[DEFAULT] # Show more verbose log output (sets INFO log level output) #verbose = False # Show debugging output in logs (sets DEBUG log level output) #debug = False # Log to this file. Make sure you do not set the same log file for both the API # and registry servers! # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. log_file = /var/log/glance/image-cache.log # Send logs to syslog (/dev/log) instead of to file specified by `log_file` #use_syslog = False # Directory that the Image Cache writes data to image_cache_dir = /var/lib/glance/image-cache/ # Number of seconds after which we should consider an incomplete image to be # stalled and eligible for reaping image_cache_stall_time = 86400 # The upper limit (the maximum size of accumulated cache in bytes) beyond # which pruner, if running, starts cleaning the images cache. image_cache_max_size = 10737418240 # Address to find the registry server registry_host = 0.0.0.0 # Port the registry server is listening on registry_port = 9191 # Auth settings if using Keystone # auth_url = http://127.0.0.1:5000/v2.0/ # admin_tenant_name = %SERVICE_TENANT_NAME% # admin_user = %SERVICE_USER% # admin_password = %SERVICE_PASSWORD% # List of which store classes and store class locations are # currently known to glance at startup. # known_stores = glance.store.filesystem.Store, # glance.store.http.Store, # glance.store.rbd.Store, # glance.store.s3.Store, # glance.store.swift.Store, # glance.store.sheepdog.Store, # glance.store.cinder.Store, # glance.store.vmware_datastore.Store, # ============ Filesystem Store Options ======================== # Directory that the Filesystem backend store # writes image data to filesystem_store_datadir = /var/lib/glance/images/ # ============ Swift Store Options ============================= # Version of the authentication service to use # Valid versions are '2' for keystone and '1' for swauth and rackspace swift_store_auth_version = 2 # Address where the Swift authentication service lives # Valid schemes are 'http://' and 'https://' # If no scheme specified, default to 'https://' # For swauth, use something like '127.0.0.1:8080/v1.0/' swift_store_auth_address = 127.0.0.1:5000/v2.0/ # User to authenticate against the Swift authentication service # If you use Swift authentication service, set it to 'account':'user' # where 'account' is a Swift storage account and 'user' # is a user in that account swift_store_user = jdoe:jdoe # Auth key for the user authenticating against the # Swift authentication service swift_store_key = a86850deb2742ec3cb41518e26aa2d89 # Container within the account that the account should use # for storing images in Swift swift_store_container = glance # Do we create the container if it does not exist? swift_store_create_container_on_put = False # What size, in MB, should Glance start chunking image files # and do a large object manifest in Swift? By default, this is # the maximum object size in Swift, which is 5GB swift_store_large_object_size = 5120 # This file contains references for each of the configured # Swift accounts/backing stores. If used, this option can prevent # credentials being stored in the database. Using Swift references # is disabled if this config is left blank. #swift_store_config_file = glance-swift.conf # The reference to the default Swift parameters to use for adding new images. #default_swift_reference = 'ref1' # When doing a large object manifest, what size, in MB, should # Glance write chunks to Swift? This amount of data is written # to a temporary disk buffer during the process of chunking # the image file, and the default is 200MB swift_store_large_object_chunk_size = 200 # If set, the configured endpoint will be used. If None, the storage URL # from the auth response will be used. The location of an object is # obtained by appending the container and object to the configured URL. # # swift_store_endpoint = https://www.example.com/v1/not_a_container swift_store_endpoint = None # If set to True enables multi-tenant storage mode which causes Glance images # to be stored in tenant specific Swift accounts. #swift_store_multi_tenant = False # A list of swift ACL strings that will be applied as both read and # write ACLs to the containers created by Glance in multi-tenant # mode. This grants the specified tenants/users read and write access # to all newly created image objects. The standard swift ACL string # formats are allowed, including: # : # : # *: # Multiple ACLs can be combined using a comma separated list, for # example: swift_store_admin_tenants = service:glance,*:admin #swift_store_admin_tenants = # The region of the swift endpoint to be used for single tenant. This setting # is only necessary if the tenant has multiple swift endpoints. #swift_store_region = # If set to False, disables SSL layer compression of https swift requests. # Setting to 'False' may improve performance for images which are already # in a compressed format, eg qcow2. If set to True, enables SSL layer # compression (provided it is supported by the target swift proxy). #swift_store_ssl_compression = True # The number of times a Swift download will be retried before the # request fails #swift_store_retry_get_count = 0 # Bypass SSL verification for Swift #swift_store_auth_insecure = False # The path to a CA certificate bundle file to use for SSL verification when # communicating with Swift. #swift_store_cacert = # ============ S3 Store Options ============================= # Address where the S3 authentication service lives # Valid schemes are 'http://' and 'https://' # If no scheme specified, default to 'http://' s3_store_host = s3.amazonaws.com # User to authenticate against the S3 authentication service s3_store_access_key = <20-char AWS access key> # Auth key for the user authenticating against the # S3 authentication service s3_store_secret_key = <40-char AWS secret key> # Container within the account that the account should use # for storing images in S3. Note that S3 has a flat namespace, # so you need a unique bucket name for your glance images. An # easy way to do this is append your AWS access key to "glance". # S3 buckets in AWS *must* be lowercased, so remember to lowercase # your AWS access key if you use it in your bucket name below! s3_store_bucket = glance # Do we create the bucket if it does not exist? s3_store_create_bucket_on_put = False # When sending images to S3, the data will first be written to a # temporary buffer on disk. By default the platform's temporary directory # will be used. If required, an alternative directory can be specified here. # s3_store_object_buffer_dir = /path/to/dir # ============ Cinder Store Options =========================== # Info to match when looking for cinder in the service catalog # Format is : separated values of the form: # :: (string value) #cinder_catalog_info = volume:cinder:publicURL # Override service catalog lookup with template for cinder endpoint # e.g. http://localhost:8776/v1/%(project_id)s (string value) #cinder_endpoint_template = # Region name of this node (string value) #os_region_name = # Location of ca certicates file to use for cinder client requests # (string value) #cinder_ca_certificates_file = # Number of cinderclient retries on failed http calls (integer value) #cinder_http_retries = 3 # Allow to perform insecure SSL requests to cinder (boolean value) #cinder_api_insecure = False # ============ VMware Datastore Store Options ===================== # ESX/ESXi or vCenter Server target system. # The server value can be an IP address or a DNS name # e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com #vmware_server_host = # Server username (string value) #vmware_server_username = # Server password (string value) #vmware_server_password = # Inventory path to a datacenter (string value) # Value optional when vmware_server_ip is an ESX/ESXi host: if specified # should be `ha-datacenter`. #vmware_datacenter_path = # Datastore associated with the datacenter (string value) #vmware_datastore_name = # The number of times we retry on failures # e.g., socket error, etc (integer value) #vmware_api_retry_count = 10 # The interval used for polling remote tasks # invoked on VMware ESX/VC server in seconds (integer value) #vmware_task_poll_interval = 5 # Absolute path of the folder containing the images in the datastore # (string value) #vmware_store_image_dir = /openstack_glance # Allow to perform insecure SSL requests to the target system (boolean value) #vmware_api_insecure = False # ================= Security Options ========================== # AES key for encrypting store 'location' metadata, including # -- if used -- Swift or S3 credentials # Should be set to a random string of length 16, 24 or 32 bytes # metadata_encryption_key = <16, 24 or 32 char registry metadata key> # =============== Policy Options ============================== [oslo_policy] # The JSON file that defines policies. # Deprecated group/name - [DEFAULT]/policy_file #policy_file = policy.json # Default rule. Enforced when a requested rule is not found. # Deprecated group/name - [DEFAULT]/policy_default_rule #policy_default_rule = default # Directories where policy configuration files are stored. # They can be relative to any directory in the search path # defined by the config_dir option, or absolute paths. # The file defined by policy_file must exist for these # directories to be searched. # Deprecated group/name - [DEFAULT]/policy_dirs #policy_dirs = policy.d