diff --git a/conf/etc/glance/glance-api-paste.ini b/conf/etc/glance/glance-api-paste.ini deleted file mode 100644 index 9efd19f..0000000 --- a/conf/etc/glance/glance-api-paste.ini +++ /dev/null @@ -1,87 +0,0 @@ -# Use this pipeline for no auth or image caching - DEFAULT -[pipeline:glance-api] -pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context rootapp - -# Use this pipeline for image caching and no auth -[pipeline:glance-api-caching] -pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context cache rootapp - -# Use this pipeline for caching w/ management interface but no auth -[pipeline:glance-api-cachemanagement] -pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp - -# Use this pipeline for keystone auth -[pipeline:glance-api-keystone] -pipeline = cors healthcheck versionnegotiation osprofiler authtoken context rootapp - -# Use this pipeline for keystone auth with image caching -[pipeline:glance-api-keystone+caching] -pipeline = cors healthcheck versionnegotiation osprofiler authtoken context cache rootapp - -# Use this pipeline for keystone auth with caching and cache management -[pipeline:glance-api-keystone+cachemanagement] -pipeline = cors healthcheck versionnegotiation osprofiler authtoken context cache cachemanage rootapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user. -[pipeline:glance-api-trusted-auth] -pipeline = cors healthcheck versionnegotiation osprofiler context rootapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user and uses cache management -[pipeline:glance-api-trusted-auth+cachemanagement] -pipeline = cors healthcheck versionnegotiation osprofiler context cache cachemanage rootapp - -[composite:rootapp] -paste.composite_factory = glance.api:root_app_factory -/: apiversions -/v1: apiv1app -/v2: apiv2app - -[app:apiversions] -paste.app_factory = glance.api.versions:create_resource - -[app:apiv1app] -paste.app_factory = glance.api.v1.router:API.factory - -[app:apiv2app] -paste.app_factory = glance.api.v2.router:API.factory - -[filter:healthcheck] -paste.filter_factory = oslo_middleware:Healthcheck.factory -backends = disable_by_file -disable_by_file_path = /etc/glance/healthcheck_disable - -[filter:versionnegotiation] -paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory - -[filter:cache] -paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory - -[filter:cachemanage] -paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory -delay_auth_decision = true - -[filter:gzip] -paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY #DEPRECATED -enabled = yes #DEPRECATED - -[filter:cors] -paste.filter_factory = oslo_middleware.cors:filter_factory -oslo_config_project = glance -oslo_config_program = glance-api diff --git a/conf/etc/glance/glance-api.conf b/conf/etc/glance/glance-api.conf deleted file mode 100644 index 228b892..0000000 --- a/conf/etc/glance/glance-api.conf +++ /dev/null @@ -1,1770 +0,0 @@ -[DEFAULT] - -# -# From glance.api -# - -# When true, this option sets the owner of an image to be the tenant. -# Otherwise, the owner of the image will be the authenticated user -# issuing the request. (boolean value) -#owner_is_tenant = true - -# Role used to identify an authenticated user as administrator. -# (string value) -#admin_role = admin - -# Allow unauthenticated users to access the API with read-only -# privileges. This only applies when using ContextMiddleware. (boolean -# value) -#allow_anonymous_access = false - -# Limits request ID length. (integer value) -#max_request_id_length = 64 - -# Public url to use for versions endpoint. The default is None, which -# will use the request's host_url attribute to populate the URL base. -# If Glance is operating behind a proxy, you will want to change this -# to represent the proxy's URL. (string value) -#public_endpoint = - -# Whether to allow users to specify image properties beyond what the -# image schema provides (boolean value) -#allow_additional_image_properties = true - -# Maximum number of image members per image. Negative values evaluate -# to unlimited. (integer value) -#image_member_quota = 128 - -# Maximum number of properties allowed on an image. Negative values -# evaluate to unlimited. (integer value) -#image_property_quota = 128 - -# Maximum number of tags allowed on an image. Negative values evaluate -# to unlimited. (integer value) -#image_tag_quota = 128 - -# Maximum number of locations allowed on an image. Negative values -# evaluate to unlimited. (integer value) -#image_location_quota = 10 - -# Python module path of data access API (string value) -#data_api = glance.db.sqlalchemy.api - -# Default value for the number of items returned by a request if not -# specified explicitly in the request (integer value) -#limit_param_default = 25 - -# Maximum permissible number of items that could be returned by a -# request (integer value) -#api_limit_max = 1000 - -# Whether to include the backend image storage location in image -# properties. Revealing storage location can be a security risk, so -# use this setting with caution! (boolean value) -#show_image_direct_url = false - -# Whether to include the backend image locations in image properties. -# For example, if using the file system store a URL of -# "file:///path/to/image" will be returned to the user in the -# 'direct_url' meta-data field. Revealing storage location can be a -# security risk, so use this setting with caution! Setting this to -# true overrides the show_image_direct_url option. (boolean value) -#show_multiple_locations = false - -# Maximum size of image a user can upload in bytes. Defaults to -# 1099511627776 bytes (1 TB).WARNING: this value should only be -# increased after careful consideration and must be set to a value -# under 8 EB (9223372036854775808). (integer value) -# Maximum value: 9223372036854775808 -#image_size_cap = 1099511627776 - -# Set a system wide quota for every user. This value is the total -# capacity that a user can use across all storage systems. A value of -# 0 means unlimited.Optional unit can be specified for the value. -# Accepted units are B, KB, MB, GB and TB representing Bytes, -# KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no -# unit is specified then Bytes is assumed. Note that there should not -# be any space between value and unit and units are case sensitive. -# (string value) -#user_storage_quota = 0 - -# Deploy the v1 OpenStack Images API. (boolean value) -#enable_v1_api = true - -# Deploy the v2 OpenStack Images API. (boolean value) -#enable_v2_api = true - -# Deploy the v1 OpenStack Registry API. (boolean value) -#enable_v1_registry = true - -# Deploy the v2 OpenStack Registry API. (boolean value) -#enable_v2_registry = true - -# The hostname/IP of the pydev process listening for debug connections -# (string value) -#pydev_worker_debug_host = - -# The port on which a pydev process is listening for connections. -# (port value) -# Minimum value: 0 -# Maximum value: 65535 -#pydev_worker_debug_port = 5678 - -# AES key for encrypting store 'location' metadata. This includes, if -# used, Swift or S3 credentials. Should be set to a random string of -# length 16, 24 or 32 bytes (string value) -#metadata_encryption_key = - -# Digest algorithm which will be used for digital signature. Use the -# command "openssl list-message-digest-algorithms" to get the -# available algorithms supported by the version of OpenSSL on the -# platform. Examples are "sha1", "sha256", "sha512", etc. (string -# value) -#digest_algorithm = sha256 - -# This value sets what strategy will be used to determine the image -# location order. Currently two strategies are packaged with Glance -# 'location_order' and 'store_type'. (string value) -# Allowed values: location_order, store_type -#location_strategy = location_order - -# The location of the property protection file.This file contains the -# rules for property protections and the roles/policies associated -# with it. If this config value is not specified, by default, property -# protections won't be enforced. If a value is specified and the file -# is not found, then the glance-api service will not start. (string -# value) -#property_protection_file = - -# This config value indicates whether "roles" or "policies" are used -# in the property protection file. (string value) -# Allowed values: roles, policies -#property_protection_rule_format = roles - -# Modules of exceptions that are permitted to be recreated upon -# receiving exception data from an rpc call. (list value) -#allowed_rpc_exception_modules = glance.common.exception,builtins,exceptions - -# Address to bind the server. Useful when selecting a particular -# network interface. (string value) -#bind_host = 0.0.0.0 - -# The port on which the server will listen. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#bind_port = - -# The number of child process workers that will be created to service -# requests. The default will be equal to the number of CPUs available. -# (integer value) -#workers = - -# Maximum line size of message headers to be accepted. max_header_line -# may need to be increased when using large tokens (typically those -# generated by the Keystone v3 API with big service catalogs (integer -# value) -#max_header_line = 16384 - -# If False, server will return the header "Connection: close", If -# True, server will return "Connection: Keep-Alive" in its responses. -# In order to close the client socket connection explicitly after the -# response is sent and read successfully by the client, you simply -# have to set this option to False when you create a wsgi server. -# (boolean value) -#http_keepalive = true - -# Timeout for client connections' socket operations. If an incoming -# connection is idle for this number of seconds it will be closed. A -# value of '0' means wait forever. (integer value) -#client_socket_timeout = 900 - -# The backlog value that will be used when creating the TCP listener -# socket. (integer value) -#backlog = 4096 - -# The value for the socket option TCP_KEEPIDLE. This is the time in -# seconds that the connection must be idle before TCP starts sending -# keepalive probes. (integer value) -#tcp_keepidle = 600 - -# CA certificate file to use to verify connecting clients. (string -# value) -#ca_file = - -# Certificate file to use when starting API server securely. (string -# value) -#cert_file = - -# Private key file to use when starting API server securely. (string -# value) -#key_file = - -# The path to the sqlite file database that will be used for image -# cache management. (string value) -#image_cache_sqlite_db = cache.db - -# The driver to use for image cache management. (string value) -#image_cache_driver = sqlite - -# The upper limit (the maximum size of accumulated cache in bytes) -# beyond which the cache pruner, if running, starts cleaning the image -# cache. (integer value) -#image_cache_max_size = 10737418240 - -# The amount of time to let an incomplete image remain in the cache, -# before the cache cleaner, if running, will remove the incomplete -# image. (integer value) -#image_cache_stall_time = 86400 - -# Base directory that the image cache uses. (string value) -#image_cache_dir = - -# Default publisher_id for outgoing notifications. (string value) -#default_publisher_id = image.localhost - -# List of disabled notifications. A notification can be given either -# as a notification type to disable a single event, or as a -# notification group prefix to disable all events within a group. -# Example: if this config option is set to ["image.create", -# "metadef_namespace"], then "image.create" notification will not be -# sent after image is created and none of the notifications for -# metadefinition namespaces will be sent. (list value) -#disabled_notifications = - -# Address to find the registry server. (string value) -#registry_host = 0.0.0.0 - -# Port the registry server is listening on. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#registry_port = 9191 - -# Whether to pass through the user token when making requests to the -# registry. To prevent failures with token expiration during big files -# upload, it is recommended to set this parameter to False.If -# "use_user_token" is not in effect, then admin credentials can be -# specified. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#use_user_token = true - -# The administrators user name. If "use_user_token" is not in effect, -# then admin credentials can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#admin_user = - -# The administrators password. If "use_user_token" is not in effect, -# then admin credentials can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#admin_password = - -# The tenant name of the administrative user. If "use_user_token" is -# not in effect, then admin tenant name can be specified. (string -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#admin_tenant_name = - -# The URL to the keystone service. If "use_user_token" is not in -# effect and using keystone auth, then URL of keystone can be -# specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#auth_url = - -# The strategy to use for authentication. If "use_user_token" is not -# in effect, then auth strategy can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#auth_strategy = noauth - -# The region for the authentication service. If "use_user_token" is -# not in effect and using keystone auth, then region name can be -# specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#auth_region = - -# The protocol to use for communication with the registry server. -# Either http or https. (string value) -#registry_client_protocol = http - -# The path to the key file to use in SSL connections to the registry -# server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE -# environment variable to a filepath of the key file (string value) -#registry_client_key_file = - -# The path to the cert file to use in SSL connections to the registry -# server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE -# environment variable to a filepath of the CA cert file (string -# value) -#registry_client_cert_file = - -# The path to the certifying authority cert file to use in SSL -# connections to the registry server, if any. Alternately, you may set -# the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the -# CA cert file. (string value) -#registry_client_ca_file = - -# When using SSL in connections to the registry server, do not require -# validation via a certifying authority. This is the registry's -# equivalent of specifying --insecure on the command line using -# glanceclient for the API. (boolean value) -#registry_client_insecure = false - -# The period of time, in seconds, that the API server will wait for a -# registry request to complete. A value of 0 implies no timeout. -# (integer value) -#registry_client_timeout = 600 - -# Whether to pass through headers containing user and tenant -# information when making requests to the registry. This allows the -# registry to use the context middleware without keystonemiddleware's -# auth_token middleware, removing calls to the keystone auth service. -# It is recommended that when using this option, secure communication -# between glance api and glance registry is ensured by means other -# than auth_token middleware. (boolean value) -#send_identity_headers = false - -# The amount of time in seconds to delay before performing a delete. -# (integer value) -#scrub_time = 0 - -# The size of thread pool to be used for scrubbing images. The default -# is one, which signifies serial scrubbing. Any value above one -# indicates the max number of images that may be scrubbed in parallel. -# (integer value) -#scrub_pool_size = 1 - -# Turn on/off delayed delete. (boolean value) -#delayed_delete = false - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of -# the default INFO level. (boolean value) -#debug = false - -# If set to false, the logging level will be set to WARNING instead of -# the default INFO level. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#verbose = true - -# The name of a logging configuration file. This file is appended to -# any existing logging configuration files. For details about logging -# configuration files, see the Python logging module documentation. -# Note that when logging configuration files are used then all logging -# configuration is set in the configuration file and other logging -# configuration options are ignored (for example, -# logging_context_format_string). (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. -# (string value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default -# is set, logging will go to stderr as defined by use_stderr. This -# option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative log_file paths. -# This option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# Uses logging handler designed to watch file system. When log file is -# moved or removed this handler will open a new log file with -# specified path instantaneously. It makes sense only if log_file -# option is specified and Linux platform is used. This option is -# ignored if log_config_append is set. (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and -# will be changed later to honor RFC5424. This option is ignored if -# log_config_append is set. (boolean value) -#use_syslog = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Log output to standard error. This option is ignored if -# log_config_append is set. (boolean value) -#use_stderr = true - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. -# (string value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the -# message is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string -# value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is -# ignored if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. -# (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. -# (string value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# -# From oslo.messaging -# - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size = 30 - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve to this -# address. (string value) -#rpc_zmq_bind_address = * - -# MatchMaker driver. (string value) -# Allowed values: redis, dummy -#rpc_zmq_matchmaker = redis - -# Type of concurrency used. Either "native" or "eventlet" (string -# value) -#rpc_zmq_concurrency = eventlet - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts = 1 - -# Maximum number of ingress messages to locally buffer per topic. -# Default is unlimited. (integer value) -#rpc_zmq_topic_backlog = - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir = /var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP address. -# Must match "host" option, if running Nova. (string value) -#rpc_zmq_host = localhost - -# Seconds to wait before a cast expires (TTL). The default value of -1 -# specifies an infinite linger period. The value of 0 specifies no -# linger period. Pending messages shall be discarded immediately when -# the socket is closed. Only supported by impl_zmq. (integer value) -#rpc_cast_timeout = -1 - -# The default number of seconds that poll should wait. Poll raises -# timeout exception when timeout expired. (integer value) -#rpc_poll_timeout = 1 - -# Expiration timeout in seconds of a name service record about -# existing target ( < 0 means no timeout). (integer value) -#zmq_target_expire = 120 - -# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. -# (boolean value) -#use_pub_sub = true - -# Minimal port number for random ports range. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#rpc_zmq_min_port = 49152 - -# Maximal port number for random ports range. (integer value) -# Minimum value: 1 -# Maximum value: 65536 -#rpc_zmq_max_port = 65536 - -# Number of retries to find free port number before fail with -# ZMQBindError. (integer value) -#rpc_zmq_bind_port_retries = 100 - -# Size of executor thread pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size -#executor_thread_pool_size = 64 - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout = 60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend option -# and driver specific configuration. (string value) -#transport_url = - -# The messaging driver to use, defaults to rabbit. Other drivers -# include amqp and zmq. (string value) -#rpc_backend = rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the transport_url -# option. (string value) -#control_exchange = openstack - - -[cors] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain -# received in the requests "origin" header. (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials -# (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to -# HTTP Simple Headers. (list value) -#expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list -# value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual -# request. (list value) -#allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID - - -[cors.subdomain] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain -# received in the requests "origin" header. (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials -# (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to -# HTTP Simple Headers. (list value) -#expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list -# value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual -# request. (list value) -#allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID - - -[database] - -# -# From oslo.db -# - -# The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. -# (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = - -# The SQLAlchemy connection string to use to connect to the slave -# database. (string value) -#slave_connection = - -# The SQL mode to be used for MySQL sessions. This option, including -# the default, overrides any server-set SQL mode. To use whatever SQL -# mode is set by the server configuration, set this to no value. -# Example: mysql_sql_mode= (string value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = - -# Maximum number of database connection retries during startup. Set to -# -1 to specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = 50 - -# Verbosity of SQL debugging information: 0=None, 100=Everything. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = - -# Enable the experimental use of database reconnect on connection -# lost. (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database -# operation up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries -# of a database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before -# error is raised. Set to -1 to specify an infinite retry count. -# (integer value) -#db_max_retries = 20 - -# -# From oslo.db.concurrency -# - -# Enable the experimental use of thread pooling for all DB API calls -# (boolean value) -# Deprecated group/name - [DEFAULT]/dbapi_use_tpool -#use_tpool = false - - -[glance_store] - -# -# From glance.store -# - -# List of stores enabled. Valid stores are: cinder, file, http, rbd, -# sheepdog, swift, s3, vsphere (list value) -#stores = file,http - -# Default scheme to use to store image data. The scheme must be -# registered by one of the stores defined by the 'stores' config -# option. (string value) -#default_store = file - -# Minimum interval seconds to execute updating dynamic storage -# capabilities based on backend status then. It's not a periodic -# routine, the update logic will be executed only when interval -# seconds elapsed and an operation of store has triggered. The feature -# will be enabled only when the option value greater then zero. -# (integer value) -#store_capabilities_update_min_interval = 0 - -# Specify the path to the CA bundle file to use in verifying the -# remote server certificate. (string value) -#https_ca_certificates_file = - -# If true, the remote server certificate is not verified. If false, -# then the default CA truststore is used for verification. This option -# is ignored if "https_ca_certificates_file" is set. (boolean value) -#https_insecure = true - -# Specify the http/https proxy information that should be used to -# connect to the remote server. The proxy information should be a key -# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can -# specify proxies for multiple schemes by seperating the key value -# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080. -# (dict value) -#http_proxy_information = - -# If True, swiftclient won't check for a valid SSL certificate when -# authenticating. (boolean value) -#swift_store_auth_insecure = false - -# A string giving the CA certificate file to use in SSL connections -# for verifying certs. (string value) -#swift_store_cacert = - -# The region of the swift endpoint to be used for single tenant. This -# setting is only necessary if the tenant has multiple swift -# endpoints. (string value) -#swift_store_region = - -# If set, the configured endpoint will be used. If None, the storage -# url from the auth response will be used. (string value) -#swift_store_endpoint = - -# A string giving the endpoint type of the swift service to use -# (publicURL, adminURL or internalURL). This setting is only used if -# swift_store_auth_version is 2. (string value) -#swift_store_endpoint_type = publicURL - -# A string giving the service type of the swift service to use. This -# setting is only used if swift_store_auth_version is 2. (string -# value) -#swift_store_service_type = object-store - -# Container within the account that the account should use for storing -# images in Swift when using single container mode. In multiple -# container mode, this will be the prefix for all containers. (string -# value) -#swift_store_container = glance - -# The size, in MB, that Glance will start chunking image files and do -# a large object manifest in Swift. (integer value) -#swift_store_large_object_size = 5120 - -# The amount of data written to a temporary disk buffer during the -# process of chunking the image file. (integer value) -#swift_store_large_object_chunk_size = 200 - -# A boolean value that determines if we create the container if it -# does not exist. (boolean value) -#swift_store_create_container_on_put = false - -# If set to True, enables multi-tenant storage mode which causes -# Glance images to be stored in tenant specific Swift accounts. -# (boolean value) -#swift_store_multi_tenant = false - -# When set to 0, a single-tenant store will only use one container to -# store all images. When set to an integer value between 1 and 32, a -# single-tenant store will use multiple containers to store images, -# and this value will determine how many containers are created.Used -# only when swift_store_multi_tenant is disabled. The total number of -# containers that will be used is equal to 16^N, so if this config -# option is set to 2, then 16^2=256 containers will be used to store -# images. (integer value) -#swift_store_multiple_containers_seed = 0 - -# A list of tenants that will be granted read/write access on all -# Swift containers created by Glance in multi-tenant mode. (list -# value) -#swift_store_admin_tenants = - -# If set to False, disables SSL layer compression of https swift -# requests. Setting to False may improve performance for images which -# are already in a compressed format, eg qcow2. (boolean value) -#swift_store_ssl_compression = true - -# The number of times a Swift download will be retried before the -# request fails. (integer value) -#swift_store_retry_get_count = 0 - -# The period of time (in seconds) before token expirationwhen -# glance_store will try to reques new user token. Default value 60 sec -# means that if token is going to expire in 1 min then glance_store -# request new user token. (integer value) -#swift_store_expire_soon_interval = 60 - -# If set to True create a trust for each add/get request to Multi- -# tenant store in order to prevent authentication token to be expired -# during uploading/downloading data. If set to False then user token -# is used for Swift connection (so no overhead on trust creation). -# Please note that this option is considered only and only if -# swift_store_multi_tenant=True (boolean value) -#swift_store_use_trusts = true - -# The reference to the default swift account/backing store parameters -# to use for adding new images. (string value) -#default_swift_reference = ref1 - -# Version of the authentication service to use. Valid versions are 2 -# and 3 for keystone and 1 (deprecated) for swauth and rackspace. -# (deprecated - use "auth_version" in swift_store_config_file) (string -# value) -#swift_store_auth_version = 2 - -# The address where the Swift authentication service is listening. -# (deprecated - use "auth_address" in swift_store_config_file) (string -# value) -#swift_store_auth_address = - -# The user to authenticate against the Swift authentication service -# (deprecated - use "user" in swift_store_config_file) (string value) -#swift_store_user = - -# Auth key for the user authenticating against the Swift -# authentication service. (deprecated - use "key" in -# swift_store_config_file) (string value) -#swift_store_key = - -# The config file that has the swift account(s)configs. (string value) -#swift_store_config_file = - -# RADOS images will be chunked into objects of this size (in -# megabytes). For best performance, this should be a power of two. -# (integer value) -#rbd_store_chunk_size = 8 - -# RADOS pool in which images are stored. (string value) -#rbd_store_pool = images - -# RADOS user to authenticate as (only applicable if using Cephx. If -# , a default will be chosen based on the client. section in -# rbd_store_ceph_conf) (string value) -#rbd_store_user = - -# Ceph configuration file path. If , librados will locate the -# default config. If using cephx authentication, this file should -# include a reference to the right keyring in a client. section -# (string value) -#rbd_store_ceph_conf = /etc/ceph/ceph.conf - -# Timeout value (in seconds) used when connecting to ceph cluster. If -# value <= 0, no timeout is set and default librados value is used. -# (integer value) -#rados_connect_timeout = 0 - -# Info to match when looking for cinder in the service catalog. Format -# is : separated values of the form: -# :: (string value) -#cinder_catalog_info = volumev2::publicURL - -# Override service catalog lookup with template for cinder endpoint -# e.g. http://localhost:8776/v2/%(tenant)s (string value) -#cinder_endpoint_template = - -# Region name of this node. If specified, it will be used to locate -# OpenStack services for stores. (string value) -# Deprecated group/name - [DEFAULT]/os_region_name -#cinder_os_region_name = - -# Location of ca certicates file to use for cinder client requests. -# (string value) -#cinder_ca_certificates_file = - -# Number of cinderclient retries on failed http calls (integer value) -#cinder_http_retries = 3 - -# Time period of time in seconds to wait for a cinder volume -# transition to complete. (integer value) -#cinder_state_transition_timeout = 300 - -# Allow to perform insecure SSL requests to cinder (boolean value) -#cinder_api_insecure = false - -# The address where the Cinder authentication service is listening. If -# , the cinder endpoint in the service catalog is used. (string -# value) -#cinder_store_auth_address = - -# User name to authenticate against Cinder. If , the user of -# current context is used. (string value) -#cinder_store_user_name = - -# Password for the user authenticating against Cinder. If , the -# current context auth token is used. (string value) -#cinder_store_password = - -# Project name where the image is stored in Cinder. If , the -# project in current context is used. (string value) -#cinder_store_project_name = - -# Path to the rootwrap configuration file to use for running commands -# as root. (string value) -#rootwrap_config = /etc/glance/rootwrap.conf - -# The host where the S3 server is listening. (string value) -#s3_store_host = - -# The S3 query token access key. (string value) -#s3_store_access_key = - -# The S3 query token secret key. (string value) -#s3_store_secret_key = - -# The S3 bucket to be used to store the Glance data. (string value) -#s3_store_bucket = - -# The local directory where uploads will be staged before they are -# transferred into S3. (string value) -#s3_store_object_buffer_dir = - -# A boolean to determine if the S3 bucket should be created on upload -# if it does not exist or if an error should be returned to the user. -# (boolean value) -#s3_store_create_bucket_on_put = false - -# The S3 calling format used to determine the bucket. Either subdomain -# or path can be used. (string value) -#s3_store_bucket_url_format = subdomain - -# What size, in MB, should S3 start chunking image files and do a -# multipart upload in S3. (integer value) -#s3_store_large_object_size = 100 - -# What multipart upload part size, in MB, should S3 use when uploading -# parts. The size must be greater than or equal to 5M. (integer value) -#s3_store_large_object_chunk_size = 10 - -# The number of thread pools to perform a multipart upload in S3. -# (integer value) -#s3_store_thread_pools = 10 - -# Enable the use of a proxy. (boolean value) -#s3_store_enable_proxy = false - -# Address or hostname for the proxy server. (string value) -#s3_store_proxy_host = - -# The port to use when connecting over a proxy. (integer value) -#s3_store_proxy_port = 8080 - -# The username to connect to the proxy. (string value) -#s3_store_proxy_user = - -# The password to use when connecting over a proxy. (string value) -#s3_store_proxy_password = - -# Images will be chunked into objects of this size (in megabytes). For -# best performance, this should be a power of two. (integer value) -#sheepdog_store_chunk_size = 64 - -# Port of sheep daemon. (integer value) -#sheepdog_store_port = 7000 - -# IP address of sheep daemon. (string value) -#sheepdog_store_address = localhost - -# Directory to which the Filesystem backend store writes images. -# (string value) -#filesystem_store_datadir = /var/lib/glance/images - -# List of directories and its priorities to which the Filesystem -# backend store writes images. (multi valued) -#filesystem_store_datadirs = - -# The path to a file which contains the metadata to be returned with -# any location associated with this store. The file must contain a -# valid JSON object. The object should contain the keys 'id' and -# 'mountpoint'. The value for both keys should be 'string'. (string -# value) -#filesystem_store_metadata_file = - -# The required permission for created image file. In this way the user -# other service used, e.g. Nova, who consumes the image could be the -# exclusive member of the group that owns the files created. Assigning -# it less then or equal to zero means don't change the default -# permission of the file. This value will be decoded as an octal -# digit. (integer value) -#filesystem_store_file_perm = 0 - -# ESX/ESXi or vCenter Server target system. The server value can be an -# IP address or a DNS name. (string value) -#vmware_server_host = - -# Username for authenticating with VMware ESX/VC server. (string -# value) -#vmware_server_username = - -# Password for authenticating with VMware ESX/VC server. (string -# value) -#vmware_server_password = - -# Number of times VMware ESX/VC server API must be retried upon -# connection related issues. (integer value) -#vmware_api_retry_count = 10 - -# The interval used for polling remote tasks invoked on VMware ESX/VC -# server. (integer value) -#vmware_task_poll_interval = 5 - -# The name of the directory where the glance images will be stored in -# the VMware datastore. (string value) -#vmware_store_image_dir = /openstack_glance - -# If true, the ESX/vCenter server certificate is not verified. If -# false, then the default CA truststore is used for verification. This -# option is ignored if "vmware_ca_file" is set. (boolean value) -# Deprecated group/name - [DEFAULT]/vmware_api_insecure -#vmware_insecure = false - -# Specify a CA bundle file to use in verifying the ESX/vCenter server -# certificate. (string value) -#vmware_ca_file = - -# A list of datastores where the image can be stored. This option may -# be specified multiple times for specifying multiple datastores. The -# datastore name should be specified after its datacenter path, -# seperated by ":". An optional weight may be given after the -# datastore name, seperated again by ":". Thus, the required format -# becomes ::. When -# adding an image, the datastore with highest weight will be selected, -# unless there is not enough free space available in cases where the -# image size is already known. If no weight is given, it is assumed to -# be zero and the directory will be considered for selection last. If -# multiple datastores have the same weight, then the one with the most -# free space available is selected. (multi valued) -#vmware_datastores = - - -[image_format] - -# -# From glance.api -# - -# Supported values for the 'container_format' image attribute (list -# value) -# Deprecated group/name - [DEFAULT]/container_formats -#container_formats = ami,ari,aki,bare,ovf,ova,docker - -# Supported values for the 'disk_format' image attribute (list value) -# Deprecated group/name - [DEFAULT]/disk_formats -#disk_formats = ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso - - -[keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Complete public Identity API endpoint. (string value) -#auth_uri = - -# API version of the admin Identity API endpoint. (string value) -#auth_version = - -# Do not handle authorization requests within the middleware, but -# delegate the authorization decision to downstream WSGI components. -# (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. -# (integer value) -#http_connect_timeout = - -# How many times are we trying to reconnect when communicating with -# Identity API Server. (integer value) -#http_request_max_retries = 3 - -# Env key for the swift cache. (string value) -#cache = - -# Required if identity server requires client certificate (string -# value) -#certfile = - -# Required if identity server requires client certificate (string -# value) -#keyfile = - -# A PEM encoded Certificate Authority to use when verifying HTTPs -# connections. Defaults to system CAs. (string value) -#cafile = - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# The region in which the identity server can be found. (string value) -#region_name = - -# Directory used to cache files related to PKI tokens. (string value) -#signing_dir = - -# Optionally specify a list of memcached server(s) to use for caching. -# If left undefined, tokens will instead be cached in-process. (list -# value) -# Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers = - -# In order to prevent excessive effort spent validating tokens, the -# middleware caches previously-seen tokens for a configurable duration -# (in seconds). Set to -1 to disable caching completely. (integer -# value) -#token_cache_time = 300 - -# Determines the frequency at which the list of revoked tokens is -# retrieved from the Identity service (in seconds). A high number of -# revocation events combined with a low cache duration may -# significantly reduce performance. (integer value) -#revocation_cache_time = 10 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token data is -# encrypted and authenticated in the cache. If the value is not one of -# these options or empty, auth_token will raise an exception on -# initialization. (string value) -# Allowed values: None, MAC, ENCRYPT -#memcache_security_strategy = None - -# (Optional, mandatory if memcache_security_strategy is defined) This -# string is used for key derivation. (string value) -#memcache_secret_key = - -# (Optional) Number of seconds memcached server is considered dead -# before it is tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a -# memcached server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held -# unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a -# memcached client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcached client pool. -# The advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If -# False, middleware will not ask for service catalog on token -# validation and will not set the X-Service-Catalog header. (boolean -# value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: -# "disabled" to not check token binding. "permissive" (default) to -# validate binding information if the bind type is of a form known to -# the server and ignore it if not. "strict" like "permissive" but if -# the bind type is unknown the token will be rejected. "required" any -# form of token binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string value) -#enforce_token_bind = permissive - -# If true, the revocation list will be checked for cached tokens. This -# requires that PKI tokens are configured on the identity server. -# (boolean value) -#check_revocations_for_cached = false - -# Hash algorithms to use for hashing PKI tokens. This may be a single -# algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, -# so put the preferred one first for performance. The result of the -# first hash will be stored in the cache. This will typically be set -# to multiple values only while migrating from a less secure algorithm -# to a more secure one. Once all the old tokens are expired this -# option should be set to a single value for better performance. (list -# value) -#hash_algorithms = md5 - -# Authentication type to load (unknown value) -# Deprecated group/name - [DEFAULT]/auth_plugin -#auth_type = - -# Config Section from which to load plugin specific options (unknown -# value) -#auth_section = - - -[matchmaker_redis] - -# -# From oslo.messaging -# - -# Host to locate redis. (string value) -#host = 127.0.0.1 - -# Use this port to connect to redis host. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#port = 6379 - -# Password for Redis server (optional). (string value) -#password = - -# List of Redis Sentinel hosts (fault tolerance mode) e.g. -# [host:port, host1:port ... ] (list value) -#sentinel_hosts = - -# Redis replica set name. (string value) -#sentinel_group_name = oslo-messaging-zeromq - -# Time in ms to wait between connection attempts. (integer value) -#wait_timeout = 500 - -# Time in ms to wait before the transaction is killed. (integer value) -#check_timeout = 20000 - -# Timeout in ms on blocking socket operations (integer value) -#socket_timeout = 1000 - - -[oslo_concurrency] - -# -# From oslo.concurrency -# - -# Enables or disables inter-process locks. (boolean value) -# Deprecated group/name - [DEFAULT]/disable_process_locking -#disable_process_locking = false - -# Directory to use for lock files. For security, the specified -# directory should only be writable by the user running the processes -# that need locking. Defaults to environment variable OSLO_LOCK_PATH. -# If external locks are used, a lock path must be set. (string value) -# Deprecated group/name - [DEFAULT]/lock_path -#lock_path = - - -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# address prefix used when sending to a specific server (string value) -# Deprecated group/name - [amqp1]/server_request_prefix -#server_request_prefix = exclusive - -# address prefix used when broadcasting to all servers (string value) -# Deprecated group/name - [amqp1]/broadcast_prefix -#broadcast_prefix = broadcast - -# address prefix when sending to any server in group (string value) -# Deprecated group/name - [amqp1]/group_request_prefix -#group_request_prefix = unicast - -# Name for the AMQP container (string value) -# Deprecated group/name - [amqp1]/container_name -#container_name = - -# Timeout for inactive connections (in seconds) (integer value) -# Deprecated group/name - [amqp1]/idle_timeout -#idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -# Deprecated group/name - [amqp1]/trace -#trace = false - -# CA certificate PEM file to verify server certificate (string value) -# Deprecated group/name - [amqp1]/ssl_ca_file -#ssl_ca_file = - -# Identifying certificate PEM file to present to clients (string -# value) -# Deprecated group/name - [amqp1]/ssl_cert_file -#ssl_cert_file = - -# Private key PEM file used to sign cert_file certificate (string -# value) -# Deprecated group/name - [amqp1]/ssl_key_file -#ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -# Deprecated group/name - [amqp1]/ssl_key_password -#ssl_key_password = - -# Accept clients using either SSL or plain TCP (boolean value) -# Deprecated group/name - [amqp1]/allow_insecure_clients -#allow_insecure_clients = false - -# Space separated list of acceptable SASL mechanisms (string value) -# Deprecated group/name - [amqp1]/sasl_mechanisms -#sasl_mechanisms = - -# Path to directory that contains the SASL configuration (string -# value) -# Deprecated group/name - [amqp1]/sasl_config_dir -#sasl_config_dir = - -# Name of configuration file (without .conf suffix) (string value) -# Deprecated group/name - [amqp1]/sasl_config_name -#sasl_config_name = - -# User name for message broker authentication (string value) -# Deprecated group/name - [amqp1]/username -#username = - -# Password for message broker authentication (string value) -# Deprecated group/name - [amqp1]/password -#password = - - -[oslo_messaging_notifications] - -# -# From oslo.messaging -# - -# The Drivers(s) to handle sending notifications. Possible values are -# messaging, messagingv2, routing, log, test, noop (multi valued) -# Deprecated group/name - [DEFAULT]/notification_driver -#driver = - -# A URL representing the messaging driver to use for notifications. If -# not set, we fall back to the same configuration used for RPC. -# (string value) -# Deprecated group/name - [DEFAULT]/notification_transport_url -#transport_url = - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -# Deprecated group/name - [DEFAULT]/notification_topics -#topics = notifications - - -[oslo_messaging_rabbit] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_durable_queues -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete = false - -# SSL version to use (valid only if SSL enabled). Valid values are -# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be -# available on some distributions. (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_version -#kombu_ssl_version = - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile -#kombu_ssl_keyfile = - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile -#kombu_ssl_certfile = - -# SSL certification authority file (valid only if SSL enabled). -# (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs -#kombu_ssl_ca_certs = - -# How long to wait before reconnecting in response to an AMQP consumer -# cancel notification. (floating point value) -# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay -#kombu_reconnect_delay = 1.0 - -# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression -# will not be used. This option may notbe available in future -# versions. (string value) -#kombu_compression = - -# How long to wait a missing client beforce abandoning to send it its -# replies. This value should not be longer than rpc_response_timeout. -# (integer value) -# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout -#kombu_missing_consumer_retry_timeout = 60 - -# Determines how the next RabbitMQ node is chosen in case the one we -# are currently connected to becomes unavailable. Takes effect only if -# more than one RabbitMQ node is provided in config. (string value) -# Allowed values: round-robin, shuffle -#kombu_failover_strategy = round-robin - -# The RabbitMQ broker address where a single node is used. (string -# value) -# Deprecated group/name - [DEFAULT]/rabbit_host -#rabbit_host = localhost - -# The RabbitMQ broker port where a single node is used. (port value) -# Minimum value: 0 -# Maximum value: 65535 -# Deprecated group/name - [DEFAULT]/rabbit_port -#rabbit_port = 5672 - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -#rabbit_hosts = $rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -#rabbit_use_ssl = false - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -#rabbit_userid = guest - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -#rabbit_password = guest - -# The RabbitMQ login method. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_login_method -#rabbit_login_method = AMQPLAIN - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -#rabbit_virtual_host = / - -# How frequently to retry connecting with RabbitMQ. (integer value) -#rabbit_retry_interval = 1 - -# How long to backoff for between retries when connecting to RabbitMQ. -# (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff -#rabbit_retry_backoff = 2 - -# Maximum interval of RabbitMQ connection retries. Default is 30 -# seconds. (integer value) -#rabbit_interval_max = 30 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_max_retries -#rabbit_max_retries = 0 - -# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, -# queue mirroring is no longer controlled by the x-ha-policy argument -# when declaring a queue. If you just want to make sure that all -# queues (except those with auto-generated names) are mirrored across -# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha- -# mode": "all"}' " (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_ha_queues -#rabbit_ha_queues = false - -# Positive integer representing duration in seconds for queue TTL -# (x-expires). Queues which are unused for the duration of the TTL are -# automatically deleted. The parameter affects only reply and fanout -# queues. (integer value) -# Minimum value: 1 -#rabbit_transient_queues_ttl = 600 - -# Specifies the number of messages to prefetch. Setting to zero allows -# unlimited messages. (integer value) -#rabbit_qos_prefetch_count = 0 - -# Number of seconds after which the Rabbit broker is considered down -# if heartbeat's keep-alive fails (0 disable the heartbeat). -# EXPERIMENTAL (integer value) -#heartbeat_timeout_threshold = 60 - -# How often times during the heartbeat_timeout_threshold we check the -# heartbeat. (integer value) -#heartbeat_rate = 2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -# Deprecated group/name - [DEFAULT]/fake_rabbit -#fake_rabbit = false - -# Maximum number of channels to allow (integer value) -#channel_max = - -# The maximum byte size for an AMQP frame (integer value) -#frame_max = - -# How often to send heartbeats for consumer's connections (integer -# value) -#heartbeat_interval = 1 - -# Enable SSL (boolean value) -#ssl = - -# Arguments passed to ssl.wrap_socket (dict value) -#ssl_options = - -# Set socket timeout in seconds for connection's socket (floating -# point value) -#socket_timeout = 0.25 - -# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating -# point value) -#tcp_user_timeout = 0.25 - -# Set delay for reconnection to some host which has connection error -# (floating point value) -#host_connection_reconnect_delay = 0.25 - -# Maximum number of connections to keep queued. (integer value) -#pool_max_size = 10 - -# Maximum number of connections to create above `pool_max_size`. -# (integer value) -#pool_max_overflow = 0 - -# Default number of seconds to wait for a connections to available -# (integer value) -#pool_timeout = 30 - -# Lifetime of a connection (since creation) in seconds or None for no -# recycling. Expired connections are closed on acquire. (integer -# value) -#pool_recycle = 600 - -# Threshold at which inactive (since release) connections are -# considered stale in seconds or None for no staleness. Stale -# connections are closed on acquire. (integer value) -#pool_stale = 60 - -# Persist notification messages. (boolean value) -#notification_persistence = false - -# Exchange name for for sending notifications (string value) -#default_notification_exchange = ${control_exchange}_notification - -# Max number of not acknowledged message which RabbitMQ can send to -# notification listener. (integer value) -#notification_listener_prefetch_count = 100 - -# Reconnecting retry count in case of connectivity problem during -# sending notification, -1 means infinite retry. (integer value) -#default_notification_retry_attempts = -1 - -# Reconnecting retry delay in case of connectivity problem during -# sending notification message (floating point value) -#notification_retry_delay = 0.25 - -# Time to live for rpc queues without consumers in seconds. (integer -# value) -#rpc_queue_expiration = 60 - -# Exchange name for sending RPC messages (string value) -#default_rpc_exchange = ${control_exchange}_rpc - -# Exchange name for receiving RPC replies (string value) -#rpc_reply_exchange = ${control_exchange}_rpc_reply - -# Max number of not acknowledged message which RabbitMQ can send to -# rpc listener. (integer value) -#rpc_listener_prefetch_count = 100 - -# Max number of not acknowledged message which RabbitMQ can send to -# rpc reply listener. (integer value) -#rpc_reply_listener_prefetch_count = 100 - -# Reconnecting retry count in case of connectivity problem during -# sending reply. -1 means infinite retry during rpc_timeout (integer -# value) -#rpc_reply_retry_attempts = -1 - -# Reconnecting retry delay in case of connectivity problem during -# sending reply. (floating point value) -#rpc_reply_retry_delay = 0.25 - -# Reconnecting retry count in case of connectivity problem during -# sending RPC message, -1 means infinite retry. If actual retry -# attempts in not 0 the rpc request could be processed more then one -# time (integer value) -#default_rpc_retry_attempts = -1 - -# Reconnecting retry delay in case of connectivity problem during -# sending RPC message (floating point value) -#rpc_retry_delay = 0.25 - - -[oslo_policy] - -# -# From oslo.policy -# - -# The JSON file that defines policies. (string value) -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string -# value) -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be -# relative to any directory in the search path defined by the -# config_dir option, or absolute paths. The file defined by -# policy_file must exist for these directories to be searched. -# Missing or empty directories are ignored. (multi valued) -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs = policy.d - - -[paste_deploy] - -# -# From glance.api -# - -# Partial name of a pipeline in your paste configuration file with the -# service name removed. For example, if your paste section name is -# [pipeline:glance-api-keystone] use the value "keystone" (string -# value) -#flavor = - -# Name of the paste configuration file. (string value) -#config_file = - - -[profiler] - -# -# From glance.api -# - -# If False fully disable profiling feature. (boolean value) -#enabled = false - -# If False doesn't trace SQL requests. (boolean value) -#trace_sqlalchemy = false - -# Secret key to use to sign Glance API and Glance Registry services -# tracing messages. (string value) -#hmac_keys = SECRET_KEY - - -[store_type_location_strategy] - -# -# From glance.api -# - -# The store names to use to get store preference order. The name must -# be registered by one of the stores defined by the 'stores' config -# option. This option will be applied when you using 'store_type' -# option as image location strategy defined by the 'location_strategy' -# config option. (list value) -#store_type_preference = - - -[task] - -# -# From glance.api -# - -# Time in hours for which a task lives after, either succeeding or -# failing (integer value) -# Deprecated group/name - [DEFAULT]/task_time_to_live -#task_time_to_live = 48 - -# Specifies which task executor to be used to run the task scripts. -# (string value) -#task_executor = taskflow - -# Work dir for asynchronous task operations. The directory set here -# will be used to operate over images - normally before they are -# imported in the destination store. When providing work dir, make -# sure enough space is provided for concurrent tasks to run -# efficiently without running out of space. A rough estimation can be -# done by multiplying the number of `max_workers` - or the N of -# workers running - by an average image size (e.g 500MB). The image -# size estimation should be done based on the average size in your -# deployment. Note that depending on the tasks running you may need to -# multiply this number by some factor depending on what the task does. -# For example, you may want to double the available size if image -# conversion is enabled. All this being said, remember these are just -# estimations and you should do them based on the worst case scenario -# and be prepared to act in case they were wrong. (string value) -#work_dir = - - -[taskflow_executor] - -# -# From glance.api -# - -# The mode in which the engine will run. Can be 'serial' or -# 'parallel'. (string value) -# Allowed values: serial, parallel -#engine_mode = parallel - -# The number of parallel activities executed at the same time by the -# engine. The value can be greater than one when the engine mode is -# 'parallel'. (integer value) -# Deprecated group/name - [task]/eventlet_executor_pool_size -#max_workers = 10 diff --git a/conf/etc/glance/glance-cache.conf b/conf/etc/glance/glance-cache.conf deleted file mode 100644 index a249496..0000000 --- a/conf/etc/glance/glance-cache.conf +++ /dev/null @@ -1,325 +0,0 @@ -[DEFAULT] - -# -# From glance.cache -# - -# Whether to allow users to specify image properties beyond what the -# image schema provides (boolean value) -#allow_additional_image_properties = true - -# Maximum number of image members per image. Negative values evaluate -# to unlimited. (integer value) -#image_member_quota = 128 - -# Maximum number of properties allowed on an image. Negative values -# evaluate to unlimited. (integer value) -#image_property_quota = 128 - -# Maximum number of tags allowed on an image. Negative values evaluate -# to unlimited. (integer value) -#image_tag_quota = 128 - -# Maximum number of locations allowed on an image. Negative values -# evaluate to unlimited. (integer value) -#image_location_quota = 10 - -# Python module path of data access API (string value) -#data_api = glance.db.sqlalchemy.api - -# Default value for the number of items returned by a request if not -# specified explicitly in the request (integer value) -#limit_param_default = 25 - -# Maximum permissible number of items that could be returned by a -# request (integer value) -#api_limit_max = 1000 - -# Whether to include the backend image storage location in image -# properties. Revealing storage location can be a security risk, so -# use this setting with caution! (boolean value) -#show_image_direct_url = false - -# Whether to include the backend image locations in image properties. -# For example, if using the file system store a URL of -# "file:///path/to/image" will be returned to the user in the -# 'direct_url' meta-data field. Revealing storage location can be a -# security risk, so use this setting with caution! Setting this to -# true overrides the show_image_direct_url option. (boolean value) -#show_multiple_locations = false - -# Maximum size of image a user can upload in bytes. Defaults to -# 1099511627776 bytes (1 TB).WARNING: this value should only be -# increased after careful consideration and must be set to a value -# under 8 EB (9223372036854775808). (integer value) -# Maximum value: 9223372036854775808 -#image_size_cap = 1099511627776 - -# Set a system wide quota for every user. This value is the total -# capacity that a user can use across all storage systems. A value of -# 0 means unlimited.Optional unit can be specified for the value. -# Accepted units are B, KB, MB, GB and TB representing Bytes, -# KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no -# unit is specified then Bytes is assumed. Note that there should not -# be any space between value and unit and units are case sensitive. -# (string value) -#user_storage_quota = 0 - -# Deploy the v1 OpenStack Images API. (boolean value) -#enable_v1_api = true - -# Deploy the v2 OpenStack Images API. (boolean value) -#enable_v2_api = true - -# Deploy the v1 OpenStack Registry API. (boolean value) -#enable_v1_registry = true - -# Deploy the v2 OpenStack Registry API. (boolean value) -#enable_v2_registry = true - -# The hostname/IP of the pydev process listening for debug connections -# (string value) -#pydev_worker_debug_host = - -# The port on which a pydev process is listening for connections. -# (port value) -# Minimum value: 0 -# Maximum value: 65535 -#pydev_worker_debug_port = 5678 - -# AES key for encrypting store 'location' metadata. This includes, if -# used, Swift or S3 credentials. Should be set to a random string of -# length 16, 24 or 32 bytes (string value) -#metadata_encryption_key = - -# Digest algorithm which will be used for digital signature. Use the -# command "openssl list-message-digest-algorithms" to get the -# available algorithms supported by the version of OpenSSL on the -# platform. Examples are "sha1", "sha256", "sha512", etc. (string -# value) -#digest_algorithm = sha256 - -# The path to the sqlite file database that will be used for image -# cache management. (string value) -#image_cache_sqlite_db = cache.db - -# The driver to use for image cache management. (string value) -#image_cache_driver = sqlite - -# The upper limit (the maximum size of accumulated cache in bytes) -# beyond which the cache pruner, if running, starts cleaning the image -# cache. (integer value) -#image_cache_max_size = 10737418240 - -# The amount of time to let an incomplete image remain in the cache, -# before the cache cleaner, if running, will remove the incomplete -# image. (integer value) -#image_cache_stall_time = 86400 - -# Base directory that the image cache uses. (string value) -#image_cache_dir = - -# Address to find the registry server. (string value) -#registry_host = 0.0.0.0 - -# Port the registry server is listening on. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#registry_port = 9191 - -# Whether to pass through the user token when making requests to the -# registry. To prevent failures with token expiration during big files -# upload, it is recommended to set this parameter to False.If -# "use_user_token" is not in effect, then admin credentials can be -# specified. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#use_user_token = true - -# The administrators user name. If "use_user_token" is not in effect, -# then admin credentials can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#admin_user = - -# The administrators password. If "use_user_token" is not in effect, -# then admin credentials can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#admin_password = - -# The tenant name of the administrative user. If "use_user_token" is -# not in effect, then admin tenant name can be specified. (string -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#admin_tenant_name = - -# The URL to the keystone service. If "use_user_token" is not in -# effect and using keystone auth, then URL of keystone can be -# specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#auth_url = - -# The strategy to use for authentication. If "use_user_token" is not -# in effect, then auth strategy can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#auth_strategy = noauth - -# The region for the authentication service. If "use_user_token" is -# not in effect and using keystone auth, then region name can be -# specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#auth_region = - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of -# the default INFO level. (boolean value) -#debug = false - -# If set to false, the logging level will be set to WARNING instead of -# the default INFO level. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#verbose = true - -# The name of a logging configuration file. This file is appended to -# any existing logging configuration files. For details about logging -# configuration files, see the Python logging module documentation. -# Note that when logging configuration files are used then all logging -# configuration is set in the configuration file and other logging -# configuration options are ignored (for example, -# logging_context_format_string). (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. -# (string value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default -# is set, logging will go to stderr as defined by use_stderr. This -# option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative log_file paths. -# This option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# Uses logging handler designed to watch file system. When log file is -# moved or removed this handler will open a new log file with -# specified path instantaneously. It makes sense only if log_file -# option is specified and Linux platform is used. This option is -# ignored if log_config_append is set. (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and -# will be changed later to honor RFC5424. This option is ignored if -# log_config_append is set. (boolean value) -#use_syslog = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Log output to standard error. This option is ignored if -# log_config_append is set. (boolean value) -#use_stderr = true - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. -# (string value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the -# message is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string -# value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is -# ignored if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. -# (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. -# (string value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - - -[oslo_policy] - -# -# From oslo.policy -# - -# The JSON file that defines policies. (string value) -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string -# value) -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be -# relative to any directory in the search path defined by the -# config_dir option, or absolute paths. The file defined by -# policy_file must exist for these directories to be searched. -# Missing or empty directories are ignored. (multi valued) -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs = policy.d diff --git a/conf/etc/glance/glance-glare-paste.ini b/conf/etc/glance/glance-glare-paste.ini deleted file mode 100644 index 621c060..0000000 --- a/conf/etc/glance/glance-glare-paste.ini +++ /dev/null @@ -1,60 +0,0 @@ -# Use this pipeline for no auth - DEFAULT -[pipeline:glare-api] -pipeline = cors healthcheck versionnegotiation osprofiler unauthenticated-context rootapp - -# Use this pipeline for keystone auth -[pipeline:glare-api-keystone] -pipeline = cors healthcheck versionnegotiation osprofiler authtoken context rootapp - -[composite:rootapp] -paste.composite_factory = glance.api:root_app_factory -/: apiversions -/v0.1: glareapi - -[app:apiversions] -paste.app_factory = glance.api.glare.versions:create_resource - -[app:glareapi] -paste.app_factory = glance.api.glare.v0_1.router:API.factory - -[filter:healthcheck] -paste.filter_factory = oslo_middleware:Healthcheck.factory -backends = disable_by_file -disable_by_file_path = /etc/glance/healthcheck_disable - -[filter:versionnegotiation] -paste.filter_factory = glance.api.middleware.version_negotiation:GlareVersionNegotiationFilter.factory - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory -delay_auth_decision = true - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory - -[filter:cors] -paste.filter_factory = oslo_middleware.cors:filter_factory -oslo_config_project = glance -oslo_config_program = glance-glare -# Basic Headers (Automatic) -# Accept = Origin, Accept, Accept-Language, Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma -# Expose = Origin, Accept, Accept-Language, Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma - -# Glance Headers -# Accept = Content-MD5, Accept-Encoding - -# Keystone Headers -# Accept = X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id -# Expose = X-Auth-Token, X-Subject-Token, X-Service-Token - -# Request ID Middleware Headers -# Accept = X-OpenStack-Request-ID -# Expose = X-OpenStack-Request-ID -latent_allow_headers = Content-MD5, Accept-Encoding, X-Auth-Token, X-Identity-Status, X-Roles, X-Service-Catalog, X-User-Id, X-Tenant-Id, X-OpenStack-Request-ID -latent_expose_headers = X-Auth-Token, X-Subject-Token, X-Service-Token, X-OpenStack-Request-ID diff --git a/conf/etc/glance/glance-glare.conf b/conf/etc/glance/glance-glare.conf deleted file mode 100644 index 4b2497a..0000000 --- a/conf/etc/glance/glance-glare.conf +++ /dev/null @@ -1,898 +0,0 @@ -[DEFAULT] - -# -# From glance.glare -# - -# When true, this option sets the owner of an image to be the tenant. -# Otherwise, the owner of the image will be the authenticated user -# issuing the request. (boolean value) -#owner_is_tenant = true - -# Role used to identify an authenticated user as administrator. -# (string value) -#admin_role = admin - -# Allow unauthenticated users to access the API with read-only -# privileges. This only applies when using ContextMiddleware. (boolean -# value) -#allow_anonymous_access = false - -# Limits request ID length. (integer value) -#max_request_id_length = 64 - -# Public url to use for versions endpoint. The default is None, which -# will use the request's host_url attribute to populate the URL base. -# If Glance is operating behind a proxy, you will want to change this -# to represent the proxy's URL. (string value) -#public_endpoint = - -# Address to bind the server. Useful when selecting a particular -# network interface. (string value) -#bind_host = 0.0.0.0 - -# The port on which the server will listen. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#bind_port = - -# The number of child process workers that will be created to service -# requests. The default will be equal to the number of CPUs available. -# (integer value) -#workers = - -# Maximum line size of message headers to be accepted. max_header_line -# may need to be increased when using large tokens (typically those -# generated by the Keystone v3 API with big service catalogs (integer -# value) -#max_header_line = 16384 - -# If False, server will return the header "Connection: close", If -# True, server will return "Connection: Keep-Alive" in its responses. -# In order to close the client socket connection explicitly after the -# response is sent and read successfully by the client, you simply -# have to set this option to False when you create a wsgi server. -# (boolean value) -#http_keepalive = true - -# Timeout for client connections' socket operations. If an incoming -# connection is idle for this number of seconds it will be closed. A -# value of '0' means wait forever. (integer value) -#client_socket_timeout = 900 - -# The backlog value that will be used when creating the TCP listener -# socket. (integer value) -#backlog = 4096 - -# The value for the socket option TCP_KEEPIDLE. This is the time in -# seconds that the connection must be idle before TCP starts sending -# keepalive probes. (integer value) -#tcp_keepidle = 600 - -# CA certificate file to use to verify connecting clients. (string -# value) -#ca_file = - -# Certificate file to use when starting API server securely. (string -# value) -#cert_file = - -# Private key file to use when starting API server securely. (string -# value) -#key_file = - -# If False fully disable profiling feature. (boolean value) -#enabled = false - -# If False doesn't trace SQL requests. (boolean value) -#trace_sqlalchemy = false - -# Secret key to use to sign Glance API and Glance Registry services -# tracing messages. (string value) -#hmac_keys = SECRET_KEY - -# Default publisher_id for outgoing notifications. (string value) -#default_publisher_id = image.localhost - -# List of disabled notifications. A notification can be given either -# as a notification type to disable a single event, or as a -# notification group prefix to disable all events within a group. -# Example: if this config option is set to ["image.create", -# "metadef_namespace"], then "image.create" notification will not be -# sent after image is created and none of the notifications for -# metadefinition namespaces will be sent. (list value) -#disabled_notifications = - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of -# the default INFO level. (boolean value) -#debug = false - -# If set to false, the logging level will be set to WARNING instead of -# the default INFO level. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#verbose = true - -# The name of a logging configuration file. This file is appended to -# any existing logging configuration files. For details about logging -# configuration files, see the Python logging module documentation. -# Note that when logging configuration files are used then all logging -# configuration is set in the configuration file and other logging -# configuration options are ignored (for example, -# logging_context_format_string). (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. -# (string value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default -# is set, logging will go to stderr as defined by use_stderr. This -# option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative log_file paths. -# This option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# Uses logging handler designed to watch file system. When log file is -# moved or removed this handler will open a new log file with -# specified path instantaneously. It makes sense only if log_file -# option is specified and Linux platform is used. This option is -# ignored if log_config_append is set. (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and -# will be changed later to honor RFC5424. This option is ignored if -# log_config_append is set. (boolean value) -#use_syslog = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Log output to standard error. This option is ignored if -# log_config_append is set. (boolean value) -#use_stderr = true - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. -# (string value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the -# message is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string -# value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is -# ignored if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. -# (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. -# (string value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - - -[cors] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain -# received in the requests "origin" header. (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials -# (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to -# HTTP Simple Headers. (list value) -#expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list -# value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual -# request. (list value) -#allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID - - -[cors.subdomain] - -# -# From oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain -# received in the requests "origin" header. (list value) -#allowed_origin = - -# Indicate that the actual request can include user credentials -# (boolean value) -#allow_credentials = true - -# Indicate which headers are safe to expose to the API. Defaults to -# HTTP Simple Headers. (list value) -#expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID - -# Maximum cache age of CORS preflight requests. (integer value) -#max_age = 3600 - -# Indicate which methods can be used during the actual request. (list -# value) -#allow_methods = GET,PUT,POST,DELETE,PATCH - -# Indicate which header field names may be used during the actual -# request. (list value) -#allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID - - -[database] - -# -# From oslo.db -# - -# The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. -# (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = - -# The SQLAlchemy connection string to use to connect to the slave -# database. (string value) -#slave_connection = - -# The SQL mode to be used for MySQL sessions. This option, including -# the default, overrides any server-set SQL mode. To use whatever SQL -# mode is set by the server configuration, set this to no value. -# Example: mysql_sql_mode= (string value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = - -# Maximum number of database connection retries during startup. Set to -# -1 to specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = 50 - -# Verbosity of SQL debugging information: 0=None, 100=Everything. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = - -# Enable the experimental use of database reconnect on connection -# lost. (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database -# operation up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries -# of a database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before -# error is raised. Set to -1 to specify an infinite retry count. -# (integer value) -#db_max_retries = 20 - -# -# From oslo.db.concurrency -# - -# Enable the experimental use of thread pooling for all DB API calls -# (boolean value) -# Deprecated group/name - [DEFAULT]/dbapi_use_tpool -#use_tpool = false - - -[glance_store] - -# -# From glance.store -# - -# List of stores enabled. Valid stores are: cinder, file, http, rbd, -# sheepdog, swift, s3, vsphere (list value) -#stores = file,http - -# Default scheme to use to store image data. The scheme must be -# registered by one of the stores defined by the 'stores' config -# option. (string value) -#default_store = file - -# Minimum interval seconds to execute updating dynamic storage -# capabilities based on backend status then. It's not a periodic -# routine, the update logic will be executed only when interval -# seconds elapsed and an operation of store has triggered. The feature -# will be enabled only when the option value greater then zero. -# (integer value) -#store_capabilities_update_min_interval = 0 - -# Specify the path to the CA bundle file to use in verifying the -# remote server certificate. (string value) -#https_ca_certificates_file = - -# If true, the remote server certificate is not verified. If false, -# then the default CA truststore is used for verification. This option -# is ignored if "https_ca_certificates_file" is set. (boolean value) -#https_insecure = true - -# Specify the http/https proxy information that should be used to -# connect to the remote server. The proxy information should be a key -# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can -# specify proxies for multiple schemes by seperating the key value -# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080. -# (dict value) -#http_proxy_information = - -# If True, swiftclient won't check for a valid SSL certificate when -# authenticating. (boolean value) -#swift_store_auth_insecure = false - -# A string giving the CA certificate file to use in SSL connections -# for verifying certs. (string value) -#swift_store_cacert = - -# The region of the swift endpoint to be used for single tenant. This -# setting is only necessary if the tenant has multiple swift -# endpoints. (string value) -#swift_store_region = - -# If set, the configured endpoint will be used. If None, the storage -# url from the auth response will be used. (string value) -#swift_store_endpoint = - -# A string giving the endpoint type of the swift service to use -# (publicURL, adminURL or internalURL). This setting is only used if -# swift_store_auth_version is 2. (string value) -#swift_store_endpoint_type = publicURL - -# A string giving the service type of the swift service to use. This -# setting is only used if swift_store_auth_version is 2. (string -# value) -#swift_store_service_type = object-store - -# Container within the account that the account should use for storing -# images in Swift when using single container mode. In multiple -# container mode, this will be the prefix for all containers. (string -# value) -#swift_store_container = glance - -# The size, in MB, that Glance will start chunking image files and do -# a large object manifest in Swift. (integer value) -#swift_store_large_object_size = 5120 - -# The amount of data written to a temporary disk buffer during the -# process of chunking the image file. (integer value) -#swift_store_large_object_chunk_size = 200 - -# A boolean value that determines if we create the container if it -# does not exist. (boolean value) -#swift_store_create_container_on_put = false - -# If set to True, enables multi-tenant storage mode which causes -# Glance images to be stored in tenant specific Swift accounts. -# (boolean value) -#swift_store_multi_tenant = false - -# When set to 0, a single-tenant store will only use one container to -# store all images. When set to an integer value between 1 and 32, a -# single-tenant store will use multiple containers to store images, -# and this value will determine how many containers are created.Used -# only when swift_store_multi_tenant is disabled. The total number of -# containers that will be used is equal to 16^N, so if this config -# option is set to 2, then 16^2=256 containers will be used to store -# images. (integer value) -#swift_store_multiple_containers_seed = 0 - -# A list of tenants that will be granted read/write access on all -# Swift containers created by Glance in multi-tenant mode. (list -# value) -#swift_store_admin_tenants = - -# If set to False, disables SSL layer compression of https swift -# requests. Setting to False may improve performance for images which -# are already in a compressed format, eg qcow2. (boolean value) -#swift_store_ssl_compression = true - -# The number of times a Swift download will be retried before the -# request fails. (integer value) -#swift_store_retry_get_count = 0 - -# The period of time (in seconds) before token expirationwhen -# glance_store will try to reques new user token. Default value 60 sec -# means that if token is going to expire in 1 min then glance_store -# request new user token. (integer value) -#swift_store_expire_soon_interval = 60 - -# If set to True create a trust for each add/get request to Multi- -# tenant store in order to prevent authentication token to be expired -# during uploading/downloading data. If set to False then user token -# is used for Swift connection (so no overhead on trust creation). -# Please note that this option is considered only and only if -# swift_store_multi_tenant=True (boolean value) -#swift_store_use_trusts = true - -# The reference to the default swift account/backing store parameters -# to use for adding new images. (string value) -#default_swift_reference = ref1 - -# Version of the authentication service to use. Valid versions are 2 -# and 3 for keystone and 1 (deprecated) for swauth and rackspace. -# (deprecated - use "auth_version" in swift_store_config_file) (string -# value) -#swift_store_auth_version = 2 - -# The address where the Swift authentication service is listening. -# (deprecated - use "auth_address" in swift_store_config_file) (string -# value) -#swift_store_auth_address = - -# The user to authenticate against the Swift authentication service -# (deprecated - use "user" in swift_store_config_file) (string value) -#swift_store_user = - -# Auth key for the user authenticating against the Swift -# authentication service. (deprecated - use "key" in -# swift_store_config_file) (string value) -#swift_store_key = - -# The config file that has the swift account(s)configs. (string value) -#swift_store_config_file = - -# RADOS images will be chunked into objects of this size (in -# megabytes). For best performance, this should be a power of two. -# (integer value) -#rbd_store_chunk_size = 8 - -# RADOS pool in which images are stored. (string value) -#rbd_store_pool = images - -# RADOS user to authenticate as (only applicable if using Cephx. If -# , a default will be chosen based on the client. section in -# rbd_store_ceph_conf) (string value) -#rbd_store_user = - -# Ceph configuration file path. If , librados will locate the -# default config. If using cephx authentication, this file should -# include a reference to the right keyring in a client. section -# (string value) -#rbd_store_ceph_conf = /etc/ceph/ceph.conf - -# Timeout value (in seconds) used when connecting to ceph cluster. If -# value <= 0, no timeout is set and default librados value is used. -# (integer value) -#rados_connect_timeout = 0 - -# Info to match when looking for cinder in the service catalog. Format -# is : separated values of the form: -# :: (string value) -#cinder_catalog_info = volumev2::publicURL - -# Override service catalog lookup with template for cinder endpoint -# e.g. http://localhost:8776/v2/%(tenant)s (string value) -#cinder_endpoint_template = - -# Region name of this node. If specified, it will be used to locate -# OpenStack services for stores. (string value) -# Deprecated group/name - [DEFAULT]/os_region_name -#cinder_os_region_name = - -# Location of ca certicates file to use for cinder client requests. -# (string value) -#cinder_ca_certificates_file = - -# Number of cinderclient retries on failed http calls (integer value) -#cinder_http_retries = 3 - -# Time period of time in seconds to wait for a cinder volume -# transition to complete. (integer value) -#cinder_state_transition_timeout = 300 - -# Allow to perform insecure SSL requests to cinder (boolean value) -#cinder_api_insecure = false - -# The address where the Cinder authentication service is listening. If -# , the cinder endpoint in the service catalog is used. (string -# value) -#cinder_store_auth_address = - -# User name to authenticate against Cinder. If , the user of -# current context is used. (string value) -#cinder_store_user_name = - -# Password for the user authenticating against Cinder. If , the -# current context auth token is used. (string value) -#cinder_store_password = - -# Project name where the image is stored in Cinder. If , the -# project in current context is used. (string value) -#cinder_store_project_name = - -# Path to the rootwrap configuration file to use for running commands -# as root. (string value) -#rootwrap_config = /etc/glance/rootwrap.conf - -# The host where the S3 server is listening. (string value) -#s3_store_host = - -# The S3 query token access key. (string value) -#s3_store_access_key = - -# The S3 query token secret key. (string value) -#s3_store_secret_key = - -# The S3 bucket to be used to store the Glance data. (string value) -#s3_store_bucket = - -# The local directory where uploads will be staged before they are -# transferred into S3. (string value) -#s3_store_object_buffer_dir = - -# A boolean to determine if the S3 bucket should be created on upload -# if it does not exist or if an error should be returned to the user. -# (boolean value) -#s3_store_create_bucket_on_put = false - -# The S3 calling format used to determine the bucket. Either subdomain -# or path can be used. (string value) -#s3_store_bucket_url_format = subdomain - -# What size, in MB, should S3 start chunking image files and do a -# multipart upload in S3. (integer value) -#s3_store_large_object_size = 100 - -# What multipart upload part size, in MB, should S3 use when uploading -# parts. The size must be greater than or equal to 5M. (integer value) -#s3_store_large_object_chunk_size = 10 - -# The number of thread pools to perform a multipart upload in S3. -# (integer value) -#s3_store_thread_pools = 10 - -# Enable the use of a proxy. (boolean value) -#s3_store_enable_proxy = false - -# Address or hostname for the proxy server. (string value) -#s3_store_proxy_host = - -# The port to use when connecting over a proxy. (integer value) -#s3_store_proxy_port = 8080 - -# The username to connect to the proxy. (string value) -#s3_store_proxy_user = - -# The password to use when connecting over a proxy. (string value) -#s3_store_proxy_password = - -# Images will be chunked into objects of this size (in megabytes). For -# best performance, this should be a power of two. (integer value) -#sheepdog_store_chunk_size = 64 - -# Port of sheep daemon. (integer value) -#sheepdog_store_port = 7000 - -# IP address of sheep daemon. (string value) -#sheepdog_store_address = localhost - -# Directory to which the Filesystem backend store writes images. -# (string value) -#filesystem_store_datadir = /var/lib/glance/images - -# List of directories and its priorities to which the Filesystem -# backend store writes images. (multi valued) -#filesystem_store_datadirs = - -# The path to a file which contains the metadata to be returned with -# any location associated with this store. The file must contain a -# valid JSON object. The object should contain the keys 'id' and -# 'mountpoint'. The value for both keys should be 'string'. (string -# value) -#filesystem_store_metadata_file = - -# The required permission for created image file. In this way the user -# other service used, e.g. Nova, who consumes the image could be the -# exclusive member of the group that owns the files created. Assigning -# it less then or equal to zero means don't change the default -# permission of the file. This value will be decoded as an octal -# digit. (integer value) -#filesystem_store_file_perm = 0 - -# ESX/ESXi or vCenter Server target system. The server value can be an -# IP address or a DNS name. (string value) -#vmware_server_host = - -# Username for authenticating with VMware ESX/VC server. (string -# value) -#vmware_server_username = - -# Password for authenticating with VMware ESX/VC server. (string -# value) -#vmware_server_password = - -# Number of times VMware ESX/VC server API must be retried upon -# connection related issues. (integer value) -#vmware_api_retry_count = 10 - -# The interval used for polling remote tasks invoked on VMware ESX/VC -# server. (integer value) -#vmware_task_poll_interval = 5 - -# The name of the directory where the glance images will be stored in -# the VMware datastore. (string value) -#vmware_store_image_dir = /openstack_glance - -# If true, the ESX/vCenter server certificate is not verified. If -# false, then the default CA truststore is used for verification. This -# option is ignored if "vmware_ca_file" is set. (boolean value) -# Deprecated group/name - [DEFAULT]/vmware_api_insecure -#vmware_insecure = false - -# Specify a CA bundle file to use in verifying the ESX/vCenter server -# certificate. (string value) -#vmware_ca_file = - -# A list of datastores where the image can be stored. This option may -# be specified multiple times for specifying multiple datastores. The -# datastore name should be specified after its datacenter path, -# seperated by ":". An optional weight may be given after the -# datastore name, seperated again by ":". Thus, the required format -# becomes ::. When -# adding an image, the datastore with highest weight will be selected, -# unless there is not enough free space available in cases where the -# image size is already known. If no weight is given, it is assumed to -# be zero and the directory will be considered for selection last. If -# multiple datastores have the same weight, then the one with the most -# free space available is selected. (multi valued) -#vmware_datastores = - - -[keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Complete public Identity API endpoint. (string value) -#auth_uri = - -# API version of the admin Identity API endpoint. (string value) -#auth_version = - -# Do not handle authorization requests within the middleware, but -# delegate the authorization decision to downstream WSGI components. -# (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. -# (integer value) -#http_connect_timeout = - -# How many times are we trying to reconnect when communicating with -# Identity API Server. (integer value) -#http_request_max_retries = 3 - -# Env key for the swift cache. (string value) -#cache = - -# Required if identity server requires client certificate (string -# value) -#certfile = - -# Required if identity server requires client certificate (string -# value) -#keyfile = - -# A PEM encoded Certificate Authority to use when verifying HTTPs -# connections. Defaults to system CAs. (string value) -#cafile = - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# The region in which the identity server can be found. (string value) -#region_name = - -# Directory used to cache files related to PKI tokens. (string value) -#signing_dir = - -# Optionally specify a list of memcached server(s) to use for caching. -# If left undefined, tokens will instead be cached in-process. (list -# value) -# Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers = - -# In order to prevent excessive effort spent validating tokens, the -# middleware caches previously-seen tokens for a configurable duration -# (in seconds). Set to -1 to disable caching completely. (integer -# value) -#token_cache_time = 300 - -# Determines the frequency at which the list of revoked tokens is -# retrieved from the Identity service (in seconds). A high number of -# revocation events combined with a low cache duration may -# significantly reduce performance. (integer value) -#revocation_cache_time = 10 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token data is -# encrypted and authenticated in the cache. If the value is not one of -# these options or empty, auth_token will raise an exception on -# initialization. (string value) -# Allowed values: None, MAC, ENCRYPT -#memcache_security_strategy = None - -# (Optional, mandatory if memcache_security_strategy is defined) This -# string is used for key derivation. (string value) -#memcache_secret_key = - -# (Optional) Number of seconds memcached server is considered dead -# before it is tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a -# memcached server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held -# unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a -# memcached client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcached client pool. -# The advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If -# False, middleware will not ask for service catalog on token -# validation and will not set the X-Service-Catalog header. (boolean -# value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: -# "disabled" to not check token binding. "permissive" (default) to -# validate binding information if the bind type is of a form known to -# the server and ignore it if not. "strict" like "permissive" but if -# the bind type is unknown the token will be rejected. "required" any -# form of token binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string value) -#enforce_token_bind = permissive - -# If true, the revocation list will be checked for cached tokens. This -# requires that PKI tokens are configured on the identity server. -# (boolean value) -#check_revocations_for_cached = false - -# Hash algorithms to use for hashing PKI tokens. This may be a single -# algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, -# so put the preferred one first for performance. The result of the -# first hash will be stored in the cache. This will typically be set -# to multiple values only while migrating from a less secure algorithm -# to a more secure one. Once all the old tokens are expired this -# option should be set to a single value for better performance. (list -# value) -#hash_algorithms = md5 - -# Authentication type to load (unknown value) -# Deprecated group/name - [DEFAULT]/auth_plugin -#auth_type = - -# Config Section from which to load plugin specific options (unknown -# value) -#auth_section = - - -[paste_deploy] - -# -# From glance.glare -# - -# Partial name of a pipeline in your paste configuration file with the -# service name removed. For example, if your paste section name is -# [pipeline:glance-api-keystone] use the value "keystone" (string -# value) -#flavor = - -# Name of the paste configuration file. (string value) -#config_file = diff --git a/conf/etc/glance/glance-manage.conf b/conf/etc/glance/glance-manage.conf deleted file mode 100644 index a6736da..0000000 --- a/conf/etc/glance/glance-manage.conf +++ /dev/null @@ -1,213 +0,0 @@ -[DEFAULT] - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of -# the default INFO level. (boolean value) -#debug = false - -# If set to false, the logging level will be set to WARNING instead of -# the default INFO level. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#verbose = true - -# The name of a logging configuration file. This file is appended to -# any existing logging configuration files. For details about logging -# configuration files, see the Python logging module documentation. -# Note that when logging configuration files are used then all logging -# configuration is set in the configuration file and other logging -# configuration options are ignored (for example, -# logging_context_format_string). (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. -# (string value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default -# is set, logging will go to stderr as defined by use_stderr. This -# option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative log_file paths. -# This option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# Uses logging handler designed to watch file system. When log file is -# moved or removed this handler will open a new log file with -# specified path instantaneously. It makes sense only if log_file -# option is specified and Linux platform is used. This option is -# ignored if log_config_append is set. (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and -# will be changed later to honor RFC5424. This option is ignored if -# log_config_append is set. (boolean value) -#use_syslog = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Log output to standard error. This option is ignored if -# log_config_append is set. (boolean value) -#use_stderr = true - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. -# (string value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the -# message is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string -# value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is -# ignored if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. -# (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. -# (string value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - - -[database] - -# -# From oslo.db -# - -# The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. -# (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = - -# The SQLAlchemy connection string to use to connect to the slave -# database. (string value) -#slave_connection = - -# The SQL mode to be used for MySQL sessions. This option, including -# the default, overrides any server-set SQL mode. To use whatever SQL -# mode is set by the server configuration, set this to no value. -# Example: mysql_sql_mode= (string value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = - -# Maximum number of database connection retries during startup. Set to -# -1 to specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = 50 - -# Verbosity of SQL debugging information: 0=None, 100=Everything. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = - -# Enable the experimental use of database reconnect on connection -# lost. (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database -# operation up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries -# of a database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before -# error is raised. Set to -1 to specify an infinite retry count. -# (integer value) -#db_max_retries = 20 - -# -# From oslo.db.concurrency -# - -# Enable the experimental use of thread pooling for all DB API calls -# (boolean value) -# Deprecated group/name - [DEFAULT]/dbapi_use_tpool -#use_tpool = false diff --git a/conf/etc/glance/glance-registry-paste.ini b/conf/etc/glance/glance-registry-paste.ini deleted file mode 100644 index 492dbc6..0000000 --- a/conf/etc/glance/glance-registry-paste.ini +++ /dev/null @@ -1,35 +0,0 @@ -# Use this pipeline for no auth - DEFAULT -[pipeline:glance-registry] -pipeline = healthcheck osprofiler unauthenticated-context registryapp - -# Use this pipeline for keystone auth -[pipeline:glance-registry-keystone] -pipeline = healthcheck osprofiler authtoken context registryapp - -# Use this pipeline for authZ only. This means that the registry will treat a -# user as authenticated without making requests to keystone to reauthenticate -# the user. -[pipeline:glance-registry-trusted-auth] -pipeline = healthcheck osprofiler context registryapp - -[app:registryapp] -paste.app_factory = glance.registry.api:API.factory - -[filter:healthcheck] -paste.filter_factory = oslo_middleware:Healthcheck.factory -backends = disable_by_file -disable_by_file_path = /etc/glance/healthcheck_disable - -[filter:context] -paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory - -[filter:unauthenticated-context] -paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:osprofiler] -paste.filter_factory = osprofiler.web:WsgiMiddleware.factory -hmac_keys = SECRET_KEY #DEPRECATED -enabled = yes #DEPRECATED diff --git a/conf/etc/glance/glance-registry.conf b/conf/etc/glance/glance-registry.conf deleted file mode 100644 index 80433b3..0000000 --- a/conf/etc/glance/glance-registry.conf +++ /dev/null @@ -1,1413 +0,0 @@ -[DEFAULT] - -# -# From glance.registry -# - -# When true, this option sets the owner of an image to be the tenant. -# Otherwise, the owner of the image will be the authenticated user -# issuing the request. (boolean value) -#owner_is_tenant = true - -# Role used to identify an authenticated user as administrator. -# (string value) -#admin_role = admin - -# Allow unauthenticated users to access the API with read-only -# privileges. This only applies when using ContextMiddleware. (boolean -# value) -#allow_anonymous_access = false - -# Limits request ID length. (integer value) -#max_request_id_length = 64 - -# Whether to allow users to specify image properties beyond what the -# image schema provides (boolean value) -#allow_additional_image_properties = true - -# Maximum number of image members per image. Negative values evaluate -# to unlimited. (integer value) -#image_member_quota = 128 - -# Maximum number of properties allowed on an image. Negative values -# evaluate to unlimited. (integer value) -#image_property_quota = 128 - -# Maximum number of tags allowed on an image. Negative values evaluate -# to unlimited. (integer value) -#image_tag_quota = 128 - -# Maximum number of locations allowed on an image. Negative values -# evaluate to unlimited. (integer value) -#image_location_quota = 10 - -# Python module path of data access API (string value) -#data_api = glance.db.sqlalchemy.api - -# Default value for the number of items returned by a request if not -# specified explicitly in the request (integer value) -#limit_param_default = 25 - -# Maximum permissible number of items that could be returned by a -# request (integer value) -#api_limit_max = 1000 - -# Whether to include the backend image storage location in image -# properties. Revealing storage location can be a security risk, so -# use this setting with caution! (boolean value) -#show_image_direct_url = false - -# Whether to include the backend image locations in image properties. -# For example, if using the file system store a URL of -# "file:///path/to/image" will be returned to the user in the -# 'direct_url' meta-data field. Revealing storage location can be a -# security risk, so use this setting with caution! Setting this to -# true overrides the show_image_direct_url option. (boolean value) -#show_multiple_locations = false - -# Maximum size of image a user can upload in bytes. Defaults to -# 1099511627776 bytes (1 TB).WARNING: this value should only be -# increased after careful consideration and must be set to a value -# under 8 EB (9223372036854775808). (integer value) -# Maximum value: 9223372036854775808 -#image_size_cap = 1099511627776 - -# Set a system wide quota for every user. This value is the total -# capacity that a user can use across all storage systems. A value of -# 0 means unlimited.Optional unit can be specified for the value. -# Accepted units are B, KB, MB, GB and TB representing Bytes, -# KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no -# unit is specified then Bytes is assumed. Note that there should not -# be any space between value and unit and units are case sensitive. -# (string value) -#user_storage_quota = 0 - -# Deploy the v1 OpenStack Images API. (boolean value) -#enable_v1_api = true - -# Deploy the v2 OpenStack Images API. (boolean value) -#enable_v2_api = true - -# Deploy the v1 OpenStack Registry API. (boolean value) -#enable_v1_registry = true - -# Deploy the v2 OpenStack Registry API. (boolean value) -#enable_v2_registry = true - -# The hostname/IP of the pydev process listening for debug connections -# (string value) -#pydev_worker_debug_host = - -# The port on which a pydev process is listening for connections. -# (port value) -# Minimum value: 0 -# Maximum value: 65535 -#pydev_worker_debug_port = 5678 - -# AES key for encrypting store 'location' metadata. This includes, if -# used, Swift or S3 credentials. Should be set to a random string of -# length 16, 24 or 32 bytes (string value) -#metadata_encryption_key = - -# Digest algorithm which will be used for digital signature. Use the -# command "openssl list-message-digest-algorithms" to get the -# available algorithms supported by the version of OpenSSL on the -# platform. Examples are "sha1", "sha256", "sha512", etc. (string -# value) -#digest_algorithm = sha256 - -# Address to bind the server. Useful when selecting a particular -# network interface. (string value) -#bind_host = 0.0.0.0 - -# The port on which the server will listen. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#bind_port = - -# The backlog value that will be used when creating the TCP listener -# socket. (integer value) -#backlog = 4096 - -# The value for the socket option TCP_KEEPIDLE. This is the time in -# seconds that the connection must be idle before TCP starts sending -# keepalive probes. (integer value) -#tcp_keepidle = 600 - -# CA certificate file to use to verify connecting clients. (string -# value) -#ca_file = - -# Certificate file to use when starting API server securely. (string -# value) -#cert_file = - -# Private key file to use when starting API server securely. (string -# value) -#key_file = - -# The number of child process workers that will be created to service -# requests. The default will be equal to the number of CPUs available. -# (integer value) -#workers = - -# Maximum line size of message headers to be accepted. max_header_line -# may need to be increased when using large tokens (typically those -# generated by the Keystone v3 API with big service catalogs (integer -# value) -#max_header_line = 16384 - -# If False, server will return the header "Connection: close", If -# True, server will return "Connection: Keep-Alive" in its responses. -# In order to close the client socket connection explicitly after the -# response is sent and read successfully by the client, you simply -# have to set this option to False when you create a wsgi server. -# (boolean value) -#http_keepalive = true - -# Timeout for client connections' socket operations. If an incoming -# connection is idle for this number of seconds it will be closed. A -# value of '0' means wait forever. (integer value) -#client_socket_timeout = 900 - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of -# the default INFO level. (boolean value) -#debug = false - -# If set to false, the logging level will be set to WARNING instead of -# the default INFO level. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#verbose = true - -# The name of a logging configuration file. This file is appended to -# any existing logging configuration files. For details about logging -# configuration files, see the Python logging module documentation. -# Note that when logging configuration files are used then all logging -# configuration is set in the configuration file and other logging -# configuration options are ignored (for example, -# logging_context_format_string). (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. -# (string value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default -# is set, logging will go to stderr as defined by use_stderr. This -# option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative log_file paths. -# This option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# Uses logging handler designed to watch file system. When log file is -# moved or removed this handler will open a new log file with -# specified path instantaneously. It makes sense only if log_file -# option is specified and Linux platform is used. This option is -# ignored if log_config_append is set. (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and -# will be changed later to honor RFC5424. This option is ignored if -# log_config_append is set. (boolean value) -#use_syslog = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Log output to standard error. This option is ignored if -# log_config_append is set. (boolean value) -#use_stderr = true - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. -# (string value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the -# message is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string -# value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is -# ignored if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. -# (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. -# (string value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -# -# From oslo.messaging -# - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size = 30 - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve to this -# address. (string value) -#rpc_zmq_bind_address = * - -# MatchMaker driver. (string value) -# Allowed values: redis, dummy -#rpc_zmq_matchmaker = redis - -# Type of concurrency used. Either "native" or "eventlet" (string -# value) -#rpc_zmq_concurrency = eventlet - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts = 1 - -# Maximum number of ingress messages to locally buffer per topic. -# Default is unlimited. (integer value) -#rpc_zmq_topic_backlog = - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir = /var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP address. -# Must match "host" option, if running Nova. (string value) -#rpc_zmq_host = localhost - -# Seconds to wait before a cast expires (TTL). The default value of -1 -# specifies an infinite linger period. The value of 0 specifies no -# linger period. Pending messages shall be discarded immediately when -# the socket is closed. Only supported by impl_zmq. (integer value) -#rpc_cast_timeout = -1 - -# The default number of seconds that poll should wait. Poll raises -# timeout exception when timeout expired. (integer value) -#rpc_poll_timeout = 1 - -# Expiration timeout in seconds of a name service record about -# existing target ( < 0 means no timeout). (integer value) -#zmq_target_expire = 120 - -# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. -# (boolean value) -#use_pub_sub = true - -# Minimal port number for random ports range. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#rpc_zmq_min_port = 49152 - -# Maximal port number for random ports range. (integer value) -# Minimum value: 1 -# Maximum value: 65536 -#rpc_zmq_max_port = 65536 - -# Number of retries to find free port number before fail with -# ZMQBindError. (integer value) -#rpc_zmq_bind_port_retries = 100 - -# Size of executor thread pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size -#executor_thread_pool_size = 64 - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout = 60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend option -# and driver specific configuration. (string value) -#transport_url = - -# The messaging driver to use, defaults to rabbit. Other drivers -# include amqp and zmq. (string value) -#rpc_backend = rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the transport_url -# option. (string value) -#control_exchange = openstack - - -[database] - -# -# From oslo.db -# - -# The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. -# (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = - -# The SQLAlchemy connection string to use to connect to the slave -# database. (string value) -#slave_connection = - -# The SQL mode to be used for MySQL sessions. This option, including -# the default, overrides any server-set SQL mode. To use whatever SQL -# mode is set by the server configuration, set this to no value. -# Example: mysql_sql_mode= (string value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = - -# Maximum number of database connection retries during startup. Set to -# -1 to specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = 50 - -# Verbosity of SQL debugging information: 0=None, 100=Everything. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = - -# Enable the experimental use of database reconnect on connection -# lost. (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database -# operation up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries -# of a database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before -# error is raised. Set to -1 to specify an infinite retry count. -# (integer value) -#db_max_retries = 20 - -# -# From oslo.db.concurrency -# - -# Enable the experimental use of thread pooling for all DB API calls -# (boolean value) -# Deprecated group/name - [DEFAULT]/dbapi_use_tpool -#use_tpool = false - - -[glance_store] - -# -# From glance.store -# - -# List of stores enabled. Valid stores are: cinder, file, http, rbd, -# sheepdog, swift, s3, vsphere (list value) -#stores = file,http - -# Default scheme to use to store image data. The scheme must be -# registered by one of the stores defined by the 'stores' config -# option. (string value) -#default_store = file - -# Minimum interval seconds to execute updating dynamic storage -# capabilities based on backend status then. It's not a periodic -# routine, the update logic will be executed only when interval -# seconds elapsed and an operation of store has triggered. The feature -# will be enabled only when the option value greater then zero. -# (integer value) -#store_capabilities_update_min_interval = 0 - -# Specify the path to the CA bundle file to use in verifying the -# remote server certificate. (string value) -#https_ca_certificates_file = - -# If true, the remote server certificate is not verified. If false, -# then the default CA truststore is used for verification. This option -# is ignored if "https_ca_certificates_file" is set. (boolean value) -#https_insecure = true - -# Specify the http/https proxy information that should be used to -# connect to the remote server. The proxy information should be a key -# value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can -# specify proxies for multiple schemes by seperating the key value -# pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080. -# (dict value) -#http_proxy_information = - -# If True, swiftclient won't check for a valid SSL certificate when -# authenticating. (boolean value) -#swift_store_auth_insecure = false - -# A string giving the CA certificate file to use in SSL connections -# for verifying certs. (string value) -#swift_store_cacert = - -# The region of the swift endpoint to be used for single tenant. This -# setting is only necessary if the tenant has multiple swift -# endpoints. (string value) -#swift_store_region = - -# If set, the configured endpoint will be used. If None, the storage -# url from the auth response will be used. (string value) -#swift_store_endpoint = - -# A string giving the endpoint type of the swift service to use -# (publicURL, adminURL or internalURL). This setting is only used if -# swift_store_auth_version is 2. (string value) -#swift_store_endpoint_type = publicURL - -# A string giving the service type of the swift service to use. This -# setting is only used if swift_store_auth_version is 2. (string -# value) -#swift_store_service_type = object-store - -# Container within the account that the account should use for storing -# images in Swift when using single container mode. In multiple -# container mode, this will be the prefix for all containers. (string -# value) -#swift_store_container = glance - -# The size, in MB, that Glance will start chunking image files and do -# a large object manifest in Swift. (integer value) -#swift_store_large_object_size = 5120 - -# The amount of data written to a temporary disk buffer during the -# process of chunking the image file. (integer value) -#swift_store_large_object_chunk_size = 200 - -# A boolean value that determines if we create the container if it -# does not exist. (boolean value) -#swift_store_create_container_on_put = false - -# If set to True, enables multi-tenant storage mode which causes -# Glance images to be stored in tenant specific Swift accounts. -# (boolean value) -#swift_store_multi_tenant = false - -# When set to 0, a single-tenant store will only use one container to -# store all images. When set to an integer value between 1 and 32, a -# single-tenant store will use multiple containers to store images, -# and this value will determine how many containers are created.Used -# only when swift_store_multi_tenant is disabled. The total number of -# containers that will be used is equal to 16^N, so if this config -# option is set to 2, then 16^2=256 containers will be used to store -# images. (integer value) -#swift_store_multiple_containers_seed = 0 - -# A list of tenants that will be granted read/write access on all -# Swift containers created by Glance in multi-tenant mode. (list -# value) -#swift_store_admin_tenants = - -# If set to False, disables SSL layer compression of https swift -# requests. Setting to False may improve performance for images which -# are already in a compressed format, eg qcow2. (boolean value) -#swift_store_ssl_compression = true - -# The number of times a Swift download will be retried before the -# request fails. (integer value) -#swift_store_retry_get_count = 0 - -# The period of time (in seconds) before token expirationwhen -# glance_store will try to reques new user token. Default value 60 sec -# means that if token is going to expire in 1 min then glance_store -# request new user token. (integer value) -#swift_store_expire_soon_interval = 60 - -# If set to True create a trust for each add/get request to Multi- -# tenant store in order to prevent authentication token to be expired -# during uploading/downloading data. If set to False then user token -# is used for Swift connection (so no overhead on trust creation). -# Please note that this option is considered only and only if -# swift_store_multi_tenant=True (boolean value) -#swift_store_use_trusts = true - -# The reference to the default swift account/backing store parameters -# to use for adding new images. (string value) -#default_swift_reference = ref1 - -# Version of the authentication service to use. Valid versions are 2 -# and 3 for keystone and 1 (deprecated) for swauth and rackspace. -# (deprecated - use "auth_version" in swift_store_config_file) (string -# value) -#swift_store_auth_version = 2 - -# The address where the Swift authentication service is listening. -# (deprecated - use "auth_address" in swift_store_config_file) (string -# value) -#swift_store_auth_address = - -# The user to authenticate against the Swift authentication service -# (deprecated - use "user" in swift_store_config_file) (string value) -#swift_store_user = - -# Auth key for the user authenticating against the Swift -# authentication service. (deprecated - use "key" in -# swift_store_config_file) (string value) -#swift_store_key = - -# The config file that has the swift account(s)configs. (string value) -#swift_store_config_file = - -# RADOS images will be chunked into objects of this size (in -# megabytes). For best performance, this should be a power of two. -# (integer value) -#rbd_store_chunk_size = 8 - -# RADOS pool in which images are stored. (string value) -#rbd_store_pool = images - -# RADOS user to authenticate as (only applicable if using Cephx. If -# , a default will be chosen based on the client. section in -# rbd_store_ceph_conf) (string value) -#rbd_store_user = - -# Ceph configuration file path. If , librados will locate the -# default config. If using cephx authentication, this file should -# include a reference to the right keyring in a client. section -# (string value) -#rbd_store_ceph_conf = /etc/ceph/ceph.conf - -# Timeout value (in seconds) used when connecting to ceph cluster. If -# value <= 0, no timeout is set and default librados value is used. -# (integer value) -#rados_connect_timeout = 0 - -# Info to match when looking for cinder in the service catalog. Format -# is : separated values of the form: -# :: (string value) -#cinder_catalog_info = volumev2::publicURL - -# Override service catalog lookup with template for cinder endpoint -# e.g. http://localhost:8776/v2/%(tenant)s (string value) -#cinder_endpoint_template = - -# Region name of this node. If specified, it will be used to locate -# OpenStack services for stores. (string value) -# Deprecated group/name - [DEFAULT]/os_region_name -#cinder_os_region_name = - -# Location of ca certicates file to use for cinder client requests. -# (string value) -#cinder_ca_certificates_file = - -# Number of cinderclient retries on failed http calls (integer value) -#cinder_http_retries = 3 - -# Time period of time in seconds to wait for a cinder volume -# transition to complete. (integer value) -#cinder_state_transition_timeout = 300 - -# Allow to perform insecure SSL requests to cinder (boolean value) -#cinder_api_insecure = false - -# The address where the Cinder authentication service is listening. If -# , the cinder endpoint in the service catalog is used. (string -# value) -#cinder_store_auth_address = - -# User name to authenticate against Cinder. If , the user of -# current context is used. (string value) -#cinder_store_user_name = - -# Password for the user authenticating against Cinder. If , the -# current context auth token is used. (string value) -#cinder_store_password = - -# Project name where the image is stored in Cinder. If , the -# project in current context is used. (string value) -#cinder_store_project_name = - -# Path to the rootwrap configuration file to use for running commands -# as root. (string value) -#rootwrap_config = /etc/glance/rootwrap.conf - -# The host where the S3 server is listening. (string value) -#s3_store_host = - -# The S3 query token access key. (string value) -#s3_store_access_key = - -# The S3 query token secret key. (string value) -#s3_store_secret_key = - -# The S3 bucket to be used to store the Glance data. (string value) -#s3_store_bucket = - -# The local directory where uploads will be staged before they are -# transferred into S3. (string value) -#s3_store_object_buffer_dir = - -# A boolean to determine if the S3 bucket should be created on upload -# if it does not exist or if an error should be returned to the user. -# (boolean value) -#s3_store_create_bucket_on_put = false - -# The S3 calling format used to determine the bucket. Either subdomain -# or path can be used. (string value) -#s3_store_bucket_url_format = subdomain - -# What size, in MB, should S3 start chunking image files and do a -# multipart upload in S3. (integer value) -#s3_store_large_object_size = 100 - -# What multipart upload part size, in MB, should S3 use when uploading -# parts. The size must be greater than or equal to 5M. (integer value) -#s3_store_large_object_chunk_size = 10 - -# The number of thread pools to perform a multipart upload in S3. -# (integer value) -#s3_store_thread_pools = 10 - -# Enable the use of a proxy. (boolean value) -#s3_store_enable_proxy = false - -# Address or hostname for the proxy server. (string value) -#s3_store_proxy_host = - -# The port to use when connecting over a proxy. (integer value) -#s3_store_proxy_port = 8080 - -# The username to connect to the proxy. (string value) -#s3_store_proxy_user = - -# The password to use when connecting over a proxy. (string value) -#s3_store_proxy_password = - -# Images will be chunked into objects of this size (in megabytes). For -# best performance, this should be a power of two. (integer value) -#sheepdog_store_chunk_size = 64 - -# Port of sheep daemon. (integer value) -#sheepdog_store_port = 7000 - -# IP address of sheep daemon. (string value) -#sheepdog_store_address = localhost - -# Directory to which the Filesystem backend store writes images. -# (string value) -#filesystem_store_datadir = /var/lib/glance/images - -# List of directories and its priorities to which the Filesystem -# backend store writes images. (multi valued) -#filesystem_store_datadirs = - -# The path to a file which contains the metadata to be returned with -# any location associated with this store. The file must contain a -# valid JSON object. The object should contain the keys 'id' and -# 'mountpoint'. The value for both keys should be 'string'. (string -# value) -#filesystem_store_metadata_file = - -# The required permission for created image file. In this way the user -# other service used, e.g. Nova, who consumes the image could be the -# exclusive member of the group that owns the files created. Assigning -# it less then or equal to zero means don't change the default -# permission of the file. This value will be decoded as an octal -# digit. (integer value) -#filesystem_store_file_perm = 0 - -# ESX/ESXi or vCenter Server target system. The server value can be an -# IP address or a DNS name. (string value) -#vmware_server_host = - -# Username for authenticating with VMware ESX/VC server. (string -# value) -#vmware_server_username = - -# Password for authenticating with VMware ESX/VC server. (string -# value) -#vmware_server_password = - -# Number of times VMware ESX/VC server API must be retried upon -# connection related issues. (integer value) -#vmware_api_retry_count = 10 - -# The interval used for polling remote tasks invoked on VMware ESX/VC -# server. (integer value) -#vmware_task_poll_interval = 5 - -# The name of the directory where the glance images will be stored in -# the VMware datastore. (string value) -#vmware_store_image_dir = /openstack_glance - -# If true, the ESX/vCenter server certificate is not verified. If -# false, then the default CA truststore is used for verification. This -# option is ignored if "vmware_ca_file" is set. (boolean value) -# Deprecated group/name - [DEFAULT]/vmware_api_insecure -#vmware_insecure = false - -# Specify a CA bundle file to use in verifying the ESX/vCenter server -# certificate. (string value) -#vmware_ca_file = - -# A list of datastores where the image can be stored. This option may -# be specified multiple times for specifying multiple datastores. The -# datastore name should be specified after its datacenter path, -# seperated by ":". An optional weight may be given after the -# datastore name, seperated again by ":". Thus, the required format -# becomes ::. When -# adding an image, the datastore with highest weight will be selected, -# unless there is not enough free space available in cases where the -# image size is already known. If no weight is given, it is assumed to -# be zero and the directory will be considered for selection last. If -# multiple datastores have the same weight, then the one with the most -# free space available is selected. (multi valued) -#vmware_datastores = - - -[keystone_authtoken] - -# -# From keystonemiddleware.auth_token -# - -# Complete public Identity API endpoint. (string value) -#auth_uri = - -# API version of the admin Identity API endpoint. (string value) -#auth_version = - -# Do not handle authorization requests within the middleware, but -# delegate the authorization decision to downstream WSGI components. -# (boolean value) -#delay_auth_decision = false - -# Request timeout value for communicating with Identity API server. -# (integer value) -#http_connect_timeout = - -# How many times are we trying to reconnect when communicating with -# Identity API Server. (integer value) -#http_request_max_retries = 3 - -# Env key for the swift cache. (string value) -#cache = - -# Required if identity server requires client certificate (string -# value) -#certfile = - -# Required if identity server requires client certificate (string -# value) -#keyfile = - -# A PEM encoded Certificate Authority to use when verifying HTTPs -# connections. Defaults to system CAs. (string value) -#cafile = - -# Verify HTTPS connections. (boolean value) -#insecure = false - -# The region in which the identity server can be found. (string value) -#region_name = - -# Directory used to cache files related to PKI tokens. (string value) -#signing_dir = - -# Optionally specify a list of memcached server(s) to use for caching. -# If left undefined, tokens will instead be cached in-process. (list -# value) -# Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers = - -# In order to prevent excessive effort spent validating tokens, the -# middleware caches previously-seen tokens for a configurable duration -# (in seconds). Set to -1 to disable caching completely. (integer -# value) -#token_cache_time = 300 - -# Determines the frequency at which the list of revoked tokens is -# retrieved from the Identity service (in seconds). A high number of -# revocation events combined with a low cache duration may -# significantly reduce performance. (integer value) -#revocation_cache_time = 10 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token data is -# encrypted and authenticated in the cache. If the value is not one of -# these options or empty, auth_token will raise an exception on -# initialization. (string value) -# Allowed values: None, MAC, ENCRYPT -#memcache_security_strategy = None - -# (Optional, mandatory if memcache_security_strategy is defined) This -# string is used for key derivation. (string value) -#memcache_secret_key = - -# (Optional) Number of seconds memcached server is considered dead -# before it is tried again. (integer value) -#memcache_pool_dead_retry = 300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize = 10 - -# (Optional) Socket timeout in seconds for communicating with a -# memcached server. (integer value) -#memcache_pool_socket_timeout = 3 - -# (Optional) Number of seconds a connection to memcached is held -# unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout = 60 - -# (Optional) Number of seconds that an operation will wait to get a -# memcached client connection from the pool. (integer value) -#memcache_pool_conn_get_timeout = 10 - -# (Optional) Use the advanced (eventlet safe) memcached client pool. -# The advanced pool will only work under python 2.x. (boolean value) -#memcache_use_advanced_pool = false - -# (Optional) Indicate whether to set the X-Service-Catalog header. If -# False, middleware will not ask for service catalog on token -# validation and will not set the X-Service-Catalog header. (boolean -# value) -#include_service_catalog = true - -# Used to control the use and type of token binding. Can be set to: -# "disabled" to not check token binding. "permissive" (default) to -# validate binding information if the bind type is of a form known to -# the server and ignore it if not. "strict" like "permissive" but if -# the bind type is unknown the token will be rejected. "required" any -# form of token binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string value) -#enforce_token_bind = permissive - -# If true, the revocation list will be checked for cached tokens. This -# requires that PKI tokens are configured on the identity server. -# (boolean value) -#check_revocations_for_cached = false - -# Hash algorithms to use for hashing PKI tokens. This may be a single -# algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, -# so put the preferred one first for performance. The result of the -# first hash will be stored in the cache. This will typically be set -# to multiple values only while migrating from a less secure algorithm -# to a more secure one. Once all the old tokens are expired this -# option should be set to a single value for better performance. (list -# value) -#hash_algorithms = md5 - -# Authentication type to load (unknown value) -# Deprecated group/name - [DEFAULT]/auth_plugin -#auth_type = - -# Config Section from which to load plugin specific options (unknown -# value) -#auth_section = - - -[matchmaker_redis] - -# -# From oslo.messaging -# - -# Host to locate redis. (string value) -#host = 127.0.0.1 - -# Use this port to connect to redis host. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#port = 6379 - -# Password for Redis server (optional). (string value) -#password = - -# List of Redis Sentinel hosts (fault tolerance mode) e.g. -# [host:port, host1:port ... ] (list value) -#sentinel_hosts = - -# Redis replica set name. (string value) -#sentinel_group_name = oslo-messaging-zeromq - -# Time in ms to wait between connection attempts. (integer value) -#wait_timeout = 500 - -# Time in ms to wait before the transaction is killed. (integer value) -#check_timeout = 20000 - -# Timeout in ms on blocking socket operations (integer value) -#socket_timeout = 1000 - - -[oslo_messaging_amqp] - -# -# From oslo.messaging -# - -# address prefix used when sending to a specific server (string value) -# Deprecated group/name - [amqp1]/server_request_prefix -#server_request_prefix = exclusive - -# address prefix used when broadcasting to all servers (string value) -# Deprecated group/name - [amqp1]/broadcast_prefix -#broadcast_prefix = broadcast - -# address prefix when sending to any server in group (string value) -# Deprecated group/name - [amqp1]/group_request_prefix -#group_request_prefix = unicast - -# Name for the AMQP container (string value) -# Deprecated group/name - [amqp1]/container_name -#container_name = - -# Timeout for inactive connections (in seconds) (integer value) -# Deprecated group/name - [amqp1]/idle_timeout -#idle_timeout = 0 - -# Debug: dump AMQP frames to stdout (boolean value) -# Deprecated group/name - [amqp1]/trace -#trace = false - -# CA certificate PEM file to verify server certificate (string value) -# Deprecated group/name - [amqp1]/ssl_ca_file -#ssl_ca_file = - -# Identifying certificate PEM file to present to clients (string -# value) -# Deprecated group/name - [amqp1]/ssl_cert_file -#ssl_cert_file = - -# Private key PEM file used to sign cert_file certificate (string -# value) -# Deprecated group/name - [amqp1]/ssl_key_file -#ssl_key_file = - -# Password for decrypting ssl_key_file (if encrypted) (string value) -# Deprecated group/name - [amqp1]/ssl_key_password -#ssl_key_password = - -# Accept clients using either SSL or plain TCP (boolean value) -# Deprecated group/name - [amqp1]/allow_insecure_clients -#allow_insecure_clients = false - -# Space separated list of acceptable SASL mechanisms (string value) -# Deprecated group/name - [amqp1]/sasl_mechanisms -#sasl_mechanisms = - -# Path to directory that contains the SASL configuration (string -# value) -# Deprecated group/name - [amqp1]/sasl_config_dir -#sasl_config_dir = - -# Name of configuration file (without .conf suffix) (string value) -# Deprecated group/name - [amqp1]/sasl_config_name -#sasl_config_name = - -# User name for message broker authentication (string value) -# Deprecated group/name - [amqp1]/username -#username = - -# Password for message broker authentication (string value) -# Deprecated group/name - [amqp1]/password -#password = - - -[oslo_messaging_notifications] - -# -# From oslo.messaging -# - -# The Drivers(s) to handle sending notifications. Possible values are -# messaging, messagingv2, routing, log, test, noop (multi valued) -# Deprecated group/name - [DEFAULT]/notification_driver -#driver = - -# A URL representing the messaging driver to use for notifications. If -# not set, we fall back to the same configuration used for RPC. -# (string value) -# Deprecated group/name - [DEFAULT]/notification_transport_url -#transport_url = - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -# Deprecated group/name - [DEFAULT]/notification_topics -#topics = notifications - - -[oslo_messaging_rabbit] - -# -# From oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_durable_queues -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues = false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete = false - -# SSL version to use (valid only if SSL enabled). Valid values are -# TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be -# available on some distributions. (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_version -#kombu_ssl_version = - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile -#kombu_ssl_keyfile = - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile -#kombu_ssl_certfile = - -# SSL certification authority file (valid only if SSL enabled). -# (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs -#kombu_ssl_ca_certs = - -# How long to wait before reconnecting in response to an AMQP consumer -# cancel notification. (floating point value) -# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay -#kombu_reconnect_delay = 1.0 - -# EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression -# will not be used. This option may notbe available in future -# versions. (string value) -#kombu_compression = - -# How long to wait a missing client beforce abandoning to send it its -# replies. This value should not be longer than rpc_response_timeout. -# (integer value) -# Deprecated group/name - [DEFAULT]/kombu_reconnect_timeout -#kombu_missing_consumer_retry_timeout = 60 - -# Determines how the next RabbitMQ node is chosen in case the one we -# are currently connected to becomes unavailable. Takes effect only if -# more than one RabbitMQ node is provided in config. (string value) -# Allowed values: round-robin, shuffle -#kombu_failover_strategy = round-robin - -# The RabbitMQ broker address where a single node is used. (string -# value) -# Deprecated group/name - [DEFAULT]/rabbit_host -#rabbit_host = localhost - -# The RabbitMQ broker port where a single node is used. (port value) -# Minimum value: 0 -# Maximum value: 65535 -# Deprecated group/name - [DEFAULT]/rabbit_port -#rabbit_port = 5672 - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -#rabbit_hosts = $rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -#rabbit_use_ssl = false - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -#rabbit_userid = guest - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -#rabbit_password = guest - -# The RabbitMQ login method. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_login_method -#rabbit_login_method = AMQPLAIN - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -#rabbit_virtual_host = / - -# How frequently to retry connecting with RabbitMQ. (integer value) -#rabbit_retry_interval = 1 - -# How long to backoff for between retries when connecting to RabbitMQ. -# (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff -#rabbit_retry_backoff = 2 - -# Maximum interval of RabbitMQ connection retries. Default is 30 -# seconds. (integer value) -#rabbit_interval_max = 30 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_max_retries -#rabbit_max_retries = 0 - -# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, -# queue mirroring is no longer controlled by the x-ha-policy argument -# when declaring a queue. If you just want to make sure that all -# queues (except those with auto-generated names) are mirrored across -# all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha- -# mode": "all"}' " (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_ha_queues -#rabbit_ha_queues = false - -# Positive integer representing duration in seconds for queue TTL -# (x-expires). Queues which are unused for the duration of the TTL are -# automatically deleted. The parameter affects only reply and fanout -# queues. (integer value) -# Minimum value: 1 -#rabbit_transient_queues_ttl = 600 - -# Specifies the number of messages to prefetch. Setting to zero allows -# unlimited messages. (integer value) -#rabbit_qos_prefetch_count = 0 - -# Number of seconds after which the Rabbit broker is considered down -# if heartbeat's keep-alive fails (0 disable the heartbeat). -# EXPERIMENTAL (integer value) -#heartbeat_timeout_threshold = 60 - -# How often times during the heartbeat_timeout_threshold we check the -# heartbeat. (integer value) -#heartbeat_rate = 2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -# Deprecated group/name - [DEFAULT]/fake_rabbit -#fake_rabbit = false - -# Maximum number of channels to allow (integer value) -#channel_max = - -# The maximum byte size for an AMQP frame (integer value) -#frame_max = - -# How often to send heartbeats for consumer's connections (integer -# value) -#heartbeat_interval = 1 - -# Enable SSL (boolean value) -#ssl = - -# Arguments passed to ssl.wrap_socket (dict value) -#ssl_options = - -# Set socket timeout in seconds for connection's socket (floating -# point value) -#socket_timeout = 0.25 - -# Set TCP_USER_TIMEOUT in seconds for connection's socket (floating -# point value) -#tcp_user_timeout = 0.25 - -# Set delay for reconnection to some host which has connection error -# (floating point value) -#host_connection_reconnect_delay = 0.25 - -# Maximum number of connections to keep queued. (integer value) -#pool_max_size = 10 - -# Maximum number of connections to create above `pool_max_size`. -# (integer value) -#pool_max_overflow = 0 - -# Default number of seconds to wait for a connections to available -# (integer value) -#pool_timeout = 30 - -# Lifetime of a connection (since creation) in seconds or None for no -# recycling. Expired connections are closed on acquire. (integer -# value) -#pool_recycle = 600 - -# Threshold at which inactive (since release) connections are -# considered stale in seconds or None for no staleness. Stale -# connections are closed on acquire. (integer value) -#pool_stale = 60 - -# Persist notification messages. (boolean value) -#notification_persistence = false - -# Exchange name for for sending notifications (string value) -#default_notification_exchange = ${control_exchange}_notification - -# Max number of not acknowledged message which RabbitMQ can send to -# notification listener. (integer value) -#notification_listener_prefetch_count = 100 - -# Reconnecting retry count in case of connectivity problem during -# sending notification, -1 means infinite retry. (integer value) -#default_notification_retry_attempts = -1 - -# Reconnecting retry delay in case of connectivity problem during -# sending notification message (floating point value) -#notification_retry_delay = 0.25 - -# Time to live for rpc queues without consumers in seconds. (integer -# value) -#rpc_queue_expiration = 60 - -# Exchange name for sending RPC messages (string value) -#default_rpc_exchange = ${control_exchange}_rpc - -# Exchange name for receiving RPC replies (string value) -#rpc_reply_exchange = ${control_exchange}_rpc_reply - -# Max number of not acknowledged message which RabbitMQ can send to -# rpc listener. (integer value) -#rpc_listener_prefetch_count = 100 - -# Max number of not acknowledged message which RabbitMQ can send to -# rpc reply listener. (integer value) -#rpc_reply_listener_prefetch_count = 100 - -# Reconnecting retry count in case of connectivity problem during -# sending reply. -1 means infinite retry during rpc_timeout (integer -# value) -#rpc_reply_retry_attempts = -1 - -# Reconnecting retry delay in case of connectivity problem during -# sending reply. (floating point value) -#rpc_reply_retry_delay = 0.25 - -# Reconnecting retry count in case of connectivity problem during -# sending RPC message, -1 means infinite retry. If actual retry -# attempts in not 0 the rpc request could be processed more then one -# time (integer value) -#default_rpc_retry_attempts = -1 - -# Reconnecting retry delay in case of connectivity problem during -# sending RPC message (floating point value) -#rpc_retry_delay = 0.25 - - -[oslo_policy] - -# -# From oslo.policy -# - -# The JSON file that defines policies. (string value) -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string -# value) -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be -# relative to any directory in the search path defined by the -# config_dir option, or absolute paths. The file defined by -# policy_file must exist for these directories to be searched. -# Missing or empty directories are ignored. (multi valued) -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs = policy.d - - -[paste_deploy] - -# -# From glance.registry -# - -# Partial name of a pipeline in your paste configuration file with the -# service name removed. For example, if your paste section name is -# [pipeline:glance-api-keystone] use the value "keystone" (string -# value) -#flavor = - -# Name of the paste configuration file. (string value) -#config_file = - - -[profiler] - -# -# From glance.registry -# - -# If False fully disable profiling feature. (boolean value) -#enabled = false - -# If False doesn't trace SQL requests. (boolean value) -#trace_sqlalchemy = false - -# Secret key to use to sign Glance API and Glance Registry services -# tracing messages. (string value) -#hmac_keys = SECRET_KEY diff --git a/conf/etc/glance/glance-scrubber.conf b/conf/etc/glance/glance-scrubber.conf deleted file mode 100644 index cc88406..0000000 --- a/conf/etc/glance/glance-scrubber.conf +++ /dev/null @@ -1,506 +0,0 @@ -[DEFAULT] - -# -# From glance.scrubber -# - -# Whether to allow users to specify image properties beyond what the -# image schema provides (boolean value) -#allow_additional_image_properties = true - -# Maximum number of image members per image. Negative values evaluate -# to unlimited. (integer value) -#image_member_quota = 128 - -# Maximum number of properties allowed on an image. Negative values -# evaluate to unlimited. (integer value) -#image_property_quota = 128 - -# Maximum number of tags allowed on an image. Negative values evaluate -# to unlimited. (integer value) -#image_tag_quota = 128 - -# Maximum number of locations allowed on an image. Negative values -# evaluate to unlimited. (integer value) -#image_location_quota = 10 - -# Python module path of data access API (string value) -#data_api = glance.db.sqlalchemy.api - -# Default value for the number of items returned by a request if not -# specified explicitly in the request (integer value) -#limit_param_default = 25 - -# Maximum permissible number of items that could be returned by a -# request (integer value) -#api_limit_max = 1000 - -# Whether to include the backend image storage location in image -# properties. Revealing storage location can be a security risk, so -# use this setting with caution! (boolean value) -#show_image_direct_url = false - -# Whether to include the backend image locations in image properties. -# For example, if using the file system store a URL of -# "file:///path/to/image" will be returned to the user in the -# 'direct_url' meta-data field. Revealing storage location can be a -# security risk, so use this setting with caution! Setting this to -# true overrides the show_image_direct_url option. (boolean value) -#show_multiple_locations = false - -# Maximum size of image a user can upload in bytes. Defaults to -# 1099511627776 bytes (1 TB).WARNING: this value should only be -# increased after careful consideration and must be set to a value -# under 8 EB (9223372036854775808). (integer value) -# Maximum value: 9223372036854775808 -#image_size_cap = 1099511627776 - -# Set a system wide quota for every user. This value is the total -# capacity that a user can use across all storage systems. A value of -# 0 means unlimited.Optional unit can be specified for the value. -# Accepted units are B, KB, MB, GB and TB representing Bytes, -# KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no -# unit is specified then Bytes is assumed. Note that there should not -# be any space between value and unit and units are case sensitive. -# (string value) -#user_storage_quota = 0 - -# Deploy the v1 OpenStack Images API. (boolean value) -#enable_v1_api = true - -# Deploy the v2 OpenStack Images API. (boolean value) -#enable_v2_api = true - -# Deploy the v1 OpenStack Registry API. (boolean value) -#enable_v1_registry = true - -# Deploy the v2 OpenStack Registry API. (boolean value) -#enable_v2_registry = true - -# The hostname/IP of the pydev process listening for debug connections -# (string value) -#pydev_worker_debug_host = - -# The port on which a pydev process is listening for connections. -# (port value) -# Minimum value: 0 -# Maximum value: 65535 -#pydev_worker_debug_port = 5678 - -# AES key for encrypting store 'location' metadata. This includes, if -# used, Swift or S3 credentials. Should be set to a random string of -# length 16, 24 or 32 bytes (string value) -#metadata_encryption_key = - -# Digest algorithm which will be used for digital signature. Use the -# command "openssl list-message-digest-algorithms" to get the -# available algorithms supported by the version of OpenSSL on the -# platform. Examples are "sha1", "sha256", "sha512", etc. (string -# value) -#digest_algorithm = sha256 - -# The amount of time in seconds to delay before performing a delete. -# (integer value) -#scrub_time = 0 - -# The size of thread pool to be used for scrubbing images. The default -# is one, which signifies serial scrubbing. Any value above one -# indicates the max number of images that may be scrubbed in parallel. -# (integer value) -#scrub_pool_size = 1 - -# Turn on/off delayed delete. (boolean value) -#delayed_delete = false - -# Role used to identify an authenticated user as administrator. -# (string value) -#admin_role = admin - -# Whether to pass through headers containing user and tenant -# information when making requests to the registry. This allows the -# registry to use the context middleware without keystonemiddleware's -# auth_token middleware, removing calls to the keystone auth service. -# It is recommended that when using this option, secure communication -# between glance api and glance registry is ensured by means other -# than auth_token middleware. (boolean value) -#send_identity_headers = false - -# Loop time between checking for new items to schedule for delete. -# (integer value) -#wakeup_time = 300 - -# Run as a long-running process. When not specified (the default) run -# the scrub operation once and then exits. When specified do not exit -# and run scrub on wakeup_time interval as specified in the config. -# (boolean value) -#daemon = false - -# The protocol to use for communication with the registry server. -# Either http or https. (string value) -#registry_client_protocol = http - -# The path to the key file to use in SSL connections to the registry -# server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE -# environment variable to a filepath of the key file (string value) -#registry_client_key_file = - -# The path to the cert file to use in SSL connections to the registry -# server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE -# environment variable to a filepath of the CA cert file (string -# value) -#registry_client_cert_file = - -# The path to the certifying authority cert file to use in SSL -# connections to the registry server, if any. Alternately, you may set -# the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the -# CA cert file. (string value) -#registry_client_ca_file = - -# When using SSL in connections to the registry server, do not require -# validation via a certifying authority. This is the registry's -# equivalent of specifying --insecure on the command line using -# glanceclient for the API. (boolean value) -#registry_client_insecure = false - -# The period of time, in seconds, that the API server will wait for a -# registry request to complete. A value of 0 implies no timeout. -# (integer value) -#registry_client_timeout = 600 - -# Whether to pass through the user token when making requests to the -# registry. To prevent failures with token expiration during big files -# upload, it is recommended to set this parameter to False.If -# "use_user_token" is not in effect, then admin credentials can be -# specified. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#use_user_token = true - -# The administrators user name. If "use_user_token" is not in effect, -# then admin credentials can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#admin_user = - -# The administrators password. If "use_user_token" is not in effect, -# then admin credentials can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#admin_password = - -# The tenant name of the administrative user. If "use_user_token" is -# not in effect, then admin tenant name can be specified. (string -# value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#admin_tenant_name = - -# The URL to the keystone service. If "use_user_token" is not in -# effect and using keystone auth, then URL of keystone can be -# specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#auth_url = - -# The strategy to use for authentication. If "use_user_token" is not -# in effect, then auth strategy can be specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#auth_strategy = noauth - -# The region for the authentication service. If "use_user_token" is -# not in effect and using keystone auth, then region name can be -# specified. (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: This option was considered harmful and has been deprecated -# in M release. It will be removed in O release. For more information -# read OSSN-0060. Related functionality with uploading big images has -# been implemented with Keystone trusts support. -#auth_region = - -# Address to find the registry server. (string value) -#registry_host = 0.0.0.0 - -# Port the registry server is listening on. (port value) -# Minimum value: 0 -# Maximum value: 65535 -#registry_port = 9191 - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of -# the default INFO level. (boolean value) -#debug = false - -# If set to false, the logging level will be set to WARNING instead of -# the default INFO level. (boolean value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -#verbose = true - -# The name of a logging configuration file. This file is appended to -# any existing logging configuration files. For details about logging -# configuration files, see the Python logging module documentation. -# Note that when logging configuration files are used then all logging -# configuration is set in the configuration file and other logging -# configuration options are ignored (for example, -# logging_context_format_string). (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. -# (string value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default -# is set, logging will go to stderr as defined by use_stderr. This -# option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = - -# (Optional) The base directory used for relative log_file paths. -# This option is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = - -# Uses logging handler designed to watch file system. When log file is -# moved or removed this handler will open a new log file with -# specified path instantaneously. It makes sense only if log_file -# option is specified and Linux platform is used. This option is -# ignored if log_config_append is set. (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and -# will be changed later to honor RFC5424. This option is ignored if -# log_config_append is set. (boolean value) -#use_syslog = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Log output to standard error. This option is ignored if -# log_config_append is set. (boolean value) -#use_stderr = true - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. -# (string value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the -# message is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string -# value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is -# ignored if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. -# (string value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. -# (string value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - - -[database] - -# -# From oslo.db -# - -# The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -#sqlite_db = oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous = true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend = sqlalchemy - -# The SQLAlchemy connection string to use to connect to the database. -# (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -#connection = - -# The SQLAlchemy connection string to use to connect to the slave -# database. (string value) -#slave_connection = - -# The SQL mode to be used for MySQL sessions. This option, including -# the default, overrides any server-set SQL mode. To use whatever SQL -# mode is set by the server configuration, set this to no value. -# Example: mysql_sql_mode= (string value) -#mysql_sql_mode = TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout = 3600 - -# Minimum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size = 1 - -# Maximum number of SQL connections to keep open in a pool. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size = - -# Maximum number of database connection retries during startup. Set to -# -1 to specify an infinite retry count. (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries = 10 - -# Interval between retries of opening a SQL connection. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval = 10 - -# If set, use this value for max_overflow with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow = 50 - -# Verbosity of SQL debugging information: 0=None, 100=Everything. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug = 0 - -# Add Python stack traces to SQL as comment strings. (boolean value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace = false - -# If set, use this value for pool_timeout with SQLAlchemy. (integer -# value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout = - -# Enable the experimental use of database reconnect on connection -# lost. (boolean value) -#use_db_reconnect = false - -# Seconds between retries of a database transaction. (integer value) -#db_retry_interval = 1 - -# If True, increases the interval between retries of a database -# operation up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval = true - -# If db_inc_retry_interval is set, the maximum seconds between retries -# of a database operation. (integer value) -#db_max_retry_interval = 10 - -# Maximum retries in case of connection error or deadlock error before -# error is raised. Set to -1 to specify an infinite retry count. -# (integer value) -#db_max_retries = 20 - -# -# From oslo.db.concurrency -# - -# Enable the experimental use of thread pooling for all DB API calls -# (boolean value) -# Deprecated group/name - [DEFAULT]/dbapi_use_tpool -#use_tpool = false - - -[oslo_concurrency] - -# -# From oslo.concurrency -# - -# Enables or disables inter-process locks. (boolean value) -# Deprecated group/name - [DEFAULT]/disable_process_locking -#disable_process_locking = false - -# Directory to use for lock files. For security, the specified -# directory should only be writable by the user running the processes -# that need locking. Defaults to environment variable OSLO_LOCK_PATH. -# If external locks are used, a lock path must be set. (string value) -# Deprecated group/name - [DEFAULT]/lock_path -#lock_path = - - -[oslo_policy] - -# -# From oslo.policy -# - -# The JSON file that defines policies. (string value) -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file = policy.json - -# Default rule. Enforced when a requested rule is not found. (string -# value) -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule = default - -# Directories where policy configuration files are stored. They can be -# relative to any directory in the search path defined by the -# config_dir option, or absolute paths. The file defined by -# policy_file must exist for these directories to be searched. -# Missing or empty directories are ignored. (multi valued) -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs = policy.d diff --git a/snapcraft.yaml b/snapcraft.yaml index a1531d1..05b65fa 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -36,8 +36,25 @@ parts: - libffi-dev - libssl-dev - pkg-config - config: + templates: after: - glance plugin: dump source: conf + config: + after: + - glance + plugin: dump + source: http://tarballs.openstack.org/glance/glance-master.tar.gz + organize: + etc/*.conf: etc/glance/ + etc/*.ini: etc/glance/ + etc/*.json: etc/glance/ + filesets: + etc: + - etc/glance/*.conf + - etc/glance/*.ini + - etc/glance/*.json + stage: [$etc] + snap: [$etc] +