# {{ ansible_managed }}

{% set _api_threads = ansible_processor_vcpus|default(2) // 2 %}
{% set api_threads = _api_threads if _api_threads > 0 else 1 %}

[DEFAULT]
verbose = {{ verbose }}
debug = {{ debug }}
fatal_deprecations = {{ glance_fatal_deprecations }}
log_file = /var/log/glance/glance-registry.log
use_syslog = False
bind_host = {{ glance_registry_bind_address }}
bind_port = {{ glance_registry_service_port }}
http_keepalive = {{ glance_http_keepalive }}
backlog = 4096
workers = {{ glance_registry_workers | default(api_threads) }}
api_limit_max = 1000
limit_param_default = 25

[database]
connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ galera_address }}/{{ glance_galera_database }}?charset=utf8

[keystone_authtoken]
auth_plugin = {{ glance_keystone_auth_plugin }}
signing_dir = {{ glance_system_user_home }}/cache/registry/
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ glance_service_project_domain_id }}
user_domain_id = {{ glance_service_user_domain_id }}
project_name = {{ glance_service_project_name }}
username = {{ glance_service_user_name }}
password = {{ glance_service_password }}

memcached_servers = {{ memcached_servers }}

token_cache_time = 300
revocation_cache_time = 60

# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}

# if your keystone deployment uses PKI, and you value security over performance:
check_revocations_for_cached = False

[oslo_policy]
policy_file = {{ glance_policy_file }}
policy_default_rule = {{ glance_policy_default_rule }}
policy_dirs = {{ glance_policy_dirs }}

[paste_deploy]
flavor = keystone

[profiler]
enabled = {{ glance_profiler_enabled }}