diff options
Diffstat (limited to 'etc/glance-scrubber.conf')
-rw-r--r-- | etc/glance-scrubber.conf | 51 |
1 files changed, 23 insertions, 28 deletions
diff --git a/etc/glance-scrubber.conf b/etc/glance-scrubber.conf index a71cb2907..b2d80567f 100644 --- a/etc/glance-scrubber.conf +++ b/etc/glance-scrubber.conf @@ -429,32 +429,6 @@ # * [DEFAULT]/node_staging_uri (list value) #enabled_import_methods = [glance-direct,web-download,copy-image] -# DEPRECATED: -# Enforce API access based on common persona definitions used across OpenStack. -# Enabling this option formalizes project-specific read/write operations, like -# creating private images or updating the status of shared image, behind the -# `member` role. It also formalizes a read-only variant useful for -# project-specific API operations, like listing private images in a project, -# behind the `reader` role. -# -# Operators should take an opportunity to understand glance's new image -# policies, -# audit assignments in their deployment, and update permissions using the -# default -# roles in keystone (e.g., `admin`, `member`, and `reader`). -# -# Related options: -# * [oslo_policy]/enforce_new_defaults -# (boolean value) -# This option is deprecated for removal since Wallaby. -# Its value may be silently ignored in the future. -# Reason: -# This option has been introduced to require operators to opt into enforcing -# authorization based on common RBAC personas, which is EXPERIMENTAL as of the -# Wallaby release. This behavior will be the default and STABLE in a future -# release, allowing this option to be removed. -#enforce_secure_rbac = false - # # The URL to this worker. # @@ -789,6 +763,11 @@ # (string value) #mysql_sql_mode = TRADITIONAL +# For Galera only, configure wsrep_sync_wait causality checks on new +# connections. Default is None, meaning don't configure any setting. (integer +# value) +#mysql_wsrep_sync_wait = <None> + # DEPRECATED: If True, transparently enables support for handling MySQL Cluster # (NDB). (boolean value) # This option is deprecated for removal since 12.1.0. @@ -1655,6 +1634,22 @@ #s3_store_host = <None> # +# The S3 region name. +# +# This parameter will set the region_name used by boto. +# If this parameter is not set, we we will try to compute it from the +# s3_store_host. +# +# Possible values: +# * A valid region name +# +# Related Options: +# * s3_store_host +# +# (string value) +#s3_store_region_name = + +# # The S3 query token access key. # # This configuration option takes the access key for authenticating with the @@ -2581,7 +2576,7 @@ # ``InvalidScope`` exception will be raised. If ``False``, a message will be # logged informing operators that policies are being invoked with mismatching # scope. (boolean value) -#enforce_scope = false +#enforce_scope = true # This option controls whether or not to use old deprecated defaults when # evaluating policies. If ``True``, the old deprecated defaults are not going to @@ -2592,7 +2587,7 @@ # deprecated policy check string is logically OR'd with the new policy check # string, allowing for a graceful upgrade experience between releases with new # policies, which is the default behavior. (boolean value) -#enforce_new_defaults = false +#enforce_new_defaults = true # The relative or absolute path of a file that maps roles to permissions for a # given service. Relative paths must be specified in relation to the |