| {%- from "glance/map.jinja" import server, system_cacerts_file with context %} |
| {% set storage_engines = server.storage.engine.split(',') %} |
| [DEFAULT] |
| |
| # |
| # From glance.glare |
| # |
| |
| # |
| # Set the image owner to tenant or the authenticated user. |
| # |
| # Assign a boolean value to determine the owner of an image. When set to |
| # True, the owner of the image is the tenant. When set to False, the |
| # owner of the image will be the authenticated user issuing the request. |
| # Setting it to False makes the image private to the associated user and |
| # sharing with other users within the same tenant (or "project") |
| # requires explicit image sharing via image membership. |
| # |
| # Possible values: |
| # * True |
| # * False |
| # |
| # Related options: |
| # * None |
| # |
| # (boolean value) |
| #owner_is_tenant = true |
| |
| # |
| # Role used to identify an authenticated user as administrator. |
| # |
| # Provide a string value representing a Keystone role to identify an |
| # administrative user. Users with this role will be granted |
| # administrative privileges. The default value for this option is |
| # 'admin'. |
| # |
| # Possible values: |
| # * A string value which is a valid Keystone role |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #admin_role = admin |
| |
| # |
| # Allow limited access to unauthenticated users. |
| # |
| # Assign a boolean to determine API access for unathenticated |
| # users. When set to False, the API cannot be accessed by |
| # unauthenticated users. When set to True, unauthenticated users can |
| # access the API with read-only privileges. This however only applies |
| # when using ContextMiddleware. |
| # |
| # Possible values: |
| # * True |
| # * False |
| # |
| # Related options: |
| # * None |
| # |
| # (boolean value) |
| #allow_anonymous_access = false |
| |
| # |
| # Limit the request ID length. |
| # |
| # Provide an integer value to limit the length of the request ID to |
| # the specified length. The default value is 64. Users can change this |
| # to any ineteger value between 0 and 16384 however keeping in mind that |
| # a larger value may flood the logs. |
| # |
| # Possible values: |
| # * Integer value between 0 and 16384 |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 0 |
| #max_request_id_length = 64 |
| |
| # |
| # Public url endpoint to use for Glance/Glare versions response. |
| # |
| # This is the public url endpoint that will appear in the Glance/Glare |
| # "versions" response. If no value is specified, the endpoint that is |
| # displayed in the version's response is that of the host running the |
| # API service. Change the endpoint to represent the proxy URL if the |
| # API service is running behind a proxy. If the service is running |
| # behind a load balancer, add the load balancer's URL for this value. |
| # |
| # Possible values: |
| # * None |
| # * Proxy URL |
| # * Load balancer URL |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #public_endpoint = <None> |
| |
| # |
| # IP address to bind the glance servers to. |
| # |
| # Provide an IP address to bind the glance server to. The default |
| # value is ``0.0.0.0``. |
| # |
| # Edit this option to enable the server to listen on one particular |
| # IP address on the network card. This facilitates selection of a |
| # particular network interface for the server. |
| # |
| # Possible values: |
| # * A valid IPv4 address |
| # * A valid IPv6 address |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #bind_host = 0.0.0.0 |
| bind_host = {{ server.bind.address }} |
| |
| # |
| # Port number on which the server will listen. |
| # |
| # Provide a valid port number to bind the server's socket to. This |
| # port is then set to identify processes and forward network messages |
| # that arrive at the server. The default bind_port value for the API |
| # server is 9292 and for the registry server is 9191. |
| # |
| # Possible values: |
| # * A valid port number (0 to 65535) |
| # |
| # Related options: |
| # * None |
| # |
| # (port value) |
| # Minimum value: 0 |
| # Maximum value: 65535 |
| #bind_port = <None> |
| bind_port = 9494 |
| |
| # |
| # Number of Glance worker processes to start. |
| # |
| # Provide a non-negative integer value to set the number of child |
| # process workers to service requests. By default, the number of CPUs |
| # available is set as the value for ``workers``. |
| # |
| # Each worker process is made to listen on the port set in the |
| # configuration file and contains a greenthread pool of size 1000. |
| # |
| # NOTE: Setting the number of workers to zero, triggers the creation |
| # of a single API process with a greenthread pool of size 1000. |
| # |
| # Possible values: |
| # * 0 |
| # * Positive integer value (typically equal to the number of CPUs) |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 0 |
| #workers = <None> |
| workers = {{ server.workers }} |
| |
| # |
| # Maximum line size of message headers. |
| # |
| # Provide an integer value representing a length to limit the size of |
| # message headers. The default value is 16384. |
| # |
| # NOTE: ``max_header_line`` may need to be increased when using large |
| # tokens (typically those generated by the Keystone v3 API with big |
| # service catalogs). However, it is to be kept in mind that larger |
| # values for ``max_header_line`` would flood the logs. |
| # |
| # Setting ``max_header_line`` to 0 sets no limit for the line size of |
| # message headers. |
| # |
| # Possible values: |
| # * 0 |
| # * Positive integer |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 0 |
| #max_header_line = 16384 |
| |
| # |
| # Set keep alive option for HTTP over TCP. |
| # |
| # Provide a boolean value to determine sending of keep alive packets. |
| # If set to ``False``, the server returns the header |
| # "Connection: close". If set to ``True``, the server returns a |
| # "Connection: Keep-Alive" in its responses. This enables retention of |
| # the same TCP connection for HTTP conversations instead of opening a |
| # new one with each new request. |
| # |
| # This option must be set to ``False`` if the client socket connection |
| # needs to be closed explicitly after the response is received and |
| # read successfully by the client. |
| # |
| # Possible values: |
| # * True |
| # * False |
| # |
| # Related options: |
| # * None |
| # |
| # (boolean value) |
| #http_keepalive = true |
| |
| # |
| # Timeout for client connections' socket operations. |
| # |
| # Provide a valid integer value representing time in seconds to set |
| # the period of wait before an incoming connection can be closed. The |
| # default value is 900 seconds. |
| # |
| # The value zero implies wait forever. |
| # |
| # Possible values: |
| # * Zero |
| # * Positive integer |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 0 |
| #client_socket_timeout = 900 |
| |
| # |
| # Set the number of incoming connection requests. |
| # |
| # Provide a positive integer value to limit the number of requests in |
| # the backlog queue. The default queue size is 4096. |
| # |
| # An incoming connection to a TCP listener socket is queued before a |
| # connection can be established with the server. Setting the backlog |
| # for a TCP socket ensures a limited queue size for incoming traffic. |
| # |
| # Possible values: |
| # * Positive integer |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 1 |
| #backlog = 4096 |
| |
| # |
| # Set the wait time before a connection recheck. |
| # |
| # Provide a positive integer value representing time in seconds which |
| # is set as the idle wait time before a TCP keep alive packet can be |
| # sent to the host. The default value is 600 seconds. |
| # |
| # Setting ``tcp_keepidle`` helps verify at regular intervals that a |
| # connection is intact and prevents frequent TCP connection |
| # reestablishment. |
| # |
| # Possible values: |
| # * Positive integer value representing time in seconds |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 1 |
| #tcp_keepidle = 600 |
| |
| # |
| # Absolute path to the CA file. |
| # |
| # Provide a string value representing a valid absolute path to |
| # the Certificate Authority file to use for client authentication. |
| # |
| # A CA file typically contains necessary trusted certificates to |
| # use for the client authentication. This is essential to ensure |
| # that a secure connection is established to the server via the |
| # internet. |
| # |
| # Possible values: |
| # * Valid absolute path to the CA file |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #ca_file = /etc/ssl/cafile |
| |
| # |
| # Absolute path to the certificate file. |
| # |
| # Provide a string value representing a valid absolute path to the |
| # certificate file which is required to start the API service |
| # securely. |
| # |
| # A certificate file typically is a public key container and includes |
| # the server's public key, server name, server information and the |
| # signature which was a result of the verification process using the |
| # CA certificate. This is required for a secure connection |
| # establishment. |
| # |
| # Possible values: |
| # * Valid absolute path to the certificate file |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #cert_file = /etc/ssl/certs |
| |
| # |
| # Absolute path to a private key file. |
| # |
| # Provide a string value representing a valid absolute path to a |
| # private key file which is required to establish the client-server |
| # connection. |
| # |
| # Possible values: |
| # * Absolute path to the private key file |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #key_file = /etc/ssl/key/key-file.pem |
| |
| # |
| # Default publisher_id for outgoing Glance notifications. |
| # |
| # This is the value that the notification driver will use to identify |
| # messages for events originating from the Glance service. Typically, |
| # this is the hostname of the instance that generated the message. |
| # |
| # Possible values: |
| # * Any reasonable instance identifier, for example: image.host1 |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #default_publisher_id = image.localhost |
| |
| # |
| # List of notifications to be disabled. |
| # |
| # Specify a list of notifications that should not be emitted. |
| # A notification can be given either as a notification type to |
| # disable a single event notification, or as a notification group |
| # prefix to disable all event notifications within a group. |
| # |
| # Possible values: |
| # A comma-separated list of individual notification types or |
| # notification groups to be disabled. Currently supported groups: |
| # * image |
| # * image.member |
| # * task |
| # * metadef_namespace |
| # * metadef_object |
| # * metadef_property |
| # * metadef_resource_type |
| # * metadef_tag |
| # For a complete listing and description of each event refer to: |
| # http://docs.openstack.org/developer/glance/notifications.html |
| # |
| # The values must be specified as: <group_name>.<event_name> |
| # For example: image.create,task.success,metadef_tag |
| # |
| # Related options: |
| # * None |
| # |
| # (list value) |
| #disabled_notifications = |
| |
| # |
| # From oslo.log |
| # |
| |
| # If set to true, the logging level will be set to DEBUG instead of the default |
| # INFO level. (boolean value) |
| # Note: This option can be changed without restarting. |
| #debug = false |
| |
| # DEPRECATED: If set to false, the logging level will be set to WARNING instead |
| # of the default INFO level. (boolean value) |
| # This option is deprecated for removal. |
| # Its value may be silently ignored in the future. |
| #verbose = true |
| |
| # The name of a logging configuration file. This file is appended to any |
| # existing logging configuration files. For details about logging configuration |
| # files, see the Python logging module documentation. Note that when logging |
| # configuration files are used then all logging configuration is set in the |
| # configuration file and other logging configuration options are ignored (for |
| # example, logging_context_format_string). (string value) |
| # Note: This option can be changed without restarting. |
| # Deprecated group/name - [DEFAULT]/log_config |
| #log_config_append = <None> |
| |
| # Defines the format string for %%(asctime)s in log records. Default: |
| # %(default)s . This option is ignored if log_config_append is set. (string |
| # value) |
| #log_date_format = %Y-%m-%d %H:%M:%S |
| |
| # (Optional) Name of log file to send logging output to. If no default is set, |
| # logging will go to stderr as defined by use_stderr. This option is ignored if |
| # log_config_append is set. (string value) |
| # Deprecated group/name - [DEFAULT]/logfile |
| #log_file = <None> |
| log_file = /var/log/glance/glare.log |
| |
| # (Optional) The base directory used for relative log_file paths. This option |
| # is ignored if log_config_append is set. (string value) |
| # Deprecated group/name - [DEFAULT]/logdir |
| #log_dir = <None> |
| log_dir = /var/log/glance |
| |
| # Uses logging handler designed to watch file system. When log file is moved or |
| # removed this handler will open a new log file with specified path |
| # instantaneously. It makes sense only if log_file option is specified and Linux |
| # platform is used. This option is ignored if log_config_append is set. (boolean |
| # value) |
| #watch_log_file = false |
| |
| # Use syslog for logging. Existing syslog format is DEPRECATED and will be |
| # changed later to honor RFC5424. This option is ignored if log_config_append is |
| # set. (boolean value) |
| #use_syslog = false |
| |
| # Syslog facility to receive log lines. This option is ignored if |
| # log_config_append is set. (string value) |
| #syslog_log_facility = LOG_USER |
| |
| # Log output to standard error. This option is ignored if log_config_append is |
| # set. (boolean value) |
| #use_stderr = true |
| |
| # Format string to use for log messages with context. (string value) |
| #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s |
| |
| # Format string to use for log messages when context is undefined. (string |
| # value) |
| #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s |
| |
| # Additional data to append to log message when logging level for the message is |
| # DEBUG. (string value) |
| #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d |
| |
| # Prefix each line of exception output with this format. (string value) |
| #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s |
| |
| # Defines the format string for %(user_identity)s that is used in |
| # logging_context_format_string. (string value) |
| #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s |
| |
| # List of package logging levels in logger=LEVEL pairs. This option is ignored |
| # if log_config_append is set. (list value) |
| #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO |
| |
| # Enables or disables publication of error events. (boolean value) |
| #publish_errors = false |
| |
| # The format for an instance that is passed with the log message. (string value) |
| #instance_format = "[instance: %(uuid)s] " |
| |
| # The format for an instance UUID that is passed with the log message. (string |
| # value) |
| #instance_uuid_format = "[instance: %(uuid)s] " |
| |
| # Enables or disables fatal status of deprecations. (boolean value) |
| #fatal_deprecations = false |
| |
| |
| [cors] |
| |
| # |
| # From oslo.middleware.cors |
| # |
| |
| # Indicate whether this resource may be shared with the domain received in the |
| # requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing |
| # slash. Example: https://horizon.example.com (list value) |
| #allowed_origin = <None> |
| |
| # Indicate that the actual request can include user credentials (boolean value) |
| #allow_credentials = true |
| |
| # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple |
| # Headers. (list value) |
| #expose_headers = |
| |
| # Maximum cache age of CORS preflight requests. (integer value) |
| #max_age = 3600 |
| |
| # Indicate which methods can be used during the actual request. (list value) |
| #allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH |
| |
| # Indicate which header field names may be used during the actual request. (list |
| # value) |
| #allow_headers = |
| |
| |
| [cors.subdomain] |
| |
| # |
| # From oslo.middleware.cors |
| # |
| |
| # Indicate whether this resource may be shared with the domain received in the |
| # requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing |
| # slash. Example: https://horizon.example.com (list value) |
| #allowed_origin = <None> |
| |
| # Indicate that the actual request can include user credentials (boolean value) |
| #allow_credentials = true |
| |
| # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple |
| # Headers. (list value) |
| #expose_headers = |
| |
| # Maximum cache age of CORS preflight requests. (integer value) |
| #max_age = 3600 |
| |
| # Indicate which methods can be used during the actual request. (list value) |
| #allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH |
| |
| # Indicate which header field names may be used during the actual request. (list |
| # value) |
| #allow_headers = |
| |
| |
| [database] |
| |
| # |
| # From oslo.db |
| # |
| |
| # DEPRECATED: The file name to use with SQLite. (string value) |
| # Deprecated group/name - [DEFAULT]/sqlite_db |
| # This option is deprecated for removal. |
| # Its value may be silently ignored in the future. |
| # Reason: Should use config option connection or slave_connection to connect the |
| # database. |
| #sqlite_db = oslo.sqlite |
| |
| # If True, SQLite uses synchronous mode. (boolean value) |
| # Deprecated group/name - [DEFAULT]/sqlite_synchronous |
| #sqlite_synchronous = true |
| |
| # The back end to use for the database. (string value) |
| # Deprecated group/name - [DEFAULT]/db_backend |
| #backend = sqlalchemy |
| |
| # The SQLAlchemy connection string to use to connect to the database. (string |
| # value) |
| # Deprecated group/name - [DEFAULT]/sql_connection |
| # Deprecated group/name - [DATABASE]/sql_connection |
| # Deprecated group/name - [sql]/connection |
| #connection = <None> |
| connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8&read_timeout=60{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %} |
| |
| |
| # The SQLAlchemy connection string to use to connect to the slave database. |
| # (string value) |
| #slave_connection = <None> |
| |
| # The SQL mode to be used for MySQL sessions. This option, including the |
| # default, overrides any server-set SQL mode. To use whatever SQL mode is set by |
| # the server configuration, set this to no value. Example: mysql_sql_mode= |
| # (string value) |
| #mysql_sql_mode = TRADITIONAL |
| |
| # Timeout before idle SQL connections are reaped. (integer value) |
| # Deprecated group/name - [DEFAULT]/sql_idle_timeout |
| # Deprecated group/name - [DATABASE]/sql_idle_timeout |
| # Deprecated group/name - [sql]/idle_timeout |
| #idle_timeout = 3600 |
| idle_timeout = 3600 |
| |
| # Minimum number of SQL connections to keep open in a pool. (integer value) |
| # Deprecated group/name - [DEFAULT]/sql_min_pool_size |
| # Deprecated group/name - [DATABASE]/sql_min_pool_size |
| #min_pool_size = 1 |
| |
| # Maximum number of SQL connections to keep open in a pool. Setting a value of 0 |
| # indicates no limit. (integer value) |
| # Deprecated group/name - [DEFAULT]/sql_max_pool_size |
| # Deprecated group/name - [DATABASE]/sql_max_pool_size |
| #max_pool_size = 5 |
| max_pool_size = 30 |
| |
| # Maximum number of database connection retries during startup. Set to -1 to |
| # specify an infinite retry count. (integer value) |
| # Deprecated group/name - [DEFAULT]/sql_max_retries |
| # Deprecated group/name - [DATABASE]/sql_max_retries |
| #max_retries = 10 |
| max_retries = -1 |
| |
| # Interval between retries of opening a SQL connection. (integer value) |
| # Deprecated group/name - [DEFAULT]/sql_retry_interval |
| # Deprecated group/name - [DATABASE]/reconnect_interval |
| #retry_interval = 10 |
| |
| # If set, use this value for max_overflow with SQLAlchemy. (integer value) |
| # Deprecated group/name - [DEFAULT]/sql_max_overflow |
| # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow |
| #max_overflow = 50 |
| max_overflow = 60 |
| |
| # Verbosity of SQL debugging information: 0=None, 100=Everything. (integer |
| # value) |
| # Minimum value: 0 |
| # Maximum value: 100 |
| # Deprecated group/name - [DEFAULT]/sql_connection_debug |
| #connection_debug = 0 |
| |
| # Add Python stack traces to SQL as comment strings. (boolean value) |
| # Deprecated group/name - [DEFAULT]/sql_connection_trace |
| #connection_trace = false |
| |
| # If set, use this value for pool_timeout with SQLAlchemy. (integer value) |
| # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout |
| #pool_timeout = <None> |
| |
| # Enable the experimental use of database reconnect on connection lost. (boolean |
| # value) |
| #use_db_reconnect = false |
| |
| # Seconds between retries of a database transaction. (integer value) |
| #db_retry_interval = 1 |
| |
| # If True, increases the interval between retries of a database operation up to |
| # db_max_retry_interval. (boolean value) |
| #db_inc_retry_interval = true |
| |
| # If db_inc_retry_interval is set, the maximum seconds between retries of a |
| # database operation. (integer value) |
| #db_max_retry_interval = 10 |
| |
| # Maximum retries in case of connection error or deadlock error before error is |
| # raised. Set to -1 to specify an infinite retry count. (integer value) |
| #db_max_retries = 20 |
| |
| # |
| # From oslo.db.concurrency |
| # |
| |
| # Enable the experimental use of thread pooling for all DB API calls (boolean |
| # value) |
| # Deprecated group/name - [DEFAULT]/dbapi_use_tpool |
| #use_tpool = false |
| |
| |
| [glance_store] |
| |
| # |
| # From glance.store |
| # |
| |
| # |
| # List of enabled Glance stores. |
| # |
| # Register the storage backends to use for storing disk images |
| # as a comma separated list. The default stores enabled for |
| # storing disk images with Glance are ``file`` and ``http``. |
| # |
| # Possible values: |
| # * A comma separated list that could include: |
| # * file |
| # * http |
| # * swift |
| # * rbd |
| # * sheepdog |
| # * cinder |
| # * vmware |
| # |
| # Related Options: |
| # * default_store |
| # |
| # (list value) |
| #stores = file,http |
| {%- if 'file' in storage_engines %} |
| default_store = file |
| stores = file,http |
| {%- else %} |
| default_store = {{ storage_engines[0] }} |
| stores = {{ server.storage.engine }} |
| {%- endif %} |
| # |
| # The default scheme to use for storing images. |
| # |
| # Provide a string value representing the default scheme to use for |
| # storing images. If not set, Glance uses ``file`` as the default |
| # scheme to store images with the ``file`` store. |
| {% if server.identity.region is defined %} |
| os_region_name=RegionOne |
| {% endif %} |
| |
| # |
| # NOTE: The value given for this configuration option must be a valid |
| # scheme for a store registered with the ``stores`` configuration |
| # option. |
| # |
| # Possible values: |
| # * file |
| # * filesystem |
| # * http |
| # * https |
| # * swift |
| # * swift+http |
| # * swift+https |
| # * swift+config |
| # * rbd |
| # * sheepdog |
| # * cinder |
| # * vsphere |
| # |
| # Related Options: |
| # * stores |
| # |
| # (string value) |
| # Allowed values: file, filesystem, http, https, swift, swift+http, swift+https, swift+config, rbd, sheepdog, cinder, vsphere |
| #default_store = file |
| |
| # |
| # Minimum interval in seconds to execute updating dynamic storage |
| # capabilities based on current backend status. |
| # |
| # Provide an integer value representing time in seconds to set the |
| # minimum interval before an update of dynamic storage capabilities |
| # for a storage backend can be attempted. Setting |
| # ``store_capabilities_update_min_interval`` does not mean updates |
| # occur periodically based on the set interval. Rather, the update |
| # is performed at the elapse of this interval set, if an operation |
| # of the store is triggered. |
| # |
| # By default, this option is set to zero and is disabled. Provide an |
| # integer value greater than zero to enable this option. |
| # |
| # NOTE: For more information on store capabilities and their updates, |
| # please visit: https://specs.openstack.org/openstack/glance-specs/specs/kilo |
| # /store-capabilities.html |
| # |
| # For more information on setting up a particular store in your |
| # deplyment and help with the usage of this feature, please contact |
| # the storage driver maintainers listed here: |
| # http://docs.openstack.org/developer/glance_store/drivers/index.html |
| # |
| # Possible values: |
| # * Zero |
| # * Positive integer |
| # |
| # Related Options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 0 |
| #store_capabilities_update_min_interval = 0 |
| |
| # |
| # Information to match when looking for cinder in the service catalog. |
| # |
| # When the ``cinder_endpoint_template`` is not set and any of |
| # ``cinder_store_auth_address``, ``cinder_store_user_name``, |
| # ``cinder_store_project_name``, ``cinder_store_password`` is not set, |
| # cinder store uses this information to lookup cinder endpoint from the service |
| # catalog in the current context. ``cinder_os_region_name``, if set, is taken |
| # into consideration to fetch the appropriate endpoint. |
| # |
| # The service catalog can be listed by the ``openstack catalog list`` command. |
| # |
| # Possible values: |
| # * A string of of the following form: |
| # ``<service_type>:<service_name>:<endpoint_type>`` |
| # At least ``service_type`` and ``endpoint_type`` should be specified. |
| # ``service_name`` can be omitted. |
| # |
| # Related options: |
| # * cinder_os_region_name |
| # * cinder_endpoint_template |
| # * cinder_store_auth_address |
| # * cinder_store_user_name |
| # * cinder_store_project_name |
| # * cinder_store_password |
| # |
| # (string value) |
| #cinder_catalog_info = volumev2::publicURL |
| cinder_catalog_info = volumev2::{{ server.identity.get('endpoint_type', 'publicURL') }} |
| |
| # |
| # Override service catalog lookup with template for cinder endpoint. |
| # |
| # When this option is set, this value is used to generate cinder endpoint, |
| # instead of looking up from the service catalog. |
| # This value is ignored if ``cinder_store_auth_address``, |
| # ``cinder_store_user_name``, ``cinder_store_project_name``, and |
| # ``cinder_store_password`` are specified. |
| # |
| # If this configuration option is set, ``cinder_catalog_info`` will be ignored. |
| # |
| # Possible values: |
| # * URL template string for cinder endpoint, where ``%%(tenant)s`` is |
| # replaced with the current tenant (project) name. |
| # For example: ``http://cinder.openstack.example.org/v2/%%(tenant)s`` |
| # |
| # Related options: |
| # * cinder_store_auth_address |
| # * cinder_store_user_name |
| # * cinder_store_project_name |
| # * cinder_store_password |
| # * cinder_catalog_info |
| # |
| # (string value) |
| #cinder_endpoint_template = <None> |
| |
| # |
| # Region name to lookup cinder service from the service catalog. |
| # |
| # This is used only when ``cinder_catalog_info`` is used for determining the |
| # endpoint. If set, the lookup for cinder endpoint by this node is filtered to |
| # the specified region. It is useful when multiple regions are listed in the |
| # catalog. If this is not set, the endpoint is looked up from every region. |
| # |
| # Possible values: |
| # * A string that is a valid region name. |
| # |
| # Related options: |
| # * cinder_catalog_info |
| # |
| # (string value) |
| # Deprecated group/name - [glance_store]/os_region_name |
| #cinder_os_region_name = <None> |
| {% if server.identity.region is defined %} |
| cinder_os_region_name = {{ server.identity.region }} |
| {% endif %} |
| |
| # |
| # Location of a CA certificates file used for cinder client requests. |
| # |
| # The specified CA certificates file, if set, is used to verify cinder |
| # connections via HTTPS endpoint. If the endpoint is HTTP, this value is |
| # ignored. |
| # ``cinder_api_insecure`` must be set to ``True`` to enable the verification. |
| # |
| # Possible values: |
| # * Path to a ca certificates file |
| # |
| # Related options: |
| # * cinder_api_insecure |
| # |
| # (string value) |
| #cinder_ca_certificates_file = <None> |
| |
| # |
| # Number of cinderclient retries on failed http calls. |
| # |
| # When a call failed by any errors, cinderclient will retry the call up to the |
| # specified times after sleeping a few seconds. |
| # |
| # Possible values: |
| # * A positive integer |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 0 |
| #cinder_http_retries = 3 |
| |
| # |
| # Time period, in seconds, to wait for a cinder volume transition to |
| # complete. |
| # |
| # When the cinder volume is created, deleted, or attached to the glance node to |
| # read/write the volume data, the volume's state is changed. For example, the |
| # newly created volume status changes from ``creating`` to ``available`` after |
| # the creation process is completed. This specifies the maximum time to wait for |
| # the status change. If a timeout occurs while waiting, or the status is changed |
| # to an unexpected value (e.g. `error``), the image creation fails. |
| # |
| # Possible values: |
| # * A positive integer |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 0 |
| #cinder_state_transition_timeout = 300 |
| |
| # |
| # Allow to perform insecure SSL requests to cinder. |
| # |
| # If this option is set to True, HTTPS endpoint connection is verified using the |
| # CA certificates file specified by ``cinder_ca_certificates_file`` option. |
| # |
| # Possible values: |
| # * True |
| # * False |
| # |
| # Related options: |
| # * cinder_ca_certificates_file |
| # |
| # (boolean value) |
| #cinder_api_insecure = false |
| |
| # |
| # The address where the cinder authentication service is listening. |
| # |
| # When all of ``cinder_store_auth_address``, ``cinder_store_user_name``, |
| # ``cinder_store_project_name``, and ``cinder_store_password`` options are |
| # specified, the specified values are always used for the authentication. |
| # This is useful to hide the image volumes from users by storing them in a |
| # project/tenant specific to the image service. It also enables users to share |
| # the image volume among other projects under the control of glance's ACL. |
| # |
| # If either of these options are not set, the cinder endpoint is looked up |
| # from the service catalog, and current context's user and project are used. |
| # |
| # Possible values: |
| # * A valid authentication service address, for example: |
| # ``http://openstack.example.org/identity/v2.0`` |
| # |
| # Related options: |
| # * cinder_store_user_name |
| # * cinder_store_password |
| # * cinder_store_project_name |
| # |
| # (string value) |
| #cinder_store_auth_address = <None> |
| |
| # |
| # User name to authenticate against cinder. |
| # |
| # This must be used with all the following related options. If any of these are |
| # not specified, the user of the current context is used. |
| # |
| # Possible values: |
| # * A valid user name |
| # |
| # Related options: |
| # * cinder_store_auth_address |
| # * cinder_store_password |
| # * cinder_store_project_name |
| # |
| # (string value) |
| #cinder_store_user_name = <None> |
| |
| # |
| # Password for the user authenticating against cinder. |
| # |
| # This must be used with all the following related options. If any of these are |
| # not specified, the user of the current context is used. |
| # |
| # Possible values: |
| # * A valid password for the user specified by ``cinder_store_user_name`` |
| # |
| # Related options: |
| # * cinder_store_auth_address |
| # * cinder_store_user_name |
| # * cinder_store_project_name |
| # |
| # (string value) |
| #cinder_store_password = <None> |
| |
| # |
| # Project name where the image volume is stored in cinder. |
| # |
| # If this configuration option is not set, the project in current context is |
| # used. |
| # |
| # This must be used with all the following related options. If any of these are |
| # not specified, the project of the current context is used. |
| # |
| # Possible values: |
| # * A valid project name |
| # |
| # Related options: |
| # * ``cinder_store_auth_address`` |
| # * ``cinder_store_user_name`` |
| # * ``cinder_store_password`` |
| # |
| # (string value) |
| #cinder_store_project_name = <None> |
| |
| # |
| # Path to the rootwrap configuration file to use for running commands as root. |
| # |
| # The cinder store requires root privileges to operate the image volumes (for |
| # connecting to iSCSI/FC volumes and reading/writing the volume data, etc.). |
| # The configuration file should allow the required commands by cinder store and |
| # os-brick library. |
| # |
| # Possible values: |
| # * Path to the rootwrap config file |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #rootwrap_config = /etc/glance/rootwrap.conf |
| |
| # |
| # Directory to which the filesystem backend store writes images. |
| # |
| # Upon start up, Glance creates the directory if it doesn't already |
| # exist and verifies write access to the user under which |
| # ``glance-api`` runs. If the write access isn't available, a |
| # ``BadStoreConfiguration`` exception is raised and the filesystem |
| # store may not be available for adding new images. |
| # |
| # NOTE: This directory is used only when filesystem store is used as a |
| # storage backend. Either ``filesystem_store_datadir`` or |
| # ``filesystem_store_datadirs`` option must be specified in |
| # ``glance-api.conf``. If both options are specified, a |
| # ``BadStoreConfiguration`` will be raised and the filesystem store |
| # may not be available for adding new images. |
| # |
| # Possible values: |
| # * A valid path to a directory |
| # |
| # Related options: |
| # * ``filesystem_store_datadirs`` |
| # * ``filesystem_store_file_perm`` |
| # |
| # (string value) |
| #filesystem_store_datadir = /var/lib/glance/images |
| filesystem_store_datadir = {{ server.get('filesystem_store_datadir', '/var/lib/glance/images/') }} |
| |
| |
| # |
| # List of directories and their priorities to which the filesystem |
| # backend store writes images. |
| # |
| # The filesystem store can be configured to store images in multiple |
| # directories as opposed to using a single directory specified by the |
| # ``filesystem_store_datadir`` configuration option. When using |
| # multiple directories, each directory can be given an optional |
| # priority to specify the preference order in which they should |
| # be used. Priority is an integer that is concatenated to the |
| # directory path with a colon where a higher value indicates higher |
| # priority. When two directories have the same priority, the directory |
| # with most free space is used. When no priority is specified, it |
| # defaults to zero. |
| # |
| # More information on configuring filesystem store with multiple store |
| # directories can be found at |
| # http://docs.openstack.org/developer/glance/configuring.html |
| # |
| # NOTE: This directory is used only when filesystem store is used as a |
| # storage backend. Either ``filesystem_store_datadir`` or |
| # ``filesystem_store_datadirs`` option must be specified in |
| # ``glance-api.conf``. If both options are specified, a |
| # ``BadStoreConfiguration`` will be raised and the filesystem store |
| # may not be available for adding new images. |
| # |
| # Possible values: |
| # * List of strings of the following form: |
| # * ``<a valid directory path>:<optional integer priority>`` |
| # |
| # Related options: |
| # * ``filesystem_store_datadir`` |
| # * ``filesystem_store_file_perm`` |
| # |
| # (multi valued) |
| #filesystem_store_datadirs = |
| |
| # |
| # Filesystem store metadata file. |
| # |
| # The path to a file which contains the metadata to be returned with |
| # any location associated with the filesystem store. The file must |
| # contain a valid JSON object. The object should contain the keys |
| # ``id`` and ``mountpoint``. The value for both keys should be a |
| # string. |
| # |
| # Possible values: |
| # * A valid path to the store metadata file |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| {%- if server.filesystem_store_metadata_file is defined %} |
| filesystem_store_metadata_file = {{ server.get('filesystem_store_metadata_file', '/etc/glance/filesystem_store_metadata.json') }} |
| {%- endif %} |
| |
| # |
| # File access permissions for the image files. |
| # |
| # Set the intended file access permissions for image data. This provides |
| # a way to enable other services, e.g. Nova, to consume images directly |
| # from the filesystem store. The users running the services that are |
| # intended to be given access to could be made a member of the group |
| # that owns the files created. Assigning a value less then or equal to |
| # zero for this configuration option signifies that no changes be made |
| # to the default permissions. This value will be decoded as an octal |
| # digit. |
| # |
| # For more information, please refer the documentation at |
| # http://docs.openstack.org/developer/glance/configuring.html |
| # |
| # Possible values: |
| # * A valid file access permission |
| # * Zero |
| # * Any negative integer |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| #filesystem_store_file_perm = 0 |
| |
| # |
| # Path to the CA bundle file. |
| # |
| # This configuration option enables the operator to use a custom |
| # Certificate Authority file to verify the remote server certificate. If |
| # this option is set, the ``https_insecure`` option will be ignored and |
| # the CA file specified will be used to authenticate the server |
| # certificate and establish a secure connection to the server. |
| # |
| # Possible values: |
| # * A valid path to a CA file |
| # |
| # Related options: |
| # * https_insecure |
| # |
| # (string value) |
| #https_ca_certificates_file = <None> |
| |
| # |
| # Set verification of the remote server certificate. |
| # |
| # This configuration option takes in a boolean value to determine |
| # whether or not to verify the remote server certificate. If set to |
| # True, the remote server certificate is not verified. If the option is |
| # set to False, then the default CA truststore is used for verification. |
| # |
| # This option is ignored if ``https_ca_certificates_file`` is set. |
| # The remote server certificate will then be verified using the file |
| # specified using the ``https_ca_certificates_file`` option. |
| # |
| # Possible values: |
| # * True |
| # * False |
| # |
| # Related options: |
| # * https_ca_certificates_file |
| # |
| # (boolean value) |
| #https_insecure = true |
| |
| # |
| # The http/https proxy information to be used to connect to the remote |
| # server. |
| # |
| # This configuration option specifies the http/https proxy information |
| # that should be used to connect to the remote server. The proxy |
| # information should be a key value pair of the scheme and proxy, for |
| # example, http:10.0.0.1:3128. You can also specify proxies for multiple |
| # schemes by separating the key value pairs with a comma, for example, |
| # http:10.0.0.1:3128, https:10.0.0.1:1080. |
| # |
| # Possible values: |
| # * A comma separated list of scheme:proxy pairs as described above |
| # |
| # Related options: |
| # * None |
| # |
| # (dict value) |
| #http_proxy_information = |
| {%- if 'rbd' in storage_engines %} |
| |
| # |
| # Size, in megabytes, to chunk RADOS images into. |
| # |
| # Provide an integer value representing the size in megabytes to chunk |
| # Glance images into. The default chunk size is 8 megabytes. For optimal |
| # performance, the value should be a power of two. |
| # |
| # When Ceph's RBD object storage system is used as the storage backend |
| # for storing Glance images, the images are chunked into objects of the |
| # size set using this option. These chunked objects are then stored |
| # across the distributed block data store to use for Glance. |
| # |
| # Possible Values: |
| # * Any positive integer value |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 1 |
| #rbd_store_chunk_size = 8 |
| rbd_store_chunk_size = {{ server.storage.chunk_size }} |
| |
| # |
| # RADOS pool in which images are stored. |
| # |
| # When RBD is used as the storage backend for storing Glance images, the |
| # images are stored by means of logical grouping of the objects (chunks |
| # of images) into a ``pool``. Each pool is defined with the number of |
| # placement groups it can contain. The default pool that is used is |
| # 'images'. |
| # |
| # More information on the RBD storage backend can be found here: |
| # http://ceph.com/planet/how-data-is-stored-in-ceph-cluster/ |
| # |
| # Possible Values: |
| # * A valid pool name |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #rbd_store_pool = images |
| rbd_store_pool = {{ server.storage.pool }} |
| |
| # |
| # RADOS user to authenticate as. |
| # |
| # This configuration option takes in the RADOS user to authenticate as. |
| # This is only needed when RADOS authentication is enabled and is |
| # applicable only if the user is using Cephx authentication. If the |
| # value for this option is not set by the user or is set to None, a |
| # default value will be chosen, which will be based on the client. |
| # section in rbd_store_ceph_conf. |
| # |
| # Possible Values: |
| # * A valid RADOS user |
| # |
| # Related options: |
| # * rbd_store_ceph_conf |
| # |
| # (string value) |
| #rbd_store_user = <None> |
| rbd_store_user = {{ server.storage.user }} |
| |
| # |
| # Ceph configuration file path. |
| # |
| # This configuration option takes in the path to the Ceph configuration |
| # file to be used. If the value for this option is not set by the user |
| # or is set to None, librados will locate the default configuration file |
| # which is located at /etc/ceph/ceph.conf. If using Cephx |
| # authentication, this file should include a reference to the right |
| # keyring in a client.<USER> section |
| # |
| # Possible Values: |
| # * A valid path to a configuration file |
| # |
| # Related options: |
| # * rbd_store_user |
| # |
| # (string value) |
| #rbd_store_ceph_conf = /etc/ceph/ceph.conf |
| rbd_store_ceph_conf = /etc/ceph/ceph.conf |
| |
| # |
| # Timeout value for connecting to Ceph cluster. |
| # |
| # This configuration option takes in the timeout value in seconds used |
| # when connecting to the Ceph cluster i.e. it sets the time to wait for |
| # glance-api before closing the connection. This prevents glance-api |
| # hangups during the connection to RBD. If the value for this option |
| # is set to less than or equal to 0, no timeout is set and the default |
| # librados value is used. |
| # |
| # Possible Values: |
| # * Any integer value |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| #rados_connect_timeout = 0 |
| {%- endif %} |
| |
| # |
| # Chunk size for images to be stored in Sheepdog data store. |
| # |
| # Provide an integer value representing the size in mebibyte |
| # (1048576 bytes) to chunk Glance images into. The default |
| # chunk size is 64 mebibytes. |
| # |
| # When using Sheepdog distributed storage system, the images are |
| # chunked into objects of this size and then stored across the |
| # distributed data store to use for Glance. |
| # |
| # Chunk sizes, if a power of two, help avoid fragmentation and |
| # enable improved performance. |
| # |
| # Possible values: |
| # * Positive integer value representing size in mebibytes. |
| # |
| # Related Options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 1 |
| #sheepdog_store_chunk_size = 64 |
| |
| # |
| # Port number on which the sheep daemon will listen. |
| # |
| # Provide an integer value representing a valid port number on |
| # which you want the Sheepdog daemon to listen on. The default |
| # port is 7000. |
| # |
| # The Sheepdog daemon, also called 'sheep', manages the storage |
| # in the distributed cluster by writing objects across the storage |
| # network. It identifies and acts on the messages it receives on |
| # the port number set using ``sheepdog_store_port`` option to store |
| # chunks of Glance images. |
| # |
| # Possible values: |
| # * A valid port number (0 to 65535) |
| # |
| # Related Options: |
| # * sheepdog_store_address |
| # |
| # (port value) |
| # Minimum value: 0 |
| # Maximum value: 65535 |
| #sheepdog_store_port = 7000 |
| |
| # |
| # Address to bind the Sheepdog daemon to. |
| # |
| # Provide a string value representing the address to bind the |
| # Sheepdog daemon to. The default address set for the 'sheep' |
| # is 127.0.0.1. |
| # |
| # The Sheepdog daemon, also called 'sheep', manages the storage |
| # in the distributed cluster by writing objects across the storage |
| # network. It identifies and acts on the messages directed to the |
| # address set using ``sheepdog_store_address`` option to store |
| # chunks of Glance images. |
| # |
| # Possible values: |
| # * A valid IPv4 address |
| # * A valid IPv6 address |
| # * A valid hostname |
| # |
| # Related Options: |
| # * sheepdog_store_port |
| # |
| # (string value) |
| #sheepdog_store_address = 127.0.0.1 |
| |
| {%- if 'swift' in storage_engines %} |
| #swift_store_auth_insecure = false |
| swift_store_auth_insecure = {{ server.storage.swift.store.auth.get('insecure', False)|lower }} |
| |
| # |
| # Path to the CA bundle file. |
| # |
| # This configuration option enables the operator to specify the path to |
| # a custom Certificate Authority file for SSL verification when |
| # connecting to Swift. |
| # |
| # Possible values: |
| # * A valid path to a CA file |
| # |
| # Related options: |
| # * swift_store_auth_insecure |
| # |
| # (string value) |
| #swift_store_cacert = /etc/ssl/certs/ca-certificates.crt |
| {% if server.storage.swift.store.cacert is defined %} |
| swift_store_cacert = {{ server.storage.swift.store.cacert }} |
| {% endif %} |
| |
| # |
| # The region of Swift endpoint to use by Glance. |
| # |
| # Provide a string value representing a Swift region where Glance |
| # can connect to for image storage. By default, there is no region |
| # set. |
| # |
| # When Glance uses Swift as the storage backend to store images |
| # for a specific tenant that has multiple endpoints, setting of a |
| # Swift region with ``swift_store_region`` allows Glance to connect |
| # to Swift in the specified region as opposed to a single region |
| # connectivity. |
| # |
| # This option can be configured for both single-tenant and |
| # multi-tenant storage. |
| # |
| # NOTE: Setting the region with ``swift_store_region`` is |
| # tenant-specific and is necessary ``only if`` the tenant has |
| # multiple endpoints across different regions. |
| # |
| # Possible values: |
| # * A string value representing a valid Swift region. |
| # |
| # Related Options: |
| # * None |
| # |
| # (string value) |
| #swift_store_region = RegionTwo |
| {% if server.storage.swift.store.region is defined %} |
| swift_store_region = {{ server.storage.swift.store.region }} |
| {% endif %} |
| |
| # |
| # The URL endpoint to use for Swift backend storage. |
| # |
| # Provide a string value representing the URL endpoint to use for |
| # storing Glance images in Swift store. By default, an endpoint |
| # is not set and the storage URL returned by ``auth`` is used. |
| # Setting an endpoint with ``swift_store_endpoint`` overrides the |
| # storage URL and is used for Glance image storage. |
| # |
| # NOTE: The URL should include the path up to, but excluding the |
| # container. The location of an object is obtained by appending |
| # the container and object to the configured URL. |
| # |
| # Possible values: |
| # * String value representing a valid URL path up to a Swift container |
| # |
| # Related Options: |
| # * None |
| # |
| # (string value) |
| #swift_store_endpoint = https://swift.openstack.example.org/v1/path_not_including_container_name |
| {% if server.storage.swift.store.endpoint is defined %} |
| swift_store_endpoint = {{ server.storage.swift.store.endpoint }} |
| {% endif %} |
| |
| # |
| # Endpoint Type of Swift service. |
| # |
| # This string value indicates the endpoint type to use to fetch the |
| # Swift endpoint. The endpoint type determines the actions the user will |
| # be allowed to perform, for instance, reading and writing to the Store. |
| # This setting is only used if swift_store_auth_version is greater than |
| # 1. |
| # |
| # Possible values: |
| # * publicURL |
| # * adminURL |
| # * internalURL |
| # |
| # Related options: |
| # * swift_store_endpoint |
| # |
| # (string value) |
| # Allowed values: publicURL, adminURL, internalURL |
| #swift_store_endpoint_type = publicURL |
| swift_store_endpoint_type = {{ server.storage.swift.store.get('endpoint_type', server.identity.get('endpoint_type', 'publicURL')) }} |
| |
| # |
| # Type of Swift service to use. |
| # |
| # Provide a string value representing the service type to use for |
| # storing images while using Swift backend storage. The default |
| # service type is set to ``object-store``. |
| # |
| # NOTE: If ``swift_store_auth_version`` is set to 2, the value for |
| # this configuration option needs to be ``object-store``. If using |
| # a higher version of Keystone or a different auth scheme, this |
| # option may be modified. |
| # |
| # Possible values: |
| # * A string representing a valid service type for Swift storage. |
| # |
| # Related Options: |
| # * None |
| # |
| # (string value) |
| #swift_store_service_type = object-store |
| {% if server.storage.swift.store.service_type is defined %} |
| swift_store_service_type = {{ server.storage.swift.store.service_type }} |
| {% endif %} |
| |
| # |
| # Name of single container to store images/name prefix for multiple containers |
| # |
| # When a single container is being used to store images, this configuration |
| # option indicates the container within the Glance account to be used for |
| # storing all images. When multiple containers are used to store images, this |
| # will be the name prefix for all containers. Usage of single/multiple |
| # containers can be controlled using the configuration option |
| # ``swift_store_multiple_containers_seed``. |
| # |
| # When using multiple containers, the containers will be named after the value |
| # set for this configuration option with the first N chars of the image UUID |
| # as the suffix delimited by an underscore (where N is specified by |
| # ``swift_store_multiple_containers_seed``). |
| # |
| # Example: if the seed is set to 3 and swift_store_container = ``glance``, then |
| # an image with UUID ``fdae39a1-bac5-4238-aba4-69bcc726e848`` would be placed in |
| # the container ``glance_fda``. All dashes in the UUID are included when |
| # creating the container name but do not count toward the character limit, so |
| # when N=10 the container name would be ``glance_fdae39a1-ba.`` |
| # |
| # Possible values: |
| # * If using single container, this configuration option can be any string |
| # that is a valid swift container name in Glance's Swift account |
| # * If using multiple containers, this configuration option can be any |
| # string as long as it satisfies the container naming rules enforced by |
| # Swift. The value of ``swift_store_multiple_containers_seed`` should be |
| # taken into account as well. |
| # |
| # Related options: |
| # * ``swift_store_multiple_containers_seed`` |
| # * ``swift_store_multi_tenant`` |
| # * ``swift_store_create_container_on_put`` |
| # |
| # (string value) |
| #swift_store_container = glance |
| swift_store_container = {{ server.storage.swift.store.get('container', 'glance') }} |
| |
| # |
| # The size threshold, in MB, after which Glance will start segmenting image |
| # data. |
| # |
| # Swift has an upper limit on the size of a single uploaded object. By default, |
| # this is 5GB. To upload objects bigger than this limit, objects are segmented |
| # into multiple smaller objects that are tied together with a manifest file. |
| # For more detail, refer to |
| # http://docs.openstack.org/developer/swift/overview_large_objects.html |
| # |
| # This configuration option specifies the size threshold over which the Swift |
| # driver will start segmenting image data into multiple smaller files. |
| # Currently, the Swift driver only supports creating Dynamic Large Objects. |
| # |
| # NOTE: This should be set by taking into account the large object limit |
| # enforced by the Swift cluster in consideration. |
| # |
| # Possible values: |
| # * A positive integer that is less than or equal to the large object limit |
| # enforced by the Swift cluster in consideration. |
| # |
| # Related options: |
| # * ``swift_store_large_object_chunk_size`` |
| # |
| # (integer value) |
| # Minimum value: 1 |
| #swift_store_large_object_size = 5120 |
| {% if server.storage.swift.store.large_object_size is defined %} |
| swift_store_large_object_size = {{ server.storage.swift.store.large_object_size }} |
| {% endif %} |
| |
| # |
| # The maximum size, in MB, of the segments when image data is segmented. |
| # |
| # When image data is segmented to upload images that are larger than the limit |
| # enforced by the Swift cluster, image data is broken into segments that are no |
| # bigger than the size specified by this configuration option. |
| # Refer to ``swift_store_large_object_size`` for more detail. |
| # |
| # For example: if ``swift_store_large_object_size`` is 5GB and |
| # ``swift_store_large_object_chunk_size`` is 1GB, an image of size 6.2GB will be |
| # segmented into 7 segments where the first six segments will be 1GB in size and |
| # the seventh segment will be 0.2GB. |
| # |
| # Possible values: |
| # * A positive integer that is less than or equal to the large object limit |
| # enforced by Swift cluster in consideration. |
| # |
| # Related options: |
| # * ``swift_store_large_object_size`` |
| # |
| # (integer value) |
| # Minimum value: 1 |
| #swift_store_large_object_chunk_size = 200 |
| {% if server.storage.swift.store.large_object_chunk_size is defined %} |
| swift_store_large_object_chunk_size = {{ server.storage.swift.store.large_object_chunk_size }} |
| {% endif %} |
| |
| # |
| # Create container, if it doesn't already exist, when uploading image. |
| # |
| # At the time of uploading an image, if the corresponding container doesn't |
| # exist, it will be created provided this configuration option is set to True. |
| # By default, it won't be created. This behavior is applicable for both single |
| # and multiple containers mode. |
| # |
| # Possible values: |
| # * True |
| # * False |
| # |
| # Related options: |
| # * None |
| # |
| # (boolean value) |
| #swift_store_create_container_on_put = false |
| swift_store_create_container_on_put = {{ server.storage.swift.store.get('create_container_on_put', False)|lower }} |
| |
| # |
| # Store images in tenant's Swift account. |
| # |
| # This enables multi-tenant storage mode which causes Glance images to be stored |
| # in tenant specific Swift accounts. If this is disabled, Glance stores all |
| # images in its own account. More details multi-tenant store can be found at |
| # https://wiki.openstack.org/wiki/GlanceSwiftTenantSpecificStorage |
| # |
| # Possible values: |
| # * True |
| # * False |
| # |
| # Related options: |
| # * None |
| # |
| # (boolean value) |
| #swift_store_multi_tenant = false |
| swift_store_multi_tenant = {{ server.storage.swift.store.get('multi_tenant', False)|lower }} |
| |
| # |
| # Seed indicating the number of containers to use for storing images. |
| # |
| # When using a single-tenant store, images can be stored in one or more than one |
| # containers. When set to 0, all images will be stored in one single container. |
| # When set to an integer value between 1 and 32, multiple containers will be |
| # used to store images. This configuration option will determine how many |
| # containers are created. The total number of containers that will be used is |
| # equal to 16^N, so if this config option is set to 2, then 16^2=256 containers |
| # will be used to store images. |
| # |
| # Please refer to ``swift_store_container`` for more detail on the naming |
| # convention. More detail about using multiple containers can be found at |
| # https://specs.openstack.org/openstack/glance-specs/specs/kilo/swift-store- |
| # multiple-containers.html |
| # |
| # NOTE: This is used only when swift_store_multi_tenant is disabled. |
| # |
| # Possible values: |
| # * A non-negative integer less than or equal to 32 |
| # |
| # Related options: |
| # * ``swift_store_container`` |
| # * ``swift_store_multi_tenant`` |
| # * ``swift_store_create_container_on_put`` |
| # |
| # (integer value) |
| # Minimum value: 0 |
| # Maximum value: 32 |
| #swift_store_multiple_containers_seed = 0 |
| swift_store_multiple_containers_seed = {{ server.storage.swift.store.get('multiple_containers_seed', 0) }} |
| |
| # |
| # List of tenants that will be granted admin access. |
| # |
| # This is a list of tenants that will be granted read/write access on |
| # all Swift containers created by Glance in multi-tenant mode. The |
| # default value is an empty list. |
| # |
| # Possible values: |
| # * A comma separated list of strings representing UUIDs of Keystone |
| # projects/tenants |
| # |
| # Related options: |
| # * None |
| # |
| # (list value) |
| #swift_store_admin_tenants = |
| {% if server.storage.swift.store.admin_tenants is defined %} |
| swift_store_admin_tenants = {{ server.storage.swift.store.admin_tenants }} |
| {% endif %} |
| |
| # |
| # SSL layer compression for HTTPS Swift requests. |
| # |
| # Provide a boolean value to determine whether or not to compress |
| # HTTPS Swift requests for images at the SSL layer. By default, |
| # compression is enabled. |
| # |
| # When using Swift as the backend store for Glance image storage, |
| # SSL layer compression of HTTPS Swift requests can be set using |
| # this option. If set to False, SSL layer compression of HTTPS |
| # Swift requests is disabled. Disabling this option may improve |
| # performance for images which are already in a compressed format, |
| # for example, qcow2. |
| # |
| # Possible values: |
| # * True |
| # * False |
| # |
| # Related Options: |
| # * None |
| # |
| # (boolean value) |
| #swift_store_ssl_compression = true |
| swift_store_ssl_compression = {{ server.storage.swift.store.get('ssl_compression', True)|lower }} |
| |
| # |
| # The number of times a Swift download will be retried before the |
| # request fails. |
| # |
| # Provide an integer value representing the number of times an image |
| # download must be retried before erroring out. The default value is |
| # zero (no retry on a failed image download). When set to a positive |
| # integer value, ``swift_store_retry_get_count`` ensures that the |
| # download is attempted this many more times upon a download failure |
| # before sending an error message. |
| # |
| # Possible values: |
| # * Zero |
| # * Positive integer value |
| # |
| # Related Options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 0 |
| #swift_store_retry_get_count = 0 |
| {% if server.storage.swift.store.retry_get_count is defined %} |
| swift_store_retry_get_count = {{ server.storage.swift.store.retry_get_count }} |
| {% endif %} |
| |
| # |
| # Time in seconds defining the size of the window in which a new |
| # token may be requested before the current token is due to expire. |
| # |
| # Typically, the Swift storage driver fetches a new token upon the |
| # expiration of the current token to ensure continued access to |
| # Swift. However, some Swift transactions (like uploading image |
| # segments) may not recover well if the token expires on the fly. |
| # |
| # Hence, by fetching a new token before the current token expiration, |
| # we make sure that the token does not expire or is close to expiry |
| # before a transaction is attempted. By default, the Swift storage |
| # driver requests for a new token 60 seconds or less before the |
| # current token expiration. |
| # |
| # Possible values: |
| # * Zero |
| # * Positive integer value |
| # |
| # Related Options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 0 |
| #swift_store_expire_soon_interval = 60 |
| {% if server.storage.swift.store.expire_soon_interval is defined %} |
| swift_store_expire_soon_interval = {{ server.storage.swift.store.expire_soon_interval }} |
| {% endif %} |
| |
| # |
| # Use trusts for multi-tenant Swift store. |
| # |
| # This option instructs the Swift store to create a trust for each |
| # add/get request when the multi-tenant store is in use. Using trusts |
| # allows the Swift store to avoid problems that can be caused by an |
| # authentication token expiring during the upload or download of data. |
| # |
| # By default, ``swift_store_use_trusts`` is set to ``True``(use of |
| # trusts is enabled). If set to ``False``, a user token is used for |
| # the Swift connection instead, eliminating the overhead of trust |
| # creation. |
| # |
| # NOTE: This option is considered only when |
| # ``swift_store_multi_tenant`` is set to ``True`` |
| # |
| # Possible values: |
| # * True |
| # * False |
| # |
| # Related options: |
| # * swift_store_multi_tenant |
| # |
| # (boolean value) |
| #swift_store_use_trusts = true |
| {% if server.storage.swift.store.use_trusts is defined %} |
| swift_store_use_trusts = {{ server.storage.swift.store.use_trusts|lower }} |
| {% endif %} |
| |
| # |
| # Reference to default Swift account/backing store parameters. |
| # |
| # Provide a string value representing a reference to the default set |
| # of parameters required for using swift account/backing store for |
| # image storage. The default reference value for this configuration |
| # option is 'ref1'. This configuration option dereferences the |
| # parameters and facilitates image storage in Swift storage backend |
| # every time a new image is added. |
| # |
| # Possible values: |
| # * A valid string value |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #default_swift_reference = ref1 |
| {% if server.storage.swift.store.default_swift_reference is defined %} |
| default_swift_reference = {{ server.storage.swift.store.default_swift_reference }} |
| {% endif %} |
| |
| # DEPRECATED: Version of the authentication service to use. Valid versions are 2 |
| # and 3 for keystone and 1 (deprecated) for swauth and rackspace. (string value) |
| # This option is deprecated for removal. |
| # Its value may be silently ignored in the future. |
| # Reason: |
| # The option 'auth_version' in the Swift back-end configuration file is |
| # used instead. |
| #swift_store_auth_version = 2 |
| swift_store_auth_version = {{ server.storage.swift.store.auth.version }} |
| |
| # DEPRECATED: The address where the Swift authentication service is listening. |
| # (string value) |
| # This option is deprecated for removal. |
| # Its value may be silently ignored in the future. |
| # Reason: |
| # The option 'auth_address' in the Swift back-end configuration file is |
| # used instead. |
| #swift_store_auth_address = <None> |
| swift_store_auth_address = {{ server.storage.swift.store.auth.address }} |
| |
| # DEPRECATED: The user to authenticate against the Swift authentication service. |
| # (string value) |
| # This option is deprecated for removal. |
| # Its value may be silently ignored in the future. |
| # Reason: |
| # The option 'user' in the Swift back-end configuration file is set instead. |
| #swift_store_user = <None> |
| swift_store_user = {{ server.storage.swift.store.user }} |
| |
| # DEPRECATED: Auth key for the user authenticating against the Swift |
| # authentication service. (string value) |
| # This option is deprecated for removal. |
| # Its value may be silently ignored in the future. |
| # Reason: |
| # The option 'key' in the Swift back-end configuration file is used |
| # to set the authentication key instead. |
| #swift_store_key = <None> |
| swift_store_key = {{ server.storage.swift.store.key }} |
| |
| # |
| # Absolute path to the file containing the swift account(s) |
| # configurations. |
| # |
| # Include a string value representing the path to a configuration |
| # file that has references for each of the configured Swift |
| # account(s)/backing stores. By default, no file path is specified |
| # and customized Swift referencing is disabled. Configuring this |
| # option is highly recommended while using Swift storage backend for |
| # image storage as it avoids storage of credentials in the database. |
| # |
| # Possible values: |
| # * String value representing an absolute path on the glance-api |
| # node |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #swift_store_config_file = <None> |
| {% if server.storage.swift.store.config_file is defined %} |
| swift_store_config_file = {{ server.storage.swift.store.config_file }} |
| {% endif %} |
| |
| {% endif %} |
| |
| # |
| # Address of the ESX/ESXi or vCenter Server target system. |
| # |
| # This configuration option sets the address of the ESX/ESXi or vCenter |
| # Server target system. This option is required when using the VMware |
| # storage backend. The address can contain an IP address (127.0.0.1) or |
| # a DNS name (www.my-domain.com). |
| # |
| # Possible Values: |
| # * A valid IPv4 or IPv6 address |
| # * A valid DNS name |
| # |
| # Related options: |
| # * vmware_server_username |
| # * vmware_server_password |
| # |
| # (string value) |
| #vmware_server_host = 127.0.0.1 |
| |
| # |
| # Server username. |
| # |
| # This configuration option takes the username for authenticating with |
| # the VMware ESX/ESXi or vCenter Server. This option is required when |
| # using the VMware storage backend. |
| # |
| # Possible Values: |
| # * Any string that is the username for a user with appropriate |
| # privileges |
| # |
| # Related options: |
| # * vmware_server_host |
| # * vmware_server_password |
| # |
| # (string value) |
| #vmware_server_username = root |
| |
| # |
| # Server password. |
| # |
| # This configuration option takes the password for authenticating with |
| # the VMware ESX/ESXi or vCenter Server. This option is required when |
| # using the VMware storage backend. |
| # |
| # Possible Values: |
| # * Any string that is a password corresponding to the username |
| # specified using the "vmware_server_username" option |
| # |
| # Related options: |
| # * vmware_server_host |
| # * vmware_server_username |
| # |
| # (string value) |
| #vmware_server_password = vmware |
| |
| # |
| # The number of VMware API retries. |
| # |
| # This configuration option specifies the number of times the VMware |
| # ESX/VC server API must be retried upon connection related issues or |
| # server API call overload. It is not possible to specify 'retry |
| # forever'. |
| # |
| # Possible Values: |
| # * Any positive integer value |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 1 |
| #vmware_api_retry_count = 10 |
| |
| # |
| # Interval in seconds used for polling remote tasks invoked on VMware |
| # ESX/VC server. |
| # |
| # This configuration option takes in the sleep time in seconds for polling an |
| # on-going async task as part of the VMWare ESX/VC server API call. |
| # |
| # Possible Values: |
| # * Any positive integer value |
| # |
| # Related options: |
| # * None |
| # |
| # (integer value) |
| # Minimum value: 1 |
| #vmware_task_poll_interval = 5 |
| |
| # |
| # The directory where the glance images will be stored in the datastore. |
| # |
| # This configuration option specifies the path to the directory where the |
| # glance images will be stored in the VMware datastore. If this option |
| # is not set, the default directory where the glance images are stored |
| # is openstack_glance. |
| # |
| # Possible Values: |
| # * Any string that is a valid path to a directory |
| # |
| # Related options: |
| # * None |
| # |
| # (string value) |
| #vmware_store_image_dir = /openstack_glance |
| |
| # |
| # Set verification of the ESX/vCenter server certificate. |
| # |
| # This configuration option takes a boolean value to determine |
| # whether or not to verify the ESX/vCenter server certificate. If this |
| # option is set to True, the ESX/vCenter server certificate is not |
| # verified. If this option is set to False, then the default CA |
| # truststore is used for verification. |
| # |
| # This option is ignored if the "vmware_ca_file" option is set. In that |
| # case, the ESX/vCenter server certificate will then be verified using |
| # the file specified using the "vmware_ca_file" option . |
| # |
| # Possible Values: |
| # * True |
| # * False |
| # |
| # Related options: |
| # * vmware_ca_file |
| # |
| # (boolean value) |
| # Deprecated group/name - [glance_store]/vmware_api_insecure |
| #vmware_insecure = false |
| |
| # |
| # Absolute path to the CA bundle file. |
| # |
| # This configuration option enables the operator to use a custom |
| # Cerificate Authority File to verify the ESX/vCenter certificate. |
| # |
| # If this option is set, the "vmware_insecure" option will be ignored |
| # and the CA file specified will be used to authenticate the ESX/vCenter |
| # server certificate and establish a secure connection to the server. |
| # |
| # Possible Values: |
| # * Any string that is a valid absolute path to a CA file |
| # |
| # Related options: |
| # * vmware_insecure |
| # |
| # (string value) |
| #vmware_ca_file = /etc/ssl/certs/ca-certificates.crt |
| |
| # |
| # The datastores where the image can be stored. |
| # |
| # This configuration option specifies the datastores where the image can |
| # be stored in the VMWare store backend. This option may be specified |
| # multiple times for specifying multiple datastores. The datastore name |
| # should be specified after its datacenter path, separated by ":". An |
| # optional weight may be given after the datastore name, separated again |
| # by ":" to specify the priority. Thus, the required format becomes |
| # <datacenter_path>:<datastore_name>:<optional_weight>. |
| # |
| # When adding an image, the datastore with highest weight will be |
| # selected, unless there is not enough free space available in cases |
| # where the image size is already known. If no weight is given, it is |
| # assumed to be zero and the directory will be considered for selection |
| # last. If multiple datastores have the same weight, then the one with |
| # the most free space available is selected. |
| # |
| # Possible Values: |
| # * Any string of the format: |
| # <datacenter_path>:<datastore_name>:<optional_weight> |
| # |
| # Related options: |
| # * None |
| # |
| # (multi valued) |
| #vmware_datastores = |
| |
| |
| [keystone_authtoken] |
| revocation_cache_time = 10 |
| auth_type = password |
| user_domain_id = {{ server.identity.get('domain', 'default') }} |
| project_domain_id = {{ server.identity.get('domain', 'default') }} |
| project_name = {{ server.identity.tenant }} |
| username = {{ server.identity.user }} |
| password = {{ server.identity.password }} |
| auth_uri=http://{{ server.identity.host }}:5000 |
| auth_url=http://{{ server.identity.host }}:35357 |
| token_cache_time = -1 |
| |
| {%- if server.cache is defined %} |
| memcached_servers={%- for member in server.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %} |
| {%- endif %} |
| # |
| # From keystonemiddleware.auth_token |
| # |
| |
| # Complete "public" Identity API endpoint. This endpoint should not be an |
| # "admin" endpoint, as it should be accessible by all end users. Unauthenticated |
| # clients are redirected to this endpoint to authenticate. Although this |
| # endpoint should ideally be unversioned, client support in the wild varies. |
| # If you're using a versioned v2 endpoint here, then this should *not* be the |
| # same endpoint the service user utilizes for validating tokens, because normal |
| # end users may not be able to reach that endpoint. (string value) |
| #auth_uri = <None> |
| |
| # API version of the admin Identity API endpoint. (string value) |
| #auth_version = <None> |
| |
| # Do not handle authorization requests within the middleware, but delegate the |
| # authorization decision to downstream WSGI components. (boolean value) |
| #delay_auth_decision = false |
| |
| # Request timeout value for communicating with Identity API server. (integer |
| # value) |
| #http_connect_timeout = <None> |
| |
| # How many times are we trying to reconnect when communicating with Identity API |
| # Server. (integer value) |
| #http_request_max_retries = 3 |
| |
| # Request environment key where the Swift cache object is stored. When |
| # auth_token middleware is deployed with a Swift cache, use this option to have |
| # the middleware share a caching backend with swift. Otherwise, use the |
| # ``memcached_servers`` option instead. (string value) |
| #cache = <None> |
| |
| # Required if identity server requires client certificate (string value) |
| #certfile = <None> |
| |
| # Required if identity server requires client certificate (string value) |
| #keyfile = <None> |
| |
| # A PEM encoded Certificate Authority to use when verifying HTTPs connections. |
| # Defaults to system CAs. (string value) |
| #cafile = <None> |
| |
| # Verify HTTPS connections. (boolean value) |
| #insecure = false |
| |
| # The region in which the identity server can be found. (string value) |
| #region_name = <None> |
| |
| # Directory used to cache files related to PKI tokens. (string value) |
| #signing_dir = <None> |
| |
| # Optionally specify a list of memcached server(s) to use for caching. If left |
| # undefined, tokens will instead be cached in-process. (list value) |
| # Deprecated group/name - [keystone_authtoken]/memcache_servers |
| #memcached_servers = <None> |
| |
| # In order to prevent excessive effort spent validating tokens, the middleware |
| # caches previously-seen tokens for a configurable duration (in seconds). Set to |
| # -1 to disable caching completely. (integer value) |
| #token_cache_time = 300 |
| |
| # Determines the frequency at which the list of revoked tokens is retrieved from |
| # the Identity service (in seconds). A high number of revocation events combined |
| # with a low cache duration may significantly reduce performance. Only valid for |
| # PKI tokens. (integer value) |
| #revocation_cache_time = 10 |
| |
| # (Optional) If defined, indicate whether token data should be authenticated or |
| # authenticated and encrypted. If MAC, token data is authenticated (with HMAC) |
| # in the cache. If ENCRYPT, token data is encrypted and authenticated in the |
| # cache. If the value is not one of these options or empty, auth_token will |
| # raise an exception on initialization. (string value) |
| # Allowed values: None, MAC, ENCRYPT |
| #memcache_security_strategy = None |
| |
| # (Optional, mandatory if memcache_security_strategy is defined) This string is |
| # used for key derivation. (string value) |
| #memcache_secret_key = <None> |
| |
| # (Optional) Number of seconds memcached server is considered dead before it is |
| # tried again. (integer value) |
| #memcache_pool_dead_retry = 300 |
| |
| # (Optional) Maximum total number of open connections to every memcached server. |
| # (integer value) |
| #memcache_pool_maxsize = 10 |
| |
| # (Optional) Socket timeout in seconds for communicating with a memcached |
| # server. (integer value) |
| #memcache_pool_socket_timeout = 3 |
| |
| # (Optional) Number of seconds a connection to memcached is held unused in the |
| # pool before it is closed. (integer value) |
| #memcache_pool_unused_timeout = 60 |
| |
| # (Optional) Number of seconds that an operation will wait to get a memcached |
| # client connection from the pool. (integer value) |
| #memcache_pool_conn_get_timeout = 10 |
| |
| # (Optional) Use the advanced (eventlet safe) memcached client pool. The |
| # advanced pool will only work under python 2.x. (boolean value) |
| #memcache_use_advanced_pool = false |
| |
| # (Optional) Indicate whether to set the X-Service-Catalog header. If False, |
| # middleware will not ask for service catalog on token validation and will not |
| # set the X-Service-Catalog header. (boolean value) |
| #include_service_catalog = true |
| |
| # Used to control the use and type of token binding. Can be set to: "disabled" |
| # to not check token binding. "permissive" (default) to validate binding |
| # information if the bind type is of a form known to the server and ignore it if |
| # not. "strict" like "permissive" but if the bind type is unknown the token will |
| # be rejected. "required" any form of token binding is needed to be allowed. |
| # Finally the name of a binding method that must be present in tokens. (string |
| # value) |
| #enforce_token_bind = permissive |
| |
| # If true, the revocation list will be checked for cached tokens. This requires |
| # that PKI tokens are configured on the identity server. (boolean value) |
| #check_revocations_for_cached = false |
| |
| # Hash algorithms to use for hashing PKI tokens. This may be a single algorithm |
| # or multiple. The algorithms are those supported by Python standard |
| # hashlib.new(). The hashes will be tried in the order given, so put the |
| # preferred one first for performance. The result of the first hash will be |
| # stored in the cache. This will typically be set to multiple values only while |
| # migrating from a less secure algorithm to a more secure one. Once all the old |
| # tokens are expired this option should be set to a single value for better |
| # performance. (list value) |
| #hash_algorithms = md5 |
| |
| # Authentication type to load (string value) |
| # Deprecated group/name - [keystone_authtoken]/auth_plugin |
| #auth_type = <None> |
| |
| # Config Section from which to load plugin specific options (string value) |
| #auth_section = <None> |
| |
| |
| [paste_deploy] |
| |
| # |
| # From glance.glare |
| # |
| |
| # |
| # Deployment flavor to use in the server application pipeline. |
| # |
| # Provide a string value representing the appropriate deployment |
| # flavor used in the server application pipleline. This is typically |
| # the partial name of a pipeline in the paste configuration file with |
| # the service name removed. |
| # |
| # For example, if your paste section name in the paste configuration |
| # file is [pipeline:glance-api-keystone], set ``flavor`` to |
| # ``keystone``. |
| # |
| # Possible values: |
| # * String value representing a partial pipeline name. |
| # |
| # Related Options: |
| # * config_file |
| # |
| # (string value) |
| #flavor = keystone |
| flavor = keystone |
| |
| # |
| # Name of the paste configuration file. |
| # |
| # Provide a string value representing the name of the paste |
| # configuration file to use for configuring piplelines for |
| # server application deployments. |
| # |
| # NOTES: |
| # * Provide the name or the path relative to the glance directory |
| # for the paste configuration file and not the absolute path. |
| # * The sample paste configuration file shipped with Glance need |
| # not be edited in most cases as it comes with ready-made |
| # pipelines for all common deployment flavors. |
| # |
| # If no value is specified for this option, the ``paste.ini`` file |
| # with the prefix of the corresponding Glance service's configuration |
| # file name will be searched for in the known configuration |
| # directories. (For example, if this option is missing from or has no |
| # value set in ``glance-api.conf``, the service will look for a file |
| # named ``glance-api-paste.ini``.) If the paste configuration file is |
| # not found, the service will not start. |
| # |
| # Possible values: |
| # * A string value representing the name of the paste configuration |
| # file. |
| # |
| # Related Options: |
| # * flavor |
| # |
| # (string value) |
| #config_file = glance-api-paste.ini |
| |
| |
| [profiler] |
| |
| # |
| # From glance.glare |
| # |
| |
| # |
| # Enables the profiling for all services on this node. Default value is False |
| # (fully disable the profiling feature). |
| # |
| # Possible values: |
| # |
| # * True: Enables the feature |
| # * False: Disables the feature. The profiling cannot be started via this |
| # project |
| # operations. If the profiling is triggered by another project, this project |
| # part |
| # will be empty. |
| # (boolean value) |
| # Deprecated group/name - [profiler]/profiler_enabled |
| #enabled = false |
| |
| # |
| # Enables SQL requests profiling in services. Default value is False (SQL |
| # requests won't be traced). |
| # |
| # Possible values: |
| # |
| # * True: Enables SQL requests profiling. Each SQL query will be part of the |
| # trace and can the be analyzed by how much time was spent for that. |
| # * False: Disables SQL requests profiling. The spent time is only shown on a |
| # higher level of operations. Single SQL queries cannot be analyzed this |
| # way. |
| # (boolean value) |
| #trace_sqlalchemy = false |
| |
| # |
| # Secret key(s) to use for encrypting context data for performance profiling. |
| # This string value should have the following format: <key1>[,<key2>,...<keyn>], |
| # where each key is some random string. A user who triggers the profiling via |
| # the REST API has to set one of these keys in the headers of the REST API call |
| # to include profiling results of this node for this particular project. |
| # |
| # Both "enabled" flag and "hmac_keys" config options should be set to enable |
| # profiling. Also, to generate correct profiling information across all services |
| # at least one key needs to be consistent between OpenStack projects. This |
| # ensures it can be used from client side to generate the trace, containing |
| # information from all possible resources. (string value) |
| #hmac_keys = SECRET_KEY |
| |
| # |
| # Connection string for a notifier backend. Default value is messaging:// which |
| # sets the notifier to oslo_messaging. |
| # |
| # Examples of possible values: |
| # |
| # * messaging://: use oslo_messaging driver for sending notifications. |
| # (string value) |
| #connection_string = messaging:// |