diff --git a/etc/glance-api.conf b/etc/glance-api.conf index 81b4a91a42..fa2b19596a 100644 --- a/etc/glance-api.conf +++ b/etc/glance-api.conf @@ -620,7 +620,7 @@ # default in Queens and removed in Rocky. This allows Glance to # operate with previous version configs upon upgrade. # -# Setting this option to True will enable the endpoints related +# Setting this option to False will disable the endpoints related # to Image Import Refactoring work. # # Related options: @@ -633,7 +633,17 @@ # It was introduced to make sure that the API is not enabled # before the '[DEFAULT]/node_staging_uri' is defined and is # long term redundant. -#enable_image_import = false +#enable_image_import = true + +# +# List of enabled Image Import Methods +# +# Both 'glance-direct' and 'web-download' are enabled by default. +# +# Related options: +# * [DEFAULT]/node_staging_uri +# * [DEFAULT]/enable_image_import (list value) +#enabled_import_methods = glance-direct,web-download # # Strategy to determine the preference order of image locations. @@ -659,7 +669,9 @@ # * store_type_preference # # (string value) -# Allowed values: location_order, store_type +# Possible values: +# location_order - +# store_type - #location_strategy = location_order # @@ -713,7 +725,9 @@ # * property_protection_file # # (string value) -# Allowed values: roles, policies +# Possible values: +# roles - +# policies - #property_protection_rule_format = roles # @@ -1025,7 +1039,9 @@ # * None # # (string value) -# Allowed values: sqlite, xattr +# Possible values: +# sqlite - +# xattr - #image_cache_driver = sqlite # @@ -1301,7 +1317,9 @@ # * registry_client_ca_file # # (string value) -# Allowed values: http, https +# Possible values: +# http - +# https - # This option is deprecated for removal since Queens. # Its value may be silently ignored in the future. # Reason: @@ -1700,7 +1718,10 @@ #rpc_zmq_bind_address = * # MatchMaker driver. (string value) -# Allowed values: redis, sentinel, dummy +# Possible values: +# redis - +# sentinel - +# dummy - #rpc_zmq_matchmaker = redis # Number of ZeroMQ contexts, defaults to 1. (integer value) @@ -1769,7 +1790,9 @@ # Default serialization mechanism for serializing/deserializing # outgoing/incoming messages (string value) -# Allowed values: json, msgpack +# Possible values: +# json - +# msgpack - #rpc_zmq_serialization = json # This option configures round-robin mode in zmq socket. True means not keeping @@ -2068,7 +2091,19 @@ # * stores # # (string value) -# Allowed values: file, filesystem, http, https, swift, swift+http, swift+https, swift+config, rbd, sheepdog, cinder, vsphere +# Possible values: +# file - +# filesystem - +# http - +# https - +# swift - +# swift+http - +# swift+https - +# swift+config - +# rbd - +# sheepdog - +# cinder - +# vsphere - #default_store = file # @@ -2806,7 +2841,10 @@ # * swift_store_endpoint # # (string value) -# Allowed values: publicURL, adminURL, internalURL +# Possible values: +# publicURL - +# adminURL - +# internalURL - #swift_store_endpoint_type = publicURL # @@ -3105,6 +3143,32 @@ # (boolean value) #swift_store_use_trusts = true +# +# Buffer image segments before upload to Swift. +# +# Provide a boolean value to indicate whether or not Glance should +# buffer image data to disk while uploading to swift. This enables +# Glance to resume uploads on error. +# +# NOTES: +# When enabling this option, one should take great care as this +# increases disk usage on the API node. Be aware that depending +# upon how the file system is configured, the disk space used +# for buffering may decrease the actual disk space available for +# the glance image cache. Disk utilization will cap according to +# the following equation: +# (``swift_store_large_object_chunk_size`` * ``workers`` * 1000) +# +# Possible values: +# * True +# * False +# +# Related options: +# * swift_upload_buffer_dir +# +# (boolean value) +#swift_buffer_on_upload = false + # # Reference to default Swift account/backing store parameters. # @@ -3183,6 +3247,31 @@ # (string value) #swift_store_config_file = +# +# Directory to buffer image segments before upload to Swift. +# +# Provide a string value representing the absolute path to the +# directory on the glance node where image segments will be +# buffered briefly before they are uploaded to swift. +# +# NOTES: +# * This is required only when the configuration option +# ``swift_buffer_on_upload`` is set to True. +# * This directory should be provisioned keeping in mind the +# ``swift_store_large_object_chunk_size`` and the maximum +# number of images that could be uploaded simultaneously by +# a given glance node. +# +# Possible values: +# * String value representing an absolute directory path +# +# Related options: +# * swift_buffer_on_upload +# * swift_store_large_object_chunk_size +# +# (string value) +#swift_upload_buffer_dir = + # # Address of the ESX/ESXi or vCenter Server target system. # @@ -3478,7 +3567,10 @@ # in the cache. If ENCRYPT, token data is encrypted and authenticated in the # cache. If the value is not one of these options or empty, auth_token will # raise an exception on initialization. (string value) -# Allowed values: None, MAC, ENCRYPT +# Possible values: +# None - +# MAC - +# ENCRYPT - #memcache_security_strategy = None # (Optional, mandatory if memcache_security_strategy is defined) This string is @@ -3856,13 +3948,24 @@ # Default timeout(s) for Kafka consumers (floating point value) #kafka_consumer_timeout = 1.0 -# Pool Size for Kafka Consumers (integer value) +# DEPRECATED: Pool Size for Kafka Consumers (integer value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Driver no longer uses connection pool. #pool_size = 10 -# The pool size limit for connections expiration policy (integer value) +# DEPRECATED: The pool size limit for connections expiration policy (integer +# value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Driver no longer uses connection pool. #conn_pool_min_size = 2 -# The time-to-live in sec of idle connections in the pool (integer value) +# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer +# value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Driver no longer uses connection pool. #conn_pool_ttl = 1200 # Group id for Kafka consumer. Consumers in one group will coordinate message @@ -3955,7 +4058,9 @@ # Determines how the next RabbitMQ node is chosen in case the one we are # currently connected to becomes unavailable. Takes effect only if more than one # RabbitMQ node is provided in config. (string value) -# Allowed values: round-robin, shuffle +# Possible values: +# round-robin - +# shuffle - #kombu_failover_strategy = round-robin # DEPRECATED: The RabbitMQ broker address where a single node is used. (string @@ -3992,7 +4097,10 @@ #rabbit_password = guest # The RabbitMQ login method. (string value) -# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO +# Possible values: +# PLAIN - +# AMQPLAIN - +# RABBIT-CR-DEMO - #rabbit_login_method = AMQPLAIN # DEPRECATED: The RabbitMQ virtual host. (string value) @@ -4071,7 +4179,10 @@ #host_connection_reconnect_delay = 0.25 # Connection factory implementation (string value) -# Allowed values: new, single, read_write +# Possible values: +# new - +# single - +# read_write - #connection_factory = single # Maximum number of connections to keep queued. (integer value) @@ -4095,7 +4206,9 @@ # Default serialization mechanism for serializing/deserializing # outgoing/incoming messages (string value) -# Allowed values: json, msgpack +# Possible values: +# json - +# msgpack - #default_serializer_type = json # Persist notification messages. (boolean value) @@ -4162,7 +4275,10 @@ #rpc_zmq_bind_address = * # MatchMaker driver. (string value) -# Allowed values: redis, sentinel, dummy +# Possible values: +# redis - +# sentinel - +# dummy - #rpc_zmq_matchmaker = redis # Number of ZeroMQ contexts, defaults to 1. (integer value) @@ -4231,7 +4347,9 @@ # Default serialization mechanism for serializing/deserializing # outgoing/incoming messages (string value) -# Allowed values: json, msgpack +# Possible values: +# json - +# msgpack - #rpc_zmq_serialization = json # This option configures round-robin mode in zmq socket. True means not keeping @@ -4313,6 +4431,14 @@ # From oslo.policy # +# This option controls whether or not to enforce scope when evaluating policies. +# If ``True``, the scope of the token used in the request is compared to the +# ``scope_types`` of the policy being enforced. If the scopes do not match, an +# ``InvalidScope`` exception will be raised. If ``False``, a message will be +# logged informing operators that policies are being invoked with mismatching +# scope. (boolean value) +#enforce_scope = false + # The file that defines policies. (string value) #policy_file = policy.json @@ -4328,7 +4454,9 @@ # Content Type to send and receive data for REST based policy check (string # value) -# Allowed values: application/x-www-form-urlencoded, application/json +# Possible values: +# application/x-www-form-urlencoded - +# application/json - #remote_content_type = application/x-www-form-urlencoded # server identity verification for REST based policy check (boolean value) @@ -4626,7 +4754,9 @@ # * max_workers # # (string value) -# Allowed values: serial, parallel +# Possible values: +# serial - +# parallel - #engine_mode = parallel # @@ -4678,5 +4808,8 @@ # * disk_formats # # (string value) -# Allowed values: qcow2, raw, vmdk +# Possible values: +# qcow2 - +# raw - +# vmdk - #conversion_format = raw diff --git a/etc/glance-cache.conf b/etc/glance-cache.conf index fdffe3779e..beaf4fa581 100644 --- a/etc/glance-cache.conf +++ b/etc/glance-cache.conf @@ -525,7 +525,7 @@ # default in Queens and removed in Rocky. This allows Glance to # operate with previous version configs upon upgrade. # -# Setting this option to True will enable the endpoints related +# Setting this option to False will disable the endpoints related # to Image Import Refactoring work. # # Related options: @@ -538,7 +538,17 @@ # It was introduced to make sure that the API is not enabled # before the '[DEFAULT]/node_staging_uri' is defined and is # long term redundant. -#enable_image_import = false +#enable_image_import = true + +# +# List of enabled Image Import Methods +# +# Both 'glance-direct' and 'web-download' are enabled by default. +# +# Related options: +# * [DEFAULT]/node_staging_uri +# * [DEFAULT]/enable_image_import (list value) +#enabled_import_methods = glance-direct,web-download # # The relative path to sqlite file database that will be used for image cache @@ -589,7 +599,9 @@ # * None # # (string value) -# Allowed values: sqlite, xattr +# Possible values: +# sqlite - +# xattr - #image_cache_driver = sqlite # @@ -744,7 +756,9 @@ # * registry_client_ca_file # # (string value) -# Allowed values: http, https +# Possible values: +# http - +# https - # This option is deprecated for removal since Queens. # Its value may be silently ignored in the future. # Reason: @@ -1151,7 +1165,19 @@ # * stores # # (string value) -# Allowed values: file, filesystem, http, https, swift, swift+http, swift+https, swift+config, rbd, sheepdog, cinder, vsphere +# Possible values: +# file - +# filesystem - +# http - +# https - +# swift - +# swift+http - +# swift+https - +# swift+config - +# rbd - +# sheepdog - +# cinder - +# vsphere - #default_store = file # @@ -1889,7 +1915,10 @@ # * swift_store_endpoint # # (string value) -# Allowed values: publicURL, adminURL, internalURL +# Possible values: +# publicURL - +# adminURL - +# internalURL - #swift_store_endpoint_type = publicURL # @@ -2188,6 +2217,32 @@ # (boolean value) #swift_store_use_trusts = true +# +# Buffer image segments before upload to Swift. +# +# Provide a boolean value to indicate whether or not Glance should +# buffer image data to disk while uploading to swift. This enables +# Glance to resume uploads on error. +# +# NOTES: +# When enabling this option, one should take great care as this +# increases disk usage on the API node. Be aware that depending +# upon how the file system is configured, the disk space used +# for buffering may decrease the actual disk space available for +# the glance image cache. Disk utilization will cap according to +# the following equation: +# (``swift_store_large_object_chunk_size`` * ``workers`` * 1000) +# +# Possible values: +# * True +# * False +# +# Related options: +# * swift_upload_buffer_dir +# +# (boolean value) +#swift_buffer_on_upload = false + # # Reference to default Swift account/backing store parameters. # @@ -2266,6 +2321,31 @@ # (string value) #swift_store_config_file = +# +# Directory to buffer image segments before upload to Swift. +# +# Provide a string value representing the absolute path to the +# directory on the glance node where image segments will be +# buffered briefly before they are uploaded to swift. +# +# NOTES: +# * This is required only when the configuration option +# ``swift_buffer_on_upload`` is set to True. +# * This directory should be provisioned keeping in mind the +# ``swift_store_large_object_chunk_size`` and the maximum +# number of images that could be uploaded simultaneously by +# a given glance node. +# +# Possible values: +# * String value representing an absolute directory path +# +# Related options: +# * swift_buffer_on_upload +# * swift_store_large_object_chunk_size +# +# (string value) +#swift_upload_buffer_dir = + # # Address of the ESX/ESXi or vCenter Server target system. # @@ -2451,6 +2531,14 @@ # From oslo.policy # +# This option controls whether or not to enforce scope when evaluating policies. +# If ``True``, the scope of the token used in the request is compared to the +# ``scope_types`` of the policy being enforced. If the scopes do not match, an +# ``InvalidScope`` exception will be raised. If ``False``, a message will be +# logged informing operators that policies are being invoked with mismatching +# scope. (boolean value) +#enforce_scope = false + # The file that defines policies. (string value) #policy_file = policy.json @@ -2466,7 +2554,9 @@ # Content Type to send and receive data for REST based policy check (string # value) -# Allowed values: application/x-www-form-urlencoded, application/json +# Possible values: +# application/x-www-form-urlencoded - +# application/json - #remote_content_type = application/x-www-form-urlencoded # server identity verification for REST based policy check (boolean value) diff --git a/etc/glance-image-import.conf.sample b/etc/glance-image-import.conf.sample index fc84cca508..3277fbd4e5 100644 --- a/etc/glance-image-import.conf.sample +++ b/etc/glance-image-import.conf.sample @@ -42,8 +42,6 @@ # Specify name of user roles to be ignored for injecting metadata # properties in the image. # -# Specify name of the user roles -# # Possible values: # * List containing user roles. For example: [admin,member] # diff --git a/etc/glance-registry.conf b/etc/glance-registry.conf index a4e22299bc..11d4320b7f 100644 --- a/etc/glance-registry.conf +++ b/etc/glance-registry.conf @@ -599,7 +599,7 @@ # default in Queens and removed in Rocky. This allows Glance to # operate with previous version configs upon upgrade. # -# Setting this option to True will enable the endpoints related +# Setting this option to False will disable the endpoints related # to Image Import Refactoring work. # # Related options: @@ -612,7 +612,17 @@ # It was introduced to make sure that the API is not enabled # before the '[DEFAULT]/node_staging_uri' is defined and is # long term redundant. -#enable_image_import = false +#enable_image_import = true + +# +# List of enabled Image Import Methods +# +# Both 'glance-direct' and 'web-download' are enabled by default. +# +# Related options: +# * [DEFAULT]/node_staging_uri +# * [DEFAULT]/enable_image_import (list value) +#enabled_import_methods = glance-direct,web-download # # IP address to bind the glance servers to. @@ -983,7 +993,10 @@ #rpc_zmq_bind_address = * # MatchMaker driver. (string value) -# Allowed values: redis, sentinel, dummy +# Possible values: +# redis - +# sentinel - +# dummy - #rpc_zmq_matchmaker = redis # Number of ZeroMQ contexts, defaults to 1. (integer value) @@ -1052,7 +1065,9 @@ # Default serialization mechanism for serializing/deserializing # outgoing/incoming messages (string value) -# Allowed values: json, msgpack +# Possible values: +# json - +# msgpack - #rpc_zmq_serialization = json # This option configures round-robin mode in zmq socket. True means not keeping @@ -1365,7 +1380,10 @@ # in the cache. If ENCRYPT, token data is encrypted and authenticated in the # cache. If the value is not one of these options or empty, auth_token will # raise an exception on initialization. (string value) -# Allowed values: None, MAC, ENCRYPT +# Possible values: +# None - +# MAC - +# ENCRYPT - #memcache_security_strategy = None # (Optional, mandatory if memcache_security_strategy is defined) This string is @@ -1727,13 +1745,24 @@ # Default timeout(s) for Kafka consumers (floating point value) #kafka_consumer_timeout = 1.0 -# Pool Size for Kafka Consumers (integer value) +# DEPRECATED: Pool Size for Kafka Consumers (integer value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Driver no longer uses connection pool. #pool_size = 10 -# The pool size limit for connections expiration policy (integer value) +# DEPRECATED: The pool size limit for connections expiration policy (integer +# value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Driver no longer uses connection pool. #conn_pool_min_size = 2 -# The time-to-live in sec of idle connections in the pool (integer value) +# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer +# value) +# This option is deprecated for removal. +# Its value may be silently ignored in the future. +# Reason: Driver no longer uses connection pool. #conn_pool_ttl = 1200 # Group id for Kafka consumer. Consumers in one group will coordinate message @@ -1826,7 +1855,9 @@ # Determines how the next RabbitMQ node is chosen in case the one we are # currently connected to becomes unavailable. Takes effect only if more than one # RabbitMQ node is provided in config. (string value) -# Allowed values: round-robin, shuffle +# Possible values: +# round-robin - +# shuffle - #kombu_failover_strategy = round-robin # DEPRECATED: The RabbitMQ broker address where a single node is used. (string @@ -1863,7 +1894,10 @@ #rabbit_password = guest # The RabbitMQ login method. (string value) -# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO +# Possible values: +# PLAIN - +# AMQPLAIN - +# RABBIT-CR-DEMO - #rabbit_login_method = AMQPLAIN # DEPRECATED: The RabbitMQ virtual host. (string value) @@ -1942,7 +1976,10 @@ #host_connection_reconnect_delay = 0.25 # Connection factory implementation (string value) -# Allowed values: new, single, read_write +# Possible values: +# new - +# single - +# read_write - #connection_factory = single # Maximum number of connections to keep queued. (integer value) @@ -1966,7 +2003,9 @@ # Default serialization mechanism for serializing/deserializing # outgoing/incoming messages (string value) -# Allowed values: json, msgpack +# Possible values: +# json - +# msgpack - #default_serializer_type = json # Persist notification messages. (boolean value) @@ -2033,7 +2072,10 @@ #rpc_zmq_bind_address = * # MatchMaker driver. (string value) -# Allowed values: redis, sentinel, dummy +# Possible values: +# redis - +# sentinel - +# dummy - #rpc_zmq_matchmaker = redis # Number of ZeroMQ contexts, defaults to 1. (integer value) @@ -2102,7 +2144,9 @@ # Default serialization mechanism for serializing/deserializing # outgoing/incoming messages (string value) -# Allowed values: json, msgpack +# Possible values: +# json - +# msgpack - #rpc_zmq_serialization = json # This option configures round-robin mode in zmq socket. True means not keeping @@ -2173,6 +2217,14 @@ # From oslo.policy # +# This option controls whether or not to enforce scope when evaluating policies. +# If ``True``, the scope of the token used in the request is compared to the +# ``scope_types`` of the policy being enforced. If the scopes do not match, an +# ``InvalidScope`` exception will be raised. If ``False``, a message will be +# logged informing operators that policies are being invoked with mismatching +# scope. (boolean value) +#enforce_scope = false + # The file that defines policies. (string value) #policy_file = policy.json @@ -2188,7 +2240,9 @@ # Content Type to send and receive data for REST based policy check (string # value) -# Allowed values: application/x-www-form-urlencoded, application/json +# Possible values: +# application/x-www-form-urlencoded - +# application/json - #remote_content_type = application/x-www-form-urlencoded # server identity verification for REST based policy check (boolean value) diff --git a/etc/glance-scrubber.conf b/etc/glance-scrubber.conf index afd50b8691..d77b393a49 100644 --- a/etc/glance-scrubber.conf +++ b/etc/glance-scrubber.conf @@ -525,7 +525,7 @@ # default in Queens and removed in Rocky. This allows Glance to # operate with previous version configs upon upgrade. # -# Setting this option to True will enable the endpoints related +# Setting this option to False will disable the endpoints related # to Image Import Refactoring work. # # Related options: @@ -538,7 +538,17 @@ # It was introduced to make sure that the API is not enabled # before the '[DEFAULT]/node_staging_uri' is defined and is # long term redundant. -#enable_image_import = false +#enable_image_import = true + +# +# List of enabled Image Import Methods +# +# Both 'glance-direct' and 'web-download' are enabled by default. +# +# Related options: +# * [DEFAULT]/node_staging_uri +# * [DEFAULT]/enable_image_import (list value) +#enabled_import_methods = glance-direct,web-download # # The amount of time, in seconds, to delay image scrubbing. @@ -614,56 +624,6 @@ # (boolean value) #delayed_delete = false -# -# Role used to identify an authenticated user as administrator. -# -# Provide a string value representing a Keystone role to identify an -# administrative user. Users with this role will be granted -# administrative privileges. The default value for this option is -# 'admin'. -# -# Possible values: -# * A string value which is a valid Keystone role -# -# Related options: -# * None -# -# (string value) -#admin_role = admin - -# -# Send headers received from identity when making requests to -# registry. -# -# Typically, Glance registry can be deployed in multiple flavors, -# which may or may not include authentication. For example, -# ``trusted-auth`` is a flavor that does not require the registry -# service to authenticate the requests it receives. However, the -# registry service may still need a user context to be populated to -# serve the requests. This can be achieved by the caller -# (the Glance API usually) passing through the headers it received -# from authenticating with identity for the same request. The typical -# headers sent are ``X-User-Id``, ``X-Tenant-Id``, ``X-Roles``, -# ``X-Identity-Status`` and ``X-Service-Catalog``. -# -# Provide a boolean value to determine whether to send the identity -# headers to provide tenant and user information along with the -# requests to registry service. By default, this option is set to -# ``False``, which means that user and tenant information is not -# available readily. It must be obtained by authenticating. Hence, if -# this is set to ``False``, ``flavor`` must be set to value that -# either includes authentication or authenticated user context. -# -# Possible values: -# * True -# * False -# -# Related options: -# * flavor -# -# (boolean value) -#send_identity_headers = false - # # Time interval, in seconds, between scrubber runs in daemon mode. # @@ -710,308 +670,6 @@ # (boolean value) #daemon = false -# DEPRECATED: -# Protocol to use for communication with the registry server. -# -# Provide a string value representing the protocol to use for -# communication with the registry server. By default, this option is -# set to ``http`` and the connection is not secure. -# -# This option can be set to ``https`` to establish a secure connection -# to the registry server. In this case, provide a key to use for the -# SSL connection using the ``registry_client_key_file`` option. Also -# include the CA file and cert file using the options -# ``registry_client_ca_file`` and ``registry_client_cert_file`` -# respectively. -# -# Possible values: -# * http -# * https -# -# Related options: -# * registry_client_key_file -# * registry_client_cert_file -# * registry_client_ca_file -# -# (string value) -# Allowed values: http, https -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: -# Glance registry service is deprecated for removal. -# -# More information can be found from the spec: -# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance -# /deprecate-registry.html -#registry_client_protocol = http - -# DEPRECATED: -# Absolute path to the private key file. -# -# Provide a string value representing a valid absolute path to the -# private key file to use for establishing a secure connection to -# the registry server. -# -# NOTE: This option must be set if ``registry_client_protocol`` is -# set to ``https``. Alternatively, the GLANCE_CLIENT_KEY_FILE -# environment variable may be set to a filepath of the key file. -# -# Possible values: -# * String value representing a valid absolute path to the key -# file. -# -# Related options: -# * registry_client_protocol -# -# (string value) -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: -# Glance registry service is deprecated for removal. -# -# More information can be found from the spec: -# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance -# /deprecate-registry.html -#registry_client_key_file = /etc/ssl/key/key-file.pem - -# DEPRECATED: -# Absolute path to the certificate file. -# -# Provide a string value representing a valid absolute path to the -# certificate file to use for establishing a secure connection to -# the registry server. -# -# NOTE: This option must be set if ``registry_client_protocol`` is -# set to ``https``. Alternatively, the GLANCE_CLIENT_CERT_FILE -# environment variable may be set to a filepath of the certificate -# file. -# -# Possible values: -# * String value representing a valid absolute path to the -# certificate file. -# -# Related options: -# * registry_client_protocol -# -# (string value) -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: -# Glance registry service is deprecated for removal. -# -# More information can be found from the spec: -# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance -# /deprecate-registry.html -#registry_client_cert_file = /etc/ssl/certs/file.crt - -# DEPRECATED: -# Absolute path to the Certificate Authority file. -# -# Provide a string value representing a valid absolute path to the -# certificate authority file to use for establishing a secure -# connection to the registry server. -# -# NOTE: This option must be set if ``registry_client_protocol`` is -# set to ``https``. Alternatively, the GLANCE_CLIENT_CA_FILE -# environment variable may be set to a filepath of the CA file. -# This option is ignored if the ``registry_client_insecure`` option -# is set to ``True``. -# -# Possible values: -# * String value representing a valid absolute path to the CA -# file. -# -# Related options: -# * registry_client_protocol -# * registry_client_insecure -# -# (string value) -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: -# Glance registry service is deprecated for removal. -# -# More information can be found from the spec: -# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance -# /deprecate-registry.html -#registry_client_ca_file = /etc/ssl/cafile/file.ca - -# DEPRECATED: -# Set verification of the registry server certificate. -# -# Provide a boolean value to determine whether or not to validate -# SSL connections to the registry server. By default, this option -# is set to ``False`` and the SSL connections are validated. -# -# If set to ``True``, the connection to the registry server is not -# validated via a certifying authority and the -# ``registry_client_ca_file`` option is ignored. This is the -# registry's equivalent of specifying --insecure on the command line -# using glanceclient for the API. -# -# Possible values: -# * True -# * False -# -# Related options: -# * registry_client_protocol -# * registry_client_ca_file -# -# (boolean value) -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: -# Glance registry service is deprecated for removal. -# -# More information can be found from the spec: -# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance -# /deprecate-registry.html -#registry_client_insecure = false - -# DEPRECATED: -# Timeout value for registry requests. -# -# Provide an integer value representing the period of time in seconds -# that the API server will wait for a registry request to complete. -# The default value is 600 seconds. -# -# A value of 0 implies that a request will never timeout. -# -# Possible values: -# * Zero -# * Positive integer -# -# Related options: -# * None -# -# (integer value) -# Minimum value: 0 -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: -# Glance registry service is deprecated for removal. -# -# More information can be found from the spec: -# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance -# /deprecate-registry.html -#registry_client_timeout = 600 - -# DEPRECATED: Whether to pass through the user token when making requests to the -# registry. To prevent failures with token expiration during big files upload, -# it is recommended to set this parameter to False.If "use_user_token" is not in -# effect, then admin credentials can be specified. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated in M -# release. It will be removed in O release. For more information read OSSN-0060. -# Related functionality with uploading big images has been implemented with -# Keystone trusts support. -#use_user_token = true - -# DEPRECATED: The administrators user name. If "use_user_token" is not in -# effect, then admin credentials can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated in M -# release. It will be removed in O release. For more information read OSSN-0060. -# Related functionality with uploading big images has been implemented with -# Keystone trusts support. -#admin_user = - -# DEPRECATED: The administrators password. If "use_user_token" is not in effect, -# then admin credentials can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated in M -# release. It will be removed in O release. For more information read OSSN-0060. -# Related functionality with uploading big images has been implemented with -# Keystone trusts support. -#admin_password = - -# DEPRECATED: The tenant name of the administrative user. If "use_user_token" is -# not in effect, then admin tenant name can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated in M -# release. It will be removed in O release. For more information read OSSN-0060. -# Related functionality with uploading big images has been implemented with -# Keystone trusts support. -#admin_tenant_name = - -# DEPRECATED: The URL to the keystone service. If "use_user_token" is not in -# effect and using keystone auth, then URL of keystone can be specified. (string -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated in M -# release. It will be removed in O release. For more information read OSSN-0060. -# Related functionality with uploading big images has been implemented with -# Keystone trusts support. -#auth_url = - -# DEPRECATED: The strategy to use for authentication. If "use_user_token" is not -# in effect, then auth strategy can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated in M -# release. It will be removed in O release. For more information read OSSN-0060. -# Related functionality with uploading big images has been implemented with -# Keystone trusts support. -#auth_strategy = noauth - -# DEPRECATED: The region for the authentication service. If "use_user_token" is -# not in effect and using keystone auth, then region name can be specified. -# (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated in M -# release. It will be removed in O release. For more information read OSSN-0060. -# Related functionality with uploading big images has been implemented with -# Keystone trusts support. -#auth_region = - -# DEPRECATED: -# Address the registry server is hosted on. -# -# Possible values: -# * A valid IP or hostname -# -# Related options: -# * None -# -# (unknown value) -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: -# Glance registry service is deprecated for removal. -# -# More information can be found from the spec: -# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance -# /deprecate-registry.html -#registry_host = 0.0.0.0 - -# DEPRECATED: -# Port the registry server is listening on. -# -# Possible values: -# * A valid port number -# -# Related options: -# * None -# -# (port value) -# Minimum value: 0 -# Maximum value: 65535 -# This option is deprecated for removal since Queens. -# Its value may be silently ignored in the future. -# Reason: -# Glance registry service is deprecated for removal. -# -# More information can be found from the spec: -# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance -# /deprecate-registry.html -#registry_port = 9191 - # # From oslo.log # @@ -1298,7 +956,19 @@ # * stores # # (string value) -# Allowed values: file, filesystem, http, https, swift, swift+http, swift+https, swift+config, rbd, sheepdog, cinder, vsphere +# Possible values: +# file - +# filesystem - +# http - +# https - +# swift - +# swift+http - +# swift+https - +# swift+config - +# rbd - +# sheepdog - +# cinder - +# vsphere - #default_store = file # @@ -2036,7 +1706,10 @@ # * swift_store_endpoint # # (string value) -# Allowed values: publicURL, adminURL, internalURL +# Possible values: +# publicURL - +# adminURL - +# internalURL - #swift_store_endpoint_type = publicURL # @@ -2335,6 +2008,32 @@ # (boolean value) #swift_store_use_trusts = true +# +# Buffer image segments before upload to Swift. +# +# Provide a boolean value to indicate whether or not Glance should +# buffer image data to disk while uploading to swift. This enables +# Glance to resume uploads on error. +# +# NOTES: +# When enabling this option, one should take great care as this +# increases disk usage on the API node. Be aware that depending +# upon how the file system is configured, the disk space used +# for buffering may decrease the actual disk space available for +# the glance image cache. Disk utilization will cap according to +# the following equation: +# (``swift_store_large_object_chunk_size`` * ``workers`` * 1000) +# +# Possible values: +# * True +# * False +# +# Related options: +# * swift_upload_buffer_dir +# +# (boolean value) +#swift_buffer_on_upload = false + # # Reference to default Swift account/backing store parameters. # @@ -2413,6 +2112,31 @@ # (string value) #swift_store_config_file = +# +# Directory to buffer image segments before upload to Swift. +# +# Provide a string value representing the absolute path to the +# directory on the glance node where image segments will be +# buffered briefly before they are uploaded to swift. +# +# NOTES: +# * This is required only when the configuration option +# ``swift_buffer_on_upload`` is set to True. +# * This directory should be provisioned keeping in mind the +# ``swift_store_large_object_chunk_size`` and the maximum +# number of images that could be uploaded simultaneously by +# a given glance node. +# +# Possible values: +# * String value representing an absolute directory path +# +# Related options: +# * swift_buffer_on_upload +# * swift_store_large_object_chunk_size +# +# (string value) +#swift_upload_buffer_dir = + # # Address of the ESX/ESXi or vCenter Server target system. # @@ -2614,6 +2338,14 @@ # From oslo.policy # +# This option controls whether or not to enforce scope when evaluating policies. +# If ``True``, the scope of the token used in the request is compared to the +# ``scope_types`` of the policy being enforced. If the scopes do not match, an +# ``InvalidScope`` exception will be raised. If ``False``, a message will be +# logged informing operators that policies are being invoked with mismatching +# scope. (boolean value) +#enforce_scope = false + # The file that defines policies. (string value) #policy_file = policy.json @@ -2629,7 +2361,9 @@ # Content Type to send and receive data for REST based policy check (string # value) -# Allowed values: application/x-www-form-urlencoded, application/json +# Possible values: +# application/x-www-form-urlencoded - +# application/json - #remote_content_type = application/x-www-form-urlencoded # server identity verification for REST based policy check (boolean value)