diff --git a/doc/source/admin/controllingservers.rst b/doc/source/admin/controllingservers.rst index 31b06bdcbe..97b03177db 100644 --- a/doc/source/admin/controllingservers.rst +++ b/doc/source/admin/controllingservers.rst @@ -28,8 +28,7 @@ programs. Starting a server ----------------- -There are two ways to start a Glance server (either the API server or the -registry server): +There are two ways to start a Glance server: * Manually calling the server program @@ -61,8 +60,7 @@ following directories, stopping at the first config file it finds: * ``/etc`` The filename that is searched for depends on the server application name. So, -if you are starting up the API server, ``glance-api.conf`` is searched for, -otherwise ``glance-registry.conf``. +if you are starting up the API server, ``glance-api.conf`` is searched for. If no configuration file is found, you will see an error, like:: @@ -70,7 +68,7 @@ If no configuration file is found, you will see an error, like:: ERROR: Unable to locate any configuration file. Cannot load application glance-api Here is an example showing how you can manually start the ``glance-api`` server -and ``glance-registry`` in a shell.:: +in a shell.:: $ sudo glance-api --config-file glance-api.conf --debug & jsuh@mc-ats1:~$ 2011-04-13 14:50:12 DEBUG [glance-api] ******************************************************************************** @@ -88,46 +86,16 @@ and ``glance-registry`` in a shell.:: 2011-04-13 14:50:12 DEBUG [routes.middleware] Initialized with method overriding = True, and path info altering = True 2011-04-13 14:50:12 DEBUG [eventlet.wsgi.server] (21354) wsgi starting up on http://65.114.169.29:9292/ - $ sudo glance-registry --config-file glance-registry.conf & - jsuh@mc-ats1:~$ 2011-04-13 14:51:16 INFO [sqlalchemy.engine.base.Engine.0x...feac] PRAGMA table_info("images") - 2011-04-13 14:51:16 INFO [sqlalchemy.engine.base.Engine.0x...feac] () - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Col ('cid', 'name', 'type', 'notnull', 'dflt_value', 'pk') - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (0, u'created_at', u'DATETIME', 1, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (1, u'updated_at', u'DATETIME', 0, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (2, u'deleted_at', u'DATETIME', 0, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (3, u'deleted', u'BOOLEAN', 1, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (4, u'id', u'INTEGER', 1, None, 1) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (5, u'name', u'VARCHAR(255)', 0, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (6, u'disk_format', u'VARCHAR(20)', 0, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (7, u'container_format', u'VARCHAR(20)', 0, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (8, u'size', u'INTEGER', 0, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (9, u'status', u'VARCHAR(30)', 1, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (10, u'is_public', u'BOOLEAN', 1, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (11, u'location', u'TEXT', 0, None, 0) - 2011-04-13 14:51:16 INFO [sqlalchemy.engine.base.Engine.0x...feac] PRAGMA table_info("image_properties") - 2011-04-13 14:51:16 INFO [sqlalchemy.engine.base.Engine.0x...feac] () - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Col ('cid', 'name', 'type', 'notnull', 'dflt_value', 'pk') - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (0, u'created_at', u'DATETIME', 1, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (1, u'updated_at', u'DATETIME', 0, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (2, u'deleted_at', u'DATETIME', 0, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (3, u'deleted', u'BOOLEAN', 1, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (4, u'id', u'INTEGER', 1, None, 1) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (5, u'image_id', u'INTEGER', 1, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (6, u'key', u'VARCHAR(255)', 1, None, 0) - 2011-04-13 14:51:16 DEBUG [sqlalchemy.engine.base.Engine.0x...feac] Row (7, u'value', u'TEXT', 0, None, 0) - $ ps aux | grep glance root 20009 0.7 0.1 12744 9148 pts/1 S 12:47 0:00 /usr/bin/python /usr/bin/glance-api glance-api.conf --debug - root 20012 2.0 0.1 25188 13356 pts/1 S 12:47 0:00 /usr/bin/python /usr/bin/glance-registry glance-registry.conf jsuh 20017 0.0 0.0 3368 744 pts/1 S+ 12:47 0:00 grep glance Simply supply the configuration file as the parameter to the ``--config-file`` -option (the ``etc/glance-api.conf`` and ``etc/glance-registry.conf`` sample -configuration files were used in the above example) and then any other options -you want to use. (``--debug`` was used above to show some of the debugging -output that the server shows when starting up. Call the server program -with ``--help`` to see all available options you can specify on the -command line.) +option (the ``etc/glance-api.conf`` sample configuration file was used in the +above example) and then any other options you want to use. (``--debug`` was +used above to show some of the debugging output that the server shows when +starting up. Call the server program with ``--help`` to see all available +options you can specify on the command line.) For more information on configuring the server via the ``paste.deploy`` configuration files, see the section entitled @@ -162,19 +130,15 @@ with ``glance-control`` in the following way:: You must use the ``sudo`` program to run ``glance-control`` currently, as the pid files for the server programs are written to /var/run/glance/ -Here is an example that shows how to start the ``glance-registry`` server +Here is an example that shows how to start the ``glance-api`` server with the ``glance-control`` wrapper script. :: $ sudo glance-control api start glance-api.conf Starting glance-api with /home/jsuh/glance.conf - $ sudo glance-control registry start glance-registry.conf - Starting glance-registry with /home/jsuh/glance.conf - $ ps aux | grep glance root 20038 4.0 0.1 12728 9116 ? Ss 12:51 0:00 /usr/bin/python /usr/bin/glance-api /home/jsuh/glance-api.conf - root 20039 6.0 0.1 25188 13356 ? Ss 12:51 0:00 /usr/bin/python /usr/bin/glance-registry /home/jsuh/glance-registry.conf jsuh 20042 0.0 0.0 3368 744 pts/1 S+ 12:51 0:00 grep glance @@ -218,8 +182,8 @@ use the ``glance-control`` program to stop it. Simply do the following:: as this example shows:: - $ sudo glance-control registry stop - Stopping glance-registry pid: 17602 signal: 15 + $ sudo glance-control api stop + Stopping glance-api pid: 17602 signal: 15 Restarting a server ------------------- @@ -227,9 +191,9 @@ Restarting a server You can restart a server with the ``glance-control`` program, as demonstrated here:: - $ sudo glance-control registry restart etc/glance-registry.conf - Stopping glance-registry pid: 17611 signal: 15 - Starting glance-registry with /home/jpipes/repos/glance/trunk/etc/glance-registry.conf + $ sudo glance-control api restart etc/glance-api.conf + Stopping glance-api pid: 17611 signal: 15 + Starting glance-api with /home/jpipes/repos/glance/trunk/etc/glance-api.conf Reloading a server ------------------ diff --git a/doc/source/cli/glancemanage.rst b/doc/source/cli/glancemanage.rst index 6545a7f2b9..628de96a59 100644 --- a/doc/source/cli/glancemanage.rst +++ b/doc/source/cli/glancemanage.rst @@ -103,4 +103,4 @@ following order: * ``/etc`` All options set in ``glance-manage.conf`` override those set in -``glance-registry.conf`` and ``glance-api.conf``. +``glance-api.conf``. diff --git a/doc/source/cli/glanceregistry.rst b/doc/source/cli/glanceregistry.rst deleted file mode 100644 index 3721674ec0..0000000000 --- a/doc/source/cli/glanceregistry.rst +++ /dev/null @@ -1,40 +0,0 @@ -=============== -glance-registry -=============== - --------------------------------------- -Server for the Glance Registry Service --------------------------------------- - -.. include:: header.txt - -.. include:: ../deprecate-registry.inc - - -SYNOPSIS -======== - -:: - - glance-registry [options] - -DESCRIPTION -=========== - -glance-registry is a server daemon that serves image metadata through a -REST-like API. - -OPTIONS -======= - -**General options** - -.. include:: general_options.txt - -FILES -===== - -**/etc/glance/glance-registry.conf** - Default configuration file for Glance Registry - -.. include:: footer.txt diff --git a/doc/source/conf.py b/doc/source/conf.py index 762c18e53d..9a97e5c5ae 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -75,8 +75,6 @@ config_generator_config_file = [ '_static/glance-cache'), ('../../etc/oslo-config-generator/glance-manage.conf', '_static/glance-manage'), - ('../../etc/oslo-config-generator/glance-registry.conf', - '_static/glance-registry'), ('../../etc/oslo-config-generator/glance-scrubber.conf', '_static/glance-scrubber'), ] @@ -163,8 +161,6 @@ man_pages = [ [u'OpenStack'], 1), ('cli/glancemanage', 'glance-manage', u'Glance Management Utility', [u'OpenStack'], 1), - ('cli/glanceregistry', 'glance-registry', u'Glance Registry Server', - [u'OpenStack'], 1), ('cli/glancereplicator', 'glance-replicator', u'Glance Replicator', [u'OpenStack'], 1), ('cli/glancescrubber', 'glance-scrubber', u'Glance Scrubber Service', diff --git a/doc/source/configuration/glance_registry.rst b/doc/source/configuration/glance_registry.rst deleted file mode 100644 index d651836bbc..0000000000 --- a/doc/source/configuration/glance_registry.rst +++ /dev/null @@ -1,13 +0,0 @@ -.. _glance-registry.conf: - --------------------- -glance-registry.conf --------------------- - -.. include:: ../deprecate-registry.inc - -This configuration file controls how the register server operates. More -information can be found in :ref:`configuring-the-glance-registry`. - -.. show-options:: - :config-file: etc/oslo-config-generator/glance-registry.conf diff --git a/doc/source/configuration/sample-configuration.rst b/doc/source/configuration/sample-configuration.rst index f324909b69..82975cb9f6 100644 --- a/doc/source/configuration/sample-configuration.rst +++ b/doc/source/configuration/sample-configuration.rst @@ -18,15 +18,6 @@ This sample configuration can also be viewed in `glance-api.conf.sample .. literalinclude:: ../_static/glance-api.conf.sample -Sample configuration for Glance Registry ----------------------------------------- - -This sample configuration can also be viewed in `glance-registry.conf.sample -<../_static/glance-registry.conf.sample>`_. - -.. literalinclude:: ../_static/glance-registry.conf.sample - - Sample configuration for Glance Scrubber ---------------------------------------- diff --git a/etc/glance-registry-paste.ini b/etc/glance-registry-paste.ini deleted file mode 100644 index 492dbc6f53..0000000000 --- a/etc/glance-registry-paste.ini +++ /dev/null @@ -1,35 +0,0 @@ -# Use this pipeline for no auth - DEFAULT -[pipeline:glance-registry] -pipeline = healthcheck osprofiler unauthenticated-context registryapp - -# Use this pipeline for keystone auth -[pipeline:glance-registry-keystone] -pipeline = healthcheck osprofiler authtoken context registryapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user. -[pipeline:glance-registry-trusted-auth] -pipeline = healthcheck osprofiler context registryapp - -[app:registryapp] -paste.app_factory = glance.registry.api:API.factory - -[filter:healthcheck] -paste.filter_factory = oslo_middleware:Healthcheck.factory -backends = disable_by_file -disable_by_file_path = /etc/glance/healthcheck_disable - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY #DEPRECATED -enabled = yes #DEPRECATED diff --git a/etc/glance-registry.conf b/etc/glance-registry.conf deleted file mode 100644 index 5a3bb60399..0000000000 --- a/etc/glance-registry.conf +++ /dev/null @@ -1,1875 +0,0 @@ -[DEFAULT] - -# -# From glance.registry -# - -# DEPRECATED: -# Set the image owner to tenant or the authenticated user. -# -# Assign a boolean value to determine the owner of an image. When set to -# True, the owner of the image is the tenant. When set to False, the -# owner of the image will be the authenticated user issuing the request. -# Setting it to False makes the image private to the associated user and -# sharing with other users within the same tenant (or "project") -# requires explicit image sharing via image membership. -# -# Possible values: -# * True -# * False -# -# Related options: -# * None -# -# (boolean value) -# This option is deprecated for removal since Rocky. -# Its value may be silently ignored in the future. -# Reason: -# The non-default setting for this option misaligns Glance with other -# OpenStack services with respect to resource ownership. Further, surveys -# indicate that this option is not used by operators. The option will be -# removed early in the 'S' development cycle following the standard OpenStack -# deprecation policy. As the option is not in wide use, no migration path is -# proposed. -#owner_is_tenant = true - -# -# Role used to identify an authenticated user as administrator. -# -# Provide a string value representing a Keystone role to identify an -# administrative user. Users with this role will be granted -# administrative privileges. The default value for this option is -# 'admin'. -# -# Possible values: -# * A string value which is a valid Keystone role -# -# Related options: -# * None -# -# (string value) -#admin_role = admin - -# -# Allow limited access to unauthenticated users. -# -# Assign a boolean to determine API access for unathenticated -# users. When set to False, the API cannot be accessed by -# unauthenticated users. When set to True, unauthenticated users can -# access the API with read-only privileges. This however only applies -# when using ContextMiddleware. -# -# Possible values: -# * True -# * False -# -# Related options: -# * None -# -# (boolean value) -#allow_anonymous_access = false - -# -# Limit the request ID length. -# -# Provide an integer value to limit the length of the request ID to -# the specified length. The default value is 64. Users can change this -# to any ineteger value between 0 and 16384 however keeping in mind that -# a larger value may flood the logs. -# -# Possible values: -# * Integer value between 0 and 16384 -# -# Related options: -# * None -# -# (integer value) -# Minimum value: 0 -#max_request_id_length = 64 - -# -# Allow users to add additional/custom properties to images. -# -# Glance defines a standard set of properties (in its schema) that -# appear on every image. These properties are also known as -# ``base properties``. In addition to these properties, Glance -# allows users to add custom properties to images. These are known -# as ``additional properties``. -# -# By default, this configuration option is set to ``True`` and users -# are allowed to add additional properties. The number of additional -# properties that can be added to an image can be controlled via -# ``image_property_quota`` configuration option. -# -# Possible values: -# * True -# * False -# -# Related options: -# * image_property_quota -# -# (boolean value) -#allow_additional_image_properties = true - -# -# Secure hashing algorithm used for computing the 'os_hash_value' property. -# -# This option configures the Glance "multihash", which consists of two -# image properties: the 'os_hash_algo' and the 'os_hash_value'. The -# 'os_hash_algo' will be populated by the value of this configuration -# option, and the 'os_hash_value' will be populated by the hexdigest computed -# when the algorithm is applied to the uploaded or imported image data. -# -# The value must be a valid secure hash algorithm name recognized by the -# python 'hashlib' library. You can determine what these are by examining -# the 'hashlib.algorithms_available' data member of the version of the -# library being used in your Glance installation. For interoperability -# purposes, however, we recommend that you use the set of secure hash -# names supplied by the 'hashlib.algorithms_guaranteed' data member because -# those algorithms are guaranteed to be supported by the 'hashlib' library -# on all platforms. Thus, any image consumer using 'hashlib' locally should -# be able to verify the 'os_hash_value' of the image. -# -# The default value of 'sha512' is a performant secure hash algorithm. -# -# If this option is misconfigured, any attempts to store image data will fail. -# For that reason, we recommend using the default value. -# -# Possible values: -# * Any secure hash algorithm name recognized by the Python 'hashlib' -# library -# -# Related options: -# * None -# -# (string value) -#hashing_algorithm = sha512 - -# -# Maximum number of image members per image. -# -# This limits the maximum of users an image can be shared with. Any negative -# value is interpreted as unlimited. -# -# Related options: -# * None -# -# (integer value) -#image_member_quota = 128 - -# -# Maximum number of properties allowed on an image. -# -# This enforces an upper limit on the number of additional properties an image -# can have. Any negative value is interpreted as unlimited. -# -# NOTE: This won't have any impact if additional properties are disabled. Please -# refer to ``allow_additional_image_properties``. -# -# Related options: -# * ``allow_additional_image_properties`` -# -# (integer value) -#image_property_quota = 128 - -# -# Maximum number of tags allowed on an image. -# -# Any negative value is interpreted as unlimited. -# -# Related options: -# * None -# -# (integer value) -#image_tag_quota = 128 - -# -# Maximum number of locations allowed on an image. -# -# Any negative value is interpreted as unlimited. -# -# Related options: -# * None -# -# (integer value) -#image_location_quota = 10 - -# DEPRECATED: -# Python module path of data access API. -# -# Specifies the path to the API to use for accessing the data model. -# This option determines how the image catalog data will be accessed. -# -# Possible values: -# * glance.db.sqlalchemy.api -# * glance.db.registry.api -# * glance.db.simple.api -# -# If this option is set to ``glance.db.sqlalchemy.api`` then the image -# catalog data is stored in and read from the database via the -# SQLAlchemy Core and ORM APIs. -# -# Setting this option to ``glance.db.registry.api`` will force all -# database access requests to be routed through the Registry service. -# This avoids data access from the Glance API nodes for an added layer -# of security, scalability and manageability. -# -# NOTE: In v2 OpenStack Images API, the registry service is optional. -# In order to use the Registry API in v2, the option -# ``enable_v2_registry`` must be set to ``True``. -# -# Finally, when this configuration option is set to -# ``glance.db.simple.api``, image catalog data is stored in and read -# from an in-memory data structure. This is primarily used for testing. -# -# Related options: -# * enable_v2_api -# * enable_v2_registry -# -# (string value) -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: -# Glance registry service is deprecated for removal. -# -# More information can be found from the spec: -# http://specs.openstack.org/openstack/glance- -# specs/specs/queens/approved/glance/deprecate-registry.html -#data_api = glance.db.sqlalchemy.api - -# -# The default number of results to return for a request. -# -# Responses to certain API requests, like list images, may return -# multiple items. The number of results returned can be explicitly -# controlled by specifying the ``limit`` parameter in the API request. -# However, if a ``limit`` parameter is not specified, this -# configuration value will be used as the default number of results to -# be returned for any API request. -# -# NOTES: -# * The value of this configuration option may not be greater than -# the value specified by ``api_limit_max``. -# * Setting this to a very large value may slow down database -# queries and increase response times. Setting this to a -# very low value may result in poor user experience. -# -# Possible values: -# * Any positive integer -# -# Related options: -# * api_limit_max -# -# (integer value) -# Minimum value: 1 -#limit_param_default = 25 - -# -# Maximum number of results that could be returned by a request. -# -# As described in the help text of ``limit_param_default``, some -# requests may return multiple results. The number of results to be -# returned are governed either by the ``limit`` parameter in the -# request or the ``limit_param_default`` configuration option. -# The value in either case, can't be greater than the absolute maximum -# defined by this configuration option. Anything greater than this -# value is trimmed down to the maximum value defined here. -# -# NOTE: Setting this to a very large value may slow down database -# queries and increase response times. Setting this to a -# very low value may result in poor user experience. -# -# Possible values: -# * Any positive integer -# -# Related options: -# * limit_param_default -# -# (integer value) -# Minimum value: 1 -#api_limit_max = 1000 - -# -# Show direct image location when returning an image. -# -# This configuration option indicates whether to show the direct image -# location when returning image details to the user. The direct image -# location is where the image data is stored in backend storage. This -# image location is shown under the image property ``direct_url``. -# -# When multiple image locations exist for an image, the best location -# is displayed based on the location strategy indicated by the -# configuration option ``location_strategy``. -# -# NOTES: -# * Revealing image locations can present a GRAVE SECURITY RISK as -# image locations can sometimes include credentials. Hence, this -# is set to ``False`` by default. Set this to ``True`` with -# EXTREME CAUTION and ONLY IF you know what you are doing! -# * If an operator wishes to avoid showing any image location(s) -# to the user, then both this option and -# ``show_multiple_locations`` MUST be set to ``False``. -# -# Possible values: -# * True -# * False -# -# Related options: -# * show_multiple_locations -# * location_strategy -# -# (boolean value) -#show_image_direct_url = false - -# DEPRECATED: -# Show all image locations when returning an image. -# -# This configuration option indicates whether to show all the image -# locations when returning image details to the user. When multiple -# image locations exist for an image, the locations are ordered based -# on the location strategy indicated by the configuration opt -# ``location_strategy``. The image locations are shown under the -# image property ``locations``. -# -# NOTES: -# * Revealing image locations can present a GRAVE SECURITY RISK as -# image locations can sometimes include credentials. Hence, this -# is set to ``False`` by default. Set this to ``True`` with -# EXTREME CAUTION and ONLY IF you know what you are doing! -# * See https://wiki.openstack.org/wiki/OSSN/OSSN-0065 for more -# information. -# * If an operator wishes to avoid showing any image location(s) -# to the user, then both this option and -# ``show_image_direct_url`` MUST be set to ``False``. -# -# Possible values: -# * True -# * False -# -# Related options: -# * show_image_direct_url -# * location_strategy -# -# (boolean value) -# This option is deprecated for removal since Newton. -# Its value may be silently ignored in the future. -# Reason: Use of this option, deprecated since Newton, is a security risk and -# will be removed once we figure out a way to satisfy those use cases that -# currently require it. An earlier announcement that the same functionality can -# be achieved with greater granularity by using policies is incorrect. You -# cannot work around this option via policy configuration at the present time, -# though that is the direction we believe the fix will take. Please keep an eye -# on the Glance release notes to stay up to date on progress in addressing this -# issue. -#show_multiple_locations = false - -# -# Maximum size of image a user can upload in bytes. -# -# An image upload greater than the size mentioned here would result -# in an image creation failure. This configuration option defaults to -# 1099511627776 bytes (1 TiB). -# -# NOTES: -# * This value should only be increased after careful -# consideration and must be set less than or equal to -# 8 EiB (9223372036854775808). -# * This value must be set with careful consideration of the -# backend storage capacity. Setting this to a very low value -# may result in a large number of image failures. And, setting -# this to a very large value may result in faster consumption -# of storage. Hence, this must be set according to the nature of -# images created and storage capacity available. -# -# Possible values: -# * Any positive number less than or equal to 9223372036854775808 -# -# (integer value) -# Minimum value: 1 -# Maximum value: 9223372036854775808 -#image_size_cap = 1099511627776 - -# -# Maximum amount of image storage per tenant. -# -# This enforces an upper limit on the cumulative storage consumed by all images -# of a tenant across all stores. This is a per-tenant limit. -# -# The default unit for this configuration option is Bytes. However, storage -# units can be specified using case-sensitive literals ``B``, ``KB``, ``MB``, -# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes, GigaBytes and -# TeraBytes respectively. Note that there should not be any space between the -# value and unit. Value ``0`` signifies no quota enforcement. Negative values -# are invalid and result in errors. -# -# Possible values: -# * A string that is a valid concatenation of a non-negative integer -# representing the storage value and an optional string literal -# representing storage units as mentioned above. -# -# Related options: -# * None -# -# (string value) -#user_storage_quota = 0 - -# -# Deploy the v2 OpenStack Images API. -# -# When this option is set to ``True``, Glance service will respond -# to requests on registered endpoints conforming to the v2 OpenStack -# Images API. -# -# NOTES: -# * If this option is disabled, then the ``enable_v2_registry`` -# option, which is enabled by default, is also recommended -# to be disabled. -# -# Possible values: -# * True -# * False -# -# Related options: -# * enable_v2_registry -# -# (boolean value) -#enable_v2_api = true - -# -# DEPRECATED FOR REMOVAL -# (boolean value) -#enable_v1_registry = true - -# DEPRECATED: -# Deploy the v2 API Registry service. -# -# When this option is set to ``True``, the Registry service -# will be enabled in Glance for v2 API requests. -# -# NOTES: -# * Use of Registry is optional in v2 API, so this option -# must only be enabled if both ``enable_v2_api`` is set to -# ``True`` and the ``data_api`` option is set to -# ``glance.db.registry.api``. -# -# * If deploying only the v1 OpenStack Images API, this option, -# which is enabled by default, should be disabled. -# -# Possible values: -# * True -# * False -# -# Related options: -# * enable_v2_api -# * data_api -# -# (boolean value) -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: -# Glance registry service is deprecated for removal. -# -# More information can be found from the spec: -# http://specs.openstack.org/openstack/glance- -# specs/specs/queens/approved/glance/deprecate-registry.html -#enable_v2_registry = true - -# -# Host address of the pydev server. -# -# Provide a string value representing the hostname or IP of the -# pydev server to use for debugging. The pydev server listens for -# debug connections on this address, facilitating remote debugging -# in Glance. -# -# Possible values: -# * Valid hostname -# * Valid IP address -# -# Related options: -# * None -# -# (host address value) -# -# This option has a sample default set, which means that -# its actual default value may vary from the one documented -# below. -#pydev_worker_debug_host = localhost - -# -# Port number that the pydev server will listen on. -# -# Provide a port number to bind the pydev server to. The pydev -# process accepts debug connections on this port and facilitates -# remote debugging in Glance. -# -# Possible values: -# * A valid port number -# -# Related options: -# * None -# -# (port value) -# Minimum value: 0 -# Maximum value: 65535 -#pydev_worker_debug_port = 5678 - -# -# AES key for encrypting store location metadata. -# -# Provide a string value representing the AES cipher to use for -# encrypting Glance store metadata. -# -# NOTE: The AES key to use must be set to a random string of length -# 16, 24 or 32 bytes. -# -# Possible values: -# * String value representing a valid AES key -# -# Related options: -# * None -# -# (string value) -#metadata_encryption_key = - -# -# Digest algorithm to use for digital signature. -# -# Provide a string value representing the digest algorithm to -# use for generating digital signatures. By default, ``sha256`` -# is used. -# -# To get a list of the available algorithms supported by the version -# of OpenSSL on your platform, run the command: -# ``openssl list-message-digest-algorithms``. -# Examples are 'sha1', 'sha256', and 'sha512'. -# -# NOTE: ``digest_algorithm`` is not related to Glance's image signing -# and verification. It is only used to sign the universally unique -# identifier (UUID) as a part of the certificate file and key file -# validation. -# -# Possible values: -# * An OpenSSL message digest algorithm identifier -# -# Relation options: -# * None -# -# (string value) -#digest_algorithm = sha256 - -# -# The URL provides location where the temporary data will be stored -# -# This option is for Glance internal use only. Glance will save the -# image data uploaded by the user to 'staging' endpoint during the -# image import process. -# -# This option does not change the 'staging' API endpoint by any means. -# -# NOTE: It is discouraged to use same path as [task]/work_dir -# -# NOTE: 'file://' is the only option -# api_image_import flow will support for now. -# -# NOTE: The staging path must be on shared filesystem available to all -# Glance API nodes. -# -# Possible values: -# * String starting with 'file://' followed by absolute FS path -# -# Related options: -# * [task]/work_dir -# -# (string value) -#node_staging_uri = file:///tmp/staging/ - -# -# List of enabled Image Import Methods -# -# 'glance-direct', 'copy-image' and 'web-download' are enabled by default. -# -# Related options: -# * [DEFAULT]/node_staging_uri (list value) -#enabled_import_methods = [glance-direct,web-download,copy-image] - -# -# IP address to bind the glance servers to. -# -# Provide an IP address to bind the glance server to. The default -# value is ``0.0.0.0``. -# -# Edit this option to enable the server to listen on one particular -# IP address on the network card. This facilitates selection of a -# particular network interface for the server. -# -# Possible values: -# * A valid IPv4 address -# * A valid IPv6 address -# -# Related options: -# * None -# -# (host address value) -#bind_host = 0.0.0.0 - -# -# Port number on which the server will listen. -# -# Provide a valid port number to bind the server's socket to. This -# port is then set to identify processes and forward network messages -# that arrive at the server. The default bind_port value for the API -# server is 9292 and for the registry server is 9191. -# -# Possible values: -# * A valid port number (0 to 65535) -# -# Related options: -# * None -# -# (port value) -# Minimum value: 0 -# Maximum value: 65535 -#bind_port = - -# -# Set the number of incoming connection requests. -# -# Provide a positive integer value to limit the number of requests in -# the backlog queue. The default queue size is 4096. -# -# An incoming connection to a TCP listener socket is queued before a -# connection can be established with the server. Setting the backlog -# for a TCP socket ensures a limited queue size for incoming traffic. -# -# Possible values: -# * Positive integer -# -# Related options: -# * None -# -# (integer value) -# Minimum value: 1 -#backlog = 4096 - -# -# Set the wait time before a connection recheck. -# -# Provide a positive integer value representing time in seconds which -# is set as the idle wait time before a TCP keep alive packet can be -# sent to the host. The default value is 600 seconds. -# -# Setting ``tcp_keepidle`` helps verify at regular intervals that a -# connection is intact and prevents frequent TCP connection -# reestablishment. -# -# Possible values: -# * Positive integer value representing time in seconds -# -# Related options: -# * None -# -# (integer value) -# Minimum value: 1 -#tcp_keepidle = 600 - -# DEPRECATED: The HTTP header used to determine the scheme for the original -# request, even if it was removed by an SSL terminating proxy. Typical value is -# "HTTP_X_FORWARDED_PROTO". (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Use the http_proxy_to_wsgi middleware instead. -#secure_proxy_ssl_header = - -# -# Number of Glance worker processes to start. -# -# Provide a non-negative integer value to set the number of child -# process workers to service requests. By default, the number of CPUs -# available is set as the value for ``workers`` limited to 8. For -# example if the processor count is 6, 6 workers will be used, if the -# processor count is 24 only 8 workers will be used. The limit will only -# apply to the default value, if 24 workers is configured, 24 is used. -# -# Each worker process is made to listen on the port set in the -# configuration file and contains a greenthread pool of size 1000. -# -# NOTE: Setting the number of workers to zero, triggers the creation -# of a single API process with a greenthread pool of size 1000. -# -# Possible values: -# * 0 -# * Positive integer value (typically equal to the number of CPUs) -# -# Related options: -# * None -# -# (integer value) -# Minimum value: 0 -#workers = - -# -# Maximum line size of message headers. -# -# Provide an integer value representing a length to limit the size of -# message headers. The default value is 16384. -# -# NOTE: ``max_header_line`` may need to be increased when using large -# tokens (typically those generated by the Keystone v3 API with big -# service catalogs). However, it is to be kept in mind that larger -# values for ``max_header_line`` would flood the logs. -# -# Setting ``max_header_line`` to 0 sets no limit for the line size of -# message headers. -# -# Possible values: -# * 0 -# * Positive integer -# -# Related options: -# * None -# -# (integer value) -# Minimum value: 0 -#max_header_line = 16384 - -# -# Set keep alive option for HTTP over TCP. -# -# Provide a boolean value to determine sending of keep alive packets. -# If set to ``False``, the server returns the header -# "Connection: close". If set to ``True``, the server returns a -# "Connection: Keep-Alive" in its responses. This enables retention of -# the same TCP connection for HTTP conversations instead of opening a -# new one with each new request. -# -# This option must be set to ``False`` if the client socket connection -# needs to be closed explicitly after the response is received and -# read successfully by the client. -# -# Possible values: -# * True -# * False -# -# Related options: -# * None -# -# (boolean value) -#http_keepalive = true - -# -# Timeout for client connections' socket operations. -# -# Provide a valid integer value representing time in seconds to set -# the period of wait before an incoming connection can be closed. The -# default value is 900 seconds. -# -# The value zero implies wait forever. -# -# Possible values: -# * Zero -# * Positive integer -# -# Related options: -# * None -# -# (integer value) -# Minimum value: 0 -#client_socket_timeout = 900 - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of the default -# INFO level. (boolean value) -# Note: This option can be changed without restarting. -#debug = false - -# The name of a logging configuration file. This file is appended to any -# existing logging configuration files. For details about logging configuration -# files, see the Python logging module documentation. Note that when logging -# configuration files are used then all logging configuration is set in the -# configuration file and other logging configuration options are ignored (for -# example, log-date-format). (string value) -# Note: This option can be changed without restarting. -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. (string -# value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default is set, -# logging will go to stderr as defined by use_stderr. This option is ignored if -# log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative log_file paths. This option -# is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# Uses logging handler designed to watch file system. When log file is moved or -# removed this handler will open a new log file with specified path -# instantaneously. It makes sense only if log_file option is specified and Linux -# platform is used. This option is ignored if log_config_append is set. (boolean -# value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and will be -# changed later to honor RFC5424. This option is ignored if log_config_append is -# set. (boolean value) -#use_syslog = false - -# Enable journald for logging. If running in a systemd environment you may wish -# to enable journal support. Doing so will use the journal native protocol which -# includes structured metadata in addition to log messages.This option is -# ignored if log_config_append is set. (boolean value) -#use_journal = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Use JSON formatting for logging. This option is ignored if log_config_append -# is set. (boolean value) -#use_json = false - -# Log output to standard error. This option is ignored if log_config_append is -# set. (boolean value) -#use_stderr = false - -# Log output to Windows Event Log. (boolean value) -#use_eventlog = false - -# The amount of time before the log files are rotated. This option is ignored -# unless log_rotation_type is setto "interval". (integer value) -#log_rotate_interval = 1 - -# Rotation interval type. The time of the last file change (or the time when the -# service was started) is used when scheduling the next rotation. (string value) -# Possible values: -# Seconds - -# Minutes - -# Hours - -# Days - -# Weekday - -# Midnight - -#log_rotate_interval_type = days - -# Maximum number of rotated log files. (integer value) -#max_logfile_count = 30 - -# Log file maximum size in MB. This option is ignored if "log_rotation_type" is -# not set to "size". (integer value) -#max_logfile_size_mb = 200 - -# Log rotation type. (string value) -# Possible values: -# interval - Rotate logs at predefined time intervals. -# size - Rotate logs once they reach a predefined size. -# none - Do not rotate log files. -#log_rotation_type = none - -# Format string to use for log messages with context. Used by -# oslo_log.formatters.ContextFormatter (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. Used by -# oslo_log.formatters.ContextFormatter (string value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the message is -# DEBUG. Used by oslo_log.formatters.ContextFormatter (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. Used by -# oslo_log.formatters.ContextFormatter (string value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. Used by oslo_log.formatters.ContextFormatter -# (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is ignored -# if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,oslo_policy=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. (string -# value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Interval, number of seconds, of log rate limiting. (integer value) -#rate_limit_interval = 0 - -# Maximum number of logged messages per rate_limit_interval. (integer value) -#rate_limit_burst = 0 - -# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or -# empty string. Logs with level greater or equal to rate_limit_except_level are -# not filtered. An empty string means that all levels are filtered. (string -# value) -#rate_limit_except_level = CRITICAL - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# -# From oslo.messaging -# - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size = 30 - -# The pool size limit for connections expiration policy (integer value) -#conn_pool_min_size = 2 - -# The time-to-live in sec of idle connections in the pool (integer value) -#conn_pool_ttl = 1200 - -# Size of executor thread pool when executor is threading or eventlet. (integer -# value) -# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size -#executor_thread_pool_size = 64 - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout = 60 - -# The network address and optional user credentials for connecting to the -# messaging backend, in URL format. The expected format is: -# -# driver://[user:pass@]host:port[,[userN:passN@]hostN:portN]/virtual_host?query -# -# Example: rabbit://rabbitmq:password@127.0.0.1:5672// -# -# For full details on the fields in the URL see the documentation of -# oslo_messaging.TransportURL at -# https://docs.openstack.org/oslo.messaging/latest/reference/transport.html -# (string value) -#transport_url = rabbit:// - -# The default exchange under which topics are scoped. May be overridden by an -# exchange name specified in the transport_url option. (string value) -#control_exchange = openstack - - -[database] - -# -# From oslo.db -# - -# If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. (string -# value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = - -# The SQLAlchemy connection string to use to connect to the slave database. -# (string value) -#slave_connection = - -# The SQL mode to be used for MySQL sessions. This option, including the -# default, overrides any server-set SQL mode. To use whatever SQL mode is set by -# the server configuration, set this to no value. Example: mysql_sql_mode= -# (string value) -#mysql_sql_mode = TRADITIONAL - -# If True, transparently enables support for handling MySQL Cluster (NDB). -# (boolean value) -#mysql_enable_ndb = false - -# Connections which have been present in the connection pool longer than this -# number of seconds will be replaced with a new one the next time they are -# checked out from the pool. (integer value) -# Deprecated group/name - [DATABASE]/idle_timeout -# Deprecated group/name - [database]/idle_timeout -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#connection_recycle_time = 3600 - -# Maximum number of SQL connections to keep open in a pool. Setting a value of 0 -# indicates no limit. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = 5 - -# Maximum number of database connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = 50 - -# Verbosity of SQL debugging information: 0=None, 100=Everything. (integer -# value) -# Minimum value: 0 -# Maximum value: 100 -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = - -# Enable the experimental use of database reconnect on connection lost. (boolean -# value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database operation up to -# db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries of a -# database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before error is -# raised. Set to -1 to specify an infinite retry count. (integer value) -#db_max_retries = 20 - -# Optional URL parameters to append onto the connection URL at connect time; -# specify as param1=value1¶m2=value2&... (string value) -#connection_parameters = - -# -# From oslo.db.concurrency -# - -# Enable the experimental use of thread pooling for all DB API calls (boolean -# value) -# Deprecated group/name - [DEFAULT]/dbapi_use_tpool -#use_tpool = false - - -[keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Complete "public" Identity API endpoint. This endpoint should not be an -# "admin" endpoint, as it should be accessible by all end users. Unauthenticated -# clients are redirected to this endpoint to authenticate. Although this -# endpoint should ideally be unversioned, client support in the wild varies. If -# you're using a versioned v2 endpoint here, then this should *not* be the same -# endpoint the service user utilizes for validating tokens, because normal end -# users may not be able to reach that endpoint. (string value) -# Deprecated group/name - [keystone_authtoken]/auth_uri -#www_authenticate_uri = - -# DEPRECATED: Complete "public" Identity API endpoint. This endpoint should not -# be an "admin" endpoint, as it should be accessible by all end users. -# Unauthenticated clients are redirected to this endpoint to authenticate. -# Although this endpoint should ideally be unversioned, client support in the -# wild varies. If you're using a versioned v2 endpoint here, then this should -# *not* be the same endpoint the service user utilizes for validating tokens, -# because normal end users may not be able to reach that endpoint. This option -# is deprecated in favor of www_authenticate_uri and will be removed in the S -# release. (string value) -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: The auth_uri option is deprecated in favor of www_authenticate_uri and -# will be removed in the S release. -#auth_uri = - -# API version of the Identity API endpoint. (string value) -#auth_version = - -# Interface to use for the Identity API endpoint. Valid values are "public", -# "internal" or "admin"(default). (string value) -#interface = admin - -# Do not handle authorization requests within the middleware, but delegate the -# authorization decision to downstream WSGI components. (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. (integer -# value) -#http_connect_timeout = - -# How many times are we trying to reconnect when communicating with Identity API -# Server. (integer value) -#http_request_max_retries = 3 - -# Request environment key where the Swift cache object is stored. When -# auth_token middleware is deployed with a Swift cache, use this option to have -# the middleware share a caching backend with swift. Otherwise, use the -# ``memcached_servers`` option instead. (string value) -#cache = - -# Required if identity server requires client certificate (string value) -#certfile = - -# Required if identity server requires client certificate (string value) -#keyfile = - -# A PEM encoded Certificate Authority to use when verifying HTTPs connections. -# Defaults to system CAs. (string value) -#cafile = - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# The region in which the identity server can be found. (string value) -#region_name = - -# Optionally specify a list of memcached server(s) to use for caching. If left -# undefined, tokens will instead be cached in-process. (list value) -# Deprecated group/name - [keystone_authtoken]/memcache_servers -#memcached_servers = - -# In order to prevent excessive effort spent validating tokens, the middleware -# caches previously-seen tokens for a configurable duration (in seconds). Set to -# -1 to disable caching completely. (integer value) -#token_cache_time = 300 - -# (Optional) If defined, indicate whether token data should be authenticated or -# authenticated and encrypted. If MAC, token data is authenticated (with HMAC) -# in the cache. If ENCRYPT, token data is encrypted and authenticated in the -# cache. If the value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -# Possible values: -# None - -# MAC - -# ENCRYPT - -#memcache_security_strategy = None - -# (Optional, mandatory if memcache_security_strategy is defined) This string is -# used for key derivation. (string value) -#memcache_secret_key = - -# (Optional) Number of seconds memcached server is considered dead before it is -# tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every memcached server. -# (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a memcached -# server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held unused in the -# pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a memcached -# client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcached client pool. The -# advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If False, -# middleware will not ask for service catalog on token validation and will not -# set the X-Service-Catalog header. (boolean value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: "disabled" -# to not check token binding. "permissive" (default) to validate binding -# information if the bind type is of a form known to the server and ignore it if -# not. "strict" like "permissive" but if the bind type is unknown the token will -# be rejected. "required" any form of token binding is needed to be allowed. -# Finally the name of a binding method that must be present in tokens. (string -# value) -#enforce_token_bind = permissive - -# A choice of roles that must be present in a service token. Service tokens are -# allowed to request that an expired token can be used and so this check should -# tightly control that only actual services should be sending this token. Roles -# here are applied as an ANY check so any role in this list must be present. For -# backwards compatibility reasons this currently only affects the allow_expired -# check. (list value) -#service_token_roles = service - -# For backwards compatibility reasons we must let valid service tokens pass that -# don't pass the service_token_roles check as valid. Setting this true will -# become the default in a future release and should be enabled if possible. -# (boolean value) -#service_token_roles_required = false - -# The name or type of the service as it appears in the service catalog. This is -# used to validate tokens that have restricted access rules. (string value) -#service_type = - -# Authentication type to load (string value) -# Deprecated group/name - [keystone_authtoken]/auth_plugin -#auth_type = - -# Config Section from which to load plugin specific options (string value) -#auth_section = - - -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# Name for the AMQP container. must be globally unique. Defaults to a generated -# UUID (string value) -#container_name = - -# Timeout for inactive connections (in seconds) (integer value) -#idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -#trace = false - -# Attempt to connect via SSL. If no other ssl-related parameters are given, it -# will use the system's CA-bundle to verify the server's certificate. (boolean -# value) -#ssl = false - -# CA certificate PEM file used to verify the server's certificate (string value) -#ssl_ca_file = - -# Self-identifying certificate PEM file for client authentication (string value) -#ssl_cert_file = - -# Private key PEM file used to sign ssl_cert_file certificate (optional) (string -# value) -#ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -#ssl_key_password = - -# By default SSL checks that the name in the server's certificate matches the -# hostname in the transport_url. In some configurations it may be preferable to -# use the virtual hostname instead, for example if the server uses the Server -# Name Indication TLS extension (rfc6066) to provide a certificate per virtual -# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the -# virtual host name instead of the DNS name. (boolean value) -#ssl_verify_vhost = false - -# Space separated list of acceptable SASL mechanisms (string value) -#sasl_mechanisms = - -# Path to directory that contains the SASL configuration (string value) -#sasl_config_dir = - -# Name of configuration file (without .conf suffix) (string value) -#sasl_config_name = - -# SASL realm to use if no realm present in username (string value) -#sasl_default_realm = - -# Seconds to pause before attempting to re-connect. (integer value) -# Minimum value: 1 -#connection_retry_interval = 1 - -# Increase the connection_retry_interval by this many seconds after each -# unsuccessful failover attempt. (integer value) -# Minimum value: 0 -#connection_retry_backoff = 2 - -# Maximum limit for connection_retry_interval + connection_retry_backoff -# (integer value) -# Minimum value: 1 -#connection_retry_interval_max = 30 - -# Time to pause between re-connecting an AMQP 1.0 link that failed due to a -# recoverable error. (integer value) -# Minimum value: 1 -#link_retry_delay = 10 - -# The maximum number of attempts to re-send a reply message which failed due to -# a recoverable error. (integer value) -# Minimum value: -1 -#default_reply_retry = 0 - -# The deadline for an rpc reply message delivery. (integer value) -# Minimum value: 5 -#default_reply_timeout = 30 - -# The deadline for an rpc cast or call message delivery. Only used when caller -# does not provide a timeout expiry. (integer value) -# Minimum value: 5 -#default_send_timeout = 30 - -# The deadline for a sent notification message delivery. Only used when caller -# does not provide a timeout expiry. (integer value) -# Minimum value: 5 -#default_notify_timeout = 30 - -# The duration to schedule a purge of idle sender links. Detach link after -# expiry. (integer value) -# Minimum value: 1 -#default_sender_link_timeout = 600 - -# Indicates the addressing mode used by the driver. -# Permitted values: -# 'legacy' - use legacy non-routable addressing -# 'routable' - use routable addresses -# 'dynamic' - use legacy addresses if the message bus does not support routing -# otherwise use routable addressing (string value) -#addressing_mode = dynamic - -# Enable virtual host support for those message buses that do not natively -# support virtual hosting (such as qpidd). When set to true the virtual host -# name will be added to all message bus addresses, effectively creating a -# private 'subnet' per virtual host. Set to False if the message bus supports -# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative -# as the name of the virtual host. (boolean value) -#pseudo_vhost = true - -# address prefix used when sending to a specific server (string value) -#server_request_prefix = exclusive - -# address prefix used when broadcasting to all servers (string value) -#broadcast_prefix = broadcast - -# address prefix when sending to any server in group (string value) -#group_request_prefix = unicast - -# Address prefix for all generated RPC addresses (string value) -#rpc_address_prefix = openstack.org/om/rpc - -# Address prefix for all generated Notification addresses (string value) -#notify_address_prefix = openstack.org/om/notify - -# Appended to the address prefix when sending a fanout message. Used by the -# message bus to identify fanout messages. (string value) -#multicast_address = multicast - -# Appended to the address prefix when sending to a particular RPC/Notification -# server. Used by the message bus to identify messages sent to a single -# destination. (string value) -#unicast_address = unicast - -# Appended to the address prefix when sending to a group of consumers. Used by -# the message bus to identify messages that should be delivered in a round-robin -# fashion across consumers. (string value) -#anycast_address = anycast - -# Exchange name used in notification addresses. -# Exchange name resolution precedence: -# Target.exchange if set -# else default_notification_exchange if set -# else control_exchange if set -# else 'notify' (string value) -#default_notification_exchange = - -# Exchange name used in RPC addresses. -# Exchange name resolution precedence: -# Target.exchange if set -# else default_rpc_exchange if set -# else control_exchange if set -# else 'rpc' (string value) -#default_rpc_exchange = - -# Window size for incoming RPC Reply messages. (integer value) -# Minimum value: 1 -#reply_link_credit = 200 - -# Window size for incoming RPC Request messages (integer value) -# Minimum value: 1 -#rpc_server_credit = 100 - -# Window size for incoming Notification messages (integer value) -# Minimum value: 1 -#notify_server_credit = 100 - -# Send messages of this type pre-settled. -# Pre-settled messages will not receive acknowledgement -# from the peer. Note well: pre-settled messages may be -# silently discarded if the delivery fails. -# Permitted values: -# 'rpc-call' - send RPC Calls pre-settled -# 'rpc-reply'- send RPC Replies pre-settled -# 'rpc-cast' - Send RPC Casts pre-settled -# 'notify' - Send Notifications pre-settled -# (multi valued) -#pre_settled = rpc-cast -#pre_settled = rpc-reply - - -[oslo_messaging_kafka] - -# -# From oslo.messaging -# - -# Max fetch bytes of Kafka consumer (integer value) -#kafka_max_fetch_bytes = 1048576 - -# Default timeout(s) for Kafka consumers (floating point value) -#kafka_consumer_timeout = 1.0 - -# DEPRECATED: Pool Size for Kafka Consumers (integer value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#pool_size = 10 - -# DEPRECATED: The pool size limit for connections expiration policy (integer -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#conn_pool_min_size = 2 - -# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Driver no longer uses connection pool. -#conn_pool_ttl = 1200 - -# Group id for Kafka consumer. Consumers in one group will coordinate message -# consumption (string value) -#consumer_group = oslo_messaging_consumer - -# Upper bound on the delay for KafkaProducer batching in seconds (floating point -# value) -#producer_batch_timeout = 0.0 - -# Size of batch for the producer async send (integer value) -#producer_batch_size = 16384 - -# The compression codec for all data generated by the producer. If not set, -# compression will not be used. Note that the allowed values of this depend on -# the kafka version (string value) -# Possible values: -# none - -# gzip - -# snappy - -# lz4 - -# zstd - -#compression_codec = none - -# Enable asynchronous consumer commits (boolean value) -#enable_auto_commit = false - -# The maximum number of records returned in a poll call (integer value) -#max_poll_records = 500 - -# Protocol used to communicate with brokers (string value) -# Possible values: -# PLAINTEXT - -# SASL_PLAINTEXT - -# SSL - -# SASL_SSL - -#security_protocol = PLAINTEXT - -# Mechanism when security protocol is SASL (string value) -#sasl_mechanism = PLAIN - -# CA certificate PEM file used to verify the server certificate (string value) -#ssl_cafile = - -# Client certificate PEM file used for authentication. (string value) -#ssl_client_cert_file = - -# Client key PEM file used for authentication. (string value) -#ssl_client_key_file = - -# Client key password file used for authentication. (string value) -#ssl_client_key_password = - - -[oslo_messaging_notifications] - -# -# From oslo.messaging -# - -# The Drivers(s) to handle sending notifications. Possible values are messaging, -# messagingv2, routing, log, test, noop (multi valued) -# Deprecated group/name - [DEFAULT]/notification_driver -#driver = - -# A URL representing the messaging driver to use for notifications. If not set, -# we fall back to the same configuration used for RPC. (string value) -# Deprecated group/name - [DEFAULT]/notification_transport_url -#transport_url = - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -# Deprecated group/name - [DEFAULT]/notification_topics -#topics = notifications - -# The maximum number of attempts to re-send a notification message which failed -# to be delivered due to a recoverable error. 0 - No retry, -1 - indefinite -# (integer value) -#retry = -1 - - -[oslo_messaging_rabbit] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete = false - -# Connect over SSL. (boolean value) -# Deprecated group/name - [oslo_messaging_rabbit]/rabbit_use_ssl -#ssl = false - -# SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and -# SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some -# distributions. (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_version -#ssl_version = - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_keyfile -#ssl_key_file = - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_certfile -#ssl_cert_file = - -# SSL certification authority file (valid only if SSL enabled). (string value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_ssl_ca_certs -#ssl_ca_file = - -# EXPERIMENTAL: Run the health check heartbeat thread through a native python -# thread. By default if this option isn't provided the health check heartbeat -# will inherit the execution model from the parent process. By example if the -# parent process have monkey patched the stdlib by using eventlet/greenlet then -# the heartbeat will be run through a green thread. (boolean value) -#heartbeat_in_pthread = false - -# How long to wait before reconnecting in response to an AMQP consumer cancel -# notification. (floating point value) -#kombu_reconnect_delay = 1.0 - -# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not -# be used. This option may not be available in future versions. (string value) -#kombu_compression = - -# How long to wait a missing client before abandoning to send it its replies. -# This value should not be longer than rpc_response_timeout. (integer value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout -#kombu_missing_consumer_retry_timeout = 60 - -# Determines how the next RabbitMQ node is chosen in case the one we are -# currently connected to becomes unavailable. Takes effect only if more than one -# RabbitMQ node is provided in config. (string value) -# Possible values: -# round-robin - -# shuffle - -#kombu_failover_strategy = round-robin - -# The RabbitMQ login method. (string value) -# Possible values: -# PLAIN - -# AMQPLAIN - -# RABBIT-CR-DEMO - -#rabbit_login_method = AMQPLAIN - -# How frequently to retry connecting with RabbitMQ. (integer value) -#rabbit_retry_interval = 1 - -# How long to backoff for between retries when connecting to RabbitMQ. (integer -# value) -#rabbit_retry_backoff = 2 - -# Maximum interval of RabbitMQ connection retries. Default is 30 seconds. -# (integer value) -#rabbit_interval_max = 30 - -# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this -# option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring -# is no longer controlled by the x-ha-policy argument when declaring a queue. If -# you just want to make sure that all queues (except those with auto-generated -# names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA -# '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value) -#rabbit_ha_queues = false - -# Positive integer representing duration in seconds for queue TTL (x-expires). -# Queues which are unused for the duration of the TTL are automatically deleted. -# The parameter affects only reply and fanout queues. (integer value) -# Minimum value: 1 -#rabbit_transient_queues_ttl = 1800 - -# Specifies the number of messages to prefetch. Setting to zero allows unlimited -# messages. (integer value) -#rabbit_qos_prefetch_count = 0 - -# Number of seconds after which the Rabbit broker is considered down if -# heartbeat's keep-alive fails (0 disables heartbeat). (integer value) -#heartbeat_timeout_threshold = 60 - -# How often times during the heartbeat_timeout_threshold we check the heartbeat. -# (integer value) -#heartbeat_rate = 2 - -# Enable/Disable the RabbitMQ mandatory flag for direct send. The direct send is -# used as reply, so the MessageUndeliverable exception is raised in case the -# client queue does not exist. (integer value) -#direct_mandatory_flag = True - - -[oslo_policy] - -# -# From oslo.policy -# - -# This option controls whether or not to enforce scope when evaluating policies. -# If ``True``, the scope of the token used in the request is compared to the -# ``scope_types`` of the policy being enforced. If the scopes do not match, an -# ``InvalidScope`` exception will be raised. If ``False``, a message will be -# logged informing operators that policies are being invoked with mismatching -# scope. (boolean value) -#enforce_scope = false - -# The relative or absolute path of a file that maps roles to permissions for a -# given service. Relative paths must be specified in relation to the -# configuration file setting this option. (string value) -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string value) -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be relative -# to any directory in the search path defined by the config_dir option, or -# absolute paths. The file defined by policy_file must exist for these -# directories to be searched. Missing or empty directories are ignored. (multi -# valued) -#policy_dirs = policy.d - -# Content Type to send and receive data for REST based policy check (string -# value) -# Possible values: -# application/x-www-form-urlencoded - -# application/json - -#remote_content_type = application/x-www-form-urlencoded - -# server identity verification for REST based policy check (boolean value) -#remote_ssl_verify_server_crt = false - -# Absolute path to ca cert file for REST based policy check (string value) -#remote_ssl_ca_crt_file = - -# Absolute path to client cert for REST based policy check (string value) -#remote_ssl_client_crt_file = - -# Absolute path client key file REST based policy check (string value) -#remote_ssl_client_key_file = - - -[paste_deploy] - -# -# From glance.registry -# - -# -# Deployment flavor to use in the server application pipeline. -# -# Provide a string value representing the appropriate deployment -# flavor used in the server application pipleline. This is typically -# the partial name of a pipeline in the paste configuration file with -# the service name removed. -# -# For example, if your paste section name in the paste configuration -# file is [pipeline:glance-api-keystone], set ``flavor`` to -# ``keystone``. -# -# Possible values: -# * String value representing a partial pipeline name. -# -# Related Options: -# * config_file -# -# (string value) -# -# This option has a sample default set, which means that -# its actual default value may vary from the one documented -# below. -#flavor = keystone - -# -# Name of the paste configuration file. -# -# Provide a string value representing the name of the paste -# configuration file to use for configuring piplelines for -# server application deployments. -# -# NOTES: -# * Provide the name or the path relative to the glance directory -# for the paste configuration file and not the absolute path. -# * The sample paste configuration file shipped with Glance need -# not be edited in most cases as it comes with ready-made -# pipelines for all common deployment flavors. -# -# If no value is specified for this option, the ``paste.ini`` file -# with the prefix of the corresponding Glance service's configuration -# file name will be searched for in the known configuration -# directories. (For example, if this option is missing from or has no -# value set in ``glance-api.conf``, the service will look for a file -# named ``glance-api-paste.ini``.) If the paste configuration file is -# not found, the service will not start. -# -# Possible values: -# * A string value representing the name of the paste configuration -# file. -# -# Related Options: -# * flavor -# -# (string value) -# -# This option has a sample default set, which means that -# its actual default value may vary from the one documented -# below. -#config_file = glance-api-paste.ini - - -[profiler] - -# -# From glance.registry -# - -# -# Enable the profiling for all services on this node. -# -# Default value is False (fully disable the profiling feature). -# -# Possible values: -# -# * True: Enables the feature -# * False: Disables the feature. The profiling cannot be started via this -# project -# operations. If the profiling is triggered by another project, this project -# part will be empty. -# (boolean value) -# Deprecated group/name - [profiler]/profiler_enabled -#enabled = false - -# -# Enable SQL requests profiling in services. -# -# Default value is False (SQL requests won't be traced). -# -# Possible values: -# -# * True: Enables SQL requests profiling. Each SQL query will be part of the -# trace and can the be analyzed by how much time was spent for that. -# * False: Disables SQL requests profiling. The spent time is only shown on a -# higher level of operations. Single SQL queries cannot be analyzed this way. -# (boolean value) -#trace_sqlalchemy = false - -# -# Secret key(s) to use for encrypting context data for performance profiling. -# -# This string value should have the following format: [,,...], -# where each key is some random string. A user who triggers the profiling via -# the REST API has to set one of these keys in the headers of the REST API call -# to include profiling results of this node for this particular project. -# -# Both "enabled" flag and "hmac_keys" config options should be set to enable -# profiling. Also, to generate correct profiling information across all services -# at least one key needs to be consistent between OpenStack projects. This -# ensures it can be used from client side to generate the trace, containing -# information from all possible resources. -# (string value) -#hmac_keys = SECRET_KEY - -# -# Connection string for a notifier backend. -# -# Default value is ``messaging://`` which sets the notifier to oslo_messaging. -# -# Examples of possible values: -# -# * ``messaging://`` - use oslo_messaging driver for sending spans. -# * ``redis://127.0.0.1:6379`` - use redis driver for sending spans. -# * ``mongodb://127.0.0.1:27017`` - use mongodb driver for sending spans. -# * ``elasticsearch://127.0.0.1:9200`` - use elasticsearch driver for sending -# spans. -# * ``jaeger://127.0.0.1:6831`` - use jaeger tracing as driver for sending -# spans. -# (string value) -#connection_string = messaging:// - -# -# Document type for notification indexing in elasticsearch. -# (string value) -#es_doc_type = notification - -# -# This parameter is a time value parameter (for example: es_scroll_time=2m), -# indicating for how long the nodes that participate in the search will maintain -# relevant resources in order to continue and support it. -# (string value) -#es_scroll_time = 2m - -# -# Elasticsearch splits large requests in batches. This parameter defines -# maximum size of each batch (for example: es_scroll_size=10000). -# (integer value) -#es_scroll_size = 10000 - -# -# Redissentinel provides a timeout option on the connections. -# This parameter defines that timeout (for example: socket_timeout=0.1). -# (floating point value) -#socket_timeout = 0.1 - -# -# Redissentinel uses a service name to identify a master redis service. -# This parameter defines the name (for example: -# ``sentinal_service_name=mymaster``). -# (string value) -#sentinel_service_name = mymaster - -# -# Enable filter traces that contain error/exception to a separated place. -# -# Default value is set to False. -# -# Possible values: -# -# * True: Enable filter traces that contain error/exception. -# * False: Disable the filter. -# (boolean value) -#filter_error_trace = false diff --git a/etc/oslo-config-generator/glance-registry.conf b/etc/oslo-config-generator/glance-registry.conf deleted file mode 100644 index 388e394e31..0000000000 --- a/etc/oslo-config-generator/glance-registry.conf +++ /dev/null @@ -1,10 +0,0 @@ -[DEFAULT] -wrap_width = 80 -output_file = etc/glance-registry.conf.sample -namespace = glance.registry -namespace = oslo.messaging -namespace = oslo.db -namespace = oslo.db.concurrency -namespace = oslo.policy -namespace = keystonemiddleware.auth_token -namespace = oslo.log diff --git a/setup.cfg b/setup.cfg index 3d5e227638..03fdcd82a1 100644 --- a/setup.cfg +++ b/setup.cfg @@ -23,10 +23,8 @@ data_files = etc/glance-api.conf etc/glance-cache.conf etc/glance-manage.conf - etc/glance-registry.conf etc/glance-scrubber.conf etc/glance-api-paste.ini - etc/glance-registry-paste.ini etc/policy.json etc/glance/metadefs = etc/metadefs/* packages =