[DEFAULT] # Show more verbose log output (sets INFO log level output) #verbose = False verbose = True # Show debugging output in logs (sets DEBUG log level output) #debug = False # Maximum image size (in bytes) that may be uploaded through the # Glance API server. Defaults to 1 TB. # WARNING: this value should only be increased after careful consideration # and must be set to a value under 8 EB (9223372036854775808). #image_size_cap = 1099511627776 # Address to bind the API server bind_host = 0.0.0.0 # Port the bind the API server to bind_port = 19292 # Log to this file. Make sure you do not set the same log file for both the API # and registry servers! # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. log_file = /var/log/daisy/api.log # Backlog requests when creating socket backlog = 4096 # TCP_KEEPIDLE value in seconds when creating socket. # Not supported on OS X. #tcp_keepidle = 600 # API to use for accessing data. Default value points to sqlalchemy # package, it is also possible to use: glance.db.registry.api data_api = daisy.db.sqlalchemy.api # The number of child process workers that will be # created to service API requests. The default will be # equal to the number of CPUs available. (integer value) workers = 4 # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large tokens # (typically those generated by the Keystone v3 API with big service # catalogs) # max_header_line = 16384 # Maximum number of hosts install os at the same time. max_parallel_os_number = 20 # Maximum number of hosts upgrade os at the same time. max_parallel_os_upgrade_number = 20 # Role used to identify an authenticated user as administrator #admin_role = admin # Allow unauthenticated users to access the API with read-only # privileges. This only applies when using ContextMiddleware. #allow_anonymous_access = False # Allow access to version 1 of glance api #enable_v1_api = True # Allow access to version 2 of glance api #enable_v2_api = True # Return the URL that references where the data is stored on # the backend storage system. For example, if using the # file system store a URL of 'file:///path/to/image' will # be returned to the user in the 'direct_url' meta-data field. # The default value is false. #show_image_direct_url = False # Send headers containing user and tenant information when making requests to # the v1 glance registry. This allows the registry to function as if a user is # authenticated without the need to authenticate a user itself using the # auth_token middleware. # The default value is false. #send_identity_headers = False # Property Protections config file # This file contains the rules for property protections and the roles/policies # associated with it. # If this config value is not specified, by default, property protections # won't be enforced. # If a value is specified and the file is not found, then the glance-api # service will not start. #property_protection_file = # Specify whether 'roles' or 'policies' are used in the # property_protection_file. # The default value for property_protection_rule_format is 'roles'. #property_protection_rule_format = roles # Public url to use for versions endpoint. The default is None, # which will use the request's host_url attribute to populate the URL base. # If Glance is operating behind a proxy, you will want to change this to # represent the proxy's URL. #public_endpoint= # http_keepalive option. If False, server will return the header # "Connection: close", If True, server will return "Connection: Keep-Alive" # in its responses. In order to close the client socket connection # explicitly after the response is sent and read successfully by the client, # you simply have to set this option to False when you create a wsgi server. #http_keepalive = True # ================= Syslog Options ============================ # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` #use_syslog = False # Facility to use. If unset defaults to LOG_USER. #syslog_log_facility = LOG_LOCAL0 # ================= SSL Options =============================== # Certificate file to use when starting API server securely #cert_file = /path/to/certfile # Private key file to use when starting API server securely #key_file = /path/to/keyfile # CA certificate file to use to verify connecting clients #ca_file = /path/to/cafile # ================= Security Options ========================== # AES key for encrypting store 'location' metadata, including # -- if used -- Swift or S3 credentials # Should be set to a random string of length 16, 24 or 32 bytes #metadata_encryption_key = <16, 24 or 32 char registry metadata key> # Digest algorithm which will be used for digital signature, the default is # sha1 in Kilo for a smooth upgrade process, and it will be updated with # sha256 in next release(L). Use command # "openssl list-message-digest-algorithms" to get the available algorithms # supported by the version of OpenSSL on the platform. Examples are 'sha1', # 'sha256', 'sha512', etc. #digest_algorithm = sha1 # ============ Registry Options =============================== # Address to find the registry server registry_host = 0.0.0.0 # Port the registry server is listening on registry_port = 19191 # What protocol to use when connecting to the registry server? # Set to https for secure HTTP communication registry_client_protocol = http # The path to the key file to use in SSL connections to the # registry server, if any. Alternately, you may set the # GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file #registry_client_key_file = /path/to/key/file # The path to the cert file to use in SSL connections to the # registry server, if any. Alternately, you may set the # GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file #registry_client_cert_file = /path/to/cert/file # The path to the certifying authority cert file to use in SSL connections # to the registry server, if any. Alternately, you may set the # GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file #registry_client_ca_file = /path/to/ca/file # When using SSL in connections to the registry server, do not require # validation via a certifying authority. This is the registry's equivalent of # specifying --insecure on the command line using glanceclient for the API # Default: False #registry_client_insecure = False # The period of time, in seconds, that the API server will wait for a registry # request to complete. A value of '0' implies no timeout. # Default: 600 #registry_client_timeout = 600 # Enable DEBUG log messages from sqlalchemy which prints every database # query and response. # Default: False #sqlalchemy_debug = True # Pass the user's token through for API requests to the registry. # Default: True #use_user_token = True # If 'use_user_token' is not in effect then admin credentials # can be specified. Requests to the registry on behalf of # the API will use these credentials. # Admin user name #admin_user = None # Admin password #admin_password = None # Admin tenant name #admin_tenant_name = None # Keystone endpoint #auth_url = None # Keystone region #auth_region = None # Auth strategy #auth_strategy = keystone # ============ Notification System Options ===================== # Driver or drivers to handle sending notifications. Set to # 'messaging' to send notifications to a message queue. # notification_driver = noop # Default publisher_id for outgoing notifications. # default_publisher_id = image.localhost # List of disabled notifications. A notification can be given either as a # notification type to disable a single event, or as a notification group # prefix to disable all events within a group. # Example: if this config option is set to # ["image.create", "metadef_namespace"], then "image.create" notification will # not be sent after image is created and none of the notifications for # metadefinition namespaces will be sent. # disabled_notifications = [] # Messaging driver used for 'messaging' notifications driver # rpc_backend = 'rabbit' # Configuration options if sending notifications via rabbitmq (these are # the defaults) rabbit_host = localhost rabbit_port = 5672 rabbit_use_ssl = false rabbit_userid = guest rabbit_password = guest rabbit_virtual_host = / rabbit_notification_exchange = glance rabbit_notification_topic = notifications rabbit_durable_queues = False # Configuration options if sending notifications via Qpid (these are # the defaults) qpid_notification_exchange = glance qpid_notification_topic = notifications qpid_hostname = localhost qpid_port = 5672 qpid_username = qpid_password = qpid_sasl_mechanisms = qpid_reconnect_timeout = 0 qpid_reconnect_limit = 0 qpid_reconnect_interval_min = 0 qpid_reconnect_interval_max = 0 qpid_reconnect_interval = 0 qpid_heartbeat = 5 # Set to 'ssl' to enable SSL qpid_protocol = tcp qpid_tcp_nodelay = True # ============ Delayed Delete Options ============================= # Turn on/off delayed delete delayed_delete = False # Delayed delete time in seconds scrub_time = 43200 # =============== Quota Options ================================== # The maximum number of image members allowed per image #image_member_quota = 128 # The maximum number of tags allowed per image #image_tag_quota = 128 # The maximum number of locations allowed per image #image_location_quota = 10 # Set a system wide quota for every user. This value is the total number # of bytes that a user can use across all storage systems. A value of # 0 means unlimited. #user_storage_quota = 0 # =============== Image Cache Options ============================= # Base directory that the Image Cache uses image_cache_dir = /var/lib/glance/image-cache/ # =============== Policy Options ================================== [oslo_policy] # The JSON file that defines policies. # Deprecated group/name - [DEFAULT]/policy_file #policy_file = policy.json # Default rule. Enforced when a requested rule is not found. # Deprecated group/name - [DEFAULT]/policy_default_rule #policy_default_rule = default # Directories where policy configuration files are stored. # They can be relative to any directory in the search path # defined by the config_dir option, or absolute paths. # The file defined by policy_file must exist for these # directories to be searched. # Deprecated group/name - [DEFAULT]/policy_dirs #policy_dirs = policy.d # =============== Database Options ================================= [database] # The file name to use with SQLite (string value) #sqlite_db = oslo.sqlite # If True, SQLite uses synchronous mode (boolean value) #sqlite_synchronous = True # The backend to use for db (string value) # Deprecated group/name - [DEFAULT]/db_backend #backend = sqlalchemy # The SQLAlchemy connection string used to connect to the # database (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To # use whatever SQL mode is set by the server configuration, # set this to no value. Example: mysql_sql_mode= (string # value) #mysql_sql_mode = TRADITIONAL # Timeout before idle sql connections are reaped (integer # value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout #idle_timeout = 3600 # Minimum number of SQL connections to keep open in a pool # (integer value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size #min_pool_size = 1 # Maximum number of SQL connections to keep open in a pool # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size = # Maximum db connection retries during startup. (setting -1 # implies an infinite retry count) (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries = 10 # Interval between retries of opening a sql connection # (integer value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval #retry_interval = 10 # If set, use this value for max_overflow with sqlalchemy # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow #max_overflow = # Verbosity of SQL debugging information. 0=None, # 100=Everything (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug #connection_debug = 0 # Add python stack traces to SQL as comment strings (boolean # value) # Deprecated group/name - [DEFAULT]/sql_connection_trace #connection_trace = False # If set, use this value for pool_timeout with sqlalchemy # (integer value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout #pool_timeout = # Enable the experimental use of database reconnect on # connection lost (boolean value) #use_db_reconnect = False # seconds between db connection retries (integer value) #db_retry_interval = 1 # Whether to increase interval between db connection retries, # up to db_max_retry_interval (boolean value) #db_inc_retry_interval = True # max seconds between db connection retries, if # db_inc_retry_interval is enabled (integer value) #db_max_retry_interval = 10 # maximum db connection retries before error is raised. # (setting -1 implies an infinite retry count) (integer value) #db_max_retries = 20 [oslo_concurrency] # Enables or disables inter-process locks. (boolean value) # Deprecated group/name - [DEFAULT]/disable_process_locking #disable_process_locking = false [keystone_authtoken] identity_uri = http://127.0.0.1:35357 admin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD% revocation_cache_time = 10 [paste_deploy] # Name of the paste configuration file that defines the available pipelines #config_file = glance-api-paste.ini # Partial name of a pipeline in your paste configuration file with the # service name removed. For example, if your paste section name is # [pipeline:glance-api-keystone], you would configure the flavor below # as 'keystone'. #flavor= [profiler] # If False fully disable profiling feature. #enabled = False # If False doesn't trace SQL requests. #trace_sqlalchemy = False [task] # ================= Glance Tasks Options ============================ # Specifies how long (in hours) a task is supposed to live in the tasks DB # after succeeding or failing before getting soft-deleted. # The default value for task_time_to_live is 48 hours. # task_time_to_live = 48 # Specifies which task executor to be used to run the task scripts. # The default value for task_executor is taskflow. # task_executor = taskflow # Work dir for asynchronous task operations. The directory set here # will be used to operate over images - normally before they are # imported in the destination store. When providing work dir, make sure # enough space is provided for concurrent tasks to run efficiently # without running out of space. A rough estimation can be done by # multiplying the number of `max_workers` - or the N of workers running # - by an average image size (e.g 500MB). The image size estimation # should be done based on the average size in your deployment. Note that # depending on the tasks running you may need to multiply this number by # some factor depending on what the task does. For example, you may want # to double the available size if image conversion is enabled. All this # being said, remember these are just estimations and you should do them # based on the worst case scenario and be prepared to act in case they # were wrong. # work_dir=None # Specifies the maximum number of eventlet threads which can be spun up by # the eventlet based task executor to perform execution of Glance tasks. # DEPRECATED: Use [taskflow_executor]/max_workers instead. # eventlet_executor_pool_size = 1000 [taskflow_executor] # The mode in which the engine will run. Can be 'default', 'serial', # 'parallel' or 'worker-based' #engine_mode = serial # The number of parallel activities executed at the same time by # the engine. The value can be greater than one when the engine mode is # 'parallel' or 'worker-based', otherwise this value will be ignored. #max_workers = 10