Contents
Compute relies on an external image service to store virtual machine images and maintain a catalog of available images. By default, Compute is configured to use the OpenStack Image Service (Glance), which is currently the only supported image service.
| Configuration option=Default value | Description |
| allowed_direct_url_schemes= | (ListOpt) A list of url scheme that can be downloaded directly via the direct_url. Currently supported schemes: [file]. |
| filesystems= | (ListOpt) A list of filesystems that will be configured in this file under the sections image_file_url:<list entry name> |
| glance_api_insecure=False | (BoolOpt) Allow to perform insecure SSL (https) requests to glance |
| glance_api_servers=$glance_host:$glance_port | (ListOpt) A list of the glance api servers available to nova. Prefix with https:// for ssl-based glance api servers. ([hostname|ip]:port) |
| glance_host=$my_ip | (StrOpt) default glance hostname or ip |
| glance_num_retries=0 | (IntOpt) Number retries when downloading an image from glance |
| glance_port=9292 | (IntOpt) default glance port |
| glance_protocol=http | (StrOpt) Default protocol to use when connecting to glance. Set to https for SSL. |
| osapi_glance_link_prefix=None | (StrOpt) Base URL that will be presented to users in links to glance resources |
If your installation requires euca2ools to register new
images, you must run the nova-objectstore
service. This service provides an Amazon S3 front-end for Glance,
which is required by euca2ools.
| Configuration option=Default value | Description |
| buckets_path=$state_path/buckets | (StrOpt) path to s3 buckets |
| image_decryption_dir=/tmp | (StrOpt) parent dir for tempdir used for image decryption |
| s3_access_key=notchecked | (StrOpt) access key to use for s3 server for images |
| s3_affix_tenant=False | (BoolOpt) whether to affix the tenant id to the access key when downloading from s3 |
| s3_host=$my_ip | (StrOpt) hostname or ip for OpenStack to use when accessing the s3 api |
| s3_listen=0.0.0.0 | (StrOpt) IP address for S3 API to listen |
| s3_listen_port=3333 | (IntOpt) port for s3 api to listen |
| s3_port=3333 | (IntOpt) port used when accessing the s3 api |
| s3_secret_key=notchecked | (StrOpt) secret key to use for s3 server for images |
| s3_use_ssl=False | (BoolOpt) whether to use ssl when talking to s3 |
You can modify many of the OpenStack Image Catalogue and Delivery Service. The following tables provide a comprehensive list.
| Configuration option=Default value | Description |
| allow_additional_image_properties=True | (BoolOpt) Whether to allow users to specify image properties beyond what the image schema provides |
| api_limit_max=1000 | (IntOpt) Maximum permissible number of items that could be returned by a request |
| backlog=4096 | (IntOpt) The backlog value that will be used when creating the TCP listener socket. |
| bind_host=0.0.0.0 | (StrOpt) Address to bind the server. Useful when selecting a particular network interface. |
| bind_port=None | (IntOpt) The port on which the server will listen. |
| data_api=glance.db.sqlalchemy.api | (StrOpt) Python module path of data access API |
| disable_process_locking=False | (BoolOpt) Whether to disable inter-process locks |
| limit_param_default=25 | (IntOpt) Default value for the number of items returned by a request if not specified explicitly in the request |
| lock_path=None | (StrOpt) Directory to use for lock files. |
| metadata_encryption_key=None | (StrOpt) Key used for encrypting sensitive metadata while talking to the registry or database. |
| notifier_strategy=default | (StrOpt) Notifications can be sent when images are create, updated or deleted. There are three methods of sending notifications, logging (via the log_file directive), rabbit (via a rabbitmq queue), qpid (via a Qpid message queue), or noop (no notifications sent, the default). |
| os_region_name=None | (StrOpt) Region name of this node |
| property_protection_file=None | (StrOpt) The location of the property protection file. |
| show_image_direct_url=False | (BoolOpt) Whether to include the backend image storage location in image properties. Revealing storage location can be a security risk, so use this setting with caution! |
| use_tpool=False | (BoolOpt) Enable the use of thread pooling for all DB API calls |
| user_storage_quota=0 | (IntOpt) Set a system wide quota for every user. This value is the total number of bytes that a user can use across all storage systems. A value of 0 means unlimited. |
| workers=1 | (IntOpt) The number of child process workers that will be created to service API requests. |
| Configuration option=Default value | Description |
| admin_role=admin | (StrOpt) Role used to identify an authenticated user as administrator. |
| allow_anonymous_access=False | (BoolOpt) Allow unauthenticated users to access the API with read-only privileges. This only applies when using ContextMiddleware. |
| db_auto_create=False | (BoolOpt) A boolean that determines if the database will be automatically created. |
| default_store=file | (StrOpt) Default scheme to use to store image data. The scheme must be registered by one of the stores defined by the 'known_stores' config option. |
| default_publisher_id=$host | (StrOpt) Default publisher_id for outgoing notifications |
| enable_v1_api=True | (BoolOpt) Deploy the v1 OpenStack Images API. |
| enable_v2_api=True | (BoolOpt) Deploy the v2 OpenStack Images API. |
| image_size_cap=1099511627776 | (IntOpt) Maximum size of image a user can upload in bytes. Defaults to 1099511627776 bytes (1 TB). |
| known_stores=glance.store.filesystem.Store,glance.store.http.Store,glance.store.rbd.Store,glance.store.s3.Store,glance.store.swift.Store,glance.store.sheepdog.Store,glance.store.cinder.Store | (ListOpt) List of which store classes and store class locations are currently known to glance at startup. |
| notification_driver=[] | (MultiStrOpt) Driver or drivers to handle sending notifications |
| owner_is_tenant=True | (BoolOpt) When true, this option sets the owner of an image to be the tenant. Otherwise, the owner of the image will be the authenticated user issuing the request. |
| send_identity_headers=False | (BoolOpt) Whether to pass through headers containing user and tenant information when making requests to the registry. This allows the registry to use the context middleware without the keystoneclients' auth_token middleware, removing calls to the keystone auth service. It is recommended that when using this option, secure communication between glance api and glance registry is ensured by means other than auth_token middleware. |
| show_multiple_locations=False | (BoolOpt) Whether to include the backend image locations in image properties. Revealing storage location can be a security risk, so use this setting with caution! The overrides show_image_direct_url. |
| use_user_token=True | (BoolOpt) Whether to pass through the user token when making requests to the registry. |
| Configuration option=Default value | Description |
| cinder_catalog_info=volume:cinder:publicURL | (StrOpt) Info to match when looking for cinder in the service catalog. Format is : separated values of the form: <service_type>:<service_name>:<endpoint_type> |
| cinder_ca_certificates_file=None | (StrOpt) Location of ca certicates file to use for cinder client requests. |
| cinder_http_retries=3 | (IntOpt) Number of cinderclient retries on failed http calls |
| cinder_endpoint_template=None | (StrOpt) Override service catalog lookup with template for cinder endpoint e.g. http://localhost:8776/v1/%(project_id)s |
| cinder_api_insecure=False | (BoolOpt) Allow to perform insecure SSL requests to cinder |
| Configuration option=Default value | Description |
| sql_connection=sqlite:///glance.sqlite | (StrOpt) A valid SQLAlchemy connection string for the registry database. Default: %(default)s |
| sql_idle_timeout=3600 | (IntOpt) Period in seconds after which SQLAlchemy should reestablish its connection to the database. |
| sql_max_retries=60 | (IntOpt) The number of times to retry a connection to the SQLserver. |
| sql_retry_interval=1 | (IntOpt) The amount of time to wait (in seconds) before attempting to retry the SQL connection. |
| sqlalchemy_debug=False | (BoolOpt) Enable debug logging in sqlalchemy which prints every query and result |
| Configuration option=Default value | Description |
| filesystem_store_datadir=None | (StrOpt) Directory to which the Filesystem backend store writes images. |
| filesystem_store_metadata_file=None | (StrOpt) The path to a file which contains the metadata to be returned with any location associated with this store. The file must contain a valid JSON dict. |
| Configuration option=Default value | Description |
| mongodb_store_uri=None | (StrOpt) Hostname or IP address of the instance to connect to, or a mongodb URI, or a list of hostnames / mongodb URIs. If host is an IPv6 literal it must be enclosed in '[' and ']' characters following the RFC2732 URL syntax (e.g. '[::1]' for localhost) |
| mongodb_store_db=None | (StrOpt) Database to use |
| Configuration option=Default value | Description |
| cleanup_scrubber=False | (BoolOpt) A boolean that determines if the scrubber should clean up the files it uses for taking data. Only one server in your deployment should be designated the cleanup host. |
| cleanup_scrubber_time=86400 | (IntOpt) Items must have a modified time that is older than this value in order to be candidates for cleanup. |
| delayed_delete=False | (BoolOpt) Turn on/off delayed delete. |
| image_cache_dir=None | (StrOpt) Base directory that the Image Cache uses. |
| image_cache_driver=sqlite | (StrOpt) The driver to use for image cache management. |
| image_cache_max_size=10737418240 | (IntOpt) The maximum size in bytes that the cache can use. |
| image_cache_sqlite_db=cache.db | (StrOpt) The path to the sqlite file database that will be used for image cache management. |
| image_cache_stall_time=86400 | (IntOpt) The amount of time to let an image remain in the cache without being accessed |
| scrub_time=0 | (IntOpt) The amount of time in seconds to delay before performing a delete. |
| scrubber_datadir=/var/lib/glance/scrubber | (StrOpt) Directory that the scrubber will use to track information about what to delete. Make sure this is set in glance-api.conf and glance-scrubber.conf |
| Configuration option=Default value | Description |
| debug=False | (BoolOpt) Print debugging output (set logging level to DEBUG instead of default WARNING level). |
| default_log_levels=amqplib=WARN,sqlalchemy=WARN,boto=WARN,suds=INFO,keystone=INFO,eventlet.wsgi.server=WARN | (ListOpt) list of logger=LEVEL pairs |
| default_notification_level=INFO | (StrOpt) Default notification level for outgoing notifications |
| fatal_deprecations=False | (BoolOpt) make deprecations fatal |
| instance_format=[instance: %(uuid)s] | (StrOpt) If an instance is passed with the log message, format it like this |
| instance_uuid_format=[instance: %(uuid)s] | (StrOpt) If an instance UUID is passed with the log message, format it like this |
| log_config=None | (StrOpt) If this option is specified, the logging configuration file specified is used and overrides any other logging options specified. Please see the Python logging module documentation for details on logging configuration files. |
| log_date_format=%Y-%m-%d %H:%M:%S | (StrOpt) Format string for %%(asctime)s in log records. Default: %(default)s |
| log_dir=None | (StrOpt) (Optional) The base directory used for relative --log-file paths |
| log_file=None | (StrOpt) (Optional) Name of log file to output to. If no default is set, logging will go to stdout. |
| log_format=None | (StrOpt) A logging.Formatter log message format string which may use any of the available logging.LogRecord attributes. This option is deprecated. Please use logging_context_format_string and logging_default_format_string instead. |
| logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s | (StrOpt) format string to use for log messages with context |
| logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d | (StrOpt) data to append to log format when level is DEBUG |
| logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s | (StrOpt) format string to use for log messages without context |
| logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s | (StrOpt) prefix each line of exception output with this format |
| publish_errors=False | (BoolOpt) publish error events |
| syslog_log_facility=LOG_USER | (StrOpt) syslog facility to receive log lines |
| use_stderr=True | (BoolOpt) Log output to standard error |
| use_syslog=False | (BoolOpt) Use syslog for logging. |
| verbose=False | (BoolOpt) Print more verbose output (set logging level to INFO instead of default WARNING level). |
| Configuration option=Default value | Description |
| config_file=None | (StrOpt) Name of the paste configuration file. |
| flavor=None | (StrOpt) Partial name of a pipeline in your paste configuration file with the service name removed. For example, if your paste section name is [pipeline:glance-api-keystone] use the value "keystone" |
| Configuration option=Default value | Description |
| policy_default_rule=default | (StrOpt) The default policy to use. |
| policy_file=policy.json | (StrOpt) The location of the policy file. |
| Configuration option=Default value | Description |
| qpid_heartbeat=60 | (IntOpt) Seconds between connection keepalive heartbeats |
| qpid_hostname=localhost | (StrOpt) Qpid broker hostname |
| qpid_notification_exchange=glance | (StrOpt) Qpid exchange for notifications |
| qpid_notification_topic=notifications | (StrOpt) Qpid topic for notifications |
| qpid_password= | (StrOpt) Password for qpid connection |
| qpid_port=5672 | (StrOpt) Qpid broker port |
| qpid_protocol=tcp | (StrOpt) Transport to use, either 'tcp' or 'ssl' |
| qpid_reconnect_interval=0 | (IntOpt) Equivalent to setting max and min to the same value |
| qpid_reconnect_interval_max=0 | (IntOpt) Maximum seconds between reconnection attempts |
| qpid_reconnect_interval_min=0 | (IntOpt) Minimum seconds between reconnection attempts |
| qpid_reconnect_limit=0 | (IntOpt) Max reconnections before giving up |
| qpid_reconnect_timeout=0 | (IntOpt) Reconnection timeout in seconds |
| qpid_sasl_mechanisms= | (StrOpt) Space separated list of SASL mechanisms to use for auth |
| qpid_tcp_nodelay=True | (BoolOpt) Disable Nagle algorithm |
| qpid_username= | (StrOpt) Username for qpid connection |
| Configuration option=Default value | Description |
| rabbit_durable_queues=False | (BoolOpt) A boolean to determine if the queues used for messaging should be retained after a restart. |
| rabbit_host=localhost | (StrOpt) The host name of the rabbitmq server |
| rabbit_max_retries=0 | (IntOpt) The maximum number of times to attempt to connect to the AMQP server. |
| rabbit_notification_exchange=glance | (StrOpt) Exchange name to use for connection when using rabbit strategy. |
| rabbit_notification_topic=notifications | (StrOpt) Topic to use for connection when using rabbit strategy. |
| rabbit_password=guest | (StrOpt) The password that will be used for authentication with the rabbitmq server. |
| rabbit_port=5672 | (IntOpt) The port on which the rabbitmq server is listening |
| rabbit_retry_backoff=2 | (IntOpt) This value multiplied by the number of connection attempts gives the amount of time in seconds to sleep between connection attempts to the AMQP server. |
| rabbit_retry_max_backoff=30 | (IntOpt) The maximum amount of time to wait between connection attempts. The delay time will be the smaller of this value and the value of <rabbit_retry_backoff> * <the number of failed connection attempts so far>. |
| rabbit_use_ssl=False | (BoolOpt) A boolean value indicating if the selected rabbitmq server uses SSL. |
| rabbit_userid=guest | (StrOpt) The user ID for authentication with rabbitmq. |
| rabbit_virtual_host=/ | (StrOpt) The virtual host used in the rabbitmq connection. |
| Configuration option=Default value | Description |
| rbd_store_ceph_conf= | (StrOpt) Ceph configuration file path. |
| rbd_store_chunk_size=4 | (IntOpt) Images will be chunked into objects of this size (in megabytes). For best performance, this should be a power of two. |
| rbd_store_pool=rbd | (StrOpt) RADOS pool in which images are stored. |
| rbd_store_user=None | (StrOpt) RADOS user to authenticate as (only applicable if using cephx.) |
| Configuration option=Default value | Description |
| admin_password=None | (StrOpt) The administrators password. |
| admin_tenant_name=None | (StrOpt) The tenant name of the adminstrative user. |
| admin_user=None | (StrOpt) The administrators user name. |
| auth_region=None | (StrOpt) The region for the authentication service. |
| auth_strategy=noauth | (StrOpt) The strategy to use for authentication. |
| auth_url=None | (StrOpt) The URL to the keystone service. |
| registry_client_ca_file=None | (StrOpt) The path to the certifying authority cert file to use in SSL connections to the registry server. |
| registry_client_cert_file=None | (StrOpt) The path to the cert file to use in SSL connections to the registry server. |
| registry_client_insecure=False | (BoolOpt) When using SSL in connections to the registry server, do not require validation via a certifying authority. |
| registry_client_key_file=None | (StrOpt) The path to the key file to use in SSL connections to the registry server. |
| registry_client_protocol=http | (StrOpt) The protocol to use for communication with the registry server. Either http or https. |
| registry_client_timeout=600 | (IntOpt) The period of time, in seconds, that the API server will wait for a registry request to complete. A value of 0 implies no timeout. |
| registry_host=0.0.0.0 | (StrOpt) Address to find the registry server. |
| registry_port=9191 | (IntOpt) Port the registry server is listening on. |
| Configuration option=Default value | Description |
| allowed_rpc_exception_modules=openstack.common.exception,glance.common.exception,exceptions | (ListOpt) Modules of exceptions that are permitted to be recreatedupon receiving exception data from an rpc call. |
| Configuration option=Default value | Description |
| s3_store_access_key=None | (StrOpt) The S3 query token access key. |
| s3_store_bucket=None | (StrOpt) The S3 bucket to be used to store the Glance data. |
| s3_store_bucket_url_format=subdomain | (StrOpt) The S3 calling format used to determine the bucket. Either subdomain or path can be used. |
| s3_store_create_bucket_on_put=False | (BoolOpt) A boolean to determine if the S3 bucket should be created on upload if it does not exist or if an error should be returned to the user. |
| s3_store_host=None | (StrOpt) The host where the S3 server is listening. |
| s3_store_object_buffer_dir=None | (StrOpt) The local directory where uploads will be staged before they are transfered into S3. |
| s3_store_secret_key=None | (StrOpt) The S3 query token secret key. |
| Configuration option=Default value | Description |
| sheepdog_store_chunk_size=64 | (IntOpt) Images will be chunked into objects of this size (in megabytes). For best performance, this should be a power of two. |
| sheepdog_store_address=localhost | (StrOpt) IP address of sheep daemon. |
| sheepdog_store_port=7000 | (StrOpt) Port of sheep daemon. |
| Configuration option=Default value | Description |
| ca_file=None | (StrOpt) CA certificate file to use to verify connecting clients. |
| cert_file=None | (StrOpt) Certificate file to use when starting API server securely. |
| key_file=None | (StrOpt) Private key file to use when starting API server securely. |
| Configuration option=Default value | Description |
| swift_enable_snet=False | (BoolOpt) Whether to use ServiceNET to communicate with the Swift storage servers. |
| swift_store_admin_tenants= | (ListOpt) A list of tenants that will be granted read/write access on all Swift containers created by Glance in multi-tenant mode. |
| swift_store_auth_address=None | (StrOpt) The address where the Swift authentication service is listening. |
| swift_store_auth_insecure=False | (BoolOpt) If True, swiftclient won't check for a valid SSL certificate when authenticating. |
| swift_store_auth_version=2 | (StrOpt) Version of the authentication service to use. Valid versions are 2 for keystone and 1 for swauth and rackspace |
| swift_store_container=glance | (StrOpt) Container within the account that the account should use for storing images in Swift. |
| swift_store_create_container_on_put=False | (BoolOpt) A boolean value that determines if we create the container if it does not exist. |
| swift_store_endpoint_type=publicURL | (StrOpt) A string giving the endpoint type of the swift service to use (publicURL, adminURL or internalURL). This setting is only used if swift_store_auth_version is 2. |
| swift_store_key=None | (StrOpt) Auth key for the user authenticating against the Swift authentication service. |
| swift_store_large_object_chunk_size=200 | (IntOpt) The amount of data written to a temporary disk buffer during the process of chunking the image file. |
| swift_store_large_object_size=5120 | (IntOpt) The size, in MB, that Glance will start chunking image files and do a large object manifest in Swift |
| swift_store_multi_tenant=False | (BoolOpt) If set to True, enables multi-tenant storage mode which causes Glance images to be stored in tenant specific Swift accounts. |
| swift_store_region=None | (StrOpt) The region of the swift endpoint to be used for single tenant. This setting is only necessary if the tenant has multiple swift endpoints. |
| swift_store_service_type=object-store | (StrOpt) A string giving the service type of the swift service to use. This setting is only used if swift_store_auth_version is 2. |
| swift_store_user=None | (StrOpt) The user to authenticate against the Swift authentication service |
| Configuration option=Default value | Description |
| pydev_worker_debug_host=None | (StrOpt) The hostname/IP of the pydev process listening for debug connections |
| pydev_worker_debug_port=5678 | (IntOpt) The port on which a pydev process is listening for connections. |
| Configuration option=Default value | Description |
| backdoor_port=None | (IntOpt) port for eventlet backdoor to listen |
| eventlet_hub=poll | (StrOpt) Name of eventlet hub to use. Traditionally, we have only supported 'poll', however 'selects' may be appropriate for some platforms. See http://eventlet.net/doc/hubs.html for more details. |
| tcp_keepidle=600 | (IntOpt) The value for the socket option TCP_KEEPIDLE. This is the time in seconds that the connection must be idle before TCP starts sending keepalive probes. |
