Regenerate sample configuration files

Regenerate the configuration files for Queens RC-1

Change-Id: I010517b2075b84bff1d0fcc2cba17b794a271bcf

etc/glance-api.conf

@@ -620,7 +620,7 @@
 # default in Queens and removed in Rocky. This allows Glance to
 # operate with previous version configs upon upgrade.
 #
-# Setting this option to True will enable the endpoints related
+# Setting this option to False will disable the endpoints related
 # to Image Import Refactoring work.
 #
 # Related options:
@@ -633,7 +633,17 @@
 # It was introduced to make sure that the API is not enabled
 # before the '[DEFAULT]/node_staging_uri' is defined and is
 # long term redundant.
-#enable_image_import = false
+#enable_image_import = true
+
+#
+# List of enabled Image Import Methods
+#
+# Both 'glance-direct' and 'web-download' are enabled by default.
+#
+# Related options:
+#     * [DEFAULT]/node_staging_uri
+#     * [DEFAULT]/enable_image_import (list value)
+#enabled_import_methods = glance-direct,web-download
 
 #
 # Strategy to determine the preference order of image locations.
@@ -659,7 +669,9 @@
 #     * store_type_preference
 #
 #  (string value)
-# Allowed values: location_order, store_type
+# Possible values:
+# location_order - <No description provided>
+# store_type - <No description provided>
 #location_strategy = location_order
 
 #
@@ -713,7 +725,9 @@
 #     * property_protection_file
 #
 #  (string value)
-# Allowed values: roles, policies
+# Possible values:
+# roles - <No description provided>
+# policies - <No description provided>
 #property_protection_rule_format = roles
 
 #
@@ -1025,7 +1039,9 @@
 #     * None
 #
 #  (string value)
-# Allowed values: sqlite, xattr
+# Possible values:
+# sqlite - <No description provided>
+# xattr - <No description provided>
 #image_cache_driver = sqlite
 
 #
@@ -1301,7 +1317,9 @@
 #     * registry_client_ca_file
 #
 #  (string value)
-# Allowed values: http, https
+# Possible values:
+# http - <No description provided>
+# https - <No description provided>
 # This option is deprecated for removal since Queens.
 # Its value may be silently ignored in the future.
 # Reason:
@@ -1700,7 +1718,10 @@
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
-# Allowed values: redis, sentinel, dummy
+# Possible values:
+# redis - <No description provided>
+# sentinel - <No description provided>
+# dummy - <No description provided>
 #rpc_zmq_matchmaker = redis
 
 # Number of ZeroMQ contexts, defaults to 1. (integer value)
@@ -1769,7 +1790,9 @@
 
 # Default serialization mechanism for serializing/deserializing
 # outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
+# Possible values:
+# json - <No description provided>
+# msgpack - <No description provided>
 #rpc_zmq_serialization = json
 
 # This option configures round-robin mode in zmq socket. True means not keeping
@@ -2068,7 +2091,19 @@
 #     * stores
 #
 #  (string value)
-# Allowed values: file, filesystem, http, https, swift, swift+http, swift+https, swift+config, rbd, sheepdog, cinder, vsphere
+# Possible values:
+# file - <No description provided>
+# filesystem - <No description provided>
+# http - <No description provided>
+# https - <No description provided>
+# swift - <No description provided>
+# swift+http - <No description provided>
+# swift+https - <No description provided>
+# swift+config - <No description provided>
+# rbd - <No description provided>
+# sheepdog - <No description provided>
+# cinder - <No description provided>
+# vsphere - <No description provided>
 #default_store = file
 
 #
@@ -2806,7 +2841,10 @@
 #     * swift_store_endpoint
 #
 #  (string value)
-# Allowed values: publicURL, adminURL, internalURL
+# Possible values:
+# publicURL - <No description provided>
+# adminURL - <No description provided>
+# internalURL - <No description provided>
 #swift_store_endpoint_type = publicURL
 
 #
@@ -3105,6 +3143,32 @@
 #  (boolean value)
 #swift_store_use_trusts = true
 
+#
+# Buffer image segments before upload to Swift.
+#
+# Provide a boolean value to indicate whether or not Glance should
+# buffer image data to disk while uploading to swift. This enables
+# Glance to resume uploads on error.
+#
+# NOTES:
+# When enabling this option, one should take great care as this
+# increases disk usage on the API node. Be aware that depending
+# upon how the file system is configured, the disk space used
+# for buffering may decrease the actual disk space available for
+# the glance image cache.  Disk utilization will cap according to
+# the following equation:
+# (``swift_store_large_object_chunk_size`` * ``workers`` * 1000)
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * swift_upload_buffer_dir
+#
+#  (boolean value)
+#swift_buffer_on_upload = false
+
 #
 # Reference to default Swift account/backing store parameters.
 #
@@ -3183,6 +3247,31 @@
 #  (string value)
 #swift_store_config_file = <None>
 
+#
+# Directory to buffer image segments before upload to Swift.
+#
+# Provide a string value representing the absolute path to the
+# directory on the glance node where image segments will be
+# buffered briefly before they are uploaded to swift.
+#
+# NOTES:
+# * This is required only when the configuration option
+#   ``swift_buffer_on_upload`` is set to True.
+# * This directory should be provisioned keeping in mind the
+#   ``swift_store_large_object_chunk_size`` and the maximum
+#   number of images that could be uploaded simultaneously by
+#   a given glance node.
+#
+# Possible values:
+#     * String value representing an absolute directory path
+#
+# Related options:
+#     * swift_buffer_on_upload
+#     * swift_store_large_object_chunk_size
+#
+#  (string value)
+#swift_upload_buffer_dir = <None>
+
 #
 # Address of the ESX/ESXi or vCenter Server target system.
 #
@@ -3478,7 +3567,10 @@
 # in the cache. If ENCRYPT, token data is encrypted and authenticated in the
 # cache. If the value is not one of these options or empty, auth_token will
 # raise an exception on initialization. (string value)
-# Allowed values: None, MAC, ENCRYPT
+# Possible values:
+# None - <No description provided>
+# MAC - <No description provided>
+# ENCRYPT - <No description provided>
 #memcache_security_strategy = None
 
 # (Optional, mandatory if memcache_security_strategy is defined) This string is
@@ -3856,13 +3948,24 @@
 # Default timeout(s) for Kafka consumers (floating point value)
 #kafka_consumer_timeout = 1.0
 
-# Pool Size for Kafka Consumers (integer value)
+# DEPRECATED: Pool Size for Kafka Consumers (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Driver no longer uses connection pool.
 #pool_size = 10
 
-# The pool size limit for connections expiration policy (integer value)
+# DEPRECATED: The pool size limit for connections expiration policy (integer
+# value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Driver no longer uses connection pool.
 #conn_pool_min_size = 2
 
-# The time-to-live in sec of idle connections in the pool (integer value)
+# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer
+# value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Driver no longer uses connection pool.
 #conn_pool_ttl = 1200
 
 # Group id for Kafka consumer. Consumers in one group will coordinate message
@@ -3955,7 +4058,9 @@
 # Determines how the next RabbitMQ node is chosen in case the one we are
 # currently connected to becomes unavailable. Takes effect only if more than one
 # RabbitMQ node is provided in config. (string value)
-# Allowed values: round-robin, shuffle
+# Possible values:
+# round-robin - <No description provided>
+# shuffle - <No description provided>
 #kombu_failover_strategy = round-robin
 
 # DEPRECATED: The RabbitMQ broker address where a single node is used. (string
@@ -3992,7 +4097,10 @@
 #rabbit_password = guest
 
 # The RabbitMQ login method. (string value)
-# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
+# Possible values:
+# PLAIN - <No description provided>
+# AMQPLAIN - <No description provided>
+# RABBIT-CR-DEMO - <No description provided>
 #rabbit_login_method = AMQPLAIN
 
 # DEPRECATED: The RabbitMQ virtual host. (string value)
@@ -4071,7 +4179,10 @@
 #host_connection_reconnect_delay = 0.25
 
 # Connection factory implementation (string value)
-# Allowed values: new, single, read_write
+# Possible values:
+# new - <No description provided>
+# single - <No description provided>
+# read_write - <No description provided>
 #connection_factory = single
 
 # Maximum number of connections to keep queued. (integer value)
@@ -4095,7 +4206,9 @@
 
 # Default serialization mechanism for serializing/deserializing
 # outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
+# Possible values:
+# json - <No description provided>
+# msgpack - <No description provided>
 #default_serializer_type = json
 
 # Persist notification messages. (boolean value)
@@ -4162,7 +4275,10 @@
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
-# Allowed values: redis, sentinel, dummy
+# Possible values:
+# redis - <No description provided>
+# sentinel - <No description provided>
+# dummy - <No description provided>
 #rpc_zmq_matchmaker = redis
 
 # Number of ZeroMQ contexts, defaults to 1. (integer value)
@@ -4231,7 +4347,9 @@
 
 # Default serialization mechanism for serializing/deserializing
 # outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
+# Possible values:
+# json - <No description provided>
+# msgpack - <No description provided>
 #rpc_zmq_serialization = json
 
 # This option configures round-robin mode in zmq socket. True means not keeping
@@ -4313,6 +4431,14 @@
 # From oslo.policy
 #
 
+# This option controls whether or not to enforce scope when evaluating policies.
+# If ``True``, the scope of the token used in the request is compared to the
+# ``scope_types`` of the policy being enforced. If the scopes do not match, an
+# ``InvalidScope`` exception will be raised. If ``False``, a message will be
+# logged informing operators that policies are being invoked with mismatching
+# scope. (boolean value)
+#enforce_scope = false
+
 # The file that defines policies. (string value)
 #policy_file = policy.json
 
@@ -4328,7 +4454,9 @@
 
 # Content Type to send and receive data for REST based policy check (string
 # value)
-# Allowed values: application/x-www-form-urlencoded, application/json
+# Possible values:
+# application/x-www-form-urlencoded - <No description provided>
+# application/json - <No description provided>
 #remote_content_type = application/x-www-form-urlencoded
 
 # server identity verification for REST based policy check (boolean value)
@@ -4626,7 +4754,9 @@
 #     * max_workers
 #
 #  (string value)
-# Allowed values: serial, parallel
+# Possible values:
+# serial - <No description provided>
+# parallel - <No description provided>
 #engine_mode = parallel
 
 #
@@ -4678,5 +4808,8 @@
 #     * disk_formats
 #
 #  (string value)
-# Allowed values: qcow2, raw, vmdk
+# Possible values:
+# qcow2 - <No description provided>
+# raw - <No description provided>
+# vmdk - <No description provided>
 #conversion_format = raw

etc/glance-cache.conf

@@ -525,7 +525,7 @@
 # default in Queens and removed in Rocky. This allows Glance to
 # operate with previous version configs upon upgrade.
 #
-# Setting this option to True will enable the endpoints related
+# Setting this option to False will disable the endpoints related
 # to Image Import Refactoring work.
 #
 # Related options:
@@ -538,7 +538,17 @@
 # It was introduced to make sure that the API is not enabled
 # before the '[DEFAULT]/node_staging_uri' is defined and is
 # long term redundant.
-#enable_image_import = false
+#enable_image_import = true
+
+#
+# List of enabled Image Import Methods
+#
+# Both 'glance-direct' and 'web-download' are enabled by default.
+#
+# Related options:
+#     * [DEFAULT]/node_staging_uri
+#     * [DEFAULT]/enable_image_import (list value)
+#enabled_import_methods = glance-direct,web-download
 
 #
 # The relative path to sqlite file database that will be used for image cache
@@ -589,7 +599,9 @@
 #     * None
 #
 #  (string value)
-# Allowed values: sqlite, xattr
+# Possible values:
+# sqlite - <No description provided>
+# xattr - <No description provided>
 #image_cache_driver = sqlite
 
 #
@@ -744,7 +756,9 @@
 #     * registry_client_ca_file
 #
 #  (string value)
-# Allowed values: http, https
+# Possible values:
+# http - <No description provided>
+# https - <No description provided>
 # This option is deprecated for removal since Queens.
 # Its value may be silently ignored in the future.
 # Reason:
@@ -1151,7 +1165,19 @@
 #     * stores
 #
 #  (string value)
-# Allowed values: file, filesystem, http, https, swift, swift+http, swift+https, swift+config, rbd, sheepdog, cinder, vsphere
+# Possible values:
+# file - <No description provided>
+# filesystem - <No description provided>
+# http - <No description provided>
+# https - <No description provided>
+# swift - <No description provided>
+# swift+http - <No description provided>
+# swift+https - <No description provided>
+# swift+config - <No description provided>
+# rbd - <No description provided>
+# sheepdog - <No description provided>
+# cinder - <No description provided>
+# vsphere - <No description provided>
 #default_store = file
 
 #
@@ -1889,7 +1915,10 @@
 #     * swift_store_endpoint
 #
 #  (string value)
-# Allowed values: publicURL, adminURL, internalURL
+# Possible values:
+# publicURL - <No description provided>
+# adminURL - <No description provided>
+# internalURL - <No description provided>
 #swift_store_endpoint_type = publicURL
 
 #
@@ -2188,6 +2217,32 @@
 #  (boolean value)
 #swift_store_use_trusts = true
 
+#
+# Buffer image segments before upload to Swift.
+#
+# Provide a boolean value to indicate whether or not Glance should
+# buffer image data to disk while uploading to swift. This enables
+# Glance to resume uploads on error.
+#
+# NOTES:
+# When enabling this option, one should take great care as this
+# increases disk usage on the API node. Be aware that depending
+# upon how the file system is configured, the disk space used
+# for buffering may decrease the actual disk space available for
+# the glance image cache.  Disk utilization will cap according to
+# the following equation:
+# (``swift_store_large_object_chunk_size`` * ``workers`` * 1000)
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * swift_upload_buffer_dir
+#
+#  (boolean value)
+#swift_buffer_on_upload = false
+
 #
 # Reference to default Swift account/backing store parameters.
 #
@@ -2266,6 +2321,31 @@
 #  (string value)
 #swift_store_config_file = <None>
 
+#
+# Directory to buffer image segments before upload to Swift.
+#
+# Provide a string value representing the absolute path to the
+# directory on the glance node where image segments will be
+# buffered briefly before they are uploaded to swift.
+#
+# NOTES:
+# * This is required only when the configuration option
+#   ``swift_buffer_on_upload`` is set to True.
+# * This directory should be provisioned keeping in mind the
+#   ``swift_store_large_object_chunk_size`` and the maximum
+#   number of images that could be uploaded simultaneously by
+#   a given glance node.
+#
+# Possible values:
+#     * String value representing an absolute directory path
+#
+# Related options:
+#     * swift_buffer_on_upload
+#     * swift_store_large_object_chunk_size
+#
+#  (string value)
+#swift_upload_buffer_dir = <None>
+
 #
 # Address of the ESX/ESXi or vCenter Server target system.
 #
@@ -2451,6 +2531,14 @@
 # From oslo.policy
 #
 
+# This option controls whether or not to enforce scope when evaluating policies.
+# If ``True``, the scope of the token used in the request is compared to the
+# ``scope_types`` of the policy being enforced. If the scopes do not match, an
+# ``InvalidScope`` exception will be raised. If ``False``, a message will be
+# logged informing operators that policies are being invoked with mismatching
+# scope. (boolean value)
+#enforce_scope = false
+
 # The file that defines policies. (string value)
 #policy_file = policy.json
 
@@ -2466,7 +2554,9 @@
 
 # Content Type to send and receive data for REST based policy check (string
 # value)
-# Allowed values: application/x-www-form-urlencoded, application/json
+# Possible values:
+# application/x-www-form-urlencoded - <No description provided>
+# application/json - <No description provided>
 #remote_content_type = application/x-www-form-urlencoded
 
 # server identity verification for REST based policy check (boolean value)

etc/glance-image-import.conf.sample

@@ -42,8 +42,6 @@
 # Specify name of user roles to be ignored for injecting metadata
 # properties in the image.
 #
-# Specify name of the user roles
-#
 # Possible values:
 #     * List containing user roles. For example: [admin,member]
 #

etc/glance-registry.conf

@@ -599,7 +599,7 @@
 # default in Queens and removed in Rocky. This allows Glance to
 # operate with previous version configs upon upgrade.
 #
-# Setting this option to True will enable the endpoints related
+# Setting this option to False will disable the endpoints related
 # to Image Import Refactoring work.
 #
 # Related options:
@@ -612,7 +612,17 @@
 # It was introduced to make sure that the API is not enabled
 # before the '[DEFAULT]/node_staging_uri' is defined and is
 # long term redundant.
-#enable_image_import = false
+#enable_image_import = true
+
+#
+# List of enabled Image Import Methods
+#
+# Both 'glance-direct' and 'web-download' are enabled by default.
+#
+# Related options:
+#     * [DEFAULT]/node_staging_uri
+#     * [DEFAULT]/enable_image_import (list value)
+#enabled_import_methods = glance-direct,web-download
 
 #
 # IP address to bind the glance servers to.
@@ -983,7 +993,10 @@
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
-# Allowed values: redis, sentinel, dummy
+# Possible values:
+# redis - <No description provided>
+# sentinel - <No description provided>
+# dummy - <No description provided>
 #rpc_zmq_matchmaker = redis
 
 # Number of ZeroMQ contexts, defaults to 1. (integer value)
@@ -1052,7 +1065,9 @@
 
 # Default serialization mechanism for serializing/deserializing
 # outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
+# Possible values:
+# json - <No description provided>
+# msgpack - <No description provided>
 #rpc_zmq_serialization = json
 
 # This option configures round-robin mode in zmq socket. True means not keeping
@@ -1365,7 +1380,10 @@
 # in the cache. If ENCRYPT, token data is encrypted and authenticated in the
 # cache. If the value is not one of these options or empty, auth_token will
 # raise an exception on initialization. (string value)
-# Allowed values: None, MAC, ENCRYPT
+# Possible values:
+# None - <No description provided>
+# MAC - <No description provided>
+# ENCRYPT - <No description provided>
 #memcache_security_strategy = None
 
 # (Optional, mandatory if memcache_security_strategy is defined) This string is
@@ -1727,13 +1745,24 @@
 # Default timeout(s) for Kafka consumers (floating point value)
 #kafka_consumer_timeout = 1.0
 
-# Pool Size for Kafka Consumers (integer value)
+# DEPRECATED: Pool Size for Kafka Consumers (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Driver no longer uses connection pool.
 #pool_size = 10
 
-# The pool size limit for connections expiration policy (integer value)
+# DEPRECATED: The pool size limit for connections expiration policy (integer
+# value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Driver no longer uses connection pool.
 #conn_pool_min_size = 2
 
-# The time-to-live in sec of idle connections in the pool (integer value)
+# DEPRECATED: The time-to-live in sec of idle connections in the pool (integer
+# value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Driver no longer uses connection pool.
 #conn_pool_ttl = 1200
 
 # Group id for Kafka consumer. Consumers in one group will coordinate message
@@ -1826,7 +1855,9 @@
 # Determines how the next RabbitMQ node is chosen in case the one we are
 # currently connected to becomes unavailable. Takes effect only if more than one
 # RabbitMQ node is provided in config. (string value)
-# Allowed values: round-robin, shuffle
+# Possible values:
+# round-robin - <No description provided>
+# shuffle - <No description provided>
 #kombu_failover_strategy = round-robin
 
 # DEPRECATED: The RabbitMQ broker address where a single node is used. (string
@@ -1863,7 +1894,10 @@
 #rabbit_password = guest
 
 # The RabbitMQ login method. (string value)
-# Allowed values: PLAIN, AMQPLAIN, RABBIT-CR-DEMO
+# Possible values:
+# PLAIN - <No description provided>
+# AMQPLAIN - <No description provided>
+# RABBIT-CR-DEMO - <No description provided>
 #rabbit_login_method = AMQPLAIN
 
 # DEPRECATED: The RabbitMQ virtual host. (string value)
@@ -1942,7 +1976,10 @@
 #host_connection_reconnect_delay = 0.25
 
 # Connection factory implementation (string value)
-# Allowed values: new, single, read_write
+# Possible values:
+# new - <No description provided>
+# single - <No description provided>
+# read_write - <No description provided>
 #connection_factory = single
 
 # Maximum number of connections to keep queued. (integer value)
@@ -1966,7 +2003,9 @@
 
 # Default serialization mechanism for serializing/deserializing
 # outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
+# Possible values:
+# json - <No description provided>
+# msgpack - <No description provided>
 #default_serializer_type = json
 
 # Persist notification messages. (boolean value)
@@ -2033,7 +2072,10 @@
 #rpc_zmq_bind_address = *
 
 # MatchMaker driver. (string value)
-# Allowed values: redis, sentinel, dummy
+# Possible values:
+# redis - <No description provided>
+# sentinel - <No description provided>
+# dummy - <No description provided>
 #rpc_zmq_matchmaker = redis
 
 # Number of ZeroMQ contexts, defaults to 1. (integer value)
@@ -2102,7 +2144,9 @@
 
 # Default serialization mechanism for serializing/deserializing
 # outgoing/incoming messages (string value)
-# Allowed values: json, msgpack
+# Possible values:
+# json - <No description provided>
+# msgpack - <No description provided>
 #rpc_zmq_serialization = json
 
 # This option configures round-robin mode in zmq socket. True means not keeping
@@ -2173,6 +2217,14 @@
 # From oslo.policy
 #
 
+# This option controls whether or not to enforce scope when evaluating policies.
+# If ``True``, the scope of the token used in the request is compared to the
+# ``scope_types`` of the policy being enforced. If the scopes do not match, an
+# ``InvalidScope`` exception will be raised. If ``False``, a message will be
+# logged informing operators that policies are being invoked with mismatching
+# scope. (boolean value)
+#enforce_scope = false
+
 # The file that defines policies. (string value)
 #policy_file = policy.json
 
@@ -2188,7 +2240,9 @@
 
 # Content Type to send and receive data for REST based policy check (string
 # value)
-# Allowed values: application/x-www-form-urlencoded, application/json
+# Possible values:
+# application/x-www-form-urlencoded - <No description provided>
+# application/json - <No description provided>
 #remote_content_type = application/x-www-form-urlencoded
 
 # server identity verification for REST based policy check (boolean value)

etc/glance-scrubber.conf

@@ -525,7 +525,7 @@
 # default in Queens and removed in Rocky. This allows Glance to
 # operate with previous version configs upon upgrade.
 #
-# Setting this option to True will enable the endpoints related
+# Setting this option to False will disable the endpoints related
 # to Image Import Refactoring work.
 #
 # Related options:
@@ -538,7 +538,17 @@
 # It was introduced to make sure that the API is not enabled
 # before the '[DEFAULT]/node_staging_uri' is defined and is
 # long term redundant.
-#enable_image_import = false
+#enable_image_import = true
+
+#
+# List of enabled Image Import Methods
+#
+# Both 'glance-direct' and 'web-download' are enabled by default.
+#
+# Related options:
+#     * [DEFAULT]/node_staging_uri
+#     * [DEFAULT]/enable_image_import (list value)
+#enabled_import_methods = glance-direct,web-download
 
 #
 # The amount of time, in seconds, to delay image scrubbing.
@@ -614,56 +624,6 @@
 #  (boolean value)
 #delayed_delete = false
 
-#
-# Role used to identify an authenticated user as administrator.
-#
-# Provide a string value representing a Keystone role to identify an
-# administrative user. Users with this role will be granted
-# administrative privileges. The default value for this option is
-# 'admin'.
-#
-# Possible values:
-#     * A string value which is a valid Keystone role
-#
-# Related options:
-#     * None
-#
-#  (string value)
-#admin_role = admin
-
-#
-# Send headers received from identity when making requests to
-# registry.
-#
-# Typically, Glance registry can be deployed in multiple flavors,
-# which may or may not include authentication. For example,
-# ``trusted-auth`` is a flavor that does not require the registry
-# service to authenticate the requests it receives. However, the
-# registry service may still need a user context to be populated to
-# serve the requests. This can be achieved by the caller
-# (the Glance API usually) passing through the headers it received
-# from authenticating with identity for the same request. The typical
-# headers sent are ``X-User-Id``, ``X-Tenant-Id``, ``X-Roles``,
-# ``X-Identity-Status`` and ``X-Service-Catalog``.
-#
-# Provide a boolean value to determine whether to send the identity
-# headers to provide tenant and user information along with the
-# requests to registry service. By default, this option is set to
-# ``False``, which means that user and tenant information is not
-# available readily. It must be obtained by authenticating. Hence, if
-# this is set to ``False``, ``flavor`` must be set to value that
-# either includes authentication or authenticated user context.
-#
-# Possible values:
-#     * True
-#     * False
-#
-# Related options:
-#     * flavor
-#
-#  (boolean value)
-#send_identity_headers = false
-
 #
 # Time interval, in seconds, between scrubber runs in daemon mode.
 #
@@ -710,308 +670,6 @@
 #  (boolean value)
 #daemon = false
 
-# DEPRECATED:
-# Protocol to use for communication with the registry server.
-#
-# Provide a string value representing the protocol to use for
-# communication with the registry server. By default, this option is
-# set to ``http`` and the connection is not secure.
-#
-# This option can be set to ``https`` to establish a secure connection
-# to the registry server. In this case, provide a key to use for the
-# SSL connection using the ``registry_client_key_file`` option. Also
-# include the CA file and cert file using the options
-# ``registry_client_ca_file`` and ``registry_client_cert_file``
-# respectively.
-#
-# Possible values:
-#     * http
-#     * https
-#
-# Related options:
-#     * registry_client_key_file
-#     * registry_client_cert_file
-#     * registry_client_ca_file
-#
-#  (string value)
-# Allowed values: http, https
-# This option is deprecated for removal since Queens.
-# Its value may be silently ignored in the future.
-# Reason:
-# Glance registry service is deprecated for removal.
-#
-# More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
-#registry_client_protocol = http
-
-# DEPRECATED:
-# Absolute path to the private key file.
-#
-# Provide a string value representing a valid absolute path to the
-# private key file to use for establishing a secure connection to
-# the registry server.
-#
-# NOTE: This option must be set if ``registry_client_protocol`` is
-# set to ``https``. Alternatively, the GLANCE_CLIENT_KEY_FILE
-# environment variable may be set to a filepath of the key file.
-#
-# Possible values:
-#     * String value representing a valid absolute path to the key
-#       file.
-#
-# Related options:
-#     * registry_client_protocol
-#
-#  (string value)
-# This option is deprecated for removal since Queens.
-# Its value may be silently ignored in the future.
-# Reason:
-# Glance registry service is deprecated for removal.
-#
-# More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
-#registry_client_key_file = /etc/ssl/key/key-file.pem
-
-# DEPRECATED:
-# Absolute path to the certificate file.
-#
-# Provide a string value representing a valid absolute path to the
-# certificate file to use for establishing a secure connection to
-# the registry server.
-#
-# NOTE: This option must be set if ``registry_client_protocol`` is
-# set to ``https``. Alternatively, the GLANCE_CLIENT_CERT_FILE
-# environment variable may be set to a filepath of the certificate
-# file.
-#
-# Possible values:
-#     * String value representing a valid absolute path to the
-#       certificate file.
-#
-# Related options:
-#     * registry_client_protocol
-#
-#  (string value)
-# This option is deprecated for removal since Queens.
-# Its value may be silently ignored in the future.
-# Reason:
-# Glance registry service is deprecated for removal.
-#
-# More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
-#registry_client_cert_file = /etc/ssl/certs/file.crt
-
-# DEPRECATED:
-# Absolute path to the Certificate Authority file.
-#
-# Provide a string value representing a valid absolute path to the
-# certificate authority file to use for establishing a secure
-# connection to the registry server.
-#
-# NOTE: This option must be set if ``registry_client_protocol`` is
-# set to ``https``. Alternatively, the GLANCE_CLIENT_CA_FILE
-# environment variable may be set to a filepath of the CA file.
-# This option is ignored if the ``registry_client_insecure`` option
-# is set to ``True``.
-#
-# Possible values:
-#     * String value representing a valid absolute path to the CA
-#       file.
-#
-# Related options:
-#     * registry_client_protocol
-#     * registry_client_insecure
-#
-#  (string value)
-# This option is deprecated for removal since Queens.
-# Its value may be silently ignored in the future.
-# Reason:
-# Glance registry service is deprecated for removal.
-#
-# More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
-#registry_client_ca_file = /etc/ssl/cafile/file.ca
-
-# DEPRECATED:
-# Set verification of the registry server certificate.
-#
-# Provide a boolean value to determine whether or not to validate
-# SSL connections to the registry server. By default, this option
-# is set to ``False`` and the SSL connections are validated.
-#
-# If set to ``True``, the connection to the registry server is not
-# validated via a certifying authority and the
-# ``registry_client_ca_file`` option is ignored. This is the
-# registry's equivalent of specifying --insecure on the command line
-# using glanceclient for the API.
-#
-# Possible values:
-#     * True
-#     * False
-#
-# Related options:
-#     * registry_client_protocol
-#     * registry_client_ca_file
-#
-#  (boolean value)
-# This option is deprecated for removal since Queens.
-# Its value may be silently ignored in the future.
-# Reason:
-# Glance registry service is deprecated for removal.
-#
-# More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
-#registry_client_insecure = false
-
-# DEPRECATED:
-# Timeout value for registry requests.
-#
-# Provide an integer value representing the period of time in seconds
-# that the API server will wait for a registry request to complete.
-# The default value is 600 seconds.
-#
-# A value of 0 implies that a request will never timeout.
-#
-# Possible values:
-#     * Zero
-#     * Positive integer
-#
-# Related options:
-#     * None
-#
-#  (integer value)
-# Minimum value: 0
-# This option is deprecated for removal since Queens.
-# Its value may be silently ignored in the future.
-# Reason:
-# Glance registry service is deprecated for removal.
-#
-# More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
-#registry_client_timeout = 600
-
-# DEPRECATED: Whether to pass through the user token when making requests to the
-# registry. To prevent failures with token expiration during big files upload,
-# it is recommended to set this parameter to False.If "use_user_token" is not in
-# effect, then admin credentials can be specified. (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
-#use_user_token = true
-
-# DEPRECATED: The administrators user name. If "use_user_token" is not in
-# effect, then admin credentials can be specified. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
-#admin_user = <None>
-
-# DEPRECATED: The administrators password. If "use_user_token" is not in effect,
-# then admin credentials can be specified. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
-#admin_password = <None>
-
-# DEPRECATED: The tenant name of the administrative user. If "use_user_token" is
-# not in effect, then admin tenant name can be specified. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
-#admin_tenant_name = <None>
-
-# DEPRECATED: The URL to the keystone service. If "use_user_token" is not in
-# effect and using keystone auth, then URL of keystone can be specified. (string
-# value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
-#auth_url = <None>
-
-# DEPRECATED: The strategy to use for authentication. If "use_user_token" is not
-# in effect, then auth strategy can be specified. (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
-#auth_strategy = noauth
-
-# DEPRECATED: The region for the authentication service. If "use_user_token" is
-# not in effect and using keystone auth, then region name can be specified.
-# (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: This option was considered harmful and has been deprecated in M
-# release. It will be removed in O release. For more information read OSSN-0060.
-# Related functionality with uploading big images has been implemented with
-# Keystone trusts support.
-#auth_region = <None>
-
-# DEPRECATED:
-# Address the registry server is hosted on.
-#
-# Possible values:
-#     * A valid IP or hostname
-#
-# Related options:
-#     * None
-#
-#  (unknown value)
-# This option is deprecated for removal since Queens.
-# Its value may be silently ignored in the future.
-# Reason:
-# Glance registry service is deprecated for removal.
-#
-# More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
-#registry_host = 0.0.0.0
-
-# DEPRECATED:
-# Port the registry server is listening on.
-#
-# Possible values:
-#     * A valid port number
-#
-# Related options:
-#     * None
-#
-#  (port value)
-# Minimum value: 0
-# Maximum value: 65535
-# This option is deprecated for removal since Queens.
-# Its value may be silently ignored in the future.
-# Reason:
-# Glance registry service is deprecated for removal.
-#
-# More information can be found from the spec:
-# http://specs.openstack.org/openstack/glance-specs/specs/queens/approved/glance
-# /deprecate-registry.html
-#registry_port = 9191
-
 #
 # From oslo.log
 #
@@ -1298,7 +956,19 @@
 #     * stores
 #
 #  (string value)
-# Allowed values: file, filesystem, http, https, swift, swift+http, swift+https, swift+config, rbd, sheepdog, cinder, vsphere
+# Possible values:
+# file - <No description provided>
+# filesystem - <No description provided>
+# http - <No description provided>
+# https - <No description provided>
+# swift - <No description provided>
+# swift+http - <No description provided>
+# swift+https - <No description provided>
+# swift+config - <No description provided>
+# rbd - <No description provided>
+# sheepdog - <No description provided>
+# cinder - <No description provided>
+# vsphere - <No description provided>
 #default_store = file
 
 #
@@ -2036,7 +1706,10 @@
 #     * swift_store_endpoint
 #
 #  (string value)
-# Allowed values: publicURL, adminURL, internalURL
+# Possible values:
+# publicURL - <No description provided>
+# adminURL - <No description provided>
+# internalURL - <No description provided>
 #swift_store_endpoint_type = publicURL
 
 #
@@ -2335,6 +2008,32 @@
 #  (boolean value)
 #swift_store_use_trusts = true
 
+#
+# Buffer image segments before upload to Swift.
+#
+# Provide a boolean value to indicate whether or not Glance should
+# buffer image data to disk while uploading to swift. This enables
+# Glance to resume uploads on error.
+#
+# NOTES:
+# When enabling this option, one should take great care as this
+# increases disk usage on the API node. Be aware that depending
+# upon how the file system is configured, the disk space used
+# for buffering may decrease the actual disk space available for
+# the glance image cache.  Disk utilization will cap according to
+# the following equation:
+# (``swift_store_large_object_chunk_size`` * ``workers`` * 1000)
+#
+# Possible values:
+#     * True
+#     * False
+#
+# Related options:
+#     * swift_upload_buffer_dir
+#
+#  (boolean value)
+#swift_buffer_on_upload = false
+
 #
 # Reference to default Swift account/backing store parameters.
 #
@@ -2413,6 +2112,31 @@
 #  (string value)
 #swift_store_config_file = <None>
 
+#
+# Directory to buffer image segments before upload to Swift.
+#
+# Provide a string value representing the absolute path to the
+# directory on the glance node where image segments will be
+# buffered briefly before they are uploaded to swift.
+#
+# NOTES:
+# * This is required only when the configuration option
+#   ``swift_buffer_on_upload`` is set to True.
+# * This directory should be provisioned keeping in mind the
+#   ``swift_store_large_object_chunk_size`` and the maximum
+#   number of images that could be uploaded simultaneously by
+#   a given glance node.
+#
+# Possible values:
+#     * String value representing an absolute directory path
+#
+# Related options:
+#     * swift_buffer_on_upload
+#     * swift_store_large_object_chunk_size
+#
+#  (string value)
+#swift_upload_buffer_dir = <None>
+
 #
 # Address of the ESX/ESXi or vCenter Server target system.
 #
@@ -2614,6 +2338,14 @@
 # From oslo.policy
 #
 
+# This option controls whether or not to enforce scope when evaluating policies.
+# If ``True``, the scope of the token used in the request is compared to the
+# ``scope_types`` of the policy being enforced. If the scopes do not match, an
+# ``InvalidScope`` exception will be raised. If ``False``, a message will be
+# logged informing operators that policies are being invoked with mismatching
+# scope. (boolean value)
+#enforce_scope = false
+
 # The file that defines policies. (string value)
 #policy_file = policy.json
 
@@ -2629,7 +2361,9 @@
 
 # Content Type to send and receive data for REST based policy check (string
 # value)
-# Allowed values: application/x-www-form-urlencoded, application/json
+# Possible values:
+# application/x-www-form-urlencoded - <No description provided>
+# application/json - <No description provided>
 #remote_content_type = application/x-www-form-urlencoded
 
 # server identity verification for REST based policy check (boolean value)