[DEFAULT] # # From glance.glare # # When true, this option sets the owner of an image to be the tenant. # Otherwise, the owner of the image will be the authenticated user # issuing the request. (boolean value) #owner_is_tenant = true # Role used to identify an authenticated user as administrator. # (string value) #admin_role = admin # Allow unauthenticated users to access the API with read-only # privileges. This only applies when using ContextMiddleware. (boolean # value) #allow_anonymous_access = false # Limits request ID length. (integer value) #max_request_id_length = 64 # Public url to use for versions endpoint. The default is None, which # will use the request's host_url attribute to populate the URL base. # If Glance is operating behind a proxy, you will want to change this # to represent the proxy's URL. (string value) #public_endpoint = # Address to bind the server. Useful when selecting a particular # network interface. (string value) #bind_host = 0.0.0.0 # The port on which the server will listen. (port value) # Minimum value: 0 # Maximum value: 65535 #bind_port = # The number of child process workers that will be created to service # requests. The default will be equal to the number of CPUs available. # (integer value) #workers = # Maximum line size of message headers to be accepted. max_header_line # may need to be increased when using large tokens (typically those # generated by the Keystone v3 API with big service catalogs (integer # value) #max_header_line = 16384 # If False, server will return the header "Connection: close", If # True, server will return "Connection: Keep-Alive" in its responses. # In order to close the client socket connection explicitly after the # response is sent and read successfully by the client, you simply # have to set this option to False when you create a wsgi server. # (boolean value) #http_keepalive = true # Timeout for client connections' socket operations. If an incoming # connection is idle for this number of seconds it will be closed. A # value of '0' means wait forever. (integer value) #client_socket_timeout = 900 # The backlog value that will be used when creating the TCP listener # socket. (integer value) #backlog = 4096 # The value for the socket option TCP_KEEPIDLE. This is the time in # seconds that the connection must be idle before TCP starts sending # keepalive probes. (integer value) #tcp_keepidle = 600 # CA certificate file to use to verify connecting clients. (string # value) #ca_file = # Certificate file to use when starting API server securely. (string # value) #cert_file = # Private key file to use when starting API server securely. (string # value) #key_file = # If False fully disable profiling feature. (boolean value) #enabled = false # If False doesn't trace SQL requests. (boolean value) #trace_sqlalchemy = false # Secret key to use to sign Glance API and Glance Registry services # tracing messages. (string value) #hmac_keys = SECRET_KEY # Default publisher_id for outgoing notifications. (string value) #default_publisher_id = image.localhost # List of disabled notifications. A notification can be given either # as a notification type to disable a single event, or as a # notification group prefix to disable all events within a group. # Example: if this config option is set to ["image.create", # "metadef_namespace"], then "image.create" notification will not be # sent after image is created and none of the notifications for # metadefinition namespaces will be sent. (list value) #disabled_notifications = # # From oslo.log # # If set to true, the logging level will be set to DEBUG instead of # the default INFO level. (boolean value) #debug = false # If set to false, the logging level will be set to WARNING instead of # the default INFO level. (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #verbose = true # The name of a logging configuration file. This file is appended to # any existing logging configuration files. For details about logging # configuration files, see the Python logging module documentation. # Note that when logging configuration files are used then all logging # configuration is set in the configuration file and other logging # configuration options are ignored (for example, # logging_context_format_string). (string value) # Deprecated group/name - [DEFAULT]/log_config #log_config_append = # Defines the format string for %%(asctime)s in log records. Default: # %(default)s . This option is ignored if log_config_append is set. # (string value) #log_date_format = %Y-%m-%d %H:%M:%S # (Optional) Name of log file to send logging output to. If no default # is set, logging will go to stderr as defined by use_stderr. This # option is ignored if log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logfile #log_file = # (Optional) The base directory used for relative log_file paths. # This option is ignored if log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logdir #log_dir = # Uses logging handler designed to watch file system. When log file is # moved or removed this handler will open a new log file with # specified path instantaneously. It makes sense only if log_file # option is specified and Linux platform is used. This option is # ignored if log_config_append is set. (boolean value) #watch_log_file = false # Use syslog for logging. Existing syslog format is DEPRECATED and # will be changed later to honor RFC5424. This option is ignored if # log_config_append is set. (boolean value) #use_syslog = false # Syslog facility to receive log lines. This option is ignored if # log_config_append is set. (string value) #syslog_log_facility = LOG_USER # Log output to standard error. This option is ignored if # log_config_append is set. (boolean value) #use_stderr = true # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s # Format string to use for log messages when context is undefined. # (string value) #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s # Additional data to append to log message when logging level for the # message is DEBUG. (string value) #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d # Prefix each line of exception output with this format. (string # value) #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s # Defines the format string for %(user_identity)s that is used in # logging_context_format_string. (string value) #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s # List of package logging levels in logger=LEVEL pairs. This option is # ignored if log_config_append is set. (list value) #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO # Enables or disables publication of error events. (boolean value) #publish_errors = false # The format for an instance that is passed with the log message. # (string value) #instance_format = "[instance: %(uuid)s] " # The format for an instance UUID that is passed with the log message. # (string value) #instance_uuid_format = "[instance: %(uuid)s] " # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false [cors] # # From oslo.middleware.cors # # Indicate whether this resource may be shared with the domain # received in the requests "origin" header. (list value) #allowed_origin = # Indicate that the actual request can include user credentials # (boolean value) #allow_credentials = true # Indicate which headers are safe to expose to the API. Defaults to # HTTP Simple Headers. (list value) #expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID # Maximum cache age of CORS preflight requests. (integer value) #max_age = 3600 # Indicate which methods can be used during the actual request. (list # value) #allow_methods = GET,PUT,POST,DELETE,PATCH # Indicate which header field names may be used during the actual # request. (list value) #allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID [cors.subdomain] # # From oslo.middleware.cors # # Indicate whether this resource may be shared with the domain # received in the requests "origin" header. (list value) #allowed_origin = # Indicate that the actual request can include user credentials # (boolean value) #allow_credentials = true # Indicate which headers are safe to expose to the API. Defaults to # HTTP Simple Headers. (list value) #expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID # Maximum cache age of CORS preflight requests. (integer value) #max_age = 3600 # Indicate which methods can be used during the actual request. (list # value) #allow_methods = GET,PUT,POST,DELETE,PATCH # Indicate which header field names may be used during the actual # request. (list value) #allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID [database] # # From oslo.db # # The file name to use with SQLite. (string value) # Deprecated group/name - [DEFAULT]/sqlite_db #sqlite_db = oslo.sqlite # If True, SQLite uses synchronous mode. (boolean value) # Deprecated group/name - [DEFAULT]/sqlite_synchronous #sqlite_synchronous = true # The back end to use for the database. (string value) # Deprecated group/name - [DEFAULT]/db_backend #backend = sqlalchemy # The SQLAlchemy connection string to use to connect to the database. # (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = # The SQLAlchemy connection string to use to connect to the slave # database. (string value) #slave_connection = # The SQL mode to be used for MySQL sessions. This option, including # the default, overrides any server-set SQL mode. To use whatever SQL # mode is set by the server configuration, set this to no value. # Example: mysql_sql_mode= (string value) #mysql_sql_mode = TRADITIONAL # Timeout before idle SQL connections are reaped. (integer value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout #idle_timeout = 3600 # Minimum number of SQL connections to keep open in a pool. (integer # value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size #min_pool_size = 1 # Maximum number of SQL connections to keep open in a pool. (integer # value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size = # Maximum number of database connection retries during startup. Set to # -1 to specify an infinite retry count. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries = 10 # Interval between retries of opening a SQL connection. (integer # value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval #retry_interval = 10 # If set, use this value for max_overflow with SQLAlchemy. (integer # value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow #max_overflow = 50 # Verbosity of SQL debugging information: 0=None, 100=Everything. # (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug #connection_debug = 0 # Add Python stack traces to SQL as comment strings. (boolean value) # Deprecated group/name - [DEFAULT]/sql_connection_trace #connection_trace = false # If set, use this value for pool_timeout with SQLAlchemy. (integer # value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout #pool_timeout = # Enable the experimental use of database reconnect on connection # lost. (boolean value) #use_db_reconnect = false # Seconds between retries of a database transaction. (integer value) #db_retry_interval = 1 # If True, increases the interval between retries of a database # operation up to db_max_retry_interval. (boolean value) #db_inc_retry_interval = true # If db_inc_retry_interval is set, the maximum seconds between retries # of a database operation. (integer value) #db_max_retry_interval = 10 # Maximum retries in case of connection error or deadlock error before # error is raised. Set to -1 to specify an infinite retry count. # (integer value) #db_max_retries = 20 # # From oslo.db.concurrency # # Enable the experimental use of thread pooling for all DB API calls # (boolean value) # Deprecated group/name - [DEFAULT]/dbapi_use_tpool #use_tpool = false [glance_store] # # From glance.store # # List of stores enabled. Valid stores are: cinder, file, http, rbd, # sheepdog, swift, s3, vsphere (list value) #stores = file,http # Default scheme to use to store image data. The scheme must be # registered by one of the stores defined by the 'stores' config # option. (string value) #default_store = file # Minimum interval seconds to execute updating dynamic storage # capabilities based on backend status then. It's not a periodic # routine, the update logic will be executed only when interval # seconds elapsed and an operation of store has triggered. The feature # will be enabled only when the option value greater then zero. # (integer value) #store_capabilities_update_min_interval = 0 # Specify the path to the CA bundle file to use in verifying the # remote server certificate. (string value) #https_ca_certificates_file = # If true, the remote server certificate is not verified. If false, # then the default CA truststore is used for verification. This option # is ignored if "https_ca_certificates_file" is set. (boolean value) #https_insecure = true # Specify the http/https proxy information that should be used to # connect to the remote server. The proxy information should be a key # value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can # specify proxies for multiple schemes by seperating the key value # pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080. # (dict value) #http_proxy_information = # If True, swiftclient won't check for a valid SSL certificate when # authenticating. (boolean value) #swift_store_auth_insecure = false # A string giving the CA certificate file to use in SSL connections # for verifying certs. (string value) #swift_store_cacert = # The region of the swift endpoint to be used for single tenant. This # setting is only necessary if the tenant has multiple swift # endpoints. (string value) #swift_store_region = # If set, the configured endpoint will be used. If None, the storage # url from the auth response will be used. (string value) #swift_store_endpoint = # A string giving the endpoint type of the swift service to use # (publicURL, adminURL or internalURL). This setting is only used if # swift_store_auth_version is 2. (string value) #swift_store_endpoint_type = publicURL # A string giving the service type of the swift service to use. This # setting is only used if swift_store_auth_version is 2. (string # value) #swift_store_service_type = object-store # Container within the account that the account should use for storing # images in Swift when using single container mode. In multiple # container mode, this will be the prefix for all containers. (string # value) #swift_store_container = glance # The size, in MB, that Glance will start chunking image files and do # a large object manifest in Swift. (integer value) #swift_store_large_object_size = 5120 # The amount of data written to a temporary disk buffer during the # process of chunking the image file. (integer value) #swift_store_large_object_chunk_size = 200 # A boolean value that determines if we create the container if it # does not exist. (boolean value) #swift_store_create_container_on_put = false # If set to True, enables multi-tenant storage mode which causes # Glance images to be stored in tenant specific Swift accounts. # (boolean value) #swift_store_multi_tenant = false # When set to 0, a single-tenant store will only use one container to # store all images. When set to an integer value between 1 and 32, a # single-tenant store will use multiple containers to store images, # and this value will determine how many containers are created.Used # only when swift_store_multi_tenant is disabled. The total number of # containers that will be used is equal to 16^N, so if this config # option is set to 2, then 16^2=256 containers will be used to store # images. (integer value) #swift_store_multiple_containers_seed = 0 # A list of tenants that will be granted read/write access on all # Swift containers created by Glance in multi-tenant mode. (list # value) #swift_store_admin_tenants = # If set to False, disables SSL layer compression of https swift # requests. Setting to False may improve performance for images which # are already in a compressed format, eg qcow2. (boolean value) #swift_store_ssl_compression = true # The number of times a Swift download will be retried before the # request fails. (integer value) #swift_store_retry_get_count = 0 # The period of time (in seconds) before token expirationwhen # glance_store will try to reques new user token. Default value 60 sec # means that if token is going to expire in 1 min then glance_store # request new user token. (integer value) #swift_store_expire_soon_interval = 60 # If set to True create a trust for each add/get request to Multi- # tenant store in order to prevent authentication token to be expired # during uploading/downloading data. If set to False then user token # is used for Swift connection (so no overhead on trust creation). # Please note that this option is considered only and only if # swift_store_multi_tenant=True (boolean value) #swift_store_use_trusts = true # The reference to the default swift account/backing store parameters # to use for adding new images. (string value) #default_swift_reference = ref1 # Version of the authentication service to use. Valid versions are 2 # and 3 for keystone and 1 (deprecated) for swauth and rackspace. # (deprecated - use "auth_version" in swift_store_config_file) (string # value) #swift_store_auth_version = 2 # The address where the Swift authentication service is listening. # (deprecated - use "auth_address" in swift_store_config_file) (string # value) #swift_store_auth_address = # The user to authenticate against the Swift authentication service # (deprecated - use "user" in swift_store_config_file) (string value) #swift_store_user = # Auth key for the user authenticating against the Swift # authentication service. (deprecated - use "key" in # swift_store_config_file) (string value) #swift_store_key = # The config file that has the swift account(s)configs. (string value) #swift_store_config_file = # RADOS images will be chunked into objects of this size (in # megabytes). For best performance, this should be a power of two. # (integer value) #rbd_store_chunk_size = 8 # RADOS pool in which images are stored. (string value) #rbd_store_pool = images # RADOS user to authenticate as (only applicable if using Cephx. If # , a default will be chosen based on the client. section in # rbd_store_ceph_conf) (string value) #rbd_store_user = # Ceph configuration file path. If , librados will locate the # default config. If using cephx authentication, this file should # include a reference to the right keyring in a client. section # (string value) #rbd_store_ceph_conf = /etc/ceph/ceph.conf # Timeout value (in seconds) used when connecting to ceph cluster. If # value <= 0, no timeout is set and default librados value is used. # (integer value) #rados_connect_timeout = 0 # Info to match when looking for cinder in the service catalog. Format # is : separated values of the form: # :: (string value) #cinder_catalog_info = volumev2::publicURL # Override service catalog lookup with template for cinder endpoint # e.g. http://localhost:8776/v2/%(tenant)s (string value) #cinder_endpoint_template = # Region name of this node. If specified, it will be used to locate # OpenStack services for stores. (string value) # Deprecated group/name - [DEFAULT]/os_region_name #cinder_os_region_name = # Location of ca certicates file to use for cinder client requests. # (string value) #cinder_ca_certificates_file = # Number of cinderclient retries on failed http calls (integer value) #cinder_http_retries = 3 # Time period of time in seconds to wait for a cinder volume # transition to complete. (integer value) #cinder_state_transition_timeout = 300 # Allow to perform insecure SSL requests to cinder (boolean value) #cinder_api_insecure = false # The address where the Cinder authentication service is listening. If # , the cinder endpoint in the service catalog is used. (string # value) #cinder_store_auth_address = # User name to authenticate against Cinder. If , the user of # current context is used. (string value) #cinder_store_user_name = # Password for the user authenticating against Cinder. If , the # current context auth token is used. (string value) #cinder_store_password = # Project name where the image is stored in Cinder. If , the # project in current context is used. (string value) #cinder_store_project_name = # Path to the rootwrap configuration file to use for running commands # as root. (string value) #rootwrap_config = /etc/glance/rootwrap.conf # The host where the S3 server is listening. (string value) #s3_store_host = # The S3 query token access key. (string value) #s3_store_access_key = # The S3 query token secret key. (string value) #s3_store_secret_key = # The S3 bucket to be used to store the Glance data. (string value) #s3_store_bucket = # The local directory where uploads will be staged before they are # transferred into S3. (string value) #s3_store_object_buffer_dir = # A boolean to determine if the S3 bucket should be created on upload # if it does not exist or if an error should be returned to the user. # (boolean value) #s3_store_create_bucket_on_put = false # The S3 calling format used to determine the bucket. Either subdomain # or path can be used. (string value) #s3_store_bucket_url_format = subdomain # What size, in MB, should S3 start chunking image files and do a # multipart upload in S3. (integer value) #s3_store_large_object_size = 100 # What multipart upload part size, in MB, should S3 use when uploading # parts. The size must be greater than or equal to 5M. (integer value) #s3_store_large_object_chunk_size = 10 # The number of thread pools to perform a multipart upload in S3. # (integer value) #s3_store_thread_pools = 10 # Enable the use of a proxy. (boolean value) #s3_store_enable_proxy = false # Address or hostname for the proxy server. (string value) #s3_store_proxy_host = # The port to use when connecting over a proxy. (integer value) #s3_store_proxy_port = 8080 # The username to connect to the proxy. (string value) #s3_store_proxy_user = # The password to use when connecting over a proxy. (string value) #s3_store_proxy_password = # Images will be chunked into objects of this size (in megabytes). For # best performance, this should be a power of two. (integer value) #sheepdog_store_chunk_size = 64 # Port of sheep daemon. (integer value) #sheepdog_store_port = 7000 # IP address of sheep daemon. (string value) #sheepdog_store_address = localhost # Directory to which the Filesystem backend store writes images. # (string value) #filesystem_store_datadir = /var/lib/glance/images # List of directories and its priorities to which the Filesystem # backend store writes images. (multi valued) #filesystem_store_datadirs = # The path to a file which contains the metadata to be returned with # any location associated with this store. The file must contain a # valid JSON object. The object should contain the keys 'id' and # 'mountpoint'. The value for both keys should be 'string'. (string # value) #filesystem_store_metadata_file = # The required permission for created image file. In this way the user # other service used, e.g. Nova, who consumes the image could be the # exclusive member of the group that owns the files created. Assigning # it less then or equal to zero means don't change the default # permission of the file. This value will be decoded as an octal # digit. (integer value) #filesystem_store_file_perm = 0 # ESX/ESXi or vCenter Server target system. The server value can be an # IP address or a DNS name. (string value) #vmware_server_host = # Username for authenticating with VMware ESX/VC server. (string # value) #vmware_server_username = # Password for authenticating with VMware ESX/VC server. (string # value) #vmware_server_password = # Number of times VMware ESX/VC server API must be retried upon # connection related issues. (integer value) #vmware_api_retry_count = 10 # The interval used for polling remote tasks invoked on VMware ESX/VC # server. (integer value) #vmware_task_poll_interval = 5 # The name of the directory where the glance images will be stored in # the VMware datastore. (string value) #vmware_store_image_dir = /openstack_glance # If true, the ESX/vCenter server certificate is not verified. If # false, then the default CA truststore is used for verification. This # option is ignored if "vmware_ca_file" is set. (boolean value) # Deprecated group/name - [DEFAULT]/vmware_api_insecure #vmware_insecure = false # Specify a CA bundle file to use in verifying the ESX/vCenter server # certificate. (string value) #vmware_ca_file = # A list of datastores where the image can be stored. This option may # be specified multiple times for specifying multiple datastores. The # datastore name should be specified after its datacenter path, # seperated by ":". An optional weight may be given after the # datastore name, seperated again by ":". Thus, the required format # becomes ::. When # adding an image, the datastore with highest weight will be selected, # unless there is not enough free space available in cases where the # image size is already known. If no weight is given, it is assumed to # be zero and the directory will be considered for selection last. If # multiple datastores have the same weight, then the one with the most # free space available is selected. (multi valued) #vmware_datastores = [keystone_authtoken] # # From keystonemiddleware.auth_token # # Complete public Identity API endpoint. (string value) #auth_uri = # API version of the admin Identity API endpoint. (string value) #auth_version = # Do not handle authorization requests within the middleware, but # delegate the authorization decision to downstream WSGI components. # (boolean value) #delay_auth_decision = false # Request timeout value for communicating with Identity API server. # (integer value) #http_connect_timeout = # How many times are we trying to reconnect when communicating with # Identity API Server. (integer value) #http_request_max_retries = 3 # Env key for the swift cache. (string value) #cache = # Required if identity server requires client certificate (string # value) #certfile = # Required if identity server requires client certificate (string # value) #keyfile = # A PEM encoded Certificate Authority to use when verifying HTTPs # connections. Defaults to system CAs. (string value) #cafile = # Verify HTTPS connections. (boolean value) #insecure = false # The region in which the identity server can be found. (string value) #region_name = # Directory used to cache files related to PKI tokens. (string value) #signing_dir = # Optionally specify a list of memcached server(s) to use for caching. # If left undefined, tokens will instead be cached in-process. (list # value) # Deprecated group/name - [DEFAULT]/memcache_servers #memcached_servers = # In order to prevent excessive effort spent validating tokens, the # middleware caches previously-seen tokens for a configurable duration # (in seconds). Set to -1 to disable caching completely. (integer # value) #token_cache_time = 300 # Determines the frequency at which the list of revoked tokens is # retrieved from the Identity service (in seconds). A high number of # revocation events combined with a low cache duration may # significantly reduce performance. (integer value) #revocation_cache_time = 10 # (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token data is # encrypted and authenticated in the cache. If the value is not one of # these options or empty, auth_token will raise an exception on # initialization. (string value) # Allowed values: None, MAC, ENCRYPT #memcache_security_strategy = None # (Optional, mandatory if memcache_security_strategy is defined) This # string is used for key derivation. (string value) #memcache_secret_key = # (Optional) Number of seconds memcached server is considered dead # before it is tried again. (integer value) #memcache_pool_dead_retry = 300 # (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize = 10 # (Optional) Socket timeout in seconds for communicating with a # memcached server. (integer value) #memcache_pool_socket_timeout = 3 # (Optional) Number of seconds a connection to memcached is held # unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout = 60 # (Optional) Number of seconds that an operation will wait to get a # memcached client connection from the pool. (integer value) #memcache_pool_conn_get_timeout = 10 # (Optional) Use the advanced (eventlet safe) memcached client pool. # The advanced pool will only work under python 2.x. (boolean value) #memcache_use_advanced_pool = false # (Optional) Indicate whether to set the X-Service-Catalog header. If # False, middleware will not ask for service catalog on token # validation and will not set the X-Service-Catalog header. (boolean # value) #include_service_catalog = true # Used to control the use and type of token binding. Can be set to: # "disabled" to not check token binding. "permissive" (default) to # validate binding information if the bind type is of a form known to # the server and ignore it if not. "strict" like "permissive" but if # the bind type is unknown the token will be rejected. "required" any # form of token binding is needed to be allowed. Finally the name of a # binding method that must be present in tokens. (string value) #enforce_token_bind = permissive # If true, the revocation list will be checked for cached tokens. This # requires that PKI tokens are configured on the identity server. # (boolean value) #check_revocations_for_cached = false # Hash algorithms to use for hashing PKI tokens. This may be a single # algorithm or multiple. The algorithms are those supported by Python # standard hashlib.new(). The hashes will be tried in the order given, # so put the preferred one first for performance. The result of the # first hash will be stored in the cache. This will typically be set # to multiple values only while migrating from a less secure algorithm # to a more secure one. Once all the old tokens are expired this # option should be set to a single value for better performance. (list # value) #hash_algorithms = md5 # Authentication type to load (unknown value) # Deprecated group/name - [DEFAULT]/auth_plugin #auth_type = # Config Section from which to load plugin specific options (unknown # value) #auth_section = [paste_deploy] # # From glance.glare # # Partial name of a pipeline in your paste configuration file with the # service name removed. For example, if your paste section name is # [pipeline:glance-api-keystone] use the value "keystone" (string # value) #flavor = # Name of the paste configuration file. (string value) #config_file =