openstack-ansible-os_glance/templates/glance-api.conf.j2

# {{ ansible_managed }}

[DEFAULT]
# Disable stderr logging
use_stderr = False
debug = {{ debug }}
use_journal = True
fatal_deprecations = {{ glance_fatal_deprecations }}
bind_host = {{ glance_api_bind_address }}
bind_port = {{ glance_api_service_port }}
http_keepalive = {{ glance_http_keepalive }}
digest_algorithm = {{ glance_digest_algorithm }}
backlog = 4096
workers = {{ glance_api_workers | default(glance_api_threads) }}
worker_self_reference_url = {{ (glance_backend_ssl | ternary('https', 'http')) ~ '://' ~ glance_api_bind_address ~ ':' ~ glance_api_service_port }}

enable_v2_api = {{ glance_enable_v2_api | bool }}

{% if glance_oslomsg_rpc_configure %}
transport_url = {{ glance_oslomsg_rpc_transport }}://{% for host in glance_oslomsg_rpc_servers.split(',') %}{{ glance_oslomsg_rpc_userid }}:{{ glance_oslomsg_rpc_password }}@{{ host }}:{{ glance_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _glance_oslomsg_rpc_vhost_conf }}{% if glance_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ glance_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ glance_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
{% endif %}

scrub_time = 43200

image_cache_dir = {{ glance_system_user_home }}/cache/
image_cache_stall_time = {{ glance_image_cache_stall_time }}
image_cache_max_size = {{ glance_image_cache_max_size }}

# defaults to true if RBD is used as default store
show_image_direct_url = {{ glance_show_image_direct_url }}
show_multiple_locations = {{ glance_show_multiple_locations }}

enabled_backends = {% for backend in glance_available_stores %}{{ backend['name'] }}:{{ backend['type'] }}{% if not loop.last %},{% endif %}{% endfor %}

{% if glance_property_protection_file_overrides | length > 0 %}
property_protection_file = {{ glance_property_protection_file }}
property_protection_rule_format = {{ glance_property_protection_rule_format }}
{% endif %}

[task]
task_executor = {{ glance_task_executor }}

[database]
connection = mysql+pymysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ glance_galera_address }}:{{ glance_galera_port }}/{{ glance_galera_database }}?charset=utf8{% if glance_galera_use_ssl | bool %}&ssl_verify_cert=true{% if glance_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ glance_galera_ssl_ca_cert }}{% endif %}{% endif +%}
max_overflow = {{ glance_db_max_overflow }}
max_pool_size = {{ glance_db_max_pool_size }}
pool_timeout = {{ glance_db_pool_timeout }}
connection_recycle_time = {{ glance_db_connection_recycle_time }}

{% if glance_barbican_enabled %}
[barbican]
auth_endpoint = {{ keystone_service_internaluri }}/v3
barbican_endpoint_type = internal
send_service_user_token = {{ glance_service_token_roles_required | bool }}

[barbican_service_user]
auth_section = keystone_authtoken

[key_manager]
backend = barbican
{% endif %}

[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ glance_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminurl }}
www_authenticate_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ glance_service_project_domain_id }}
user_domain_id = {{ glance_service_user_domain_id }}
project_name = {{ glance_service_project_name }}
username = {{ glance_service_user_name }}
password = {{ glance_service_password }}
region_name = {{ keystone_service_region }}

service_token_roles_required = {{ glance_service_token_roles_required | bool }}
service_token_roles = {{ glance_service_token_roles | join(',') }}
service_type = {{ glance_service_type }}

memcached_servers = {{ glance_memcached_servers }}

token_cache_time = 300

# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}

[oslo_policy]
policy_file = {{ glance_policy_file }}
policy_default_rule = {{ glance_policy_default_rule }}
policy_dirs = {{ glance_policy_dirs }}

{% if glance_oslomsg_rpc_transport == 'rabbit' %}
[oslo_messaging_rabbit]
rabbit_quorum_queue = {{ glance_oslomsg_rabbit_quorum_queues }}
rabbit_transient_quorum_queue = {{ glance_oslomsg_rabbit_transient_quorum_queues }}
rabbit_qos_prefetch_count = {{ glance_oslomsg_rabbit_qos_prefetch_count }}
use_queue_manager = {{ glance_oslomsg_rabbit_queue_manager }}
{% if glance_oslomsg_rabbit_queue_manager %}
hostname = {{ [ansible_facts['hostname'], glance_service_name] | join('-') }}
{% endif %}
rabbit_stream_fanout = {{ glance_oslomsg_rabbit_stream_fanout }}
rabbit_quorum_delivery_limit = {{ glance_oslomsg_rabbit_quorum_delivery_limit }}
rabbit_quorum_max_memory_bytes = {{ glance_oslomsg_rabbit_quorum_max_memory_bytes }}
{% endif %}

[oslo_messaging_notifications]
topics = notifications
driver = {{ (glance_oslomsg_notify_configure | bool) | ternary('messagingv2', 'noop') }}
transport_url = {{ glance_oslomsg_notify_transport }}://{% for host in glance_oslomsg_notify_servers.split(',') %}{{ glance_oslomsg_notify_userid }}:{{ glance_oslomsg_notify_password }}@{{ host }}:{{ glance_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _glance_oslomsg_notify_vhost_conf }}{% if glance_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ glance_oslomsg_notify_ssl_version }}&ssl_ca_file={{ glance_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}

[paste_deploy]
flavor = {{ glance_flavor }}

[glance_store]
default_backend = {{ (glance_default_store is string) | ternary(glance_default_store, glance_default_store['name']) }}

{% for backend in glance_available_stores %}
{%   if backend['name'] == 'file' and backend['type'] == 'file' and 'config' not in backend %}
[file]
filesystem_store_datadir = {{ glance_system_user_home }}/{{ glance_images_local_directory }}/

{%   elif backend['name'] == 'swift' and backend['type'] == 'swift' and 'config' not in backend %}
[swift]
swift_store_config_file = {{ glance_etc_dir }}/glance-swift-store.conf
default_swift_reference = swift1
swift_store_auth_insecure = {{ glance_swift_store_auth_insecure | bool }}
swift_store_region = {{ glance_swift_store_region }}
swift_store_container = {{ glance_swift_store_container }}
swift_store_create_container_on_put = True
swift_store_large_object_size = {{ glance_swift_store_large_object_size }}
swift_store_large_object_chunk_size = {{ glance_swift_store_large_object_chunk_size }}
swift_store_retry_get_count = 5
swift_store_endpoint_type = {{ glance_swift_store_endpoint_type }}

{%   elif backend['name'] == 'rbd' and backend['type'] == 'rbd' and 'config' not in backend %}
[rbd]
rbd_store_pool = {{ glance_rbd_store_pool }}
rbd_store_user = {{ glance_rbd_store_user }}
rbd_store_ceph_conf = /etc/ceph/ceph.conf
rbd_store_chunk_size = {{ glance_rbd_store_chunk_size }}

{%   elif backend['name'] == 'cinder' and backend['type'] == 'cinder' and 'config' not in backend %}
[cinder]
cinder_catalog_info = volumev3:cinderv3:internalURL
cinder_store_auth_address = {{ keystone_service_adminurl }}
cinder_store_user_name = {{ glance_service_user_name }}
cinder_store_password = {{ glance_service_password }}
cinder_store_project_name = {{ glance_service_project_name }}
cinder_store_user_domain_name = {{ glance_service_user_domain_id }}
cinder_store_project_domain_name = {{ glance_service_project_domain_id }}

{%   else %}
[{{ backend['name'] }}]
{%     for key, value in backend.get('config', {}).items() %}
{{ key }} = {{ value }}
{%     endfor %}

{%   endif  %}
{% endfor %}

[profiler]
enabled = {{ glance_profiler_enabled }}

{% if glance_proxy_headers_parsing | bool %}
[oslo_middleware]
enable_proxy_headers_parsing = True
{% endif %}

[oslo_concurrency]
lock_path = {{ glance_use_uwsgi | ternary('/run/lock/' ~ glance_services['glance-api']['service_name'] ~ '/uwsgi', '/run/lock/glance') }}

{% if glance_cors_allowed_origin is not none %}
[cors]
allow_headers = origin,content-md5,x-image-meta-checksum,x-storage-token,accept-encoding,x-auth-token,x-identity-status,x-roles,x-service-catalog,x-user-id,x-tenant-id,x-openstack-request-id
allow_methods = GET,POST,PUT,PATCH,DELETE
allowed_origin = {{ glance_cors_allowed_origin }}
{% endif %}