Update sample configs post deprecation removals

Change-Id: Ib3deb9361887caeea606db4955cd9d35d263de0a
This commit is contained in:
Erno Kuvaja 2020-06-30 17:49:10 +01:00
parent 3068096199
commit 96507d3eaf
3 changed files with 24 additions and 998 deletions

View File

@ -236,49 +236,6 @@
# (integer value)
#image_location_quota = 10
# DEPRECATED:
# Python module path of data access API.
#
# Specifies the path to the API to use for accessing the data model.
# This option determines how the image catalog data will be accessed.
#
# Possible values:
# * glance.db.sqlalchemy.api
# * glance.db.registry.api
# * glance.db.simple.api
#
# If this option is set to ``glance.db.sqlalchemy.api`` then the image
# catalog data is stored in and read from the database via the
# SQLAlchemy Core and ORM APIs.
#
# Setting this option to ``glance.db.registry.api`` will force all
# database access requests to be routed through the Registry service.
# This avoids data access from the Glance API nodes for an added layer
# of security, scalability and manageability.
#
# NOTE: In v2 OpenStack Images API, the registry service is optional.
# In order to use the Registry API in v2, the option
# ``enable_v2_registry`` must be set to ``True``.
#
# Finally, when this configuration option is set to
# ``glance.db.simple.api``, image catalog data is stored in and read
# from an in-memory data structure. This is primarily used for testing.
#
# Related options:
# * enable_v2_api
# * enable_v2_registry
#
# (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#data_api = glance.db.sqlalchemy.api
#
# The default number of results to return for a request.
#
@ -455,67 +412,6 @@
# (string value)
#user_storage_quota = 0
#
# Deploy the v2 OpenStack Images API.
#
# When this option is set to ``True``, Glance service will respond
# to requests on registered endpoints conforming to the v2 OpenStack
# Images API.
#
# NOTES:
# * If this option is disabled, then the ``enable_v2_registry``
# option, which is enabled by default, is also recommended
# to be disabled.
#
# Possible values:
# * True
# * False
#
# Related options:
# * enable_v2_registry
#
# (boolean value)
#enable_v2_api = true
#
# DEPRECATED FOR REMOVAL
# (boolean value)
#enable_v1_registry = true
# DEPRECATED:
# Deploy the v2 API Registry service.
#
# When this option is set to ``True``, the Registry service
# will be enabled in Glance for v2 API requests.
#
# NOTES:
# * Use of Registry is optional in v2 API, so this option
# must only be enabled if both ``enable_v2_api`` is set to
# ``True`` and the ``data_api`` option is set to
# ``glance.db.registry.api``.
#
# * If deploying only the v1 OpenStack Images API, this option,
# which is enabled by default, should be disabled.
#
# Possible values:
# * True
# * False
#
# Related options:
# * enable_v2_api
# * data_api
#
# (boolean value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#enable_v2_registry = true
#
# Host address of the pydev server.
#
@ -720,27 +616,6 @@
# policies - <No description provided>
#property_protection_rule_format = roles
#
# List of allowed exception modules to handle RPC exceptions.
#
# Provide a comma separated list of modules whose exceptions are
# permitted to be recreated upon receiving exception data via an RPC
# call made to Glance. The default list includes
# ``glance.common.exception``, ``builtins``, and ``exceptions``.
#
# The RPC protocol permits interaction with Glance via calls across a
# network or within the same system. Including a list of exception
# namespaces with this option enables RPC to propagate the exceptions
# back to the users.
#
# Possible values:
# * A comma separated list of valid exception modules
#
# Related options:
# * None
# (list value)
#allowed_rpc_exception_modules = glance.common.exception,builtins,exceptions
#
# IP address to bind the glance servers to.
#
@ -1118,355 +993,6 @@
# (list value)
#disabled_notifications =
# DEPRECATED:
# Address the registry server is hosted on.
#
# Possible values:
# * A valid IP or hostname
#
# Related options:
# * None
#
# (host address value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#registry_host = 0.0.0.0
# DEPRECATED:
# Port the registry server is listening on.
#
# Possible values:
# * A valid port number
#
# Related options:
# * None
#
# (port value)
# Minimum value: 0
# Maximum value: 65535
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#registry_port = 9191
# DEPRECATED: Whether to pass through the user token when making requests to the
# registry. To prevent failures with token expiration during big files upload,
# it is recommended to set this parameter to False.If "use_user_token" is not in
# effect, then admin credentials can be specified. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#use_user_token = true
# DEPRECATED: The administrators user name. If "use_user_token" is not in
# effect, then admin credentials can be specified. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#admin_user = <None>
# DEPRECATED: The administrators password. If "use_user_token" is not in effect,
# then admin credentials can be specified. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#admin_password = <None>
# DEPRECATED: The tenant name of the administrative user. If "use_user_token" is
# not in effect, then admin tenant name can be specified. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#admin_tenant_name = <None>
# DEPRECATED: The URL to the keystone service. If "use_user_token" is not in
# effect and using keystone auth, then URL of keystone can be specified. (string
# value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#auth_url = <None>
# DEPRECATED: The strategy to use for authentication. If "use_user_token" is not
# in effect, then auth strategy can be specified. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#auth_strategy = noauth
# DEPRECATED: The region for the authentication service. If "use_user_token" is
# not in effect and using keystone auth, then region name can be specified.
# (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#auth_region = <None>
# DEPRECATED:
# Protocol to use for communication with the registry server.
#
# Provide a string value representing the protocol to use for
# communication with the registry server. By default, this option is
# set to ``http`` and the connection is not secure.
#
# This option can be set to ``https`` to establish a secure connection
# to the registry server. In this case, provide a key to use for the
# SSL connection using the ``registry_client_key_file`` option. Also
# include the CA file and cert file using the options
# ``registry_client_ca_file`` and ``registry_client_cert_file``
# respectively.
#
# Possible values:
# * http
# * https
#
# Related options:
# * registry_client_key_file
# * registry_client_cert_file
# * registry_client_ca_file
#
# (string value)
# Possible values:
# http - <No description provided>
# https - <No description provided>
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#registry_client_protocol = http
# DEPRECATED:
# Absolute path to the private key file.
#
# Provide a string value representing a valid absolute path to the
# private key file to use for establishing a secure connection to
# the registry server.
#
# NOTE: This option must be set if ``registry_client_protocol`` is
# set to ``https``. Alternatively, the GLANCE_CLIENT_KEY_FILE
# environment variable may be set to a filepath of the key file.
#
# Possible values:
# * String value representing a valid absolute path to the key
# file.
#
# Related options:
# * registry_client_protocol
#
# (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#registry_client_key_file = /etc/ssl/key/key-file.pem
# DEPRECATED:
# Absolute path to the certificate file.
#
# Provide a string value representing a valid absolute path to the
# certificate file to use for establishing a secure connection to
# the registry server.
#
# NOTE: This option must be set if ``registry_client_protocol`` is
# set to ``https``. Alternatively, the GLANCE_CLIENT_CERT_FILE
# environment variable may be set to a filepath of the certificate
# file.
#
# Possible values:
# * String value representing a valid absolute path to the
# certificate file.
#
# Related options:
# * registry_client_protocol
#
# (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#registry_client_cert_file = /etc/ssl/certs/file.crt
# DEPRECATED:
# Absolute path to the Certificate Authority file.
#
# Provide a string value representing a valid absolute path to the
# certificate authority file to use for establishing a secure
# connection to the registry server.
#
# NOTE: This option must be set if ``registry_client_protocol`` is
# set to ``https``. Alternatively, the GLANCE_CLIENT_CA_FILE
# environment variable may be set to a filepath of the CA file.
# This option is ignored if the ``registry_client_insecure`` option
# is set to ``True``.
#
# Possible values:
# * String value representing a valid absolute path to the CA
# file.
#
# Related options:
# * registry_client_protocol
# * registry_client_insecure
#
# (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#registry_client_ca_file = /etc/ssl/cafile/file.ca
# DEPRECATED:
# Set verification of the registry server certificate.
#
# Provide a boolean value to determine whether or not to validate
# SSL connections to the registry server. By default, this option
# is set to ``False`` and the SSL connections are validated.
#
# If set to ``True``, the connection to the registry server is not
# validated via a certifying authority and the
# ``registry_client_ca_file`` option is ignored. This is the
# registry's equivalent of specifying --insecure on the command line
# using glanceclient for the API.
#
# Possible values:
# * True
# * False
#
# Related options:
# * registry_client_protocol
# * registry_client_ca_file
#
# (boolean value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#registry_client_insecure = false
# DEPRECATED:
# Timeout value for registry requests.
#
# Provide an integer value representing the period of time in seconds
# that the API server will wait for a registry request to complete.
# The default value is 600 seconds.
#
# A value of 0 implies that a request will never timeout.
#
# Possible values:
# * Zero
# * Positive integer
#
# Related options:
# * None
#
# (integer value)
# Minimum value: 0
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#registry_client_timeout = 600
#
# Send headers received from identity when making requests to
# registry.
#
# Typically, Glance registry can be deployed in multiple flavors,
# which may or may not include authentication. For example,
# ``trusted-auth`` is a flavor that does not require the registry
# service to authenticate the requests it receives. However, the
# registry service may still need a user context to be populated to
# serve the requests. This can be achieved by the caller
# (the Glance API usually) passing through the headers it received
# from authenticating with identity for the same request. The typical
# headers sent are ``X-User-Id``, ``X-Tenant-Id``, ``X-Roles``,
# ``X-Identity-Status`` and ``X-Service-Catalog``.
#
# Provide a boolean value to determine whether to send the identity
# headers to provide tenant and user information along with the
# requests to registry service. By default, this option is set to
# ``False``, which means that user and tenant information is not
# available readily. It must be obtained by authenticating. Hence, if
# this is set to ``False``, ``flavor`` must be set to value that
# either includes authentication or authenticated user context.
#
# Possible values:
# * True
# * False
#
# Related options:
# * flavor
#
# (boolean value)
#send_identity_headers = false
#
# The amount of time, in seconds, to delay image scrubbing.
#
@ -5639,6 +5165,14 @@
# scope. (boolean value)
#enforce_scope = false
# This option controls whether or not to use old deprecated defaults when
# evaluating policies. If ``True``, the old deprecated defaults are not going to
# be evaluated. This means if any existing token is allowed for old defaults but
# is disallowed for new defaults, it will be disallowed. It is encouraged to
# enable this flag along with the ``enforce_scope`` flag so that you can get the
# benefits of new defaults and ``scope_type`` together (boolean value)
#enforce_new_defaults = false
# The relative or absolute path of a file that maps roles to permissions for a
# given service. Relative paths must be specified in relation to the
# configuration file setting this option. (string value)

View File

@ -117,49 +117,6 @@
# (integer value)
#image_location_quota = 10
# DEPRECATED:
# Python module path of data access API.
#
# Specifies the path to the API to use for accessing the data model.
# This option determines how the image catalog data will be accessed.
#
# Possible values:
# * glance.db.sqlalchemy.api
# * glance.db.registry.api
# * glance.db.simple.api
#
# If this option is set to ``glance.db.sqlalchemy.api`` then the image
# catalog data is stored in and read from the database via the
# SQLAlchemy Core and ORM APIs.
#
# Setting this option to ``glance.db.registry.api`` will force all
# database access requests to be routed through the Registry service.
# This avoids data access from the Glance API nodes for an added layer
# of security, scalability and manageability.
#
# NOTE: In v2 OpenStack Images API, the registry service is optional.
# In order to use the Registry API in v2, the option
# ``enable_v2_registry`` must be set to ``True``.
#
# Finally, when this configuration option is set to
# ``glance.db.simple.api``, image catalog data is stored in and read
# from an in-memory data structure. This is primarily used for testing.
#
# Related options:
# * enable_v2_api
# * enable_v2_registry
#
# (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#data_api = glance.db.sqlalchemy.api
#
# The default number of results to return for a request.
#
@ -336,67 +293,6 @@
# (string value)
#user_storage_quota = 0
#
# Deploy the v2 OpenStack Images API.
#
# When this option is set to ``True``, Glance service will respond
# to requests on registered endpoints conforming to the v2 OpenStack
# Images API.
#
# NOTES:
# * If this option is disabled, then the ``enable_v2_registry``
# option, which is enabled by default, is also recommended
# to be disabled.
#
# Possible values:
# * True
# * False
#
# Related options:
# * enable_v2_registry
#
# (boolean value)
#enable_v2_api = true
#
# DEPRECATED FOR REMOVAL
# (boolean value)
#enable_v1_registry = true
# DEPRECATED:
# Deploy the v2 API Registry service.
#
# When this option is set to ``True``, the Registry service
# will be enabled in Glance for v2 API requests.
#
# NOTES:
# * Use of Registry is optional in v2 API, so this option
# must only be enabled if both ``enable_v2_api`` is set to
# ``True`` and the ``data_api`` option is set to
# ``glance.db.registry.api``.
#
# * If deploying only the v1 OpenStack Images API, this option,
# which is enabled by default, should be disabled.
#
# Possible values:
# * True
# * False
#
# Related options:
# * enable_v2_api
# * data_api
#
# (boolean value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#enable_v2_registry = true
#
# Host address of the pydev server.
#
@ -656,322 +552,6 @@
# (string value)
#image_cache_dir = <None>
# DEPRECATED:
# Address the registry server is hosted on.
#
# Possible values:
# * A valid IP or hostname
#
# Related options:
# * None
#
# (host address value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#registry_host = 0.0.0.0
# DEPRECATED:
# Port the registry server is listening on.
#
# Possible values:
# * A valid port number
#
# Related options:
# * None
#
# (port value)
# Minimum value: 0
# Maximum value: 65535
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#registry_port = 9191
# DEPRECATED:
# Protocol to use for communication with the registry server.
#
# Provide a string value representing the protocol to use for
# communication with the registry server. By default, this option is
# set to ``http`` and the connection is not secure.
#
# This option can be set to ``https`` to establish a secure connection
# to the registry server. In this case, provide a key to use for the
# SSL connection using the ``registry_client_key_file`` option. Also
# include the CA file and cert file using the options
# ``registry_client_ca_file`` and ``registry_client_cert_file``
# respectively.
#
# Possible values:
# * http
# * https
#
# Related options:
# * registry_client_key_file
# * registry_client_cert_file
# * registry_client_ca_file
#
# (string value)
# Possible values:
# http - <No description provided>
# https - <No description provided>
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#registry_client_protocol = http
# DEPRECATED:
# Absolute path to the private key file.
#
# Provide a string value representing a valid absolute path to the
# private key file to use for establishing a secure connection to
# the registry server.
#
# NOTE: This option must be set if ``registry_client_protocol`` is
# set to ``https``. Alternatively, the GLANCE_CLIENT_KEY_FILE
# environment variable may be set to a filepath of the key file.
#
# Possible values:
# * String value representing a valid absolute path to the key
# file.
#
# Related options:
# * registry_client_protocol
#
# (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#registry_client_key_file = /etc/ssl/key/key-file.pem
# DEPRECATED:
# Absolute path to the certificate file.
#
# Provide a string value representing a valid absolute path to the
# certificate file to use for establishing a secure connection to
# the registry server.
#
# NOTE: This option must be set if ``registry_client_protocol`` is
# set to ``https``. Alternatively, the GLANCE_CLIENT_CERT_FILE
# environment variable may be set to a filepath of the certificate
# file.
#
# Possible values:
# * String value representing a valid absolute path to the
# certificate file.
#
# Related options:
# * registry_client_protocol
#
# (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#registry_client_cert_file = /etc/ssl/certs/file.crt
# DEPRECATED:
# Absolute path to the Certificate Authority file.
#
# Provide a string value representing a valid absolute path to the
# certificate authority file to use for establishing a secure
# connection to the registry server.
#
# NOTE: This option must be set if ``registry_client_protocol`` is
# set to ``https``. Alternatively, the GLANCE_CLIENT_CA_FILE
# environment variable may be set to a filepath of the CA file.
# This option is ignored if the ``registry_client_insecure`` option
# is set to ``True``.
#
# Possible values:
# * String value representing a valid absolute path to the CA
# file.
#
# Related options:
# * registry_client_protocol
# * registry_client_insecure
#
# (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#registry_client_ca_file = /etc/ssl/cafile/file.ca
# DEPRECATED:
# Set verification of the registry server certificate.
#
# Provide a boolean value to determine whether or not to validate
# SSL connections to the registry server. By default, this option
# is set to ``False`` and the SSL connections are validated.
#
# If set to ``True``, the connection to the registry server is not
# validated via a certifying authority and the
# ``registry_client_ca_file`` option is ignored. This is the
# registry's equivalent of specifying --insecure on the command line
# using glanceclient for the API.
#
# Possible values:
# * True
# * False
#
# Related options:
# * registry_client_protocol
# * registry_client_ca_file
#
# (boolean value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#registry_client_insecure = false
# DEPRECATED:
# Timeout value for registry requests.
#
# Provide an integer value representing the period of time in seconds
# that the API server will wait for a registry request to complete.
# The default value is 600 seconds.
#
# A value of 0 implies that a request will never timeout.
#
# Possible values:
# * Zero
# * Positive integer
#
# Related options:
# * None
#
# (integer value)
# Minimum value: 0
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#registry_client_timeout = 600
# DEPRECATED: Whether to pass through the user token when making requests to the
# registry. To prevent failures with token expiration during big files upload,
# it is recommended to set this parameter to False.If "use_user_token" is not in
# effect, then admin credentials can be specified. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#use_user_token = true
# DEPRECATED: The administrators user name. If "use_user_token" is not in
# effect, then admin credentials can be specified. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#admin_user = <None>
# DEPRECATED: The administrators password. If "use_user_token" is not in effect,
# then admin credentials can be specified. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#admin_password = <None>
# DEPRECATED: The tenant name of the administrative user. If "use_user_token" is
# not in effect, then admin tenant name can be specified. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#admin_tenant_name = <None>
# DEPRECATED: The URL to the keystone service. If "use_user_token" is not in
# effect and using keystone auth, then URL of keystone can be specified. (string
# value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#auth_url = <None>
# DEPRECATED: The strategy to use for authentication. If "use_user_token" is not
# in effect, then auth strategy can be specified. (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#auth_strategy = noauth
# DEPRECATED: The region for the authentication service. If "use_user_token" is
# not in effect and using keystone auth, then region name can be specified.
# (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: This option was considered harmful and has been deprecated in M
# release. It will be removed in O release. For more information read OSSN-0060.
# Related functionality with uploading big images has been implemented with
# Keystone trusts support.
#auth_region = <None>
#
# From oslo.log
#
@ -2716,6 +2296,14 @@
# scope. (boolean value)
#enforce_scope = false
# This option controls whether or not to use old deprecated defaults when
# evaluating policies. If ``True``, the old deprecated defaults are not going to
# be evaluated. This means if any existing token is allowed for old defaults but
# is disallowed for new defaults, it will be disallowed. It is encouraged to
# enable this flag along with the ``enforce_scope`` flag so that you can get the
# benefits of new defaults and ``scope_type`` together (boolean value)
#enforce_new_defaults = false
# The relative or absolute path of a file that maps roles to permissions for a
# given service. Relative paths must be specified in relation to the
# configuration file setting this option. (string value)

View File

@ -117,49 +117,6 @@
# (integer value)
#image_location_quota = 10
# DEPRECATED:
# Python module path of data access API.
#
# Specifies the path to the API to use for accessing the data model.
# This option determines how the image catalog data will be accessed.
#
# Possible values:
# * glance.db.sqlalchemy.api
# * glance.db.registry.api
# * glance.db.simple.api
#
# If this option is set to ``glance.db.sqlalchemy.api`` then the image
# catalog data is stored in and read from the database via the
# SQLAlchemy Core and ORM APIs.
#
# Setting this option to ``glance.db.registry.api`` will force all
# database access requests to be routed through the Registry service.
# This avoids data access from the Glance API nodes for an added layer
# of security, scalability and manageability.
#
# NOTE: In v2 OpenStack Images API, the registry service is optional.
# In order to use the Registry API in v2, the option
# ``enable_v2_registry`` must be set to ``True``.
#
# Finally, when this configuration option is set to
# ``glance.db.simple.api``, image catalog data is stored in and read
# from an in-memory data structure. This is primarily used for testing.
#
# Related options:
# * enable_v2_api
# * enable_v2_registry
#
# (string value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#data_api = glance.db.sqlalchemy.api
#
# The default number of results to return for a request.
#
@ -336,67 +293,6 @@
# (string value)
#user_storage_quota = 0
#
# Deploy the v2 OpenStack Images API.
#
# When this option is set to ``True``, Glance service will respond
# to requests on registered endpoints conforming to the v2 OpenStack
# Images API.
#
# NOTES:
# * If this option is disabled, then the ``enable_v2_registry``
# option, which is enabled by default, is also recommended
# to be disabled.
#
# Possible values:
# * True
# * False
#
# Related options:
# * enable_v2_registry
#
# (boolean value)
#enable_v2_api = true
#
# DEPRECATED FOR REMOVAL
# (boolean value)
#enable_v1_registry = true
# DEPRECATED:
# Deploy the v2 API Registry service.
#
# When this option is set to ``True``, the Registry service
# will be enabled in Glance for v2 API requests.
#
# NOTES:
# * Use of Registry is optional in v2 API, so this option
# must only be enabled if both ``enable_v2_api`` is set to
# ``True`` and the ``data_api`` option is set to
# ``glance.db.registry.api``.
#
# * If deploying only the v1 OpenStack Images API, this option,
# which is enabled by default, should be disabled.
#
# Possible values:
# * True
# * False
#
# Related options:
# * enable_v2_api
# * data_api
#
# (boolean value)
# This option is deprecated for removal since Queens.
# Its value may be silently ignored in the future.
# Reason:
# Glance registry service is deprecated for removal.
#
# More information can be found from the spec:
# http://specs.openstack.org/openstack/glance-
# specs/specs/queens/approved/glance/deprecate-registry.html
#enable_v2_registry = true
#
# Host address of the pydev server.
#
@ -2525,6 +2421,14 @@
# scope. (boolean value)
#enforce_scope = false
# This option controls whether or not to use old deprecated defaults when
# evaluating policies. If ``True``, the old deprecated defaults are not going to
# be evaluated. This means if any existing token is allowed for old defaults but
# is disallowed for new defaults, it will be disallowed. It is encouraged to
# enable this flag along with the ``enforce_scope`` flag so that you can get the
# benefits of new defaults and ``scope_type`` together (boolean value)
#enforce_new_defaults = false
# The relative or absolute path of a file that maps roles to permissions for a
# given service. Relative paths must be specified in relation to the
# configuration file setting this option. (string value)