Controller - glance-api.conf

1. [DEFAULT]
2. # Show more verbose log output (sets INFO log level output)
3. #verbose = False
4.  
5. # Show debugging output in logs (sets DEBUG log level output)
6. #debug = False
7.  
8. # Which backend scheme should Glance use by default is not specified
9. # in a request to add a new image to Glance? Known schemes are determined
10. # by the known_stores option below.
11. # Default: 'file'
12. default_store = file
13.  
14. # List of which store classes and store class locations are
15. # currently known to glance at startup.
16. #known_stores = glance.store.filesystem.Store,
17. # glance.store.http.Store,
18. # glance.store.rbd.Store,
19. # glance.store.s3.Store,
20. # glance.store.swift.Store,
21.  
22.  
23. # Maximum image size (in bytes) that may be uploaded through the
24. # Glance API server. Defaults to 1 TB.
25. # WARNING: this value should only be increased after careful consideration
26. # and must be set to a value under 8 EB (9223372036854775808).
27. #image_size_cap = 1099511627776
28.  
29. # Address to bind the API server
30. bind_host = 0.0.0.0
31.  
32. # Port the bind the API server to
33. bind_port = 9292
34.  
35. # Log to this file. Make sure you do not set the same log
36. # file for both the API and registry servers!
37. log_file = /var/log/glance/api.log
38.  
39. # Backlog requests when creating socket
40. backlog = 4096
41.  
42. # TCP_KEEPIDLE value in seconds when creating socket.
43. # Not supported on OS X.
44. #tcp_keepidle = 600
45.  
46. # SQLAlchemy connection string for the reference implementation
47. # registry server. Any valid SQLAlchemy connection string is fine.
48. # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
49. sql_connection = sql_connection = mysql://glance:pass@localhost/glance
50.  
51. # Period in seconds after which SQLAlchemy should reestablish its connection
52. # to the database.
53. #
54. # MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
55. # idle connections. This can result in 'MySQL Gone Away' exceptions. If you
56. # notice this, you can lower this value to ensure that SQLAlchemy reconnects
57. # before MySQL can drop the connection.
58. sql_idle_timeout = 3600
59.  
60. # Number of Glance API worker processes to start.
61. # On machines with more than one CPU increasing this value
62. # may improve performance (especially if using SSL with
63. # compression turned on). It is typically recommended to set
64. # this value to the number of CPUs present on your machine.
65. workers = 1
66.  
67. # Role used to identify an authenticated user as administrator
68. #admin_role = admin
69.  
70. # Allow unauthenticated users to access the API with read-only
71. # privileges. This only applies when using ContextMiddleware.
72. #allow_anonymous_access = False
73.  
74. # Allow access to version 1 of glance api
75. #enable_v1_api = True
76.  
77. # Allow access to version 2 of glance api
78. #enable_v2_api = True
79.  
80. # Return the URL that references where the data is stored on
81. # the backend storage system. For example, if using the
82. # file system store a URL of 'file:///path/to/image' will
83. # be returned to the user in the 'direct_url' meta-data field.
84. # The default value is false.
85. #show_image_direct_url = False
86.  
87. # ================= Syslog Options ============================
88.  
89. # Send logs to syslog (/dev/log) instead of to file specified
90. # by `log_file`
91. #use_syslog = False
92.  
93. # Facility to use. If unset defaults to LOG_USER.
94. #syslog_log_facility = LOG_LOCAL0
95.  
96. # ================= SSL Options ===============================
97.  
98. # Certificate file to use when starting API server securely
99. #cert_file = /path/to/certfile
100.  
101. # Private key file to use when starting API server securely
102. #key_file = /path/to/keyfile
103.  
104. # CA certificate file to use to verify connecting clients
105. #ca_file = /path/to/cafile
106.  
107. # ================= Security Options ==========================
108.  
109. # AES key for encrypting store 'location' metadata, including
110. # -- if used -- Swift or S3 credentials
111. # Should be set to a random string of length 16, 24 or 32 bytes
112. #metadata_encryption_key = <16, 24 or 32 char registry metadata key>
113.  
114. # ============ Registry Options ===============================
115.  
116. # Address to find the registry server
117. registry_host = 0.0.0.0
118.  
119. # Port the registry server is listening on
120. registry_port = 9191
121.  
122. # What protocol to use when connecting to the registry server?
123. # Set to https for secure HTTP communication
124. registry_client_protocol = http
125.  
126. # The path to the key file to use in SSL connections to the
127. # registry server, if any. Alternately, you may set the
128. # GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file
129. #registry_client_key_file = /path/to/key/file
130.  
131. # The path to the cert file to use in SSL connections to the
132. # registry server, if any. Alternately, you may set the
133. # GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file
134. #registry_client_cert_file = /path/to/cert/file
135.  
136. # The path to the certifying authority cert file to use in SSL connections
137. # to the registry server, if any. Alternately, you may set the
138. # GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file
139. #registry_client_ca_file = /path/to/ca/file
140.  
141. # When using SSL in connections to the registry server, do not require
142. # validation via a certifying authority. This is the registry's equivalent of
143. # specifying --insecure on the command line using glanceclient for the API
144. # Default: False
145. #registry_client_insecure = False
146.  
147. # The period of time, in seconds, that the API server will wait for a registry
148. # request to complete. A value of '0' implies no timeout.
149. # Default: 600
150. #registry_client_timeout = 600
151.  
152. # Whether to automatically create the database tables.
153. # Default: False
154. #db_auto_create = False
155.  
156. # ============ Notification System Options =====================
157.  
158. # Notifications can be sent when images are create, updated or deleted.
159. # There are three methods of sending notifications, logging (via the
160. # log_file directive), rabbit (via a rabbitmq queue), qpid (via a Qpid
161. # message queue), or noop (no notifications sent, the default)
162. notifier_strategy = noop
163.  
164. # Configuration options if sending notifications via rabbitmq (these are
165. # the defaults)
166. rabbit_host = localhost
167. rabbit_port = 5672
168. rabbit_use_ssl = false
169. rabbit_userid = guest
170. rabbit_password = pass
171. rabbit_virtual_host = /
172. rabbit_notification_exchange = glance
173. rabbit_notification_topic = notifications
174. rabbit_durable_queues = False
175.  
176. # Configuration options if sending notifications via Qpid (these are
177. # the defaults)
178. qpid_notification_exchange = glance
179. qpid_notification_topic = notifications
180. qpid_host = localhost
181. qpid_port = 5672
182. qpid_username =
183. qpid_password =
184. qpid_sasl_mechanisms =
185. qpid_reconnect_timeout = 0
186. qpid_reconnect_limit = 0
187. qpid_reconnect_interval_min = 0
188. qpid_reconnect_interval_max = 0
189. qpid_reconnect_interval = 0
190. qpid_heartbeat = 5
191. # Set to 'ssl' to enable SSL
192. qpid_protocol = tcp
193. qpid_tcp_nodelay = True
194.  
195. # ============ Filesystem Store Options ========================
196.  
197. # Directory that the Filesystem backend store
198. # writes image data to
199. filesystem_store_datadir = /var/lib/glance/images/
200.  
201. # ============ Swift Store Options =============================
202.  
203. # Version of the authentication service to use
204. # Valid versions are '2' for keystone and '1' for swauth and rackspace
205. swift_store_auth_version = 2
206.  
207. # Address where the Swift authentication service lives
208. # Valid schemes are 'http://' and 'https://'
209. # If no scheme specified, default to 'https://'
210. # For swauth, use something like '127.0.0.1:8080/v1.0/'
211. swift_store_auth_address = 127.0.0.1:5000/v2.0/
212.  
213. # User to authenticate against the Swift authentication service
214. # If you use Swift authentication service, set it to 'account':'user'
215. # where 'account' is a Swift storage account and 'user'
216. # is a user in that account
217. swift_store_user = jdoe:jdoe
218.  
219. # Auth key for the user authenticating against the
220. # Swift authentication service
221. swift_store_key = a86850deb2742ec3cb41518e26aa2d89
222.  
223. # Container within the account that the account should use
224. # for storing images in Swift
225. swift_store_container = glance
226.  
227. # Do we create the container if it does not exist?
228. swift_store_create_container_on_put = False
229.  
230. # What size, in MB, should Glance start chunking image files
231. # and do a large object manifest in Swift? By default, this is
232. # the maximum object size in Swift, which is 5GB
233. swift_store_large_object_size = 5120
234.  
235. # When doing a large object manifest, what size, in MB, should
236. # Glance write chunks to Swift? This amount of data is written
237. # to a temporary disk buffer during the process of chunking
238. # the image file, and the default is 200MB
239. swift_store_large_object_chunk_size = 200
240.  
241. # Whether to use ServiceNET to communicate with the Swift storage servers.
242. # (If you aren't RACKSPACE, leave this False!)
243. #
244. # To use ServiceNET for authentication, prefix hostname of
245. # `swift_store_auth_address` with 'snet-'.
246. # Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
247. swift_enable_snet = False
248.  
249. # If set to True enables multi-tenant storage mode which causes Glance images
250. # to be stored in tenant specific Swift accounts.
251. #swift_store_multi_tenant = False
252.  
253. # A list of swift ACL strings that will be applied as both read and
254. # write ACLs to the containers created by Glance in multi-tenant
255. # mode. This grants the specified tenants/users read and write access
256. # to all newly created image objects. The standard swift ACL string
257. # formats are allowed, including:
258. # <tenant_id>:<username>
259. # <tenant_name>:<username>
260. # *:<username>
261. # Multiple ACLs can be combined using a comma separated list, for
262. # example: swift_store_admin_tenants = service:glance,*:admin
263. #swift_store_admin_tenants =
264.  
265. # The region of the swift endpoint to be used for single tenant. This setting
266. # is only necessary if the tenant has multiple swift endpoints.
267. #swift_store_region =
268.  
269. # ============ S3 Store Options =============================
270.  
271. # Address where the S3 authentication service lives
272. # Valid schemes are 'http://' and 'https://'
273. # If no scheme specified, default to 'http://'
274. s3_store_host = 127.0.0.1:8080/v1.0/
275.  
276. # User to authenticate against the S3 authentication service
277. s3_store_access_key = <20-char AWS access key>
278.  
279. # Auth key for the user authenticating against the
280. # S3 authentication service
281. s3_store_secret_key = <40-char AWS secret key>
282.  
283. # Container within the account that the account should use
284. # for storing images in S3. Note that S3 has a flat namespace,
285. # so you need a unique bucket name for your glance images. An
286. # easy way to do this is append your AWS access key to "glance".
287. # S3 buckets in AWS *must* be lowercased, so remember to lowercase
288. # your AWS access key if you use it in your bucket name below!
289. s3_store_bucket = <lowercased 20-char aws access key>glance
290.  
291. # Do we create the bucket if it does not exist?
292. s3_store_create_bucket_on_put = False
293.  
294. # When sending images to S3, the data will first be written to a
295. # temporary buffer on disk. By default the platform's temporary directory
296. # will be used. If required, an alternative directory can be specified here.
297. #s3_store_object_buffer_dir = /path/to/dir
298.  
299. # When forming a bucket url, boto will either set the bucket name as the
300. # subdomain or as the first token of the path. Amazon's S3 service will
301. # accept it as the subdomain, but Swift's S3 middleware requires it be
302. # in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'.
303. #s3_store_bucket_url_format = subdomain
304.  
305. # ============ RBD Store Options =============================
306.  
307. # Ceph configuration file path
308. # If using cephx authentication, this file should
309. # include a reference to the right keyring
310. # in a client.<USER> section
311. rbd_store_ceph_conf = /etc/ceph/ceph.conf
312.  
313. # RADOS user to authenticate as (only applicable if using cephx)
314. rbd_store_user = glance
315.  
316. # RADOS pool in which images are stored
317. rbd_store_pool = images
318.  
319. # Images will be chunked into objects of this size (in megabytes).
320. # For best performance, this should be a power of two
321. rbd_store_chunk_size = 8
322.  
323. # ============ Delayed Delete Options =============================
324.  
325. # Turn on/off delayed delete
326. delayed_delete = False
327.  
328. # Delayed delete time in seconds
329. scrub_time = 43200
330.  
331. # Directory that the scrubber will use to remind itself of what to delete
332. # Make sure this is also set in glance-scrubber.conf
333. scrubber_datadir = /var/lib/glance/scrubber
334.  
335. # =============== Image Cache Options =============================
336.  
337. # Base directory that the Image Cache uses
338. image_cache_dir = /var/lib/glance/image-cache/
339.  
340. [keystone_authtoken]
341. auth_host = 127.0.0.1
342. auth_port = 35357
343. auth_protocol = http
344. admin_tenant_name = service
345. admin_user = glance
346. admin_password = pass
347.  
348. [paste_deploy]
349. # Name of the paste configuration file that defines the available pipelines
350. #config_file = glance-api-paste.ini
351.  
352. # Partial name of a pipeline in your paste configuration file with the
353. # service name removed. For example, if your paste section name is
354. # [pipeline:glance-api-keystone], you would configure the flavor below
355. # as 'keystone'.
356. flavor=keystone