From c3baf74f2608e446c7a6dca629a0e8d5196c7b21 Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Mon, 19 Dec 2016 12:16:03 -0600 Subject: [PATCH] Update sample config files for Ocata-3 In preparation for the last Ocata beta milestone, let's update our configuration files. This will also allow for other folks who are updating config files to create much smaller diffs. Change-Id: Id644879bb9e93a291c7935eaeacf664bbf46efc2 --- etc/glance-api.conf | 289 +++++++++++++++++++++++++++++++++------ etc/glance-cache.conf | 52 ++++++- etc/glance-glare.conf | 102 +++++++++++--- etc/glance-manage.conf | 14 +- etc/glance-registry.conf | 244 ++++++++++++++++++++++++++++----- etc/glance-scrubber.conf | 52 ++++++- 6 files changed, 643 insertions(+), 110 deletions(-) diff --git a/etc/glance-api.conf b/etc/glance-api.conf index 9b944b0ce0..cd846f0517 100644 --- a/etc/glance-api.conf +++ b/etc/glance-api.conf @@ -1498,7 +1498,7 @@ # Log output to standard error. This option is ignored if log_config_append is # set. (boolean value) -#use_stderr = true +#use_stderr = false # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s @@ -1532,6 +1532,18 @@ # value) #instance_uuid_format = "[instance: %(uuid)s] " +# Interval, number of seconds, of log rate limiting. (integer value) +#rate_limit_interval = 0 + +# Maximum number of logged messages per rate_limit_interval. (integer value) +#rate_limit_burst = 0 + +# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or +# empty string. Logs with level greater or equal to rate_limit_except_level are +# not filtered. An empty string means that all levels are filtered. (string +# value) +#rate_limit_except_level = CRITICAL + # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false @@ -1555,7 +1567,7 @@ #rpc_zmq_bind_address = * # MatchMaker driver. (string value) -# Allowed values: redis, dummy +# Allowed values: redis, sentinel, dummy # Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker #rpc_zmq_matchmaker = redis @@ -1577,12 +1589,13 @@ # Deprecated group/name - [DEFAULT]/rpc_zmq_host #rpc_zmq_host = localhost -# Seconds to wait before a cast expires (TTL). The default value of -1 specifies -# an infinite linger period. The value of 0 specifies no linger period. Pending -# messages shall be discarded immediately when the socket is closed. Only -# supported by impl_zmq. (integer value) +# Number of seconds to wait before all pending messages will be sent after +# closing a socket. The default value of -1 specifies an infinite linger period. +# The value of 0 specifies no linger period. Pending messages shall be discarded +# immediately when the socket is closed. Positive values specify an upper bound +# for the linger period. (integer value) # Deprecated group/name - [DEFAULT]/rpc_cast_timeout -#rpc_cast_timeout = -1 +#zmq_linger = -1 # The default number of seconds that poll should wait. Poll raises timeout # exception when timeout expired. (integer value) @@ -1602,7 +1615,7 @@ # Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean # value) # Deprecated group/name - [DEFAULT]/use_pub_sub -#use_pub_sub = true +#use_pub_sub = false # Use ROUTER remote proxy. (boolean value) # Deprecated group/name - [DEFAULT]/use_router_proxy @@ -1635,7 +1648,62 @@ # a queue when server side disconnects. False means to keep queue and messages # even if server is disconnected, when the server appears we send all # accumulated messages to it. (boolean value) -#zmq_immediate = false +#zmq_immediate = true + +# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any +# other negative value) means to skip any overrides and leave it to OS default; +# 0 and 1 (or any other positive value) mean to disable and enable the option +# respectively. (integer value) +#zmq_tcp_keepalive = -1 + +# The duration between two keepalive transmissions in idle condition. The unit +# is platform dependent, for example, seconds in Linux, milliseconds in Windows +# etc. The default value of -1 (or any other negative value and 0) means to skip +# any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_idle = -1 + +# The number of retransmissions to be carried out before declaring that remote +# end is not available. The default value of -1 (or any other negative value and +# 0) means to skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_cnt = -1 + +# The duration between two successive keepalive retransmissions, if +# acknowledgement to the previous keepalive transmission is not received. The +# unit is platform dependent, for example, seconds in Linux, milliseconds in +# Windows etc. The default value of -1 (or any other negative value and 0) means +# to skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_intvl = -1 + +# Maximum number of (green) threads to work concurrently. (integer value) +#rpc_thread_pool_size = 100 + +# Expiration timeout in seconds of a sent/received message after which it is not +# tracked anymore by a client/server. (integer value) +#rpc_message_ttl = 300 + +# Wait for message acknowledgements from receivers. This mechanism works only +# via proxy without PUB/SUB. (boolean value) +#rpc_use_acks = false + +# Number of seconds to wait for an ack from a cast/call. After each retry +# attempt this timeout is multiplied by some specified multiplier. (integer +# value) +#rpc_ack_timeout_base = 15 + +# Number to multiply base ack timeout by after each retry attempt. (integer +# value) +#rpc_ack_timeout_multiplier = 2 + +# Default number of message sending attempts in case of any problems occurred: +# positive value N means at most N retries, 0 means no retries, None or -1 (or +# any other negative values) mean to retry forever. This option is used only if +# acknowledgments are enabled. (integer value) +#rpc_retry_attempts = 3 + +# List of publisher hosts SubConsumer can subscribe on. This option has higher +# priority then the default publishers list taken from the matchmaker. (list +# value) +#subscribe_on = # Size of executor thread pool. (integer value) # Deprecated group/name - [DEFAULT]/rpc_thread_pool_size @@ -1915,7 +1983,7 @@ # /store-capabilities.html # # For more information on setting up a particular store in your -# deplyment and help with the usage of this feature, please contact +# deployment and help with the usage of this feature, please contact # the storage driver maintainers listed here: # http://docs.openstack.org/developer/glance_store/drivers/index.html # @@ -1944,8 +2012,8 @@ # # Possible values: # * A string of of the following form: -# ``::`` -# At least ``service_type`` and ``endpoint_type`` should be specified. +# ``::`` +# At least ``service_type`` and ``interface`` should be specified. # ``service_name`` can be omitted. # # Related options: @@ -2169,6 +2237,25 @@ # (string value) #rootwrap_config = /etc/glance/rootwrap.conf +# +# Volume type that will be used for volume creation in cinder. +# +# Some cinder backends can have several volume types to optimize storage usage. +# Adding this option allows an operator to choose a specific volume type +# in cinder that can be optimized for images. +# +# If this is not set, then the default volume type specified in the cinder +# configuration will be used for volume creation. +# +# Possible values: +# * A valid volume type from cinder +# +# Related options: +# * None +# +# (string value) +#cinder_volume_type = + # # Directory to which the filesystem backend store writes images. # @@ -2750,12 +2837,16 @@ # images in its own account. More details multi-tenant store can be found at # https://wiki.openstack.org/wiki/GlanceSwiftTenantSpecificStorage # +# NOTE: If using multi-tenant swift store, please make sure +# that you do not set a swift configuration file with the +# 'swift_store_config_file' option. +# # Possible values: # * True # * False # # Related options: -# * None +# * swift_store_config_file # # (boolean value) #swift_store_multi_tenant = false @@ -2971,12 +3062,15 @@ # option is highly recommended while using Swift storage backend for # image storage as it avoids storage of credentials in the database. # +# NOTE: Please do not configure this option if you have set +# ``swift_store_multi_tenant`` to ``True``. +# # Possible values: # * String value representing an absolute path on the glance-api # node # # Related options: -# * None +# * swift_store_multi_tenant # # (string value) #swift_store_config_file = @@ -3227,7 +3321,12 @@ # The region in which the identity server can be found. (string value) #region_name = -# Directory used to cache files related to PKI tokens. (string value) +# DEPRECATED: Directory used to cache files related to PKI tokens. This option +# has been deprecated in the Ocata release and will be removed in the P release. +# (string value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #signing_dir = # Optionally specify a list of memcached server(s) to use for caching. If left @@ -3240,10 +3339,14 @@ # -1 to disable caching completely. (integer value) #token_cache_time = 300 -# Determines the frequency at which the list of revoked tokens is retrieved from -# the Identity service (in seconds). A high number of revocation events combined -# with a low cache duration may significantly reduce performance. Only valid for -# PKI tokens. (integer value) +# DEPRECATED: Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of revocation +# events combined with a low cache duration may significantly reduce +# performance. Only valid for PKI tokens. This option has been deprecated in the +# Ocata release and will be removed in the P release. (integer value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #revocation_cache_time = 10 # (Optional) If defined, indicate whether token data should be authenticated or @@ -3296,20 +3399,41 @@ # value) #enforce_token_bind = permissive -# If true, the revocation list will be checked for cached tokens. This requires -# that PKI tokens are configured on the identity server. (boolean value) +# DEPRECATED: If true, the revocation list will be checked for cached tokens. +# This requires that PKI tokens are configured on the identity server. (boolean +# value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #check_revocations_for_cached = false -# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm -# or multiple. The algorithms are those supported by Python standard -# hashlib.new(). The hashes will be tried in the order given, so put the -# preferred one first for performance. The result of the first hash will be +# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, so put +# the preferred one first for performance. The result of the first hash will be # stored in the cache. This will typically be set to multiple values only while # migrating from a less secure algorithm to a more secure one. Once all the old # tokens are expired this option should be set to a single value for better # performance. (list value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #hash_algorithms = md5 +# A choice of roles that must be present in a service token. Service tokens are +# allowed to request that an expired token can be used and so this check should +# tightly control that only actual services should be sending this token. Roles +# here are applied as an ANY check so any role in this list must be present. For +# backwards compatibility reasons this currently only affects the allow_expired +# check. (list value) +#service_token_roles = service + +# For backwards compatibility reasons we must let valid service tokens pass that +# don't pass the service_token_roles check as valid. Setting this true will +# become the default in a future release and should be enabled if possible. +# (boolean value) +#service_token_roles_required = false + # Authentication type to load (string value) # Deprecated group/name - [keystone_authtoken]/auth_plugin #auth_type = @@ -3344,7 +3468,7 @@ # Reason: Replaced by [DEFAULT]/transport_url #password = -# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode) e.g. +# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., # [host:port, host1:port ... ] (list value) # This option is deprecated for removal. # Its value may be silently ignored in the future. @@ -3360,7 +3484,7 @@ # Time in ms to wait before the transaction is killed. (integer value) #check_timeout = 20000 -# Timeout in ms on blocking socket operations (integer value) +# Timeout in ms on blocking socket operations. (integer value) #socket_timeout = 10000 @@ -3475,6 +3599,11 @@ # Minimum value: 5 #default_notify_timeout = 30 +# The duration to schedule a purge of idle sender links. Detach link after +# expiry. (integer value) +# Minimum value: 1 +#default_sender_link_timeout = 600 + # Indicates the addressing mode used by the driver. # Permitted values: # 'legacy' - use legacy non-routable addressing @@ -3543,6 +3672,19 @@ # Minimum value: 1 #notify_server_credit = 100 +# Send messages of this type pre-settled. +# Pre-settled messages will not receive acknowledgement +# from the peer. Note well: pre-settled messages may be +# silently discarded if the delivery fails. +# Permitted values: +# 'rpc-call' - send RPC Calls pre-settled +# 'rpc-reply'- send RPC Replies pre-settled +# 'rpc-cast' - Send RPC Casts pre-settled +# 'notify' - Send Notifications pre-settled +# (multi valued) +#pre_settled = rpc-cast +#pre_settled = rpc-reply + [oslo_messaging_notifications] @@ -3662,6 +3804,7 @@ #rabbit_password = guest # The RabbitMQ login method. (string value) +# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO # Deprecated group/name - [DEFAULT]/rabbit_login_method #rabbit_login_method = AMQPLAIN @@ -3694,7 +3837,7 @@ # Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this # option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring # is no longer controlled by the x-ha-policy argument when declaring a queue. If -# you just want to make sure that all queues (except those with auto-generated +# you just want to make sure that all queues (except those with auto-generated # names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA # '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_ha_queues @@ -3771,6 +3914,11 @@ # (integer value) #pool_stale = 60 +# Default serialization mechanism for serializing/deserializing +# outgoing/incoming messages (string value) +# Allowed values: json, msgpack +#default_serializer_type = json + # Persist notification messages. (boolean value) #notification_persistence = false @@ -3816,7 +3964,7 @@ # Reconnecting retry count in case of connectivity problem during sending RPC # message, -1 means infinite retry. If actual retry attempts in not 0 the rpc -# request could be processed more then one time (integer value) +# request could be processed more than one time (integer value) #default_rpc_retry_attempts = -1 # Reconnecting retry delay in case of connectivity problem during sending RPC @@ -3836,7 +3984,7 @@ #rpc_zmq_bind_address = * # MatchMaker driver. (string value) -# Allowed values: redis, dummy +# Allowed values: redis, sentinel, dummy # Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker #rpc_zmq_matchmaker = redis @@ -3858,12 +4006,13 @@ # Deprecated group/name - [DEFAULT]/rpc_zmq_host #rpc_zmq_host = localhost -# Seconds to wait before a cast expires (TTL). The default value of -1 specifies -# an infinite linger period. The value of 0 specifies no linger period. Pending -# messages shall be discarded immediately when the socket is closed. Only -# supported by impl_zmq. (integer value) +# Number of seconds to wait before all pending messages will be sent after +# closing a socket. The default value of -1 specifies an infinite linger period. +# The value of 0 specifies no linger period. Pending messages shall be discarded +# immediately when the socket is closed. Positive values specify an upper bound +# for the linger period. (integer value) # Deprecated group/name - [DEFAULT]/rpc_cast_timeout -#rpc_cast_timeout = -1 +#zmq_linger = -1 # The default number of seconds that poll should wait. Poll raises timeout # exception when timeout expired. (integer value) @@ -3883,7 +4032,7 @@ # Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean # value) # Deprecated group/name - [DEFAULT]/use_pub_sub -#use_pub_sub = true +#use_pub_sub = false # Use ROUTER remote proxy. (boolean value) # Deprecated group/name - [DEFAULT]/use_router_proxy @@ -3916,7 +4065,62 @@ # a queue when server side disconnects. False means to keep queue and messages # even if server is disconnected, when the server appears we send all # accumulated messages to it. (boolean value) -#zmq_immediate = false +#zmq_immediate = true + +# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any +# other negative value) means to skip any overrides and leave it to OS default; +# 0 and 1 (or any other positive value) mean to disable and enable the option +# respectively. (integer value) +#zmq_tcp_keepalive = -1 + +# The duration between two keepalive transmissions in idle condition. The unit +# is platform dependent, for example, seconds in Linux, milliseconds in Windows +# etc. The default value of -1 (or any other negative value and 0) means to skip +# any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_idle = -1 + +# The number of retransmissions to be carried out before declaring that remote +# end is not available. The default value of -1 (or any other negative value and +# 0) means to skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_cnt = -1 + +# The duration between two successive keepalive retransmissions, if +# acknowledgement to the previous keepalive transmission is not received. The +# unit is platform dependent, for example, seconds in Linux, milliseconds in +# Windows etc. The default value of -1 (or any other negative value and 0) means +# to skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_intvl = -1 + +# Maximum number of (green) threads to work concurrently. (integer value) +#rpc_thread_pool_size = 100 + +# Expiration timeout in seconds of a sent/received message after which it is not +# tracked anymore by a client/server. (integer value) +#rpc_message_ttl = 300 + +# Wait for message acknowledgements from receivers. This mechanism works only +# via proxy without PUB/SUB. (boolean value) +#rpc_use_acks = false + +# Number of seconds to wait for an ack from a cast/call. After each retry +# attempt this timeout is multiplied by some specified multiplier. (integer +# value) +#rpc_ack_timeout_base = 15 + +# Number to multiply base ack timeout by after each retry attempt. (integer +# value) +#rpc_ack_timeout_multiplier = 2 + +# Default number of message sending attempts in case of any problems occurred: +# positive value N means at most N retries, 0 means no retries, None or -1 (or +# any other negative values) mean to retry forever. This option is used only if +# acknowledgments are enabled. (integer value) +#rpc_retry_attempts = 3 + +# List of publisher hosts SubConsumer can subscribe on. This option has higher +# priority then the default publishers list taken from the matchmaker. (list +# value) +#subscribe_on = [oslo_middleware] @@ -3936,7 +4140,7 @@ # From oslo.policy # -# The JSON file that defines policies. (string value) +# The file that defines policies. (string value) # Deprecated group/name - [DEFAULT]/policy_file #policy_file = policy.json @@ -4096,18 +4300,13 @@ # Possible values: # * Empty list # * Comma separated list of registered store names. Legal values are: -# (NOTE: Use only the following choices, which, unfortunately, -# are not entirely consistent with the store names used in other -# similar configuration options. Please take extra care while -# setting this option, and read the help text carefully when -# setting other similar options.) -# * filesystem +# * file # * http # * rbd # * swift # * sheepdog # * cinder -# * vmware_datastore +# * vmware # # Related options: # * location_strategy diff --git a/etc/glance-cache.conf b/etc/glance-cache.conf index 3765c1489b..738ef5f745 100644 --- a/etc/glance-cache.conf +++ b/etc/glance-cache.conf @@ -909,7 +909,7 @@ # Log output to standard error. This option is ignored if log_config_append is # set. (boolean value) -#use_stderr = true +#use_stderr = false # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s @@ -943,6 +943,18 @@ # value) #instance_uuid_format = "[instance: %(uuid)s] " +# Interval, number of seconds, of log rate limiting. (integer value) +#rate_limit_interval = 0 + +# Maximum number of logged messages per rate_limit_interval. (integer value) +#rate_limit_burst = 0 + +# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or +# empty string. Logs with level greater or equal to rate_limit_except_level are +# not filtered. An empty string means that all levels are filtered. (string +# value) +#rate_limit_except_level = CRITICAL + # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false @@ -1028,7 +1040,7 @@ # /store-capabilities.html # # For more information on setting up a particular store in your -# deplyment and help with the usage of this feature, please contact +# deployment and help with the usage of this feature, please contact # the storage driver maintainers listed here: # http://docs.openstack.org/developer/glance_store/drivers/index.html # @@ -1057,8 +1069,8 @@ # # Possible values: # * A string of of the following form: -# ``::`` -# At least ``service_type`` and ``endpoint_type`` should be specified. +# ``::`` +# At least ``service_type`` and ``interface`` should be specified. # ``service_name`` can be omitted. # # Related options: @@ -1282,6 +1294,25 @@ # (string value) #rootwrap_config = /etc/glance/rootwrap.conf +# +# Volume type that will be used for volume creation in cinder. +# +# Some cinder backends can have several volume types to optimize storage usage. +# Adding this option allows an operator to choose a specific volume type +# in cinder that can be optimized for images. +# +# If this is not set, then the default volume type specified in the cinder +# configuration will be used for volume creation. +# +# Possible values: +# * A valid volume type from cinder +# +# Related options: +# * None +# +# (string value) +#cinder_volume_type = + # # Directory to which the filesystem backend store writes images. # @@ -1863,12 +1894,16 @@ # images in its own account. More details multi-tenant store can be found at # https://wiki.openstack.org/wiki/GlanceSwiftTenantSpecificStorage # +# NOTE: If using multi-tenant swift store, please make sure +# that you do not set a swift configuration file with the +# 'swift_store_config_file' option. +# # Possible values: # * True # * False # # Related options: -# * None +# * swift_store_config_file # # (boolean value) #swift_store_multi_tenant = false @@ -2084,12 +2119,15 @@ # option is highly recommended while using Swift storage backend for # image storage as it avoids storage of credentials in the database. # +# NOTE: Please do not configure this option if you have set +# ``swift_store_multi_tenant`` to ``True``. +# # Possible values: # * String value representing an absolute path on the glance-api # node # # Related options: -# * None +# * swift_store_multi_tenant # # (string value) #swift_store_config_file = @@ -2279,7 +2317,7 @@ # From oslo.policy # -# The JSON file that defines policies. (string value) +# The file that defines policies. (string value) # Deprecated group/name - [DEFAULT]/policy_file #policy_file = policy.json diff --git a/etc/glance-glare.conf b/etc/glance-glare.conf index a083129cc4..1c158f6775 100644 --- a/etc/glance-glare.conf +++ b/etc/glance-glare.conf @@ -436,7 +436,7 @@ # Log output to standard error. This option is ignored if log_config_append is # set. (boolean value) -#use_stderr = true +#use_stderr = false # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s @@ -470,6 +470,18 @@ # value) #instance_uuid_format = "[instance: %(uuid)s] " +# Interval, number of seconds, of log rate limiting. (integer value) +#rate_limit_interval = 0 + +# Maximum number of logged messages per rate_limit_interval. (integer value) +#rate_limit_burst = 0 + +# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or +# empty string. Logs with level greater or equal to rate_limit_except_level are +# not filtered. An empty string means that all levels are filtered. (string +# value) +#rate_limit_except_level = CRITICAL + # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false @@ -729,7 +741,7 @@ # /store-capabilities.html # # For more information on setting up a particular store in your -# deplyment and help with the usage of this feature, please contact +# deployment and help with the usage of this feature, please contact # the storage driver maintainers listed here: # http://docs.openstack.org/developer/glance_store/drivers/index.html # @@ -758,8 +770,8 @@ # # Possible values: # * A string of of the following form: -# ``::`` -# At least ``service_type`` and ``endpoint_type`` should be specified. +# ``::`` +# At least ``service_type`` and ``interface`` should be specified. # ``service_name`` can be omitted. # # Related options: @@ -983,6 +995,25 @@ # (string value) #rootwrap_config = /etc/glance/rootwrap.conf +# +# Volume type that will be used for volume creation in cinder. +# +# Some cinder backends can have several volume types to optimize storage usage. +# Adding this option allows an operator to choose a specific volume type +# in cinder that can be optimized for images. +# +# If this is not set, then the default volume type specified in the cinder +# configuration will be used for volume creation. +# +# Possible values: +# * A valid volume type from cinder +# +# Related options: +# * None +# +# (string value) +#cinder_volume_type = + # # Directory to which the filesystem backend store writes images. # @@ -1564,12 +1595,16 @@ # images in its own account. More details multi-tenant store can be found at # https://wiki.openstack.org/wiki/GlanceSwiftTenantSpecificStorage # +# NOTE: If using multi-tenant swift store, please make sure +# that you do not set a swift configuration file with the +# 'swift_store_config_file' option. +# # Possible values: # * True # * False # # Related options: -# * None +# * swift_store_config_file # # (boolean value) #swift_store_multi_tenant = false @@ -1785,12 +1820,15 @@ # option is highly recommended while using Swift storage backend for # image storage as it avoids storage of credentials in the database. # +# NOTE: Please do not configure this option if you have set +# ``swift_store_multi_tenant`` to ``True``. +# # Possible values: # * String value representing an absolute path on the glance-api # node # # Related options: -# * None +# * swift_store_multi_tenant # # (string value) #swift_store_config_file = @@ -2026,7 +2064,12 @@ # The region in which the identity server can be found. (string value) #region_name = -# Directory used to cache files related to PKI tokens. (string value) +# DEPRECATED: Directory used to cache files related to PKI tokens. This option +# has been deprecated in the Ocata release and will be removed in the P release. +# (string value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #signing_dir = # Optionally specify a list of memcached server(s) to use for caching. If left @@ -2039,10 +2082,14 @@ # -1 to disable caching completely. (integer value) #token_cache_time = 300 -# Determines the frequency at which the list of revoked tokens is retrieved from -# the Identity service (in seconds). A high number of revocation events combined -# with a low cache duration may significantly reduce performance. Only valid for -# PKI tokens. (integer value) +# DEPRECATED: Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of revocation +# events combined with a low cache duration may significantly reduce +# performance. Only valid for PKI tokens. This option has been deprecated in the +# Ocata release and will be removed in the P release. (integer value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #revocation_cache_time = 10 # (Optional) If defined, indicate whether token data should be authenticated or @@ -2095,20 +2142,41 @@ # value) #enforce_token_bind = permissive -# If true, the revocation list will be checked for cached tokens. This requires -# that PKI tokens are configured on the identity server. (boolean value) +# DEPRECATED: If true, the revocation list will be checked for cached tokens. +# This requires that PKI tokens are configured on the identity server. (boolean +# value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #check_revocations_for_cached = false -# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm -# or multiple. The algorithms are those supported by Python standard -# hashlib.new(). The hashes will be tried in the order given, so put the -# preferred one first for performance. The result of the first hash will be +# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, so put +# the preferred one first for performance. The result of the first hash will be # stored in the cache. This will typically be set to multiple values only while # migrating from a less secure algorithm to a more secure one. Once all the old # tokens are expired this option should be set to a single value for better # performance. (list value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #hash_algorithms = md5 +# A choice of roles that must be present in a service token. Service tokens are +# allowed to request that an expired token can be used and so this check should +# tightly control that only actual services should be sending this token. Roles +# here are applied as an ANY check so any role in this list must be present. For +# backwards compatibility reasons this currently only affects the allow_expired +# check. (list value) +#service_token_roles = service + +# For backwards compatibility reasons we must let valid service tokens pass that +# don't pass the service_token_roles check as valid. Setting this true will +# become the default in a future release and should be enabled if possible. +# (boolean value) +#service_token_roles_required = false + # Authentication type to load (string value) # Deprecated group/name - [keystone_authtoken]/auth_plugin #auth_type = diff --git a/etc/glance-manage.conf b/etc/glance-manage.conf index f62545fa5d..45def89c17 100644 --- a/etc/glance-manage.conf +++ b/etc/glance-manage.conf @@ -59,7 +59,7 @@ # Log output to standard error. This option is ignored if log_config_append is # set. (boolean value) -#use_stderr = true +#use_stderr = false # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s @@ -93,6 +93,18 @@ # value) #instance_uuid_format = "[instance: %(uuid)s] " +# Interval, number of seconds, of log rate limiting. (integer value) +#rate_limit_interval = 0 + +# Maximum number of logged messages per rate_limit_interval. (integer value) +#rate_limit_burst = 0 + +# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or +# empty string. Logs with level greater or equal to rate_limit_except_level are +# not filtered. An empty string means that all levels are filtered. (string +# value) +#rate_limit_except_level = CRITICAL + # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false diff --git a/etc/glance-registry.conf b/etc/glance-registry.conf index 9aabc315da..33d87cf041 100644 --- a/etc/glance-registry.conf +++ b/etc/glance-registry.conf @@ -846,7 +846,7 @@ # Log output to standard error. This option is ignored if log_config_append is # set. (boolean value) -#use_stderr = true +#use_stderr = false # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s @@ -880,6 +880,18 @@ # value) #instance_uuid_format = "[instance: %(uuid)s] " +# Interval, number of seconds, of log rate limiting. (integer value) +#rate_limit_interval = 0 + +# Maximum number of logged messages per rate_limit_interval. (integer value) +#rate_limit_burst = 0 + +# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or +# empty string. Logs with level greater or equal to rate_limit_except_level are +# not filtered. An empty string means that all levels are filtered. (string +# value) +#rate_limit_except_level = CRITICAL + # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false @@ -903,7 +915,7 @@ #rpc_zmq_bind_address = * # MatchMaker driver. (string value) -# Allowed values: redis, dummy +# Allowed values: redis, sentinel, dummy # Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker #rpc_zmq_matchmaker = redis @@ -925,12 +937,13 @@ # Deprecated group/name - [DEFAULT]/rpc_zmq_host #rpc_zmq_host = localhost -# Seconds to wait before a cast expires (TTL). The default value of -1 specifies -# an infinite linger period. The value of 0 specifies no linger period. Pending -# messages shall be discarded immediately when the socket is closed. Only -# supported by impl_zmq. (integer value) +# Number of seconds to wait before all pending messages will be sent after +# closing a socket. The default value of -1 specifies an infinite linger period. +# The value of 0 specifies no linger period. Pending messages shall be discarded +# immediately when the socket is closed. Positive values specify an upper bound +# for the linger period. (integer value) # Deprecated group/name - [DEFAULT]/rpc_cast_timeout -#rpc_cast_timeout = -1 +#zmq_linger = -1 # The default number of seconds that poll should wait. Poll raises timeout # exception when timeout expired. (integer value) @@ -950,7 +963,7 @@ # Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean # value) # Deprecated group/name - [DEFAULT]/use_pub_sub -#use_pub_sub = true +#use_pub_sub = false # Use ROUTER remote proxy. (boolean value) # Deprecated group/name - [DEFAULT]/use_router_proxy @@ -983,7 +996,62 @@ # a queue when server side disconnects. False means to keep queue and messages # even if server is disconnected, when the server appears we send all # accumulated messages to it. (boolean value) -#zmq_immediate = false +#zmq_immediate = true + +# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any +# other negative value) means to skip any overrides and leave it to OS default; +# 0 and 1 (or any other positive value) mean to disable and enable the option +# respectively. (integer value) +#zmq_tcp_keepalive = -1 + +# The duration between two keepalive transmissions in idle condition. The unit +# is platform dependent, for example, seconds in Linux, milliseconds in Windows +# etc. The default value of -1 (or any other negative value and 0) means to skip +# any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_idle = -1 + +# The number of retransmissions to be carried out before declaring that remote +# end is not available. The default value of -1 (or any other negative value and +# 0) means to skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_cnt = -1 + +# The duration between two successive keepalive retransmissions, if +# acknowledgement to the previous keepalive transmission is not received. The +# unit is platform dependent, for example, seconds in Linux, milliseconds in +# Windows etc. The default value of -1 (or any other negative value and 0) means +# to skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_intvl = -1 + +# Maximum number of (green) threads to work concurrently. (integer value) +#rpc_thread_pool_size = 100 + +# Expiration timeout in seconds of a sent/received message after which it is not +# tracked anymore by a client/server. (integer value) +#rpc_message_ttl = 300 + +# Wait for message acknowledgements from receivers. This mechanism works only +# via proxy without PUB/SUB. (boolean value) +#rpc_use_acks = false + +# Number of seconds to wait for an ack from a cast/call. After each retry +# attempt this timeout is multiplied by some specified multiplier. (integer +# value) +#rpc_ack_timeout_base = 15 + +# Number to multiply base ack timeout by after each retry attempt. (integer +# value) +#rpc_ack_timeout_multiplier = 2 + +# Default number of message sending attempts in case of any problems occurred: +# positive value N means at most N retries, 0 means no retries, None or -1 (or +# any other negative values) mean to retry forever. This option is used only if +# acknowledgments are enabled. (integer value) +#rpc_retry_attempts = 3 + +# List of publisher hosts SubConsumer can subscribe on. This option has higher +# priority then the default publishers list taken from the matchmaker. (list +# value) +#subscribe_on = # Size of executor thread pool. (integer value) # Deprecated group/name - [DEFAULT]/rpc_thread_pool_size @@ -1176,7 +1244,12 @@ # The region in which the identity server can be found. (string value) #region_name = -# Directory used to cache files related to PKI tokens. (string value) +# DEPRECATED: Directory used to cache files related to PKI tokens. This option +# has been deprecated in the Ocata release and will be removed in the P release. +# (string value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #signing_dir = # Optionally specify a list of memcached server(s) to use for caching. If left @@ -1189,10 +1262,14 @@ # -1 to disable caching completely. (integer value) #token_cache_time = 300 -# Determines the frequency at which the list of revoked tokens is retrieved from -# the Identity service (in seconds). A high number of revocation events combined -# with a low cache duration may significantly reduce performance. Only valid for -# PKI tokens. (integer value) +# DEPRECATED: Determines the frequency at which the list of revoked tokens is +# retrieved from the Identity service (in seconds). A high number of revocation +# events combined with a low cache duration may significantly reduce +# performance. Only valid for PKI tokens. This option has been deprecated in the +# Ocata release and will be removed in the P release. (integer value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #revocation_cache_time = 10 # (Optional) If defined, indicate whether token data should be authenticated or @@ -1245,20 +1322,41 @@ # value) #enforce_token_bind = permissive -# If true, the revocation list will be checked for cached tokens. This requires -# that PKI tokens are configured on the identity server. (boolean value) +# DEPRECATED: If true, the revocation list will be checked for cached tokens. +# This requires that PKI tokens are configured on the identity server. (boolean +# value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #check_revocations_for_cached = false -# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm -# or multiple. The algorithms are those supported by Python standard -# hashlib.new(). The hashes will be tried in the order given, so put the -# preferred one first for performance. The result of the first hash will be +# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those supported by Python +# standard hashlib.new(). The hashes will be tried in the order given, so put +# the preferred one first for performance. The result of the first hash will be # stored in the cache. This will typically be set to multiple values only while # migrating from a less secure algorithm to a more secure one. Once all the old # tokens are expired this option should be set to a single value for better # performance. (list value) +# This option is deprecated for removal since Ocata. +# Its value may be silently ignored in the future. +# Reason: PKI token format is no longer supported. #hash_algorithms = md5 +# A choice of roles that must be present in a service token. Service tokens are +# allowed to request that an expired token can be used and so this check should +# tightly control that only actual services should be sending this token. Roles +# here are applied as an ANY check so any role in this list must be present. For +# backwards compatibility reasons this currently only affects the allow_expired +# check. (list value) +#service_token_roles = service + +# For backwards compatibility reasons we must let valid service tokens pass that +# don't pass the service_token_roles check as valid. Setting this true will +# become the default in a future release and should be enabled if possible. +# (boolean value) +#service_token_roles_required = false + # Authentication type to load (string value) # Deprecated group/name - [keystone_authtoken]/auth_plugin #auth_type = @@ -1293,7 +1391,7 @@ # Reason: Replaced by [DEFAULT]/transport_url #password = -# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode) e.g. +# DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode), e.g., # [host:port, host1:port ... ] (list value) # This option is deprecated for removal. # Its value may be silently ignored in the future. @@ -1309,7 +1407,7 @@ # Time in ms to wait before the transaction is killed. (integer value) #check_timeout = 20000 -# Timeout in ms on blocking socket operations (integer value) +# Timeout in ms on blocking socket operations. (integer value) #socket_timeout = 10000 @@ -1406,6 +1504,11 @@ # Minimum value: 5 #default_notify_timeout = 30 +# The duration to schedule a purge of idle sender links. Detach link after +# expiry. (integer value) +# Minimum value: 1 +#default_sender_link_timeout = 600 + # Indicates the addressing mode used by the driver. # Permitted values: # 'legacy' - use legacy non-routable addressing @@ -1474,6 +1577,19 @@ # Minimum value: 1 #notify_server_credit = 100 +# Send messages of this type pre-settled. +# Pre-settled messages will not receive acknowledgement +# from the peer. Note well: pre-settled messages may be +# silently discarded if the delivery fails. +# Permitted values: +# 'rpc-call' - send RPC Calls pre-settled +# 'rpc-reply'- send RPC Replies pre-settled +# 'rpc-cast' - Send RPC Casts pre-settled +# 'notify' - Send Notifications pre-settled +# (multi valued) +#pre_settled = rpc-cast +#pre_settled = rpc-reply + [oslo_messaging_notifications] @@ -1593,6 +1709,7 @@ #rabbit_password = guest # The RabbitMQ login method. (string value) +# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO # Deprecated group/name - [DEFAULT]/rabbit_login_method #rabbit_login_method = AMQPLAIN @@ -1625,7 +1742,7 @@ # Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this # option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring # is no longer controlled by the x-ha-policy argument when declaring a queue. If -# you just want to make sure that all queues (except those with auto-generated +# you just want to make sure that all queues (except those with auto-generated # names) are mirrored across all nodes, run: "rabbitmqctl set_policy HA # '^(?!amq\.).*' '{"ha-mode": "all"}' " (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_ha_queues @@ -1702,6 +1819,11 @@ # (integer value) #pool_stale = 60 +# Default serialization mechanism for serializing/deserializing +# outgoing/incoming messages (string value) +# Allowed values: json, msgpack +#default_serializer_type = json + # Persist notification messages. (boolean value) #notification_persistence = false @@ -1747,7 +1869,7 @@ # Reconnecting retry count in case of connectivity problem during sending RPC # message, -1 means infinite retry. If actual retry attempts in not 0 the rpc -# request could be processed more then one time (integer value) +# request could be processed more than one time (integer value) #default_rpc_retry_attempts = -1 # Reconnecting retry delay in case of connectivity problem during sending RPC @@ -1767,7 +1889,7 @@ #rpc_zmq_bind_address = * # MatchMaker driver. (string value) -# Allowed values: redis, dummy +# Allowed values: redis, sentinel, dummy # Deprecated group/name - [DEFAULT]/rpc_zmq_matchmaker #rpc_zmq_matchmaker = redis @@ -1789,12 +1911,13 @@ # Deprecated group/name - [DEFAULT]/rpc_zmq_host #rpc_zmq_host = localhost -# Seconds to wait before a cast expires (TTL). The default value of -1 specifies -# an infinite linger period. The value of 0 specifies no linger period. Pending -# messages shall be discarded immediately when the socket is closed. Only -# supported by impl_zmq. (integer value) +# Number of seconds to wait before all pending messages will be sent after +# closing a socket. The default value of -1 specifies an infinite linger period. +# The value of 0 specifies no linger period. Pending messages shall be discarded +# immediately when the socket is closed. Positive values specify an upper bound +# for the linger period. (integer value) # Deprecated group/name - [DEFAULT]/rpc_cast_timeout -#rpc_cast_timeout = -1 +#zmq_linger = -1 # The default number of seconds that poll should wait. Poll raises timeout # exception when timeout expired. (integer value) @@ -1814,7 +1937,7 @@ # Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. (boolean # value) # Deprecated group/name - [DEFAULT]/use_pub_sub -#use_pub_sub = true +#use_pub_sub = false # Use ROUTER remote proxy. (boolean value) # Deprecated group/name - [DEFAULT]/use_router_proxy @@ -1847,7 +1970,62 @@ # a queue when server side disconnects. False means to keep queue and messages # even if server is disconnected, when the server appears we send all # accumulated messages to it. (boolean value) -#zmq_immediate = false +#zmq_immediate = true + +# Enable/disable TCP keepalive (KA) mechanism. The default value of -1 (or any +# other negative value) means to skip any overrides and leave it to OS default; +# 0 and 1 (or any other positive value) mean to disable and enable the option +# respectively. (integer value) +#zmq_tcp_keepalive = -1 + +# The duration between two keepalive transmissions in idle condition. The unit +# is platform dependent, for example, seconds in Linux, milliseconds in Windows +# etc. The default value of -1 (or any other negative value and 0) means to skip +# any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_idle = -1 + +# The number of retransmissions to be carried out before declaring that remote +# end is not available. The default value of -1 (or any other negative value and +# 0) means to skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_cnt = -1 + +# The duration between two successive keepalive retransmissions, if +# acknowledgement to the previous keepalive transmission is not received. The +# unit is platform dependent, for example, seconds in Linux, milliseconds in +# Windows etc. The default value of -1 (or any other negative value and 0) means +# to skip any overrides and leave it to OS default. (integer value) +#zmq_tcp_keepalive_intvl = -1 + +# Maximum number of (green) threads to work concurrently. (integer value) +#rpc_thread_pool_size = 100 + +# Expiration timeout in seconds of a sent/received message after which it is not +# tracked anymore by a client/server. (integer value) +#rpc_message_ttl = 300 + +# Wait for message acknowledgements from receivers. This mechanism works only +# via proxy without PUB/SUB. (boolean value) +#rpc_use_acks = false + +# Number of seconds to wait for an ack from a cast/call. After each retry +# attempt this timeout is multiplied by some specified multiplier. (integer +# value) +#rpc_ack_timeout_base = 15 + +# Number to multiply base ack timeout by after each retry attempt. (integer +# value) +#rpc_ack_timeout_multiplier = 2 + +# Default number of message sending attempts in case of any problems occurred: +# positive value N means at most N retries, 0 means no retries, None or -1 (or +# any other negative values) mean to retry forever. This option is used only if +# acknowledgments are enabled. (integer value) +#rpc_retry_attempts = 3 + +# List of publisher hosts SubConsumer can subscribe on. This option has higher +# priority then the default publishers list taken from the matchmaker. (list +# value) +#subscribe_on = [oslo_policy] @@ -1856,7 +2034,7 @@ # From oslo.policy # -# The JSON file that defines policies. (string value) +# The file that defines policies. (string value) # Deprecated group/name - [DEFAULT]/policy_file #policy_file = policy.json diff --git a/etc/glance-scrubber.conf b/etc/glance-scrubber.conf index 1c7efe96c2..d7de729d43 100644 --- a/etc/glance-scrubber.conf +++ b/etc/glance-scrubber.conf @@ -941,7 +941,7 @@ # Log output to standard error. This option is ignored if log_config_append is # set. (boolean value) -#use_stderr = true +#use_stderr = false # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s @@ -975,6 +975,18 @@ # value) #instance_uuid_format = "[instance: %(uuid)s] " +# Interval, number of seconds, of log rate limiting. (integer value) +#rate_limit_interval = 0 + +# Maximum number of logged messages per rate_limit_interval. (integer value) +#rate_limit_burst = 0 + +# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG or +# empty string. Logs with level greater or equal to rate_limit_except_level are +# not filtered. An empty string means that all levels are filtered. (string +# value) +#rate_limit_except_level = CRITICAL + # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false @@ -1176,7 +1188,7 @@ # /store-capabilities.html # # For more information on setting up a particular store in your -# deplyment and help with the usage of this feature, please contact +# deployment and help with the usage of this feature, please contact # the storage driver maintainers listed here: # http://docs.openstack.org/developer/glance_store/drivers/index.html # @@ -1205,8 +1217,8 @@ # # Possible values: # * A string of of the following form: -# ``::`` -# At least ``service_type`` and ``endpoint_type`` should be specified. +# ``::`` +# At least ``service_type`` and ``interface`` should be specified. # ``service_name`` can be omitted. # # Related options: @@ -1430,6 +1442,25 @@ # (string value) #rootwrap_config = /etc/glance/rootwrap.conf +# +# Volume type that will be used for volume creation in cinder. +# +# Some cinder backends can have several volume types to optimize storage usage. +# Adding this option allows an operator to choose a specific volume type +# in cinder that can be optimized for images. +# +# If this is not set, then the default volume type specified in the cinder +# configuration will be used for volume creation. +# +# Possible values: +# * A valid volume type from cinder +# +# Related options: +# * None +# +# (string value) +#cinder_volume_type = + # # Directory to which the filesystem backend store writes images. # @@ -2011,12 +2042,16 @@ # images in its own account. More details multi-tenant store can be found at # https://wiki.openstack.org/wiki/GlanceSwiftTenantSpecificStorage # +# NOTE: If using multi-tenant swift store, please make sure +# that you do not set a swift configuration file with the +# 'swift_store_config_file' option. +# # Possible values: # * True # * False # # Related options: -# * None +# * swift_store_config_file # # (boolean value) #swift_store_multi_tenant = false @@ -2232,12 +2267,15 @@ # option is highly recommended while using Swift storage backend for # image storage as it avoids storage of credentials in the database. # +# NOTE: Please do not configure this option if you have set +# ``swift_store_multi_tenant`` to ``True``. +# # Possible values: # * String value representing an absolute path on the glance-api # node # # Related options: -# * None +# * swift_store_multi_tenant # # (string value) #swift_store_config_file = @@ -2445,7 +2483,7 @@ # From oslo.policy # -# The JSON file that defines policies. (string value) +# The file that defines policies. (string value) # Deprecated group/name - [DEFAULT]/policy_file #policy_file = policy.json