Configure the API

Configure the API

The Image service has two APIs: the user-facing API, and the registry API, which is for internal requests that require access to the database.

Both of the APIs currently have two major versions: v1 (SUPPORTED) and v2 (CURRENT). You can run either or both versions by setting appropriate values of enable_v1_api, enable_v2_api, enable_v1_registry, and enable_v2_registry. If the v2 API is used, running glance-registry is optional, as v2 of glance-api can connect directly to the database.

To assist you in formulating your deployment strategy for the Image APIs, the Glance team has published a statement concerning the status and development plans of the APIs: Using public Image API.

Tables of all the options used to configure the APIs, including enabling SSL and modifying WSGI settings are found below.

Description of API configuration options
Configuration option = Default value Description
admin_role = admin (String) Role used to identify an authenticated user as administrator.
allow_anonymous_access = False (Boolean) Allow unauthenticated users to access the API with read-only privileges. This only applies when using ContextMiddleware.
available_plugins = (List) A list of artifacts that are allowed in the format name or name-version. Empty list means that any artifact can be loaded.
client_socket_timeout = 900 (Integer) Timeout for client connections’ socket operations. If an incoming connection is idle for this number of seconds it will be closed. A value of ‘0’ means wait forever.
enable_v1_api = True (Boolean) Deploy the v1 OpenStack Images API.
enable_v1_registry = True (Boolean) Deploy the v1 OpenStack Registry API.
enable_v2_api = True (Boolean) Deploy the v2 OpenStack Images API.
enable_v2_registry = True (Boolean) Deploy the v2 OpenStack Registry API.
http_keepalive = True (Boolean) If False, server will return the header “Connection: close”, If True, server will return “Connection: Keep-Alive” in its responses. In order to close the client socket connection explicitly after the response is sent and read successfully by the client, you simply have to set this option to False when you create a wsgi server.
image_size_cap = 1099511627776 (Integer) Maximum size of image a user can upload in bytes. Defaults to 1099511627776 bytes (1 TB).WARNING: this value should only be increased after careful consideration and must be set to a value under 8 EB (9223372036854775808).
load_enabled = True (Boolean) When false, no artifacts can be loaded regardless of available_plugins. When true, artifacts can be loaded.
location_strategy = location_order (String) This value sets what strategy will be used to determine the image location order. Currently two strategies are packaged with Glance ‘location_order’ and ‘store_type’.
max_header_line = 16384 (Integer) Maximum line size of message headers to be accepted. max_header_line may need to be increased when using large tokens (typically those generated by the Keystone v3 API with big service catalogs
max_request_id_length = 64 (Integer) Limits request ID length.
owner_is_tenant = True (Boolean) When true, this option sets the owner of an image to be the tenant. Otherwise, the owner of the image will be the authenticated user issuing the request.
public_endpoint = None (String) Public url to use for versions endpoint. The default is None, which will use the request’s host_url attribute to populate the URL base. If Glance is operating behind a proxy, you will want to change this to represent the proxy’s URL.
secure_proxy_ssl_header = None (String) The HTTP header used to determine the scheme for the original request, even if it was removed by an SSL terminating proxy. Typical value is “HTTP_X_FORWARDED_PROTO”.
send_identity_headers = False (Boolean) Whether to pass through headers containing user and tenant information when making requests to the registry. This allows the registry to use the context middleware without keystonemiddleware’s auth_token middleware, removing calls to the keystone auth service. It is recommended that when using this option, secure communication between glance api and glance registry is ensured by means other than auth_token middleware.
show_multiple_locations = False (Boolean) Whether to include the backend image locations in image properties. For example, if using the file system store a URL of “file:///path/to/image” will be returned to the user in the ‘direct_url’ meta-data field. Revealing storage location can be a security risk, so use this setting with caution! Setting this to true overrides the show_image_direct_url option.
tcp_keepidle = 600 (Integer) The value for the socket option TCP_KEEPIDLE. This is the time in seconds that the connection must be idle before TCP starts sending keepalive probes.
use_user_token = True (Boolean) DEPRECATED: Whether to pass through the user token when making requests to the registry. To prevent failures with token expiration during big files upload, it is recommended to set this parameter to False.If “use_user_token” is not in effect, then admin credentials can be specified. This option was considered harmful and has been deprecated in M release. It will be removed in O release. For more information read OSSN-0060. Related functionality with uploading big images has been implemented with Keystone trusts support.
default_store = file (String) Default scheme to use to store image data. The scheme must be registered by one of the stores defined by the ‘stores’ config option.
store_capabilities_update_min_interval = 0 (Integer) Minimum interval seconds to execute updating dynamic storage capabilities based on backend status then. It’s not a periodic routine, the update logic will be executed only when interval seconds elapsed and an operation of store has triggered. The feature will be enabled only when the option value greater then zero.
stores = file, http (List) List of stores enabled. Valid stores are: cinder, file, http, rbd, sheepdog, swift, s3, vsphere
max_request_body_size = 114688 (Integer) The maximum body size for each request, in bytes.
secure_proxy_ssl_header = X-Forwarded-Proto (String) DEPRECATED: The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by an SSL termination proxy.
config_file = None (String) Name of the paste configuration file.
flavor = None (String) Partial name of a pipeline in your paste configuration file with the service name removed. For example, if your paste section name is [pipeline:glance-api-keystone] use the value “keystone”
store_type_preference = (List) The store names to use to get store preference order. The name must be registered by one of the stores defined by the ‘stores’ config option. This option will be applied when you using ‘store_type’ option as image location strategy defined by the ‘location_strategy’ config option.
Description of CA and SSL configuration options
Configuration option = Default value Description
ca_file = None (String) CA certificate file to use to verify connecting clients.
cert_file = None (String) Certificate file to use when starting API server securely.
key_file = None (String) Private key file to use when starting API server securely.
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.