glance-scrubber.conf¶
DEFAULT¶
-
allow_additional_image_properties
¶ Type: boolean Default: true
Whether to allow users to specify image properties beyond what the image schema provides
-
image_member_quota
¶ Type: integer Default: 128
Maximum number of image members per image. Negative values evaluate to unlimited.
-
image_property_quota
¶ Type: integer Default: 128
Maximum number of properties allowed on an image. Negative values evaluate to unlimited.
-
image_tag_quota
¶ Type: integer Default: 128
Maximum number of tags allowed on an image. Negative values evaluate to unlimited.
-
image_location_quota
¶ Type: integer Default: 10
Maximum number of locations allowed on an image. Negative values evaluate to unlimited.
-
data_api
¶ Type: string Default: glance.db.sqlalchemy.api
Python module path of data access API
-
limit_param_default
¶ Type: integer Default: 25
Default value for the number of items returned by a request if not specified explicitly in the request
-
api_limit_max
¶ Type: integer Default: 1000
Maximum permissible number of items that could be returned by a request
-
show_image_direct_url
¶ Type: boolean Default: false
Whether to include the backend image storage location in image properties. Revealing storage location can be a security risk, so use this setting with caution!
-
show_multiple_locations
¶ Type: boolean Default: false
Whether to include the backend image locations in image properties. For example, if using the file system store a URL of “file:///path/to/image” will be returned to the user in the ‘direct_url’ meta-data field. Revealing storage location can be a security risk, so use this setting with caution! Setting this to true overrides the show_image_direct_url option.
-
image_size_cap
¶ Type: integer Default: 1099511627776
Maximum Value: 9223372036854775808 Maximum size of image a user can upload in bytes. Defaults to 1099511627776 bytes (1 TB).WARNING: this value should only be increased after careful consideration and must be set to a value under 8 EB (9223372036854775808).
-
user_storage_quota
¶ Type: string Default: 0
Set a system wide quota for every user. This value is the total capacity that a user can use across all storage systems. A value of 0 means unlimited.Optional unit can be specified for the value. Accepted units are B, KB, MB, GB and TB representing Bytes, KiloBytes, MegaBytes, GigaBytes and TeraBytes respectively. If no unit is specified then Bytes is assumed. Note that there should not be any space between value and unit and units are case sensitive.
-
enable_v1_api
¶ Type: boolean Default: true
Deploy the v1 OpenStack Images API.
-
enable_v2_api
¶ Type: boolean Default: true
Deploy the v2 OpenStack Images API.
-
enable_v1_registry
¶ Type: boolean Default: true
Deploy the v1 OpenStack Registry API.
-
enable_v2_registry
¶ Type: boolean Default: true
Deploy the v2 OpenStack Registry API.
-
pydev_worker_debug_host
¶ Type: string Default: <None>
The hostname/IP of the pydev process listening for debug connections
-
pydev_worker_debug_port
¶ Type: unknown type Default: 5678
Minimum Value: 0 Maximum Value: 65535 The port on which a pydev process is listening for connections.
-
metadata_encryption_key
¶ Type: string Default: <None>
AES key for encrypting store ‘location’ metadata. This includes, if used, Swift or S3 credentials. Should be set to a random string of length 16, 24 or 32 bytes
-
digest_algorithm
¶ Type: string Default: sha256
Digest algorithm which will be used for digital signature. Use the command “openssl list-message-digest-algorithms” to get the available algorithms supported by the version of OpenSSL on the platform. Examples are “sha1”, “sha256”, “sha512”, etc.
-
scrub_time
¶ Type: integer Default: 0
The amount of time in seconds to delay before performing a delete.
-
scrub_pool_size
¶ Type: integer Default: 1
The size of thread pool to be used for scrubbing images. The default is one, which signifies serial scrubbing. Any value above one indicates the max number of images that may be scrubbed in parallel.
-
delayed_delete
¶ Type: boolean Default: false
Turn on/off delayed delete.
-
admin_role
¶ Type: string Default: admin
Role used to identify an authenticated user as administrator.
-
send_identity_headers
¶ Type: boolean Default: false
Whether to pass through headers containing user and tenant information when making requests to the registry. This allows the registry to use the context middleware without keystonemiddleware’s auth_token middleware, removing calls to the keystone auth service. It is recommended that when using this option, secure communication between glance api and glance registry is ensured by means other than auth_token middleware.
-
wakeup_time
¶ Type: integer Default: 300
Loop time between checking for new items to schedule for delete.
-
daemon
¶ Type: boolean Default: false
Run as a long-running process. When not specified (the default) run the scrub operation once and then exits. When specified do not exit and run scrub on wakeup_time interval as specified in the config.
-
registry_client_protocol
¶ Type: string Default: http
The protocol to use for communication with the registry server. Either http or https.
-
registry_client_key_file
¶ Type: string Default: <None>
The path to the key file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_KEY_FILE environment variable to a filepath of the key file
-
registry_client_cert_file
¶ Type: string Default: <None>
The path to the cert file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_CERT_FILE environment variable to a filepath of the CA cert file
-
registry_client_ca_file
¶ Type: string Default: <None>
The path to the certifying authority cert file to use in SSL connections to the registry server, if any. Alternately, you may set the GLANCE_CLIENT_CA_FILE environment variable to a filepath of the CA cert file.
-
registry_client_insecure
¶ Type: boolean Default: false
When using SSL in connections to the registry server, do not require validation via a certifying authority. This is the registry’s equivalent of specifying –insecure on the command line using glanceclient for the API.
-
registry_client_timeout
¶ Type: integer Default: 600
The period of time, in seconds, that the API server will wait for a registry request to complete. A value of 0 implies no timeout.
-
use_user_token
¶ Type: boolean Default: true
Whether to pass through the user token when making requests to the registry. To prevent failures with token expiration during big files upload, it is recommended to set this parameter to False.If “use_user_token” is not in effect, then admin credentials can be specified.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.
-
admin_user
¶ Type: string Default: <None>
The administrators user name. If “use_user_token” is not in effect, then admin credentials can be specified.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.
-
admin_password
¶ Type: string Default: <None>
The administrators password. If “use_user_token” is not in effect, then admin credentials can be specified.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.
-
admin_tenant_name
¶ Type: string Default: <None>
The tenant name of the administrative user. If “use_user_token” is not in effect, then admin tenant name can be specified.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.
-
auth_url
¶ Type: string Default: <None>
The URL to the keystone service. If “use_user_token” is not in effect and using keystone auth, then URL of keystone can be specified.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.
-
auth_strategy
¶ Type: string Default: noauth
The strategy to use for authentication. If “use_user_token” is not in effect, then auth strategy can be specified.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.
-
auth_region
¶ Type: string Default: <None>
The region for the authentication service. If “use_user_token” is not in effect and using keystone auth, then region name can be specified.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
Reason: This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.
-
registry_host
¶ Type: string Default: 0.0.0.0
Address to find the registry server.
-
registry_port
¶ Type: unknown type Default: 9191
Minimum Value: 0 Maximum Value: 65535 Port the registry server is listening on.
-
debug
¶ Type: boolean Default: false
If set to true, the logging level will be set to DEBUG instead of the default INFO level.
-
verbose
¶ Type: boolean Default: true
If set to false, the logging level will be set to WARNING instead of the default INFO level.
Warning
This option is deprecated for removal. Its value may be silently ignored in the future.
-
log_config_append
¶ Type: string Default: <None>
The name of a logging configuration file. This file is appended to any existing logging configuration files. For details about logging configuration files, see the Python logging module documentation. Note that when logging configuration files are used then all logging configuration is set in the configuration file and other logging configuration options are ignored (for example, logging_context_format_string).
Deprecated Variations¶ Group Name DEFAULT log_config
-
log_date_format
¶ Type: string Default: %Y-%m-%d %H:%M:%S
Defines the format string for %(asctime)s in log records. Default: the value above . This option is ignored if log_config_append is set.
-
log_file
¶ Type: string Default: <None>
(Optional) Name of log file to send logging output to. If no default is set, logging will go to stderr as defined by use_stderr. This option is ignored if log_config_append is set.
Deprecated Variations¶ Group Name DEFAULT logfile
-
log_dir
¶ Type: string Default: <None>
(Optional) The base directory used for relative log_file paths. This option is ignored if log_config_append is set.
Deprecated Variations¶ Group Name DEFAULT logdir
-
watch_log_file
¶ Type: boolean Default: false
Uses logging handler designed to watch file system. When log file is moved or removed this handler will open a new log file with specified path instantaneously. It makes sense only if log_file option is specified and Linux platform is used. This option is ignored if log_config_append is set.
-
use_syslog
¶ Type: boolean Default: false
Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set.
-
syslog_log_facility
¶ Type: string Default: LOG_USER
Syslog facility to receive log lines. This option is ignored if log_config_append is set.
-
use_stderr
¶ Type: boolean Default: true
Log output to standard error. This option is ignored if log_config_append is set.
-
logging_context_format_string
¶ Type: string Default: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
Format string to use for log messages with context.
-
logging_default_format_string
¶ Type: string Default: %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
Format string to use for log messages when context is undefined.
-
logging_debug_format_suffix
¶ Type: string Default: %(funcName)s %(pathname)s:%(lineno)d
Additional data to append to log message when logging level for the message is DEBUG.
-
logging_exception_prefix
¶ Type: string Default: %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
Prefix each line of exception output with this format.
-
logging_user_identity_format
¶ Type: string Default: %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
Defines the format string for %(user_identity)s that is used in logging_context_format_string.
-
default_log_levels
¶ Type: list Default: amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
List of package logging levels in logger=LEVEL pairs. This option is ignored if log_config_append is set.
-
publish_errors
¶ Type: boolean Default: false
Enables or disables publication of error events.
-
instance_format
¶ Type: string Default: "[instance: %(uuid)s] "
The format for an instance that is passed with the log message.
-
instance_uuid_format
¶ Type: string Default: "[instance: %(uuid)s] "
The format for an instance UUID that is passed with the log message.
-
fatal_deprecations
¶ Type: boolean Default: false
Enables or disables fatal status of deprecations.
database¶
-
sqlite_db
¶ Type: string Default: oslo.sqlite
The file name to use with SQLite.
Deprecated Variations¶ Group Name DEFAULT sqlite_db
-
sqlite_synchronous
¶ Type: boolean Default: true
If True, SQLite uses synchronous mode.
Deprecated Variations¶ Group Name DEFAULT sqlite_synchronous
-
backend
¶ Type: string Default: sqlalchemy
The back end to use for the database.
Deprecated Variations¶ Group Name DEFAULT db_backend
-
connection
¶ Type: string Default: <None>
The SQLAlchemy connection string to use to connect to the database.
Deprecated Variations¶ Group Name DEFAULT sql_connection DATABASE sql_connection sql connection
-
slave_connection
¶ Type: string Default: <None>
The SQLAlchemy connection string to use to connect to the slave database.
-
mysql_sql_mode
¶ Type: string Default: TRADITIONAL
The SQL mode to be used for MySQL sessions. This option, including the default, overrides any server-set SQL mode. To use whatever SQL mode is set by the server configuration, set this to no value. Example: mysql_sql_mode=
-
idle_timeout
¶ Type: integer Default: 3600
Timeout before idle SQL connections are reaped.
Deprecated Variations¶ Group Name DEFAULT sql_idle_timeout DATABASE sql_idle_timeout sql idle_timeout
-
min_pool_size
¶ Type: integer Default: 1
Minimum number of SQL connections to keep open in a pool.
Deprecated Variations¶ Group Name DEFAULT sql_min_pool_size DATABASE sql_min_pool_size
-
max_pool_size
¶ Type: integer Default: <None>
Maximum number of SQL connections to keep open in a pool.
Deprecated Variations¶ Group Name DEFAULT sql_max_pool_size DATABASE sql_max_pool_size
-
max_retries
¶ Type: integer Default: 10
Maximum number of database connection retries during startup. Set to -1 to specify an infinite retry count.
Deprecated Variations¶ Group Name DEFAULT sql_max_retries DATABASE sql_max_retries
-
retry_interval
¶ Type: integer Default: 10
Interval between retries of opening a SQL connection.
Deprecated Variations¶ Group Name DEFAULT sql_retry_interval DATABASE reconnect_interval
-
max_overflow
¶ Type: integer Default: 50
If set, use this value for max_overflow with SQLAlchemy.
Deprecated Variations¶ Group Name DEFAULT sql_max_overflow DATABASE sqlalchemy_max_overflow
-
connection_debug
¶ Type: integer Default: 0
Verbosity of SQL debugging information: 0=None, 100=Everything.
Deprecated Variations¶ Group Name DEFAULT sql_connection_debug
-
connection_trace
¶ Type: boolean Default: false
Add Python stack traces to SQL as comment strings.
Deprecated Variations¶ Group Name DEFAULT sql_connection_trace
-
pool_timeout
¶ Type: integer Default: <None>
If set, use this value for pool_timeout with SQLAlchemy.
Deprecated Variations¶ Group Name DATABASE sqlalchemy_pool_timeout
-
use_db_reconnect
¶ Type: boolean Default: false
Enable the experimental use of database reconnect on connection lost.
-
db_retry_interval
¶ Type: integer Default: 1
Seconds between retries of a database transaction.
-
db_inc_retry_interval
¶ Type: boolean Default: true
If True, increases the interval between retries of a database operation up to db_max_retry_interval.
-
db_max_retry_interval
¶ Type: integer Default: 10
If db_inc_retry_interval is set, the maximum seconds between retries of a database operation.
-
db_max_retries
¶ Type: integer Default: 20
Maximum retries in case of connection error or deadlock error before error is raised. Set to -1 to specify an infinite retry count.
-
use_tpool
¶ Type: boolean Default: false
Enable the experimental use of thread pooling for all DB API calls
Deprecated Variations¶ Group Name DEFAULT dbapi_use_tpool
oslo_concurrency¶
-
disable_process_locking
¶ Type: boolean Default: false
Enables or disables inter-process locks.
Deprecated Variations¶ Group Name DEFAULT disable_process_locking
-
lock_path
¶ Type: string Default: <None>
Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set.
Deprecated Variations¶ Group Name DEFAULT lock_path
oslo_policy¶
-
policy_file
¶ Type: string Default: policy.json
The JSON file that defines policies.
Deprecated Variations¶ Group Name DEFAULT policy_file
-
policy_default_rule
¶ Type: string Default: default
Default rule. Enforced when a requested rule is not found.
Deprecated Variations¶ Group Name DEFAULT policy_default_rule
-
policy_dirs
¶ Type: multi-valued Default: policy.d
Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.
Deprecated Variations¶ Group Name DEFAULT policy_dirs