[DEFAULT] # # From glance.api # # # Set the image owner to tenant or the authenticated user. # # Assign a boolean value to determine the owner of an image. When set # to # True, the owner of the image is the tenant. When set to False, the # owner of the image will be the authenticated user issuing the # request. # Setting it to False makes the image private to the associated user # and # sharing with other users within the same tenant (or "project") # requires explicit image sharing via image membership. # # Services which consume this: # * glance-api # * glare-api # * glance-registry # # Possible values: # * True # * False # # Related options: # * None # # (boolean value) #owner_is_tenant = true # # Role used to identify an authenticated user as administrator. # # Provide a string value representing a Keystone role to identify an # administrative user. Users with this role will be granted # administrative privileges. The default value for this option is # 'admin'. # # Services which consume this: # * glance-api # * glare-api # * glance-registry # * glance-scrubber # # Possible values: # * A string value which is a valid Keystone role # # Related options: # * None # # (string value) #admin_role = admin # # Allow limited access to unauthenticated users. # # Assign a boolean to determine API access for unathenticated # users. When set to False, the API cannot be accessed by # unauthenticated users. When set to True, unauthenticated users can # access the API with read-only privileges. This however only applies # when using ContextMiddleware. # # Services which consumes this: # * glance-api # * glare-api # * glance-registry # # Possible values: # * True # * False # # Related options: # * None # # (boolean value) #allow_anonymous_access = false # # Limit the request ID length. # # Provide an integer value to limit the length of the request ID to # the specified length. The default value is 64. Users can change this # to any ineteger value between 0 and 16384 however keeping in mind # that # a larger value may flood the logs. # # Services which consumes this: # * glance-api # * glare-api # * glance-registry # # Possible values: # * Integer value between 0 and 16384 # # Related options: # * None # # (integer value) # Minimum value: 0 #max_request_id_length = 64 # # Public url endpoint to use for Glance/Glare versions response. # # This is the public url endpoint that will appear in the Glance/Glare # "versions" response. If no value is specified, the endpoint that is # displayed in the version's response is that of the host running the # API service. Change the endpoint to represent the proxy URL if the # API service is running behind a proxy. If the service is running # behind a load balancer, add the load balancer's URL for this value. # # Services which consume this: # * glance-api/glare-api # # Possible values: # * None # * Proxy URL # * Load balancer URL # # Related options: # * None # # (string value) #public_endpoint = # Whether to allow users to specify image properties beyond what the # image schema provides (boolean value) #allow_additional_image_properties = true # Maximum number of image members per image. Negative values evaluate # to unlimited. (integer value) #image_member_quota = 128 # Maximum number of properties allowed on an image. Negative values # evaluate to unlimited. (integer value) #image_property_quota = 128 # Maximum number of tags allowed on an image. Negative values evaluate # to unlimited. (integer value) #image_tag_quota = 128 # Maximum number of locations allowed on an image. Negative values # evaluate to unlimited. (integer value) #image_location_quota = 10 # Python module path of data access API (string value) #data_api = glance.db.sqlalchemy.api # Default value for the number of items returned by a request if not # specified explicitly in the request (integer value) #limit_param_default = 25 # Maximum permissible number of items that could be returned by a # request (integer value) #api_limit_max = 1000 # Whether to include the backend image storage location in image # properties. Revealing storage location can be a security risk, so # use this setting with caution! (boolean value) #show_image_direct_url = false # Whether to include the backend image locations in image properties. # For example, if using the file system store a URL of # "file:///path/to/image" will be returned to the user in the # 'direct_url' meta-data field. Revealing storage location can be a # security risk, so use this setting with caution! Setting this to # true overrides the show_image_direct_url option. (boolean value) #show_multiple_locations = false # Maximum size of image a user can upload in bytes. Defaults to # 1099511627776 bytes (1 TB).WARNING: this value should only be # increased after careful consideration and must be set to a value # under 8 EB (9223372036854775808). (integer value) # Maximum value: 9223372036854775808 #image_size_cap = 1099511627776 # Set a system wide quota for every user. This value is the total # capacity that a user can use across all storage systems. A value of # 0 means unlimited.Optional unit can be specified for the value. # Accepted units are B, KB, MB, GB and TB representing Bytes, # KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no # unit is specified then Bytes is assumed. Note that there should not # be any space between value and unit and units are case sensitive. # (string value) #user_storage_quota = 0 # Deploy the v1 OpenStack Images API. (boolean value) #enable_v1_api = true # Deploy the v2 OpenStack Images API. (boolean value) #enable_v2_api = true # Deploy the v1 OpenStack Registry API. (boolean value) #enable_v1_registry = true # Deploy the v2 OpenStack Registry API. (boolean value) #enable_v2_registry = true # The hostname/IP of the pydev process listening for debug connections # (string value) #pydev_worker_debug_host = # The port on which a pydev process is listening for connections. # (port value) # Minimum value: 0 # Maximum value: 65535 #pydev_worker_debug_port = 5678 # AES key for encrypting store 'location' metadata. This includes, if # used, Swift or S3 credentials. Should be set to a random string of # length 16, 24 or 32 bytes (string value) #metadata_encryption_key = # Digest algorithm which will be used for digital signature. Use the # command "openssl list-message-digest-algorithms" to get the # available algorithms supported by the version of OpenSSL on the # platform. Examples are "sha1", "sha256", "sha512", etc. (string # value) #digest_algorithm = sha256 # This value sets what strategy will be used to determine the image # location order. Currently two strategies are packaged with Glance # 'location_order' and 'store_type'. (string value) # Allowed values: location_order, store_type #location_strategy = location_order # The location of the property protection file.This file contains the # rules for property protections and the roles/policies associated # with it. If this config value is not specified, by default, property # protections won't be enforced. If a value is specified and the file # is not found, then the glance-api service will not start. (string # value) #property_protection_file = # This config value indicates whether "roles" or "policies" are used # in the property protection file. (string value) # Allowed values: roles, policies #property_protection_rule_format = roles # Modules of exceptions that are permitted to be recreated upon # receiving exception data from an rpc call. (list value) #allowed_rpc_exception_modules = glance.common.exception,builtins,exceptions # Address to bind the server. Useful when selecting a particular # network interface. (string value) #bind_host = 0.0.0.0 # The port on which the server will listen. (port value) # Minimum value: 0 # Maximum value: 65535 #bind_port = # The number of child process workers that will be created to service # requests. The default will be equal to the number of CPUs available. # (integer value) #workers = # Maximum line size of message headers to be accepted. max_header_line # may need to be increased when using large tokens (typically those # generated by the Keystone v3 API with big service catalogs (integer # value) #max_header_line = 16384 # If False, server will return the header "Connection: close", If # True, server will return "Connection: Keep-Alive" in its responses. # In order to close the client socket connection explicitly after the # response is sent and read successfully by the client, you simply # have to set this option to False when you create a wsgi server. # (boolean value) #http_keepalive = true # Timeout for client connections' socket operations. If an incoming # connection is idle for this number of seconds it will be closed. A # value of '0' means wait forever. (integer value) #client_socket_timeout = 900 # The backlog value that will be used when creating the TCP listener # socket. (integer value) #backlog = 4096 # The value for the socket option TCP_KEEPIDLE. This is the time in # seconds that the connection must be idle before TCP starts sending # keepalive probes. (integer value) #tcp_keepidle = 600 # CA certificate file to use to verify connecting clients. (string # value) #ca_file = # Certificate file to use when starting API server securely. (string # value) #cert_file = # Private key file to use when starting API server securely. (string # value) #key_file = # DEPRECATED: The HTTP header used to determine the scheme for the # original request, even if it was removed by an SSL terminating # proxy. Typical value is "HTTP_X_FORWARDED_PROTO". (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Use the http_proxy_to_wsgi middleware instead. #secure_proxy_ssl_header = # # The relative path to sqlite file database that will be used for # image cache # management. # # This is a relative path to the sqlite file database that tracks the # age and # usage statistics of image cache. The path is relative to image cache # base # directory, specified by the configuration option # ``image_cache_dir``. # # This is a lightweight database with just one table. # # Services which consume this: # * glance-api # # Possible values: # * A valid relative path to sqlite file database # # Related options: # * ``image_cache_dir`` # # (string value) #image_cache_sqlite_db = cache.db # # The driver to use for image cache management. # # This configuration option provides the flexibility to choose between # the # different image-cache drivers available. An image-cache driver is # responsible # for providing the essential functions of image-cache like write # images to/read # images from cache, track age and usage of cached images, provide a # list of # cached images, fetch size of the cache, queue images for caching and # clean up # the cache, etc. # # The essential functions of a driver are defined in the base class # ``glance.image_cache.drivers.base.Driver``. All image-cache drivers # (existing # and prospective) must implement this interface. Currently available # drivers # are ``sqlite`` and ``xattr``. These drivers primarily differ in the # way they # store the information about cached images: # * The ``sqlite`` driver uses a sqlite database (which sits on # every glance # node locally) to track the usage of cached images. # * The ``xattr`` driver uses the extended attributes of files to # store this # information. It also requires a filesystem that sets ``atime`` # on the files # when accessed. # # Services which consume this: # * glance-api # # Possible values: # * sqlite # * xattr # # Related options: # * None # # (string value) # Allowed values: sqlite, xattr #image_cache_driver = sqlite # # The upper limit on cache size, in bytes, after which the cache- # pruner cleans # up the image cache. # # NOTE: This is just a threshold for cache-pruner to act upon. It is # NOT a # hard limit beyond which the image cache would never grow. In fact, # depending # on how often the cache-pruner runs and how quickly the cache fills, # the image # cache can far exceed the size specified here very easily. Hence, # care must be # taken to appropriately schedule the cache-pruner and in setting this # limit. # # Glance caches an image when it is downloaded. Consequently, the size # of the # image cache grows over time as the number of downloads increases. To # keep the # cache size from becoming unmanageable, it is recommended to run the # cache-pruner as a periodic task. When the cache pruner is kicked # off, it # compares the current size of image cache and triggers a cleanup if # the image # cache grew beyond the size specified here. After the cleanup, the # size of # cache is less than or equal to size specified here. # # Services which consume this: # * None (consumed by cache-pruner, an independent periodic task) # # Possible values: # * Any non-negative integer # # Related options: # * None # # (integer value) # Minimum value: 0 #image_cache_max_size = 10737418240 # # The amount of time, in seconds, an incomplete image remains in the # cache. # # Incomplete images are images for which download is in progress. # Please see the # description of configuration option ``image_cache_dir`` for more # detail. # Sometimes, due to various reasons, it is possible the download may # hang and # the incompletely downloaded image remains in the ``incomplete`` # directory. # This configuration option sets a time limit on how long the # incomplete images # should remain in the ``incomplete`` directory before they are # cleaned up. # Once an incomplete image spends more time than is specified here, # it'll be # removed by cache-cleaner on its next run. # # It is recommended to run cache-cleaner as a periodic task on the # Glance API # nodes to keep the incomplete images from occupying disk space. # # Services which consume this: # * None (consumed by cache-cleaner, an independent periodic task) # # Possible values: # * Any non-negative integer # # Related options: # * None # # (integer value) # Minimum value: 0 #image_cache_stall_time = 86400 # # Base directory for image cache. # # This is the location where image data is cached and served out of. # All cached # images are stored directly under this directory. This directory also # contains # three subdirectories, namely, ``incomplete``, ``invalid`` and # ``queue``. # # The ``incomplete`` subdirectory is the staging area for downloading # images. An # image is first downloaded to this directory. When the image download # is # successful it is moved to the base directory. However, if the # download fails, # the partially downloaded image file is moved to the ``invalid`` # subdirectory. # # The ``queue``subdirectory is used for queuing images for download. # This is # used primarily by the cache-prefetcher, which can be scheduled as a # periodic # task like cache-pruner and cache-cleaner, to cache images ahead of # their usage. # Upon receiving the request to cache an image, Glance touches a file # in the # ``queue`` directory with the image id as the file name. The cache- # prefetcher, # when running, polls for the files in ``queue`` directory and starts # downloading them in the order they were created. When the download # is # successful, the zero-sized file is deleted from the ``queue`` # directory. # If the download fails, the zero-sized file remains and it'll be # retried the # next time cache-prefetcher runs. # # Services which consume this: # * glance-api # # Possible values: # * A valid path # # Related options: # * ``image_cache_sqlite_db`` # # (string value) #image_cache_dir = # Default publisher_id for outgoing notifications. (string value) #default_publisher_id = image.localhost # List of disabled notifications. A notification can be given either # as a notification type to disable a single event, or as a # notification group prefix to disable all events within a group. # Example: if this config option is set to ["image.create", # "metadef_namespace"], then "image.create" notification will not be # sent after image is created and none of the notifications for # metadefinition namespaces will be sent. (list value) #disabled_notifications = # Address to find the registry server. (string value) #registry_host = 0.0.0.0 # Port the registry server is listening on. (port value) # Minimum value: 0 # Maximum value: 65535 #registry_port = 9191 # DEPRECATED: Whether to pass through the user token when making # requests to the registry. To prevent failures with token expiration # during big files upload, it is recommended to set this parameter to # False.If "use_user_token" is not in effect, then admin credentials # can be specified. (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This option was considered harmful and has been deprecated # in M release. It will be removed in O release. For more information # read OSSN-0060. Related functionality with uploading big images has # been implemented with Keystone trusts support. #use_user_token = true # DEPRECATED: The administrators user name. If "use_user_token" is not # in effect, then admin credentials can be specified. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This option was considered harmful and has been deprecated # in M release. It will be removed in O release. For more information # read OSSN-0060. Related functionality with uploading big images has # been implemented with Keystone trusts support. #admin_user = # DEPRECATED: The administrators password. If "use_user_token" is not # in effect, then admin credentials can be specified. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This option was considered harmful and has been deprecated # in M release. It will be removed in O release. For more information # read OSSN-0060. Related functionality with uploading big images has # been implemented with Keystone trusts support. #admin_password = # DEPRECATED: The tenant name of the administrative user. If # "use_user_token" is not in effect, then admin tenant name can be # specified. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This option was considered harmful and has been deprecated # in M release. It will be removed in O release. For more information # read OSSN-0060. Related functionality with uploading big images has # been implemented with Keystone trusts support. #admin_tenant_name = # DEPRECATED: The URL to the keystone service. If "use_user_token" is # not in effect and using keystone auth, then URL of keystone can be # specified. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This option was considered harmful and has been deprecated # in M release. It will be removed in O release. For more information # read OSSN-0060. Related functionality with uploading big images has # been implemented with Keystone trusts support. #auth_url = # DEPRECATED: The strategy to use for authentication. If # "use_user_token" is not in effect, then auth strategy can be # specified. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This option was considered harmful and has been deprecated # in M release. It will be removed in O release. For more information # read OSSN-0060. Related functionality with uploading big images has # been implemented with Keystone trusts support. #auth_strategy = noauth # DEPRECATED: The region for the authentication service. If # "use_user_token" is not in effect and using keystone auth, then # region name can be specified. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: This option was considered harmful and has been deprecated # in M release. It will be removed in O release. For more information # read OSSN-0060. Related functionality with uploading big images has # been implemented with Keystone trusts support. #auth_region = # The protocol to use for communication with the registry server. # Either http or https. (string value) #registry_client_protocol = http # The path to the key file to use in SSL connections to the registry # server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE # environment variable to a filepath of the key file (string value) #registry_client_key_file = # The path to the cert file to use in SSL connections to the registry # server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE # environment variable to a filepath of the CA cert file (string # value) #registry_client_cert_file = # The path to the certifying authority cert file to use in SSL # connections to the registry server, if any. Alternately, you may set # the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the # CA cert file. (string value) #registry_client_ca_file = # When using SSL in connections to the registry server, do not require # validation via a certifying authority. This is the registry's # equivalent of specifying --insecure on the command line using # glanceclient for the API. (boolean value) #registry_client_insecure = false # The period of time, in seconds, that the API server will wait for a # registry request to complete. A value of 0 implies no timeout. # (integer value) #registry_client_timeout = 600 # Whether to pass through headers containing user and tenant # information when making requests to the registry. This allows the # registry to use the context middleware without keystonemiddleware's # auth_token middleware, removing calls to the keystone auth service. # It is recommended that when using this option, secure communication # between glance api and glance registry is ensured by means other # than auth_token middleware. (boolean value) #send_identity_headers = false # The amount of time in seconds to delay before performing a delete. # (integer value) #scrub_time = 0 # The size of thread pool to be used for scrubbing images. The default # is one, which signifies serial scrubbing. Any value above one # indicates the max number of images that may be scrubbed in parallel. # (integer value) #scrub_pool_size = 1 # Turn on/off delayed delete. (boolean value) #delayed_delete = false # # From oslo.log # # If set to true, the logging level will be set to DEBUG instead of # the default INFO level. (boolean value) # Note: This option can be changed without restarting. #debug = false # DEPRECATED: If set to false, the logging level will be set to # WARNING instead of the default INFO level. (boolean value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #verbose = true # The name of a logging configuration file. This file is appended to # any existing logging configuration files. For details about logging # configuration files, see the Python logging module documentation. # Note that when logging configuration files are used then all logging # configuration is set in the configuration file and other logging # configuration options are ignored (for example, # logging_context_format_string). (string value) # Note: This option can be changed without restarting. # Deprecated group/name - [DEFAULT]/log_config #log_config_append = # Defines the format string for %%(asctime)s in log records. Default: # %(default)s . This option is ignored if log_config_append is set. # (string value) #log_date_format = %Y-%m-%d %H:%M:%S # (Optional) Name of log file to send logging output to. If no default # is set, logging will go to stderr as defined by use_stderr. This # option is ignored if log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logfile #log_file = # (Optional) The base directory used for relative log_file paths. # This option is ignored if log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logdir #log_dir = # Uses logging handler designed to watch file system. When log file is # moved or removed this handler will open a new log file with # specified path instantaneously. It makes sense only if log_file # option is specified and Linux platform is used. This option is # ignored if log_config_append is set. (boolean value) #watch_log_file = false # Use syslog for logging. Existing syslog format is DEPRECATED and # will be changed later to honor RFC5424. This option is ignored if # log_config_append is set. (boolean value) #use_syslog = false # Syslog facility to receive log lines. This option is ignored if # log_config_append is set. (string value) #syslog_log_facility = LOG_USER # Log output to standard error. This option is ignored if # log_config_append is set. (boolean value) #use_stderr = true # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s # Format string to use for log messages when context is undefined. # (string value) #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s # Additional data to append to log message when logging level for the # message is DEBUG. (string value) #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d # Prefix each line of exception output with this format. (string # value) #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s # Defines the format string for %(user_identity)s that is used in # logging_context_format_string. (string value) #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s # List of package logging levels in logger=LEVEL pairs. This option is # ignored if log_config_append is set. (list value) #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO # Enables or disables publication of error events. (boolean value) #publish_errors = false # The format for an instance that is passed with the log message. # (string value) #instance_format = "[instance: %(uuid)s] " # The format for an instance UUID that is passed with the log message. # (string value) #instance_uuid_format = "[instance: %(uuid)s] " # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false # # From oslo.messaging # # Size of RPC connection pool. (integer value) # Deprecated group/name - [DEFAULT]/rpc_conn_pool_size #rpc_conn_pool_size = 30 # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve to this # address. (string value) #rpc_zmq_bind_address = * # MatchMaker driver. (string value) # Allowed values: redis, dummy #rpc_zmq_matchmaker = redis # Number of ZeroMQ contexts, defaults to 1. (integer value) #rpc_zmq_contexts = 1 # Maximum number of ingress messages to locally buffer per topic. # Default is unlimited. (integer value) #rpc_zmq_topic_backlog = # Directory for holding IPC sockets. (string value) #rpc_zmq_ipc_dir = /var/run/openstack # Name of this node. Must be a valid hostname, FQDN, or IP address. # Must match "host" option, if running Nova. (string value) #rpc_zmq_host = localhost # Seconds to wait before a cast expires (TTL). The default value of -1 # specifies an infinite linger period. The value of 0 specifies no # linger period. Pending messages shall be discarded immediately when # the socket is closed. Only supported by impl_zmq. (integer value) #rpc_cast_timeout = -1 # The default number of seconds that poll should wait. Poll raises # timeout exception when timeout expired. (integer value) #rpc_poll_timeout = 1 # Expiration timeout in seconds of a name service record about # existing target ( < 0 means no timeout). (integer value) #zmq_target_expire = 300 # Update period in seconds of a name service record about existing # target. (integer value) #zmq_target_update = 180 # Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy. # (boolean value) #use_pub_sub = true # Use ROUTER remote proxy. (boolean value) #use_router_proxy = true # Minimal port number for random ports range. (port value) # Minimum value: 0 # Maximum value: 65535 #rpc_zmq_min_port = 49153 # Maximal port number for random ports range. (integer value) # Minimum value: 1 # Maximum value: 65536 #rpc_zmq_max_port = 65536 # Number of retries to find free port number before fail with # ZMQBindError. (integer value) #rpc_zmq_bind_port_retries = 100 # Size of executor thread pool. (integer value) # Deprecated group/name - [DEFAULT]/rpc_thread_pool_size #executor_thread_pool_size = 64 # Seconds to wait for a response from a call. (integer value) #rpc_response_timeout = 60 # A URL representing the messaging driver to use and its full # configuration. (string value) #transport_url = # DEPRECATED: The messaging driver to use, defaults to rabbit. Other # drivers include amqp and zmq. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by [DEFAULT]/transport_url #rpc_backend = rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the transport_url # option. (string value) #control_exchange = openstack [cors] # # From oslo.middleware.cors # # Indicate whether this resource may be shared with the domain # received in the requests "origin" header. Format: # "://[:]", no trailing slash. Example: # https://horizon.example.com (list value) #allowed_origin = # Indicate that the actual request can include user credentials # (boolean value) #allow_credentials = true # Indicate which headers are safe to expose to the API. Defaults to # HTTP Simple Headers. (list value) #expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID # Maximum cache age of CORS preflight requests. (integer value) #max_age = 3600 # Indicate which methods can be used during the actual request. (list # value) #allow_methods = GET,PUT,POST,DELETE,PATCH # Indicate which header field names may be used during the actual # request. (list value) #allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID [cors.subdomain] # # From oslo.middleware.cors # # Indicate whether this resource may be shared with the domain # received in the requests "origin" header. Format: # "://[:]", no trailing slash. Example: # https://horizon.example.com (list value) #allowed_origin = # Indicate that the actual request can include user credentials # (boolean value) #allow_credentials = true # Indicate which headers are safe to expose to the API. Defaults to # HTTP Simple Headers. (list value) #expose_headers = X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID # Maximum cache age of CORS preflight requests. (integer value) #max_age = 3600 # Indicate which methods can be used during the actual request. (list # value) #allow_methods = GET,PUT,POST,DELETE,PATCH # Indicate which header field names may be used during the actual # request. (list value) #allow_headers = Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID [database] # # From oslo.db # # DEPRECATED: The file name to use with SQLite. (string value) # Deprecated group/name - [DEFAULT]/sqlite_db # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Should use config option connection or slave_connection to # connect the database. #sqlite_db = oslo.sqlite # If True, SQLite uses synchronous mode. (boolean value) # Deprecated group/name - [DEFAULT]/sqlite_synchronous #sqlite_synchronous = true # The back end to use for the database. (string value) # Deprecated group/name - [DEFAULT]/db_backend #backend = sqlalchemy # The SQLAlchemy connection string to use to connect to the database. # (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = # The SQLAlchemy connection string to use to connect to the slave # database. (string value) #slave_connection = # The SQL mode to be used for MySQL sessions. This option, including # the default, overrides any server-set SQL mode. To use whatever SQL # mode is set by the server configuration, set this to no value. # Example: mysql_sql_mode= (string value) #mysql_sql_mode = TRADITIONAL # Timeout before idle SQL connections are reaped. (integer value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout #idle_timeout = 3600 # Minimum number of SQL connections to keep open in a pool. (integer # value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size #min_pool_size = 1 # Maximum number of SQL connections to keep open in a pool. (integer # value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size = # Maximum number of database connection retries during startup. Set to # -1 to specify an infinite retry count. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries = 10 # Interval between retries of opening a SQL connection. (integer # value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval #retry_interval = 10 # If set, use this value for max_overflow with SQLAlchemy. (integer # value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow #max_overflow = 50 # Verbosity of SQL debugging information: 0=None, 100=Everything. # (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug #connection_debug = 0 # Add Python stack traces to SQL as comment strings. (boolean value) # Deprecated group/name - [DEFAULT]/sql_connection_trace #connection_trace = false # If set, use this value for pool_timeout with SQLAlchemy. (integer # value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout #pool_timeout = # Enable the experimental use of database reconnect on connection # lost. (boolean value) #use_db_reconnect = false # Seconds between retries of a database transaction. (integer value) #db_retry_interval = 1 # If True, increases the interval between retries of a database # operation up to db_max_retry_interval. (boolean value) #db_inc_retry_interval = true # If db_inc_retry_interval is set, the maximum seconds between retries # of a database operation. (integer value) #db_max_retry_interval = 10 # Maximum retries in case of connection error or deadlock error before # error is raised. Set to -1 to specify an infinite retry count. # (integer value) #db_max_retries = 20 # # From oslo.db.concurrency # # Enable the experimental use of thread pooling for all DB API calls # (boolean value) # Deprecated group/name - [DEFAULT]/dbapi_use_tpool #use_tpool = false [glance_store] # # From glance.store # # List of stores enabled. Valid stores are: cinder, file, http, rbd, # sheepdog, swift, s3, vsphere (list value) #stores = file,http # Default scheme to use to store image data. The scheme must be # registered by one of the stores defined by the 'stores' config # option. (string value) #default_store = file # Minimum interval seconds to execute updating dynamic storage # capabilities based on backend status then. It's not a periodic # routine, the update logic will be executed only when interval # seconds elapsed and an operation of store has triggered. The feature # will be enabled only when the option value greater then zero. # (integer value) #store_capabilities_update_min_interval = 0 # Specify the path to the CA bundle file to use in verifying the # remote server certificate. (string value) #https_ca_certificates_file = # If true, the remote server certificate is not verified. If false, # then the default CA truststore is used for verification. This option # is ignored if "https_ca_certificates_file" is set. (boolean value) #https_insecure = true # Specify the http/https proxy information that should be used to # connect to the remote server. The proxy information should be a key # value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can # specify proxies for multiple schemes by seperating the key value # pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080. # (dict value) #http_proxy_information = # If True, swiftclient won't check for a valid SSL certificate when # authenticating. (boolean value) #swift_store_auth_insecure = false # A string giving the CA certificate file to use in SSL connections # for verifying certs. (string value) #swift_store_cacert = # The region of the swift endpoint to be used for single tenant. This # setting is only necessary if the tenant has multiple swift # endpoints. (string value) #swift_store_region = # If set, the configured endpoint will be used. If None, the storage # url from the auth response will be used. (string value) #swift_store_endpoint = # A string giving the endpoint type of the swift service to use # (publicURL, adminURL or internalURL). This setting is only used if # swift_store_auth_version is 2. (string value) #swift_store_endpoint_type = publicURL # A string giving the service type of the swift service to use. This # setting is only used if swift_store_auth_version is 2. (string # value) #swift_store_service_type = object-store # Container within the account that the account should use for storing # images in Swift when using single container mode. In multiple # container mode, this will be the prefix for all containers. (string # value) #swift_store_container = glance # The size, in MB, that Glance will start chunking image files and do # a large object manifest in Swift. (integer value) #swift_store_large_object_size = 5120 # The amount of data written to a temporary disk buffer during the # process of chunking the image file. (integer value) #swift_store_large_object_chunk_size = 200 # A boolean value that determines if we create the container if it # does not exist. (boolean value) #swift_store_create_container_on_put = false # If set to True, enables multi-tenant storage mode which causes # Glance images to be stored in tenant specific Swift accounts. # (boolean value) #swift_store_multi_tenant = false # When set to 0, a single-tenant store will only use one container to # store all images. When set to an integer value between 1 and 32, a # single-tenant store will use multiple containers to store images, # and this value will determine how many containers are created.Used # only when swift_store_multi_tenant is disabled. The total number of # containers that will be used is equal to 16^N, so if this config # option is set to 2, then 16^2=256 containers will be used to store # images. (integer value) #swift_store_multiple_containers_seed = 0 # A list of tenants that will be granted read/write access on all # Swift containers created by Glance in multi-tenant mode. (list # value) #swift_store_admin_tenants = # If set to False, disables SSL layer compression of https swift # requests. Setting to False may improve performance for images which # are already in a compressed format, eg qcow2. (boolean value) #swift_store_ssl_compression = true # The number of times a Swift download will be retried before the # request fails. (integer value) #swift_store_retry_get_count = 0 # The period of time (in seconds) before token expirationwhen # glance_store will try to reques new user token. Default value 60 sec # means that if token is going to expire in 1 min then glance_store # request new user token. (integer value) #swift_store_expire_soon_interval = 60 # If set to True create a trust for each add/get request to Multi- # tenant store in order to prevent authentication token to be expired # during uploading/downloading data. If set to False then user token # is used for Swift connection (so no overhead on trust creation). # Please note that this option is considered only and only if # swift_store_multi_tenant=True (boolean value) #swift_store_use_trusts = true # The reference to the default swift account/backing store parameters # to use for adding new images. (string value) #default_swift_reference = ref1 # Version of the authentication service to use. Valid versions are 2 # and 3 for keystone and 1 (deprecated) for swauth and rackspace. # (deprecated - use "auth_version" in swift_store_config_file) (string # value) #swift_store_auth_version = 2 # The address where the Swift authentication service is listening. # (deprecated - use "auth_address" in swift_store_config_file) (string # value) #swift_store_auth_address = # The user to authenticate against the Swift authentication service # (deprecated - use "user" in swift_store_config_file) (string value) #swift_store_user = # Auth key for the user authenticating against the Swift # authentication service. (deprecated - use "key" in # swift_store_config_file) (string value) #swift_store_key = # The config file that has the swift account(s)configs. (string value) #swift_store_config_file = # Directory to which the Filesystem backend store writes images. # (string value) #filesystem_store_datadir = /var/lib/glance/images # List of directories and its priorities to which the Filesystem # backend store writes images. (multi valued) #filesystem_store_datadirs = # The path to a file which contains the metadata to be returned with # any location associated with this store. The file must contain a # valid JSON object. The object should contain the keys 'id' and # 'mountpoint'. The value for both keys should be 'string'. (string # value) #filesystem_store_metadata_file = # The required permission for created image file. In this way the user # other service used, e.g. Nova, who consumes the image could be the # exclusive member of the group that owns the files created. Assigning # it less then or equal to zero means don't change the default # permission of the file. This value will be decoded as an octal # digit. (integer value) #filesystem_store_file_perm = 0 # The host where the S3 server is listening. (string value) #s3_store_host = # The S3 query token access key. (string value) #s3_store_access_key = # The S3 query token secret key. (string value) #s3_store_secret_key = # The S3 bucket to be used to store the Glance data. (string value) #s3_store_bucket = # The local directory where uploads will be staged before they are # transferred into S3. (string value) #s3_store_object_buffer_dir = # A boolean to determine if the S3 bucket should be created on upload # if it does not exist or if an error should be returned to the user. # (boolean value) #s3_store_create_bucket_on_put = false # The S3 calling format used to determine the bucket. Either subdomain # or path can be used. (string value) #s3_store_bucket_url_format = subdomain # What size, in MB, should S3 start chunking image files and do a # multipart upload in S3. (integer value) #s3_store_large_object_size = 100 # What multipart upload part size, in MB, should S3 use when uploading # parts. The size must be greater than or equal to 5M. (integer value) #s3_store_large_object_chunk_size = 10 # The number of thread pools to perform a multipart upload in S3. # (integer value) #s3_store_thread_pools = 10 # Enable the use of a proxy. (boolean value) #s3_store_enable_proxy = false # Address or hostname for the proxy server. (string value) #s3_store_proxy_host = # The port to use when connecting over a proxy. (integer value) #s3_store_proxy_port = 8080 # The username to connect to the proxy. (string value) #s3_store_proxy_user = # The password to use when connecting over a proxy. (string value) #s3_store_proxy_password = # Info to match when looking for cinder in the service catalog. Format # is : separated values of the form: # :: (string value) #cinder_catalog_info = volumev2::publicURL # Override service catalog lookup with template for cinder endpoint # e.g. http://localhost:8776/v2/%(tenant)s (string value) #cinder_endpoint_template = # Region name of this node. If specified, it will be used to locate # OpenStack services for stores. (string value) # Deprecated group/name - [glance_store]/os_region_name #cinder_os_region_name = # Location of ca certicates file to use for cinder client requests. # (string value) #cinder_ca_certificates_file = # Number of cinderclient retries on failed http calls (integer value) #cinder_http_retries = 3 # Time period of time in seconds to wait for a cinder volume # transition to complete. (integer value) #cinder_state_transition_timeout = 300 # Allow to perform insecure SSL requests to cinder (boolean value) #cinder_api_insecure = false # The address where the Cinder authentication service is listening. If # , the cinder endpoint in the service catalog is used. (string # value) #cinder_store_auth_address = # User name to authenticate against Cinder. If , the user of # current context is used. (string value) #cinder_store_user_name = # Password for the user authenticating against Cinder. If , the # current context auth token is used. (string value) #cinder_store_password = # Project name where the image is stored in Cinder. If , the # project in current context is used. (string value) #cinder_store_project_name = # Path to the rootwrap configuration file to use for running commands # as root. (string value) #rootwrap_config = /etc/glance/rootwrap.conf # ESX/ESXi or vCenter Server target system. The server value can be an # IP address or a DNS name. (string value) #vmware_server_host = # Username for authenticating with VMware ESX/VC server. (string # value) #vmware_server_username = # Password for authenticating with VMware ESX/VC server. (string # value) #vmware_server_password = # Number of times VMware ESX/VC server API must be retried upon # connection related issues. (integer value) #vmware_api_retry_count = 10 # The interval used for polling remote tasks invoked on VMware ESX/VC # server. (integer value) #vmware_task_poll_interval = 5 # The name of the directory where the glance images will be stored in # the VMware datastore. (string value) #vmware_store_image_dir = /openstack_glance # If true, the ESX/vCenter server certificate is not verified. If # false, then the default CA truststore is used for verification. This # option is ignored if "vmware_ca_file" is set. (boolean value) # Deprecated group/name - [glance_store]/vmware_api_insecure #vmware_insecure = false # Specify a CA bundle file to use in verifying the ESX/vCenter server # certificate. (string value) #vmware_ca_file = # A list of datastores where the image can be stored. This option may # be specified multiple times for specifying multiple datastores. The # datastore name should be specified after its datacenter path, # seperated by ":". An optional weight may be given after the # datastore name, seperated again by ":". Thus, the required format # becomes ::. When # adding an image, the datastore with highest weight will be selected, # unless there is not enough free space available in cases where the # image size is already known. If no weight is given, it is assumed to # be zero and the directory will be considered for selection last. If # multiple datastores have the same weight, then the one with the most # free space available is selected. (multi valued) #vmware_datastores = # Images will be chunked into objects of this size (in megabytes). For # best performance, this should be a power of two. (integer value) #sheepdog_store_chunk_size = 64 # Port of sheep daemon. (integer value) #sheepdog_store_port = 7000 # IP address of sheep daemon. (string value) #sheepdog_store_address = localhost # RADOS images will be chunked into objects of this size (in # megabytes). For best performance, this should be a power of two. # (integer value) #rbd_store_chunk_size = 8 # RADOS pool in which images are stored. (string value) #rbd_store_pool = images # RADOS user to authenticate as (only applicable if using Cephx. If # , a default will be chosen based on the client. section in # rbd_store_ceph_conf) (string value) #rbd_store_user = # Ceph configuration file path. If , librados will locate the # default config. If using cephx authentication, this file should # include a reference to the right keyring in a client. section # (string value) #rbd_store_ceph_conf = /etc/ceph/ceph.conf # Timeout value (in seconds) used when connecting to ceph cluster. If # value <= 0, no timeout is set and default librados value is used. # (integer value) #rados_connect_timeout = 0 [image_format] # # From glance.api # # Supported values for the 'container_format' image attribute (list # value) # Deprecated group/name - [DEFAULT]/container_formats #container_formats = ami,ari,aki,bare,ovf,ova,docker # Supported values for the 'disk_format' image attribute (list value) # Deprecated group/name - [DEFAULT]/disk_formats #disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso [keystone_authtoken] # # From keystonemiddleware.auth_token # # Complete "public" Identity API endpoint. This endpoint should not be # an "admin" endpoint, as it should be accessible by all end users. # Unauthenticated clients are redirected to this endpoint to # authenticate. Although this endpoint should ideally be unversioned, # client support in the wild varies. If you're using a versioned v2 # endpoint here, then this should *not* be the same endpoint the # service user utilizes for validating tokens, because normal end # users may not be able to reach that endpoint. (string value) #auth_uri = # API version of the admin Identity API endpoint. (string value) #auth_version = # Do not handle authorization requests within the middleware, but # delegate the authorization decision to downstream WSGI components. # (boolean value) #delay_auth_decision = false # Request timeout value for communicating with Identity API server. # (integer value) #http_connect_timeout = # How many times are we trying to reconnect when communicating with # Identity API Server. (integer value) #http_request_max_retries = 3 # Env key for the swift cache. (string value) #cache = # Required if identity server requires client certificate (string # value) #certfile = # Required if identity server requires client certificate (string # value) #keyfile = # A PEM encoded Certificate Authority to use when verifying HTTPs # connections. Defaults to system CAs. (string value) #cafile = # Verify HTTPS connections. (boolean value) #insecure = false # The region in which the identity server can be found. (string value) #region_name = # Directory used to cache files related to PKI tokens. (string value) #signing_dir = # Optionally specify a list of memcached server(s) to use for caching. # If left undefined, tokens will instead be cached in-process. (list # value) # Deprecated group/name - [keystone_authtoken]/memcache_servers #memcached_servers = # In order to prevent excessive effort spent validating tokens, the # middleware caches previously-seen tokens for a configurable duration # (in seconds). Set to -1 to disable caching completely. (integer # value) #token_cache_time = 300 # Determines the frequency at which the list of revoked tokens is # retrieved from the Identity service (in seconds). A high number of # revocation events combined with a low cache duration may # significantly reduce performance. Only valid for PKI tokens. # (integer value) #revocation_cache_time = 10 # (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token data is # encrypted and authenticated in the cache. If the value is not one of # these options or empty, auth_token will raise an exception on # initialization. (string value) # Allowed values: None, MAC, ENCRYPT #memcache_security_strategy = None # (Optional, mandatory if memcache_security_strategy is defined) This # string is used for key derivation. (string value) #memcache_secret_key = # (Optional) Number of seconds memcached server is considered dead # before it is tried again. (integer value) #memcache_pool_dead_retry = 300 # (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize = 10 # (Optional) Socket timeout in seconds for communicating with a # memcached server. (integer value) #memcache_pool_socket_timeout = 3 # (Optional) Number of seconds a connection to memcached is held # unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout = 60 # (Optional) Number of seconds that an operation will wait to get a # memcached client connection from the pool. (integer value) #memcache_pool_conn_get_timeout = 10 # (Optional) Use the advanced (eventlet safe) memcached client pool. # The advanced pool will only work under python 2.x. (boolean value) #memcache_use_advanced_pool = false # (Optional) Indicate whether to set the X-Service-Catalog header. If # False, middleware will not ask for service catalog on token # validation and will not set the X-Service-Catalog header. (boolean # value) #include_service_catalog = true # Used to control the use and type of token binding. Can be set to: # "disabled" to not check token binding. "permissive" (default) to # validate binding information if the bind type is of a form known to # the server and ignore it if not. "strict" like "permissive" but if # the bind type is unknown the token will be rejected. "required" any # form of token binding is needed to be allowed. Finally the name of a # binding method that must be present in tokens. (string value) #enforce_token_bind = permissive # If true, the revocation list will be checked for cached tokens. This # requires that PKI tokens are configured on the identity server. # (boolean value) #check_revocations_for_cached = false # Hash algorithms to use for hashing PKI tokens. This may be a single # algorithm or multiple. The algorithms are those supported by Python # standard hashlib.new(). The hashes will be tried in the order given, # so put the preferred one first for performance. The result of the # first hash will be stored in the cache. This will typically be set # to multiple values only while migrating from a less secure algorithm # to a more secure one. Once all the old tokens are expired this # option should be set to a single value for better performance. (list # value) #hash_algorithms = md5 # Authentication type to load (string value) # Deprecated group/name - [keystone_authtoken]/auth_plugin #auth_type = # Config Section from which to load plugin specific options (string # value) #auth_section = [matchmaker_redis] # # From oslo.messaging # # DEPRECATED: Host to locate redis. (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by [DEFAULT]/transport_url #host = 127.0.0.1 # DEPRECATED: Use this port to connect to redis host. (port value) # Minimum value: 0 # Maximum value: 65535 # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by [DEFAULT]/transport_url #port = 6379 # DEPRECATED: Password for Redis server (optional). (string value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by [DEFAULT]/transport_url #password = # DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode) e.g. # [host:port, host1:port ... ] (list value) # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by [DEFAULT]/transport_url #sentinel_hosts = # Redis replica set name. (string value) #sentinel_group_name = oslo-messaging-zeromq # Time in ms to wait between connection attempts. (integer value) #wait_timeout = 5000 # Time in ms to wait before the transaction is killed. (integer value) #check_timeout = 60000 # Timeout in ms on blocking socket operations (integer value) #socket_timeout = 10000 [oslo_concurrency] # # From oslo.concurrency # # Enables or disables inter-process locks. (boolean value) # Deprecated group/name - [DEFAULT]/disable_process_locking #disable_process_locking = false # Directory to use for lock files. For security, the specified # directory should only be writable by the user running the processes # that need locking. Defaults to environment variable OSLO_LOCK_PATH. # If external locks are used, a lock path must be set. (string value) # Deprecated group/name - [DEFAULT]/lock_path #lock_path = [oslo_messaging_amqp] # # From oslo.messaging # # address prefix used when sending to a specific server (string value) # Deprecated group/name - [amqp1]/server_request_prefix #server_request_prefix = exclusive # address prefix used when broadcasting to all servers (string value) # Deprecated group/name - [amqp1]/broadcast_prefix #broadcast_prefix = broadcast # address prefix when sending to any server in group (string value) # Deprecated group/name - [amqp1]/group_request_prefix #group_request_prefix = unicast # Name for the AMQP container (string value) # Deprecated group/name - [amqp1]/container_name #container_name = # Timeout for inactive connections (in seconds) (integer value) # Deprecated group/name - [amqp1]/idle_timeout #idle_timeout = 0 # Debug: dump AMQP frames to stdout (boolean value) # Deprecated group/name - [amqp1]/trace #trace = false # CA certificate PEM file to verify server certificate (string value) # Deprecated group/name - [amqp1]/ssl_ca_file #ssl_ca_file = # Identifying certificate PEM file to present to clients (string # value) # Deprecated group/name - [amqp1]/ssl_cert_file #ssl_cert_file = # Private key PEM file used to sign cert_file certificate (string # value) # Deprecated group/name - [amqp1]/ssl_key_file #ssl_key_file = # Password for decrypting ssl_key_file (if encrypted) (string value) # Deprecated group/name - [amqp1]/ssl_key_password #ssl_key_password = # Accept clients using either SSL or plain TCP (boolean value) # Deprecated group/name - [amqp1]/allow_insecure_clients #allow_insecure_clients = false # Space separated list of acceptable SASL mechanisms (string value) # Deprecated group/name - [amqp1]/sasl_mechanisms #sasl_mechanisms = # Path to directory that contains the SASL configuration (string # value) # Deprecated group/name - [amqp1]/sasl_config_dir #sasl_config_dir = # Name of configuration file (without .conf suffix) (string value) # Deprecated group/name - [amqp1]/sasl_config_name #sasl_config_name = # User name for message broker authentication (string value) # Deprecated group/name - [amqp1]/username #username = # Password for message broker authentication (string value) # Deprecated group/name - [amqp1]/password #password = [oslo_messaging_notifications] # # From oslo.messaging # # The Drivers(s) to handle sending notifications. Possible values are # messaging, messagingv2, routing, log, test, noop (multi valued) # Deprecated group/name - [DEFAULT]/notification_driver #driver = # A URL representing the messaging driver to use for notifications. If # not set, we fall back to the same configuration used for RPC. # (string value) # Deprecated group/name - [DEFAULT]/notification_transport_url #transport_url = # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics # Deprecated group/name - [DEFAULT]/notification_topics #topics = notifications [oslo_messaging_rabbit] # # From oslo.messaging # # Use durable queues in AMQP. (boolean value) # Deprecated group/name - [DEFAULT]/amqp_durable_queues # Deprecated group/name - [DEFAULT]/rabbit_durable_queues #amqp_durable_queues = false # Auto-delete queues in AMQP. (boolean value) # Deprecated group/name - [DEFAULT]/amqp_auto_delete #amqp_auto_delete = false # SSL version to use (valid only if SSL enabled). Valid values are # TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be # available on some distributions. (string value) # Deprecated group/name - [DEFAULT]/kombu_ssl_version #kombu_ssl_version = # SSL key file (valid only if SSL enabled). (string value) # Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile #kombu_ssl_keyfile = # SSL cert file (valid only if SSL enabled). (string value) # Deprecated group/name - [DEFAULT]/kombu_ssl_certfile #kombu_ssl_certfile = # SSL certification authority file (valid only if SSL enabled). # (string value) # Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs #kombu_ssl_ca_certs = # How long to wait before reconnecting in response to an AMQP consumer # cancel notification. (floating point value) # Deprecated group/name - [DEFAULT]/kombu_reconnect_delay #kombu_reconnect_delay = 1.0 # EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression # will not be used. This option may notbe available in future # versions. (string value) #kombu_compression = # How long to wait a missing client beforce abandoning to send it its # replies. This value should not be longer than rpc_response_timeout. # (integer value) # Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout #kombu_missing_consumer_retry_timeout = 60 # Determines how the next RabbitMQ node is chosen in case the one we # are currently connected to becomes unavailable. Takes effect only if # more than one RabbitMQ node is provided in config. (string value) # Allowed values: round-robin, shuffle #kombu_failover_strategy = round-robin # DEPRECATED: The RabbitMQ broker address where a single node is used. # (string value) # Deprecated group/name - [DEFAULT]/rabbit_host # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by [DEFAULT]/transport_url #rabbit_host = localhost # DEPRECATED: The RabbitMQ broker port where a single node is used. # (port value) # Minimum value: 0 # Maximum value: 65535 # Deprecated group/name - [DEFAULT]/rabbit_port # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by [DEFAULT]/transport_url #rabbit_port = 5672 # DEPRECATED: RabbitMQ HA cluster host:port pairs. (list value) # Deprecated group/name - [DEFAULT]/rabbit_hosts # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by [DEFAULT]/transport_url #rabbit_hosts = $rabbit_host:$rabbit_port # Connect over SSL for RabbitMQ. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_use_ssl #rabbit_use_ssl = false # DEPRECATED: The RabbitMQ userid. (string value) # Deprecated group/name - [DEFAULT]/rabbit_userid # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by [DEFAULT]/transport_url #rabbit_userid = guest # DEPRECATED: The RabbitMQ password. (string value) # Deprecated group/name - [DEFAULT]/rabbit_password # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by [DEFAULT]/transport_url #rabbit_password = guest # The RabbitMQ login method. (string value) # Deprecated group/name - [DEFAULT]/rabbit_login_method #rabbit_login_method = AMQPLAIN # DEPRECATED: The RabbitMQ virtual host. (string value) # Deprecated group/name - [DEFAULT]/rabbit_virtual_host # This option is deprecated for removal. # Its value may be silently ignored in the future. # Reason: Replaced by [DEFAULT]/transport_url #rabbit_virtual_host = / # How frequently to retry connecting with RabbitMQ. (integer value) #rabbit_retry_interval = 1 # How long to backoff for between retries when connecting to RabbitMQ. # (integer value) # Deprecated group/name - [DEFAULT]/rabbit_retry_backoff #rabbit_retry_backoff = 2 # Maximum interval of RabbitMQ connection retries. Default is 30 # seconds. (integer value) #rabbit_interval_max = 30 # Maximum number of RabbitMQ connection retries. Default is 0 # (infinite retry count). (integer value) # Deprecated group/name - [DEFAULT]/rabbit_max_retries #rabbit_max_retries = 0 # Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change # this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, # queue mirroring is no longer controlled by the x-ha-policy argument # when declaring a queue. If you just want to make sure that all # queues (except those with auto-generated names) are mirrored across # all nodes, run: "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha- # mode": "all"}' " (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_ha_queues #rabbit_ha_queues = false # Positive integer representing duration in seconds for queue TTL # (x-expires). Queues which are unused for the duration of the TTL are # automatically deleted. The parameter affects only reply and fanout # queues. (integer value) # Minimum value: 1 #rabbit_transient_queues_ttl = 1800 # Specifies the number of messages to prefetch. Setting to zero allows # unlimited messages. (integer value) #rabbit_qos_prefetch_count = 0 # Number of seconds after which the Rabbit broker is considered down # if heartbeat's keep-alive fails (0 disable the heartbeat). # EXPERIMENTAL (integer value) #heartbeat_timeout_threshold = 60 # How often times during the heartbeat_timeout_threshold we check the # heartbeat. (integer value) #heartbeat_rate = 2 # Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake # (boolean value) # Deprecated group/name - [DEFAULT]/fake_rabbit #fake_rabbit = false # Maximum number of channels to allow (integer value) #channel_max = # The maximum byte size for an AMQP frame (integer value) #frame_max = # How often to send heartbeats for consumer's connections (integer # value) #heartbeat_interval = 3 # Enable SSL (boolean value) #ssl = # Arguments passed to ssl.wrap_socket (dict value) #ssl_options = # Set socket timeout in seconds for connection's socket (floating # point value) #socket_timeout = 0.25 # Set TCP_USER_TIMEOUT in seconds for connection's socket (floating # point value) #tcp_user_timeout = 0.25 # Set delay for reconnection to some host which has connection error # (floating point value) #host_connection_reconnect_delay = 0.25 # Connection factory implementation (string value) # Allowed values: new, single, read_write #connection_factory = single # Maximum number of connections to keep queued. (integer value) #pool_max_size = 30 # Maximum number of connections to create above `pool_max_size`. # (integer value) #pool_max_overflow = 0 # Default number of seconds to wait for a connections to available # (integer value) #pool_timeout = 30 # Lifetime of a connection (since creation) in seconds or None for no # recycling. Expired connections are closed on acquire. (integer # value) #pool_recycle = 600 # Threshold at which inactive (since release) connections are # considered stale in seconds or None for no staleness. Stale # connections are closed on acquire. (integer value) #pool_stale = 60 # Persist notification messages. (boolean value) #notification_persistence = false # Exchange name for sending notifications (string value) #default_notification_exchange = ${control_exchange}_notification # Max number of not acknowledged message which RabbitMQ can send to # notification listener. (integer value) #notification_listener_prefetch_count = 100 # Reconnecting retry count in case of connectivity problem during # sending notification, -1 means infinite retry. (integer value) #default_notification_retry_attempts = -1 # Reconnecting retry delay in case of connectivity problem during # sending notification message (floating point value) #notification_retry_delay = 0.25 # Time to live for rpc queues without consumers in seconds. (integer # value) #rpc_queue_expiration = 60 # Exchange name for sending RPC messages (string value) #default_rpc_exchange = ${control_exchange}_rpc # Exchange name for receiving RPC replies (string value) #rpc_reply_exchange = ${control_exchange}_rpc_reply # Max number of not acknowledged message which RabbitMQ can send to # rpc listener. (integer value) #rpc_listener_prefetch_count = 100 # Max number of not acknowledged message which RabbitMQ can send to # rpc reply listener. (integer value) #rpc_reply_listener_prefetch_count = 100 # Reconnecting retry count in case of connectivity problem during # sending reply. -1 means infinite retry during rpc_timeout (integer # value) #rpc_reply_retry_attempts = -1 # Reconnecting retry delay in case of connectivity problem during # sending reply. (floating point value) #rpc_reply_retry_delay = 0.25 # Reconnecting retry count in case of connectivity problem during # sending RPC message, -1 means infinite retry. If actual retry # attempts in not 0 the rpc request could be processed more then one # time (integer value) #default_rpc_retry_attempts = -1 # Reconnecting retry delay in case of connectivity problem during # sending RPC message (floating point value) #rpc_retry_delay = 0.25 [oslo_middleware] # # From oslo.middleware.http_proxy_to_wsgi # # Whether the application is behind a proxy or not. This determines if # the middleware should parse the headers or not. (boolean value) #enable_proxy_headers_parsing = false [oslo_policy] # # From oslo.policy # # The JSON file that defines policies. (string value) # Deprecated group/name - [DEFAULT]/policy_file #policy_file = policy.json # Default rule. Enforced when a requested rule is not found. (string # value) # Deprecated group/name - [DEFAULT]/policy_default_rule #policy_default_rule = default # Directories where policy configuration files are stored. They can be # relative to any directory in the search path defined by the # config_dir option, or absolute paths. The file defined by # policy_file must exist for these directories to be searched. # Missing or empty directories are ignored. (multi valued) # Deprecated group/name - [DEFAULT]/policy_dirs #policy_dirs = policy.d [paste_deploy] # # From glance.api # # Partial name of a pipeline in your paste configuration file with the # service name removed. For example, if your paste section name is # [pipeline:glance-api-keystone] use the value "keystone" (string # value) #flavor = # Name of the paste configuration file. (string value) #config_file = [profiler] # # From glance.api # # # Enables the profiling for all services on this node. Default value # is False # (fully disable the profiling feature). # # Possible values: # # * True: Enables the feature # * False: Disables the feature. The profiling cannot be started via # this project # operations. If the profiling is triggered by another project, this # project part # will be empty. # (boolean value) # Deprecated group/name - [profiler]/profiler_enabled #enabled = false # # Enables SQL requests profiling in services. Default value is False # (SQL # requests won't be traced). # # Possible values: # # * True: Enables SQL requests profiling. Each SQL query will be part # of the # trace and can the be analyzed by how much time was spent for that. # * False: Disables SQL requests profiling. The spent time is only # shown on a # higher level of operations. Single SQL queries cannot be analyzed # this # way. # (boolean value) #trace_sqlalchemy = false # # Secret key(s) to use for encrypting context data for performance # profiling. # This string value should have the following format: # [,,...], # where each key is some random string. A user who triggers the # profiling via # the REST API has to set one of these keys in the headers of the REST # API call # to include profiling results of this node for this particular # project. # # Both "enabled" flag and "hmac_keys" config options should be set to # enable # profiling. Also, to generate correct profiling information across # all services # at least one key needs to be consistent between OpenStack projects. # This # ensures it can be used from client side to generate the trace, # containing # information from all possible resources. (string value) #hmac_keys = SECRET_KEY [store_type_location_strategy] # # From glance.api # # The store names to use to get store preference order. The name must # be registered by one of the stores defined by the 'stores' config # option. This option will be applied when you using 'store_type' # option as image location strategy defined by the 'location_strategy' # config option. (list value) #store_type_preference = [task] # # From glance.api # # Time in hours for which a task lives after, either succeeding or # failing (integer value) # Deprecated group/name - [DEFAULT]/task_time_to_live #task_time_to_live = 48 # Specifies which task executor to be used to run the task scripts. # (string value) #task_executor = taskflow # Work dir for asynchronous task operations. The directory set here # will be used to operate over images - normally before they are # imported in the destination store. When providing work dir, make # sure enough space is provided for concurrent tasks to run # efficiently without running out of space. A rough estimation can be # done by multiplying the number of `max_workers` - or the N of # workers running - by an average image size (e.g 500MB). The image # size estimation should be done based on the average size in your # deployment. Note that depending on the tasks running you may need to # multiply this number by some factor depending on what the task does. # For example, you may want to double the available size if image # conversion is enabled. All this being said, remember these are just # estimations and you should do them based on the worst case scenario # and be prepared to act in case they were wrong. (string value) #work_dir = [taskflow_executor] # # From glance.api # # # Set the taskflow engine mode. # # Provide a string type value to set the mode in which the taskflow # engine would schedule tasks to the workers on the hosts. Based on # this mode, the engine executes tasks either in single or multiple # threads. The possible values for this configuration option are: # ``serial`` and ``parallel``. When set to ``serial``, the engine runs # all the tasks in a single thread which results in serial execution # of tasks. Setting this to ``parallel`` makes the engine run tasks in # multiple threads. This results in parallel execution of tasks. # # Possible values: # * serial # * parallel # # Related options: # * max_workers # # (string value) # Allowed values: serial, parallel #engine_mode = parallel # # Set the number of engine executable tasks. # # Provide an integer value to limit the number of workers that can be # instantiated on the hosts. In other words, this number defines the # number of parallel tasks that can be executed at the same time by # the taskflow engine. This value can be greater than one when the # engine mode is set to parallel. # # Possible values: # * Integer value greater than or equal to 1 # # Related options: # * engine_mode # # (integer value) # Minimum value: 1 # Deprecated group/name - [task]/eventlet_executor_pool_size #max_workers = 10 # The format to which images will be automatically converted. When # using the RBD backend, this should be set to 'raw' (string value) # Allowed values: qcow2, raw, vmdk #conversion_format =