Refresh Glance example configs for epoxy m2

Change-Id: Idfffbf2fa5ea96a6fd9b784532c7dd379df77502
2025-01-06 06:07:46 +00:00 · 2025-01-06 06:07:46 +00:00 · 5e3d32e1fc
commit 5e3d32e1fc
parent 69cb639f01
4 changed files with 204 additions and 215 deletions
--- a/etc/glance-api.conf
+++ b/etc/glance-api.conf
@ -739,11 +739,6 @@
 # backends should be separated using comma. (dict value)
 #enabled_backends = <None>

-# This argument is used internally on Windows. Glance passes a pipe handle to
-# child processes, which is then used for inter-process communication. (string
-# value)
-#pipe_handle = <None>
-
 # DEPRECATED:
 # The relative path to sqlite file database that will be used for image cache
 # management.
@ -1758,6 +1753,14 @@
 # (string value)
 #slave_connection = <None>

+# The SQLAlchemy asyncio connection string to use to connect to the database.
+# (string value)
+#asyncio_connection = <None>
+
+# The SQLAlchemy asyncio connection string to use to connect to the slave
+# database. (string value)
+#asyncio_slave_connection = <None>
+
 # The SQL mode to be used for MySQL sessions. This option, including the
 # default, overrides any server-set SQL mode. To use whatever SQL mode is set by
 # the server configuration, set this to no value. Example: mysql_sql_mode=
@ -2366,6 +2369,17 @@
 #  (integer value)
 #s3_store_thread_pools = 10

+#
+# The path to the CA cert bundle to use. The default value (an empty string)
+# forces the use of the default CA cert bundle used by botocore.
+#
+# Possible values:
+#     * A path to the CA cert bundle to use
+#     * An empty string to use the default CA cert bundle used by botocore
+#
+#  (string value)
+#s3_store_cacert =
+

 [glance.store.swift.store]

@ -4112,6 +4126,17 @@
 #  (integer value)
 #s3_store_thread_pools = 10

+#
+# The path to the CA cert bundle to use. The default value (an empty string)
+# forces the use of the default CA cert bundle used by botocore.
+#
+# Possible values:
+#     * A path to the CA cert bundle to use
+#     * An empty string to use the default CA cert bundle used by botocore
+#
+#  (string value)
+#s3_store_cacert =
+
 #
 # Set verification of the server certificate.
 #
@ -4891,6 +4916,10 @@
 # DisableByFilesPortsHealthcheck plugin. (list value)
 #disable_by_file_paths =

+# Check the presence of files. Used by EnableByFilesHealthcheck plugin. (list
+# value)
+#enable_by_file_paths =
+

 [image_format]

@ -5165,6 +5194,21 @@
 # as locks should use the same directory. (string value)
 #lock_path = <None>

+# Number of attempts for the multipath device to be ready for I/O after it was
+# created. Readiness is checked with ``multipath -C``. See related
+# ``wait_mpath_device_interval`` config option. Default value is 4. (integer
+# value)
+# Minimum value: 1
+#wait_mpath_device_attempts = 4
+
+# Interval value to wait for multipath device to be ready for I/O. Max number of
+# attempts is set in ``wait_mpath_device_attempts``. Time in seconds to wait for
+# each retry is ``base ^ attempt * interval``, so for 4 attempts (1 attempt 3
+# retries) and 1 second interval will yield: 2, 4 and 8 seconds. Note that there
+# is no wait before first attempt. Default value is 1. (integer value)
+# Minimum value: 1
+#wait_mpath_device_interval = 1
+

 [oslo_concurrency]

@ -5191,6 +5235,25 @@
 # The service's endpoint id which is registered in Keystone. (string value)
 #endpoint_id = <None>

+# Service name for endpoint discovery (string value)
+#endpoint_service_name = <None>
+
+# Service type for endpoint discovery (string value)
+#endpoint_service_type = <None>
+
+# Region to which the endpoint belongs (string value)
+#endpoint_region_name = <None>
+
+# The interface for endpoint discovery (string value)
+# Possible values:
+# public - <No description provided>
+# publicURL - <No description provided>
+# internal - <No description provided>
+# internalURL - <No description provided>
+# admin - <No description provided>
+# adminURL - <No description provided>
+#endpoint_interface = publicURL
+
 # PEM encoded Certificate Authority to use when verifying HTTPs connections.
 # (string value)
 #cafile = <None>
@ -5328,190 +5391,6 @@
 #retriable_status_codes = <None>


-[oslo_messaging_amqp]
-
-#
-# From oslo.messaging
-#
-
-# Name for the AMQP container. must be globally unique. Defaults to a generated
-# UUID (string value)
-#container_name = <None>
-
-# Timeout for inactive connections (in seconds) (integer value)
-#idle_timeout = 0
-
-# Debug: dump AMQP frames to stdout (boolean value)
-#trace = false
-
-# Attempt to connect via SSL. If no other ssl-related parameters are given, it
-# will use the system's CA-bundle to verify the server's certificate. (boolean
-# value)
-#ssl = false
-
-# CA certificate PEM file used to verify the server's certificate (string value)
-#ssl_ca_file =
-
-# Self-identifying certificate PEM file for client authentication (string value)
-#ssl_cert_file =
-
-# Private key PEM file used to sign ssl_cert_file certificate (optional) (string
-# value)
-#ssl_key_file =
-
-# Password for decrypting ssl_key_file (if encrypted) (string value)
-#ssl_key_password = <None>
-
-# By default SSL checks that the name in the server's certificate matches the
-# hostname in the transport_url. In some configurations it may be preferable to
-# use the virtual hostname instead, for example if the server uses the Server
-# Name Indication TLS extension (rfc6066) to provide a certificate per virtual
-# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the
-# virtual host name instead of the DNS name. (boolean value)
-#ssl_verify_vhost = false
-
-# Space separated list of acceptable SASL mechanisms (string value)
-#sasl_mechanisms =
-
-# Path to directory that contains the SASL configuration (string value)
-#sasl_config_dir =
-
-# Name of configuration file (without .conf suffix) (string value)
-#sasl_config_name =
-
-# SASL realm to use if no realm present in username (string value)
-#sasl_default_realm =
-
-# Seconds to pause before attempting to re-connect. (integer value)
-# Minimum value: 1
-#connection_retry_interval = 1
-
-# Increase the connection_retry_interval by this many seconds after each
-# unsuccessful failover attempt. (integer value)
-# Minimum value: 0
-#connection_retry_backoff = 2
-
-# Maximum limit for connection_retry_interval + connection_retry_backoff
-# (integer value)
-# Minimum value: 1
-#connection_retry_interval_max = 30
-
-# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
-# recoverable error. (integer value)
-# Minimum value: 1
-#link_retry_delay = 10
-
-# The maximum number of attempts to re-send a reply message which failed due to
-# a recoverable error. (integer value)
-# Minimum value: -1
-#default_reply_retry = 0
-
-# The deadline for an rpc reply message delivery. (integer value)
-# Minimum value: 5
-#default_reply_timeout = 30
-
-# The deadline for an rpc cast or call message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_send_timeout = 30
-
-# The deadline for a sent notification message delivery. Only used when caller
-# does not provide a timeout expiry. (integer value)
-# Minimum value: 5
-#default_notify_timeout = 30
-
-# The duration to schedule a purge of idle sender links. Detach link after
-# expiry. (integer value)
-# Minimum value: 1
-#default_sender_link_timeout = 600
-
-# Indicates the addressing mode used by the driver.
-# Permitted values:
-# 'legacy'   - use legacy non-routable addressing
-# 'routable' - use routable addresses
-# 'dynamic'  - use legacy addresses if the message bus does not support routing
-# otherwise use routable addressing (string value)
-#addressing_mode = dynamic
-
-# Enable virtual host support for those message buses that do not natively
-# support virtual hosting (such as qpidd). When set to true the virtual host
-# name will be added to all message bus addresses, effectively creating a
-# private 'subnet' per virtual host. Set to False if the message bus supports
-# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative
-# as the name of the virtual host. (boolean value)
-#pseudo_vhost = true
-
-# address prefix used when sending to a specific server (string value)
-#server_request_prefix = exclusive
-
-# address prefix used when broadcasting to all servers (string value)
-#broadcast_prefix = broadcast
-
-# address prefix when sending to any server in group (string value)
-#group_request_prefix = unicast
-
-# Address prefix for all generated RPC addresses (string value)
-#rpc_address_prefix = openstack.org/om/rpc
-
-# Address prefix for all generated Notification addresses (string value)
-#notify_address_prefix = openstack.org/om/notify
-
-# Appended to the address prefix when sending a fanout message. Used by the
-# message bus to identify fanout messages. (string value)
-#multicast_address = multicast
-
-# Appended to the address prefix when sending to a particular RPC/Notification
-# server. Used by the message bus to identify messages sent to a single
-# destination. (string value)
-#unicast_address = unicast
-
-# Appended to the address prefix when sending to a group of consumers. Used by
-# the message bus to identify messages that should be delivered in a round-robin
-# fashion across consumers. (string value)
-#anycast_address = anycast
-
-# Exchange name used in notification addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_notification_exchange if set
-# else control_exchange if set
-# else 'notify' (string value)
-#default_notification_exchange = <None>
-
-# Exchange name used in RPC addresses.
-# Exchange name resolution precedence:
-# Target.exchange if set
-# else default_rpc_exchange if set
-# else control_exchange if set
-# else 'rpc' (string value)
-#default_rpc_exchange = <None>
-
-# Window size for incoming RPC Reply messages. (integer value)
-# Minimum value: 1
-#reply_link_credit = 200
-
-# Window size for incoming RPC Request messages (integer value)
-# Minimum value: 1
-#rpc_server_credit = 100
-
-# Window size for incoming Notification messages (integer value)
-# Minimum value: 1
-#notify_server_credit = 100
-
-# Send messages of this type pre-settled.
-# Pre-settled messages will not receive acknowledgement
-# from the peer. Note well: pre-settled messages may be
-# silently discarded if the delivery fails.
-# Permitted values:
-# 'rpc-call' - send RPC Calls pre-settled
-# 'rpc-reply'- send RPC Replies pre-settled
-# 'rpc-cast' - Send RPC Casts pre-settled
-# 'notify'   - Send Notifications pre-settled
-#  (multi valued)
-#pre_settled = rpc-cast
-#pre_settled = rpc-reply
-
-
 [oslo_messaging_kafka]

 #
@ -5665,12 +5544,18 @@
 # be raised. (boolean value)
 #ssl_enforce_fips_mode = false

-# Run the health check heartbeat thread through a native python thread by
-# default. If this option is equal to False then the health check heartbeat will
-# inherit the execution model from the parent process. For example if the parent
-# process has monkey patched the stdlib by using eventlet/greenlet then the
-# heartbeat will be run through a green thread. This option should be set to
-# True only for the wsgi services. (boolean value)
+# DEPRECATED: (DEPRECATED) It is recommend not to use this option anymore. Run
+# the health check heartbeat thread through a native python thread by default.
+# If this option is equal to False then the health check heartbeat will inherit
+# the execution model from the parent process. For example if the parent process
+# has monkey patched the stdlib by using eventlet/greenlet then the heartbeat
+# will be run through a green thread. This option should be set to True only for
+# the wsgi services. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: The option is related to Eventlet which will be removed. In addition
+# this has never worked as expected with services using eventlet for core
+# service framework.
 #heartbeat_in_pthread = false

 # How long to wait (in seconds) before reconnecting in response to an AMQP
@ -5764,7 +5649,12 @@
 # The parameter affects only reply and fanout queues. Setting 0 as value will
 # disable the x-expires. If doing so, make sure you have a rabbitmq policy to
 # delete the queues or you deployment will create an infinite number of queue
-# over time. (integer value)
+# over time.In case rabbit_stream_fanout is set to True, this option will
+# control data retention policy (x-max-age) for messages in the fanout queue
+# rather then the queue duration itself. So the oldest data in the stream queue
+# will be discarded from it once reaching TTL Setting to 0 will disable x-max-
+# age for stream which make stream grow indefinitely filling up the diskspace
+# (integer value)
 # Minimum value: 0
 #rabbit_transient_queues_ttl = 1800

@ -5807,7 +5697,11 @@
 #hostname = node1.example.com

 # Process name used by queue manager (string value)
-#processname = oslo-config-generator
+#
+# This option has a sample default set, which means that
+# its actual default value may vary from the one documented
+# below.
+#processname = nova-api

 # Use stream queues in RabbitMQ (x-queue-type: stream). Streams are a new
 # persistent and replicated data structure ("queue type") in RabbitMQ which
@ -5834,12 +5728,17 @@
 # From oslo.policy
 #

-# This option controls whether or not to enforce scope when evaluating policies.
-# If ``True``, the scope of the token used in the request is compared to the
-# ``scope_types`` of the policy being enforced. If the scopes do not match, an
-# ``InvalidScope`` exception will be raised. If ``False``, a message will be
-# logged informing operators that policies are being invoked with mismatching
-# scope. (boolean value)
+# DEPRECATED: This option controls whether or not to enforce scope when
+# evaluating policies. If ``True``, the scope of the token used in the request
+# is compared to the ``scope_types`` of the policy being enforced. If the scopes
+# do not match, an ``InvalidScope`` exception will be raised. If ``False``, a
+# message will be logged informing operators that policies are being invoked
+# with mismatching scope. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This configuration was added temporarily to facilitate a smooth
+# transition to the new RBAC. OpenStack will always enforce scope checks. This
+# configuration option is deprecated and will be removed in the 2025.2 cycle.
 #enforce_scope = true

 # This option controls whether or not to use old deprecated defaults when
@ -5887,6 +5786,10 @@
 # Absolute path client key file REST based policy check (string value)
 #remote_ssl_client_key_file = <None>

+# Timeout in seconds for REST based policy check (floating point value)
+# Minimum value: 0
+#remote_timeout = 60
+

 [oslo_reports]

--- a/etc/glance-cache.conf
+++ b/etc/glance-cache.conf
@ -1733,6 +1733,17 @@
 #  (integer value)
 #s3_store_thread_pools = 10

+#
+# The path to the CA cert bundle to use. The default value (an empty string)
+# forces the use of the default CA cert bundle used by botocore.
+#
+# Possible values:
+#     * A path to the CA cert bundle to use
+#     * An empty string to use the default CA cert bundle used by botocore
+#
+#  (string value)
+#s3_store_cacert =
+
 #
 # Set verification of the server certificate.
 #
@ -2486,6 +2497,21 @@
 # as locks should use the same directory. (string value)
 #lock_path = <None>

+# Number of attempts for the multipath device to be ready for I/O after it was
+# created. Readiness is checked with ``multipath -C``. See related
+# ``wait_mpath_device_interval`` config option. Default value is 4. (integer
+# value)
+# Minimum value: 1
+#wait_mpath_device_attempts = 4
+
+# Interval value to wait for multipath device to be ready for I/O. Max number of
+# attempts is set in ``wait_mpath_device_attempts``. Time in seconds to wait for
+# each retry is ``base ^ attempt * interval``, so for 4 attempts (1 attempt 3
+# retries) and 1 second interval will yield: 2, 4 and 8 seconds. Note that there
+# is no wait before first attempt. Default value is 1. (integer value)
+# Minimum value: 1
+#wait_mpath_device_interval = 1
+

 [oslo_policy]

@ -2493,12 +2519,17 @@
 # From oslo.policy
 #

-# This option controls whether or not to enforce scope when evaluating policies.
-# If ``True``, the scope of the token used in the request is compared to the
-# ``scope_types`` of the policy being enforced. If the scopes do not match, an
-# ``InvalidScope`` exception will be raised. If ``False``, a message will be
-# logged informing operators that policies are being invoked with mismatching
-# scope. (boolean value)
+# DEPRECATED: This option controls whether or not to enforce scope when
+# evaluating policies. If ``True``, the scope of the token used in the request
+# is compared to the ``scope_types`` of the policy being enforced. If the scopes
+# do not match, an ``InvalidScope`` exception will be raised. If ``False``, a
+# message will be logged informing operators that policies are being invoked
+# with mismatching scope. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This configuration was added temporarily to facilitate a smooth
+# transition to the new RBAC. OpenStack will always enforce scope checks. This
+# configuration option is deprecated and will be removed in the 2025.2 cycle.
 #enforce_scope = true

 # This option controls whether or not to use old deprecated defaults when
@ -2545,3 +2576,7 @@

 # Absolute path client key file REST based policy check (string value)
 #remote_ssl_client_key_file = <None>
+
+# Timeout in seconds for REST based policy check (floating point value)
+# Minimum value: 0
+#remote_timeout = 60
--- a/etc/glance-manage.conf
+++ b/etc/glance-manage.conf
@ -186,6 +186,14 @@
 # (string value)
 #slave_connection = <None>

+# The SQLAlchemy asyncio connection string to use to connect to the database.
+# (string value)
+#asyncio_connection = <None>
+
+# The SQLAlchemy asyncio connection string to use to connect to the slave
+# database. (string value)
+#asyncio_slave_connection = <None>
+
 # The SQL mode to be used for MySQL sessions. This option, including the
 # default, overrides any server-set SQL mode. To use whatever SQL mode is set by
 # the server configuration, set this to no value. Example: mysql_sql_mode=
--- a/etc/glance-scrubber.conf
+++ b/etc/glance-scrubber.conf
@ -790,6 +790,14 @@
 # (string value)
 #slave_connection = <None>

+# The SQLAlchemy asyncio connection string to use to connect to the database.
+# (string value)
+#asyncio_connection = <None>
+
+# The SQLAlchemy asyncio connection string to use to connect to the slave
+# database. (string value)
+#asyncio_slave_connection = <None>
+
 # The SQL mode to be used for MySQL sessions. This option, including the
 # default, overrides any server-set SQL mode. To use whatever SQL mode is set by
 # the server configuration, set this to no value. Example: mysql_sql_mode=
@ -1823,6 +1831,17 @@
 #  (integer value)
 #s3_store_thread_pools = 10

+#
+# The path to the CA cert bundle to use. The default value (an empty string)
+# forces the use of the default CA cert bundle used by botocore.
+#
+# Possible values:
+#     * A path to the CA cert bundle to use
+#     * An empty string to use the default CA cert bundle used by botocore
+#
+#  (string value)
+#s3_store_cacert =
+
 #
 # Set verification of the server certificate.
 #
@ -2576,6 +2595,21 @@
 # as locks should use the same directory. (string value)
 #lock_path = <None>

+# Number of attempts for the multipath device to be ready for I/O after it was
+# created. Readiness is checked with ``multipath -C``. See related
+# ``wait_mpath_device_interval`` config option. Default value is 4. (integer
+# value)
+# Minimum value: 1
+#wait_mpath_device_attempts = 4
+
+# Interval value to wait for multipath device to be ready for I/O. Max number of
+# attempts is set in ``wait_mpath_device_attempts``. Time in seconds to wait for
+# each retry is ``base ^ attempt * interval``, so for 4 attempts (1 attempt 3
+# retries) and 1 second interval will yield: 2, 4 and 8 seconds. Note that there
+# is no wait before first attempt. Default value is 1. (integer value)
+# Minimum value: 1
+#wait_mpath_device_interval = 1
+

 [oslo_concurrency]

@ -2599,12 +2633,17 @@
 # From oslo.policy
 #

-# This option controls whether or not to enforce scope when evaluating policies.
-# If ``True``, the scope of the token used in the request is compared to the
-# ``scope_types`` of the policy being enforced. If the scopes do not match, an
-# ``InvalidScope`` exception will be raised. If ``False``, a message will be
-# logged informing operators that policies are being invoked with mismatching
-# scope. (boolean value)
+# DEPRECATED: This option controls whether or not to enforce scope when
+# evaluating policies. If ``True``, the scope of the token used in the request
+# is compared to the ``scope_types`` of the policy being enforced. If the scopes
+# do not match, an ``InvalidScope`` exception will be raised. If ``False``, a
+# message will be logged informing operators that policies are being invoked
+# with mismatching scope. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This configuration was added temporarily to facilitate a smooth
+# transition to the new RBAC. OpenStack will always enforce scope checks. This
+# configuration option is deprecated and will be removed in the 2025.2 cycle.
 #enforce_scope = true

 # This option controls whether or not to use old deprecated defaults when
@ -2651,3 +2690,7 @@

 # Absolute path client key file REST based policy check (string value)
 #remote_ssl_client_key_file = <None>
+
+# Timeout in seconds for REST based policy check (floating point value)
+# Minimum value: 0
+#remote_timeout = 60