-
Notifications
You must be signed in to change notification settings - Fork 0
/
glance-api-backup.conf
6096 lines (5529 loc) · 192 KB
/
glance-api-backup.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
[DEFAULT]
#
# From glance.api
#
#
# Allow limited access to unauthenticated users.
#
# Assign a boolean to determine API access for unauthenticated
# users. When set to False, the API cannot be accessed by
# unauthenticated users. When set to True, unauthenticated users can
# access the API with read-only privileges. This however only applies
# when using ContextMiddleware.
#
# Possible values:
# * True
# * False
#
# Related options:
# * None
#
# (boolean value)
#allow_anonymous_access = false
#
# Limit the request ID length.
#
# Provide an integer value to limit the length of the request ID to
# the specified length. The default value is 64. Users can change this
# to any ineteger value between 0 and 16384 however keeping in mind that
# a larger value may flood the logs.
#
# Possible values:
# * Integer value between 0 and 16384
#
# Related options:
# * None
#
# (integer value)
# Minimum value: 0
#max_request_id_length = 64
#
# Public url endpoint to use for Glance versions response.
#
# This is the public url endpoint that will appear in the Glance
# "versions" response. If no value is specified, the endpoint that is
# displayed in the version's response is that of the host running the
# API service. Change the endpoint to represent the proxy URL if the
# API service is running behind a proxy. If the service is running
# behind a load balancer, add the load balancer's URL for this value.
#
# Possible values:
# * None
# * Proxy URL
# * Load balancer URL
#
# Related options:
# * None
#
# (string value)
#public_endpoint = <None>
# DEPRECATED:
# Allow users to add additional/custom properties to images.
#
# Glance defines a standard set of properties (in its schema) that
# appear on every image. These properties are also known as
# ``base properties``. In addition to these properties, Glance
# allows users to add custom properties to images. These are known
# as ``additional properties``.
#
# By default, this configuration option is set to ``True`` and users
# are allowed to add additional properties. The number of additional
# properties that can be added to an image can be controlled via
# ``image_property_quota`` configuration option.
#
# Possible values:
# * True
# * False
#
# Related options:
# * image_property_quota
#
# (boolean value)
# This option is deprecated for removal since Ussuri.
# Its value may be silently ignored in the future.
# Reason:
# This option is redundant. Control custom image property usage via the
# 'image_property_quota' configuration option. This option is scheduled
# to be removed during the Victoria development cycle.
#allow_additional_image_properties = true
#
# Secure hashing algorithm used for computing the 'os_hash_value' property.
#
# This option configures the Glance "multihash", which consists of two
# image properties: the 'os_hash_algo' and the 'os_hash_value'. The
# 'os_hash_algo' will be populated by the value of this configuration
# option, and the 'os_hash_value' will be populated by the hexdigest computed
# when the algorithm is applied to the uploaded or imported image data.
#
# The value must be a valid secure hash algorithm name recognized by the
# python 'hashlib' library. You can determine what these are by examining
# the 'hashlib.algorithms_available' data member of the version of the
# library being used in your Glance installation. For interoperability
# purposes, however, we recommend that you use the set of secure hash
# names supplied by the 'hashlib.algorithms_guaranteed' data member because
# those algorithms are guaranteed to be supported by the 'hashlib' library
# on all platforms. Thus, any image consumer using 'hashlib' locally should
# be able to verify the 'os_hash_value' of the image.
#
# The default value of 'sha512' is a performant secure hash algorithm.
#
# If this option is misconfigured, any attempts to store image data will fail.
# For that reason, we recommend using the default value.
#
# Possible values:
# * Any secure hash algorithm name recognized by the Python 'hashlib'
# library
#
# Related options:
# * None
#
# (string value)
#hashing_algorithm = sha512
#
# Maximum number of image members per image.
#
# This limits the maximum of users an image can be shared with. Any negative
# value is interpreted as unlimited.
#
# Related options:
# * None
#
# (integer value)
#image_member_quota = 128
#
# Maximum number of properties allowed on an image.
#
# This enforces an upper limit on the number of additional properties an image
# can have. Any negative value is interpreted as unlimited.
#
# NOTE: This won't have any impact if additional properties are disabled. Please
# refer to ``allow_additional_image_properties``.
#
# Related options:
# * ``allow_additional_image_properties``
#
# (integer value)
#image_property_quota = 128
#
# Maximum number of tags allowed on an image.
#
# Any negative value is interpreted as unlimited.
#
# Related options:
# * None
#
# (integer value)
#image_tag_quota = 128
#
# Maximum number of locations allowed on an image.
#
# Any negative value is interpreted as unlimited.
#
# Related options:
# * None
#
# (integer value)
#image_location_quota = 10
#
# The default number of results to return for a request.
#
# Responses to certain API requests, like list images, may return
# multiple items. The number of results returned can be explicitly
# controlled by specifying the ``limit`` parameter in the API request.
# However, if a ``limit`` parameter is not specified, this
# configuration value will be used as the default number of results to
# be returned for any API request.
#
# NOTES:
# * The value of this configuration option may not be greater than
# the value specified by ``api_limit_max``.
# * Setting this to a very large value may slow down database
# queries and increase response times. Setting this to a
# very low value may result in poor user experience.
#
# Possible values:
# * Any positive integer
#
# Related options:
# * api_limit_max
#
# (integer value)
# Minimum value: 1
#limit_param_default = 25
#
# Maximum number of results that could be returned by a request.
#
# As described in the help text of ``limit_param_default``, some
# requests may return multiple results. The number of results to be
# returned are governed either by the ``limit`` parameter in the
# request or the ``limit_param_default`` configuration option.
# The value in either case, can't be greater than the absolute maximum
# defined by this configuration option. Anything greater than this
# value is trimmed down to the maximum value defined here.
#
# NOTE: Setting this to a very large value may slow down database
# queries and increase response times. Setting this to a
# very low value may result in poor user experience.
#
# Possible values:
# * Any positive integer
#
# Related options:
# * limit_param_default
#
# (integer value)
# Minimum value: 1
#api_limit_max = 1000
#
# Show direct image location when returning an image.
#
# This configuration option indicates whether to show the direct image
# location when returning image details to the user. The direct image
# location is where the image data is stored in backend storage. This
# image location is shown under the image property ``direct_url``.
#
# When multiple image locations exist for an image, the best location
# is displayed based on the location strategy indicated by the
# configuration option ``location_strategy``.
#
# NOTES:
# * Revealing image locations can present a GRAVE SECURITY RISK as
# image locations can sometimes include credentials. Hence, this
# is set to ``False`` by default. Set this to ``True`` with
# EXTREME CAUTION and ONLY IF you know what you are doing!
# * If an operator wishes to avoid showing any image location(s)
# to the user, then both this option and
# ``show_multiple_locations`` MUST be set to ``False``.
#
# Possible values:
# * True
# * False
#
# Related options:
# * show_multiple_locations
# * location_strategy
#
# (boolean value)
#show_image_direct_url = false
# DEPRECATED:
# Show all image locations when returning an image.
#
# This configuration option indicates whether to show all the image
# locations when returning image details to the user. When multiple
# image locations exist for an image, the locations are ordered based
# on the location strategy indicated by the configuration opt
# ``location_strategy``. The image locations are shown under the
# image property ``locations``.
#
# NOTES:
# * Revealing image locations can present a GRAVE SECURITY RISK as
# image locations can sometimes include credentials. Hence, this
# is set to ``False`` by default. Set this to ``True`` with
# EXTREME CAUTION and ONLY IF you know what you are doing!
# * See https://wiki.openstack.org/wiki/OSSN/OSSN-0065 for more
# information.
# * If an operator wishes to avoid showing any image location(s)
# to the user, then both this option and
# ``show_image_direct_url`` MUST be set to ``False``.
#
# Possible values:
# * True
# * False
#
# Related options:
# * show_image_direct_url
# * location_strategy
#
# (boolean value)
# This option is deprecated for removal since Newton.
# Its value may be silently ignored in the future.
# Reason: Use of this option, deprecated since Newton, is a security risk and
# will be removed once we figure out a way to satisfy those use cases that
# currently require it. An earlier announcement that the same functionality can
# be achieved with greater granularity by using policies is incorrect. You
# cannot work around this option via policy configuration at the present time,
# though that is the direction we believe the fix will take. Please keep an eye
# on the Glance release notes to stay up to date on progress in addressing this
# issue.
#show_multiple_locations = false
#
# Maximum size of image a user can upload in bytes.
#
# An image upload greater than the size mentioned here would result
# in an image creation failure. This configuration option defaults to
# 1099511627776 bytes (1 TiB).
#
# NOTES:
# * This value should only be increased after careful
# consideration and must be set less than or equal to
# 8 EiB (9223372036854775808).
# * This value must be set with careful consideration of the
# backend storage capacity. Setting this to a very low value
# may result in a large number of image failures. And, setting
# this to a very large value may result in faster consumption
# of storage. Hence, this must be set according to the nature of
# images created and storage capacity available.
#
# Possible values:
# * Any positive number less than or equal to 9223372036854775808
#
# (integer value)
# Minimum value: 1
# Maximum value: 9223372036854775808
#image_size_cap = 1099511627776
#
# Maximum amount of image storage per tenant.
#
# This enforces an upper limit on the cumulative storage consumed by all images
# of a tenant across all stores. This is a per-tenant limit.
#
# The default unit for this configuration option is Bytes. However, storage
# units can be specified using case-sensitive literals ``B``, ``KB``, ``MB``,
# ``GB`` and ``TB`` representing Bytes, KiloBytes, MegaBytes, GigaBytes and
# TeraBytes respectively. Note that there should not be any space between the
# value and unit. Value ``0`` signifies no quota enforcement. Negative values
# are invalid and result in errors.
#
# This has no effect if ``use_keystone_limits`` is enabled.
#
# Possible values:
# * A string that is a valid concatenation of a non-negative integer
# representing the storage value and an optional string literal
# representing storage units as mentioned above.
#
# Related options:
# * use_keystone_limits
#
# (string value)
#user_storage_quota = 0
#
# Utilize per-tenant resource limits registered in Keystone.
#
# Enabling this feature will cause Glance to retrieve limits set in keystone
# for resource consumption and enforce them against API users. Before turning
# this on, the limits need to be registered in Keystone or all quotas will be
# considered to be zero, and thus reject all new resource requests.
#
# These per-tenant resource limits are independent from the static
# global ones configured in this config file. If this is enabled, the
# relevant static global limits will be ignored.
# (boolean value)
#use_keystone_limits = false
#
# Host address of the pydev server.
#
# Provide a string value representing the hostname or IP of the
# pydev server to use for debugging. The pydev server listens for
# debug connections on this address, facilitating remote debugging
# in Glance.
#
# Possible values:
# * Valid hostname
# * Valid IP address
#
# Related options:
# * None
#
# (host address value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#pydev_worker_debug_host = localhost
#
# Port number that the pydev server will listen on.
#
# Provide a port number to bind the pydev server to. The pydev
# process accepts debug connections on this port and facilitates
# remote debugging in Glance.
#
# Possible values:
# * A valid port number
#
# Related options:
# * None
#
# (port value)
# Minimum value: 0
# Maximum value: 65535
#pydev_worker_debug_port = 5678
#
# AES key for encrypting store location metadata.
#
# Provide a string value representing the AES cipher to use for
# encrypting Glance store metadata.
#
# NOTE: The AES key to use must be set to a random string of length
# 16, 24 or 32 bytes.
#
# Possible values:
# * String value representing a valid AES key
#
# Related options:
# * None
#
# (string value)
#metadata_encryption_key = <None>
#
# Digest algorithm to use for digital signature.
#
# Provide a string value representing the digest algorithm to
# use for generating digital signatures. By default, ``sha256``
# is used.
#
# To get a list of the available algorithms supported by the version
# of OpenSSL on your platform, run the command:
# ``openssl list-message-digest-algorithms``.
# Examples are 'sha1', 'sha256', and 'sha512'.
#
# NOTE: ``digest_algorithm`` is not related to Glance's image signing
# and verification. It is only used to sign the universally unique
# identifier (UUID) as a part of the certificate file and key file
# validation.
#
# Possible values:
# * An OpenSSL message digest algorithm identifier
#
# Relation options:
# * None
#
# (string value)
#digest_algorithm = sha256
#
# The URL provides location where the temporary data will be stored
#
# This option is for Glance internal use only. Glance will save the
# image data uploaded by the user to 'staging' endpoint during the
# image import process.
#
# This option does not change the 'staging' API endpoint by any means.
#
# NOTE: It is discouraged to use same path as [task]/work_dir
#
# NOTE: 'file://<absolute-directory-path>' is the only option
# api_image_import flow will support for now.
#
# NOTE: The staging path must be on shared filesystem available to all
# Glance API nodes.
#
# Possible values:
# * String starting with 'file://' followed by absolute FS path
#
# Related options:
# * [task]/work_dir
#
# (string value)
#node_staging_uri = file:///tmp/staging/
#
# List of enabled Image Import Methods
#
# 'glance-direct', 'copy-image' and 'web-download' are enabled by default.
#
# Related options:
# * [DEFAULT]/node_staging_uri (list value)
#enabled_import_methods = [glance-direct,web-download,copy-image]
# DEPRECATED:
# Enforce API access based on common persona definitions used across OpenStack.
# Enabling this option formalizes project-specific read/write operations, like
# creating private images or updating the status of shared image, behind the
# `member` role. It also formalizes a read-only variant useful for
# project-specific API operations, like listing private images in a project,
# behind the `reader` role.
#
# Operators should take an opportunity to understand glance's new image
# policies,
# audit assignments in their deployment, and update permissions using the
# default
# roles in keystone (e.g., `admin`, `member`, and `reader`).
#
# Related options:
# * [oslo_policy]/enforce_new_defaults
# (boolean value)
# This option is deprecated for removal since Wallaby.
# Its value may be silently ignored in the future.
# Reason:
# This option has been introduced to require operators to opt into enforcing
# authorization based on common RBAC personas, which is EXPERIMENTAL as of the
# Wallaby release. This behavior will be the default and STABLE in a future
# release, allowing this option to be removed.
#enforce_secure_rbac = false
#
# The URL to this worker.
#
# If this is set, other glance workers will know how to contact this one
# directly if needed. For image import, a single worker stages the image
# and other workers need to be able to proxy the import request to the
# right one.
#
# If unset, this will be considered to be `public_endpoint`, which
# normally would be set to the same value on all workers, effectively
# disabling the proxying behavior.
#
# Possible values:
# * A URL by which this worker is reachable from other workers
#
# Related options:
# * public_endpoint
#
# (string value)
#worker_self_reference_url = <None>
#
# Strategy to determine the preference order of image locations.
#
# This configuration option indicates the strategy to determine
# the order in which an image's locations must be accessed to
# serve the image's data. Glance then retrieves the image data
# from the first responsive active location it finds in this list.
#
# This option takes one of two possible values ``location_order``
# and ``store_type``. The default value is ``location_order``,
# which suggests that image data be served by using locations in
# the order they are stored in Glance. The ``store_type`` value
# sets the image location preference based on the order in which
# the storage backends are listed as a comma separated list for
# the configuration option ``store_type_preference``.
#
# Possible values:
# * location_order
# * store_type
#
# Related options:
# * store_type_preference
#
# (string value)
# Possible values:
# location_order - <No description provided>
# store_type - <No description provided>
#location_strategy = location_order
#
# The location of the property protection file.
#
# Provide a valid path to the property protection file which contains
# the rules for property protections and the roles/policies associated
# with them.
#
# A property protection file, when set, restricts the Glance image
# properties to be created, read, updated and/or deleted by a specific
# set of users that are identified by either roles or policies.
# If this configuration option is not set, by default, property
# protections won't be enforced. If a value is specified and the file
# is not found, the glance-api service will fail to start.
# More information on property protections can be found at:
# https://docs.openstack.org/glance/latest/admin/property-protections.html
#
# Possible values:
# * Empty string
# * Valid path to the property protection configuration file
#
# Related options:
# * property_protection_rule_format
#
# (string value)
#property_protection_file = <None>
#
# Rule format for property protection.
#
# Provide the desired way to set property protection on Glance
# image properties. The two permissible values are ``roles``
# and ``policies``. The default value is ``roles``.
#
# If the value is ``roles``, the property protection file must
# contain a comma separated list of user roles indicating
# permissions for each of the CRUD operations on each property
# being protected. If set to ``policies``, a policy defined in
# policy.yaml is used to express property protections for each
# of the CRUD operations. Examples of how property protections
# are enforced based on ``roles`` or ``policies`` can be found at:
# https://docs.openstack.org/glance/latest/admin/property-
# protections.html#examples
#
# Possible values:
# * roles
# * policies
#
# Related options:
# * property_protection_file
#
# (string value)
# Possible values:
# roles - <No description provided>
# policies - <No description provided>
#property_protection_rule_format = roles
#
# IP address to bind the glance servers to.
#
# Provide an IP address to bind the glance server to. The default
# value is ``0.0.0.0``.
#
# Edit this option to enable the server to listen on one particular
# IP address on the network card. This facilitates selection of a
# particular network interface for the server.
#
# Possible values:
# * A valid IPv4 address
# * A valid IPv6 address
#
# Related options:
# * None
#
# (host address value)
#bind_host = 0.0.0.0
#
# Port number on which the server will listen.
#
# Provide a valid port number to bind the server's socket to. This
# port is then set to identify processes and forward network messages
# that arrive at the server. The default bind_port value for the API
# server is 9292 and for the registry server is 9191.
#
# Possible values:
# * A valid port number (0 to 65535)
#
# Related options:
# * None
#
# (port value)
# Minimum value: 0
# Maximum value: 65535
#bind_port = <None>
#
# Number of Glance worker processes to start.
#
# Provide a non-negative integer value to set the number of child
# process workers to service requests. By default, the number of CPUs
# available is set as the value for ``workers`` limited to 8. For
# example if the processor count is 6, 6 workers will be used, if the
# processor count is 24 only 8 workers will be used. The limit will only
# apply to the default value, if 24 workers is configured, 24 is used.
#
# Each worker process is made to listen on the port set in the
# configuration file and contains a greenthread pool of size 1000.
#
# NOTE: Setting the number of workers to zero, triggers the creation
# of a single API process with a greenthread pool of size 1000.
#
# Possible values:
# * 0
# * Positive integer value (typically equal to the number of CPUs)
#
# Related options:
# * None
#
# (integer value)
# Minimum value: 0
#workers = <None>
#
# Maximum line size of message headers.
#
# Provide an integer value representing a length to limit the size of
# message headers. The default value is 16384.
#
# NOTE: ``max_header_line`` may need to be increased when using large
# tokens (typically those generated by the Keystone v3 API with big
# service catalogs). However, it is to be kept in mind that larger
# values for ``max_header_line`` would flood the logs.
#
# Setting ``max_header_line`` to 0 sets no limit for the line size of
# message headers.
#
# Possible values:
# * 0
# * Positive integer
#
# Related options:
# * None
#
# (integer value)
# Minimum value: 0
#max_header_line = 16384
#
# Set keep alive option for HTTP over TCP.
#
# Provide a boolean value to determine sending of keep alive packets.
# If set to ``False``, the server returns the header
# "Connection: close". If set to ``True``, the server returns a
# "Connection: Keep-Alive" in its responses. This enables retention of
# the same TCP connection for HTTP conversations instead of opening a
# new one with each new request.
#
# This option must be set to ``False`` if the client socket connection
# needs to be closed explicitly after the response is received and
# read successfully by the client.
#
# Possible values:
# * True
# * False
#
# Related options:
# * None
#
# (boolean value)
#http_keepalive = true
#
# Timeout for client connections' socket operations.
#
# Provide a valid integer value representing time in seconds to set
# the period of wait before an incoming connection can be closed. The
# default value is 900 seconds.
#
# The value zero implies wait forever.
#
# Possible values:
# * Zero
# * Positive integer
#
# Related options:
# * None
#
# (integer value)
# Minimum value: 0
#client_socket_timeout = 900
#
# Set the number of incoming connection requests.
#
# Provide a positive integer value to limit the number of requests in
# the backlog queue. The default queue size is 4096.
#
# An incoming connection to a TCP listener socket is queued before a
# connection can be established with the server. Setting the backlog
# for a TCP socket ensures a limited queue size for incoming traffic.
#
# Possible values:
# * Positive integer
#
# Related options:
# * None
#
# (integer value)
# Minimum value: 1
#backlog = 4096
#
# Set the wait time before a connection recheck.
#
# Provide a positive integer value representing time in seconds which
# is set as the idle wait time before a TCP keep alive packet can be
# sent to the host. The default value is 600 seconds.
#
# Setting ``tcp_keepidle`` helps verify at regular intervals that a
# connection is intact and prevents frequent TCP connection
# reestablishment.
#
# Possible values:
# * Positive integer value representing time in seconds
#
# Related options:
# * None
#
# (integer value)
# Minimum value: 1
#tcp_keepidle = 600
# DEPRECATED: The HTTP header used to determine the scheme for the original
# request, even if it was removed by an SSL terminating proxy. Typical value is
# "HTTP_X_FORWARDED_PROTO". (string value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: Use the http_proxy_to_wsgi middleware instead.
#secure_proxy_ssl_header = <None>
# Key:Value pair of store identifier and store type. In case of multiple
# backends should be separated using comma. (dict value)
#enabled_backends = <None>
#
# The relative path to sqlite file database that will be used for image cache
# management.
#
# This is a relative path to the sqlite file database that tracks the age and
# usage statistics of image cache. The path is relative to image cache base
# directory, specified by the configuration option ``image_cache_dir``.
#
# This is a lightweight database with just one table.
#
# Possible values:
# * A valid relative path to sqlite file database
#
# Related options:
# * ``image_cache_dir``
#
# (string value)
#image_cache_sqlite_db = cache.db
#
# The driver to use for image cache management.
#
# This configuration option provides the flexibility to choose between the
# different image-cache drivers available. An image-cache driver is responsible
# for providing the essential functions of image-cache like write images to/read
# images from cache, track age and usage of cached images, provide a list of
# cached images, fetch size of the cache, queue images for caching and clean up
# the cache, etc.
#
# The essential functions of a driver are defined in the base class
# ``glance.image_cache.drivers.base.Driver``. All image-cache drivers (existing
# and prospective) must implement this interface. Currently available drivers
# are ``sqlite`` and ``xattr``. These drivers primarily differ in the way they
# store the information about cached images:
#
# * The ``sqlite`` driver uses a sqlite database (which sits on every glance
# node locally) to track the usage of cached images.
# * The ``xattr`` driver uses the extended attributes of files to store this
# information. It also requires a filesystem that sets ``atime`` on the files
# when accessed.
#
# Possible values:
# * sqlite
# * xattr
#
# Related options:
# * None
#
# (string value)
# Possible values:
# sqlite - <No description provided>
# xattr - <No description provided>
#image_cache_driver = sqlite
#
# The upper limit on cache size, in bytes, after which the cache-pruner cleans
# up the image cache.
#
# NOTE: This is just a threshold for cache-pruner to act upon. It is NOT a
# hard limit beyond which the image cache would never grow. In fact, depending
# on how often the cache-pruner runs and how quickly the cache fills, the image
# cache can far exceed the size specified here very easily. Hence, care must be
# taken to appropriately schedule the cache-pruner and in setting this limit.
#
# Glance caches an image when it is downloaded. Consequently, the size of the
# image cache grows over time as the number of downloads increases. To keep the
# cache size from becoming unmanageable, it is recommended to run the
# cache-pruner as a periodic task. When the cache pruner is kicked off, it
# compares the current size of image cache and triggers a cleanup if the image
# cache grew beyond the size specified here. After the cleanup, the size of
# cache is less than or equal to size specified here.
#
# Possible values:
# * Any non-negative integer
#
# Related options:
# * None
#
# (integer value)
# Minimum value: 0
#image_cache_max_size = 10737418240
#
# The amount of time, in seconds, an incomplete image remains in the cache.
#
# Incomplete images are images for which download is in progress. Please see the
# description of configuration option ``image_cache_dir`` for more detail.
# Sometimes, due to various reasons, it is possible the download may hang and
# the incompletely downloaded image remains in the ``incomplete`` directory.
# This configuration option sets a time limit on how long the incomplete images
# should remain in the ``incomplete`` directory before they are cleaned up.
# Once an incomplete image spends more time than is specified here, it'll be
# removed by cache-cleaner on its next run.
#
# It is recommended to run cache-cleaner as a periodic task on the Glance API
# nodes to keep the incomplete images from occupying disk space.
#
# Possible values:
# * Any non-negative integer
#
# Related options:
# * None
#
# (integer value)
# Minimum value: 0
#image_cache_stall_time = 86400
#
# Base directory for image cache.
#
# This is the location where image data is cached and served out of. All cached
# images are stored directly under this directory. This directory also contains
# three subdirectories, namely, ``incomplete``, ``invalid`` and ``queue``.
#
# The ``incomplete`` subdirectory is the staging area for downloading images. An
# image is first downloaded to this directory. When the image download is
# successful it is moved to the base directory. However, if the download fails,
# the partially downloaded image file is moved to the ``invalid`` subdirectory.
#
# The ``queue``subdirectory is used for queuing images for download. This is
# used primarily by the cache-prefetcher, which can be scheduled as a periodic
# task like cache-pruner and cache-cleaner, to cache images ahead of their
# usage.
# Upon receiving the request to cache an image, Glance touches a file in the
# ``queue`` directory with the image id as the file name. The cache-prefetcher,
# when running, polls for the files in ``queue`` directory and starts
# downloading them in the order they were created. When the download is
# successful, the zero-sized file is deleted from the ``queue`` directory.
# If the download fails, the zero-sized file remains and it'll be retried the
# next time cache-prefetcher runs.
#
# Possible values:
# * A valid path
#
# Related options:
# * ``image_cache_sqlite_db``
#
# (string value)
#image_cache_dir = <None>
#
# Default publisher_id for outgoing Glance notifications.
#
# This is the value that the notification driver will use to identify
# messages for events originating from the Glance service. Typically,
# this is the hostname of the instance that generated the message.
#
# Possible values:
# * Any reasonable instance identifier, for example: image.host1
#
# Related options:
# * None
#
# (string value)
#default_publisher_id = image.localhost
#
# List of notifications to be disabled.
#
# Specify a list of notifications that should not be emitted.
# A notification can be given either as a notification type to
# disable a single event notification, or as a notification group
# prefix to disable all event notifications within a group.
#
# Possible values:
# A comma-separated list of individual notification types or
# notification groups to be disabled. Currently supported groups:
#
# * image
# * image.member
# * task
# * metadef_namespace
# * metadef_object
# * metadef_property
# * metadef_resource_type
# * metadef_tag
#
# For a complete listing and description of each event refer to:
# http://docs.openstack.org/developer/glance/notifications.html
#
# The values must be specified as: <group_name>.<event_name>
# For example: image.create,task.success,metadef_tag
#
# Related options:
# * None
#
# (list value)
#disabled_notifications =
#
# The amount of time, in seconds, to delay image scrubbing.
#