Liberty - Liberty - Liberty - Liberty - Liberty - Liberty - Liberty - Liberty -
The Image service has two APIs: the user-facing API, and the registry API, which is for internal requests that require access to the database.
Both of the APIs currently have two major versions, v1 and v2.
It is possible to run either or both versions, by setting appropriate
values of enable_v1_api
,
enable_v2_api
, enable_v1_registry
and
enable_v2_registry
. If the v2 API is used, running
glance-registry
is optional, as
v2 of glance-api
can connect directly to the database.
Tables of all the options used to configure the APIs, including enabling SSL and modifying WSGI settings are found below.
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
admin_role = admin |
(StrOpt) Role used to identify an authenticated user as administrator. |
allow_anonymous_access = False |
(BoolOpt) Allow unauthenticated users to access the API with read-only privileges. This only applies when using ContextMiddleware. |
available_plugins =
|
(ListOpt) A list of artifacts that are allowed in the format name or name-version. Empty list means that any artifact can be loaded. |
client_socket_timeout = 900 |
(IntOpt) Timeout for client connections' socket operations. If an incoming connection is idle for this number of seconds it will be closed. A value of '0' means wait forever. |
enable_v1_api = True |
(BoolOpt) Deploy the v1 OpenStack Images API. |
enable_v1_registry = True |
(BoolOpt) Deploy the v1 OpenStack Registry API. |
enable_v2_api = True |
(BoolOpt) Deploy the v2 OpenStack Images API. |
enable_v2_registry = True |
(BoolOpt) Deploy the v2 OpenStack Registry API. |
enable_v3_api = False |
(BoolOpt) Deploy the v3 OpenStack Objects API. |
http_keepalive = True |
(BoolOpt) If False, server will return the header "Connection: close", If True, server will return "Connection: Keep-Alive" in its responses. In order to close the client socket connection explicitly after the response is sent and read successfully by the client, you simply have to set this option to False when you create a wsgi server. |
image_size_cap = 1099511627776 |
(IntOpt) Maximum size of image a user can upload in bytes. Defaults to 1099511627776 bytes (1 TB).WARNING: this value should only be increased after careful consideration and must be set to a value under 8 EB (9223372036854775808). |
load_enabled = True |
(BoolOpt) When false, no artifacts can be loaded regardless of available_plugins. When true, artifacts can be loaded. |
location_strategy = location_order |
(StrOpt) This value sets what strategy will be used to determine the image location order. Currently two strategies are packaged with Glance 'location_order' and 'store_type'. |
max_header_line = 16384 |
(IntOpt) Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs |
max_request_id_length = 64 |
(IntOpt) Limits request ID length. |
owner_is_tenant = True |
(BoolOpt) When true, this option sets the owner of an image to be the tenant. Otherwise, the owner of the image will be the authenticated user issuing the request. |
public_endpoint = None |
(StrOpt) Public url to use for versions endpoint. The default is None, which will use the request's host_url attribute to populate the URL base. If Glance is operating behind a proxy, you will want to change this to represent the proxy's URL. |
send_identity_headers = False |
(BoolOpt) Whether to pass through headers containing user and tenant information when making requests to the registry. This allows the registry to use the context middleware without keystonemiddleware's auth_token middleware, removing calls to the keystone auth service. It is recommended that when using this option, secure communication between glance api and glance registry is ensured by means other than auth_token middleware. |
show_multiple_locations = False |
(BoolOpt) Whether to include the backend image locations in image properties. For example, if using the file system store a URL of "file:///path/to/image" will be returned to the user in the 'direct_url' meta-data field. Revealing storage location can be a security risk, so use this setting with caution! The overrides show_image_direct_url. |
tcp_keepidle = 600 |
(IntOpt) The value for the socket option TCP_KEEPIDLE. This is the time in seconds that the connection must be idle before TCP starts sending keepalive probes. |
use_user_token = True |
(BoolOpt) Whether to pass through the user token when making requests to the registry. To prevent failures with token expiration during big files upload, it is recommended to set this parameter to False.If "use_user_token" is not in effect, then admin credentials can be specified. |
[glance_store] | |
default_store = file |
(StrOpt) Default scheme to use to store image data. The scheme must be registered by one of the stores defined by the 'stores' config option. |
store_capabilities_update_min_interval = 0 |
(IntOpt) Minimum interval seconds to execute updating dynamic storage capabilities based on backend status then. It's not a periodic routine, the update logic will be executed only when interval seconds elapsed and an operation of store has triggered. The feature will be enabled only when the option value greater then zero. |
stores = file, http |
(ListOpt) List of stores enabled |
[oslo_middleware] | |
max_request_body_size = 114688 |
(IntOpt) The maximum body size for each request, in bytes. |
secure_proxy_ssl_header = X-Forwarded-Proto |
(StrOpt) The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by an SSL termination proxy. |
[paste_deploy] | |
config_file = None |
(StrOpt) Name of the paste configuration file. |
flavor = None |
(StrOpt) Partial name of a pipeline in your paste configuration file with the service name removed. For example, if your paste section name is [pipeline:glance-api-keystone] use the value "keystone" |
[store_type_location_strategy] | |
store_type_preference =
|
(ListOpt) The store names to use to get store preference order. The name must be registered by one of the stores defined by the 'stores' config option. This option will be applied when you using 'store_type' option as image location strategy defined by the 'location_strategy' config option. |
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
ca_file = None |
(StrOpt) CA certificate file to use to verify connecting clients. |
cert_file = None |
(StrOpt) Certificate file to use when starting API server securely. |
key_file = None |
(StrOpt) Private key file to use when starting API server securely. |