|
|
66f4b78 |
..
|
|
|
66f4b78 |
Copyright 2011 OpenStack, LLC
|
|
|
66f4b78 |
All Rights Reserved.
|
|
|
66f4b78 |
|
|
|
66f4b78 |
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
66f4b78 |
not use this file except in compliance with the License. You may obtain
|
|
|
66f4b78 |
a copy of the License at
|
|
|
66f4b78 |
|
|
|
66f4b78 |
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
66f4b78 |
|
|
|
66f4b78 |
Unless required by applicable law or agreed to in writing, software
|
|
|
66f4b78 |
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
66f4b78 |
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
|
66f4b78 |
License for the specific language governing permissions and limitations
|
|
|
66f4b78 |
under the License.
|
|
|
66f4b78 |
|
|
|
66f4b78 |
Configuring Glance
|
|
|
66f4b78 |
==================
|
|
|
66f4b78 |
|
|
|
1359d6e |
Glance has a number of options that you can use to configure the Glance API
|
|
|
1359d6e |
server, the Glance Registry server, and the various storage backends that
|
|
|
1359d6e |
Glance can use to store images.
|
|
|
1359d6e |
|
|
|
1359d6e |
Most configuration is done via configuration files, with the Glance API
|
|
|
1359d6e |
server and Glance Registry server using separate configuration files.
|
|
|
1359d6e |
|
|
|
1359d6e |
When starting up a Glance server, you can specify the configuration file to
|
|
|
1359d6e |
use (see `the documentation on controller Glance servers <controllingservers>`_).
|
|
|
1359d6e |
If you do **not** specify a configuration file, Glance will look in the following
|
|
|
1359d6e |
directories for a configuration file, in order:
|
|
|
1359d6e |
|
|
|
1359d6e |
* ``~/.glance``
|
|
|
1359d6e |
* ``~/``
|
|
|
1359d6e |
* ``/etc/glance``
|
|
|
1359d6e |
* ``/etc``
|
|
|
1359d6e |
|
|
|
1359d6e |
The Glance API server configuration file should be named ``glance-api.conf``.
|
|
|
1359d6e |
Similarly, the Glance Registry server configuration file should be named
|
|
|
1359d6e |
``glance-registry.conf``. If you installed Glance via your operating system's
|
|
|
1359d6e |
package management system, it is likely that you will have sample
|
|
|
1359d6e |
configuration files installed in ``/etc/glance``.
|
|
|
1359d6e |
|
|
|
4eaf065 |
In addition to this documentation page, you can check the
|
|
|
1359d6e |
``etc/glance-api.conf`` and ``etc/glance-registry.conf`` sample configuration
|
|
|
1359d6e |
files distributed with Glance for example configuration files for each server
|
|
|
1359d6e |
application with detailed comments on what each options does.
|
|
|
4eaf065 |
|
|
Eoghan Glynn |
14593a3 |
The PasteDeploy configuration (controlling the deployment of the WSGI
|
|
Eoghan Glynn |
097ced8 |
application for each component) may be found by default in
|
|
Eoghan Glynn |
097ced8 |
<component>-paste.ini alongside the main configuration file, <component>.conf.
|
|
Eoghan Glynn |
097ced8 |
For example, ``glance-api-paste.ini`` corresponds to ``glance-api.conf``.
|
|
Eoghan Glynn |
097ced8 |
This pathname for the paste config is configurable, as follows:
|
|
Eoghan Glynn |
097ced8 |
|
|
Eoghan Glynn |
097ced8 |
[paste_deploy]
|
|
Eoghan Glynn |
097ced8 |
config_file = /path/to/paste/config
|
|
Eoghan Glynn |
097ced8 |
|
|
Eoghan Glynn |
14593a3 |
|
|
|
4eaf065 |
Common Configuration Options in Glance
|
|
|
4eaf065 |
--------------------------------------
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Glance has a few command-line options that are common to all Glance programs:
|
|
|
4eaf065 |
|
|
|
4eaf065 |
* ``--verbose``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Optional. Default: ``False``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Can be specified on the command line and in configuration files.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Turns on the INFO level in logging and prints more verbose command-line
|
|
|
4eaf065 |
interface printouts.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
* ``--debug``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Optional. Default: ``False``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Can be specified on the command line and in configuration files.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Turns on the DEBUG level in logging.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
* ``--config-file=PATH``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Optional. Default: ``None``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Specified on the command line only.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Takes a path to a configuration file to use when running the program. If this
|
|
|
4eaf065 |
CLI option is not specified, then we check to see if the first argument is a
|
|
|
4eaf065 |
file. If it is, then we try to use that as the configuration file. If there is
|
|
|
4eaf065 |
no file or there were no arguments, we search for a configuration file in the
|
|
|
4eaf065 |
following order:
|
|
|
4eaf065 |
|
|
|
7f6944c |
* ``~/.glance``
|
|
|
7f6944c |
* ``~/``
|
|
|
7f6944c |
* ``/etc/glance``
|
|
|
7f6944c |
* ``/etc``
|
|
|
7f6944c |
|
|
|
7f6944c |
The filename that is searched for depends on the server application name. So,
|
|
|
7f6944c |
if you are starting up the API server, ``glance-api.conf`` is searched for,
|
|
|
7f6944c |
otherwise ``glance-registry.conf``.
|
|
|
75575b4 |
|
|
Jay Pipes |
eec5c1a |
Configuring Server Startup Options
|
|
Jay Pipes |
eec5c1a |
----------------------------------
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
You can put the following options in the ``glance-api.conf`` and
|
|
Jay Pipes |
eec5c1a |
``glance-registry.conf`` files, under the ``[DEFAULT]`` section. They enable
|
|
Jay Pipes |
eec5c1a |
startup and binding behaviour for the API and registry servers, respectively.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
* ``bind_host=ADDRESS``
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
The address of the host to bind to.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Optional. Default: ``0.0.0.0``
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
* ``bind_port=PORT``
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
The port the server should bind to.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Optional. Default: ``9191`` for the registry server, ``9292`` for the API server
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
* ``backlog=REQUESTS``
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Number of backlog requests to configure the socket with.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Optional. Default: ``4096``
|
|
Jay Pipes |
eec5c1a |
|
|
Stuart McLaren |
e893b24 |
* ``workers=PROCESSES``
|
|
Stuart McLaren |
e893b24 |
|
|
Stuart McLaren |
e893b24 |
Number of Glance API worker processes to start. Each worker
|
|
Stuart McLaren |
e893b24 |
process will listen on the same port. Increasing this
|
|
Stuart McLaren |
e893b24 |
value may increase performance (especially if using SSL
|
|
Stuart McLaren |
e893b24 |
with compression enabled). Typically it is recommended
|
|
Stuart McLaren |
e893b24 |
to have one worker process per CPU. The value `0` will
|
|
Stuart McLaren |
e893b24 |
prevent any new processes from being created.
|
|
Stuart McLaren |
e893b24 |
|
|
Stuart McLaren |
e893b24 |
Optional. Default: ``0``
|
|
Stuart McLaren |
e893b24 |
|
|
Jay Pipes |
eec5c1a |
Configurating SSL Support
|
|
Jay Pipes |
eec5c1a |
~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
* ``cert_file=PATH``
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Path to the the certificate file the server should use when binding to an
|
|
Jay Pipes |
eec5c1a |
SSL-wrapped socket.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Optional. Default: not enabled.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
* ``key_file=PATH``
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Path to the the private key file the server should use when binding to an
|
|
Jay Pipes |
eec5c1a |
SSL-wrapped socket.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Optional. Default: not enabled.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
* ``registry_client_protocol=PROTOCOL``
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
If you run a secure Registry server, you need to set this value to ``https``
|
|
Jay Pipes |
eec5c1a |
and also set ``registry_client_key_file`` and optionally
|
|
Jay Pipes |
eec5c1a |
``registry_client_cert_file``.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Optional. Default: http
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
* ``registry_client_key_file=PATH``
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
The path to the key file to use in SSL connections to the
|
|
Jay Pipes |
eec5c1a |
registry server, if any. Alternately, you may set the
|
|
Jay Pipes |
eec5c1a |
``GLANCE_CLIENT_KEY_FILE`` environ variable to a filepath of the key file
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Optional. Default: Not set.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
* ``registry_client_cert_file=PATH``
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Optional. Default: Not set.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
The path to the cert file to use in SSL connections to the
|
|
Jay Pipes |
eec5c1a |
registry server, if any. Alternately, you may set the
|
|
Jay Pipes |
eec5c1a |
``GLANCE_CLIENT_CERT_FILE`` environ variable to a filepath of the cert file
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
* ``registry_client_ca_file=PATH``
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Optional. Default: Not set.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
The path to a Certifying Authority's cert file to use in SSL connections to the
|
|
Jay Pipes |
eec5c1a |
registry server, if any. Alternately, you may set the
|
|
Jay Pipes |
eec5c1a |
``GLANCE_CLIENT_CA_FILE`` environ variable to a filepath of the CA cert file
|
|
Jay Pipes |
eec5c1a |
|
|
|
75575b4 |
Configuring Logging in Glance
|
|
|
75575b4 |
-----------------------------
|
|
|
75575b4 |
|
|
|
75575b4 |
There are a number of configuration options in Glance that control how Glance
|
|
|
4db9df7 |
servers log messages.
|
|
|
75575b4 |
|
|
|
75575b4 |
* ``--log-config=PATH``
|
|
|
75575b4 |
|
|
|
75575b4 |
Optional. Default: ``None``
|
|
|
75575b4 |
|
|
|
75575b4 |
Specified on the command line only.
|
|
|
75575b4 |
|
|
|
75575b4 |
Takes a path to a configuration file to use for configuring logging.
|
|
|
75575b4 |
|
|
|
94b9c19 |
Logging Options Available Only in Configuration Files
|
|
|
94b9c19 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
75575b4 |
|
|
|
94b9c19 |
You will want to place the different logging options in the **[DEFAULT]** section
|
|
|
94b9c19 |
in your application configuration file. As an example, you might do the following
|
|
|
94b9c19 |
for the API server, in a configuration file called ``etc/glance-api.conf``::
|
|
|
75575b4 |
|
|
|
94b9c19 |
[DEFAULT]
|
|
|
4db9df7 |
log_file = /var/log/glance/api.log
|
|
|
75575b4 |
|
|
|
4db9df7 |
* ``log_file``
|
|
|
75575b4 |
|
|
|
75575b4 |
The filepath of the file to use for logging messages from Glance's servers. If
|
|
|
75575b4 |
missing, the default is to output messages to ``stdout``, so if you are running
|
|
|
75575b4 |
Glance servers in a daemon mode (using ``glance-control``) you should make
|
|
|
75575b4 |
sure that the ``log_file`` option is set appropriately.
|
|
|
75575b4 |
|
|
|
4db9df7 |
* ``log_dir``
|
|
|
75575b4 |
|
|
|
75575b4 |
The filepath of the directory to use for log files. If not specified (the default)
|
|
|
75575b4 |
the ``log_file`` is used as an absolute filepath.
|
|
|
75575b4 |
|
|
|
4db9df7 |
* ``log_date_format``
|
|
|
75575b4 |
|
|
|
75575b4 |
The format string for timestamps in the log output.
|
|
|
75575b4 |
|
|
|
75575b4 |
Defaults to ``%Y-%m-%d %H:%M:%S``. See the
|
|
|
75575b4 |
`logging module <http://docs.python.org/library/logging.html>`_ documentation for
|
|
|
75575b4 |
more information on setting this format string.
|
|
|
4eaf065 |
|
|
Jay Pipes |
eec5c1a |
* ``log_use_syslog``
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Use syslog logging functionality.
|
|
Jay Pipes |
eec5c1a |
|
|
Jay Pipes |
eec5c1a |
Defaults to False.
|
|
Jay Pipes |
eec5c1a |
|
|
|
4eaf065 |
Configuring Glance Storage Backends
|
|
|
4eaf065 |
-----------------------------------
|
|
|
4eaf065 |
|
|
|
4eaf065 |
There are a number of configuration options in Glance that control how Glance
|
|
|
4eaf065 |
stores disk images. These configuration options are specified in the
|
|
|
1359d6e |
``glance-api.conf`` config file in the section ``[DEFAULT]``.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
* ``default_store=STORE``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Optional. Default: ``file``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Can only be specified in configuration files.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Sets the storage backend to use by default when storing images in Glance.
|
|
Josh Durgin |
4230051 |
Available options for this option are (``file``, ``swift``, ``s3``, or ``rbd``).
|
|
|
4eaf065 |
|
|
|
684d891 |
Configuring the Filesystem Storage Backend
|
|
|
684d891 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
684d891 |
|
|
|
4eaf065 |
* ``filesystem_store_datadir=PATH``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Optional. Default: ``/var/lib/glance/images/``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Can only be specified in configuration files.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
`This option is specific to the filesystem storage backend.`
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Sets the path where the filesystem storage backend write disk images. Note that
|
|
|
4eaf065 |
the filesystem storage backend will attempt to create this directory if it does
|
|
|
4eaf065 |
not exist. Ensure that the user that ``glance-api`` runs under has write
|
|
|
4eaf065 |
permissions to this directory.
|
|
|
4eaf065 |
|
|
|
684d891 |
Configuring the Swift Storage Backend
|
|
|
684d891 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
684d891 |
|
|
|
4eaf065 |
* ``swift_store_auth_address=URL``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Required when using the Swift storage backend.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Can only be specified in configuration files.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
`This option is specific to the Swift storage backend.`
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Sets the authentication URL supplied to Swift when making calls to its storage
|
|
|
4eaf065 |
system. For more information about the Swift authentication system, please
|
|
Hengqing Hu |
bbf46b4 |
see the `Swift auth <http://swift.openstack.org/overview_auth.html>`_
|
|
|
4eaf065 |
documentation and the
|
|
|
4eaf065 |
`overview of Swift authentication <http://docs.openstack.org/openstack-object-storage/admin/content/ch02s02.html>`_.
|
|
|
4eaf065 |
|
|
Jay Pipes |
2418efd |
**IMPORTANT NOTE**: Swift authentication addresses use HTTPS by default. This
|
|
Jay Pipes |
2418efd |
means that if you are running Swift with authentication over HTTP, you need
|
|
Jay Pipes |
2418efd |
to set your ``swift_store_auth_address`` to the full URL, including the ``http://``.
|
|
Jay Pipes |
2418efd |
|
|
|
4eaf065 |
* ``swift_store_user=USER``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Required when using the Swift storage backend.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Can only be specified in configuration files.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
`This option is specific to the Swift storage backend.`
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Sets the user to authenticate against the ``swift_store_auth_address`` with.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
* ``swift_store_key=KEY``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Required when using the Swift storage backend.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Can only be specified in configuration files.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
`This option is specific to the Swift storage backend.`
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Sets the authentication key to authenticate against the
|
|
|
4eaf065 |
``swift_store_auth_address`` with for the user ``swift_store_user``.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
* ``swift_store_container=CONTAINER``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Optional. Default: ``glance``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Can only be specified in configuration files.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
`This option is specific to the Swift storage backend.`
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Sets the name of the container to use for Glance images in Swift.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
* ``swift_store_create_container_on_put``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Optional. Default: ``False``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Can only be specified in configuration files.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
`This option is specific to the Swift storage backend.`
|
|
|
4eaf065 |
|
|
|
4eaf065 |
If true, Glance will attempt to create the container ``swift_store_container``
|
|
|
4eaf065 |
if it does not exist.
|
|
|
4eaf065 |
|
|
Jay Pipes |
501b14b |
* ``swift_store_large_object_size=SIZE_IN_MB``
|
|
Jay Pipes |
501b14b |
|
|
Jay Pipes |
501b14b |
Optional. Default: ``5120``
|
|
Jay Pipes |
501b14b |
|
|
Jay Pipes |
501b14b |
Can only be specified in configuration files.
|
|
Jay Pipes |
501b14b |
|
|
Jay Pipes |
501b14b |
`This option is specific to the Swift storage backend.`
|
|
Jay Pipes |
501b14b |
|
|
Jay Pipes |
501b14b |
What size, in MB, should Glance start chunking image files
|
|
Jay Pipes |
501b14b |
and do a large object manifest in Swift? By default, this is
|
|
Jay Pipes |
501b14b |
the maximum object size in Swift, which is 5GB
|
|
Jay Pipes |
501b14b |
|
|
Jay Pipes |
501b14b |
* ``swift_store_large_object_chunk_size=SIZE_IN_MB``
|
|
Jay Pipes |
501b14b |
|
|
Jay Pipes |
501b14b |
Optional. Default: ``200``
|
|
Jay Pipes |
501b14b |
|
|
Jay Pipes |
501b14b |
Can only be specified in configuration files.
|
|
Jay Pipes |
501b14b |
|
|
Jay Pipes |
501b14b |
`This option is specific to the Swift storage backend.`
|
|
Jay Pipes |
501b14b |
|
|
Jay Pipes |
501b14b |
When doing a large object manifest, what size, in MB, should
|
|
Ewan Mellor |
4844917 |
Glance write chunks to Swift? The default is 200MB.
|
|
Paul Bourke |
49d67bd |
|
|
|
684d891 |
Configuring the S3 Storage Backend
|
|
|
684d891 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
684d891 |
|
|
|
684d891 |
* ``s3_store_host=URL``
|
|
|
684d891 |
|
|
|
684d891 |
Required when using the S3 storage backend.
|
|
|
684d891 |
|
|
|
684d891 |
Can only be specified in configuration files.
|
|
|
684d891 |
|
|
|
684d891 |
`This option is specific to the S3 storage backend.`
|
|
|
684d891 |
|
|
|
684d891 |
Default: s3.amazonaws.com
|
|
|
684d891 |
|
|
|
684d891 |
Sets the main service URL supplied to S3 when making calls to its storage
|
|
|
684d891 |
system. For more information about the S3 authentication system, please
|
|
Hengqing Hu |
bbf46b4 |
see the `S3 documentation <http://aws.amazon.com/documentation/s3/>`_
|
|
|
684d891 |
|
|
|
684d891 |
* ``s3_store_access_key=ACCESS_KEY``
|
|
|
684d891 |
|
|
|
684d891 |
Required when using the S3 storage backend.
|
|
|
684d891 |
|
|
|
684d891 |
Can only be specified in configuration files.
|
|
|
684d891 |
|
|
|
684d891 |
`This option is specific to the S3 storage backend.`
|
|
|
684d891 |
|
|
|
684d891 |
Sets the access key to authenticate against the ``s3_store_host`` with.
|
|
|
684d891 |
|
|
|
684d891 |
You should set this to your 20-character Amazon AWS access key.
|
|
|
684d891 |
|
|
|
684d891 |
* ``s3_store_secret_key=SECRET_KEY``
|
|
|
684d891 |
|
|
|
684d891 |
Required when using the S3 storage backend.
|
|
|
684d891 |
|
|
|
684d891 |
Can only be specified in configuration files.
|
|
|
684d891 |
|
|
|
684d891 |
`This option is specific to the S3 storage backend.`
|
|
|
684d891 |
|
|
|
684d891 |
Sets the secret key to authenticate against the
|
|
|
684d891 |
``s3_store_host`` with for the access key ``s3_store_access_key``.
|
|
|
684d891 |
|
|
|
684d891 |
You should set this to your 40-character Amazon AWS secret key.
|
|
|
684d891 |
|
|
|
684d891 |
* ``s3_store_bucket=BUCKET``
|
|
|
684d891 |
|
|
|
684d891 |
Required when using the S3 storage backend.
|
|
|
684d891 |
|
|
|
684d891 |
Can only be specified in configuration files.
|
|
|
684d891 |
|
|
|
684d891 |
`This option is specific to the S3 storage backend.`
|
|
|
684d891 |
|
|
|
684d891 |
Sets the name of the bucket to use for Glance images in S3.
|
|
|
684d891 |
|
|
|
684d891 |
Note that the namespace for S3 buckets is **global**, and
|
|
|
684d891 |
therefore you must use a name for the bucket that is unique. It
|
|
|
684d891 |
is recommended that you use a combination of your AWS access key,
|
|
|
dfc71f4 |
**lowercased** with "glance".
|
|
|
684d891 |
|
|
|
684d891 |
For instance if your Amazon AWS access key is:
|
|
|
684d891 |
|
|
|
684d891 |
``ABCDEFGHIJKLMNOPQRST``
|
|
|
684d891 |
|
|
|
684d891 |
then make your bucket value be:
|
|
|
684d891 |
|
|
|
dfc71f4 |
``abcdefghijklmnopqrstglance``
|
|
|
684d891 |
|
|
|
684d891 |
* ``s3_store_create_bucket_on_put``
|
|
|
684d891 |
|
|
|
684d891 |
Optional. Default: ``False``
|
|
|
684d891 |
|
|
|
684d891 |
Can only be specified in configuration files.
|
|
|
684d891 |
|
|
|
684d891 |
`This option is specific to the S3 storage backend.`
|
|
|
684d891 |
|
|
|
684d891 |
If true, Glance will attempt to create the bucket ``s3_store_bucket``
|
|
|
684d891 |
if it does not exist.
|
|
|
684d891 |
|
|
Paul Bourke |
49d67bd |
* ``s3_store_object_buffer_dir=PATH``
|
|
Paul Bourke |
49d67bd |
|
|
Paul Bourke |
49d67bd |
Optional. Default: ``the platform's default temporary directory``
|
|
Paul Bourke |
49d67bd |
|
|
Paul Bourke |
49d67bd |
Can only be specified in configuration files.
|
|
Paul Bourke |
49d67bd |
|
|
Paul Bourke |
49d67bd |
`This option is specific to the S3 storage backend.`
|
|
Paul Bourke |
49d67bd |
|
|
Paul Bourke |
49d67bd |
When sending images to S3, what directory should be
|
|
Paul Bourke |
49d67bd |
used to buffer the chunks? By default the platform's
|
|
Paul Bourke |
49d67bd |
temporary directory will be used.
|
|
Paul Bourke |
49d67bd |
|
|
Josh Durgin |
4230051 |
Configuring the RBD Storage Backend
|
|
Lorin Hochstein |
6bf61e8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
**Note**: the RBD storage backend requires the python bindings for
|
|
Josh Durgin |
4230051 |
librados and librbd. These are in the python-ceph package on
|
|
Josh Durgin |
4230051 |
Debian-based distributions.
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
* ``rbd_store_pool=POOL``
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Optional. Default: ``rbd``
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Can only be specified in configuration files.
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
`This option is specific to the RBD storage backend.`
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Sets the RADOS pool in which images are stored.
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
* ``rbd_store_chunk_size=CHUNK_SIZE_MB``
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Optional. Default: ``4``
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Can only be specified in configuration files.
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
`This option is specific to the RBD storage backend.`
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Images will be chunked into objects of this size (in megabytes).
|
|
Josh Durgin |
4230051 |
For best performance, this should be a power of two.
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
* ``rbd_store_ceph_conf=PATH``
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Optional. Default: ``/etc/ceph/ceph.conf``, ``~/.ceph/config``, and ``./ceph.conf``
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Can only be specified in configuration files.
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
`This option is specific to the RBD storage backend.`
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Sets the Ceph configuration file to use.
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
* ``rbd_store_user=NAME``
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Optional. Default: ``admin``
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Can only be specified in configuration files.
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
`This option is specific to the RBD storage backend.`
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
Sets the RADOS user to authenticate as. This is only needed
|
|
Josh Durgin |
4230051 |
when `RADOS authentication <http://ceph.newdream.net/wiki/Cephx>`_
|
|
Josh Durgin |
4230051 |
is `enabled. <http://ceph.newdream.net/wiki/Cluster_configuration#Cephx_auth>`_
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
A keyring must be set for this user in the Ceph
|
|
Josh Durgin |
4230051 |
configuration file, e.g. with a user ``glance``::
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
[client.glance]
|
|
Josh Durgin |
4230051 |
keyring=/etc/glance/rbd.keyring
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
To set up a user named ``glance`` with minimal permissions, using a pool called
|
|
Josh Durgin |
4230051 |
``images``, run::
|
|
Josh Durgin |
4230051 |
|
|
Josh Durgin |
4230051 |
rados mkpool images
|
|
Josh Durgin |
4230051 |
ceph-authtool --create-keyring /etc/glance/rbd.keyring
|
|
Josh Durgin |
4230051 |
ceph-authtool --gen-key --name client.glance --cap mon 'allow r' --cap osd 'allow rwx pool=images' /etc/glance/rbd.keyring
|
|
Josh Durgin |
4230051 |
ceph auth add client.glance -i /etc/glance/rbd.keyring
|
|
Josh Durgin |
4230051 |
|
|
Jay Pipes |
ad9e9ca |
Configuring the Image Cache
|
|
Jay Pipes |
ad9e9ca |
---------------------------
|
|
Jay Pipes |
ad9e9ca |
|
|
Jay Pipes |
ad9e9ca |
Glance API servers can be configured to have a local image cache. Caching of
|
|
Jay Pipes |
ad9e9ca |
image files is transparent and happens using a piece of middleware that can
|
|
Jay Pipes |
ad9e9ca |
optionally be placed in the server application pipeline.
|
|
Jay Pipes |
ad9e9ca |
|
|
Eoghan Glynn |
14593a3 |
This pipeline is configured in the PasteDeploy configuration file,
|
|
Eoghan Glynn |
5835b30 |
<component>-paste.ini. You should not generally have to edit this file
|
|
Eoghan Glynn |
5835b30 |
directly, as it ships with ready-made pipelines for all common deployment
|
|
Eoghan Glynn |
5835b30 |
flavors.
|
|
Eoghan Glynn |
14593a3 |
|
|
Jay Pipes |
ad9e9ca |
Enabling the Image Cache Middleware
|
|
Jay Pipes |
ad9e9ca |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Jay Pipes |
ad9e9ca |
|
|
Eoghan Glynn |
5835b30 |
To enable the image cache middleware, the cache middleware must occur in
|
|
Eoghan Glynn |
5835b30 |
the application pipeline **after** the appropriate context middleware.
|
|
Jay Pipes |
ad9e9ca |
|
|
Eoghan Glynn |
14593a3 |
The cache middleware should be in your ``glance-api-paste.ini`` in a section
|
|
Eoghan Glynn |
14593a3 |
titled ``[filter:cache]``. It should look like this::
|
|
Jay Pipes |
ad9e9ca |
|
|
Jay Pipes |
ad9e9ca |
[filter:cache]
|
|
Mark McLoughlin |
ba44d1c |
paste.filter_factory = glance.common.wsgi:filter_factory
|
|
Mark McLoughlin |
ba44d1c |
glance.filter_factory = glance.api.middleware.cache:CacheFilter
|
|
Jay Pipes |
ad9e9ca |
|
|
Eoghan Glynn |
5835b30 |
A ready-made application pipeline including this filter is defined in
|
|
Eoghan Glynn |
5835b30 |
the ``glance-api-paste.ini`` file, looking like so::
|
|
Jay Pipes |
ad9e9ca |
|
|
Eoghan Glynn |
5835b30 |
[pipeline:glance-api-caching]
|
|
Eoghan Glynn |
5835b30 |
pipeline = versionnegotiation context cache apiv1app
|
|
Jay Pipes |
ad9e9ca |
|
|
Eoghan Glynn |
5835b30 |
To enable the above application pipeline, in your main ``glance-api.conf``
|
|
Eoghan Glynn |
5835b30 |
configuration file, select the appropriate deployment flavor like so::
|
|
Jay Pipes |
ad9e9ca |
|
|
Eoghan Glynn |
5835b30 |
[paste_deploy]
|
|
Eoghan Glynn |
5835b30 |
flavor = caching
|
|
Jay Pipes |
ad9e9ca |
|
|
Jay Pipes |
ad9e9ca |
And that would give you a transparent image cache on the API server.
|
|
Jay Pipes |
ad9e9ca |
|
|
Jay Pipes |
ad9e9ca |
Configuration Options Affecting the Image Cache
|
|
Jay Pipes |
ad9e9ca |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Jay Pipes |
ad9e9ca |
|
|
Jay Pipes |
ad9e9ca |
One main configuration file option affects the image cache.
|
|
Jay Pipes |
ad9e9ca |
|
|
Jay Pipes |
39c8557 |
* ``image_cache_dir=PATH``
|
|
Jay Pipes |
ad9e9ca |
|
|
Jay Pipes |
ad9e9ca |
Required when image cache middleware is enabled.
|
|
Jay Pipes |
ad9e9ca |
|
|
Jay Pipes |
ad9e9ca |
Default: ``/var/lib/glance/image-cache``
|
|
Jay Pipes |
ad9e9ca |
|
|
Jay Pipes |
39c8557 |
This is the base directory the image cache can write files to.
|
|
Jay Pipes |
39c8557 |
Make sure the directory is writeable by the user running the
|
|
Jay Pipes |
39c8557 |
``glance-api`` server
|
|
Jay Pipes |
39c8557 |
|
|
Jay Pipes |
39c8557 |
* ``image_cache_driver=DRIVER``
|
|
Jay Pipes |
39c8557 |
|
|
Jay Pipes |
39c8557 |
Optional. Choice of ``sqlite`` or ``xattr``
|
|
Jay Pipes |
39c8557 |
|
|
Jay Pipes |
39c8557 |
Default: ``sqlite``
|
|
Jay Pipes |
39c8557 |
|
|
Jay Pipes |
39c8557 |
The default ``sqlite`` cache driver has no special dependencies, other
|
|
Jay Pipes |
39c8557 |
than the ``python-sqlite3`` library, which is installed on virtually
|
|
Jay Pipes |
39c8557 |
all operating systems with modern versions of Python. It stores
|
|
Jay Pipes |
39c8557 |
information about the cached files in a SQLite database.
|
|
Jay Pipes |
39c8557 |
|
|
Jay Pipes |
39c8557 |
The ``xattr`` cache driver required the ``python-xattr>=0.6.0`` library
|
|
Jay Pipes |
39c8557 |
and requires that the filesystem containing ``image_cache_dir`` have
|
|
Jay Pipes |
39c8557 |
access times tracked for all files (in other words, the noatime option
|
|
Jay Pipes |
39c8557 |
CANNOT be set for that filesystem). In addition, ``user_xattr`` must be
|
|
Jay Pipes |
39c8557 |
set on the filesystem's description line in fstab. Because of these
|
|
Jay Pipes |
39c8557 |
requirements, the ``xattr`` cache driver is not available on Windows.
|
|
Jay Pipes |
39c8557 |
|
|
Jay Pipes |
39c8557 |
* ``image_cache_sqlite_db=DB_FILE``
|
|
Jay Pipes |
39c8557 |
|
|
Jay Pipes |
39c8557 |
Optional.
|
|
Jay Pipes |
39c8557 |
|
|
Jay Pipes |
39c8557 |
Default: ``cache.db``
|
|
Jay Pipes |
39c8557 |
|
|
Jay Pipes |
39c8557 |
When using the ``sqlite`` cache driver, you can set the name of the database
|
|
Jay Pipes |
39c8557 |
that will be used to store the cached images information. The database
|
|
Jay Pipes |
39c8557 |
is always contained in the ``image_cache_dir``.
|
|
Josh Durgin |
4230051 |
|
|
Jay Pipes |
2a5a0e9 |
* ``image_cache_max_size=SIZE``
|
|
Jay Pipes |
2a5a0e9 |
|
|
Jay Pipes |
2a5a0e9 |
Optional.
|
|
Jay Pipes |
2a5a0e9 |
|
|
Jay Pipes |
2a5a0e9 |
Default: ``10737418240`` (10 GB)
|
|
Jay Pipes |
2a5a0e9 |
|
|
Jay Pipes |
2a5a0e9 |
Size, in bytes, that the image cache should be constrained to. Images files
|
|
Jay Pipes |
2a5a0e9 |
are cached automatically in the local image cache, even if the writing of that
|
|
Jay Pipes |
2a5a0e9 |
image file would put the total cache size over this size. The
|
|
Jay Pipes |
2a5a0e9 |
``glance-cache-pruner`` executable is what prunes the image cache to be equal
|
|
Jay Pipes |
2a5a0e9 |
to or less than this value. The ``glance-cache-pruner`` executable is designed
|
|
Jay Pipes |
2a5a0e9 |
to be run via cron on a regular basis. See more about this executable in
|
|
Jay Pipes |
2a5a0e9 |
`Controlling the Growth of the Image Cache`
|
|
Jay Pipes |
2a5a0e9 |
|
|
|
4eaf065 |
Configuring the Glance Registry
|
|
|
4eaf065 |
-------------------------------
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Glance ships with a default, reference implementation registry server. There
|
|
|
4eaf065 |
are a number of configuration options in Glance that control how this registry
|
|
|
4eaf065 |
server operates. These configuration options are specified in the
|
|
|
1359d6e |
``glance-registry.conf`` config file in the section ``[DEFAULT]``.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
* ``sql_connection=CONNECTION_STRING`` (``--sql-connection`` when specified
|
|
|
4eaf065 |
on command line)
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Optional. Default: ``None``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Can be specified in configuration files. Can also be specified on the
|
|
|
4eaf065 |
command-line for the ``glance-manage`` program.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Sets the SQLAlchemy connection string to use when connecting to the registry
|
|
|
4eaf065 |
database. Please see the documentation for
|
|
|
4eaf065 |
`SQLAlchemy connection strings <http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html>`_
|
|
|
4eaf065 |
online.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
* ``sql_timeout=SECONDS``
|
|
|
4eaf065 |
on command line)
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Optional. Default: ``3600``
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Can only be specified in configuration files.
|
|
|
4eaf065 |
|
|
|
4eaf065 |
Sets the number of seconds after which SQLAlchemy should reconnect to the
|
|
|
4eaf065 |
datastore if no activity has been made on the connection.
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Configuring Notifications
|
|
Johannes Erdfelt |
091aae8 |
-------------------------
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Glance can optionally generate notifications to be logged or sent to
|
|
Johannes Erdfelt |
091aae8 |
a RabbitMQ queue. The configuration options are specified in the
|
|
Johannes Erdfelt |
091aae8 |
``glance-api.conf`` config file in the section ``[DEFAULT]``.
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
* ``notifier_strategy``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Optional. Default: ``noop``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Sets the strategy used for notifications. Options are ``logging``,
|
|
Russell Bryant |
2fa1ed0 |
``rabbit``, ``qpid`` and ``noop``.
|
|
Johannes Erdfelt |
091aae8 |
For more information :doc:`Glance notifications <notifications>`
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
* ``rabbit_host``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Optional. Default: ``localhost``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Host to connect to when using ``rabbit`` strategy.
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
* ``rabbit_port``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Optional. Default: ``5672``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Port to connect to when using ``rabbit`` strategy.
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
* ``rabbit_use_ssl``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Optional. Default: ``false``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Boolean to use SSL for connecting when using ``rabbit`` strategy.
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
* ``rabbit_userid``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Optional. Default: ``guest``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Userid to use for connection when using ``rabbit`` strategy.
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
* ``rabbit_password``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Optional. Default: ``guest``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Password to use for connection when using ``rabbit`` strategy.
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
* ``rabbit_virtual_host``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Optional. Default: ``/``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Virtual host to use for connection when using ``rabbit`` strategy.
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
fa1b0b1 |
* ``rabbit_notification_exchange``
|
|
Johannes Erdfelt |
fa1b0b1 |
|
|
Johannes Erdfelt |
fa1b0b1 |
Optional. Default: ``glance``
|
|
Johannes Erdfelt |
fa1b0b1 |
|
|
Johannes Erdfelt |
fa1b0b1 |
Exchange name to use for connection when using ``rabbit`` strategy.
|
|
Johannes Erdfelt |
fa1b0b1 |
|
|
Johannes Erdfelt |
091aae8 |
* ``rabbit_notification_topic``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Optional. Default: ``glance_notifications``
|
|
Johannes Erdfelt |
091aae8 |
|
|
Johannes Erdfelt |
091aae8 |
Topic to use for connection when using ``rabbit`` strategy.
|
|
Chris Behrens |
195e667 |
|
|
Chris Behrens |
195e667 |
* ``rabbit_max_retries``
|
|
Chris Behrens |
195e667 |
|
|
Chris Behrens |
195e667 |
Optional. Default: ``0``
|
|
Chris Behrens |
195e667 |
|
|
Chris Behrens |
195e667 |
Number of retries on communication failures when using ``rabbit`` strategy.
|
|
Chris Behrens |
195e667 |
A value of 0 means to retry forever.
|
|
Chris Behrens |
195e667 |
|
|
Chris Behrens |
195e667 |
* ``rabbit_retry_backoff``
|
|
Chris Behrens |
195e667 |
|
|
Chris Behrens |
195e667 |
Optional. Default: ``2``
|
|
Chris Behrens |
195e667 |
|
|
Chris Behrens |
195e667 |
Number of seconds to wait before reconnecting on failures when using
|
|
Chris Behrens |
195e667 |
``rabbit`` strategy.
|
|
Chris Behrens |
195e667 |
|
|
Chris Behrens |
195e667 |
* ``rabbit_retry_max_backoff``
|
|
Chris Behrens |
195e667 |
|
|
Chris Behrens |
195e667 |
Optional. Default: ``30``
|
|
Chris Behrens |
195e667 |
|
|
Chris Behrens |
195e667 |
Maximum seconds to wait before reconnecting on failures when using
|
|
Chris Behrens |
195e667 |
``rabbit`` strategy.
|
|
Jay Pipes |
180ae89 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_notification_exchange``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: ``glance``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Message exchange to use when using the ``qpid`` notification strategy.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_notification_topic``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: ``glanice_notifications``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This is the topic prefix for notifications when using the ``qpid``
|
|
Russell Bryant |
2fa1ed0 |
notification strategy. When a notification is sent at the ``info`` priority,
|
|
Russell Bryant |
2fa1ed0 |
the topic will be ``glance_notifications.info``. The same idea applies for
|
|
Russell Bryant |
2fa1ed0 |
the ``error`` and ``warn`` notification priorities. To receive all
|
|
Russell Bryant |
2fa1ed0 |
notifications, you would set up a receiver with a topic of
|
|
Russell Bryant |
2fa1ed0 |
``glance_notifications.*``.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_host``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: ``localhost``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This is the hostname or IP address of the Qpid broker that will be used
|
|
Russell Bryant |
2fa1ed0 |
when Glance has been configured to use the ``qpid`` notification strategy.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_port``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: ``5672``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This is the port number to connect to on the Qpid broker, ``qpid_host``,
|
|
Russell Bryant |
2fa1ed0 |
when using the ``qpid`` notification strategy.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_username``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: None
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This is the username that Glance will use to authenticate with the Qpid
|
|
Russell Bryant |
2fa1ed0 |
broker if using the ``qpid`` notification strategy.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_password``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: None
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This is the username that Glance will use to authenticate with the Qpid
|
|
Russell Bryant |
2fa1ed0 |
broker if using the ``qpid`` notification strategy.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_sasl_mechanisms``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: None
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This is a space separated list of SASL mechanisms to use for authentication
|
|
Russell Bryant |
2fa1ed0 |
with the Qpid broker if using the ``qpid`` notification strategy.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_reconnect_timeout``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: None
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This option specifies a timeout in seconds for automatic reconnect attempts
|
|
Russell Bryant |
2fa1ed0 |
to the Qpid broker if the ``qpid`` notification strategy is used. In general,
|
|
Russell Bryant |
2fa1ed0 |
it is safe to leave all of the reconnect timing options not set. In that case,
|
|
Russell Bryant |
2fa1ed0 |
the Qpid client's default behavior will be used, which is to attempt to
|
|
Russell Bryant |
2fa1ed0 |
reconnect to the broker at exponential back-off intervals (in 1 second, then 2
|
|
Russell Bryant |
2fa1ed0 |
seconds, then 4, 8, 16, etc).
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_reconnect_limit``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: None
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This option specifies a maximum number of reconnect attempts to the Qpid
|
|
Russell Bryant |
2fa1ed0 |
broker if the ``qpid`` notification strategy is being used. Normally the
|
|
Russell Bryant |
2fa1ed0 |
Qpid client will continue attempting to reconnect until successful.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_reconnect_interval_min``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: None
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This option specifies the minimum number of seconds between reconnection
|
|
Russell Bryant |
2fa1ed0 |
attempts if the ``qpid`` notification strategy is being used.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_reconnect_interval_max``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: None
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This option specifies the maximum number of seconds between reconnection
|
|
Russell Bryant |
2fa1ed0 |
attempts if the ``qpid`` notification strategy is being used.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_reconnect_interval``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This option specifies the exact number of seconds between reconnection
|
|
Russell Bryant |
2fa1ed0 |
attempts if the ``qpid`` notification strategy is being used. Setting
|
|
Russell Bryant |
2fa1ed0 |
this option is equivalent to setting ``qpid_reconnect_interval_max`` and
|
|
Russell Bryant |
2fa1ed0 |
``qpid_reconnect_interval_min`` to the same value.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_heartbeat``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: ``5``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This option is used to specify the number of seconds between heartbeat messages
|
|
Russell Bryant |
2fa1ed0 |
exchanged between the Qpid client and Qpid broker if the ``qpid`` notification
|
|
Russell Bryant |
2fa1ed0 |
strategy is being used. Heartbeats are used to more quickly detect that a
|
|
Russell Bryant |
2fa1ed0 |
connection has been lost.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_protocol``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: ``tcp``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This option is used to specify the transport protocol to use if using the
|
|
Russell Bryant |
2fa1ed0 |
``qpid`` notification strategy. To enable SSL, set this option to ``ssl``.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
* ``qpid_tcp_nodelay``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
Optional. Default: ``True``
|
|
Russell Bryant |
2fa1ed0 |
|
|
Russell Bryant |
2fa1ed0 |
This option can be used to disable the TCP NODELAY option. It effectively
|
|
Russell Bryant |
2fa1ed0 |
disables the Nagle algorithm for the connection to the Qpid broker. This
|
|
Russell Bryant |
2fa1ed0 |
option only applies if the ``qpid`` notification strategy is used.
|
|
Russell Bryant |
2fa1ed0 |
|
|
Jay Pipes |
180ae89 |
Configuring Access Policies
|
|
Jay Pipes |
180ae89 |
---------------------------
|
|
Jay Pipes |
180ae89 |
|
|
Jay Pipes |
180ae89 |
Access rules may be configured using a
|
|
Jay Pipes |
180ae89 |
:doc:`Policy Configuration file <policies>`. Two configuration options tell
|
|
Jay Pipes |
180ae89 |
the Glance API server about the policies to use.
|
|
Jay Pipes |
180ae89 |
|
|
Jay Pipes |
180ae89 |
* ``policy_file=PATH``
|
|
Jay Pipes |
180ae89 |
|
|
Jay Pipes |
180ae89 |
Optional. Default: Looks for a file called ``policy.json`` or
|
|
Jay Pipes |
180ae89 |
``glance.policy.json`` in standard configuration directories.
|
|
Jay Pipes |
180ae89 |
|
|
Jay Pipes |
180ae89 |
Policy file to load when starting the API server
|
|
Jay Pipes |
180ae89 |
|
|
Jay Pipes |
180ae89 |
* ``policy_default_rule=RULE``
|
|
Jay Pipes |
180ae89 |
|
|
Jay Pipes |
180ae89 |
Optional. Default: "default"
|
|
Jay Pipes |
180ae89 |
|
|
Jay Pipes |
180ae89 |
Name of the rule in the policy configuration file to use as the default rule
|