This commit updates the developer docs to reflect
the change in default digest algorithm to sha256
made by https://review.openstack.org/#/c/197372/
Closes-Bug: #1471938
Change-Id: I1b1044a506d7e3657ec360489fb236c6e5214688
Provide healthcheck middleware from oslo_middleware to be able to
disable given nodes from loadbalancer. It's achieved by adding a new
pipeline which depending on existing of the
/etc/glance/healthcheck_disable file can return one of the following
results:
- 200 OK (if file does not exist)
- 503 DISABLED BY FILE (if file exist)
The healthcheck is available under /healthcheck URL, and the whole
mechanism behave similar to the Swift healthcheck system.
implements bp: healthcheck-middleware
Co-Authored-By: Erno Kuvaja <jokke@usr.fi>
Co-Authored-By: Kamil Rykowski <kamil.rykowski@intel.com>
DocImpact
Change-Id: I45f6a8c59ec3040aaf06f8bab46d8001c44dac7a
Add a parameter to take advantage of the new(ish) eventlet socket timeout
behaviour. Allows closing idle client connections after a period of
time, eg:
$ time nc localhost 9292
real 1m0.063s
Setting 'client_socket_timeout = 0' means do not timeout.
DocImpact
Closes-bug: 1371022
Change-Id: I9e7edcbf25ece61dc16b8cd5a8bef5ed9a14e3d6
This commit adds strings that describe how to prevent situations
related to the issues with token expiration during big file upload.
DocImpact
Change-Id: Iddc78a8ce32b78aefe5b702d35b30c13935117bf
Co-Authored-By: Mike Fedosin <mfedosin@mirantis.com>
Was looking for something else and noticed that the documentation for
the swift_store_cacert option was merged into the middle of the doc
for the swift_store_ssl_compression option. This patch corrects that.
DocImpact
Change-Id: I86c7a9d045cb7784cb68020a13b7682b3ea8c94d
Update glance-control to send a SIGHUP rather than
perform a start/stop for the 'reload' operation.
This allows picking up new configuration values without
interrupting the service.
Closes-bug: 1436275
Change-Id: I5a653daa3e582b665c0a2c402cf2d7c9e47e1c38
Currently the documentation of glance-manage is missing the commands
to handle the glance metadata defnition. This patch provides details
on following commands:
db_load_metadefs
db_unload_metadefs
db_export_metadefs
Closes-Bug: #1414725
Change-Id: I90865831d38478f76e7379ca447ed99c17387710
Wikipedia's list of common misspellings [1] has a machine-readable
version. This patch fixes those misspellings mentioned in the list
which don't have multiple right variants (as e.g. "accension", which can
be both "accession" and "ascension"), such misspellings are left
untouched. The list of changes was manually re-checked for false
positives.
[1] https://en.wikipedia.org/wiki/Wikipedia:Lists_of_common_misspellings/For_machines
Change-Id: I6f549eb78998ead9b2f1a04e196e65b3f08f1be7
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
This patch provides the ability to 'deactivate' an image by
providing two new API calls and a new image status 'deactivated'.
Attempting to download a deactivated image will result in a
403 'Forbidden' return code. Also, image locations won't be visible
for deactivated images unless the user is admin.
All other image operations should remain unaffected.
The two new API calls are:
- POST /images/{image_id}/actions/deactivate
- POST /images/{image_id}/actions/reactivate
DocImpact
UpgradeImpact
Change-Id: I32b7cc7ce8404457a87c8c05041aa2a30152b930
Implements: bp deactivate-image
Previously, every call to policy.enforce passed an empty dictionary as
the target. This prevents operators from using tenant specific
restrictions in their policy.json files since the target will always be
an empty dictionary.
If you try to restrict some actions so an image owner (users with the
correct tenant id) can perform actions, the check categorically fails
because the target is okay is an empty dictionary. By passing the
ImageTarget instance wrapping an Image, we can properly grant access to
the image owner(s) based on tenant (e.g., owner:%(tenant)). Without this
fix, the only check that actually works in glance is a RoleCheck (e.g.,
role:admin).
Partial-bug: 1346648
Implements: blueprint pass-targets-to-policy-enforcer
Change-Id: Id914c478ca7c4dfde3f08028d8b70c623f26b6e9
Adds a basic architecture description section
to the Glance Developer guide.
Change-Id: I782490bb8757cd67d83057176f8e3eeffa007b84
Co-Authored-By: Mike Fedosin <mfedosin@mirantis.com>
Co-Authored-By: Olena Logvinova <ologvinova@mirantis.com>
Co-Authored-By: Alexander Adamov <aadamov@mirantis.com>
Metadefinition resources - namespaces, objects, properties, tags and
resource types - don't provide any notification events when certain
operations are performed on them. This patch includes following events
that will be triggered when necessary:
* metadef_namespace.create - namespace has been created
* metadef_namespace.update - namespace has been updated
* metadef_namespace.delete - namespace has been deleted
* metadef_namespace.delete_properties - all properties have been removed
from namespace
* metadef_namespace.delete_objects - all objects have been removed from
namespace
* metadef_namespace.delete_tags - all tags have been removed from
namespace
* metadef_object.create - object has been created
* metadef_object.update - object has been updated
* metadef_object.delete - object has been deleted
* metadef_property.create - property has been created
* metadef_property.update - property has been updated
* metadef_property.delete - property has been deleted
* metadef_tag.create - tag has been created
* metadef_tag.update - tag has been updated
* metadef_tag.delete - tag has been deleted
* metadef_resource_type.create - resource type has been added to
namespace
* metadef_resource_type.delete - resource type has been removed from
namespace
Additionally new configuration option has been added to allow for
disabling either individual or group of notifications.
DocImpact
UpgradeImpact
Depends-On: Iaa771ead0114e3941667b1e07ff32472d2f77afd
Change-Id: Ie1635793d80188f8f7a07aea91b9f0842900ffa6
Implements: blueprint metadefs-notifications
The patch adds the necessary configuration options defined in the
multiple datastore spec for VMware Store backend.
Approved Spec:
I16229da839ab7f147c36d5857e2269999e8215d7
Implementation:
I176f1143cd2d9b0a01a0f4f4256e7ac7d9b09afd
blueprint vmware-store-multiple-datastores
Depends-On: I4a52347cdbc238a3cb36a67d453591d0f8576a39
UpgradeImpact
DocImpact
Change-Id: Ic459b3b579d2b02e9abd9655ea2eb3e99fddcfcd
We added the eventlet executor waiting for taskflow to land and be ready
for us to consume it. Now that we have it, it's time to remove the
eventlet executor in favor of taskflow's parallel executors.
DocImpact
UpgradeImpact
Partially-implements blueprint: new-upload-workflow
Change-Id: I220a14b2a92949772d5322c9947c42e892cfdbfa
There are no boto imports in glance anymore since the s3 driver moved
out with glance_store, so remove the boto requirement from glance.
Also cleans up an old install reference for RPMs.
Change-Id: Iea294c4416630e441f8a183b32b2f1c9b7b88821
Presently, the wsgi server allows persist connections. Hence even after
the response is sent to the client, it doesn't close the client socket
connection. Because of this problem, the green thread is not released
back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
DocImpact:
Added http_keepalive option (default=True).
SecurityImpact
Closes-Bug: #1361360
Change-Id: I93aaca24935a4f3096210233097dd6b8c5440176
Rewrote description of the public_endpoint configuration option
to make the purpose of the setting more explicit.
Change-Id: Ic4d5ce9884b6641eed076e5b6fad71ec0e6659a4
Closes-Bug: #1419328
The description of 'image_cache_max_size' was ambiguous. There was not
the certainty that the 'image_cache_max_size' parameter was about the
aggregate size of the cache or a per image limit.
The 'image_cache_max_size' is an upper limit beyond which pruner,
if running, starts cleaning the images cache.
Hence added detail description of 'image_cache_max_size' in document
and configuration file.
Bug: #1411813
Change-Id: Ide8e087db544aeea1990bac92c97cb9ca9f0b522
This patch adds support for a new task executor. This executor
leverages the taskflow library which is responsible for dispatching
the tasks.
The taskflow executor provides basic serial execution of the
tasks and uses eventlet by default. The execution mode is configurable
to have parallel execution in which case it is possible to also
configure the number of workers running at the same time.
TaskFlow wiki: https://wiki.openstack.org/wiki/TaskFlow
partially implements bp async-glance-workers
partially implements bp taskflow-integration
DocImpact
UpgradeImpact
Co-Authored by: Arnaud Legendre <arnaudleg@gmail.com>
Co-Authored by: Flavio Percoco <flaper87@gmail.com>
Co-Authored by: Nikhil Komawar <nikhil.komawar@rackspace.com>
Change-Id: Ie31e64f8fee7f9fe7336cde50d5db89577c4f76d
The snet option forces the deployer to name the desired endpoint after
the public endpoint. In order to switch between multiple internal
networks, names have to be changed. Instead of constructing a URL with a
prefix from what is returned by auth, specify the URL via configuration.
DocImpact
UpgradeImpact
bp replace-snet-config-with-endpoint-config
Change-Id: I7b7e14d7da082ae37a9737d2078017b04c19b87b
It would be great to enhance Glance to use minimum of SHA2
to do digital signature for FIPS compliance. Since in
FIPS(FEDERAL INFORMATION PROCESSING STANDARDS) says the
SHA-1 is not suitable for general-purpose digital signature
applications (as specified in FIPS 186-3) that require 112
bits of security. In the case of digital signatures, SHA-1
does not provide the 112 bits of collision resistance needed
to achieve the security strength.
Now we're using hardcode 'sha1'. So this patch will make it
configurable firstly and set the default value as sha1 in
Kilo for smooth upgrade, which will be changed with sha256
in next release(L).
DocImpact
UpgradeImapact
SecurityImpact
Closes-Bug: #1288545
Change-Id: I9236cc85f4e9881ac1aa35d69bc6761a59c1b6c8
The documentation for glance_stores was missing any mention of the
stores option which is required to make a default_store work if it's
non-default.
Closes-Bug: #1406182
Change-Id: I89e8fe2d8b31cd66609fd4132cb263eecb3db4c3
Change I5b356170ec82d033204e22f79c862201400a0a31 introduced a new
swift_store configuration option. Prior to accepting that, it was
determined that we needed to add it to the relevant configuration files
and document the option.
DocImpact
Closes-bug: 1375857
Change-Id: I4cbfae3c1ac84d6c85875d34a58dd2a87ae85d6f
Based on current implementation, image in pending_delete
status can't be recovered. This patch will fix the
document issue.
Change-Id: If4fe75cfb759ae0288f378cee77a71be4a306456
When this part of 'Use common db code from oslo' blueprint was merged
into master: https://review.openstack.org/#/c/36207/ some code related
to db_auto_create was removed but some still remained in tempest tests,
documentation and configuration samples.
This fix removes every reference to db_auto_create option.
Closes-Bug: #1343907
Change-Id: Ibca3f633e61574d77339fc98fdf73340c9d9b8dc
[DEFAULT] default_store was deprecated in Juno and moved into the
[glance_store] section. Yet it remains in the old place in the sample
glance-api.conf. Additionally, some comments still refer to the
known_stores option, which is now simply stores.
DocImpact
Change-Id: I7215e35534fd9a77730d39b96f9ba3bf6c3ea065
