glance-scrubber.conf

DEFAULT

allow_additional_image_properties

Type:boolean Default:true

Whether to allow users to specify image properties beyond what the image schema provides

image_member_quota

Type:integer Default:128

Maximum number of image members per image. This limits the maximum of users an image can be shared with. Any negative value is interpreted as unlimited. Related options: * None

image_property_quota

Type:integer Default:128

Maximum number of properties allowed on an image. This enforces an upper limit on the number of additional properties an image can have. Any negative value is interpreted as unlimited. NOTE: This won’t have any impact if additional properties are disabled. Please refer to allow_additional_image_properties. Related options: * allow_additional_image_properties

image_tag_quota

Type:integer Default:128

Maximum number of tags allowed on an image. Any negative value is interpreted as unlimited. Related options: * None

image_location_quota

Type:integer Default:10

Maximum number of locations allowed on an image. Any negative value is interpreted as unlimited. Related options: * None

data_api

Type:string Default:glance.db.sqlalchemy.api

Python module path of data access API

limit_param_default

Type:integer Default:25

Default value for the number of items returned by a request if not specified explicitly in the request

api_limit_max

Type:integer Default:1000

Maximum permissible number of items that could be returned by a request

show_image_direct_url

Type:boolean Default:false

Whether to include the backend image storage location in image properties. Revealing storage location can be a security risk, so use this setting with caution!

show_multiple_locations

Type:boolean Default:false

Whether to include the backend image locations in image properties. For example, if using the file system store a URL of “file:///path/to/image” will be returned to the user in the ‘direct_url’ meta-data field. Revealing storage location can be a security risk, so use this setting with caution! Setting this to true overrides the show_image_direct_url option.

image_size_cap

Type:integer Default:1099511627776 Maximum Value:9223372036854775808

Maximum size of image a user can upload in bytes. Defaults to 1099511627776 bytes (1 TB).WARNING: this value should only be increased after careful consideration and must be set to a value under 8 EB (9223372036854775808).

user_storage_quota

Type:string Default:0

Maximum amount of image storage per tenant. This enforces an upper limit on the cumulative storage consumed by all images of a tenant across all stores. This is a per-tenant limit. The default unit for this configuration option is Bytes. However, storage units can be specified using case-sensitive literals B, KB, MB, GB and TB representing Bytes, KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. Note that there should not be any space between the value and unit. Value 0 signifies no quota enforcement. Negative values are invalid and result in errors. Possible values: * A string that is a valid concatenation of a non-negative integer representing the storage value and an optional string literal representing storage units as mentioned above. Related options: * None

enable_v1_api

Type:boolean Default:true

Deploy the v1 OpenStack Images API. When this option is set to True, Glance service will respond to requests on registered endpoints conforming to the v1 OpenStack Images API. NOTES: * If this option is enabled, then enable_v1_registry must also be set to True to enable mandatory usage of Registry service with v1 API. * If this option is disabled, then the enable_v1_registry option, which is enabled by default, is also recommended to be disabled. * This option is separate from enable_v2_api, both v1 and v2 OpenStack Images API can be deployed independent of each other. * If deploying only the v2 Images API, this option, which is enabled by default, should be disabled. Possible values: * True * False Related options: * enable_v1_registry * enable_v2_api

enable_v2_api

Type:boolean Default:true

Deploy the v2 OpenStack Images API. When this option is set to True, Glance service will respond to requests on registered endpoints conforming to the v2 OpenStack Images API. NOTES: * If this option is disabled, then the enable_v2_registry option, which is enabled by default, is also recommended to be disabled. * This option is separate from enable_v1_api, both v1 and v2 OpenStack Images API can be deployed independent of each other. * If deploying only the v1 Images API, this option, which is enabled by default, should be disabled. Possible values: * True * False Related options: * enable_v2_registry * enable_v1_api

enable_v1_registry

Type:boolean Default:true

Deploy the v1 API Registry service. When this option is set to True, the Registry service will be enabled in Glance for v1 API requests. NOTES: * Use of Registry is mandatory in v1 API, so this option must be set to True if the enable_v1_api option is enabled. * If deploying only the v2 OpenStack Images API, this option, which is enabled by default, should be disabled. Possible values: * True * False Related options: * enable_v1_api

enable_v2_registry

Type:boolean Default:true

Deploy the v2 API Registry service. When this option is set to True, the Registry service will be enabled in Glance for v2 API requests. NOTES: * Use of Registry is optional in v2 API, so this option must only be enabled if both enable_v2_api is set to True and the data_api option is set to glance.db.registry.api. * If deploying only the v1 OpenStack Images API, this option, which is enabled by default, should be disabled. Possible values: * True * False Related options: * enable_v2_api * data_api

pydev_worker_debug_host

Type:string Default:<None>

The hostname/IP of the pydev process listening for debug connections

pydev_worker_debug_port

Type:unknown type Default:5678 Minimum Value:0 Maximum Value:65535

The port on which a pydev process is listening for connections.

metadata_encryption_key

Type:string Default:<None>

AES key for encrypting store ‘location’ metadata. This includes, if used, Swift credentials. Should be set to a random string of length 16, 24 or 32 bytes

digest_algorithm

Type:string Default:sha256

Digest algorithm which will be used for digital signature. Use the command “openssl list-message-digest-algorithms” to get the available algorithms supported by the version of OpenSSL on the platform. Examples are “sha1”, “sha256”, “sha512”, etc.

scrub_time

Type:integer Default:0 Minimum Value:0

The amount of time, in seconds, to delay image scrubbing. When delayed delete is turned on, an image is put into pending_delete state upon deletion until the scrubber deletes its image data. Typically, soon after the image is put into pending_delete state, it is available for scrubbing. However, scrubbing can be delayed until a later point using this configuration option. This option denotes the time period an image spends in pending_delete state before it is available for scrubbing. It is important to realize that this has storage implications. The larger the scrub_time, the longer the time to reclaim backend storage from deleted images. Possible values: * Any non-negative integer Related options: * delayed_delete

scrub_pool_size

Type:integer Default:1 Minimum Value:1

The size of thread pool to be used for scrubbing images. When there are a large number of images to scrub, it is beneficial to scrub images in parallel so that the scrub queue stays in control and the backend storage is reclaimed in a timely fashion. This configuration option denotes the maximum number of images to be scrubbed in parallel. The default value is one, which signifies serial scrubbing. Any value above one indicates parallel scrubbing. Possible values: * Any non-zero positive integer Related options: * delayed_delete

delayed_delete

Type:boolean Default:false

Turn on/off delayed delete. Typically when an image is deleted, the glance-api service puts the image into deleted state and deletes its data at the same time. Delayed delete is a feature in Glance that delays the actual deletion of image data until a later point in time (as determined by the configuration option scrub_time). When delayed delete is turned on, the glance-api service puts the image into pending_delete state upon deletion and leaves the image data in the storage backend for the image scrubber to delete at a later time. The image scrubber will move the image into deleted state upon successful deletion of image data. NOTE: When delayed delete is turned on, image scrubber MUST be running as a periodic task to prevent the backend storage from filling up with undesired usage. Possible values: * True * False Related options: * scrub_time * wakeup_time * scrub_pool_size

admin_role

Type:string Default:admin

Role used to identify an authenticated user as administrator. Provide a string value representing a Keystone role to identify an administrative user. Users with this role will be granted administrative privileges. The default value for this option is ‘admin’. Possible values: * A string value which is a valid Keystone role Related options: * None

send_identity_headers

Type:boolean Default:false

Whether to pass through headers containing user and tenant information when making requests to the registry. This allows the registry to use the context middleware without keystonemiddleware’s auth_token middleware, removing calls to the keystone auth service. It is recommended that when using this option, secure communication between glance api and glance registry is ensured by means other than auth_token middleware.

wakeup_time

Type:integer Default:300 Minimum Value:0

Time interval, in seconds, between scrubber runs in daemon mode. Scrubber can be run either as a cron job or daemon. When run as a daemon, this configuration time specifies the time period between two runs. When the scrubber wakes up, it fetches and scrubs all pending_delete images that are available for scrubbing after taking scrub_time into consideration. If the wakeup time is set to a large number, there may be a large number of images to be scrubbed for each run. Also, this impacts how quickly the backend storage is reclaimed. Possible values: * Any non-negative integer Related options: * daemon * delayed_delete

daemon

Type:boolean Default:false

Run scrubber as a daemon. This boolean configuration option indicates whether scrubber should run as a long-running process that wakes up at regular intervals to scrub images. The wake up interval can be specified using the configuration option wakeup_time. If this configuration option is set to False, which is the default value, scrubber runs once to scrub images and exits. In this case, if the operator wishes to implement continuous scrubbing of images, scrubber needs to be scheduled as a cron job. Possible values: * True * False Related options: * wakeup_time

registry_client_protocol

Type:string Default:http

The protocol to use for communication with the registry server. Either http or https.

registry_client_key_file

Type:string Default:<None>

The path to the key file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE environment variable to a filepath of the key file

registry_client_cert_file

Type:string Default:<None>

The path to the cert file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE environment variable to a filepath of the CA cert file

registry_client_ca_file

Type:string Default:<None>

The path to the certifying authority cert file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the CA cert file.

registry_client_insecure

Type:boolean Default:false

When using SSL in connections to the registry server, do not require validation via a certifying authority. This is the registry’s equivalent of specifying –insecure on the command line using glanceclient for the API.

registry_client_timeout

Type:integer Default:600

The period of time, in seconds, that the API server will wait for a registry request to complete. A value of 0 implies no timeout.

use_user_token

Type:boolean Default:true

Whether to pass through the user token when making requests to the registry. To prevent failures with token expiration during big files upload, it is recommended to set this parameter to False.If “use_user_token” is not in effect, then admin credentials can be specified.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.

admin_user

Type:string Default:<None>

The administrators user name. If “use_user_token” is not in effect, then admin credentials can be specified.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.

admin_password

Type:string Default:<None>

The administrators password. If “use_user_token” is not in effect, then admin credentials can be specified.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.

admin_tenant_name

Type:string Default:<None>

The tenant name of the administrative user. If “use_user_token” is not in effect, then admin tenant name can be specified.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.

auth_url

Type:string Default:<None>

The URL to the keystone service. If “use_user_token” is not in effect and using keystone auth, then URL of keystone can be specified.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.

auth_strategy

Type:string Default:noauth

The strategy to use for authentication. If “use_user_token” is not in effect, then auth strategy can be specified.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.

auth_region

Type:string Default:<None>

The region for the authentication service. If “use_user_token” is not in effect and using keystone auth, then region name can be specified.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.

registry_host

Type:string Default:0.0.0.0

Address the registry server is hosted on. Possible values: * A valid IP or hostname Related options: * None

registry_port

Type:unknown type Default:9191 Minimum Value:0 Maximum Value:65535

Port the registry server is listening on. Possible values: * A valid port number Related options: * None

debug

Type:boolean Default:false Mutable:This option can be changed without restarting.

If set to true, the logging level will be set to DEBUG instead of the default INFO level.

verbose

Type:boolean Default:true

If set to false, the logging level will be set to WARNING instead of the default INFO level.

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

log_config_append

Type:string Default:<None> Mutable:This option can be changed without restarting.

The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, logging_context_format_string).

Deprecated Variations

Group	Name
DEFAULT	log_config

log_date_format

Type:string Default:%Y-%m-%d %H:%M:%S

Defines the format string for %(asctime)s in log records. Default: the value above . This option is ignored if log_config_append is set.

log_file

Type:string Default:<None>

(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.

Deprecated Variations

Group	Name
DEFAULT	logfile

log_dir

Type:string Default:<None>

(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.

Deprecated Variations

Group	Name
DEFAULT	logdir

watch_log_file

Type:boolean Default:false

Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.

use_syslog

Type:boolean Default:false

Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.

syslog_log_facility

Type:string Default:LOG_USER

Syslog facility to receive log lines. This option is ignored if log_config_append is set.

use_stderr

Type:boolean Default:true

Log output to standard error. This option is ignored if log_config_append is set.

logging_context_format_string

Type:string Default:%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s

Format string to use for log messages with context.

logging_default_format_string

Type:string Default:%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s

Format string to use for log messages when context is undefined.

logging_debug_format_suffix

Type:string Default:%(funcName)s %(pathname)s:%(lineno)d

Additional data to append to log message when logging level for the message is DEBUG.

logging_exception_prefix

Type:string Default:%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s

Prefix each line of exception output with this format.

logging_user_identity_format

Type:string Default:%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s

Defines the format string for %(user_identity)s that is used in logging_context_format_string.

default_log_levels

Type:list Default:amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO

List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.

publish_errors

Type:boolean Default:false

Enables or disables publication of error events.

instance_format

Type:string Default:"[instance: %(uuid)s] "

The format for an instance that is passed with the log message.

instance_uuid_format

Type:string Default:"[instance: %(uuid)s] "

The format for an instance UUID that is passed with the log message.

fatal_deprecations

Type:boolean Default:false

Enables or disables fatal status of deprecations.

database

sqlite_db

Type:string Default:oslo.sqlite

The file name to use with SQLite.

Deprecated Variations

Group	Name
DEFAULT	sqlite_db

Warning

This option is deprecated for removal. Its value may be silently ignored in the future.

Reason:Should use config option connection or slave_connection to connect the database.

sqlite_synchronous

Type:boolean Default:true

If True, SQLite uses synchronous mode.

Deprecated Variations

Group	Name
DEFAULT	sqlite_synchronous

backend

Type:string Default:sqlalchemy

The back end to use for the database.

Deprecated Variations

Group	Name
DEFAULT	db_backend

connection

Type:string Default:<None>

The SQLAlchemy connection string to use to connect to the database.

Deprecated Variations

Group	Name
DEFAULT	sql_connection
DATABASE	sql_connection
sql	connection

slave_connection

Type:string Default:<None>

The SQLAlchemy connection string to use to connect to the slave database.

mysql_sql_mode

Type:string Default:TRADITIONAL

The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=

idle_timeout

Type:integer Default:3600

Timeout before idle SQL connections are reaped.

Deprecated Variations

Group	Name
DEFAULT	sql_idle_timeout
DATABASE	sql_idle_timeout
sql	idle_timeout

min_pool_size

Type:integer Default:1

Minimum number of SQL connections to keep open in a pool.

Deprecated Variations

Group	Name
DEFAULT	sql_min_pool_size
DATABASE	sql_min_pool_size

max_pool_size

Type:integer Default:5

Maximum number of SQL connections to keep open in a pool. Setting a value of 0 indicates no limit.

Deprecated Variations

Group	Name
DEFAULT	sql_max_pool_size
DATABASE	sql_max_pool_size

max_retries

Type:integer Default:10

Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.

Deprecated Variations

Group	Name
DEFAULT	sql_max_retries
DATABASE	sql_max_retries

retry_interval

Type:integer Default:10

Interval between retries of opening a SQL connection.

Deprecated Variations

Group	Name
DEFAULT	sql_retry_interval
DATABASE	reconnect_interval

max_overflow

Type:integer Default:50

If set, use this value for max_overflow with SQLAlchemy.

Deprecated Variations

Group	Name
DEFAULT	sql_max_overflow
DATABASE	sqlalchemy_max_overflow

connection_debug

Type:integer Default:0 Minimum Value:0 Maximum Value:100

Verbosity of SQL debugging information: 0=None, 100=Everything.

Deprecated Variations

Group	Name
DEFAULT	sql_connection_debug

connection_trace

Type:boolean Default:false

Add Python stack traces to SQL as comment strings.

Deprecated Variations

Group	Name
DEFAULT	sql_connection_trace

pool_timeout

Type:integer Default:<None>

If set, use this value for pool_timeout with SQLAlchemy.

Deprecated Variations

Group	Name
DATABASE	sqlalchemy_pool_timeout

use_db_reconnect

Type:boolean Default:false

Enable the experimental use of database reconnect on connection lost.

db_retry_interval

Type:integer Default:1

Seconds between retries of a database transaction.

db_inc_retry_interval

Type:boolean Default:true

If True, increases the interval between retries of a database operation up to db_max_retry_interval.

db_max_retry_interval

Type:integer Default:10

If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.

db_max_retries

Type:integer Default:20

Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.

use_tpool

Type:boolean Default:false

Enable the experimental use of thread pooling for all DB API calls

Deprecated Variations

Group	Name
DEFAULT	dbapi_use_tpool

glance_store

stores

Type:list Default:file,http

List of stores enabled. Valid stores are: cinder, file, http, rbd, sheepdog, swift, s3, vsphere

default_store

Type:string Default:file

Default scheme to use to store image data. The scheme must be registered by one of the stores defined by the ‘stores’ config option.

store_capabilities_update_min_interval

Type:integer Default:0

Minimum interval seconds to execute updating dynamic storage capabilities based on backend status then. It’s not a periodic routine, the update logic will be executed only when interval seconds elapsed and an operation of store has triggered. The feature will be enabled only when the option value greater then zero.

sheepdog_store_chunk_size

Type:integer Default:64

Images will be chunked into objects of this size (in megabytes). For best performance, this should be a power of two.

sheepdog_store_port

Type:integer Default:7000

Port of sheep daemon.

sheepdog_store_address

Type:string Default:localhost

IP address of sheep daemon.

rbd_store_chunk_size

Type:integer Default:8

RADOS images will be chunked into objects of this size (in megabytes). For best performance, this should be a power of two.

rbd_store_pool

Type:string Default:images

RADOS pool in which images are stored.

rbd_store_user

Type:string Default:<None>

RADOS user to authenticate as (only applicable if using Cephx. If <None>, a default will be chosen based on the client. section in rbd_store_ceph_conf)

rbd_store_ceph_conf

Type:string Default:/etc/ceph/ceph.conf

Ceph configuration file path. If <None>, librados will locate the default config. If using cephx authentication, this file should include a reference to the right keyring in a client.<USER> section

rados_connect_timeout

Type:integer Default:0

Timeout value (in seconds) used when connecting to ceph cluster. If value <= 0, no timeout is set and default librados value is used.

https_ca_certificates_file

Type:string Default:<None>

Specify the path to the CA bundle file to use in verifying the remote server certificate.

https_insecure

Type:boolean Default:true

If true, the remote server certificate is not verified. If false, then the default CA truststore is used for verification. This option is ignored if “https_ca_certificates_file” is set.

http_proxy_information

Type:dict Default:

Specify the http/https proxy information that should be used to connect to the remote server. The proxy information should be a key value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can specify proxies for multiple schemes by seperating the key value pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.

filesystem_store_datadir

Type:string Default:/var/lib/glance/images

Directory to which the Filesystem backend store writes images.

filesystem_store_datadirs

Type:multi-valued Default:

List of directories and its priorities to which the Filesystem backend store writes images.

filesystem_store_metadata_file

Type:string Default:<None>

The path to a file which contains the metadata to be returned with any location associated with this store. The file must contain a valid JSON object. The object should contain the keys ‘id’ and ‘mountpoint’. The value for both keys should be ‘string’.

filesystem_store_file_perm

Type:integer Default:0

The required permission for created image file. In this way the user other service used, e.g. Nova, who consumes the image could be the exclusive member of the group that owns the files created. Assigning it less then or equal to zero means don’t change the default permission of the file. This value will be decoded as an octal digit.

s3_store_host

Type:string Default:<None>

The host where the S3 server is listening.

s3_store_access_key

Type:string Default:<None>

The S3 query token access key.

s3_store_secret_key

Type:string Default:<None>

The S3 query token secret key.

s3_store_bucket

Type:string Default:<None>

The S3 bucket to be used to store the Glance data.

s3_store_object_buffer_dir

Type:string Default:<None>

The local directory where uploads will be staged before they are transferred into S3.

s3_store_create_bucket_on_put

Type:boolean Default:false

A boolean to determine if the S3 bucket should be created on upload if it does not exist or if an error should be returned to the user.

s3_store_bucket_url_format

Type:string Default:subdomain

The S3 calling format used to determine the bucket. Either subdomain or path can be used.

s3_store_large_object_size

Type:integer Default:100

What size, in MB, should S3 start chunking image files and do a multipart upload in S3.

s3_store_large_object_chunk_size

Type:integer Default:10

What multipart upload part size, in MB, should S3 use when uploading parts. The size must be greater than or equal to 5M.

s3_store_thread_pools

Type:integer Default:10

The number of thread pools to perform a multipart upload in S3.

s3_store_enable_proxy

Type:boolean Default:false

Enable the use of a proxy.

s3_store_proxy_host

Type:string Default:<None>

Address or hostname for the proxy server.

s3_store_proxy_port

Type:integer Default:8080

The port to use when connecting over a proxy.

s3_store_proxy_user

Type:string Default:<None>

The username to connect to the proxy.

s3_store_proxy_password

Type:string Default:<None>

The password to use when connecting over a proxy.

vmware_server_host

Type:string Default:<None>

ESX/ESXi or vCenter Server target system. The server value can be an IP address or a DNS name.

vmware_server_username

Type:string Default:<None>

Username for authenticating with VMware ESX/VC server.

vmware_server_password

Type:string Default:<None>

Password for authenticating with VMware ESX/VC server.

vmware_api_retry_count

Type:integer Default:10

Number of times VMware ESX/VC server API must be retried upon connection related issues.

vmware_task_poll_interval

Type:integer Default:5

The interval used for polling remote tasks invoked on VMware ESX/VC server.

vmware_store_image_dir

Type:string Default:/openstack_glance

The name of the directory where the glance images will be stored in the VMware datastore.

vmware_insecure

Type:boolean Default:false

If true, the ESX/vCenter server certificate is not verified. If false, then the default CA truststore is used for verification. This option is ignored if “vmware_ca_file” is set.

Deprecated Variations

Group	Name
glance_store	vmware_api_insecure

vmware_ca_file

Type:string Default:<None>

Specify a CA bundle file to use in verifying the ESX/vCenter server certificate.

vmware_datastores

Type:multi-valued Default:

A list of datastores where the image can be stored. This option may be specified multiple times for specifying multiple datastores. The datastore name should be specified after its datacenter path, seperated by ”:”. An optional weight may be given after the datastore name, seperated again by ”:”. Thus, the required format becomes <datacenter_path>:<datastore_name>:<optional_weight>. When adding an image, the datastore with highest weight will be selected, unless there is not enough free space available in cases where the image size is already known. If no weight is given, it is assumed to be zero and the directory will be considered for selection last. If multiple datastores have the same weight, then the one with the most free space available is selected.

cinder_catalog_info

Type:string Default:volumev2::publicURL

Info to match when looking for cinder in the service catalog. Format is : separated values of the form: <service_type>:<service_name>:<endpoint_type>

cinder_endpoint_template

Type:string Default:<None>

Override service catalog lookup with template for cinder endpoint e.g. http://localhost:8776/v2/%(tenant)s

cinder_os_region_name

Type:string Default:<None>

Region name of this node. If specified, it will be used to locate OpenStack services for stores.

Deprecated Variations

Group	Name
glance_store	os_region_name

cinder_ca_certificates_file

Type:string Default:<None>

Location of ca certicates file to use for cinder client requests.

cinder_http_retries

Type:integer Default:3

Number of cinderclient retries on failed http calls

cinder_state_transition_timeout

Type:integer Default:300

Time period of time in seconds to wait for a cinder volume transition to complete.

cinder_api_insecure

Type:boolean Default:false

Allow to perform insecure SSL requests to cinder

cinder_store_auth_address

Type:string Default:<None>

The address where the Cinder authentication service is listening. If <None>, the cinder endpoint in the service catalog is used.

cinder_store_user_name

Type:string Default:<None>

User name to authenticate against Cinder. If <None>, the user of current context is used.

cinder_store_password

Type:string Default:<None>

Password for the user authenticating against Cinder. If <None>, the current context auth token is used.

cinder_store_project_name

Type:string Default:<None>

Project name where the image is stored in Cinder. If <None>, the project in current context is used.

rootwrap_config

Type:string Default:/etc/glance/rootwrap.conf

Path to the rootwrap configuration file to use for running commands as root.

swift_store_auth_insecure

Type:boolean Default:false

If True, swiftclient won’t check for a valid SSL certificate when authenticating.

swift_store_cacert

Type:string Default:<None>

A string giving the CA certificate file to use in SSL connections for verifying certs.

swift_store_region

Type:string Default:<None>

The region of the swift endpoint to be used for single tenant. This setting is only necessary if the tenant has multiple swift endpoints.

swift_store_endpoint

Type:string Default:<None>

If set, the configured endpoint will be used. If None, the storage url from the auth response will be used.

swift_store_endpoint_type

Type:string Default:publicURL

A string giving the endpoint type of the swift service to use (publicURL, adminURL or internalURL). This setting is only used if swift_store_auth_version is 2.

swift_store_service_type

Type:string Default:object-store

A string giving the service type of the swift service to use. This setting is only used if swift_store_auth_version is 2.

swift_store_container

Type:string Default:glance

Container within the account that the account should use for storing images in Swift when using single container mode. In multiple container mode, this will be the prefix for all containers.

swift_store_large_object_size

Type:integer Default:5120

The size, in MB, that Glance will start chunking image files and do a large object manifest in Swift.

swift_store_large_object_chunk_size

Type:integer Default:200

The amount of data written to a temporary disk buffer during the process of chunking the image file.

swift_store_create_container_on_put

Type:boolean Default:false

A boolean value that determines if we create the container if it does not exist.

swift_store_multi_tenant

Type:boolean Default:false

If set to True, enables multi-tenant storage mode which causes Glance images to be stored in tenant specific Swift accounts.

swift_store_multiple_containers_seed

Type:integer Default:0

When set to 0, a single-tenant store will only use one container to store all images. When set to an integer value between 1 and 32, a single-tenant store will use multiple containers to store images, and this value will determine how many containers are created.Used only when swift_store_multi_tenant is disabled. The total number of containers that will be used is equal to 16^N, so if this config option is set to 2, then 16^2=256 containers will be used to store images.

swift_store_admin_tenants

Type:list Default:

A list of tenants that will be granted read/write access on all Swift containers created by Glance in multi-tenant mode.

swift_store_ssl_compression

Type:boolean Default:true

If set to False, disables SSL layer compression of https swift requests. Setting to False may improve performance for images which are already in a compressed format, eg qcow2.

swift_store_retry_get_count

Type:integer Default:0

The number of times a Swift download will be retried before the request fails.

swift_store_expire_soon_interval

Type:integer Default:60

The period of time (in seconds) before token expirationwhen glance_store will try to reques new user token. Default value 60 sec means that if token is going to expire in 1 min then glance_store request new user token.

swift_store_use_trusts

Type:boolean Default:true

If set to True create a trust for each add/get request to Multi-tenant store in order to prevent authentication token to be expired during uploading/downloading data. If set to False then user token is used for Swift connection (so no overhead on trust creation). Please note that this option is considered only and only if swift_store_multi_tenant=True

default_swift_reference

Type:string Default:ref1

The reference to the default swift account/backing store parameters to use for adding new images.

swift_store_auth_version

Type:string Default:2

Version of the authentication service to use. Valid versions are 2 and 3 for keystone and 1 (deprecated) for swauth and rackspace. (deprecated - use “auth_version” in swift_store_config_file)

swift_store_auth_address

Type:string Default:<None>

The address where the Swift authentication service is listening. (deprecated - use “auth_address” in swift_store_config_file)

swift_store_user

Type:string Default:<None>

The user to authenticate against the Swift authentication service (deprecated - use “user” in swift_store_config_file)

swift_store_key

Type:string Default:<None>

Auth key for the user authenticating against the Swift authentication service. (deprecated - use “key” in swift_store_config_file)

swift_store_config_file

Type:string Default:<None>

The config file that has the swift account(s)configs.

oslo_concurrency

disable_process_locking

Type:boolean Default:false

Enables or disables inter-process locks.

Deprecated Variations

Group	Name
DEFAULT	disable_process_locking

lock_path

Type:string Default:<None>

Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set.

Deprecated Variations

Group	Name
DEFAULT	lock_path

oslo_policy

policy_file

Type:string Default:policy.json

The JSON file that defines policies.

Deprecated Variations

Group	Name
DEFAULT	policy_file

policy_default_rule

Type:string Default:default

Default rule. Enforced when a requested rule is not found.

Deprecated Variations

Group	Name
DEFAULT	policy_default_rule

policy_dirs

Type:multi-valued Default:policy.d

Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.

Deprecated Variations

Group	Name
DEFAULT	policy_dirs