[Openstack-operators] I have an installation question and possible bug
Kris G. Lindgren
klindgren at godaddy.com
Mon Jan 25 20:09:44 UTC 2016
The "Model server" from nova-compute is actually nova-conductor, as nova-conductor is the one talking to the database. Since a while ago (havana timeframe iirc) this was done as the "no compute db access". Conductor does all the db queries for nova-compute and nova-metadata. Nova-compute sends a rpc message (qpid or rabbitmq - depending on your implentation - most likely rabbitmq) to nova–conductor – nova–conductor makes the query to the db and return the results. In troubleshooting this error in the past, assuming everything is working correctly, this can also happen if the DB takes over 9 seconds to respond. This can also happen if you have have something causing slow/random errors in your communication between nova-conductor and the DB. Our personal experience was 1 out of 12 links taking 20% errors (all others clean) was able to cause this error to popup randomly across the entire environment.
The download from glance happens via the glanceclient on the compute node and is basically just a curl call to the glance api end-point as configured in the nova-compute's nova.conf. It downloads the file and compares the md5sum. If you have the use_raw or whatever the config option set, it will then take that image and convert it to a raw image on the hv. The file should be located under /var/lib/nova/instances/_base, images that are downloading should be the sha1sum of the uuid (yes that’s the uuid of the image, not the sha1sum for the image itself) and should have .part added on them. Once the image is converted/checksummed it will be moved from .part to just the sha1sum of the uuid.
___________________________________________________________________
Kris Lindgren
Senior Linux Systems Engineer
GoDaddy
From: Christopher Hull <chrishull42 at gmail.com<mailto:chrishull42 at gmail.com>>
Date: Monday, January 25, 2016 at 12:54 PM
To: Edgar Magana <edgar.magana at workday.com<mailto:edgar.magana at workday.com>>
Cc: "Kris G. Lindgren" <klindgren at godaddy.com<mailto:klindgren at godaddy.com>>, Clint Byrum <clint at fewbar.com<mailto:clint at fewbar.com>>, openstack-operators <openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>>
Subject: Re: [Openstack-operators] I have an installation question and possible bug
Wow. Thank you all for the response!
Well, Installing Kilo because I started this last August and have worked on it gradually. Should probably do Liberty.
Yes, I get timesouts between Nova and "model service" which I assume is Glance.
Message timeouts and recoveries for large images. 100GB CentOS server.
2015-12-20 18:19:33.759 3755 TRACE nova.servicegroup.drivers.db MessagingTimeout: Timed out waiting for a reply to message ID 34fe85f35bf84908b516b8e79110f516.
2015-12-20 18:19:33.759 3755 TRACE nova.servicegroup.drivers.db
2015-12-20 18:19:33.895 3755 WARNING nova.openstack.common.loopingcall [req-37a3f586-84de-4a1b-9257-1f968ec99273 - - - - -] task <bound method DbDriver._report_state of <nova.servicegroup.drivers.db.DbDriver object at 0x3d3fb10>> run outlasted interval by 8.43 sec
2015-12-20 18:19:33.896 3755 INFO nova.scheduler.client.report [req-9f0894b2-95f4-40f1-b9b0-83788d0e75d5 - - - - -] Compute_service record updated for ('maersk.chrishull.com<http://maersk.chrishull.com>', 'maersk.chrishull.com<http://maersk.chrishull.com>')
2015-12-20 18:19:33.896 3755 INFO nova.compute.resource_tracker [req-9f0894b2-95f4-40f1-b9b0-83788d0e75d5 - - - - -] Compute_service record updated for maersk.chrishull.com:maersk.chrishull.com<http://aersk.chrishull.com>
2015-12-20 18:19:54.642 3755 ERROR nova.servicegroup.drivers.db [req-37a3f586-84de-4a1b-9257-1f968ec99273 - - - - -] Recovered model server connection!
Perhaps this doesn't happen with smaller images like Cirros.
Here's my Glance.conf
Is this some sort of REST timeout? RabbitMQ?
========================================================================
======================== glance-api.conf
========================================================================
[DEFAULT]
notification_driver = noop
# Show more verbose log output (sets INFO log level output)
verbose=True
# Show debugging output in logs (sets DEBUG log level output)
#debug=False
# Maximum image size (in bytes) that may be uploaded through the
# Glance API server. Defaults to 1 TB.
# WARNING: this value should only be increased after careful consideration
# and must be set to a value under 8 EB (9223372036854775808).
#image_size_cap=1099511627776
# Address to bind the API server
#bind_host=0.0.0.0
# Port the bind the API server to
#bind_port=9292
# Log to this file. Make sure you do not set the same log file for both the API
# and registry servers!
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
#log_file=/var/log/glance/api.log
# Backlog requests when creating socket
#backlog=4096
# TCP_KEEPIDLE value in seconds when creating socket.
# Not supported on OS X.
#tcp_keepidle=600
# Timeout (in seconds) for client connections' socket operations. If an incoming
# connection is idle for this period it will be closed. A value of "0"
# means wait forever.
#client_socket_timeout=0
# API to use for accessing data. Default value points to sqlalchemy
# package, it is also possible to use: glance.db.registry.api
# data_api = glance.db.sqlalchemy.api
# The number of child process workers that will be
# created to service API requests. The default will be
# equal to the number of CPUs available. (integer value)
#workers=4
# Maximum line size of message headers to be accepted.
# max_header_line may need to be increased when using large tokens
# (typically those generated by the Keystone v3 API with big service
# catalogs)
# max_header_line = 16384
# Role used to identify an authenticated user as administrator
#admin_role=admin
# Allow unauthenticated users to access the API with read-only
# privileges. This only applies when using ContextMiddleware.
#allow_anonymous_access=False
# Allow access to version 1 of glance api
#enable_v1_api=True
# Allow access to version 2 of glance api
#enable_v2_api=True
# Return the URL that references where the data is stored on
# the backend storage system. For example, if using the
# file system store a URL of 'file:///path/to/image' will
# be returned to the user in the 'direct_url' meta-data field.
# The default value is false.
#show_image_direct_url=False
# Send headers containing user and tenant information when making requests to
# the v1 glance registry. This allows the registry to function as if a user is
# authenticated without the need to authenticate a user itself using the
# auth_token middleware.
# The default value is false.
#send_identity_headers=False
# Supported values for the 'container_format' image attribute
#container_formats=ami,ari,aki,bare,ovf,ova
# Supported values for the 'disk_format' image attribute
#disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso
# Property Protections config file
# This file contains the rules for property protections and the roles/policies
# associated with it.
# If this config value is not specified, by default, property protections
# won't be enforced.
# If a value is specified and the file is not found, then the glance-api
# service will not start.
#property_protection_file =
# Specify whether 'roles' or 'policies' are used in the
# property_protection_file.
# The default value for property_protection_rule_format is 'roles'.
#property_protection_rule_format=roles
# This value sets what strategy will be used to determine the image location
# order. Currently two strategies are packaged with Glance 'location_order'
# and 'store_type'.
#location_strategy=location_order
# Public url to use for versions endpoint. The default is None,
# which will use the request's host_url attribute to populate the URL base.
# If Glance is operating behind a proxy, you will want to change this to
# represent the proxy's URL.
#public_endpoint=<None>
# http_keepalive option. If False, server will return the header
# "Connection: close", If True, server will return "Connection: Keep-Alive"
# in its responses. In order to close the client socket connection
# explicitly after the response is sent and read successfully by the client,
# you simply have to set this option to False when you create a wsgi server.
#http_keepalive=True
# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log_file`
#use_syslog=False
# Facility to use. If unset defaults to LOG_USER.
#syslog_log_facility=LOG_LOCAL0
# ================= SSL Options ===============================
# Certificate file to use when starting API server securely
#cert_file=/path/to/certfile
# Private key file to use when starting API server securely
#key_file=/path/to/keyfile
# CA certificate file to use to verify connecting clients
#ca_file=/path/to/cafile
# ================= Security Options ==========================
# AES key for encrypting store 'location' metadata, including
# -- if used -- Swift or S3 credentials
# Should be set to a random string of length 16, 24 or 32 bytes
#metadata_encryption_key=<16, 24 or 32 char registry metadata key>
# Digest algorithm which will be used for digital signature, the default is
# sha1 in Kilo for a smooth upgrade process, and it will be updated with
# sha256 in next release(L). Use command
# "openssl list-message-digest-algorithms" to get the available algorithms
# supported by the version of OpenSSL on the platform. Examples are 'sha1',
# 'sha256', 'sha512', etc.
#digest_algorithm=sha1
# ============ Registry Options ===============================
# Address to find the registry server
#registry_host=0.0.0.0
# Port the registry server is listening on
#registry_port=9191
# What protocol to use when connecting to the registry server?
# Set to https for secure HTTP communication
#registry_client_protocol=http
# The path to the key file to use in SSL connections to the
# registry server, if any. Alternately, you may set the
# GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file
#registry_client_key_file=/path/to/key/file
# The path to the cert file to use in SSL connections to the
# registry server, if any. Alternately, you may set the
# GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file
#registry_client_cert_file=/path/to/cert/file
# The path to the certifying authority cert file to use in SSL connections
# to the registry server, if any. Alternately, you may set the
# GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file
#registry_client_ca_file=/path/to/ca/file
# When using SSL in connections to the registry server, do not require
# validation via a certifying authority. This is the registry's equivalent of
# specifying --insecure on the command line using glanceclient for the API
# Default: False
#registry_client_insecure=False
# The period of time, in seconds, that the API server will wait for a registry
# request to complete. A value of '0' implies no timeout.
# Default: 600
#registry_client_timeout=600
# Enable DEBUG log messages from sqlalchemy which prints every database
# query and response.
# Default: False
#sqlalchemy_debug=True
# Pass the user's token through for API requests to the registry.
# Default: True
#use_user_token=True
# If 'use_user_token' is not in effect then admin credentials
# can be specified. Requests to the registry on behalf of
# the API will use these credentials.
# Admin user name
#admin_user=%SERVICE_USER%
# Admin password
#admin_password=%SERVICE_PASSWORD%
# Admin tenant name
#admin_tenant_name=%SERVICE_TENANT_NAME%
# Keystone endpoint
#auth_url=None
# Keystone region
#auth_region=None
# Auth strategy
#auth_strategy=keystone
# ============ Notification System Options =====================
# Driver or drivers to handle sending notifications. Set to
# 'messaging' to send notifications to a message queue.
# notification_driver = noop
# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost
# List of disabled notifications. A notification can be given either as a
# notification type to disable a single event, or as a notification group
# prefix to disable all events within a group.
# Example: if this config option is set to
# ["image.create", "metadef_namespace"], then "image.create" notification will
# not be sent after image is created and none of the notifications for
# metadefinition namespaces will be sent.
# disabled_notifications = []
# Messaging driver used for 'messaging' notifications driver
# rpc_backend = 'rabbit'
# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
#rabbit_host=localhost
#rabbit_port=5672
#rabbit_use_ssl=false
#rabbit_userid=guest
#rabbit_password=guest
#rabbit_virtual_host=/
#rabbit_notification_exchange=glance
#rabbit_notification_topic=notifications
#rabbit_durable_queues=False
# Configuration options if sending notifications via Qpid (these are
# the defaults)
#qpid_notification_exchange=glance
#qpid_notification_topic=notifications
#qpid_hostname=localhost
#qpid_port=5672
#qpid_username=
#qpid_password=
#qpid_sasl_mechanisms=
#qpid_reconnect_timeout=0
#qpid_reconnect_limit=0
#qpid_reconnect_interval_min=0
#qpid_reconnect_interval_max=0
#qpid_reconnect_interval=0
#qpid_heartbeat=5
# Set to 'ssl' to enable SSL
#qpid_protocol=tcp
#qpid_tcp_nodelay=True
# ============ Delayed Delete Options =============================
# Turn on/off delayed delete
#delayed_delete=False
# Delayed delete time in seconds
#scrub_time=43200
# Directory that the scrubber will use to remind itself of what to delete
# Make sure this is also set in glance-scrubber.conf
#scrubber_datadir=/var/lib/glance/scrubber
# =============== Quota Options ==================================
# The maximum number of image members allowed per image
#image_member_quota=128
# The maximum number of image properties allowed per image
#image_property_quota=128
# The maximum number of tags allowed per image
#image_tag_quota=128
# The maximum number of locations allowed per image
#image_location_quota=10
# Set a system wide quota for every user. This value is the total number
# of bytes that a user can use across all storage systems. A value of
# 0 means unlimited.
#user_storage_quota=0
# =============== Image Cache Options =============================
# Base directory that the Image Cache uses
#image_cache_dir=/var/lib/glance/image-cache/
# =============== Policy Options ==================================
[oslo_policy]
# The JSON file that defines policies.
# Deprecated group/name - [DEFAULT]/policy_file
#policy_file=policy.json
# Default rule. Enforced when a requested rule is not found.
# Deprecated group/name - [DEFAULT]/policy_default_rule
#policy_default_rule=default
# Directories where policy configuration files are stored.
# They can be relative to any directory in the search path
# defined by the config_dir option, or absolute paths.
# The file defined by policy_file must exist for these
# directories to be searched.
# Deprecated group/name - [DEFAULT]/policy_dirs
#policy_dirs=policy.d
# =============== Database Options =================================
[database]
# The file name to use with SQLite (string value)
#sqlite_db=oslo.sqlite
# If True, SQLite uses synchronous mode (boolean value)
#sqlite_synchronous=True
# The backend to use for db (string value)
# Deprecated group/name - [DEFAULT]/db_backend
#backend=sqlalchemy
# The SQLAlchemy connection string used to connect to the
# database (string value)
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection=mysql://glance:glance@localhost/glance
connection = mysql://glance:openg00dle232@controller/glance
# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
# use whatever SQL mode is set by the server configuration,
# set this to no value. Example: mysql_sql_mode= (string
# value)
#mysql_sql_mode=TRADITIONAL
# Timeout before idle sql connections are reaped (integer
# value)
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
# Deprecated group/name - [DATABASE]/sql_idle_timeout
# Deprecated group/name - [sql]/idle_timeout
#idle_timeout=3600
# Minimum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
# Deprecated group/name - [DATABASE]/sql_min_pool_size
#min_pool_size=1
# Maximum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size=<None>
# Maximum db connection retries during startup. (setting -1
# implies an infinite retry count) (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
# Deprecated group/name - [DATABASE]/sql_max_retries
#max_retries=10
# Interval between retries of opening a sql connection
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
#retry_interval=10
# If set, use this value for max_overflow with sqlalchemy
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
#max_overflow=<None>
# Verbosity of SQL debugging information. 0=None,
# 100=Everything (integer value)
# Deprecated group/name - [DEFAULT]/sql_connection_debug
#connection_debug=0
# Add python stack traces to SQL as comment strings (boolean
# value)
# Deprecated group/name - [DEFAULT]/sql_connection_trace
#connection_trace=False
# If set, use this value for pool_timeout with sqlalchemy
# (integer value)
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
#pool_timeout=<None>
# Enable the experimental use of database reconnect on
# connection lost (boolean value)
#use_db_reconnect=False
# seconds between db connection retries (integer value)
#db_retry_interval=1
# Whether to increase interval between db connection retries,
# up to db_max_retry_interval (boolean value)
#db_inc_retry_interval=True
# max seconds between db connection retries, if
# db_inc_retry_interval is enabled (integer value)
#db_max_retry_interval=10
# maximum db connection retries before error is raised.
# (setting -1 implies an infinite retry count) (integer value)
#db_max_retries=20
[oslo_concurrency]
# Enables or disables inter-process locks. (boolean value)
# Deprecated group/name - [DEFAULT]/disable_process_locking
#disable_process_locking=false
# Directory to use for lock files. For security, the specified
# directory should only be writable by the user running the processes
# that need locking. It could be read from environment variable
# OSLO_LOCK_PATH. This setting needs to be the same for both
# glance-scrubber and glance-api service. Default to a temp directory.
# Deprecated group/name - [DEFAULT]/lock_path (string value)
#lock_path=/tmp
[keystone_authtoken]
#identity_uri=http://127.0.0.1:35357
#admin_tenant_name=%SERVICE_TENANT_NAME%
#admin_user=%SERVICE_USER%
#admin_password=%SERVICE_PASSWORD%
#revocation_cache_time=10
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = sleestack
[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
#config_file=/usr/share/glance/glance-api-dist-paste.ini
# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-api-keystone], you would configure the flavor below
# as 'keystone'.
#flavor=
flavor = keystone
[store_type_location_strategy]
# The scheme list to use to get store preference order. The scheme must be
# registered by one of the stores defined by the 'stores' config option.
# This option will be applied when you using 'store_type' option as image
# location strategy defined by the 'location_strategy' config option.
#store_type_preference =
[profiler]
# If False fully disable profiling feature.
#enabled=False
# If False doesn't trace SQL requests.
#trace_sqlalchemy=False
[task]
# ================= Glance Tasks Options ============================
# Specifies how long (in hours) a task is supposed to live in the tasks DB
# after succeeding or failing before getting soft-deleted.
# The default value for task_time_to_live is 48 hours.
# task_time_to_live = 48
# Specifies which task executor to be used to run the task scripts.
# The default value for task_executor is taskflow.
# task_executor = taskflow
# Work dir for asynchronous task operations. The directory set here
# will be used to operate over images - normally before they are
# imported in the destination store. When providing work dir, make sure
# enough space is provided for concurrent tasks to run efficiently
# without running out of space. A rough estimation can be done by
# multiplying the number of `max_workers` - or the N of workers running
# - by an average image size (e.g 500MB). The image size estimation
# should be done based on the average size in your deployment. Note that
# depending on the tasks running you may need to multiply this number by
# some factor depending on what the task does. For example, you may want
# to double the available size if image conversion is enabled. All this
# being said, remember these are just estimations and you should do them
# based on the worst case scenario and be prepared to act in case they
# were wrong.
# work_dir=None
# Specifies the maximum number of eventlet threads which can be spun up by
# the eventlet based task executor to perform execution of Glance tasks.
# DEPRECATED: Use [taskflow_executor]/max_workers instead.
# eventlet_executor_pool_size = 1000
[taskflow_executor]
# The mode in which the engine will run. Can be 'default', 'serial',
# 'parallel' or 'worker-based'
#engine_mode=serial
# The number of parallel activities executed at the same time by
# the engine. The value can be greater than one when the engine mode is
# 'parallel' or 'worker-based', otherwise this value will be ignored.
#max_workers=10
[glance_store]
default_store = file
filesystem_store_datadir = /home/glance/images/
# List of which store classes and store class locations are
# currently known to glance at startup.
# Deprecated group/name - [DEFAULT]/known_stores
# Existing but disabled stores:
# glance.store.rbd.Store,
# glance.store.s3.Store,
# glance.store.swift.Store,
# glance.store.sheepdog.Store,
# glance.store.cinder.Store,
# glance.store.gridfs.Store,
# glance.store.vmware_datastore.Store,
#stores=glance.store.filesystem.Store,
# glance.store.http.Store
# Which backend scheme should Glance use by default is not specified
# in a request to add a new image to Glance? Known schemes are determined
# by the stores option.
# Deprecated group/name - [DEFAULT]/default_store
# Default: 'file'
#default_store=file
# ============ Filesystem Store Options ========================
# Directory that the Filesystem backend store
# writes image data to
#filesystem_store_datadir=/var/lib/glance/images/
# A list of directories where image data can be stored.
# This option may be specified multiple times for specifying multiple store
# directories. Either one of filesystem_store_datadirs or
# filesystem_store_datadir option is required. A priority number may be given
# after each directory entry, separated by a ":".
# When adding an image, the highest priority directory will be selected, unless
# there is not enough space available in cases where the image size is already
# known. If no priority is given, it is assumed to be zero and the directory
# will be considered for selection last. If multiple directories have the same
# priority, then the one with the most free space available is selected.
# If same store is specified multiple times then BadStoreConfiguration
# exception will be raised.
#filesystem_store_datadirs=/var/lib/glance/images/:1
# A path to a JSON file that contains metadata describing the storage
# system. When show_multiple_locations is True the information in this
# file will be returned with any location that is contained in this
# store.
#filesystem_store_metadata_file=None
# ============ Swift Store Options =============================
# Version of the authentication service to use
# Valid versions are '2' for keystone and '1' for swauth and rackspace
#swift_store_auth_version=2
# Address where the Swift authentication service lives
# Valid schemes are 'http://' and 'https://'
# If no scheme specified, default to 'https://'
# For swauth, use something like '127.0.0.1:8080/v1.0/<http://127.0.0.1:8080/v1.0/>'
#swift_store_auth_address=127.0.0.1:5000/v2.0/<http://127.0.0.1:5000/v2.0/>
# User to authenticate against the Swift authentication service
# If you use Swift authentication service, set it to 'account':'user'
# where 'account' is a Swift storage account and 'user'
# is a user in that account
#swift_store_user=jdoe:jdoe
# Auth key for the user authenticating against the
# Swift authentication service
#swift_store_key=a86850deb2742ec3cb41518e26aa2d89
# Container within the account that the account should use
# for storing images in Swift
#swift_store_container=glance
# Do we create the container if it does not exist?
#swift_store_create_container_on_put=False
# What size, in MB, should Glance start chunking image files
# and do a large object manifest in Swift? By default, this is
# the maximum object size in Swift, which is 5GB
#swift_store_large_object_size=5120
# swift_store_config_file = glance-swift.conf
# This file contains references for each of the configured
# Swift accounts/backing stores. If used, this option can prevent
# credentials being stored in the database. Using Swift references
# is disabled if this config is left blank.
# The reference to the default Swift parameters to use for adding new images.
# default_swift_reference = 'ref1'
# When doing a large object manifest, what size, in MB, should
# Glance write chunks to Swift? This amount of data is written
# to a temporary disk buffer during the process of chunking
# the image file, and the default is 200MB
#swift_store_large_object_chunk_size=200
# If set, the configured endpoint will be used. If None, the storage URL
# from the auth response will be used. The location of an object is
# obtained by appending the container and object to the configured URL.
#
# swift_store_endpoint = https://www.example.com/v1/not_a_container
#swift_store_endpoint =
# If set to True enables multi-tenant storage mode which causes Glance images
# to be stored in tenant specific Swift accounts.
#swift_store_multi_tenant=False
# If set to an integer value between 1 and 32, a single-tenant store will
# use multiple containers to store images. If set to the default value of 0,
# only a single container will be used. Multi-tenant stores are not affected
# by this option. The max number of containers that will be used to store
# images is approximately 16^N where N is the value of this option. Discuss
# the impact of this with your swift deployment team, as this option is only
# beneficial in the largest of deployments where swift rate limiting can lead
# to unwanted throttling on a single container.
#swift_store_multiple_containers_seed=0
# A list of swift ACL strings that will be applied as both read and
# write ACLs to the containers created by Glance in multi-tenant
# mode. This grants the specified tenants/users read and write access
# to all newly created image objects. The standard swift ACL string
# formats are allowed, including:
# <tenant_id>:<username>
# <tenant_name>:<username>
# *:<username>
# Multiple ACLs can be combined using a comma separated list, for
# example: swift_store_admin_tenants = service:glance,*:admin
#swift_store_admin_tenants =
# The region of the swift endpoint to be used for single tenant. This setting
# is only necessary if the tenant has multiple swift endpoints.
#swift_store_region =
# If set to False, disables SSL layer compression of https swift requests.
# Setting to 'False' may improve performance for images which are already
# in a compressed format, eg qcow2. If set to True, enables SSL layer
# compression (provided it is supported by the target swift proxy).
#swift_store_ssl_compression=True
# The number of times a Swift download will be retried before the
# request fails
#swift_store_retry_get_count=0
# Bypass SSL verification for Swift
#swift_store_auth_insecure=False
# The path to a CA certificate bundle file to use for SSL verification when
# communicating with Swift.
#swift_store_cacert =
# ============ S3 Store Options =============================
# Address where the S3 authentication service lives
# Valid schemes are 'http://' and 'https://'
# If no scheme specified, default to 'http://'
#s3_store_host=s3.amazonaws.com<http://s3.amazonaws.com>
# User to authenticate against the S3 authentication service
#s3_store_access_key=<20-charAWSaccesskey>
# Auth key for the user authenticating against the
# S3 authentication service
#s3_store_secret_key=<40-charAWSsecretkey>
# Container within the account that the account should use
# for storing images in S3. Note that S3 has a flat namespace,
# so you need a unique bucket name for your glance images. An
# easy way to do this is append your AWS access key to "glance".
# S3 buckets in AWS *must* be lowercased, so remember to lowercase
# your AWS access key if you use it in your bucket name below!
#s3_store_bucket=<lowercased20-charawsaccesskey>glance
# Do we create the bucket if it does not exist?
#s3_store_create_bucket_on_put=False
# When sending images to S3, the data will first be written to a
# temporary buffer on disk. By default the platform's temporary directory
# will be used. If required, an alternative directory can be specified here.
#s3_store_object_buffer_dir=/path/to/dir
# When forming a bucket url, boto will either set the bucket name as the
# subdomain or as the first token of the path. Amazon's S3 service will
# accept it as the subdomain, but Swift's S3 middleware requires it be
# in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'.
#s3_store_bucket_url_format=subdomain
# Size, in MB, should S3 start chunking image files
# and do a multipart upload in S3. The default is 100MB.
#s3_store_large_object_size=100
# Multipart upload part size, in MB, should S3 use when uploading
# parts. The size must be greater than or equal to
# 5MB. The default is 10MB.
#s3_store_large_object_chunk_size=10
# The number of thread pools to perform a multipart upload
# in S3. The default is 10.
#s3_store_thread_pools=10
# ============ RBD Store Options =============================
# Ceph configuration file path
# If using cephx authentication, this file should
# include a reference to the right keyring
# in a client.<USER> section
#rbd_store_ceph_conf=/etc/ceph/ceph.conf
# RADOS user to authenticate as (only applicable if using cephx)
# If <None>, a default will be chosen based on the client. section
# in rbd_store_ceph_conf
#rbd_store_user=<None>
# RADOS pool in which images are stored
#rbd_store_pool=images
# RADOS images will be chunked into objects of this size (in megabytes).
# For best performance, this should be a power of two
#rbd_store_chunk_size=8
# ============ Sheepdog Store Options =============================
#sheepdog_store_address=localhost
#sheepdog_store_port=7000
# Images will be chunked into objects of this size (in megabytes).
# For best performance, this should be a power of two
#sheepdog_store_chunk_size=64
# ============ Cinder Store Options ===============================
# Info to match when looking for cinder in the service catalog
# Format is : separated values of the form:
# <service_type>:<service_name>:<endpoint_type> (string value)
#cinder_catalog_info=volume:cinder:publicURL
# Override service catalog lookup with template for cinder endpoint
# e.g. http://localhost:8776/v1/%(project_id)s (string value)
#cinder_endpoint_template=<None>
# Region name of this node (string value)
#os_region_name=<None>
# Location of ca certicates file to use for cinder client requests
# (string value)
#cinder_ca_certificates_file=<None>
# Number of cinderclient retries on failed http calls (integer value)
#cinder_http_retries=3
# Allow to perform insecure SSL requests to cinder (boolean value)
#cinder_api_insecure=False
# ============ VMware Datastore Store Options =====================
# ESX/ESXi or vCenter Server target system.
# The server value can be an IP address or a DNS name
# e.g. 127.0.0.1, 127.0.0.1:443<http://127.0.0.1:443>, www.vmware-infra.com<http://www.vmware-infra.com>
#vmware_server_host=<None>
# Server username (string value)
#vmware_server_username=<None>
# Server password (string value)
#vmware_server_password=<None>
# Inventory path to a datacenter (string value)
# Value optional when vmware_server_ip is an ESX/ESXi host: if specified
# should be `ha-datacenter`.
# Deprecated in favor of vmware_datastores.
#vmware_datacenter_path=<None>
# Datastore associated with the datacenter (string value)
# Deprecated in favor of vmware_datastores.
#vmware_datastore_name=<None>
# A list of datastores where the image can be stored.
# This option may be specified multiple times for specifying multiple
# datastores. Either one of vmware_datastore_name or vmware_datastores is
# required. The datastore name should be specified after its datacenter
# path, separated by ":". An optional weight may be given after the datastore
# name, separated again by ":". Thus, the required format becomes
# <datacenter_path>:<datastore_name>:<optional_weight>.
# When adding an image, the datastore with highest weight will be selected,
# unless there is not enough free space available in cases where the image size
# is already known. If no weight is given, it is assumed to be zero and the
# directory will be considered for selection last. If multiple datastores have
# the same weight, then the one with the most free space available is selected.
#vmware_datastores=<None>
# The number of times we retry on failures
# e.g., socket error, etc (integer value)
#vmware_api_retry_count=10
# The interval used for polling remote tasks
# invoked on VMware ESX/VC server in seconds (integer value)
#vmware_task_poll_interval=5
# Absolute path of the folder containing the images in the datastore
# (string value)
#vmware_store_image_dir=/openstack_glance
# Allow to perform insecure SSL requests to the target system (boolean value)
#vmware_api_insecure=False
========================================================================
================== glance-cache.conf
========================================================================
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
#verbose=True
# Show debugging output in logs (sets DEBUG log level output)
#debug=False
# Log to this file. Make sure you do not set the same log file for both the API
# and registry servers!
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
#log_file=/var/log/glance/image-cache.log
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
#use_syslog=False
# Directory that the Image Cache writes data to
#image_cache_dir=/var/lib/glance/image-cache/
# Number of seconds after which we should consider an incomplete image to be
# stalled and eligible for reaping
#image_cache_stall_time=86400
# The upper limit (the maximum size of accumulated cache in bytes) beyond
# which pruner, if running, starts cleaning the images cache.
#image_cache_max_size=10737418240
# Address to find the registry server
#registry_host=0.0.0.0
# Port the registry server is listening on
#registry_port=9191
# Auth settings if using Keystone
# auth_url = http://127.0.0.1:5000/v2.0/
# admin_tenant_name = %SERVICE_TENANT_NAME%
# admin_user = %SERVICE_USER%
# admin_password = %SERVICE_PASSWORD%
# List of which store classes and store class locations are
# currently known to glance at startup.
# known_stores = glance.store.filesystem.Store,
# glance.store.http.Store,
# glance.store.rbd.Store,
# glance.store.s3.Store,
# glance.store.swift.Store,
# glance.store.sheepdog.Store,
# glance.store.cinder.Store,
# glance.store.vmware_datastore.Store,
# ============ Filesystem Store Options ========================
# Directory that the Filesystem backend store
# writes image data to
#filesystem_store_datadir=/var/lib/glance/images/
# ============ Swift Store Options =============================
# Version of the authentication service to use
# Valid versions are '2' for keystone and '1' for swauth and rackspace
#swift_store_auth_version=2
# Address where the Swift authentication service lives
# Valid schemes are 'http://' and 'https://'
# If no scheme specified, default to 'https://'
# For swauth, use something like '127.0.0.1:8080/v1.0/<http://127.0.0.1:8080/v1.0/>'
#swift_store_auth_address=127.0.0.1:5000/v2.0/<http://127.0.0.1:5000/v2.0/>
# User to authenticate against the Swift authentication service
# If you use Swift authentication service, set it to 'account':'user'
# where 'account' is a Swift storage account and 'user'
# is a user in that account
#swift_store_user=jdoe:jdoe
# Auth key for the user authenticating against the
# Swift authentication service
#swift_store_key=a86850deb2742ec3cb41518e26aa2d89
# Container within the account that the account should use
# for storing images in Swift
#swift_store_container=glance
# Do we create the container if it does not exist?
#swift_store_create_container_on_put=False
# What size, in MB, should Glance start chunking image files
# and do a large object manifest in Swift? By default, this is
# the maximum object size in Swift, which is 5GB
#swift_store_large_object_size=5120
# This file contains references for each of the configured
# Swift accounts/backing stores. If used, this option can prevent
# credentials being stored in the database. Using Swift references
# is disabled if this config is left blank.
#swift_store_config_file=glance-swift.conf
# The reference to the default Swift parameters to use for adding new images.
#default_swift_reference='ref1'
# When doing a large object manifest, what size, in MB, should
# Glance write chunks to Swift? This amount of data is written
# to a temporary disk buffer during the process of chunking
# the image file, and the default is 200MB
#swift_store_large_object_chunk_size=200
# If set, the configured endpoint will be used. If None, the storage URL
# from the auth response will be used. The location of an object is
# obtained by appending the container and object to the configured URL.
#
# swift_store_endpoint = https://www.example.com/v1/not_a_container
#swift_store_endpoint=None
# If set to True enables multi-tenant storage mode which causes Glance images
# to be stored in tenant specific Swift accounts.
#swift_store_multi_tenant=False
# A list of swift ACL strings that will be applied as both read and
# write ACLs to the containers created by Glance in multi-tenant
# mode. This grants the specified tenants/users read and write access
# to all newly created image objects. The standard swift ACL string
# formats are allowed, including:
# <tenant_id>:<username>
# <tenant_name>:<username>
# *:<username>
# Multiple ACLs can be combined using a comma separated list, for
# example: swift_store_admin_tenants = service:glance,*:admin
#swift_store_admin_tenants =
# The region of the swift endpoint to be used for single tenant. This setting
# is only necessary if the tenant has multiple swift endpoints.
#swift_store_region =
# If set to False, disables SSL layer compression of https swift requests.
# Setting to 'False' may improve performance for images which are already
# in a compressed format, eg qcow2. If set to True, enables SSL layer
# compression (provided it is supported by the target swift proxy).
#swift_store_ssl_compression=True
# The number of times a Swift download will be retried before the
# request fails
#swift_store_retry_get_count=0
# Bypass SSL verification for Swift
#swift_store_auth_insecure=False
# The path to a CA certificate bundle file to use for SSL verification when
# communicating with Swift.
#swift_store_cacert =
# ============ S3 Store Options =============================
# Address where the S3 authentication service lives
# Valid schemes are 'http://' and 'https://'
# If no scheme specified, default to 'http://'
#s3_store_host=s3.amazonaws.com<http://s3.amazonaws.com>
# User to authenticate against the S3 authentication service
#s3_store_access_key=<20-charAWSaccesskey>
# Auth key for the user authenticating against the
# S3 authentication service
#s3_store_secret_key=<40-charAWSsecretkey>
# Container within the account that the account should use
# for storing images in S3. Note that S3 has a flat namespace,
# so you need a unique bucket name for your glance images. An
# easy way to do this is append your AWS access key to "glance".
# S3 buckets in AWS *must* be lowercased, so remember to lowercase
# your AWS access key if you use it in your bucket name below!
#s3_store_bucket=<lowercased20-charawsaccesskey>glance
# Do we create the bucket if it does not exist?
#s3_store_create_bucket_on_put=False
# When sending images to S3, the data will first be written to a
# temporary buffer on disk. By default the platform's temporary directory
# will be used. If required, an alternative directory can be specified here.
# s3_store_object_buffer_dir = /path/to/dir
# ============ Cinder Store Options ===========================
# Info to match when looking for cinder in the service catalog
# Format is : separated values of the form:
# <service_type>:<service_name>:<endpoint_type> (string value)
#cinder_catalog_info=volume:cinder:publicURL
# Override service catalog lookup with template for cinder endpoint
# e.g. http://localhost:8776/v1/%(project_id)s (string value)
#cinder_endpoint_template=<None>
# Region name of this node (string value)
#os_region_name=<None>
# Location of ca certicates file to use for cinder client requests
# (string value)
#cinder_ca_certificates_file=<None>
# Number of cinderclient retries on failed http calls (integer value)
#cinder_http_retries=3
# Allow to perform insecure SSL requests to cinder (boolean value)
#cinder_api_insecure=False
# ============ VMware Datastore Store Options =====================
# ESX/ESXi or vCenter Server target system.
# The server value can be an IP address or a DNS name
# e.g. 127.0.0.1, 127.0.0.1:443<http://127.0.0.1:443>, www.vmware-infra.com<http://www.vmware-infra.com>
#vmware_server_host=<None>
# Server username (string value)
#vmware_server_username=<None>
# Server password (string value)
#vmware_server_password=<None>
# Inventory path to a datacenter (string value)
# Value optional when vmware_server_ip is an ESX/ESXi host: if specified
# should be `ha-datacenter`.
#vmware_datacenter_path=<None>
# Datastore associated with the datacenter (string value)
#vmware_datastore_name=<None>
# The number of times we retry on failures
# e.g., socket error, etc (integer value)
#vmware_api_retry_count=10
# The interval used for polling remote tasks
# invoked on VMware ESX/VC server in seconds (integer value)
#vmware_task_poll_interval=5
# Absolute path of the folder containing the images in the datastore
# (string value)
#vmware_store_image_dir=/openstack_glance
# Allow to perform insecure SSL requests to the target system (boolean value)
#vmware_api_insecure=False
# ================= Security Options ==========================
# AES key for encrypting store 'location' metadata, including
# -- if used -- Swift or S3 credentials
# Should be set to a random string of length 16, 24 or 32 bytes
# metadata_encryption_key = <16, 24 or 32 char registry metadata key>
# =============== Policy Options ==============================
[oslo_policy]
# The JSON file that defines policies.
# Deprecated group/name - [DEFAULT]/policy_file
#policy_file=policy.json
# Default rule. Enforced when a requested rule is not found.
# Deprecated group/name - [DEFAULT]/policy_default_rule
#policy_default_rule=default
# Directories where policy configuration files are stored.
# They can be relative to any directory in the search path
# defined by the config_dir option, or absolute paths.
# The file defined by policy_file must exist for these
# directories to be searched.
# Deprecated group/name - [DEFAULT]/policy_dirs
#policy_dirs=policy.d
========================================================================
==================== glance-registry.conf
========================================================================
[DEFAULT]
notification_driver = noop
# Show more verbose log output (sets INFO log level output)
verbose=True
# Show debugging output in logs (sets DEBUG log level output)
#debug=False
# Address to bind the registry server
#bind_host=0.0.0.0
# Port the bind the registry server to
#bind_port=9191
# Log to this file. Make sure you do not set the same log file for both the API
# and registry servers!
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
#log_file=/var/log/glance/registry.log
# Backlog requests when creating socket
#backlog=4096
# TCP_KEEPIDLE value in seconds when creating socket.
# Not supported on OS X.
#tcp_keepidle=600
# Timeout (in seconds) for client connections' socket operations. If an incoming
# connection is idle for this period it will be closed. A value of "0"
# means wait forever.
#client_socket_timeout=0
# API to use for accessing data. Default value points to sqlalchemy
# package.
#data_api=glance.db.sqlalchemy.api
# The number of child process workers that will be
# created to service Registry requests. The default will be
# equal to the number of CPUs available. (integer value)
#workers=None
# Enable Registry API versions individually or simultaneously
#enable_v1_registry=True
#enable_v2_registry=True
# Limit the api to return `param_limit_max` items in a call to a container. If
# a larger `limit` query param is provided, it will be reduced to this value.
#api_limit_max=1000
# If a `limit` query param is not provided in an api request, it will
# default to `limit_param_default`
#limit_param_default=25
# Role used to identify an authenticated user as administrator
#admin_role=admin
# Enable DEBUG log messages from sqlalchemy which prints every database
# query and response.
# Default: False
#sqlalchemy_debug=True
# http_keepalive option. If False, server will return the header
# "Connection: close", If True, server will return "Connection: Keep-Alive"
# in its responses. In order to close the client socket connection
# explicitly after the response is sent and read successfully by the client,
# you simply have to set this option to False when you create a wsgi server.
#http_keepalive=True
# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log_file`
#use_syslog=False
# Facility to use. If unset defaults to LOG_USER.
#syslog_log_facility=LOG_LOCAL1
# ================= SSL Options ===============================
# Certificate file to use when starting registry server securely
#cert_file=/path/to/certfile
# Private key file to use when starting registry server securely
#key_file=/path/to/keyfile
# CA certificate file to use to verify connecting clients
#ca_file=/path/to/cafile
# ============ Notification System Options =====================
# Driver or drivers to handle sending notifications. Set to
# 'messaging' to send notifications to a message queue.
# notification_driver = noop
# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost
# Messaging driver used for 'messaging' notifications driver
# rpc_backend = 'rabbit'
# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
#rabbit_host=localhost
#rabbit_port=5672
#rabbit_use_ssl=false
#rabbit_userid=guest
#rabbit_password=guest
#rabbit_virtual_host=/
#rabbit_notification_exchange=glance
#rabbit_notification_topic=notifications
#rabbit_durable_queues=False
# Configuration options if sending notifications via Qpid (these are
# the defaults)
#qpid_notification_exchange=glance
#qpid_notification_topic=notifications
#qpid_hostname=localhost
#qpid_port=5672
#qpid_username=
#qpid_password=
#qpid_sasl_mechanisms=
#qpid_reconnect_timeout=0
#qpid_reconnect_limit=0
#qpid_reconnect_interval_min=0
#qpid_reconnect_interval_max=0
#qpid_reconnect_interval=0
#qpid_heartbeat=5
# Set to 'ssl' to enable SSL
#qpid_protocol=tcp
#qpid_tcp_nodelay=True
# =============== Policy Options ==============================
[oslo_policy]
# The JSON file that defines policies.
# Deprecated group/name - [DEFAULT]/policy_file
#policy_file=policy.json
# Default rule. Enforced when a requested rule is not found.
# Deprecated group/name - [DEFAULT]/policy_default_rule
#policy_default_rule=default
# Directories where policy configuration files are stored.
# They can be relative to any directory in the search path
# defined by the config_dir option, or absolute paths.
# The file defined by policy_file must exist for these
# directories to be searched.
# Deprecated group/name - [DEFAULT]/policy_dirs
#policy_dirs=policy.d
# ================= Database Options ==========================
[database]
# The file name to use with SQLite (string value)
#sqlite_db=glance.sqlite
# If True, SQLite uses synchronous mode (boolean value)
#sqlite_synchronous=True
# The backend to use for db (string value)
# Deprecated group/name - [DEFAULT]/db_backend
#backend=sqlalchemy
# The SQLAlchemy connection string used to connect to the
# database (string value)
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection=mysql://glance:glance@localhost/glance
connection = mysql://glance:openg00dle232@controller/glance
# The SQL mode to be used for MySQL sessions. This option,
# including the default, overrides any server-set SQL mode. To
# use whatever SQL mode is set by the server configuration,
# set this to no value. Example: mysql_sql_mode= (string
# value)
#mysql_sql_mode=TRADITIONAL
# Timeout before idle sql connections are reaped (integer
# value)
# Deprecated group/name - [DEFAULT]/sql_idle_timeout
# Deprecated group/name - [DATABASE]/sql_idle_timeout
# Deprecated group/name - [sql]/idle_timeout
#idle_timeout=3600
# Minimum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_min_pool_size
# Deprecated group/name - [DATABASE]/sql_min_pool_size
#min_pool_size=1
# Maximum number of SQL connections to keep open in a pool
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_pool_size
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size=<None>
# Maximum db connection retries during startup. (setting -1
# implies an infinite retry count) (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
# Deprecated group/name - [DATABASE]/sql_max_retries
#max_retries=10
# Interval between retries of opening a sql connection
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_retry_interval
# Deprecated group/name - [DATABASE]/reconnect_interval
#retry_interval=10
# If set, use this value for max_overflow with sqlalchemy
# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_overflow
# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow
#max_overflow=<None>
# Verbosity of SQL debugging information. 0=None,
# 100=Everything (integer value)
# Deprecated group/name - [DEFAULT]/sql_connection_debug
#connection_debug=0
# Add python stack traces to SQL as comment strings (boolean
# value)
# Deprecated group/name - [DEFAULT]/sql_connection_trace
#connection_trace=False
# If set, use this value for pool_timeout with sqlalchemy
# (integer value)
# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout
#pool_timeout=<None>
# Enable the experimental use of database reconnect on
# connection lost (boolean value)
#use_db_reconnect=False
# seconds between db connection retries (integer value)
#db_retry_interval=1
# Whether to increase interval between db connection retries,
# up to db_max_retry_interval (boolean value)
#db_inc_retry_interval=True
# max seconds between db connection retries, if
# db_inc_retry_interval is enabled (integer value)
#db_max_retry_interval=10
# maximum db connection retries before error is raised.
# (setting -1 implies an infinite retry count) (integer value)
#db_max_retries=20
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = sleestack
#identity_uri=http://127.0.0.1:35357
#admin_tenant_name=%SERVICE_TENANT_NAME%
#admin_user=%SERVICE_USER%
#admin_password=%SERVICE_PASSWORD%
[paste_deploy]
flavor = keystone
# Name of the paste configuration file that defines the available pipelines
#config_file=/usr/share/glance/glance-registry-dist-paste.ini
# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-registry-keystone], you would configure the flavor below
# as 'keystone'.
#flavor=
[profiler]
# If False fully disable profiling feature.
#enabled=False
# If False doesn't trace SQL requests.
#trace_sqlalchemy=False
========================================================================
========================== glance-scrubber.conf
========================================================================
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
#verbose=True
# Show debugging output in logs (sets DEBUG log level output)
#debug=False
# Log to this file. Make sure you do not set the same log file for both the API
# and registry servers!
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
#log_file=/var/log/glance/scrubber.log
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
#use_syslog=False
# Should we run our own loop or rely on cron/scheduler to run us
#daemon=False
# Loop time between checking for new items to schedule for delete
#wakeup_time=300
# Directory that the scrubber will use to remind itself of what to delete
# Make sure this is also set in glance-api.conf
#scrubber_datadir=/var/lib/glance/scrubber
# Only one server in your deployment should be designated the cleanup host
#cleanup_scrubber=False
# pending_delete items older than this time are candidates for cleanup
#cleanup_scrubber_time=86400
# Address to find the registry server for cleanups
#registry_host=0.0.0.0
# Port the registry server is listening on
#registry_port=9191
# Auth settings if using Keystone
# auth_url = http://127.0.0.1:5000/v2.0/
# admin_tenant_name = %SERVICE_TENANT_NAME%
# admin_user = %SERVICE_USER%
# admin_password = %SERVICE_PASSWORD%
# API to use for accessing data. Default value points to sqlalchemy
# package, it is also possible to use: glance.db.registry.api
#data_api=glance.db.sqlalchemy.api
# ================= Security Options ==========================
# AES key for encrypting store 'location' metadata, including
# -- if used -- Swift or S3 credentials
# Should be set to a random string of length 16, 24 or 32 bytes
#metadata_encryption_key=<16, 24 or 32 char registry metadata key>
# =============== Policy Options ==============================
# The JSON file that defines policies.
#policy_file=policy.json
# Default rule. Enforced when a requested rule is not found.
#policy_default_rule=default
# Directories where policy configuration files are stored.
# They can be relative to any directory in the search path
# defined by the config_dir option, or absolute paths.
# The file defined by policy_file must exist for these
# directories to be searched.
#policy_dirs=policy.d
# ================= Database Options ===============+==========
[database]
# The SQLAlchemy connection string used to connect to the
# database (string value)
#connection=sqlite:////glance/openstack/common/db/$sqlite_db
# The SQLAlchemy connection string used to connect to the
# slave database (string value)
#slave_connection=
# timeout before idle sql connections are reaped (integer
# value)
#idle_timeout=3600
# Minimum number of SQL connections to keep open in a pool
# (integer value)
#min_pool_size=1
# Maximum number of SQL connections to keep open in a pool
# (integer value)
#max_pool_size=<None>
# maximum db connection retries during startup. (setting -1
# implies an infinite retry count) (integer value)
#max_retries=10
# interval between retries of opening a sql connection
# (integer value)
#retry_interval=10
# If set, use this value for max_overflow with sqlalchemy
# (integer value)
#max_overflow=<None>
# Verbosity of SQL debugging information. 0=None,
# 100=Everything (integer value)
#connection_debug=0
# Add python stack traces to SQL as comment strings (boolean
# value)
#connection_trace=false
# If set, use this value for pool_timeout with sqlalchemy
# (integer value)
#pool_timeout=<None>
[oslo_concurrency]
# Enables or disables inter-process locks. (boolean value)
# Deprecated group/name - [DEFAULT]/disable_process_locking
#disable_process_locking=false
# Directory to use for lock files. For security, the specified
# directory should only be writable by the user running the processes
# that need locking. It could be read from environment variable
# OSLO_LOCK_PATH. This setting needs to be the same for both
# glance-scrubber and glance-api service. Default to a temp directory.
# Deprecated group/name - [DEFAULT]/lock_path (string value)
#lock_path=/tmp
========================================================================
===================== policy.json
========================================================================
{
"context_is_admin": "role:admin",
"default": "",
"add_image": "",
"delete_image": "",
"get_image": "",
"get_images": "",
"modify_image": "",
"publicize_image": "role:admin",
"copy_from": "",
"download_image": "",
"upload_image": "",
"delete_image_location": "",
"get_image_location": "",
"set_image_location": "",
"add_member": "",
"delete_member": "",
"get_member": "",
"get_members": "",
"modify_member": "",
"manage_image_cache": "role:admin",
"get_task": "",
"get_tasks": "",
"add_task": "",
"modify_task": "",
"deactivate": "",
"reactivate": "",
"get_metadef_namespace": "",
"get_metadef_namespaces":"",
"modify_metadef_namespace":"",
"add_metadef_namespace":"",
"get_metadef_object":"",
"get_metadef_objects":"",
"modify_metadef_object":"",
"add_metadef_object":"",
"list_metadef_resource_types":"",
"get_metadef_resource_type":"",
"add_metadef_resource_type_association":"",
"get_metadef_property":"",
"get_metadef_properties":"",
"modify_metadef_property":"",
"add_metadef_property":"",
"get_metadef_tag":"",
"get_metadef_tags":"",
"modify_metadef_tag":"",
"add_metadef_tag":"",
"add_metadef_tags":""
}
========================================================================
================= schema-image.json
========================================================================
{
"kernel_id": {
"type": "string",
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
"description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
},
"ramdisk_id": {
"type": "string",
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
"description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
},
"instance_uuid": {
"type": "string",
"description": "ID of instance used to create this image."
},
"architecture": {
"description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
"type": "string"
},
"os_distro": {
"description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
"type": "string"
},
"os_version": {
"description": "Operating system version as specified by the distributor",
"type": "string"
}
}
- Christopher T. Hull
333 Orchard Ave, Sunnyvale CA. 94085
(415) 385 4865
chrishull42 at gmail.com<mailto:chrishull42 at gmail.com>
http://chrishull.com
On Mon, Jan 25, 2016 at 10:50 AM, Edgar Magana <edgar.magana at workday.com<mailto:edgar.magana at workday.com>> wrote:
Same here, we are using apache as front and the same for keystone. In Future we will move all public url in from of HAProxy
Edgar
On 1/25/16, 10:40 AM, "Kris G. Lindgren" <klindgren at godaddy.com<mailto:klindgren at godaddy.com>> wrote:
>In the past we have had issues with having glance terminating ssl and downloads either not completing or being corrupted. If you are having glance terminate ssl, for us moving ssl termination to haproxy and running glance as non-ssl fixed that issue for us.
>
>___________________________________________________________________
>Kris Lindgren
>Senior Linux Systems Engineer
>GoDaddy
>
>
>
>
>
>
>
>On 1/25/16, 11:23 AM, "Clint Byrum" <clint at fewbar.com<mailto:clint at fewbar.com>> wrote:
>
>>Excerpts from Christopher Hull's message of 2016-01-25 09:11:59 -0800:
>>> Hello all;
>>>
>>> I'm an experienced developer and I work at Cisco. Chances are I've covered
>>> the basics here,but just in case, check me.
>>> I've followed the Kilo install instructions to the letter so far as I can
>>> tell. I have not installed Swift, but I think everything else, and my
>>> installation almost works. I'm having a little trouble with Glance.
>>>
>>> It seems that when I attempt to create a large image (that may or not may
>>> be the issue), the checksum that Glance records in it's DB is incorrect.
>>> Cirros image runs just fine. CentOS cloud works. But when I offload and
>>> create an image from a big CentOS install (say 100gb), nova says the
>>> checksum is wrong when I try to boot it.
>>>
>>
>>Did you check the file that glance saved to disk to make sure it was
>>the same one you uploaded? I kind of wonder if something timed out and
>>did not properly report the error, leading to a partially written file.
>>
>>Also, is there some reason you aren't deploying Liberty?
>>
>>_______________________________________________
>>OpenStack-operators mailing list
>>OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
>>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>_______________________________________________
>OpenStack-operators mailing list
>OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160125/556e2347/attachment-0001.html>
More information about the OpenStack-operators
mailing list