The Image Service has two APIs: the user-facing API, and the registry API, which is for internal requests that require access to the database.
Both of the APIs currently have two major versions, v1 and v2.
It is possible to run either or both version, by setting appropriate
values of enable_v1_api
,
enable_v2_api
, enable_v1_registry
and
enable_v2_registry
. If the v2 API is used, running
glance-registry
is optional, as
v2 of glance-api
can connect directly to the database.
Tables of all options used to configure the APIs, including enabling SSL and modifying WSGI settings are found below.
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
admin_role = admin | (StrOpt) Role used to identify an authenticated user as administrator. |
allow_anonymous_access = False | (BoolOpt) Allow unauthenticated users to access the API with read-only privileges. This only applies when using ContextMiddleware. |
default_publisher_id = image.localhost | (StrOpt) Default publisher_id for outgoing notifications. |
default_store = file | (StrOpt) Default scheme to use to store image data. The scheme must be registered by one of the stores defined by the 'known_stores' config option. |
enable_v1_api = True | (BoolOpt) Deploy the v1 OpenStack Images API. |
enable_v1_registry = True | (BoolOpt) Deploy the v1 OpenStack Registry API. |
enable_v2_api = True | (BoolOpt) Deploy the v2 OpenStack Images API. |
enable_v2_registry = True | (BoolOpt) Deploy the v2 OpenStack Registry API. |
image_size_cap = 1099511627776 | (IntOpt) Maximum size of image a user can upload in bytes. Defaults to 1099511627776 bytes (1 TB). |
known_stores = glance.store.filesystem.Store, glance.store.http.Store | (ListOpt) List of which store classes and store class locations are currently known to glance at startup. |
location_strategy = location_order | (StrOpt) This value sets what strategy will be used to determine the image location order. Currently two strategies are packaged with Glance 'location_order' and 'store_type'. |
owner_is_tenant = True | (BoolOpt) When true, this option sets the owner of an image to be the tenant. Otherwise, the owner of the image will be the authenticated user issuing the request. |
send_identity_headers = False | (BoolOpt) Whether to pass through headers containing user and tenant information when making requests to the registry. This allows the registry to use the context middleware without the keystoneclients' auth_token middleware, removing calls to the keystone auth service. It is recommended that when using this option, secure communication between glance api and glance registry is ensured by means other than auth_token middleware. |
show_multiple_locations = False | (BoolOpt) Whether to include the backend image locations in image properties. Revealing storage location can be a security risk, so use this setting with caution! The overrides show_image_direct_url. |
use_user_token = True | (BoolOpt) Whether to pass through the user token when making requests to the registry. |
[store_type_location_strategy] | |
store_type_preference = | (ListOpt) The store names to use to get store preference order. The name must be registered by one of the stores defined by the 'known_stores' config option. This option will be applied when you using 'store_type' option as image location strategy defined by the 'location_strategy' config option. |
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
ca_file = None | (StrOpt) CA certificate file to use to verify connecting clients. |
cert_file = None | (StrOpt) Certificate file to use when starting API server securely. |
key_file = None | (StrOpt) Private key file to use when starting API server securely. |
Configuration option = Default value | Description |
---|---|
[DEFAULT] | |
backdoor_port = None | (IntOpt) port for eventlet backdoor to listen |
eventlet_hub = poll | (StrOpt) Name of eventlet hub to use. Traditionally, we have only supported 'poll', however 'selects' may be appropriate for some platforms. See http://eventlet.net/doc/hubs.html for more details. |
max_header_line = 16384 | (IntOpt) Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs |
tcp_keepidle = 600 | (IntOpt) The value for the socket option TCP_KEEPIDLE. This is the time in seconds that the connection must be idle before TCP starts sending keepalive probes. |