[DEFAULT] # Show more verbose log output (sets INFO log level output) #verbose = False # Show debugging output in logs (sets DEBUG log level output) #debug = False # Which backend scheme should Glance use by default is not specified # in a request to add a new image to Glance? Known schemes are determined # by the known_stores option below. # Default: 'file' default_store = file # Maximum image size (in bytes) that may be uploaded through the # Glance API server. Defaults to 1 TB. # WARNING: this value should only be increased after careful consideration # and must be set to a value under 8 EB (9223372036854775808). #image_size_cap = 1099511627776 # Address to bind the API server bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Port the bind the API server to bind_port = 9292 # Log to this file. Make sure you do not set the same log file for both the API # and registry servers! # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. # log_file = /var/log/glance/api.log # Backlog requests when creating socket backlog = 4096 # TCP_KEEPIDLE value in seconds when creating socket. # Not supported on OS X. #tcp_keepidle = 600 # API to use for accessing data. Default value points to sqlalchemy # package, it is also possible to use: glance.db.registry.api # data_api = glance.db.sqlalchemy.api # The number of child process workers that will be # created to service API requests. The default will be # equal to the number of CPUs available. (integer value) #workers = 4 # Maximum line size of message headers to be accepted. # max_header_line may need to be increased when using large tokens # (typically those generated by the Keystone v3 API with big service # catalogs) # max_header_line = 16384 # Role used to identify an authenticated user as administrator #admin_role = admin # Allow unauthenticated users to access the API with read-only # privileges. This only applies when using ContextMiddleware. #allow_anonymous_access = False # Allow access to version 1 of glance api #enable_v1_api = True # Allow access to version 2 of glance api #enable_v2_api = True # Return the URL that references where the data is stored on # the backend storage system. For example, if using the # file system store a URL of 'file:///path/to/image' will # be returned to the user in the 'direct_url' meta-data field. # The default value is false. #show_image_direct_url = False # Send headers containing user and tenant information when making requests to # the v1 glance registry. This allows the registry to function as if a user is # authenticated without the need to authenticate a user itself using the # auth_token middleware. # The default value is false. #send_identity_headers = False # Supported values for the 'container_format' image attribute #container_formats=ami,ari,aki,bare,ovf,ova # Supported values for the 'disk_format' image attribute #disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso # Directory to use for lock files. Default to a temp directory # (string value). This setting needs to be the same for both # glance-scrubber and glance-api. #lock_path= # Property Protections config file # This file contains the rules for property protections and the roles/policies # associated with it. # If this config value is not specified, by default, property protections # won't be enforced. # If a value is specified and the file is not found, then the glance-api # service will not start. #property_protection_file = # Specify whether 'roles' or 'policies' are used in the # property_protection_file. # The default value for property_protection_rule_format is 'roles'. #property_protection_rule_format = roles # This value sets what strategy will be used to determine the image location # order. Currently two strategies are packaged with Glance 'location_order' # and 'store_type'. #location_strategy = location_order # ================= Syslog Options ============================ # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` use_syslog = True # Facility to use. If unset defaults to LOG_USER. #syslog_log_facility = LOG_LOCAL0 # ================= SSL Options =============================== # Certificate file to use when starting API server securely #cert_file = /path/to/certfile # Private key file to use when starting API server securely #key_file = /path/to/keyfile # CA certificate file to use to verify connecting clients #ca_file = /path/to/cafile # ================= Security Options ========================== # AES key for encrypting store 'location' metadata, including # -- if used -- Swift or S3 credentials # Should be set to a random string of length 16, 24 or 32 bytes #metadata_encryption_key = <16, 24 or 32 char registry metadata key> # ============ Registry Options =============================== # Address to find the registry server registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Port the registry server is listening on registry_port = 9191 # What protocol to use when connecting to the registry server? # Set to https for secure HTTP communication registry_client_protocol = http # The path to the key file to use in SSL connections to the # registry server, if any. Alternately, you may set the # GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file #registry_client_key_file = /path/to/key/file # The path to the cert file to use in SSL connections to the # registry server, if any. Alternately, you may set the # GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file #registry_client_cert_file = /path/to/cert/file # The path to the certifying authority cert file to use in SSL connections # to the registry server, if any. Alternately, you may set the # GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file #registry_client_ca_file = /path/to/ca/file # When using SSL in connections to the registry server, do not require # validation via a certifying authority. This is the registry's equivalent of # specifying --insecure on the command line using glanceclient for the API # Default: False #registry_client_insecure = False # The period of time, in seconds, that the API server will wait for a registry # request to complete. A value of '0' implies no timeout. # Default: 600 #registry_client_timeout = 600 # Whether to automatically create the database tables. # Default: False #db_auto_create = False # Enable DEBUG log messages from sqlalchemy which prints every database # query and response. # Default: False #sqlalchemy_debug = True # Pass the user's token through for API requests to the registry. # Default: True #use_user_token = True # If 'use_user_token' is not in effect then admin credentials # can be specified. Requests to the registry on behalf of # the API will use these credentials. # Admin user name #admin_user = None # Admin password #admin_password = None # Admin tenant name #admin_tenant_name = None # Keystone endpoint #auth_url = None # Keystone region #auth_region = None # Auth strategy #auth_strategy = keystone # ============ Notification System Options ===================== # Driver or drivers to handle sending notifications. Set to # 'messaging' to send notifications to a message queue. # notification_driver = noop # Default publisher_id for outgoing notifications. # default_publisher_id = image.localhost # Messaging driver used for 'messaging' notifications driver rpc_backend=rabbit # Configuration options if sending notifications via rabbitmq rabbit_host = {{ RABBITMQ_HOST }} rabbit_port = {{ RABBITMQ_PORT }} rabbit_use_ssl = false rabbit_userid = {{ RABBITMQ_USER }} rabbit_password = {{ RABBITMQ_PASSWORD }} rabbit_virtual_host = / rabbit_notification_exchange = glance rabbit_notification_topic = notifications rabbit_durable_queues = False # Configuration options if sending notifications via Qpid (these are # the defaults) #qpid_notification_exchange = glance #qpid_notification_topic = notifications #qpid_hostname = localhost #qpid_port = 5672 #qpid_username = #qpid_password = #qpid_sasl_mechanisms = #qpid_reconnect_timeout = 0 #qpid_reconnect_limit = 0 #qpid_reconnect_interval_min = 0 #qpid_reconnect_interval_max = 0 #qpid_reconnect_interval = 0 #qpid_heartbeat = 5 # Set to 'ssl' to enable SSL #qpid_protocol = tcp #qpid_tcp_nodelay = True # ============ Delayed Delete Options ============================= # Turn on/off delayed delete delayed_delete = False # Delayed delete time in seconds scrub_time = 43200 # Directory that the scrubber will use to remind itself of what to delete # Make sure this is also set in glance-scrubber.conf scrubber_datadir = /var/lib/glance/scrubber # =============== Quota Options ================================== # The maximum number of image members allowed per image #image_member_quota = 128 # The maximum number of image properties allowed per image #image_property_quota = 128 # The maximum number of tags allowed per image #image_tag_quota = 128 # The maximum number of locations allowed per image #image_location_quota = 10 # Set a system wide quota for every user. This value is the total number # of bytes that a user can use across all storage systems. A value of # 0 means unlimited. #user_storage_quota = 0 # =============== Image Cache Options ============================= # Base directory that the Image Cache uses image_cache_dir = /var/lib/glance/image-cache/ # =============== Database Options ================================= [database] # The file name to use with SQLite (string value) #sqlite_db = oslo.sqlite # If True, SQLite uses synchronous mode (boolean value) #sqlite_synchronous = True # The backend to use for db (string value) # Deprecated group/name - [DEFAULT]/db_backend #backend = sqlalchemy # The SQLAlchemy connection string used to connect to the # database (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To # use whatever SQL mode is set by the server configuration, # set this to no value. Example: mysql_sql_mode= (string # value) #mysql_sql_mode = TRADITIONAL # Timeout before idle sql connections are reaped (integer # value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout #idle_timeout = 3600 # Minimum number of SQL connections to keep open in a pool # (integer value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size #min_pool_size = 1 # Maximum number of SQL connections to keep open in a pool # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size = # Maximum db connection retries during startup. (setting -1 # implies an infinite retry count) (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries = 10 # Interval between retries of opening a sql connection # (integer value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval #retry_interval = 10 # If set, use this value for max_overflow with sqlalchemy # (integer value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow #max_overflow = # Verbosity of SQL debugging information. 0=None, # 100=Everything (integer value) # Deprecated group/name - [DEFAULT]/sql_connection_debug #connection_debug = 0 # Add python stack traces to SQL as comment strings (boolean # value) # Deprecated group/name - [DEFAULT]/sql_connection_trace #connection_trace = False # If set, use this value for pool_timeout with sqlalchemy # (integer value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout #pool_timeout = # Enable the experimental use of database reconnect on # connection lost (boolean value) #use_db_reconnect = False # seconds between db connection retries (integer value) #db_retry_interval = 1 # Whether to increase interval between db connection retries, # up to db_max_retry_interval (boolean value) #db_inc_retry_interval = True # max seconds between db connection retries, if # db_inc_retry_interval is enabled (integer value) #db_max_retry_interval = 10 # maximum db connection retries before error is raised. # (setting -1 implies an infinite retry count) (integer value) #db_max_retries = 20 [keystone_authtoken] auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 admin_tenant_name = service admin_user = {{ GLANCE_SERVICE_USER }} admin_password = {{ GLANCE_SERVICE_PASSWORD }} revocation_cache_time = 10 [paste_deploy] # Name of the paste configuration file that defines the available pipelines #config_file = glance-api-paste.ini # Partial name of a pipeline in your paste configuration file with the # service name removed. For example, if your paste section name is # [pipeline:glance-api-keystone], you would configure the flavor below # as 'keystone'. flavor=keystone [store_type_location_strategy] # The scheme list to use to get store preference order. The scheme must be # registered by one of the stores defined by the 'known_stores' config option. # This option will be applied when you using 'store_type' option as image # location strategy defined by the 'location_strategy' config option. #store_type_preference = [profiler] # If False fully disable profiling feature. #enabled = False # If False doesn't trace SQL requests. #trace_sqlalchemy = False [task] # ================= Glance Tasks Options ============================ # Specifies how long (in hours) a task is supposed to live in the tasks DB # after succeeding or failing before getting soft-deleted. # The default value for task_time_to_live is 48 hours. # task_time_to_live = 48 # Specifies which task executor to be used to run the task scripts. # The default value for task_executor is eventlet. # task_executor = eventlet # Specifies the maximum number of eventlet threads which can be spun up by # the eventlet based task executor to perform execution of Glance tasks. # eventlet_executor_pool_size = 1000 [glance_store] # List of which store classes and store class locations are # currently known to glance at startup. # Existing but disabled stores: # glance.store.rbd.Store, # glance.store.s3.Store, # glance.store.swift.Store, # glance.store.sheepdog.Store, # glance.store.cinder.Store, # glance.store.gridfs.Store, # glance.store.vmware_datastore.Store, #stores = glance.store.filesystem.Store, # glance.store.http.Store # ============ Filesystem Store Options ======================== # Directory that the Filesystem backend store # writes image data to filesystem_store_datadir = /var/lib/glance/images/ # A list of directories where image data can be stored. # This option may be specified multiple times for specifying multiple store # directories. Either one of filesystem_store_datadirs or # filesystem_store_datadir option is required. A priority number may be given # after each directory entry, separated by a ":". # When adding an image, the highest priority directory will be selected, unless # there is not enough space available in cases where the image size is already # known. If no priority is given, it is assumed to be zero and the directory # will be considered for selection last. If multiple directories have the same # priority, then the one with the most free space available is selected. # If same store is specified multiple times then BadStoreConfiguration # exception will be raised. #filesystem_store_datadirs = /var/lib/glance/images/:1 # A path to a JSON file that contains metadata describing the storage # system. When show_multiple_locations is True the information in this # file will be returned with any location that is contained in this # store. #filesystem_store_metadata_file = None # ============ Swift Store Options ============================= # Version of the authentication service to use # Valid versions are '2' for keystone and '1' for swauth and rackspace swift_store_auth_version = 2 # Address where the Swift authentication service lives # Valid schemes are 'http://' and 'https://' # If no scheme specified, default to 'https://' # For swauth, use something like '127.0.0.1:8080/v1.0/' swift_store_auth_address = 127.0.0.1:5000/v2.0/ # User to authenticate against the Swift authentication service # If you use Swift authentication service, set it to 'account':'user' # where 'account' is a Swift storage account and 'user' # is a user in that account swift_store_user = jdoe:jdoe # Auth key for the user authenticating against the # Swift authentication service swift_store_key = a86850deb2742ec3cb41518e26aa2d89 # Container within the account that the account should use # for storing images in Swift swift_store_container = glance # Do we create the container if it does not exist? swift_store_create_container_on_put = False # What size, in MB, should Glance start chunking image files # and do a large object manifest in Swift? By default, this is # the maximum object size in Swift, which is 5GB swift_store_large_object_size = 5120 # swift_store_config_file = glance-swift.conf # This file contains references for each of the configured # Swift accounts/backing stores. If used, this option can prevent # credentials being stored in the database. Using Swift references # is disabled if this config is left blank. # The reference to the default Swift parameters to use for adding new images. # default_swift_reference = 'ref1' # When doing a large object manifest, what size, in MB, should # Glance write chunks to Swift? This amount of data is written # to a temporary disk buffer during the process of chunking # the image file, and the default is 200MB swift_store_large_object_chunk_size = 200 # Whether to use ServiceNET to communicate with the Swift storage servers. # (If you aren't RACKSPACE, leave this False!) # # To use ServiceNET for authentication, prefix hostname of # `swift_store_auth_address` with 'snet-'. # Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ swift_enable_snet = False # If set to True enables multi-tenant storage mode which causes Glance images # to be stored in tenant specific Swift accounts. #swift_store_multi_tenant = False # A list of swift ACL strings that will be applied as both read and # write ACLs to the containers created by Glance in multi-tenant # mode. This grants the specified tenants/users read and write access # to all newly created image objects. The standard swift ACL string # formats are allowed, including: # : # : # *: # Multiple ACLs can be combined using a comma separated list, for # example: swift_store_admin_tenants = service:glance,*:admin #swift_store_admin_tenants = # The region of the swift endpoint to be used for single tenant. This setting # is only necessary if the tenant has multiple swift endpoints. #swift_store_region = # If set to False, disables SSL layer compression of https swift requests. # Setting to 'False' may improve performance for images which are already # in a compressed format, eg qcow2. If set to True, enables SSL layer # compression (provided it is supported by the target swift proxy). #swift_store_ssl_compression = True # The number of times a Swift download will be retried before the # request fails #swift_store_retry_get_count = 0 # Bypass SSL verification for Swift #swift_store_auth_insecure = False # ============ S3 Store Options ============================= # Address where the S3 authentication service lives # Valid schemes are 'http://' and 'https://' # If no scheme specified, default to 'http://' s3_store_host = 127.0.0.1:8080/v1.0/ # User to authenticate against the S3 authentication service s3_store_access_key = <20-char AWS access key> # Auth key for the user authenticating against the # S3 authentication service s3_store_secret_key = <40-char AWS secret key> # Container within the account that the account should use # for storing images in S3. Note that S3 has a flat namespace, # so you need a unique bucket name for your glance images. An # easy way to do this is append your AWS access key to "glance". # S3 buckets in AWS *must* be lowercased, so remember to lowercase # your AWS access key if you use it in your bucket name below! s3_store_bucket = glance # Do we create the bucket if it does not exist? s3_store_create_bucket_on_put = False # When sending images to S3, the data will first be written to a # temporary buffer on disk. By default the platform's temporary directory # will be used. If required, an alternative directory can be specified here. #s3_store_object_buffer_dir = /path/to/dir # When forming a bucket url, boto will either set the bucket name as the # subdomain or as the first token of the path. Amazon's S3 service will # accept it as the subdomain, but Swift's S3 middleware requires it be # in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'. #s3_store_bucket_url_format = subdomain # Size, in MB, should S3 start chunking image files # and do a multipart upload in S3. The default is 100MB. #s3_store_large_object_size = 100 # Multipart upload part size, in MB, should S3 use when uploading # parts. The size must be greater than or equal to # 5MB. The default is 10MB. #s3_store_large_object_chunk_size = 10 # The number of thread pools to perform a multipart upload # in S3. The default is 10. #s3_store_thread_pools = 10 # ============ RBD Store Options ============================= # Ceph configuration file path # If using cephx authentication, this file should # include a reference to the right keyring # in a client. section #rbd_store_ceph_conf = /etc/ceph/ceph.conf # RADOS user to authenticate as (only applicable if using cephx) # If , a default will be chosen based on the client. section # in rbd_store_ceph_conf #rbd_store_user = # RADOS pool in which images are stored #rbd_store_pool = images # RADOS images will be chunked into objects of this size (in megabytes). # For best performance, this should be a power of two #rbd_store_chunk_size = 8 # ============ Sheepdog Store Options ============================= sheepdog_store_address = localhost sheepdog_store_port = 7000 # Images will be chunked into objects of this size (in megabytes). # For best performance, this should be a power of two sheepdog_store_chunk_size = 64 # ============ Cinder Store Options =============================== # Info to match when looking for cinder in the service catalog # Format is : separated values of the form: # :: (string value) #cinder_catalog_info = volume:cinder:publicURL # Override service catalog lookup with template for cinder endpoint # e.g. http://localhost:8776/v1/%(project_id)s (string value) #cinder_endpoint_template = # Region name of this node (string value) #os_region_name = # Location of ca certicates file to use for cinder client requests # (string value) #cinder_ca_certificates_file = # Number of cinderclient retries on failed http calls (integer value) #cinder_http_retries = 3 # Allow to perform insecure SSL requests to cinder (boolean value) #cinder_api_insecure = False # ============ VMware Datastore Store Options ===================== # ESX/ESXi or vCenter Server target system. # The server value can be an IP address or a DNS name # e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com #vmware_server_host = # Server username (string value) #vmware_server_username = # Server password (string value) #vmware_server_password = # Inventory path to a datacenter (string value) # Value optional when vmware_server_ip is an ESX/ESXi host: if specified # should be `ha-datacenter`. #vmware_datacenter_path = # Datastore associated with the datacenter (string value) #vmware_datastore_name = # The number of times we retry on failures # e.g., socket error, etc (integer value) #vmware_api_retry_count = 10 # The interval used for polling remote tasks # invoked on VMware ESX/VC server in seconds (integer value) #vmware_task_poll_interval = 5 # Absolute path of the folder containing the images in the datastore # (string value) #vmware_store_image_dir = /openstack_glance # Allow to perform insecure SSL requests to the target system (boolean value) #vmware_api_insecure = False