2 # Show more verbose log output (sets INFO log level output)
5 # Show debugging output in logs (sets DEBUG log level output)
8 # Which backend scheme should Glance use by default is not specified
9 # in a request to add a new image to Glance? Known schemes are determined
10 # by the known_stores option below.
12 # "default_store" option has been moved to [glance_store] section in
15 # List of which store classes and store class locations are
16 # currently known to glance at startup.
17 # Existing but disabled stores:
18 # glance.store.rbd.Store,
19 # glance.store.s3.Store,
20 # glance.store.swift.Store,
21 # glance.store.sheepdog.Store,
22 # glance.store.cinder.Store,
23 # glance.store.gridfs.Store,
24 # glance.store.vmware_datastore.Store,
25 #known_stores = glance.store.filesystem.Store,
26 # glance.store.http.Store
29 # Maximum image size (in bytes) that may be uploaded through the
30 # Glance API server. Defaults to 1 TB.
31 # WARNING: this value should only be increased after careful consideration
32 # and must be set to a value under 8 EB (9223372036854775808).
33 #image_size_cap = 1099511627776
35 # Address to bind the API server
36 bind_host = {{ image_host }}
38 # Port the bind the API server to
41 # Log to this file. Make sure you do not set the same log file for both the API
42 # and registry servers!
44 # If `log_file` is omitted and `use_syslog` is false, then log messages are
45 # sent to stdout as a fallback.
46 log_file = /var/log/glance/api.log
48 # Backlog requests when creating socket
51 # TCP_KEEPIDLE value in seconds when creating socket.
52 # Not supported on OS X.
55 # API to use for accessing data. Default value points to sqlalchemy
56 # package, it is also possible to use: glance.db.registry.api
57 # data_api = glance.db.sqlalchemy.api
59 # Number of Glance API worker processes to start.
60 # On machines with more than one CPU increasing this value
61 # may improve performance (especially if using SSL with
62 # compression turned on). It is typically recommended to set
63 # this value to the number of CPUs present on your machine.
66 # Maximum line size of message headers to be accepted.
67 # max_header_line may need to be increased when using large tokens
68 # (typically those generated by the Keystone v3 API with big service
70 # max_header_line = 16384
72 # Role used to identify an authenticated user as administrator
75 # Allow unauthenticated users to access the API with read-only
76 # privileges. This only applies when using ContextMiddleware.
77 #allow_anonymous_access = False
79 # Allow access to version 1 of glance api
82 # Allow access to version 2 of glance api
85 # Return the URL that references where the data is stored on
86 # the backend storage system. For example, if using the
87 # file system store a URL of 'file:///path/to/image' will
88 # be returned to the user in the 'direct_url' meta-data field.
89 # The default value is false.
90 #show_image_direct_url = False
92 # Send headers containing user and tenant information when making requests to
93 # the v1 glance registry. This allows the registry to function as if a user is
94 # authenticated without the need to authenticate a user itself using the
95 # auth_token middleware.
96 # The default value is false.
97 #send_identity_headers = False
99 # Supported values for the 'container_format' image attribute
100 #container_formats=ami,ari,aki,bare,ovf,ova
102 # Supported values for the 'disk_format' image attribute
103 #disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso
105 # Directory to use for lock files. Default to a temp directory
106 # (string value). This setting needs to be the same for both
107 # glance-scrubber and glance-api.
110 # Property Protections config file
111 # This file contains the rules for property protections and the roles/policies
112 # associated with it.
113 # If this config value is not specified, by default, property protections
115 # If a value is specified and the file is not found, then the glance-api
116 # service will not start.
117 #property_protection_file =
119 # Specify whether 'roles' or 'policies' are used in the
120 # property_protection_file.
121 # The default value for property_protection_rule_format is 'roles'.
122 #property_protection_rule_format = roles
124 # Specifies how long (in hours) a task is supposed to live in the tasks DB
125 # after succeeding or failing before getting soft-deleted.
126 # The default value for task_time_to_live is 48 hours.
127 # task_time_to_live = 48
129 # This value sets what strategy will be used to determine the image location
130 # order. Currently two strategies are packaged with Glance 'location_order'
132 #location_strategy = location_order
134 # ================= Syslog Options ============================
136 # Send logs to syslog (/dev/log) instead of to file specified
140 # Facility to use. If unset defaults to LOG_USER.
141 #syslog_log_facility = LOG_LOCAL0
143 # ================= SSL Options ===============================
145 # Certificate file to use when starting API server securely
146 #cert_file = /path/to/certfile
148 # Private key file to use when starting API server securely
149 #key_file = /path/to/keyfile
151 # CA certificate file to use to verify connecting clients
152 #ca_file = /path/to/cafile
154 # ================= Security Options ==========================
156 # AES key for encrypting store 'location' metadata, including
157 # -- if used -- Swift or S3 credentials
158 # Should be set to a random string of length 16, 24 or 32 bytes
159 #metadata_encryption_key = <16, 24 or 32 char registry metadata key>
161 # ============ Registry Options ===============================
163 # Address to find the registry server
164 registry_host = {{ internal_ip }}
166 # Port the registry server is listening on
169 # What protocol to use when connecting to the registry server?
170 # Set to https for secure HTTP communication
171 registry_client_protocol = http
173 # The path to the key file to use in SSL connections to the
174 # registry server, if any. Alternately, you may set the
175 # GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file
176 #registry_client_key_file = /path/to/key/file
178 # The path to the cert file to use in SSL connections to the
179 # registry server, if any. Alternately, you may set the
180 # GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file
181 #registry_client_cert_file = /path/to/cert/file
183 # The path to the certifying authority cert file to use in SSL connections
184 # to the registry server, if any. Alternately, you may set the
185 # GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file
186 #registry_client_ca_file = /path/to/ca/file
188 # When using SSL in connections to the registry server, do not require
189 # validation via a certifying authority. This is the registry's equivalent of
190 # specifying --insecure on the command line using glanceclient for the API
192 #registry_client_insecure = False
194 # The period of time, in seconds, that the API server will wait for a registry
195 # request to complete. A value of '0' implies no timeout.
197 #registry_client_timeout = 600
199 # Whether to automatically create the database tables.
201 #db_auto_create = False
203 # Enable DEBUG log messages from sqlalchemy which prints every database
204 # query and response.
206 #sqlalchemy_debug = True
208 # Pass the user's token through for API requests to the registry.
210 #use_user_token = True
212 # If 'use_user_token' is not in effect then admin credentials
213 # can be specified. Requests to the registry on behalf of
214 # the API will use these credentials.
218 #admin_password = None
220 #admin_tenant_name = None
226 #auth_strategy = keystone
228 # ============ Notification System Options =====================
230 # Notifications can be sent when images are create, updated or deleted.
231 # There are three methods of sending notifications, logging (via the
232 # log_file directive), rabbit (via a rabbitmq queue), qpid (via a Qpid
233 # message queue), or noop (no notifications sent, the default)
234 # NOTE: THIS CONFIGURATION OPTION HAS BEEN DEPRECATED IN FAVOR OF `notification_driver`
235 # notifier_strategy = default
237 # Driver or drivers to handle sending notifications
238 # notification_driver = noop
240 # Default publisher_id for outgoing notifications.
241 # default_publisher_id = image.localhost
243 # Configuration options if sending notifications via rabbitmq (these are
245 rabbit_host = localhost
247 rabbit_use_ssl = false
248 rabbit_userid = {{ RABBIT_USER }}
249 rabbit_password = {{ RABBIT_PASS }}
250 rabbit_virtual_host = /
251 rabbit_notification_exchange = glance
252 rabbit_notification_topic = notifications
253 rabbit_durable_queues = False
255 # Configuration options if sending notifications via Qpid (these are
257 qpid_notification_exchange = glance
258 qpid_notification_topic = notifications
259 qpid_hostname = localhost
263 qpid_sasl_mechanisms =
264 qpid_reconnect_timeout = 0
265 qpid_reconnect_limit = 0
266 qpid_reconnect_interval_min = 0
267 qpid_reconnect_interval_max = 0
268 qpid_reconnect_interval = 0
270 # Set to 'ssl' to enable SSL
272 qpid_tcp_nodelay = True
274 # ============ Filesystem Store Options ========================
276 # Directory that the Filesystem backend store
277 # writes image data to
278 # this option has been moved to [glance_store] for Juno release
279 # filesystem_store_datadir = /var/lib/glance/images/
281 # A list of directories where image data can be stored.
282 # This option may be specified multiple times for specifying multiple store
283 # directories. Either one of filesystem_store_datadirs or
284 # filesystem_store_datadir option is required. A priority number may be given
285 # after each directory entry, separated by a ":".
286 # When adding an image, the highest priority directory will be selected, unless
287 # there is not enough space available in cases where the image size is already
288 # known. If no priority is given, it is assumed to be zero and the directory
289 # will be considered for selection last. If multiple directories have the same
290 # priority, then the one with the most free space available is selected.
291 # If same store is specified multiple times then BadStoreConfiguration
292 # exception will be raised.
293 #filesystem_store_datadirs = /var/lib/glance/images/:1
295 # A path to a JSON file that contains metadata describing the storage
296 # system. When show_multiple_locations is True the information in this
297 # file will be returned with any location that is contained in this
299 #filesystem_store_metadata_file = None
301 # ============ Swift Store Options =============================
303 # Version of the authentication service to use
304 # Valid versions are '2' for keystone and '1' for swauth and rackspace
305 swift_store_auth_version = 2
307 # Address where the Swift authentication service lives
308 # Valid schemes are 'http://' and 'https://'
309 # If no scheme specified, default to 'https://'
310 # For swauth, use something like '127.0.0.1:8080/v1.0/'
311 swift_store_auth_address = 127.0.0.1:5000/v2.0/
313 # User to authenticate against the Swift authentication service
314 # If you use Swift authentication service, set it to 'account':'user'
315 # where 'account' is a Swift storage account and 'user'
316 # is a user in that account
317 swift_store_user = jdoe:jdoe
319 # Auth key for the user authenticating against the
320 # Swift authentication service
321 swift_store_key = a86850deb2742ec3cb41518e26aa2d89
323 # Container within the account that the account should use
324 # for storing images in Swift
325 swift_store_container = glance
327 # Do we create the container if it does not exist?
328 swift_store_create_container_on_put = False
330 # What size, in MB, should Glance start chunking image files
331 # and do a large object manifest in Swift? By default, this is
332 # the maximum object size in Swift, which is 5GB
333 swift_store_large_object_size = 5120
335 # When doing a large object manifest, what size, in MB, should
336 # Glance write chunks to Swift? This amount of data is written
337 # to a temporary disk buffer during the process of chunking
338 # the image file, and the default is 200MB
339 swift_store_large_object_chunk_size = 200
341 # Whether to use ServiceNET to communicate with the Swift storage servers.
342 # (If you aren't RACKSPACE, leave this False!)
344 # To use ServiceNET for authentication, prefix hostname of
345 # `swift_store_auth_address` with 'snet-'.
346 # Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
347 swift_enable_snet = False
349 # If set to True enables multi-tenant storage mode which causes Glance images
350 # to be stored in tenant specific Swift accounts.
351 #swift_store_multi_tenant = False
353 # A list of swift ACL strings that will be applied as both read and
354 # write ACLs to the containers created by Glance in multi-tenant
355 # mode. This grants the specified tenants/users read and write access
356 # to all newly created image objects. The standard swift ACL string
357 # formats are allowed, including:
358 # <tenant_id>:<username>
359 # <tenant_name>:<username>
361 # Multiple ACLs can be combined using a comma separated list, for
362 # example: swift_store_admin_tenants = service:glance,*:admin
363 #swift_store_admin_tenants =
365 # The region of the swift endpoint to be used for single tenant. This setting
366 # is only necessary if the tenant has multiple swift endpoints.
367 #swift_store_region =
369 # If set to False, disables SSL layer compression of https swift requests.
370 # Setting to 'False' may improve performance for images which are already
371 # in a compressed format, eg qcow2. If set to True, enables SSL layer
372 # compression (provided it is supported by the target swift proxy).
373 #swift_store_ssl_compression = True
375 # The number of times a Swift download will be retried before the
377 #swift_store_retry_get_count = 0
379 # ============ S3 Store Options =============================
381 # Address where the S3 authentication service lives
382 # Valid schemes are 'http://' and 'https://'
383 # If no scheme specified, default to 'http://'
384 s3_store_host = 127.0.0.1:8080/v1.0/
386 # User to authenticate against the S3 authentication service
387 s3_store_access_key = <20-char AWS access key>
389 # Auth key for the user authenticating against the
390 # S3 authentication service
391 s3_store_secret_key = <40-char AWS secret key>
393 # Container within the account that the account should use
394 # for storing images in S3. Note that S3 has a flat namespace,
395 # so you need a unique bucket name for your glance images. An
396 # easy way to do this is append your AWS access key to "glance".
397 # S3 buckets in AWS *must* be lowercased, so remember to lowercase
398 # your AWS access key if you use it in your bucket name below!
399 s3_store_bucket = <lowercased 20-char aws access key>glance
401 # Do we create the bucket if it does not exist?
402 s3_store_create_bucket_on_put = False
404 # When sending images to S3, the data will first be written to a
405 # temporary buffer on disk. By default the platform's temporary directory
406 # will be used. If required, an alternative directory can be specified here.
407 #s3_store_object_buffer_dir = /path/to/dir
409 # When forming a bucket url, boto will either set the bucket name as the
410 # subdomain or as the first token of the path. Amazon's S3 service will
411 # accept it as the subdomain, but Swift's S3 middleware requires it be
412 # in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'.
413 #s3_store_bucket_url_format = subdomain
415 # ============ RBD Store Options =============================
417 # Ceph configuration file path
418 # If using cephx authentication, this file should
419 # include a reference to the right keyring
420 # in a client.<USER> section
421 #rbd_store_ceph_conf = /etc/ceph/ceph.conf
423 # RADOS user to authenticate as (only applicable if using cephx)
424 # If <None>, a default will be chosen based on the client. section
425 # in rbd_store_ceph_conf
426 #rbd_store_user = <None>
428 # RADOS pool in which images are stored
429 #rbd_store_pool = images
431 # RADOS images will be chunked into objects of this size (in megabytes).
432 # For best performance, this should be a power of two
433 #rbd_store_chunk_size = 8
435 # ============ Sheepdog Store Options =============================
437 sheepdog_store_address = localhost
439 sheepdog_store_port = 7000
441 # Images will be chunked into objects of this size (in megabytes).
442 # For best performance, this should be a power of two
443 sheepdog_store_chunk_size = 64
445 # ============ Cinder Store Options ===============================
447 # Info to match when looking for cinder in the service catalog
448 # Format is : separated values of the form:
449 # <service_type>:<service_name>:<endpoint_type> (string value)
450 #cinder_catalog_info = volume:cinder:publicURL
452 # Override service catalog lookup with template for cinder endpoint
453 # e.g. http://localhost:8776/v1/%(project_id)s (string value)
454 #cinder_endpoint_template = <None>
456 # Region name of this node (string value)
457 #os_region_name = <None>
459 # Location of ca certicates file to use for cinder client requests
461 #cinder_ca_certificates_file = <None>
463 # Number of cinderclient retries on failed http calls (integer value)
464 #cinder_http_retries = 3
466 # Allow to perform insecure SSL requests to cinder (boolean value)
467 #cinder_api_insecure = False
469 # ============ VMware Datastore Store Options =====================
471 # ESX/ESXi or vCenter Server target system.
472 # The server value can be an IP address or a DNS name
473 # e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com
474 #vmware_server_host = <None>
476 # Server username (string value)
477 #vmware_server_username = <None>
479 # Server password (string value)
480 #vmware_server_password = <None>
482 # Inventory path to a datacenter (string value)
483 # Value optional when vmware_server_ip is an ESX/ESXi host: if specified
484 # should be `ha-datacenter`.
485 #vmware_datacenter_path = <None>
487 # Datastore associated with the datacenter (string value)
488 #vmware_datastore_name = <None>
490 # The number of times we retry on failures
491 # e.g., socket error, etc (integer value)
492 #vmware_api_retry_count = 10
494 # The interval used for polling remote tasks
495 # invoked on VMware ESX/VC server in seconds (integer value)
496 #vmware_task_poll_interval = 5
498 # Absolute path of the folder containing the images in the datastore
500 #vmware_store_image_dir = /openstack_glance
502 # Allow to perform insecure SSL requests to the target system (boolean value)
503 #vmware_api_insecure = False
505 # ============ Delayed Delete Options =============================
507 # Turn on/off delayed delete
508 delayed_delete = False
510 # Delayed delete time in seconds
513 # Directory that the scrubber will use to remind itself of what to delete
514 # Make sure this is also set in glance-scrubber.conf
515 scrubber_datadir = /var/lib/glance/scrubber
517 # =============== Quota Options ==================================
519 # The maximum number of image members allowed per image
520 #image_member_quota = 128
522 # The maximum number of image properties allowed per image
523 #image_property_quota = 128
525 # The maximum number of tags allowed per image
526 #image_tag_quota = 128
528 # The maximum number of locations allowed per image
529 #image_location_quota = 10
531 # Set a system wide quota for every user. This value is the total number
532 # of bytes that a user can use across all storage systems. A value of
534 #user_storage_quota = 0
536 # =============== Image Cache Options =============================
538 # Base directory that the Image Cache uses
539 image_cache_dir = /var/lib/glance/image-cache/
541 # =============== Manager Options =================================
543 # DEPRECATED. TO BE REMOVED IN THE JUNO RELEASE.
544 # Whether or not to enforce that all DB tables have charset utf8.
545 # If your database tables do not have charset utf8 you will
546 # need to convert before this option is removed. This option is
547 # only relevant if your database engine is MySQL.
548 #db_enforce_mysql_charset = True
550 # =============== Glance Store ====================================
552 # Moved from [DEFAULT], for Juno release
554 filesystem_store_datadir = /var/lib/glance/images/
556 # =============== Database Options =================================
559 # The file name to use with SQLite (string value)
560 sqlite_db = /var/lib/glance/glance.sqlite
562 # If True, SQLite uses synchronous mode (boolean value)
563 #sqlite_synchronous = True
565 # The backend to use for db (string value)
566 # Deprecated group/name - [DEFAULT]/db_backend
569 # The SQLAlchemy connection string used to connect to the
570 # database (string value)
571 # Deprecated group/name - [DEFAULT]/sql_connection
572 # Deprecated group/name - [DATABASE]/sql_connection
573 # Deprecated group/name - [sql]/connection
575 connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance
577 # The SQL mode to be used for MySQL sessions. This option,
578 # including the default, overrides any server-set SQL mode. To
579 # use whatever SQL mode is set by the server configuration,
580 # set this to no value. Example: mysql_sql_mode= (string
582 #mysql_sql_mode = TRADITIONAL
584 # Timeout before idle sql connections are reaped (integer
586 # Deprecated group/name - [DEFAULT]/sql_idle_timeout
587 # Deprecated group/name - [DATABASE]/sql_idle_timeout
588 # Deprecated group/name - [sql]/idle_timeout
591 # Minimum number of SQL connections to keep open in a pool
593 # Deprecated group/name - [DEFAULT]/sql_min_pool_size
594 # Deprecated group/name - [DATABASE]/sql_min_pool_size
597 # Maximum number of SQL connections to keep open in a pool
599 # Deprecated group/name - [DEFAULT]/sql_max_pool_size
600 # Deprecated group/name - [DATABASE]/sql_max_pool_size
601 #max_pool_size = <None>
603 # Maximum db connection retries during startup. (setting -1
604 # implies an infinite retry count) (integer value)
605 # Deprecated group/name - [DEFAULT]/sql_max_retries
606 # Deprecated group/name - [DATABASE]/sql_max_retries
609 # Interval between retries of opening a sql connection
611 # Deprecated group/name - [DEFAULT]/sql_retry_interval
612 # Deprecated group/name - [DATABASE]/reconnect_interval
615 # If set, use this value for max_overflow with sqlalchemy
617 # Deprecated group/name - [DEFAULT]/sql_max_overflow
618 # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
619 #max_overflow = <None>
621 # Verbosity of SQL debugging information. 0=None,
622 # 100=Everything (integer value)
623 # Deprecated group/name - [DEFAULT]/sql_connection_debug
624 #connection_debug = 0
626 # Add python stack traces to SQL as comment strings (boolean
628 # Deprecated group/name - [DEFAULT]/sql_connection_trace
629 #connection_trace = False
631 # If set, use this value for pool_timeout with sqlalchemy
633 # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
634 #pool_timeout = <None>
636 # Enable the experimental use of database reconnect on
637 # connection lost (boolean value)
638 #use_db_reconnect = False
640 # seconds between db connection retries (integer value)
641 #db_retry_interval = 1
643 # Whether to increase interval between db connection retries,
644 # up to db_max_retry_interval (boolean value)
645 #db_inc_retry_interval = True
647 # max seconds between db connection retries, if
648 # db_inc_retry_interval is enabled (integer value)
649 #db_max_retry_interval = 10
651 # maximum db connection retries before error is raised.
652 # (setting -1 implies an infinite retry count) (integer value)
656 auth_uri = http://{{ HA_VIP }}:5000/v2.0
657 identity_uri = http://{{ HA_VIP }}:35357
658 admin_tenant_name = service
660 admin_password = {{ GLANCE_PASS }}
663 # Name of the paste configuration file that defines the available pipelines
664 #config_file = glance-api-paste.ini
666 # Partial name of a pipeline in your paste configuration file with the
667 # service name removed. For example, if your paste section name is
668 # [pipeline:glance-api-keystone], you would configure the flavor below
672 [store_type_location_strategy]
673 # The scheme list to use to get store preference order. The scheme must be
674 # registered by one of the stores defined by the 'known_stores' config option.
675 # This option will be applied when you using 'store_type' option as image
676 # location strategy defined by the 'location_strategy' config option.
677 #store_type_preference =