OpenStack: Install default configuration files

Add the default configuration files for Keystone, Nova,
Neutron, Glance, Cinder, Swift, Ceilometer, Ironic and Tempest.

Also install configuration files which will are not going to be modified
in the following commit, in the post-install-commands for the chunk; as
opposite to having them laying around in the repo and installing them
with the install-files configuration extension.

Note:
  - Some configuration files have been created using commands given in
    their documentations or they .conf.sample files.
  - To generate cinder.conf use the following command on the top of the
    cinder repository:
    ./tools/config/generate_sample.sh -b . -p cinder -o etc/cinder
  - Nova.conf has been taken from:
    http://pkgs.fedoraproject.org/cgit/openstack-nova.git/tree/nova.conf.sample
    commit 69755b4a072edff0957ee256290395600edbab9e
  - tempest.conf has been taken from the tag version '4'.

Signed-off-by: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk>
Signed-off-by: Patrick Darley <patrick.darley@codethink.co.uk>
Signed-off-by: Tiago Gomes <tiago.gomes@codethink.co.uk>

Change-Id: Id26886aaaa9edd8509412615a65e681d5c8117ed

9 files changed, 213 insertions, 629 deletions

diff --git a/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini b/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini
deleted file mode 100644
index 86a4cdb1..00000000
--- a/install-files/openstack/usr/share/openstack/glance/glance-api-paste.ini
+++ /dev/null
@@ -1,77 +0,0 @@
-# Use this pipeline for no auth or image caching - DEFAULT
-[pipeline:glance-api]
-pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
-
-# Use this pipeline for image caching and no auth
-[pipeline:glance-api-caching]
-pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp
-
-# Use this pipeline for caching w/ management interface but no auth
-[pipeline:glance-api-cachemanagement]
-pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
-
-# Use this pipeline for keystone auth
-[pipeline:glance-api-keystone]
-pipeline = versionnegotiation osprofiler authtoken context  rootapp
-
-# Use this pipeline for keystone auth with image caching
-[pipeline:glance-api-keystone+caching]
-pipeline = versionnegotiation osprofiler authtoken context cache rootapp
-
-# Use this pipeline for keystone auth with caching and cache management
-[pipeline:glance-api-keystone+cachemanagement]
-pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp
-
-# Use this pipeline for authZ only. This means that the registry will treat a
-# user as authenticated without making requests to keystone to reauthenticate
-# the user.
-[pipeline:glance-api-trusted-auth]
-pipeline = versionnegotiation osprofiler context rootapp
-
-# Use this pipeline for authZ only. This means that the registry will treat a
-# user as authenticated without making requests to keystone to reauthenticate
-# the user and uses cache management
-[pipeline:glance-api-trusted-auth+cachemanagement]
-pipeline = versionnegotiation osprofiler context cache cachemanage rootapp
-
-[composite:rootapp]
-paste.composite_factory = glance.api:root_app_factory
-/: apiversions
-/v1: apiv1app
-/v2: apiv2app
-
-[app:apiversions]
-paste.app_factory = glance.api.versions:create_resource
-
-[app:apiv1app]
-paste.app_factory = glance.api.v1.router:API.factory
-
-[app:apiv2app]
-paste.app_factory = glance.api.v2.router:API.factory
-
-[filter:versionnegotiation]
-paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
-
-[filter:cache]
-paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
-
-[filter:cachemanage]
-paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
-
-[filter:context]
-paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
-
-[filter:unauthenticated-context]
-paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
-
-[filter:authtoken]
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-delay_auth_decision = true
-
-[filter:gzip]
-paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
-
-[filter:osprofiler]
-paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
-hmac_keys = SECRET_KEY
-enabled = yes
diff --git a/install-files/openstack/usr/share/openstack/glance/glance-api.conf b/install-files/openstack/usr/share/openstack/glance/glance-api.conf
index 39257a6d..6e85cbb5 100644
--- a/install-files/openstack/usr/share/openstack/glance/glance-api.conf
+++ b/install-files/openstack/usr/share/openstack/glance/glance-api.conf
@@ -5,12 +5,6 @@
 # Show debugging output in logs (sets DEBUG log level output)
 #debug = False
 
-# Which backend scheme should Glance use by default is not specified
-# in a request to add a new image to Glance? Known schemes are determined
-# by the known_stores option below.
-# Default: 'file'
-default_store = file
-
 # Maximum image size (in bytes) that may be uploaded through the
 # Glance API server. Defaults to 1 TB.
 # WARNING: this value should only be increased after careful consideration
@@ -18,7 +12,7 @@ default_store = file
 #image_size_cap = 1099511627776
 
 # Address to bind the API server
-bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
+bind_host = 0.0.0.0
 
 # Port the bind the API server to
 bind_port = 9292
@@ -28,7 +22,7 @@ bind_port = 9292
 #
 # If `log_file` is omitted and `use_syslog` is false, then log messages are
 # sent to stdout as a fallback.
-# log_file = /var/log/glance/api.log
+log_file = /var/log/glance/api.log
 
 # Backlog requests when creating socket
 backlog = 4096
@@ -85,11 +79,6 @@ backlog = 4096
 # Supported values for the 'disk_format' image attribute
 #disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso
 
-# Directory to use for lock files. Default to a temp directory
-# (string value). This setting needs to be the same for both
-# glance-scrubber and glance-api.
-#lock_path=<None>
-
 # Property Protections config file
 # This file contains the rules for property protections and the roles/policies
 # associated with it.
@@ -109,11 +98,25 @@ backlog = 4096
 # and 'store_type'.
 #location_strategy = location_order
 
+
+# Public url to use for versions endpoint. The default is None,
+# which will use the request's host_url attribute to populate the URL base.
+# If Glance is operating behind a proxy, you will want to change this to
+# represent the proxy's URL.
+#public_endpoint=<None>
+
+# http_keepalive option. If False, server will return the header
+# "Connection: close", If True, server will return "Connection: Keep-Alive"
+# in its responses. In order to close the client socket connection
+# explicitly after the response is sent and read successfully by the client,
+# you simply have to set this option to False when you create a wsgi server.
+#http_keepalive = True
+
 # ================= Syslog Options ============================
 
 # Send logs to syslog (/dev/log) instead of to file specified
 # by `log_file`
-use_syslog = True
+#use_syslog = False
 
 # Facility to use. If unset defaults to LOG_USER.
 #syslog_log_facility = LOG_LOCAL0
@@ -136,10 +139,19 @@ use_syslog = True
 # Should be set to a random string of length 16, 24 or 32 bytes
 #metadata_encryption_key = <16, 24 or 32 char registry metadata key>
 
+
+# Digest algorithm which will be used for digital signature, the default is
+# sha1 in Kilo for a smooth upgrade process, and it will be updated with
+# sha256 in next release(L). Use command
+# "openssl list-message-digest-algorithms" to get the available algorithms
+# supported by the version of OpenSSL on the platform. Examples are 'sha1',
+# 'sha256', 'sha512', etc.
+#digest_algorithm = sha1
+
 # ============ Registry Options ===============================
 
 # Address to find the registry server
-registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
+registry_host = 0.0.0.0
 
 # Port the registry server is listening on
 registry_port = 9191
@@ -174,10 +186,6 @@ registry_client_protocol = http
 # Default: 600
 #registry_client_timeout = 600
 
-# Whether to automatically create the database tables.
-# Default: False
-#db_auto_create = False
-
 # Enable DEBUG log messages from sqlalchemy which prints every database
 # query and response.
 # Default: False
@@ -207,20 +215,30 @@ registry_client_protocol = http
 
 # Driver or drivers to handle sending notifications. Set to
 # 'messaging' to send notifications to a message queue.
-notification_driver = messagingv2
+# notification_driver = noop
 
 # Default publisher_id for outgoing notifications.
 # default_publisher_id = image.localhost
 
+# List of disabled notifications. A notification can be given either as a
+# notification type to disable a single event, or as a notification group
+# prefix to disable all events within a group.
+# Example: if this config option is set to
+# ["image.create", "metadef_namespace"], then "image.create" notification will
+# not be sent after image is created and none of the notifications for
+# metadefinition namespaces will be sent.
+# disabled_notifications = []
+
 # Messaging driver used for 'messaging' notifications driver
-rpc_backend=rabbit
+# rpc_backend = 'rabbit'
 
-# Configuration options if sending notifications via rabbitmq
-rabbit_host = {{ RABBITMQ_HOST }}
-rabbit_port = {{ RABBITMQ_PORT }}
+# Configuration options if sending notifications via rabbitmq (these are
+# the defaults)
+rabbit_host = localhost
+rabbit_port = 5672
 rabbit_use_ssl = false
-rabbit_userid = {{ RABBITMQ_USER }}
-rabbit_password = {{ RABBITMQ_PASSWORD }}
+rabbit_userid = guest
+rabbit_password = guest
 rabbit_virtual_host = /
 rabbit_notification_exchange = glance
 rabbit_notification_topic = notifications
@@ -228,22 +246,22 @@ rabbit_durable_queues = False
 
 # Configuration options if sending notifications via Qpid (these are
 # the defaults)
-#qpid_notification_exchange = glance
-#qpid_notification_topic = notifications
-#qpid_hostname = localhost
-#qpid_port = 5672
-#qpid_username =
-#qpid_password =
-#qpid_sasl_mechanisms =
-#qpid_reconnect_timeout = 0
-#qpid_reconnect_limit = 0
-#qpid_reconnect_interval_min = 0
-#qpid_reconnect_interval_max = 0
-#qpid_reconnect_interval = 0
-#qpid_heartbeat = 5
+qpid_notification_exchange = glance
+qpid_notification_topic = notifications
+qpid_hostname = localhost
+qpid_port = 5672
+qpid_username =
+qpid_password =
+qpid_sasl_mechanisms =
+qpid_reconnect_timeout = 0
+qpid_reconnect_limit = 0
+qpid_reconnect_interval_min = 0
+qpid_reconnect_interval_max = 0
+qpid_reconnect_interval = 0
+qpid_heartbeat = 5
 # Set to 'ssl' to enable SSL
-#qpid_protocol = tcp
-#qpid_tcp_nodelay = True
+qpid_protocol = tcp
+qpid_tcp_nodelay = True
 
 # ============ Delayed Delete Options =============================
 
@@ -281,6 +299,25 @@ scrubber_datadir = /var/lib/glance/scrubber
 # Base directory that the Image Cache uses
 image_cache_dir = /var/lib/glance/image-cache/
 
+# =============== Policy Options ==================================
+
+[oslo_policy]
+# The JSON file that defines policies.
+# Deprecated group/name - [DEFAULT]/policy_file
+#policy_file = policy.json
+
+# Default rule. Enforced when a requested rule is not found.
+# Deprecated group/name - [DEFAULT]/policy_default_rule
+#policy_default_rule = default
+
+# Directories where policy configuration files are stored.
+# They can be relative to any directory in the search path
+# defined by the config_dir option, or absolute paths.
+# The file defined by policy_file must exist for these
+# directories to be searched.
+# Deprecated group/name - [DEFAULT]/policy_dirs
+#policy_dirs = policy.d
+
 # =============== Database Options =================================
 
 [database]
@@ -300,8 +337,6 @@ image_cache_dir = /var/lib/glance/image-cache/
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
-connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance
-
 
 # The SQL mode to be used for MySQL sessions. This option,
 # including the default, overrides any server-set SQL mode. To
@@ -381,12 +416,25 @@ connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROL
 # (setting -1 implies an infinite retry count) (integer value)
 #db_max_retries = 20
 
+[oslo_concurrency]
+
+# Enables or disables inter-process locks. (boolean value)
+# Deprecated group/name - [DEFAULT]/disable_process_locking
+#disable_process_locking = false
+
+# Directory to use for lock files.  For security, the specified
+# directory should only be writable by the user running the processes
+# that need locking. It could be read from environment variable
+# OSLO_LOCK_PATH. This setting needs to be the same for both
+# glance-scrubber and glance-api service. Default to a temp directory.
+# Deprecated group/name - [DEFAULT]/lock_path (string value)
+#lock_path = /tmp
+
 [keystone_authtoken]
-auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
-identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
-admin_tenant_name = service
-admin_user = {{ GLANCE_SERVICE_USER }}
-admin_password = {{ GLANCE_SERVICE_PASSWORD }}
+identity_uri = http://127.0.0.1:35357
+admin_tenant_name = %SERVICE_TENANT_NAME%
+admin_user = %SERVICE_USER%
+admin_password = %SERVICE_PASSWORD%
 revocation_cache_time = 10
 
 [paste_deploy]
@@ -397,11 +445,11 @@ revocation_cache_time = 10
 # service name removed. For example, if your paste section name is
 # [pipeline:glance-api-keystone], you would configure the flavor below
 # as 'keystone'.
-flavor=keystone
+#flavor=
 
 [store_type_location_strategy]
 # The scheme list to use to get store preference order. The scheme must be
-# registered by one of the stores defined by the 'known_stores' config option.
+# registered by one of the stores defined by the 'stores' config option.
 # This option will be applied when you using 'store_type' option as image
 # location strategy defined by the 'location_strategy' config option.
 #store_type_preference =
@@ -422,16 +470,44 @@ flavor=keystone
 # task_time_to_live = 48
 
 # Specifies which task executor to be used to run the task scripts.
-# The default value for task_executor is eventlet.
-# task_executor = eventlet
+# The default value for task_executor is taskflow.
+# task_executor = taskflow
+
+# Work dir for asynchronous task operations.  The directory set here
+# will be used to operate over images - normally before they are
+# imported in the destination store. When providing work dir, make sure
+# enough space is provided for concurrent tasks to run efficiently
+# without running out of space. A rough estimation can be done by
+# multiplying the number of `max_workers` - or the N of workers running
+# - by an average image size (e.g 500MB). The image size estimation
+# should be done based on the average size in your deployment. Note that
+# depending on the tasks running you may need to multiply this number by
+# some factor depending on what the task does. For example, you may want
+# to double the available size if image conversion is enabled. All this
+# being said, remember these are just estimations and you should do them
+# based on the worst case scenario and be prepared to act in case they
+# were wrong.
+# work_dir=None
 
 # Specifies the maximum number of eventlet threads which can be spun up by
 # the eventlet based task executor to perform execution of Glance tasks.
+# DEPRECATED: Use [taskflow_executor]/max_workers instead.
 # eventlet_executor_pool_size = 1000
 
+[taskflow_executor]
+# The mode in which the engine will run. Can be 'default', 'serial',
+# 'parallel' or 'worker-based'
+#engine_mode = serial
+
+# The number of parallel activities executed at the same time by
+# the engine. The value can be greater than one when the engine mode is
+# 'parallel' or 'worker-based', otherwise this value will be ignored.
+#max_workers = 10
+
 [glance_store]
 # List of which store classes and store class locations are
 # currently known to glance at startup.
+# Deprecated group/name - [DEFAULT]/known_stores
 # Existing but disabled stores:
 #      glance.store.rbd.Store,
 #      glance.store.s3.Store,
@@ -443,6 +519,13 @@ flavor=keystone
 #stores = glance.store.filesystem.Store,
 #         glance.store.http.Store
 
+# Which backend scheme should Glance use by default is not specified
+# in a request to add a new image to Glance? Known schemes are determined
+# by the stores option.
+# Deprecated group/name - [DEFAULT]/default_store
+# Default: 'file'
+default_store = file
+
 # ============ Filesystem Store Options ========================
 
 # Directory that the Filesystem backend store
@@ -518,18 +601,27 @@ swift_store_large_object_size = 5120
 # the image file, and the default is 200MB
 swift_store_large_object_chunk_size = 200
 
-# Whether to use ServiceNET to communicate with the Swift storage servers.
-# (If you aren't RACKSPACE, leave this False!)
+# If set, the configured endpoint will be used. If None, the storage URL
+# from the auth response will be used. The location of an object is
+# obtained by appending the container and object to the configured URL.
 #
-# To use ServiceNET for authentication, prefix hostname of
-# `swift_store_auth_address` with 'snet-'.
-# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
-swift_enable_snet = False
+# swift_store_endpoint = https://www.example.com/v1/not_a_container
+#swift_store_endpoint =
 
 # If set to True enables multi-tenant storage mode which causes Glance images
 # to be stored in tenant specific Swift accounts.
 #swift_store_multi_tenant = False
 
+# If set to an integer value between 1 and 32, a single-tenant store will
+# use multiple containers to store images. If set to the default value of 0,
+# only a single container will be used. Multi-tenant stores are not affected
+# by this option. The max number of containers that will be used to store
+# images is approximately 16^N where N is the value of this option. Discuss
+# the impact of this with your swift deployment team, as this option is only
+# beneficial in the largest of deployments where swift rate limiting can lead
+# to unwanted throttling on a single container.
+#swift_store_multiple_containers_seed = 0
+
 # A list of swift ACL strings that will be applied as both read and
 # write ACLs to the containers created by Glance in multi-tenant
 # mode. This grants the specified tenants/users read and write access
@@ -559,12 +651,16 @@ swift_enable_snet = False
 # Bypass SSL verification for Swift
 #swift_store_auth_insecure = False
 
+# The path to a CA certificate bundle file to use for SSL verification when
+# communicating with Swift.
+#swift_store_cacert =
+
 # ============ S3 Store Options =============================
 
 # Address where the S3 authentication service lives
 # Valid schemes are 'http://' and 'https://'
 # If no scheme specified,  default to 'http://'
-s3_store_host = 127.0.0.1:8080/v1.0/
+s3_store_host = s3.amazonaws.com
 
 # User to authenticate against the S3 authentication service
 s3_store_access_key = <20-char AWS access key>
@@ -678,11 +774,27 @@ sheepdog_store_chunk_size = 64
 # Inventory path to a datacenter (string value)
 # Value optional when vmware_server_ip is an ESX/ESXi host: if specified
 # should be `ha-datacenter`.
+# Deprecated in favor of vmware_datastores.
 #vmware_datacenter_path = <None>
 
 # Datastore associated with the datacenter (string value)
+# Deprecated in favor of vmware_datastores.
 #vmware_datastore_name = <None>
 
+# A list of datastores where the image can be stored.
+# This option may be specified multiple times for specifying multiple
+# datastores. Either one of vmware_datastore_name or vmware_datastores is
+# required. The datastore name should be specified after its datacenter
+# path, separated by ":". An optional weight may be given after the datastore
+# name, separated again by ":". Thus, the required format becomes
+# <datacenter_path>:<datastore_name>:<optional_weight>.
+# When adding an image, the datastore with highest weight will be selected,
+# unless there is not enough free space available in cases where the image size
+# is already known. If no weight is given, it is assumed to be zero and the
+# directory will be considered for selection last. If multiple datastores have
+# the same weight, then the one with the most free space available is selected.
+#vmware_datastores = <None>
+
 # The number of times we retry on failures
 # e.g., socket error, etc (integer value)
 #vmware_api_retry_count = 10
diff --git a/install-files/openstack/usr/share/openstack/glance/glance-cache.conf b/install-files/openstack/usr/share/openstack/glance/glance-cache.conf
deleted file mode 100644
index 3f2d4603..00000000
--- a/install-files/openstack/usr/share/openstack/glance/glance-cache.conf
+++ /dev/null
@@ -1,200 +0,0 @@
-[DEFAULT]
-# Show more verbose log output (sets INFO log level output)
-#verbose = False
-
-# Show debugging output in logs (sets DEBUG log level output)
-#debug = False
-
-# Log to this file. Make sure you do not set the same log file for both the API
-# and registry servers!
-#
-# If `log_file` is omitted and `use_syslog` is false, then log messages are
-# sent to stdout as a fallback.
-# log_file = /var/log/glance/image-cache.log
-
-# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
-use_syslog = True
-
-# Directory that the Image Cache writes data to
-image_cache_dir = /var/lib/glance/image-cache/
-
-# Number of seconds after which we should consider an incomplete image to be
-# stalled and eligible for reaping
-image_cache_stall_time = 86400
-
-# Max cache size in bytes
-image_cache_max_size = 10737418240
-
-# Address to find the registry server
-registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
-
-# Port the registry server is listening on
-registry_port = 9191
-
-# Auth settings if using Keystone
-# auth_url = http://127.0.0.1:5000/v2.0/
-# admin_tenant_name = %SERVICE_TENANT_NAME%
-# admin_user = %SERVICE_USER%
-# admin_password = %SERVICE_PASSWORD%
-
-# List of which store classes and store class locations are
-# currently known to glance at startup.
-# known_stores = glance.store.filesystem.Store,
-#                glance.store.http.Store,
-#                glance.store.rbd.Store,
-#                glance.store.s3.Store,
-#                glance.store.swift.Store,
-#                glance.store.sheepdog.Store,
-#                glance.store.cinder.Store,
-#                glance.store.vmware_datastore.Store,
-
-# ============ Filesystem Store Options ========================
-
-# Directory that the Filesystem backend store
-# writes image data to
-filesystem_store_datadir = /var/lib/glance/images/
-
-# ============ Swift Store Options =============================
-
-# Version of the authentication service to use
-# Valid versions are '2' for keystone and '1' for swauth and rackspace
-swift_store_auth_version = 2
-
-# Address where the Swift authentication service lives
-# Valid schemes are 'http://' and 'https://'
-# If no scheme specified,  default to 'https://'
-# For swauth, use something like '127.0.0.1:8080/v1.0/'
-swift_store_auth_address = 127.0.0.1:5000/v2.0/
-
-# User to authenticate against the Swift authentication service
-# If you use Swift authentication service, set it to 'account':'user'
-# where 'account' is a Swift storage account and 'user'
-# is a user in that account
-swift_store_user = jdoe:jdoe
-
-# Auth key for the user authenticating against the
-# Swift authentication service
-swift_store_key = a86850deb2742ec3cb41518e26aa2d89
-
-# Container within the account that the account should use
-# for storing images in Swift
-swift_store_container = glance
-
-# Do we create the container if it does not exist?
-swift_store_create_container_on_put = False
-
-# What size, in MB, should Glance start chunking image files
-# and do a large object manifest in Swift? By default, this is
-# the maximum object size in Swift, which is 5GB
-swift_store_large_object_size = 5120
-
-# When doing a large object manifest, what size, in MB, should
-# Glance write chunks to Swift? This amount of data is written
-# to a temporary disk buffer during the process of chunking
-# the image file, and the default is 200MB
-swift_store_large_object_chunk_size = 200
-
-# Whether to use ServiceNET to communicate with the Swift storage servers.
-# (If you aren't RACKSPACE, leave this False!)
-#
-# To use ServiceNET for authentication, prefix hostname of
-# `swift_store_auth_address` with 'snet-'.
-# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
-swift_enable_snet = False
-
-# ============ S3 Store Options =============================
-
-# Address where the S3 authentication service lives
-# Valid schemes are 'http://' and 'https://'
-# If no scheme specified,  default to 'http://'
-s3_store_host = 127.0.0.1:8080/v1.0/
-
-# User to authenticate against the S3 authentication service
-s3_store_access_key = <20-char AWS access key>
-
-# Auth key for the user authenticating against the
-# S3 authentication service
-s3_store_secret_key = <40-char AWS secret key>
-
-# Container within the account that the account should use
-# for storing images in S3. Note that S3 has a flat namespace,
-# so you need a unique bucket name for your glance images. An
-# easy way to do this is append your AWS access key to "glance".
-# S3 buckets in AWS *must* be lowercased, so remember to lowercase
-# your AWS access key if you use it in your bucket name below!
-s3_store_bucket = <lowercased 20-char aws access key>glance
-
-# Do we create the bucket if it does not exist?
-s3_store_create_bucket_on_put = False
-
-# When sending images to S3, the data will first be written to a
-# temporary buffer on disk. By default the platform's temporary directory
-# will be used. If required, an alternative directory can be specified here.
-# s3_store_object_buffer_dir = /path/to/dir
-
-# ============ Cinder Store Options ===========================
-
-# Info to match when looking for cinder in the service catalog
-# Format is : separated values of the form:
-# <service_type>:<service_name>:<endpoint_type> (string value)
-#cinder_catalog_info = volume:cinder:publicURL
-
-# Override service catalog lookup with template for cinder endpoint
-# e.g. http://localhost:8776/v1/%(project_id)s (string value)
-#cinder_endpoint_template = <None>
-
-# Region name of this node (string value)
-#os_region_name = <None>
-
-# Location of ca certicates file to use for cinder client requests
-# (string value)
-#cinder_ca_certificates_file = <None>
-
-# Number of cinderclient retries on failed http calls (integer value)
-#cinder_http_retries = 3
-
-# Allow to perform insecure SSL requests to cinder (boolean value)
-#cinder_api_insecure = False
-
-# ============ VMware Datastore Store Options =====================
-
-# ESX/ESXi or vCenter Server target system.
-# The server value can be an IP address or a DNS name
-# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com
-#vmware_server_host = <None>
-
-# Server username (string value)
-#vmware_server_username = <None>
-
-# Server password (string value)
-#vmware_server_password = <None>
-
-# Inventory path to a datacenter (string value)
-# Value optional when vmware_server_ip is an ESX/ESXi host: if specified
-# should be `ha-datacenter`.
-#vmware_datacenter_path = <None>
-
-# Datastore associated with the datacenter (string value)
-#vmware_datastore_name = <None>
-
-# The number of times we retry on failures
-# e.g., socket error, etc (integer value)
-#vmware_api_retry_count = 10
-
-# The interval used for polling remote tasks
-# invoked on VMware ESX/VC server in seconds (integer value)
-#vmware_task_poll_interval = 5
-
-# Absolute path of the folder containing the images in the datastore
-# (string value)
-#vmware_store_image_dir = /openstack_glance
-
-# Allow to perform insecure SSL requests to the target system (boolean value)
-#vmware_api_insecure = False
-
-# ================= Security Options ==========================
-
-# AES key for encrypting store 'location' metadata, including
-# -- if used -- Swift or S3 credentials
-# Should be set to a random string of length 16, 24 or 32 bytes
-# metadata_encryption_key = <16, 24 or 32 char registry metadata key>
diff --git a/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini b/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini
deleted file mode 100644
index df403f6e..00000000
--- a/install-files/openstack/usr/share/openstack/glance/glance-registry-paste.ini
+++ /dev/null
@@ -1,30 +0,0 @@
-# Use this pipeline for no auth - DEFAULT
-[pipeline:glance-registry]
-pipeline = osprofiler unauthenticated-context registryapp
-
-# Use this pipeline for keystone auth
-[pipeline:glance-registry-keystone]
-pipeline = osprofiler authtoken context registryapp
-
-# Use this pipeline for authZ only. This means that the registry will treat a
-# user as authenticated without making requests to keystone to reauthenticate
-# the user.
-[pipeline:glance-registry-trusted-auth]
-pipeline = osprofiler context registryapp
-
-[app:registryapp]
-paste.app_factory = glance.registry.api:API.factory
-
-[filter:context]
-paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
-
-[filter:unauthenticated-context]
-paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
-
-[filter:authtoken]
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-
-[filter:osprofiler]
-paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
-hmac_keys = SECRET_KEY
-enabled = yes
diff --git a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf
index 302f4138..f7ce7956 100644
--- a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf
+++ b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf
@@ -6,7 +6,7 @@
 #debug = False
 
 # Address to bind the registry server
-bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
+bind_host = 0.0.0.0
 
 # Port the bind the registry server to
 bind_port = 9191
@@ -16,7 +16,7 @@ bind_port = 9191
 #
 # If `log_file` is omitted and `use_syslog` is false, then log messages are
 # sent to stdout as a fallback.
-# log_file = /var/log/glance/registry.log
+log_file = /var/log/glance/registry.log
 
 # Backlog requests when creating socket
 backlog = 4096
@@ -49,20 +49,23 @@ limit_param_default = 25
 # Role used to identify an authenticated user as administrator
 #admin_role = admin
 
-# Whether to automatically create the database tables.
-# Default: False
-#db_auto_create = False
-
 # Enable DEBUG log messages from sqlalchemy which prints every database
 # query and response.
 # Default: False
 #sqlalchemy_debug = True
 
+# http_keepalive option. If False, server will return the header
+# "Connection: close", If True, server will return "Connection: Keep-Alive"
+# in its responses. In order to close the client socket connection
+# explicitly after the response is sent and read successfully by the client,
+# you simply have to set this option to False when you create a wsgi server.
+#http_keepalive = True
+
 # ================= Syslog Options ============================
 
 # Send logs to syslog (/dev/log) instead of to file specified
 # by `log_file`
-use_syslog = True
+#use_syslog = False
 
 # Facility to use. If unset defaults to LOG_USER.
 #syslog_log_facility = LOG_LOCAL1
@@ -82,20 +85,21 @@ use_syslog = True
 
 # Driver or drivers to handle sending notifications. Set to
 # 'messaging' to send notifications to a message queue.
-notification_driver = messagingv2
+# notification_driver = noop
 
 # Default publisher_id for outgoing notifications.
 # default_publisher_id = image.localhost
 
 # Messaging driver used for 'messaging' notifications driver
-rpc_backend=rabbit
+# rpc_backend = 'rabbit'
 
-# Configuration options if sending notifications via rabbitmq
-rabbit_host = {{ RABBITMQ_HOST }}
-rabbit_port = {{ RABBITMQ_PORT }}
+# Configuration options if sending notifications via rabbitmq (these are
+# the defaults)
+rabbit_host = localhost
+rabbit_port = 5672
 rabbit_use_ssl = false
-rabbit_userid = {{ RABBITMQ_USER }}
-rabbit_password = {{ RABBITMQ_PASSWORD }}
+rabbit_userid = guest
+rabbit_password = guest
 rabbit_virtual_host = /
 rabbit_notification_exchange = glance
 rabbit_notification_topic = notifications
@@ -121,6 +125,25 @@ qpid_protocol = tcp
 qpid_tcp_nodelay = True
 
 
+# =============== Policy Options ==============================
+
+[oslo_policy]
+# The JSON file that defines policies.
+# Deprecated group/name - [DEFAULT]/policy_file
+#policy_file = policy.json
+
+# Default rule. Enforced when a requested rule is not found.
+# Deprecated group/name - [DEFAULT]/policy_default_rule
+#policy_default_rule = default
+
+# Directories where policy configuration files are stored.
+# They can be relative to any directory in the search path
+# defined by the config_dir option, or absolute paths.
+# The file defined by policy_file must exist for these
+# directories to be searched.
+# Deprecated group/name - [DEFAULT]/policy_dirs
+#policy_dirs = policy.d
+
 # ================= Database Options ==========================
 
 [database]
@@ -140,7 +163,6 @@ qpid_tcp_nodelay = True
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
-connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance
 
 # The SQL mode to be used for MySQL sessions. This option,
 # including the default, overrides any server-set SQL mode. To
@@ -221,11 +243,10 @@ connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROL
 #db_max_retries = 20
 
 [keystone_authtoken]
-auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
-identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
-admin_tenant_name = service
-admin_user = {{ GLANCE_SERVICE_USER }}
-admin_password = {{ GLANCE_SERVICE_PASSWORD }}
+identity_uri = http://127.0.0.1:35357
+admin_tenant_name = %SERVICE_TENANT_NAME%
+admin_user = %SERVICE_USER%
+admin_password = %SERVICE_PASSWORD%
 
 [paste_deploy]
 # Name of the paste configuration file that defines the available pipelines
@@ -235,7 +256,7 @@ admin_password = {{ GLANCE_SERVICE_PASSWORD }}
 # service name removed. For example, if your paste section name is
 # [pipeline:glance-registry-keystone], you would configure the flavor below
 # as 'keystone'.
-flavor=keystone
+#flavor=
 
 [profiler]
 # If False fully disable profiling feature.
diff --git a/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf b/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf
deleted file mode 100644
index cdbfda71..00000000
--- a/install-files/openstack/usr/share/openstack/glance/glance-scrubber.conf
+++ /dev/null
@@ -1,108 +0,0 @@
-[DEFAULT]
-# Show more verbose log output (sets INFO log level output)
-#verbose = False
-
-# Show debugging output in logs (sets DEBUG log level output)
-#debug = False
-
-# Log to this file. Make sure you do not set the same log file for both the API
-# and registry servers!
-#
-# If `log_file` is omitted and `use_syslog` is false, then log messages are
-# sent to stdout as a fallback.
-# log_file = /var/log/glance/scrubber.log
-
-# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
-use_syslog = True
-
-# Should we run our own loop or rely on cron/scheduler to run us
-daemon = False
-
-# Loop time between checking for new items to schedule for delete
-wakeup_time = 300
-
-# Directory that the scrubber will use to remind itself of what to delete
-# Make sure this is also set in glance-api.conf
-scrubber_datadir = /var/lib/glance/scrubber
-
-# Only one server in your deployment should be designated the cleanup host
-cleanup_scrubber = False
-
-# pending_delete items older than this time are candidates for cleanup
-cleanup_scrubber_time = 86400
-
-# Address to find the registry server for cleanups
-registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
-
-# Port the registry server is listening on
-registry_port = 9191
-
-# Auth settings if using Keystone
-# auth_url = http://127.0.0.1:5000/v2.0/
-# admin_tenant_name = %SERVICE_TENANT_NAME%
-# admin_user = %SERVICE_USER%
-# admin_password = %SERVICE_PASSWORD%
-
-# Directory to use for lock files. Default to a temp directory
-# (string value). This setting needs to be the same for both
-# glance-scrubber and glance-api.
-#lock_path=<None>
-
-# API to use for accessing data. Default value points to sqlalchemy
-# package, it is also possible to use: glance.db.registry.api
-#data_api = glance.db.sqlalchemy.api
-
-# ================= Security Options ==========================
-
-# AES key for encrypting store 'location' metadata, including
-# -- if used -- Swift or S3 credentials
-# Should be set to a random string of length 16, 24 or 32 bytes
-#metadata_encryption_key = <16, 24 or 32 char registry metadata key>
-
-# ================= Database Options ===============+==========
-
-[database]
-
-# The SQLAlchemy connection string used to connect to the
-# database (string value)
-#connection=sqlite:////glance/openstack/common/db/$sqlite_db
-
-# The SQLAlchemy connection string used to connect to the
-# slave database (string value)
-#slave_connection=
-
-# timeout before idle sql connections are reaped (integer
-# value)
-#idle_timeout=3600
-
-# Minimum number of SQL connections to keep open in a pool
-# (integer value)
-#min_pool_size=1
-
-# Maximum number of SQL connections to keep open in a pool
-# (integer value)
-#max_pool_size=<None>
-
-# maximum db connection retries during startup. (setting -1
-# implies an infinite retry count) (integer value)
-#max_retries=10
-
-# interval between retries of opening a sql connection
-# (integer value)
-#retry_interval=10
-
-# If set, use this value for max_overflow with sqlalchemy
-# (integer value)
-#max_overflow=<None>
-
-# Verbosity of SQL debugging information. 0=None,
-# 100=Everything (integer value)
-#connection_debug=0
-
-# Add python stack traces to SQL as comment strings (boolean
-# value)
-#connection_trace=false
-
-# If set, use this value for pool_timeout with sqlalchemy
-# (integer value)
-#pool_timeout=<None>
diff --git a/install-files/openstack/usr/share/openstack/glance/logging.conf b/install-files/openstack/usr/share/openstack/glance/logging.conf
deleted file mode 100644
index 7e7f31f0..00000000
--- a/install-files/openstack/usr/share/openstack/glance/logging.conf
+++ /dev/null
@@ -1,54 +0,0 @@
-[loggers]
-keys=root,api,registry,combined
-
-[formatters]
-keys=normal,normal_with_name,debug
-
-[handlers]
-keys=production,file,devel
-
-[logger_root]
-level=NOTSET
-handlers=devel
-
-[logger_api]
-level=DEBUG
-handlers=devel
-qualname=glance-api
-
-[logger_registry]
-level=DEBUG
-handlers=devel
-qualname=glance-registry
-
-[logger_combined]
-level=DEBUG
-handlers=devel
-qualname=glance-combined
-
-[handler_production]
-class=handlers.SysLogHandler
-level=ERROR
-formatter=normal_with_name
-args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
-
-[handler_file]
-class=FileHandler
-level=DEBUG
-formatter=normal_with_name
-args=('glance.log', 'w')
-
-[handler_devel]
-class=StreamHandler
-level=NOTSET
-formatter=debug
-args=(sys.stdout,)
-
-[formatter_normal]
-format=%(asctime)s %(levelname)s %(message)s
-
-[formatter_normal_with_name]
-format=(%(name)s): %(asctime)s %(levelname)s %(message)s
-
-[formatter_debug]
-format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s 
diff --git a/install-files/openstack/usr/share/openstack/glance/policy.json b/install-files/openstack/usr/share/openstack/glance/policy.json
deleted file mode 100644
index 325f00b2..00000000
--- a/install-files/openstack/usr/share/openstack/glance/policy.json
+++ /dev/null
@@ -1,52 +0,0 @@
-{
-    "context_is_admin":  "role:admin",
-    "default": "",
-
-    "add_image": "",
-    "delete_image": "",
-    "get_image": "",
-    "get_images": "",
-    "modify_image": "",
-    "publicize_image": "role:admin",
-    "copy_from": "",
-
-    "download_image": "",
-    "upload_image": "",
-
-    "delete_image_location": "",
-    "get_image_location": "",
-    "set_image_location": "",
-
-    "add_member": "",
-    "delete_member": "",
-    "get_member": "",
-    "get_members": "",
-    "modify_member": "",
-
-    "manage_image_cache": "role:admin",
-
-    "get_task": "",
-    "get_tasks": "",
-    "add_task": "",
-    "modify_task": "",
-
-    "get_metadef_namespace": "",
-    "get_metadef_namespaces":"",
-    "modify_metadef_namespace":"",
-    "add_metadef_namespace":"",
-
-    "get_metadef_object":"",
-    "get_metadef_objects":"",
-    "modify_metadef_object":"",
-    "add_metadef_object":"",
-
-    "list_metadef_resource_types":"",
-    "get_metadef_resource_type":"",
-    "add_metadef_resource_type_association":"",
-
-    "get_metadef_property":"",
-    "get_metadef_properties":"",
-    "modify_metadef_property":"",
-    "add_metadef_property":""
-
-}
diff --git a/install-files/openstack/usr/share/openstack/glance/schema-image.json b/install-files/openstack/usr/share/openstack/glance/schema-image.json
deleted file mode 100644
index 5aafd6b3..00000000
--- a/install-files/openstack/usr/share/openstack/glance/schema-image.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-    "kernel_id": {
-        "type": "string",
-        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
-        "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
-    },
-    "ramdisk_id": {
-        "type": "string",
-        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
-        "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
-    },
-    "instance_uuid": {
-        "type": "string",
-        "description": "ID of instance used to create this image."
-    },
-    "architecture": {
-        "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
-        "type": "string"
-    },
-    "os_distro": {
-        "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
-        "type": "string"
-    },
-    "os_version": {
-        "description": "Operating system version as specified by the distributor",
-        "type": "string"
-    }
-}