glance-api.conf
DEFAULT
-
owner_is_tenant
| Type: | boolean |
|---|
| Default: | true |
|---|
When true, this option sets the owner of an image to be the tenant. Otherwise, the owner of the image will be the authenticated user issuing the request.
-
admin_role
| Type: | string |
|---|
| Default: | admin |
|---|
Role used to identify an authenticated user as administrator.
-
allow_anonymous_access
| Type: | boolean |
|---|
| Default: | false |
|---|
Allow unauthenticated users to access the API with read-only privileges. This only applies when using ContextMiddleware.
-
max_request_id_length
-
Limits request ID length.
-
public_endpoint
| Type: | string |
|---|
| Default: | <None> |
|---|
Public url to use for versions endpoint. The default is None, which will use the request’s host_url attribute to populate the URL base. If Glance is operating behind a proxy, you will want to change this to represent the proxy’s URL.
-
allow_additional_image_properties
| Type: | boolean |
|---|
| Default: | true |
|---|
Whether to allow users to specify image properties beyond what the image schema provides
-
image_member_quota
-
Maximum number of image members per image. Negative values evaluate to unlimited.
-
image_property_quota
-
Maximum number of properties allowed on an image. Negative values evaluate to unlimited.
-
image_tag_quota
-
Maximum number of tags allowed on an image. Negative values evaluate to unlimited.
-
image_location_quota
-
Maximum number of locations allowed on an image. Negative values evaluate to unlimited.
-
data_api
| Type: | string |
|---|
| Default: | glance.db.sqlalchemy.api |
|---|
Python module path of data access API
-
limit_param_default
-
Default value for the number of items returned by a request if not specified explicitly in the request
-
api_limit_max
| Type: | integer |
|---|
| Default: | 1000 |
|---|
Maximum permissible number of items that could be returned by a request
-
show_image_direct_url
| Type: | boolean |
|---|
| Default: | false |
|---|
Whether to include the backend image storage location in image properties. Revealing storage location can be a security risk, so use this setting with caution!
-
show_multiple_locations
| Type: | boolean |
|---|
| Default: | false |
|---|
Whether to include the backend image locations in image properties. For example, if using the file system store a URL of “file:///path/to/image” will be returned to the user in the ‘direct_url’ meta-data field. Revealing storage location can be a security risk, so use this setting with caution! Setting this to true overrides the show_image_direct_url option.
-
image_size_cap
| Type: | integer |
|---|
| Default: | 1099511627776 |
|---|
| Maximum Value: | 9223372036854775808 |
|---|
Maximum size of image a user can upload in bytes. Defaults to 1099511627776 bytes (1 TB).WARNING: this value should only be increased after careful consideration and must be set to a value under 8 EB (9223372036854775808).
-
user_storage_quota
-
Set a system wide quota for every user. This value is the total capacity that a user can use across all storage systems. A value of 0 means unlimited.Optional unit can be specified for the value. Accepted units are B, KB, MB, GB and TB representing Bytes, KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no unit is specified then Bytes is assumed. Note that there should not be any space between value and unit and units are case sensitive.
-
enable_v1_api
| Type: | boolean |
|---|
| Default: | true |
|---|
Deploy the v1 OpenStack Images API.
-
enable_v2_api
| Type: | boolean |
|---|
| Default: | true |
|---|
Deploy the v2 OpenStack Images API.
-
enable_v1_registry
| Type: | boolean |
|---|
| Default: | true |
|---|
Deploy the v1 OpenStack Registry API.
-
enable_v2_registry
| Type: | boolean |
|---|
| Default: | true |
|---|
Deploy the v2 OpenStack Registry API.
-
pydev_worker_debug_host
| Type: | string |
|---|
| Default: | <None> |
|---|
The hostname/IP of the pydev process listening for debug connections
-
pydev_worker_debug_port
| Type: | unknown type |
|---|
| Default: | 5678 |
|---|
| Minimum Value: | 0 |
|---|
| Maximum Value: | 65535 |
|---|
The port on which a pydev process is listening for connections.
-
metadata_encryption_key
| Type: | string |
|---|
| Default: | <None> |
|---|
AES key for encrypting store ‘location’ metadata. This includes, if used, Swift or S3 credentials. Should be set to a random string of length 16, 24 or 32 bytes
-
digest_algorithm
| Type: | string |
|---|
| Default: | sha256 |
|---|
Digest algorithm which will be used for digital signature. Use the command “openssl list-message-digest-algorithms” to get the available algorithms supported by the version of OpenSSL on the platform. Examples are “sha1”, “sha256”, “sha512”, etc.
-
location_strategy
| Type: | string |
|---|
| Default: | location_order |
|---|
| Valid Values: | location_order, store_type |
|---|
This value sets what strategy will be used to determine the image location order. Currently two strategies are packaged with Glance ‘location_order’ and ‘store_type’.
-
property_protection_file
| Type: | string |
|---|
| Default: | <None> |
|---|
The location of the property protection file.This file contains the rules for property protections and the roles/policies associated with it. If this config value is not specified, by default, property protections won’t be enforced. If a value is specified and the file is not found, then the glance-api service will not start.
-
property_protection_rule_format
| Type: | string |
|---|
| Default: | roles |
|---|
| Valid Values: | roles, policies |
|---|
This config value indicates whether “roles” or “policies” are used in the property protection file.
-
allowed_rpc_exception_modules
| Type: | list |
|---|
| Default: | glance.common.exception,builtins,exceptions |
|---|
Modules of exceptions that are permitted to be recreated upon receiving exception data from an rpc call.
-
bind_host
| Type: | string |
|---|
| Default: | 0.0.0.0 |
|---|
Address to bind the server. Useful when selecting a particular network interface.
-
bind_port
| Type: | unknown type |
|---|
| Default: | <None> |
|---|
| Minimum Value: | 0 |
|---|
| Maximum Value: | 65535 |
|---|
The port on which the server will listen.
-
workers
| Type: | integer |
|---|
| Default: | <None> |
|---|
The number of child process workers that will be created to service requests. The default will be equal to the number of CPUs available.
| Type: | integer |
|---|
| Default: | 16384 |
|---|
Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs
-
http_keepalive
| Type: | boolean |
|---|
| Default: | true |
|---|
If False, server will return the header “Connection: close”, If True, server will return “Connection: Keep-Alive” in its responses. In order to close the client socket connection explicitly after the response is sent and read successfully by the client, you simply have to set this option to False when you create a wsgi server.
-
client_socket_timeout
-
Timeout for client connections’ socket operations. If an incoming connection is idle for this number of seconds it will be closed. A value of ‘0’ means wait forever.
-
backlog
| Type: | integer |
|---|
| Default: | 4096 |
|---|
The backlog value that will be used when creating the TCP listener socket.
-
tcp_keepidle
-
The value for the socket option TCP_KEEPIDLE. This is the time in seconds that the connection must be idle before TCP starts sending keepalive probes.
-
ca_file
| Type: | string |
|---|
| Default: | <None> |
|---|
CA certificate file to use to verify connecting clients.
-
cert_file
| Type: | string |
|---|
| Default: | <None> |
|---|
Certificate file to use when starting API server securely.
-
key_file
| Type: | string |
|---|
| Default: | <None> |
|---|
Private key file to use when starting API server securely.
-
image_cache_sqlite_db
| Type: | string |
|---|
| Default: | cache.db |
|---|
The path to the sqlite file database that will be used for image cache management.
-
image_cache_driver
| Type: | string |
|---|
| Default: | sqlite |
|---|
The driver to use for image cache management.
-
image_cache_max_size
| Type: | integer |
|---|
| Default: | 10737418240 |
|---|
The upper limit (the maximum size of accumulated cache in bytes) beyond which the cache pruner, if running, starts cleaning the image cache.
-
image_cache_stall_time
| Type: | integer |
|---|
| Default: | 86400 |
|---|
The amount of time to let an incomplete image remain in the cache, before the cache cleaner, if running, will remove the incomplete image.
-
image_cache_dir
| Type: | string |
|---|
| Default: | <None> |
|---|
Base directory that the image cache uses.
-
default_publisher_id
| Type: | string |
|---|
| Default: | image.localhost |
|---|
Default publisher_id for outgoing notifications.
-
disabled_notifications
-
List of disabled notifications. A notification can be given either as a notification type to disable a single event, or as a notification group prefix to disable all events within a group. Example: if this config option is set to [“image.create”, “metadef_namespace”], then “image.create” notification will not be sent after image is created and none of the notifications for metadefinition namespaces will be sent.
-
registry_host
| Type: | string |
|---|
| Default: | 0.0.0.0 |
|---|
Address to find the registry server.
-
registry_port
| Type: | unknown type |
|---|
| Default: | 9191 |
|---|
| Minimum Value: | 0 |
|---|
| Maximum Value: | 65535 |
|---|
Port the registry server is listening on.
-
use_user_token
| Type: | boolean |
|---|
| Default: | true |
|---|
Whether to pass through the user token when making requests to the registry. To prevent failures with token expiration during big files upload, it is recommended to set this parameter to False.If “use_user_token” is not in effect, then admin credentials can be specified.
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
| Reason: | This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support. |
|---|
-
admin_user
| Type: | string |
|---|
| Default: | <None> |
|---|
The administrators user name. If “use_user_token” is not in effect, then admin credentials can be specified.
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
| Reason: | This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support. |
|---|
-
admin_password
| Type: | string |
|---|
| Default: | <None> |
|---|
The administrators password. If “use_user_token” is not in effect, then admin credentials can be specified.
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
| Reason: | This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support. |
|---|
-
admin_tenant_name
| Type: | string |
|---|
| Default: | <None> |
|---|
The tenant name of the administrative user. If “use_user_token” is not in effect, then admin tenant name can be specified.
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
| Reason: | This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support. |
|---|
-
auth_url
| Type: | string |
|---|
| Default: | <None> |
|---|
The URL to the keystone service. If “use_user_token” is not in effect and using keystone auth, then URL of keystone can be specified.
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
| Reason: | This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support. |
|---|
-
auth_strategy
| Type: | string |
|---|
| Default: | noauth |
|---|
The strategy to use for authentication. If “use_user_token” is not in effect, then auth strategy can be specified.
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
| Reason: | This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support. |
|---|
-
auth_region
| Type: | string |
|---|
| Default: | <None> |
|---|
The region for the authentication service. If “use_user_token” is not in effect and using keystone auth, then region name can be specified.
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
| Reason: | This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support. |
|---|
-
registry_client_protocol
-
The protocol to use for communication with the registry server. Either http or https.
-
registry_client_key_file
| Type: | string |
|---|
| Default: | <None> |
|---|
The path to the key file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE environment variable to a filepath of the key file
-
registry_client_cert_file
| Type: | string |
|---|
| Default: | <None> |
|---|
The path to the cert file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE environment variable to a filepath of the CA cert file
-
registry_client_ca_file
| Type: | string |
|---|
| Default: | <None> |
|---|
The path to the certifying authority cert file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the CA cert file.
-
registry_client_insecure
| Type: | boolean |
|---|
| Default: | false |
|---|
When using SSL in connections to the registry server, do not require validation via a certifying authority. This is the registry’s equivalent of specifying –insecure on the command line using glanceclient for the API.
-
registry_client_timeout
-
The period of time, in seconds, that the API server will wait for a registry request to complete. A value of 0 implies no timeout.
| Type: | boolean |
|---|
| Default: | false |
|---|
Whether to pass through headers containing user and tenant information when making requests to the registry. This allows the registry to use the context middleware without keystonemiddleware’s auth_token middleware, removing calls to the keystone auth service. It is recommended that when using this option, secure communication between glance api and glance registry is ensured by means other than auth_token middleware.
-
scrub_time
-
The amount of time in seconds to delay before performing a delete.
-
scrub_pool_size
-
The size of thread pool to be used for scrubbing images. The default is one, which signifies serial scrubbing. Any value above one indicates the max number of images that may be scrubbed in parallel.
-
delayed_delete
| Type: | boolean |
|---|
| Default: | false |
|---|
Turn on/off delayed delete.
-
rpc_conn_pool_size
-
Size of RPC connection pool.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rpc_conn_pool_size |
-
rpc_zmq_bind_address
-
ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. The “host” option should point or resolve to this address.
-
rpc_zmq_matchmaker
| Type: | string |
|---|
| Default: | redis |
|---|
| Valid Values: | redis, dummy |
|---|
MatchMaker driver.
-
rpc_zmq_concurrency
| Type: | string |
|---|
| Default: | eventlet |
|---|
Type of concurrency used. Either “native” or “eventlet”
-
rpc_zmq_contexts
-
Number of ZeroMQ contexts, defaults to 1.
-
rpc_zmq_topic_backlog
| Type: | integer |
|---|
| Default: | <None> |
|---|
Maximum number of ingress messages to locally buffer per topic. Default is unlimited.
-
rpc_zmq_ipc_dir
| Type: | string |
|---|
| Default: | /var/run/openstack |
|---|
Directory for holding IPC sockets.
-
rpc_zmq_host
| Type: | string |
|---|
| Default: | localhost |
|---|
Name of this node. Must be a valid hostname, FQDN, or IP address. Must match “host” option, if running Nova.
-
rpc_cast_timeout
-
Seconds to wait before a cast expires (TTL). The default value of -1 specifies an infinite linger period. The value of 0 specifies no linger period. Pending messages shall be discarded immediately when the socket is closed. Only supported by impl_zmq.
-
rpc_poll_timeout
-
The default number of seconds that poll should wait. Poll raises timeout exception when timeout expired.
-
zmq_target_expire
-
Expiration timeout in seconds of a name service record about existing target ( < 0 means no timeout).
-
use_pub_sub
| Type: | boolean |
|---|
| Default: | true |
|---|
Use PUB/SUB pattern for fanout methods. PUB/SUB always uses proxy.
-
rpc_zmq_min_port
| Type: | unknown type |
|---|
| Default: | 49152 |
|---|
| Minimum Value: | 0 |
|---|
| Maximum Value: | 65535 |
|---|
Minimal port number for random ports range.
-
rpc_zmq_max_port
| Type: | integer |
|---|
| Default: | 65536 |
|---|
| Minimum Value: | 1 |
|---|
| Maximum Value: | 65536 |
|---|
Maximal port number for random ports range.
-
rpc_zmq_bind_port_retries
-
Number of retries to find free port number before fail with ZMQBindError.
-
executor_thread_pool_size
-
Size of executor thread pool.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rpc_thread_pool_size |
-
rpc_response_timeout
-
Seconds to wait for a response from a call.
-
transport_url
| Type: | string |
|---|
| Default: | <None> |
|---|
A URL representing the messaging driver to use and its full configuration. If not set, we fall back to the rpc_backend option and driver specific configuration.
-
rpc_backend
| Type: | string |
|---|
| Default: | rabbit |
|---|
The messaging driver to use, defaults to rabbit. Other drivers include amqp and zmq.
-
control_exchange
| Type: | string |
|---|
| Default: | openstack |
|---|
The default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.
-
debug
| Type: | boolean |
|---|
| Default: | false |
|---|
If set to true, the logging level will be set to DEBUG instead of the default INFO level.
-
verbose
| Type: | boolean |
|---|
| Default: | true |
|---|
If set to false, the logging level will be set to WARNING instead of the default INFO level.
Warning
This option is deprecated for removal.
Its value may be silently ignored
in the future.
-
log_config_append
| Type: | string |
|---|
| Default: | <None> |
|---|
The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, logging_context_format_string).
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
log_config |
-
log_date_format
| Type: | string |
|---|
| Default: | %Y-%m-%d %H:%M:%S |
|---|
Defines the format string for %(asctime)s in log records. Default: the value above . This option is ignored if log_config_append is set.
-
log_file
| Type: | string |
|---|
| Default: | <None> |
|---|
(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
logfile |
-
log_dir
| Type: | string |
|---|
| Default: | <None> |
|---|
(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
logdir |
-
watch_log_file
| Type: | boolean |
|---|
| Default: | false |
|---|
Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.
-
use_syslog
| Type: | boolean |
|---|
| Default: | false |
|---|
Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.
-
syslog_log_facility
| Type: | string |
|---|
| Default: | LOG_USER |
|---|
Syslog facility to receive log lines. This option is ignored if log_config_append is set.
-
use_stderr
| Type: | boolean |
|---|
| Default: | true |
|---|
Log output to standard error. This option is ignored if log_config_append is set.
-
logging_context_format_string
| Type: | string |
|---|
| Default: | %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s |
|---|
Format string to use for log messages with context.
-
logging_default_format_string
| Type: | string |
|---|
| Default: | %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s |
|---|
Format string to use for log messages when context is undefined.
-
logging_debug_format_suffix
| Type: | string |
|---|
| Default: | %(funcName)s %(pathname)s:%(lineno)d |
|---|
Additional data to append to log message when logging level for the message is DEBUG.
-
logging_exception_prefix
| Type: | string |
|---|
| Default: | %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s |
|---|
Prefix each line of exception output with this format.
-
logging_user_identity_format
| Type: | string |
|---|
| Default: | %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s |
|---|
Defines the format string for %(user_identity)s that is used in logging_context_format_string.
-
default_log_levels
| Type: | list |
|---|
| Default: | amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO |
|---|
List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.
-
publish_errors
| Type: | boolean |
|---|
| Default: | false |
|---|
Enables or disables publication of error events.
-
instance_format
| Type: | string |
|---|
| Default: | "[instance: %(uuid)s] " |
|---|
The format for an instance that is passed with the log message.
-
instance_uuid_format
| Type: | string |
|---|
| Default: | "[instance: %(uuid)s] " |
|---|
The format for an instance UUID that is passed with the log message.
-
fatal_deprecations
| Type: | boolean |
|---|
| Default: | false |
|---|
Enables or disables fatal status of deprecations.
cors
-
allowed_origin
-
Indicate whether this resource may be shared with the domain received in the requests “origin” header.
-
allow_credentials
| Type: | boolean |
|---|
| Default: | true |
|---|
Indicate that the actual request can include user credentials
| Type: | list |
|---|
| Default: | X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID |
|---|
Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.
-
max_age
| Type: | integer |
|---|
| Default: | 3600 |
|---|
Maximum cache age of CORS preflight requests.
-
allow_methods
| Type: | list |
|---|
| Default: | GET,PUT,POST,DELETE,PATCH |
|---|
Indicate which methods can be used during the actual request.
| Type: | list |
|---|
| Default: | Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID |
|---|
Indicate which header field names may be used during the actual request.
cors.subdomain
-
allowed_origin
-
Indicate whether this resource may be shared with the domain received in the requests “origin” header.
-
allow_credentials
| Type: | boolean |
|---|
| Default: | true |
|---|
Indicate that the actual request can include user credentials
-
expose_headers
| Type: | list |
|---|
| Default: | X-Image-Meta-Checksum,X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID |
|---|
Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.
-
max_age
| Type: | integer |
|---|
| Default: | 3600 |
|---|
Maximum cache age of CORS preflight requests.
-
allow_methods
| Type: | list |
|---|
| Default: | GET,PUT,POST,DELETE,PATCH |
|---|
Indicate which methods can be used during the actual request.
-
allow_headers
| Type: | list |
|---|
| Default: | Content-MD5,X-Image-Meta-Checksum,X-Storage-Token,Accept-Encoding,X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID |
|---|
Indicate which header field names may be used during the actual request.
database
-
sqlite_db
| Type: | string |
|---|
| Default: | oslo.sqlite |
|---|
The file name to use with SQLite.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
sqlite_db |
-
sqlite_synchronous
| Type: | boolean |
|---|
| Default: | true |
|---|
If True, SQLite uses synchronous mode.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
sqlite_synchronous |
-
backend
| Type: | string |
|---|
| Default: | sqlalchemy |
|---|
The back end to use for the database.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
db_backend |
-
connection
| Type: | string |
|---|
| Default: | <None> |
|---|
The SQLAlchemy connection string to use to connect to the database.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
sql_connection |
| DATABASE |
sql_connection |
| sql |
connection |
-
slave_connection
| Type: | string |
|---|
| Default: | <None> |
|---|
The SQLAlchemy connection string to use to connect to the slave database.
-
mysql_sql_mode
| Type: | string |
|---|
| Default: | TRADITIONAL |
|---|
The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
idle_timeout
| Type: | integer |
|---|
| Default: | 3600 |
|---|
Timeout before idle SQL connections are reaped.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
sql_idle_timeout |
| DATABASE |
sql_idle_timeout |
| sql |
idle_timeout |
-
min_pool_size
-
Minimum number of SQL connections to keep open in a pool.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
sql_min_pool_size |
| DATABASE |
sql_min_pool_size |
-
max_pool_size
| Type: | integer |
|---|
| Default: | <None> |
|---|
Maximum number of SQL connections to keep open in a pool.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
sql_max_pool_size |
| DATABASE |
sql_max_pool_size |
-
max_retries
-
Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
sql_max_retries |
| DATABASE |
sql_max_retries |
-
retry_interval
-
Interval between retries of opening a SQL connection.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
sql_retry_interval |
| DATABASE |
reconnect_interval |
-
max_overflow
-
If set, use this value for max_overflow with SQLAlchemy.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
sql_max_overflow |
| DATABASE |
sqlalchemy_max_overflow |
-
connection_debug
-
Verbosity of SQL debugging information: 0=None, 100=Everything.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
sql_connection_debug |
-
connection_trace
| Type: | boolean |
|---|
| Default: | false |
|---|
Add Python stack traces to SQL as comment strings.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
sql_connection_trace |
-
pool_timeout
| Type: | integer |
|---|
| Default: | <None> |
|---|
If set, use this value for pool_timeout with SQLAlchemy.
Deprecated Variations
| Group |
Name |
|---|
| DATABASE |
sqlalchemy_pool_timeout |
-
use_db_reconnect
| Type: | boolean |
|---|
| Default: | false |
|---|
Enable the experimental use of database reconnect on connection lost.
-
db_retry_interval
-
Seconds between retries of a database transaction.
-
db_inc_retry_interval
| Type: | boolean |
|---|
| Default: | true |
|---|
If True, increases the interval between retries of a database operation up to db_max_retry_interval.
-
db_max_retry_interval
-
If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.
-
db_max_retries
-
Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.
-
use_tpool
| Type: | boolean |
|---|
| Default: | false |
|---|
Enable the experimental use of thread pooling for all DB API calls
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
dbapi_use_tpool |
glance_store
-
stores
| Type: | list |
|---|
| Default: | file,http |
|---|
List of stores enabled. Valid stores are: cinder, file, http, rbd, sheepdog, swift, s3, vsphere
-
default_store
-
Default scheme to use to store image data. The scheme must be registered by one of the stores defined by the ‘stores’ config option.
-
store_capabilities_update_min_interval
-
Minimum interval seconds to execute updating dynamic storage capabilities based on backend status then. It’s not a periodic routine, the update logic will be executed only when interval seconds elapsed and an operation of store has triggered. The feature will be enabled only when the option value greater then zero.
-
rbd_store_chunk_size
-
RADOS images will be chunked into objects of this size (in megabytes). For best performance, this should be a power of two.
-
rbd_store_pool
| Type: | string |
|---|
| Default: | images |
|---|
RADOS pool in which images are stored.
-
rbd_store_user
| Type: | string |
|---|
| Default: | <None> |
|---|
RADOS user to authenticate as (only applicable if using Cephx. If <None>, a default will be chosen based on the client. section in rbd_store_ceph_conf)
-
rbd_store_ceph_conf
| Type: | string |
|---|
| Default: | /etc/ceph/ceph.conf |
|---|
Ceph configuration file path. If <None>, librados will locate the default config. If using cephx authentication, this file should include a reference to the right keyring in a client.<USER> section
-
rados_connect_timeout
-
Timeout value (in seconds) used when connecting to ceph cluster. If value <= 0, no timeout is set and default librados value is used.
-
sheepdog_store_chunk_size
-
Images will be chunked into objects of this size (in megabytes). For best performance, this should be a power of two.
-
sheepdog_store_port
| Type: | integer |
|---|
| Default: | 7000 |
|---|
Port of sheep daemon.
-
sheepdog_store_address
| Type: | string |
|---|
| Default: | localhost |
|---|
IP address of sheep daemon.
-
cinder_catalog_info
| Type: | string |
|---|
| Default: | volumev2::publicURL |
|---|
Info to match when looking for cinder in the service catalog. Format is : separated values of the form: <service_type>:<service_name>:<endpoint_type>
-
cinder_endpoint_template
| Type: | string |
|---|
| Default: | <None> |
|---|
Override service catalog lookup with template for cinder endpoint e.g. http://localhost:8776/v2/%(tenant)s
-
cinder_os_region_name
| Type: | string |
|---|
| Default: | <None> |
|---|
Region name of this node. If specified, it will be used to locate OpenStack services for stores.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
os_region_name |
-
cinder_ca_certificates_file
| Type: | string |
|---|
| Default: | <None> |
|---|
Location of ca certicates file to use for cinder client requests.
-
cinder_http_retries
-
Number of cinderclient retries on failed http calls
-
cinder_state_transition_timeout
-
Time period of time in seconds to wait for a cinder volume transition to complete.
-
cinder_api_insecure
| Type: | boolean |
|---|
| Default: | false |
|---|
Allow to perform insecure SSL requests to cinder
-
cinder_store_auth_address
| Type: | string |
|---|
| Default: | <None> |
|---|
The address where the Cinder authentication service is listening. If <None>, the cinder endpoint in the service catalog is used.
-
cinder_store_user_name
| Type: | string |
|---|
| Default: | <None> |
|---|
User name to authenticate against Cinder. If <None>, the user of current context is used.
-
cinder_store_password
| Type: | string |
|---|
| Default: | <None> |
|---|
Password for the user authenticating against Cinder. If <None>, the current context auth token is used.
-
cinder_store_project_name
| Type: | string |
|---|
| Default: | <None> |
|---|
Project name where the image is stored in Cinder. If <None>, the project in current context is used.
-
rootwrap_config
| Type: | string |
|---|
| Default: | /etc/glance/rootwrap.conf |
|---|
Path to the rootwrap configuration file to use for running commands as root.
-
swift_store_auth_insecure
| Type: | boolean |
|---|
| Default: | false |
|---|
If True, swiftclient won’t check for a valid SSL certificate when authenticating.
-
swift_store_cacert
| Type: | string |
|---|
| Default: | <None> |
|---|
A string giving the CA certificate file to use in SSL connections for verifying certs.
-
swift_store_region
| Type: | string |
|---|
| Default: | <None> |
|---|
The region of the swift endpoint to be used for single tenant. This setting is only necessary if the tenant has multiple swift endpoints.
-
swift_store_endpoint
| Type: | string |
|---|
| Default: | <None> |
|---|
If set, the configured endpoint will be used. If None, the storage url from the auth response will be used.
-
swift_store_endpoint_type
| Type: | string |
|---|
| Default: | publicURL |
|---|
A string giving the endpoint type of the swift service to use (publicURL, adminURL or internalURL). This setting is only used if swift_store_auth_version is 2.
-
swift_store_service_type
| Type: | string |
|---|
| Default: | object-store |
|---|
A string giving the service type of the swift service to use. This setting is only used if swift_store_auth_version is 2.
-
swift_store_container
| Type: | string |
|---|
| Default: | glance |
|---|
Container within the account that the account should use for storing images in Swift when using single container mode. In multiple container mode, this will be the prefix for all containers.
-
swift_store_large_object_size
| Type: | integer |
|---|
| Default: | 5120 |
|---|
The size, in MB, that Glance will start chunking image files and do a large object manifest in Swift.
-
swift_store_large_object_chunk_size
-
The amount of data written to a temporary disk buffer during the process of chunking the image file.
-
swift_store_create_container_on_put
| Type: | boolean |
|---|
| Default: | false |
|---|
A boolean value that determines if we create the container if it does not exist.
-
swift_store_multi_tenant
| Type: | boolean |
|---|
| Default: | false |
|---|
If set to True, enables multi-tenant storage mode which causes Glance images to be stored in tenant specific Swift accounts.
-
swift_store_multiple_containers_seed
-
When set to 0, a single-tenant store will only use one container to store all images. When set to an integer value between 1 and 32, a single-tenant store will use multiple containers to store images, and this value will determine how many containers are created.Used only when swift_store_multi_tenant is disabled. The total number of containers that will be used is equal to 16^N, so if this config option is set to 2, then 16^2=256 containers will be used to store images.
-
swift_store_admin_tenants
-
A list of tenants that will be granted read/write access on all Swift containers created by Glance in multi-tenant mode.
-
swift_store_ssl_compression
| Type: | boolean |
|---|
| Default: | true |
|---|
If set to False, disables SSL layer compression of https swift requests. Setting to False may improve performance for images which are already in a compressed format, eg qcow2.
-
swift_store_retry_get_count
-
The number of times a Swift download will be retried before the request fails.
-
swift_store_expire_soon_interval
-
The period of time (in seconds) before token expirationwhen glance_store will try to reques new user token. Default value 60 sec means that if token is going to expire in 1 min then glance_store request new user token.
-
swift_store_use_trusts
| Type: | boolean |
|---|
| Default: | true |
|---|
If set to True create a trust for each add/get request to Multi-tenant store in order to prevent authentication token to be expired during uploading/downloading data. If set to False then user token is used for Swift connection (so no overhead on trust creation). Please note that this option is considered only and only if swift_store_multi_tenant=True
-
default_swift_reference
-
The reference to the default swift account/backing store parameters to use for adding new images.
-
swift_store_auth_version
-
Version of the authentication service to use. Valid versions are 2 and 3 for keystone and 1 (deprecated) for swauth and rackspace. (deprecated - use “auth_version” in swift_store_config_file)
-
swift_store_auth_address
| Type: | string |
|---|
| Default: | <None> |
|---|
The address where the Swift authentication service is listening. (deprecated - use “auth_address” in swift_store_config_file)
-
swift_store_user
| Type: | string |
|---|
| Default: | <None> |
|---|
The user to authenticate against the Swift authentication service (deprecated - use “user” in swift_store_config_file)
-
swift_store_key
| Type: | string |
|---|
| Default: | <None> |
|---|
Auth key for the user authenticating against the Swift authentication service. (deprecated - use “key” in swift_store_config_file)
-
swift_store_config_file
| Type: | string |
|---|
| Default: | <None> |
|---|
The config file that has the swift account(s)configs.
-
filesystem_store_datadir
| Type: | string |
|---|
| Default: | /var/lib/glance/images |
|---|
Directory to which the Filesystem backend store writes images.
-
filesystem_store_datadirs
| Type: | multi-valued |
|---|
| Default: | |
|---|
List of directories and its priorities to which the Filesystem backend store writes images.
-
filesystem_store_metadata_file
| Type: | string |
|---|
| Default: | <None> |
|---|
The path to a file which contains the metadata to be returned with any location associated with this store. The file must contain a valid JSON object. The object should contain the keys ‘id’ and ‘mountpoint’. The value for both keys should be ‘string’.
-
filesystem_store_file_perm
-
The required permission for created image file. In this way the user other service used, e.g. Nova, who consumes the image could be the exclusive member of the group that owns the files created. Assigning it less then or equal to zero means don’t change the default permission of the file. This value will be decoded as an octal digit.
-
https_ca_certificates_file
| Type: | string |
|---|
| Default: | <None> |
|---|
Specify the path to the CA bundle file to use in verifying the remote server certificate.
-
https_insecure
| Type: | boolean |
|---|
| Default: | true |
|---|
If true, the remote server certificate is not verified. If false, then the default CA truststore is used for verification. This option is ignored if “https_ca_certificates_file” is set.
-
http_proxy_information
-
Specify the http/https proxy information that should be used to connect to the remote server. The proxy information should be a key value pair of the scheme and proxy. e.g. http:10.0.0.1:3128. You can specify proxies for multiple schemes by seperating the key value pairs with a comma.e.g. http:10.0.0.1:3128, https:10.0.0.1:1080.
-
vmware_server_host
| Type: | string |
|---|
| Default: | <None> |
|---|
ESX/ESXi or vCenter Server target system. The server value can be an IP address or a DNS name.
-
vmware_server_username
| Type: | string |
|---|
| Default: | <None> |
|---|
Username for authenticating with VMware ESX/VC server.
-
vmware_server_password
| Type: | string |
|---|
| Default: | <None> |
|---|
Password for authenticating with VMware ESX/VC server.
-
vmware_api_retry_count
-
Number of times VMware ESX/VC server API must be retried upon connection related issues.
-
vmware_task_poll_interval
-
The interval used for polling remote tasks invoked on VMware ESX/VC server.
-
vmware_store_image_dir
| Type: | string |
|---|
| Default: | /openstack_glance |
|---|
The name of the directory where the glance images will be stored in the VMware datastore.
-
vmware_insecure
| Type: | boolean |
|---|
| Default: | false |
|---|
If true, the ESX/vCenter server certificate is not verified. If false, then the default CA truststore is used for verification. This option is ignored if “vmware_ca_file” is set.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
vmware_api_insecure |
-
vmware_ca_file
| Type: | string |
|---|
| Default: | <None> |
|---|
Specify a CA bundle file to use in verifying the ESX/vCenter server certificate.
-
vmware_datastores
| Type: | multi-valued |
|---|
| Default: | |
|---|
A list of datastores where the image can be stored. This option may be specified multiple times for specifying multiple datastores. The datastore name should be specified after its datacenter path, seperated by ”:”. An optional weight may be given after the datastore name, seperated again by ”:”. Thus, the required format becomes <datacenter_path>:<datastore_name>:<optional_weight>. When adding an image, the datastore with highest weight will be selected, unless there is not enough free space available in cases where the image size is already known. If no weight is given, it is assumed to be zero and the directory will be considered for selection last. If multiple datastores have the same weight, then the one with the most free space available is selected.
-
s3_store_host
| Type: | string |
|---|
| Default: | <None> |
|---|
The host where the S3 server is listening.
-
s3_store_access_key
| Type: | string |
|---|
| Default: | <None> |
|---|
The S3 query token access key.
-
s3_store_secret_key
| Type: | string |
|---|
| Default: | <None> |
|---|
The S3 query token secret key.
-
s3_store_bucket
| Type: | string |
|---|
| Default: | <None> |
|---|
The S3 bucket to be used to store the Glance data.
-
s3_store_object_buffer_dir
| Type: | string |
|---|
| Default: | <None> |
|---|
The local directory where uploads will be staged before they are transferred into S3.
-
s3_store_create_bucket_on_put
| Type: | boolean |
|---|
| Default: | false |
|---|
A boolean to determine if the S3 bucket should be created on upload if it does not exist or if an error should be returned to the user.
-
s3_store_bucket_url_format
| Type: | string |
|---|
| Default: | subdomain |
|---|
The S3 calling format used to determine the bucket. Either subdomain or path can be used.
-
s3_store_large_object_size
-
What size, in MB, should S3 start chunking image files and do a multipart upload in S3.
-
s3_store_large_object_chunk_size
-
What multipart upload part size, in MB, should S3 use when uploading parts. The size must be greater than or equal to 5M.
-
s3_store_thread_pools
-
The number of thread pools to perform a multipart upload in S3.
-
s3_store_enable_proxy
| Type: | boolean |
|---|
| Default: | false |
|---|
Enable the use of a proxy.
-
s3_store_proxy_host
| Type: | string |
|---|
| Default: | <None> |
|---|
Address or hostname for the proxy server.
-
s3_store_proxy_port
| Type: | integer |
|---|
| Default: | 8080 |
|---|
The port to use when connecting over a proxy.
-
s3_store_proxy_user
| Type: | string |
|---|
| Default: | <None> |
|---|
The username to connect to the proxy.
-
s3_store_proxy_password
| Type: | string |
|---|
| Default: | <None> |
|---|
The password to use when connecting over a proxy.
image_format
-
container_formats
| Type: | list |
|---|
| Default: | ami,ari,aki,bare,ovf,ova,docker |
|---|
Supported values for the ‘container_format’ image attribute
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
container_formats |
-
disk_formats
| Type: | list |
|---|
| Default: | ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso |
|---|
Supported values for the ‘disk_format’ image attribute
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
disk_formats |
keystone_authtoken
-
auth_uri
| Type: | string |
|---|
| Default: | <None> |
|---|
Complete public Identity API endpoint.
-
auth_version
| Type: | string |
|---|
| Default: | <None> |
|---|
API version of the admin Identity API endpoint.
-
delay_auth_decision
| Type: | boolean |
|---|
| Default: | false |
|---|
Do not handle authorization requests within the middleware, but delegate the authorization decision to downstream WSGI components.
-
http_connect_timeout
| Type: | integer |
|---|
| Default: | <None> |
|---|
Request timeout value for communicating with Identity API server.
-
http_request_max_retries
-
How many times are we trying to reconnect when communicating with Identity API Server.
-
cache
| Type: | string |
|---|
| Default: | <None> |
|---|
Env key for the swift cache.
-
certfile
| Type: | string |
|---|
| Default: | <None> |
|---|
Required if identity server requires client certificate
-
keyfile
| Type: | string |
|---|
| Default: | <None> |
|---|
Required if identity server requires client certificate
-
cafile
| Type: | string |
|---|
| Default: | <None> |
|---|
A PEM encoded Certificate Authority to use when verifying HTTPs connections. Defaults to system CAs.
-
insecure
| Type: | boolean |
|---|
| Default: | false |
|---|
Verify HTTPS connections.
-
region_name
| Type: | string |
|---|
| Default: | <None> |
|---|
The region in which the identity server can be found.
-
signing_dir
| Type: | string |
|---|
| Default: | <None> |
|---|
Directory used to cache files related to PKI tokens.
-
memcached_servers
-
Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
memcache_servers |
-
token_cache_time
-
In order to prevent excessive effort spent validating tokens, the middleware caches previously-seen tokens for a configurable duration (in seconds). Set to -1 to disable caching completely.
-
revocation_cache_time
-
Determines the frequency at which the list of revoked tokens is retrieved from the Identity service (in seconds). A high number of revocation events combined with a low cache duration may significantly reduce performance.
-
memcache_security_strategy
| Type: | string |
|---|
| Default: | None |
|---|
| Valid Values: | None, MAC, ENCRYPT |
|---|
(Optional) If defined, indicate whether token data should be authenticated or authenticated and encrypted. If MAC, token data is authenticated (with HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the cache. If the value is not one of these options or empty, auth_token will raise an exception on initialization.
-
memcache_secret_key
| Type: | string |
|---|
| Default: | <None> |
|---|
(Optional, mandatory if memcache_security_strategy is defined) This string is used for key derivation.
-
memcache_pool_dead_retry
-
(Optional) Number of seconds memcached server is considered dead before it is tried again.
-
memcache_pool_maxsize
-
(Optional) Maximum total number of open connections to every memcached server.
-
memcache_pool_socket_timeout
-
(Optional) Socket timeout in seconds for communicating with a memcached server.
-
memcache_pool_unused_timeout
-
(Optional) Number of seconds a connection to memcached is held unused in the pool before it is closed.
-
memcache_pool_conn_get_timeout
-
(Optional) Number of seconds that an operation will wait to get a memcached client connection from the pool.
-
memcache_use_advanced_pool
| Type: | boolean |
|---|
| Default: | false |
|---|
(Optional) Use the advanced (eventlet safe) memcached client pool. The advanced pool will only work under python 2.x.
-
include_service_catalog
| Type: | boolean |
|---|
| Default: | true |
|---|
(Optional) Indicate whether to set the X-Service-Catalog header. If False, middleware will not ask for service catalog on token validation and will not set the X-Service-Catalog header.
-
enforce_token_bind
| Type: | string |
|---|
| Default: | permissive |
|---|
Used to control the use and type of token binding. Can be set to: “disabled” to not check token binding. “permissive” (default) to validate binding information if the bind type is of a form known to the server and ignore it if not. “strict” like “permissive” but if the bind type is unknown the token will be rejected. “required” any form of token binding is needed to be allowed. Finally the name of a binding method that must be present in tokens.
-
check_revocations_for_cached
| Type: | boolean |
|---|
| Default: | false |
|---|
If true, the revocation list will be checked for cached tokens. This requires that PKI tokens are configured on the identity server.
-
hash_algorithms
-
Hash algorithms to use for hashing PKI tokens. This may be a single algorithm or multiple. The algorithms are those supported by Python standard hashlib.new(). The hashes will be tried in the order given, so put the preferred one first for performance. The result of the first hash will be stored in the cache. This will typically be set to multiple values only while migrating from a less secure algorithm to a more secure one. Once all the old tokens are expired this option should be set to a single value for better performance.
-
auth_type
| Type: | unknown type |
|---|
| Default: | <None> |
|---|
Authentication type to load
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
auth_plugin |
-
auth_section
| Type: | unknown type |
|---|
| Default: | <None> |
|---|
Config Section from which to load plugin specific options
matchmaker_redis
-
host
| Type: | string |
|---|
| Default: | 127.0.0.1 |
|---|
Host to locate redis.
-
port
| Type: | unknown type |
|---|
| Default: | 6379 |
|---|
| Minimum Value: | 0 |
|---|
| Maximum Value: | 65535 |
|---|
Use this port to connect to redis host.
-
password
-
Password for Redis server (optional).
-
sentinel_hosts
-
List of Redis Sentinel hosts (fault tolerance mode) e.g. [host:port, host1:port ... ]
-
sentinel_group_name
| Type: | string |
|---|
| Default: | oslo-messaging-zeromq |
|---|
Redis replica set name.
-
wait_timeout
-
Time in ms to wait between connection attempts.
-
check_timeout
| Type: | integer |
|---|
| Default: | 20000 |
|---|
Time in ms to wait before the transaction is killed.
-
socket_timeout
| Type: | integer |
|---|
| Default: | 1000 |
|---|
Timeout in ms on blocking socket operations
oslo_concurrency
-
disable_process_locking
| Type: | boolean |
|---|
| Default: | false |
|---|
Enables or disables inter-process locks.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
disable_process_locking |
-
lock_path
| Type: | string |
|---|
| Default: | <None> |
|---|
Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
lock_path |
oslo_messaging_amqp
-
server_request_prefix
| Type: | string |
|---|
| Default: | exclusive |
|---|
address prefix used when sending to a specific server
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
server_request_prefix |
-
broadcast_prefix
| Type: | string |
|---|
| Default: | broadcast |
|---|
address prefix used when broadcasting to all servers
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
broadcast_prefix |
-
group_request_prefix
| Type: | string |
|---|
| Default: | unicast |
|---|
address prefix when sending to any server in group
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
group_request_prefix |
-
container_name
| Type: | string |
|---|
| Default: | <None> |
|---|
Name for the AMQP container
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
container_name |
-
idle_timeout
-
Timeout for inactive connections (in seconds)
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
idle_timeout |
-
trace
| Type: | boolean |
|---|
| Default: | false |
|---|
Debug: dump AMQP frames to stdout
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
trace |
-
ssl_ca_file
-
CA certificate PEM file to verify server certificate
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
ssl_ca_file |
-
ssl_cert_file
-
Identifying certificate PEM file to present to clients
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
ssl_cert_file |
-
ssl_key_file
-
Private key PEM file used to sign cert_file certificate
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
ssl_key_file |
-
ssl_key_password
| Type: | string |
|---|
| Default: | <None> |
|---|
Password for decrypting ssl_key_file (if encrypted)
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
ssl_key_password |
-
allow_insecure_clients
| Type: | boolean |
|---|
| Default: | false |
|---|
Accept clients using either SSL or plain TCP
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
allow_insecure_clients |
-
sasl_mechanisms
-
Space separated list of acceptable SASL mechanisms
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
sasl_mechanisms |
-
sasl_config_dir
-
Path to directory that contains the SASL configuration
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
sasl_config_dir |
-
sasl_config_name
-
Name of configuration file (without .conf suffix)
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
sasl_config_name |
-
username
-
User name for message broker authentication
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
username |
-
password
-
Password for message broker authentication
Deprecated Variations
| Group |
Name |
|---|
| amqp1 |
password |
oslo_messaging_notifications
-
driver
| Type: | multi-valued |
|---|
| Default: | |
|---|
The Drivers(s) to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
notification_driver |
-
transport_url
| Type: | string |
|---|
| Default: | <None> |
|---|
A URL representing the messaging driver to use for notifications. If not set, we fall back to the same configuration used for RPC.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
notification_transport_url |
-
topics
| Type: | list |
|---|
| Default: | notifications |
|---|
AMQP topic used for OpenStack notifications.
Deprecated Variations
| Group |
Name |
|---|
| rpc_notifier2 |
topics |
| DEFAULT |
notification_topics |
oslo_messaging_rabbit
-
amqp_durable_queues
| Type: | boolean |
|---|
| Default: | false |
|---|
Use durable queues in AMQP.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
amqp_durable_queues |
| DEFAULT |
rabbit_durable_queues |
-
amqp_auto_delete
| Type: | boolean |
|---|
| Default: | false |
|---|
Auto-delete queues in AMQP.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
amqp_auto_delete |
-
kombu_ssl_version
-
SSL version to use (valid only if SSL enabled). Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may be available on some distributions.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
kombu_ssl_version |
-
kombu_ssl_keyfile
-
SSL key file (valid only if SSL enabled).
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
kombu_ssl_keyfile |
-
kombu_ssl_certfile
-
SSL cert file (valid only if SSL enabled).
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
kombu_ssl_certfile |
-
kombu_ssl_ca_certs
-
SSL certification authority file (valid only if SSL enabled).
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
kombu_ssl_ca_certs |
-
kombu_reconnect_delay
| Type: | floating point |
|---|
| Default: | 1.0 |
|---|
How long to wait before reconnecting in response to an AMQP consumer cancel notification.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
kombu_reconnect_delay |
-
kombu_compression
| Type: | string |
|---|
| Default: | <None> |
|---|
EXPERIMENTAL: Possible values are: gzip, bz2. If not set compression will not be used. This option may notbe available in future versions.
-
kombu_missing_consumer_retry_timeout
-
How long to wait a missing client beforce abandoning to send it its replies. This value should not be longer than rpc_response_timeout.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
kombu_reconnect_timeout |
-
kombu_failover_strategy
| Type: | string |
|---|
| Default: | round-robin |
|---|
| Valid Values: | round-robin, shuffle |
|---|
Determines how the next RabbitMQ node is chosen in case the one we are currently connected to becomes unavailable. Takes effect only if more than one RabbitMQ node is provided in config.
-
rabbit_host
| Type: | string |
|---|
| Default: | localhost |
|---|
The RabbitMQ broker address where a single node is used.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rabbit_host |
-
rabbit_port
| Type: | unknown type |
|---|
| Default: | 5672 |
|---|
| Minimum Value: | 0 |
|---|
| Maximum Value: | 65535 |
|---|
The RabbitMQ broker port where a single node is used.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rabbit_port |
-
rabbit_hosts
| Type: | list |
|---|
| Default: | $rabbit_host:$rabbit_port |
|---|
RabbitMQ HA cluster host:port pairs.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rabbit_hosts |
-
rabbit_use_ssl
| Type: | boolean |
|---|
| Default: | false |
|---|
Connect over SSL for RabbitMQ.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rabbit_use_ssl |
-
rabbit_userid
| Type: | string |
|---|
| Default: | guest |
|---|
The RabbitMQ userid.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rabbit_userid |
-
rabbit_password
| Type: | string |
|---|
| Default: | guest |
|---|
The RabbitMQ password.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rabbit_password |
-
rabbit_login_method
| Type: | string |
|---|
| Default: | AMQPLAIN |
|---|
The RabbitMQ login method.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rabbit_login_method |
-
rabbit_virtual_host
-
The RabbitMQ virtual host.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rabbit_virtual_host |
-
rabbit_retry_interval
-
How frequently to retry connecting with RabbitMQ.
-
rabbit_retry_backoff
-
How long to backoff for between retries when connecting to RabbitMQ.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rabbit_retry_backoff |
-
rabbit_interval_max
-
Maximum interval of RabbitMQ connection retries. Default is 30 seconds.
-
rabbit_max_retries
-
Maximum number of RabbitMQ connection retries. Default is 0 (infinite retry count).
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rabbit_max_retries |
-
rabbit_ha_queues
| Type: | boolean |
|---|
| Default: | false |
|---|
Try to use HA queues in RabbitMQ (x-ha-policy: all). If you change this option, you must wipe the RabbitMQ database. In RabbitMQ 3.0, queue mirroring is no longer controlled by the x-ha-policy argument when declaring a queue. If you just want to make sure that all queues (except those with auto-generated names) are mirrored across all nodes, run: “rabbitmqctl set_policy HA ‘^(?!amq.).*’ ‘{“ha-mode”: “all”}’ “
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
rabbit_ha_queues |
-
rabbit_transient_queues_ttl
| Type: | integer |
|---|
| Default: | 1800 |
|---|
| Minimum Value: | 1 |
|---|
Positive integer representing duration in seconds for queue TTL (x-expires). Queues which are unused for the duration of the TTL are automatically deleted. The parameter affects only reply and fanout queues.
-
rabbit_qos_prefetch_count
-
Specifies the number of messages to prefetch. Setting to zero allows unlimited messages.
-
heartbeat_timeout_threshold
-
Number of seconds after which the Rabbit broker is considered down if heartbeat’s keep-alive fails (0 disable the heartbeat). EXPERIMENTAL
-
heartbeat_rate
-
How often times during the heartbeat_timeout_threshold we check the heartbeat.
-
fake_rabbit
| Type: | boolean |
|---|
| Default: | false |
|---|
Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
fake_rabbit |
-
channel_max
| Type: | integer |
|---|
| Default: | <None> |
|---|
Maximum number of channels to allow
-
frame_max
| Type: | integer |
|---|
| Default: | <None> |
|---|
The maximum byte size for an AMQP frame
-
heartbeat_interval
-
How often to send heartbeats for consumer’s connections
-
ssl
| Type: | boolean |
|---|
| Default: | <None> |
|---|
Enable SSL
-
ssl_options
-
Arguments passed to ssl.wrap_socket
-
socket_timeout
| Type: | floating point |
|---|
| Default: | 0.25 |
|---|
Set socket timeout in seconds for connection’s socket
-
tcp_user_timeout
| Type: | floating point |
|---|
| Default: | 0.25 |
|---|
Set TCP_USER_TIMEOUT in seconds for connection’s socket
-
host_connection_reconnect_delay
| Type: | floating point |
|---|
| Default: | 0.25 |
|---|
Set delay for reconnection to some host which has connection error
-
pool_max_size
-
Maximum number of connections to keep queued.
-
pool_max_overflow
-
Maximum number of connections to create above pool_max_size.
-
pool_timeout
-
Default number of seconds to wait for a connections to available
-
pool_recycle
-
Lifetime of a connection (since creation) in seconds or None for no recycling. Expired connections are closed on acquire.
-
pool_stale
-
Threshold at which inactive (since release) connections are considered stale in seconds or None for no staleness. Stale connections are closed on acquire.
-
notification_persistence
| Type: | boolean |
|---|
| Default: | false |
|---|
Persist notification messages.
-
default_notification_exchange
| Type: | string |
|---|
| Default: | ${control_exchange}_notification |
|---|
Exchange name for for sending notifications
-
notification_listener_prefetch_count
-
Max number of not acknowledged message which RabbitMQ can send to notification listener.
-
default_notification_retry_attempts
-
Reconnecting retry count in case of connectivity problem during sending notification, -1 means infinite retry.
-
notification_retry_delay
| Type: | floating point |
|---|
| Default: | 0.25 |
|---|
Reconnecting retry delay in case of connectivity problem during sending notification message
-
rpc_queue_expiration
-
Time to live for rpc queues without consumers in seconds.
-
default_rpc_exchange
| Type: | string |
|---|
| Default: | ${control_exchange}_rpc |
|---|
Exchange name for sending RPC messages
-
rpc_reply_exchange
| Type: | string |
|---|
| Default: | ${control_exchange}_rpc_reply |
|---|
Exchange name for receiving RPC replies
-
rpc_listener_prefetch_count
-
Max number of not acknowledged message which RabbitMQ can send to rpc listener.
-
rpc_reply_listener_prefetch_count
-
Max number of not acknowledged message which RabbitMQ can send to rpc reply listener.
-
rpc_reply_retry_attempts
-
Reconnecting retry count in case of connectivity problem during sending reply. -1 means infinite retry during rpc_timeout
-
rpc_reply_retry_delay
| Type: | floating point |
|---|
| Default: | 0.25 |
|---|
Reconnecting retry delay in case of connectivity problem during sending reply.
-
default_rpc_retry_attempts
-
Reconnecting retry count in case of connectivity problem during sending RPC message, -1 means infinite retry. If actual retry attempts in not 0 the rpc request could be processed more then one time
-
rpc_retry_delay
| Type: | floating point |
|---|
| Default: | 0.25 |
|---|
Reconnecting retry delay in case of connectivity problem during sending RPC message
oslo_policy
-
policy_file
| Type: | string |
|---|
| Default: | policy.json |
|---|
The JSON file that defines policies.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
policy_file |
-
policy_default_rule
| Type: | string |
|---|
| Default: | default |
|---|
Default rule. Enforced when a requested rule is not found.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
policy_default_rule |
-
policy_dirs
| Type: | multi-valued |
|---|
| Default: | policy.d |
|---|
Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
policy_dirs |
paste_deploy
-
flavor
| Type: | string |
|---|
| Default: | <None> |
|---|
Partial name of a pipeline in your paste configuration file with the service name removed. For example, if your paste section name is [pipeline:glance-api-keystone] use the value “keystone”
-
config_file
| Type: | string |
|---|
| Default: | <None> |
|---|
Name of the paste configuration file.
profiler
-
enabled
| Type: | boolean |
|---|
| Default: | false |
|---|
If False fully disable profiling feature.
-
trace_sqlalchemy
| Type: | boolean |
|---|
| Default: | false |
|---|
If False doesn’t trace SQL requests.
-
hmac_keys
| Type: | string |
|---|
| Default: | SECRET_KEY |
|---|
Secret key to use to sign Glance API and Glance Registry services tracing messages.
store_type_location_strategy
-
store_type_preference
-
The store names to use to get store preference order. The name must be registered by one of the stores defined by the ‘stores’ config option. This option will be applied when you using ‘store_type’ option as image location strategy defined by the ‘location_strategy’ config option.
task
-
task_time_to_live
-
Time in hours for which a task lives after, either succeeding or failing
Deprecated Variations
| Group |
Name |
|---|
| DEFAULT |
task_time_to_live |
-
task_executor
| Type: | string |
|---|
| Default: | taskflow |
|---|
Specifies which task executor to be used to run the task scripts.
-
work_dir
| Type: | string |
|---|
| Default: | <None> |
|---|
Work dir for asynchronous task operations. The directory set here will be used to operate over images - normally before they are imported in the destination store. When providing work dir, make sure enough space is provided for concurrent tasks to run efficiently without running out of space. A rough estimation can be done by multiplying the number of max_workers - or the N of workers running - by an average image size (e.g 500MB). The image size estimation should be done based on the average size in your deployment. Note that depending on the tasks running you may need to multiply this number by some factor depending on what the task does. For example, you may want to double the available size if image conversion is enabled. All this being said, remember these are just estimations and you should do them based on the worst case scenario and be prepared to act in case they were wrong.
taskflow_executor
-
engine_mode
| Type: | string |
|---|
| Default: | parallel |
|---|
| Valid Values: | serial, parallel |
|---|
The mode in which the engine will run. Can be ‘serial’ or ‘parallel’.
-
max_workers
-
The number of parallel activities executed at the same time by the engine. The value can be greater than one when the engine mode is ‘parallel’.
Deprecated Variations
| Group |
Name |
|---|
| task |
eventlet_executor_pool_size |