openstack-manuals/doc/config-reference/source/tables/glance-common.rst

Description of common configuration options

Configuration option = Default value	Description
[DEFAULT]
allow_additional_image_properties = True	(Boolean) Allow users to add additional/custom properties to images. Glance defines a standard set of properties (in its schema) that appear on every image. These properties are also known as base properties. In addition to these properties, Glance allows users to add custom properties to images. These are known as additional properties. By default, this configuration option is set to True and users are allowed to add additional properties. The number of additional properties that can be added to an image can be controlled via image_property_quota configuration option. Possible values: True False Related options: image_property_quota
api_limit_max = 1000	(Integer) Maximum number of results that could be returned by a request. As described in the help text of limit_param_default, some requests may return multiple results. The number of results to be returned are governed either by the limit parameter in the request or the limit_param_default configuration option. The value in either case, can't be greater than the absolute maximum defined by this configuration option. Anything greater than this value is trimmed down to the maximum value defined here. NOTE: Setting this to a very large value may slow down database queries and increase response times. Setting this to a very low value may result in poor user experience. Possible values: Any positive integer Related options: limit_param_default
backlog = 4096	(Integer) Set the number of incoming connection requests. Provide a positive integer value to limit the number of requests in the backlog queue. The default queue size is 4096. An incoming connection to a TCP listener socket is queued before a connection can be established with the server. Setting the backlog for a TCP socket ensures a limited queue size for incoming traffic. Possible values: Positive integer Related options: None
bind_host = 0.0.0.0	(String) IP address to bind the glance servers to. Provide an IP address to bind the glance server to. The default value is 0.0.0.0. Edit this option to enable the server to listen on one particular IP address on the network card. This facilitates selection of a particular network interface for the server. Possible values: A valid IPv4 address A valid IPv6 address Related options: None
bind_port = None	(Port number) Port number on which the server will listen. Provide a valid port number to bind the server's socket to. This port is then set to identify processes and forward network messages that arrive at the server. The default bind_port value for the API server is 9292 and for the registry server is 9191. Possible values: A valid port number (0 to 65535) Related options: None
data_api = glance.db.sqlalchemy.api	(String) Python module path of data access API. Specifies the path to the API to use for accessing the data model. This option determines how the image catalog data will be accessed. Possible values: glance.db.sqlalchemy.api glance.db.registry.api glance.db.simple.api If this option is set to glance.db.sqlalchemy.api then the image catalog data is stored in and read from the database via the SQLAlchemy Core and ORM APIs. Setting this option to glance.db.registry.api will force all database access requests to be routed through the Registry service. This avoids data access from the Glance API nodes for an added layer of security, scalability and manageability. NOTE: In v2 OpenStack Images API, the registry service is optional. In order to use the Registry API in v2, the option enable_v2_registry must be set to True. Finally, when this configuration option is set to glance.db.simple.api, image catalog data is stored in and read from an in-memory data structure. This is primarily used for testing. Related options: enable_v2_api enable_v2_registry
digest_algorithm = sha256	(String) Digest algorithm to use for digital signature. Provide a string value representing the digest algorithm to use for generating digital signatures. By default, sha256 is used. To get a list of the available algorithms supported by the version of OpenSSL on your platform, run the command: openssl list-message-digest-algorithms. Examples are 'sha1', 'sha256', and 'sha512'. NOTE: digest_algorithm is not related to Glance's image signing and verification. It is only used to sign the universally unique identifier (UUID) as a part of the certificate file and key file validation. Possible values: An OpenSSL message digest algorithm identifier Relation options: None
executor_thread_pool_size = 64	(Integer) Size of executor thread pool.
image_location_quota = 10	(Integer) Maximum number of locations allowed on an image. Any negative value is interpreted as unlimited. Related options: None
image_member_quota = 128	(Integer) Maximum number of image members per image. This limits the maximum of users an image can be shared with. Any negative value is interpreted as unlimited. Related options: None
image_property_quota = 128	(Integer) Maximum number of properties allowed on an image. This enforces an upper limit on the number of additional properties an image can have. Any negative value is interpreted as unlimited. NOTE: This won't have any impact if additional properties are disabled. Please refer to allow_additional_image_properties. Related options: allow_additional_image_properties
image_tag_quota = 128	(Integer) Maximum number of tags allowed on an image. Any negative value is interpreted as unlimited. Related options: None
limit_param_default = 25	(Integer) The default number of results to return for a request. Responses to certain API requests, like list images, may return multiple items. The number of results returned can be explicitly controlled by specifying the limit parameter in the API request. However, if a limit parameter is not specified, this configuration value will be used as the default number of results to be returned for any API request. NOTES: The value of this configuration option may not be greater than the value specified by api_limit_max. Setting this to a very large value may slow down database queries and increase response times. Setting this to a very low value may result in poor user experience. Possible values: Any positive integer Related options: api_limit_max
metadata_encryption_key = None	(String) AES key for encrypting store location metadata. Provide a string value representing the AES cipher to use for encrypting Glance store metadata. NOTE: The AES key to use must be set to a random string of length 16, 24 or 32 bytes. Possible values: String value representing a valid AES key Related options: None
metadata_source_path = /etc/glance/metadefs/	(String) Absolute path to the directory where JSON metadefs files are stored. Glance Metadata Definitions ("metadefs") are served from the database, but are stored in files in the JSON format. The files in this directory are used to initialize the metadefs in the database. Additionally, when metadefs are exported from the database, the files are written to this directory. NOTE: If you plan to export metadefs, make sure that this directory has write permissions set for the user being used to run the glance-api service. Possible values: String value representing a valid absolute pathname Related options: None
property_protection_file = None	(String) The location of the property protection file. Provide a valid path to the property protection file which contains the rules for property protections and the roles/policies associated with them. A property protection file, when set, restricts the Glance image properties to be created, read, updated and/or deleted by a specific set of users that are identified by either roles or policies. If this configuration option is not set, by default, property protections won't be enforced. If a value is specified and the file is not found, the glance-api service will fail to start. More information on property protections can be found at: http://docs.openstack.org/developer/glance/property-protections.html Possible values: Empty string Valid path to the property protection configuration file Related options: property_protection_rule_format
property_protection_rule_format = roles	(String) Rule format for property protection. Provide the desired way to set property protection on Glance image properties. The two permissible values are roles and policies. The default value is roles. If the value is roles, the property protection file must contain a comma separated list of user roles indicating permissions for each of the CRUD operations on each property being protected. If set to policies, a policy defined in policy.json is used to express property protections for each of the CRUD operations. Examples of how property protections are enforced based on roles or policies can be found at: http://docs.openstack.org/developer/glance/property-protections.html#examples Possible values: roles policies Related options: property_protection_file
show_image_direct_url = False	(Boolean) Show direct image location when returning an image. This configuration option indicates whether to show the direct image location when returning image details to the user. The direct image location is where the image data is stored in backend storage. This image location is shown under the image property direct_url. When multiple image locations exist for an image, the best location is displayed based on the location strategy indicated by the configuration option location_strategy. NOTES: Revealing image locations can present a GRAVE SECURITY RISK as image locations can sometimes include credentials. Hence, this is set to False by default. Set this to True with EXTREME CAUTION and ONLY IF you know what you are doing! If an operator wishes to avoid showing any image location(s) to the user, then both this option and show_multiple_locations MUST be set to False. Possible values: True False Related options: show_multiple_locations location_strategy
user_storage_quota = 0	(String) Maximum amount of image storage per tenant. This enforces an upper limit on the cumulative storage consumed by all images of a tenant across all stores. This is a per-tenant limit. The default unit for this configuration option is Bytes. However, storage units can be specified using case-sensitive literals B, KB, MB, GB and TB representing Bytes, KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. Note that there should not be any space between the value and unit. Value 0 signifies no quota enforcement. Negative values are invalid and result in errors. Possible values: A string that is a valid concatenation of a non-negative integer representing the storage value and an optional string literal representing storage units as mentioned above. Related options: None
workers = None	(Integer) Number of Glance worker processes to start. Provide a non-negative integer value to set the number of child process workers to service requests. By default, the number of CPUs available is set as the value for workers. Each worker process is made to listen on the port set in the configuration file and contains a greenthread pool of size 1000. NOTE: Setting the number of workers to zero, triggers the creation of a single API process with a greenthread pool of size 1000. Possible values: 0 Positive integer value (typically equal to the number of CPUs) Related options: None
[glance_store]
rootwrap_config = /etc/glance/rootwrap.conf	(String) Path to the rootwrap configuration file to use for running commands as root. The cinder store requires root privileges to operate the image volumes (for connecting to iSCSI/FC volumes and reading/writing the volume data, etc.). The configuration file should allow the required commands by cinder store and os-brick library. Possible values: Path to the rootwrap config file Related options: None
[image_format]
container_formats = ami, ari, aki, bare, ovf, ova, docker	(List) Supported values for the 'container_format' image attribute
disk_formats = ami, ari, aki, vhd, vhdx, vmdk, raw, qcow2, vdi, iso	(List) Supported values for the 'disk_format' image attribute
[task]
task_executor = taskflow	(String) Task executor to be used to run task scripts. Provide a string value representing the executor to use for task executions. By default, TaskFlow executor is used. TaskFlow helps make task executions easy, consistent, scalable and reliable. It also enables creation of lightweight task objects and/or functions that are combined together into flows in a declarative manner. Possible values: taskflow Related Options: None
task_time_to_live = 48	(Integer) Time in hours for which a task lives after, either succeeding or failing
work_dir = /work_dir	(String) Absolute path to the work directory to use for asynchronous task operations. The directory set here will be used to operate over images - normally before they are imported in the destination store. NOTE: When providing a value for work_dir, please make sure that enough space is provided for concurrent tasks to run efficiently without running out of space. A rough estimation can be done by multiplying the number of max_workers with an average image size (e.g 500MB). The image size estimation should be done based on the average size in your deployment. Note that depending on the tasks running you may need to multiply this number by some factor depending on what the task does. For example, you may want to double the available size if image conversion is enabled. All this being said, remember these are just estimations and you should do them based on the worst case scenario and be prepared to act in case they were wrong. Possible values: String value representing the absolute path to the working directory Related Options: None