 @@ def define_images_table(meta):
-                           nullable=False,
-                           default=False,
-                           index=True),
--                   mysql_engine='InnoDB',
-+                   mysql_engine=CONF.database.mysql_storage_engine,
-                    extend_existing=True)
- 
-     return images
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/014_add_image_tags_table.py.orig	2016-07-29 11:31:50.742219079 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/014_add_image_tags_table.py	2016-07-29 11:40:52.393996743 -0600
[email protected]@ -13,10 +13,12 @@
- #    License for the specific language governing permissions and limitations
- #    under the License.
- 
-+from oslo_config import cfg
- from sqlalchemy import schema
- 
- from glance.db.sqlalchemy.migrate_repo import schema as glance_schema
- 
-+CONF = cfg.CONF
- 
- def define_image_tags_table(meta):
-     # Load the images table so the foreign key can be set up properly
[email protected]@ -46,7 +48,7 @@ def define_image_tags_table(meta):
-                                             glance_schema.Boolean(),
-                                             nullable=False,
-                                             default=False),
--                              mysql_engine='InnoDB')
-+                              mysql_engine=CONF.database.mysql_storage_engine)
- 
-     schema.Index('ix_image_tags_image_id',
-                  image_tags.c.image_id)
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/038_add_metadef_tags_table.py.orig	2016-07-29 11:31:57.299857482 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/038_add_metadef_tags_table.py	2016-07-29 11:41:20.227494209 -0600
[email protected]@ -12,28 +12,46 @@
- #    License for the specific language governing permissions and limitations
- #    under the License.
- 
-+from oslo_config import cfg
- from sqlalchemy.schema import (
-     Column, Index, MetaData, Table, UniqueConstraint)  # noqa
- 
- from glance.db.sqlalchemy.migrate_repo.schema import (
-     DateTime, Integer, String, create_tables, drop_tables)  # noqa
- 
-+CONF = cfg.CONF
- 
- def define_metadef_tags_table(meta):
-     _constr_kwargs = {}
--    metadef_tags = Table('metadef_tags',
--                         meta,
--                         Column('id', Integer(), primary_key=True,
--                                nullable=False),
--                         Column('namespace_id', Integer(),
--                                nullable=False),
--                         Column('name', String(80), nullable=False),
--                         Column('created_at', DateTime(), nullable=False),
--                         Column('updated_at', DateTime()),
--                         UniqueConstraint('namespace_id', 'name',
--                                          **_constr_kwargs),
--                         mysql_engine='InnoDB',
--                         extend_existing=False)
-+    
-+    # MySQL Cluster, a.k.a. NDB, does not support this constraint.
-+    # If MySQL Cluster is enabled, the constraint will not be configured.
-+    if CONF.database.mysql_storage_engine == "NDBCLUSTER":
-+        metadef_tags = Table('metadef_tags',
-+                             meta,
-+                             Column('id', Integer(), primary_key=True,
-+                                    nullable=False),
-+                             Column('namespace_id', Integer(),
-+                                    nullable=False),
-+                             Column('name', String(80), nullable=False),
-+                             Column('created_at', DateTime(), nullable=False),
-+                             Column('updated_at', DateTime()),
-+                             mysql_engine=CONF.database.mysql_storage_engine,
-+                             extend_existing=False)
-+    else:
-+        metadef_tags = Table('metadef_tags',
-+                             meta,
-+                             Column('id', Integer(), primary_key=True,
-+                                    nullable=False),
-+                             Column('namespace_id', Integer(),
-+                                    nullable=False),
-+                             Column('name', String(80), nullable=False),
-+                             Column('created_at', DateTime(), nullable=False),
-+                             Column('updated_at', DateTime()),
-+                             UniqueConstraint('namespace_id', 'name',
-+                                              **_constr_kwargs),
-+                             mysql_engine=CONF.database.mysql_storage_engine,
-+                             extend_existing=False)
- 
-     if meta.bind.name != 'ibm_db_sa':
-         Index('ix_tags_namespace_id_name',
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/006_key_to_name.py.orig	2016-07-29 11:32:03.190044222 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/006_key_to_name.py	2016-07-29 11:41:49.183401048 -0600
[email protected]@ -14,11 +14,13 @@
- #    under the License.
- 
- from migrate.changeset import *  # noqa
-+from oslo_config import cfg
- from sqlalchemy import *  # noqa
- 
- from glance.db.sqlalchemy.migrate_repo.schema import (
-     Boolean, DateTime, Integer, String, Text, from_migration_import)  # noqa
- 
-+CONF = cfg.CONF
- 
- def get_images_table(meta):
-     """
[email protected]@ -63,7 +65,7 @@ def get_image_properties_table(meta):
-                                     default=False,
-                                     index=True),
-                              UniqueConstraint('image_id', 'name'),
--                             mysql_engine='InnoDB',
-+                             mysql_engine=CONF.database.mysql_storage_engine,
-                              extend_existing=True)
- 
-     return image_properties
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/030_add_tasks_table.py.orig	2016-07-29 11:32:09.114402435 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/030_add_tasks_table.py	2016-07-29 11:42:12.979551894 -0600
[email protected]@ -14,11 +14,13 @@
- #    License for the specific language governing permissions and limitations
- #    under the License.
- 
-+from oslo_config import cfg
- from sqlalchemy.schema import (Column, MetaData, Table, Index)
- 
- from glance.db.sqlalchemy.migrate_repo.schema import (
-     Boolean, DateTime, String, Text, create_tables, drop_tables)  # noqa
- 
-+CONF = cfg.CONF
- 
- def define_tasks_table(meta):
-     tasks = Table('tasks',
[email protected]@ -38,7 +40,7 @@ def define_tasks_table(meta):
-                          Boolean(),
-                          nullable=False,
-                          default=False),
--                  mysql_engine='InnoDB',
-+                  mysql_engine=CONF.database.mysql_storage_engine,
-                   extend_existing=True)
- 
-     Index('ix_tasks_type', tasks.c.type)
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/039_add_changes_to_satisfy_models_metadef.py.orig	2016-07-29 11:32:16.102449889 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/039_add_changes_to_satisfy_models_metadef.py	2016-07-29 11:42:34.666058988 -0600
[email protected]@ -11,11 +11,13 @@
- #    under the License.
- 
- import migrate
-+from oslo_config import cfg
- import sqlalchemy
- from sqlalchemy import inspect
- from sqlalchemy import (Table, Index, UniqueConstraint)
- from sqlalchemy.schema import (AddConstraint, DropConstraint)
- 
-+CONF = cfg.CONF
- 
- def upgrade(migrate_engine):
-     meta = sqlalchemy.MetaData()
[email protected]@ -36,10 +38,17 @@ def upgrade(migrate_engine):
-     Index('ix_objects_namespace_id_name', metadef_objects.c.namespace_id,
-           metadef_objects.c.name).drop()
- 
-+    fkc = migrate.ForeignKeyConstraint([metadef_properties.c.namespace_id],
-+                                       [metadef_namespaces.c.id],
-+                                       name='metadef_properties_ibfk_1')
-+    fkc.drop()
-+
-     Index('ix_metadef_properties_namespace_id_name',
-           metadef_properties.c.namespace_id,
-           metadef_properties.c.name).drop()
- 
-+    fkc.create()
-+
-     fkc = migrate.ForeignKeyConstraint([metadef_tags.c.namespace_id],
-                                        [metadef_namespaces.c.id])
-     fkc.create()
[email protected]@ -57,9 +66,16 @@ def upgrade(migrate_engine):
-                                       metadef_tags.c.name)
-         uc.create()
- 
-+    fkc = migrate.ForeignKeyConstraint([metadef_tags.c.namespace_id],
-+                                       [metadef_namespaces.c.id],
-+                                       name='metadef_tags_namespace_id_fkey')
-+    fkc.drop()
-+
-     Index('ix_tags_namespace_id_name', metadef_tags.c.namespace_id,
-           metadef_tags.c.name).drop()
- 
-+    fkc.create()
-+
-     Index('ix_metadef_tags_name', metadef_tags.c.name).create()
- 
-     Index('ix_metadef_tags_namespace_id', metadef_tags.c.namespace_id,
[email protected]@ -190,7 +206,6 @@ def downgrade(migrate_engine):
-         fkc = migrate.ForeignKeyConstraint([metadef_tags.c.namespace_id],
-                                            [metadef_namespaces.c.id])
-         fkc.drop()
--
-         Index('ix_tags_namespace_id_name', metadef_tags.c.namespace_id,
-               metadef_tags.c.name).create()
-     else:
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/008_add_image_members_table.py.orig	2016-07-29 11:32:22.100185363 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/008_add_image_members_table.py	2016-07-29 11:42:54.820310263 -0600
[email protected]@ -14,12 +14,14 @@
- #    under the License.
- 
- from migrate.changeset import *  # noqa
-+from oslo_config import cfg
- from sqlalchemy import *  # noqa
- 
- from glance.db.sqlalchemy.migrate_repo.schema import (
-     Boolean, DateTime, Integer, String, create_tables,
-     drop_tables, from_migration_import)  # noqa
- 
-+CONF = cfg.CONF
- 
- def get_images_table(meta):
-     """
[email protected]@ -45,40 +47,71 @@ def get_image_properties_table(meta):
- 
- def get_image_members_table(meta):
-     images = get_images_table(meta)  # noqa
--
--    image_members = Table('image_members',
--                          meta,
--                          Column('id',
--                                 Integer(),
--                                 primary_key=True,
--                                 nullable=False),
--                          Column('image_id',
--                                 Integer(),
--                                 ForeignKey('images.id'),
--                                 nullable=False,
--                                 index=True),
--                          Column('member', String(255), nullable=False),
--                          Column('can_share',
--                                 Boolean(),
--                                 nullable=False,
--                                 default=False),
--                          Column('created_at', DateTime(), nullable=False),
--                          Column('updated_at', DateTime()),
--                          Column('deleted_at', DateTime()),
--                          Column('deleted',
--                                 Boolean(),
--                                 nullable=False,
--                                 default=False,
--                                 index=True),
--                          UniqueConstraint('image_id', 'member'),
--                          mysql_engine='InnoDB',
--                          extend_existing=True)
-+    
-+    # MySQL Cluster, a.k.a. NDB, does not support this constraint and index.
-+    # If MySQl Cluster is being used, the constraint and index will not be created.
-+    if CONF.database.mysql_storage_engine == "NDBCLUSTER":
-+        image_members = Table('image_members',
-+                              meta,
-+                              Column('id',
-+                                     Integer(),
-+                                     primary_key=True,
-+                                     nullable=False),
-+                              Column('image_id',
-+                                     Integer(),
-+                                     ForeignKey('images.id'),
-+                                     nullable=False,
-+                                     index=True),
-+                              Column('member', String(255), nullable=False),
-+                              Column('can_share',
-+                                     Boolean(),
-+                                     nullable=False,
-+                                     default=False),
-+                              Column('created_at', DateTime(), nullable=False),
-+                              Column('updated_at', DateTime()),
-+                              Column('deleted_at', DateTime()),
-+                              Column('deleted',
-+                                     Boolean(),
-+                                     nullable=False,
-+                                     default=False,
-+                                     index=True),
-+                              mysql_engine=CONF.database.mysql_storage_engine,
-+                              extend_existing=True)
-+    else:
-+        image_members = Table('image_members',
-+                              meta,
-+                              Column('id',
-+                                     Integer(),
-+                                     primary_key=True,
-+                                     nullable=False),
-+                              Column('image_id',
-+                                     Integer(),
-+                                     ForeignKey('images.id'),
-+                                     nullable=False,
-+                                     index=True),
-+                              Column('member', String(255), nullable=False),
-+                              Column('can_share',
-+                                     Boolean(),
-+                                     nullable=False,
-+                                     default=False),
-+                              Column('created_at', DateTime(), nullable=False),
-+                              Column('updated_at', DateTime()),
-+                              Column('deleted_at', DateTime()),
-+                              Column('deleted',
-+                                     Boolean(),
-+                                     nullable=False,
-+                                     default=False,
-+                                     index=True),
-+                              UniqueConstraint('image_id', 'member'),
-+                              mysql_engine=CONF.database.mysql_storage_engine,
-+                              extend_existing=True)
- 
-     # DB2: an index has already been created for the UniqueConstraint option
-     # specified on the Table() statement above.
--    if meta.bind.name != "ibm_db_sa":
--        Index('ix_image_members_image_id_member', image_members.c.image_id,
--              image_members.c.member)
-+    if CONF.database.mysql_storage_engine != "NDBCLUSTER":
-+        if meta.bind.name != "ibm_db_sa":
-+            Index('ix_image_members_image_id_member', image_members.c.image_id,
-+                  image_members.c.member)
- 
-     return image_members
- 
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/002_add_image_properties_table.py.orig	2016-07-29 11:32:28.641283394 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/002_add_image_properties_table.py	2016-07-29 11:43:17.467512143 -0600
[email protected]@ -13,6 +13,7 @@
- #    License for the specific language governing permissions and limitations
- #    under the License.
- 
-+from oslo_config import cfg
- from sqlalchemy.schema import (
-     Column, ForeignKey, Index, MetaData, Table, UniqueConstraint)
- 
[email protected]@ -20,6 +21,7 @@ from glance.db.sqlalchemy.migrate_repo.s
-     Boolean, DateTime, Integer, String, Text, create_tables, drop_tables,
-     from_migration_import)  # noqa
- 
-+CONF = cfg.CONF
- 
- def define_image_properties_table(meta):
-     (define_images_table,) = from_migration_import(
[email protected]@ -36,31 +38,58 @@ def define_image_properties_table(meta):
-     if meta.bind.name == 'ibm_db_sa':
-         constr_kwargs['name'] = 'ix_image_properties_image_id_key'
- 
--    image_properties = Table('image_properties',
--                             meta,
--                             Column('id',
--                                    Integer(),
--                                    primary_key=True,
--                                    nullable=False),
--                             Column('image_id',
--                                    Integer(),
--                                    ForeignKey('images.id'),
--                                    nullable=False,
--                                    index=True),
--                             Column('key', String(255), nullable=False),
--                             Column('value', Text()),
--                             Column('created_at', DateTime(), nullable=False),
--                             Column('updated_at', DateTime()),
--                             Column('deleted_at', DateTime()),
--                             Column('deleted',
--                                    Boolean(),
--                                    nullable=False,
--                                    default=False,
--                                    index=True),
--                             UniqueConstraint('image_id', 'key',
--                                              **constr_kwargs),
--                             mysql_engine='InnoDB',
--                             extend_existing=True)
-+    # MySQL Cluster, a.k.a. NDB, does not support the constraint here. 
-+    # This will remove the constraint if MySQL Cluster is being used.
-+    if CONF.database.mysql_storage_engine == "NDBCLUSTER":
-+        image_properties = Table('image_properties',
-+                                 meta,
-+                                 Column('id',
-+                                        Integer(),
-+                                        primary_key=True,
-+                                        nullable=False),
-+                                 Column('image_id',
-+                                        Integer(),
-+                                        ForeignKey('images.id'),
-+                                        nullable=False,
-+                                        index=True),
-+                                 Column('key', String(255), nullable=False),
-+                                 Column('value', Text()),
-+                                 Column('created_at', DateTime(), nullable=False),
-+                                 Column('updated_at', DateTime()),
-+                                 Column('deleted_at', DateTime()),
-+                                 Column('deleted',
-+                                        Boolean(),
-+                                        nullable=False,
-+                                        default=False,
-+                                        index=True),
-+                                 mysql_engine=CONF.database.mysql_storage_engine,
-+                                 extend_existing=True)
-+    else:
-+        image_properties = Table('image_properties',
-+                                 meta,
-+                                 Column('id',
-+                                        Integer(),
-+                                        primary_key=True,
-+                                        nullable=False),
-+                                 Column('image_id',
-+                                        Integer(),
-+                                        ForeignKey('images.id'),
-+                                        nullable=False,
-+                                        index=True),
-+                                 Column('key', String(255), nullable=False),
-+                                 Column('value', Text()),
-+                                 Column('created_at', DateTime(), nullable=False),
-+                                 Column('updated_at', DateTime()),
-+                                 Column('deleted_at', DateTime()),
-+                                 Column('deleted',
-+                                        Boolean(),
-+                                        nullable=False,
-+                                        default=False,
-+                                        index=True),
-+                                 UniqueConstraint('image_id', 'key',
-+                                                  **constr_kwargs),
-+                                 mysql_engine=CONF.database.mysql_storage_engine,
-+                                 extend_existing=True)
- 
-     if meta.bind.name != 'ibm_db_sa':
-         Index('ix_image_properties_image_id_key',
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/035_add_metadef_tables.py.orig	2016-07-29 11:32:34.891435682 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/035_add_metadef_tables.py	2016-07-29 11:43:39.940493840 -0600
[email protected]@ -12,6 +12,7 @@
- #    License for the specific language governing permissions and limitations
- #    under the License.
- 
-+from oslo_config import cfg
- from oslo_utils import timeutils
- import sqlalchemy
- from sqlalchemy.schema import (
[email protected]@ -21,6 +22,7 @@ from glance.db.sqlalchemy.migrate_repo.s
-     Boolean, DateTime, Integer, String, Text, create_tables,
-     drop_tables)  # noqa
- 
-+CONF = cfg.CONF
- 
- RESOURCE_TYPES = [u'OS::Glance::Image', u'OS::Cinder::Volume',
-                   u'OS::Nova::Flavor', u'OS::Nova::Aggregate',
[email protected]@ -65,7 +67,7 @@ def define_metadef_namespaces_table(meta
-                        Column('created_at', DateTime(), nullable=False),
-                        Column('updated_at', DateTime()),
-                        UniqueConstraint('namespace', **_constr_kwargs),
--                       mysql_engine='InnoDB',
-+                       mysql_engine=CONF.database.mysql_storage_engine,
-                        extend_existing=True)
- 
-     if meta.bind.name != 'ibm_db_sa':
[email protected]@ -80,22 +82,41 @@ def define_metadef_objects_table(meta):
-     if meta.bind.name == 'ibm_db_sa':
-         _constr_kwargs['name'] = 'ix_objects_namespace_id_name'
- 
--    objects = Table('metadef_objects',
--                    meta,
--                    Column('id', Integer(), primary_key=True, nullable=False),
--                    Column('namespace_id', Integer(),
--                           ForeignKey('metadef_namespaces.id'),
--                           nullable=False),
--                    Column('name', String(80), nullable=False),
--                    Column('description', Text()),
--                    Column('required', Text()),
--                    Column('schema', Text(), nullable=False),
--                    Column('created_at', DateTime(), nullable=False),
--                    Column('updated_at', DateTime()),
--                    UniqueConstraint('namespace_id', 'name',
--                                     **_constr_kwargs),
--                    mysql_engine='InnoDB',
--                    extend_existing=True)
-+    # MySQL Cluster, a.k.a. NDB, requires explicit foreign key names
-+    if CONF.database.mysql_storage_engine == "NDBCLUSTER":
-+        objects = Table('metadef_objects',
-+                        meta,
-+                        Column('id', Integer(), primary_key=True, nullable=False),
-+                        Column('namespace_id', Integer(),
-+                               ForeignKey('metadef_namespaces.id', name='metadef_objects_ibfk_1'),
-+                               nullable=False),
-+                        Column('name', String(80), nullable=False),
-+                        Column('description', Text()),
-+                        Column('required', Text()),
-+                        Column('schema', Text(), nullable=False),
-+                        Column('created_at', DateTime(), nullable=False),
-+                        Column('updated_at', DateTime()),
-+                        UniqueConstraint('namespace_id', 'name',
-+                                         **_constr_kwargs),
-+                        mysql_engine=CONF.database.mysql_storage_engine,
-+                        extend_existing=True)
-+    else:
-+        objects = Table('metadef_objects',
-+                        meta,
-+                        Column('id', Integer(), primary_key=True, nullable=False),
-+                        Column('namespace_id', Integer(),
-+                               ForeignKey('metadef_namespaces.id'),
-+                               nullable=False),
-+                        Column('name', String(80), nullable=False),
-+                        Column('description', Text()),
-+                        Column('required', Text()),
-+                        Column('schema', Text(), nullable=False),
-+                        Column('created_at', DateTime(), nullable=False),
-+                        Column('updated_at', DateTime()),
-+                        UniqueConstraint('namespace_id', 'name',
-+                                         **_constr_kwargs),
-+                        mysql_engine=CONF.database.mysql_storage_engine,
-+                        extend_existing=True)
- 
-     if meta.bind.name != 'ibm_db_sa':
-         Index('ix_objects_namespace_id_name',
[email protected]@ -111,19 +132,35 @@ def define_metadef_properties_table(meta
-     if meta.bind.name == 'ibm_db_sa':
-         _constr_kwargs['name'] = 'ix_metadef_properties_namespace_id_name'
- 
--    metadef_properties = Table(
--        'metadef_properties',
--        meta,
--        Column('id', Integer(), primary_key=True, nullable=False),
--        Column('namespace_id', Integer(), ForeignKey('metadef_namespaces.id'),
--               nullable=False),
--        Column('name', String(80), nullable=False),
--        Column('schema', Text(), nullable=False),
--        Column('created_at', DateTime(), nullable=False),
--        Column('updated_at', DateTime()),
--        UniqueConstraint('namespace_id', 'name', **_constr_kwargs),
--        mysql_engine='InnoDB',
--        extend_existing=True)
-+    # MySQL Cluster, a.k.a. NDB, requires explicit foreign key names
-+    if CONF.database.mysql_storage_engine == "NDBCLUSTER":
-+        metadef_properties = Table(
-+            'metadef_properties',
-+            meta,
-+            Column('id', Integer(), primary_key=True, nullable=False),
-+            Column('namespace_id', Integer(), ForeignKey('metadef_namespaces.id', name='metadef_properties_ibfk_1'),
-+                   nullable=False),
-+            Column('name', String(80), nullable=False),
-+            Column('schema', Text(), nullable=False),
-+            Column('created_at', DateTime(), nullable=False),
-+            Column('updated_at', DateTime()),
-+            UniqueConstraint('namespace_id', 'name', **_constr_kwargs),
-+            mysql_engine=CONF.database.mysql_storage_engine,
-+            extend_existing=True)
-+    else:
-+        metadef_properties = Table(
-+            'metadef_properties',
-+            meta,
-+            Column('id', Integer(), primary_key=True, nullable=False),
-+            Column('namespace_id', Integer(), ForeignKey('metadef_namespaces.id'),
-+                   nullable=False),
-+            Column('name', String(80), nullable=False),
-+            Column('schema', Text(), nullable=False),
-+            Column('created_at', DateTime(), nullable=False),
-+            Column('updated_at', DateTime()),
-+            UniqueConstraint('namespace_id', 'name', **_constr_kwargs),
-+            mysql_engine=CONF.database.mysql_storage_engine,
-+            extend_existing=True)
- 
-     if meta.bind.name != 'ibm_db_sa':
-         Index('ix_metadef_properties_namespace_id_name',
[email protected]@ -148,7 +185,7 @@ def define_metadef_resource_types_table(
-         Column('created_at', DateTime(), nullable=False),
-         Column('updated_at', DateTime()),
-         UniqueConstraint('name', **_constr_kwargs),
--        mysql_engine='InnoDB',
-+        mysql_engine=CONF.database.mysql_storage_engine,
-         extend_existing=True)
- 
-     if meta.bind.name != 'ibm_db_sa':
[email protected]@ -164,23 +201,41 @@ def define_metadef_namespace_resource_ty
-     if meta.bind.name == 'ibm_db_sa':
-         _constr_kwargs['name'] = 'ix_metadef_ns_res_types_res_type_id_ns_id'
- 
--    metadef_associations = Table(
--        'metadef_namespace_resource_types',
--        meta,
--        Column('resource_type_id', Integer(),
--               ForeignKey('metadef_resource_types.id'),
--               primary_key=True, nullable=False),
--        Column('namespace_id', Integer(),
--               ForeignKey('metadef_namespaces.id'),
--               primary_key=True, nullable=False),
--        Column('properties_target', String(80)),
--        Column('prefix', String(80)),
--        Column('created_at', DateTime(), nullable=False),
--        Column('updated_at', DateTime()),
--        UniqueConstraint('resource_type_id', 'namespace_id',
--                         **_constr_kwargs),
--        mysql_engine='InnoDB',
--        extend_existing=True)
-+    # MySQL Cluster, a.k.a. NDB, does not support these foreign keys, which are later removed.
-+    if CONF.database.mysql_storage_engine == "NDBCLUSTER":
-+        metadef_associations = Table(
-+            'metadef_namespace_resource_types',
-+            meta,
-+            Column('resource_type_id', Integer(),
-+                   primary_key=True, nullable=False),
-+            Column('namespace_id', Integer(),
-+                   primary_key=True, nullable=False),
-+            Column('properties_target', String(80)),
-+            Column('prefix', String(80)),
-+            Column('created_at', DateTime(), nullable=False),
-+            Column('updated_at', DateTime()),
-+            UniqueConstraint('resource_type_id', 'namespace_id',
-+                             **_constr_kwargs),
-+            mysql_engine=CONF.database.mysql_storage_engine,
-+            extend_existing=True)
-+    else:
-+        metadef_associations = Table(
-+            'metadef_namespace_resource_types',
-+            meta,
-+            Column('resource_type_id', Integer(),
-+                   ForeignKey('metadef_resource_types.id'),
-+                   primary_key=True, nullable=False),
-+            Column('namespace_id', Integer(),
-+                   ForeignKey('metadef_namespaces.id'),
-+                   primary_key=True, nullable=False),
-+            Column('properties_target', String(80)),
-+            Column('prefix', String(80)),
-+            Column('created_at', DateTime(), nullable=False),
-+            Column('updated_at', DateTime()),
-+            UniqueConstraint('resource_type_id', 'namespace_id',
-+                             **_constr_kwargs),
-+            mysql_engine=CONF.database.mysql_storage_engine,
-+            extend_existing=True)
- 
-     if meta.bind.name != 'ibm_db_sa':
-         Index('ix_metadef_ns_res_types_res_type_id_ns_id',
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/037_add_changes_to_satisfy_models.py.orig	2016-07-29 11:32:40.844072755 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/037_add_changes_to_satisfy_models.py	2016-07-29 11:44:01.300274699 -0600
[email protected]@ -10,6 +10,7 @@
- #    License for the specific language governing permissions and limitations
- #    under the License.
- 
-+from oslo_config import cfg
- import sqlalchemy
- from sqlalchemy import Table, Index, UniqueConstraint, Sequence
- from sqlalchemy.schema import (AddConstraint, DropConstraint, CreateIndex,
[email protected]@ -17,6 +18,7 @@ from sqlalchemy.schema import (AddConstr
- from sqlalchemy import sql
- from sqlalchemy import update
- 
-+CONF = cfg.CONF
- 
- def upgrade(migrate_engine):
-     meta = sqlalchemy.MetaData()
[email protected]@ -74,10 +76,14 @@ def upgrade(migrate_engine):
- 
-         images.c.id.alter(server_default=None)
-     if migrate_engine.name == 'mysql':
--        constraint = UniqueConstraint(image_properties.c.image_id,
--                                      image_properties.c.name,
--                                      name='image_id')
--        migrate_engine.execute(DropConstraint(constraint))
-+        # MySQL Cluster, a.k.a. NDB, does not support the constraint here. 
-+        # This will only add the constraint if MySQL Cluster is not being used.
-+        if CONF.database.mysql_storage_engine != "NDBCLUSTER":
-+            constraint = UniqueConstraint(image_properties.c.image_id,
-+                                          image_properties.c.name,
-+                                          name='image_id')
-+            migrate_engine.execute(DropConstraint(constraint))
-+
-         image_locations = Table('image_locations', meta, autoload=True)
-         if len(image_locations.foreign_keys) == 0:
-             migrate_engine.execute(AddConstraint(ForeignKeyConstraint(
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/009_add_mindisk_and_minram.py.orig	2016-07-29 11:32:47.075511757 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/009_add_mindisk_and_minram.py	2016-07-29 11:44:23.917127924 -0600
[email protected]@ -14,11 +14,13 @@
- #    under the License.
- 
- from migrate.changeset import *  # noqa
-+from oslo_config import cfg
- from sqlalchemy import *  # noqa
- 
- from glance.db.sqlalchemy.migrate_repo.schema import (
-     Boolean, DateTime, Integer, String, Text, from_migration_import)  # noqa
- 
-+CONF = cfg.CONF
- 
- def get_images_table(meta):
-     """
[email protected]@ -51,7 +53,7 @@ def get_images_table(meta):
-                    Column('owner', String(255)),
-                    Column('min_disk', Integer(), default=0),
-                    Column('min_ram', Integer(), default=0),
--                   mysql_engine='InnoDB',
-+                   mysql_engine=CONF.database.mysql_storage_engine,
-                    extend_existing=True)
- 
-     return images
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/032_add_task_info_table.py.orig	2016-07-29 11:32:53.180994551 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/032_add_task_info_table.py	2016-07-29 11:44:45.316686633 -0600
[email protected]@ -13,6 +13,7 @@
- #    License for the specific language governing permissions and limitations
- #    under the License.
- 
-+from oslo_config import cfg
- from sqlalchemy.schema import (Column, ForeignKey, MetaData, Table)
- 
- from glance.db.sqlalchemy.migrate_repo.schema import (String,
[email protected]@ -22,6 +23,7 @@ from glance.db.sqlalchemy.migrate_repo.s
- 
- TASKS_MIGRATE_COLUMNS = ['input', 'message', 'result']
- 
-+CONF = cfg.CONF
- 
- def define_task_info_table(meta):
-     Table('tasks', meta, autoload=True)
[email protected]@ -37,7 +39,7 @@ def define_task_info_table(meta):
-                       Column('input', Text()),
-                       Column('result', Text()),
-                       Column('message', Text()),
--                      mysql_engine='InnoDB')
-+                      mysql_engine=CONF.database.mysql_storage_engine)
- 
-     return task_info
- 
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/004_add_checksum.py.orig	2016-07-29 11:32:58.755972142 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/004_add_checksum.py	2016-07-29 11:45:04.732540072 -0600
[email protected]@ -14,11 +14,13 @@
- #    under the License.
- 
- from migrate.changeset import *  # noqa
-+from oslo_config import cfg
- from sqlalchemy import *  # noqa
- 
- from glance.db.sqlalchemy.migrate_repo.schema import (
-     Boolean, DateTime, Integer, String, Text, from_migration_import)  # noqa
- 
-+CONF = cfg.CONF
- 
- def get_images_table(meta):
-     """
[email protected]@ -48,7 +50,7 @@ def get_images_table(meta):
-                           default=False,
-                           index=True),
-                    Column('checksum', String(32)),
--                   mysql_engine='InnoDB',
-+                   mysql_engine=CONF.database.mysql_storage_engine,
-                    extend_existing=True)
- 
-     return images
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/021_set_engine_mysql_innodb.py.orig	2016-07-29 11:33:05.406762219 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/021_set_engine_mysql_innodb.py	2016-07-29 11:45:30.188972755 -0600
[email protected]@ -14,21 +14,24 @@
- #    License for the specific language governing permissions and limitations
- #    under the License.
- 
-+from oslo_config import cfg
- from sqlalchemy import MetaData
- 
- tables = ['image_locations']
- 
-+CONF = cfg.CONF
- 
- def upgrade(migrate_engine):
-     meta = MetaData()
-     meta.bind = migrate_engine
-     if migrate_engine.name == "mysql":
--        d = migrate_engine.execute("SHOW TABLE STATUS WHERE Engine!='InnoDB';")
-+        d = migrate_engine.execute("SHOW TABLE STATUS WHERE Engine!='%s';" % 
-+                                   CONF.database.mysql_storage_engine)
-         for row in d.fetchall():
-             table_name = row[0]
-             if table_name in tables:
--                migrate_engine.execute("ALTER TABLE %s Engine=InnoDB" %
--                                       table_name)
-+                migrate_engine.execute("ALTER TABLE %(db_table)s Engine=%(mysql_storage_engine)s" %
-+                                       dict(db_table=table_name, mysql_storage_engine=CONF.database.mysql_storage_engine))
- 
- 
- def downgrade(migrate_engine):
---- glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/041_add_artifact_tables.py.orig	2016-07-29 11:33:13.687025321 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/migrate_repo/versions/041_add_artifact_tables.py	2016-07-29 11:45:55.382385404 -0600
[email protected]@ -12,6 +12,7 @@
- # License for the specific language governing permissions and limitations
- # under the License.
- 
-+from oslo_config import cfg
- from sqlalchemy.schema import (Column, ForeignKey, Index, MetaData, Table)
- 
- 
[email protected]@ -19,6 +20,7 @@ from glance.db.sqlalchemy.migrate_repo.s
-     BigInteger, Boolean, DateTime, Integer, Numeric, String, Text,
-     create_tables)  # noqa
- 
-+CONF = cfg.CONF
- 
- def define_artifacts_table(meta):
-     artifacts = Table('artifacts',
[email protected]@ -43,7 +45,7 @@ def define_artifacts_table(meta):
-                              nullable=False),
-                       Column('deleted_at', DateTime()),
-                       Column('published_at', DateTime()),
--                      mysql_engine='InnoDB',
-+                      mysql_engine=CONF.database.mysql_storage_engine,
-                       extend_existing=True)
- 
-     Index('ix_artifact_name_and_version', artifacts.c.name,
[email protected]@ -68,7 +70,7 @@ def define_artifact_tags_table(meta):
-                           Column('created_at', DateTime(), nullable=False),
-                           Column('updated_at', DateTime(),
-                                  nullable=False),
--                          mysql_engine='InnoDB',
-+                          mysql_engine=CONF.database.mysql_storage_engine,
-                           extend_existing=True)
- 
-     Index('ix_artifact_tags_artifact_id', artifact_tags.c.artifact_id)
[email protected]@ -100,7 +102,7 @@ def define_artifact_dependencies_table(m
-                                          nullable=False),
-                                   Column('updated_at', DateTime(),
-                                          nullable=False),
--                                  mysql_engine='InnoDB',
-+                                  mysql_engine=CONF.database.mysql_storage_engine,
-                                   extend_existing=True)
- 
-     Index('ix_artifact_dependencies_source_id',
[email protected]@ -131,7 +133,7 @@ def define_artifact_blobs_table(meta):
-                            Column('created_at', DateTime(), nullable=False),
-                            Column('updated_at', DateTime(),
-                                   nullable=False),
--                           mysql_engine='InnoDB',
-+                           mysql_engine=CONF.database.mysql_storage_engine,
-                            extend_existing=True)
-     Index('ix_artifact_blobs_artifact_id',
-           artifact_blobs.c.artifact_id)
[email protected]@ -161,7 +163,7 @@ def define_artifact_properties_table(met
-                                 Column('updated_at', DateTime(),
-                                        nullable=False),
-                                 Column('position', Integer()),
--                                mysql_engine='InnoDB',
-+                                mysql_engine=CONF.database.mysql_storage_engine,
-                                 extend_existing=True)
-     Index('ix_artifact_properties_artifact_id',
-           artifact_properties.c.artifact_id)
[email protected]@ -186,7 +188,7 @@ def define_artifact_blob_locations_table
-                                     Column('position', Integer()),
-                                     Column('status', String(36),
-                                            nullable=True),
--                                    mysql_engine='InnoDB',
-+                                    mysql_engine=CONF.database.mysql_storage_engine,
-                                     extend_existing=True)
-     Index('ix_artifact_blob_locations_blob_id',
-           artifact_blob_locations.c.blob_id)
---- glance-2015.1.2/glance/db/sqlalchemy/models.py.orig	2016-07-29 11:33:19.907591270 -0600
-+++ glance-2015.1.2/glance/db/sqlalchemy/models.py	2016-07-29 11:46:37.517783749 -0600
[email protected]@ -21,6 +21,7 @@ SQLAlchemy models for glance data
- import uuid
- 
- from oslo.serialization import jsonutils
-+from oslo_config import cfg
- from oslo_db.sqlalchemy import models
- from oslo_utils import timeutils
- from sqlalchemy import BigInteger
[email protected]@ -39,6 +40,7 @@ from sqlalchemy import Text
- from sqlalchemy.types import TypeDecorator
- from sqlalchemy import UniqueConstraint
- 
-+CONF = cfg.CONF
- 
- BASE = declarative_base()
- 
[email protected]@ -67,7 +69,7 @@ class JSONEncodedDict(TypeDecorator):
- class GlanceBase(models.ModelBase, models.TimestampMixin):
-     """Base class for Glance Models."""
- 
--    __table_args__ = {'mysql_engine': 'InnoDB'}
-+    __table_args__ = {'mysql_engine': CONF.database.mysql_storage_engine}
-     __table_initialized__ = False
-     __protected_attributes__ = set([
-         "created_at", "updated_at", "deleted_at", "deleted"])