Indenting the include directives for the snippet files means the
headings in those files are "under" or "inside" the sections defined by
the headings in the parent file, but that's not something rst supports.
Change-Id: I70cb5b7f4d5051595a8e057ecf3b23a372ee21ca
This patch:
- addresses grammar comments from commit
https://review.openstack.org/207510
- fixes small grammar/syntax errors in Using Glance’s
Image Public APIs section of the guide.
Change-Id: I6b5339a7680c3ccd3ce9bb156f10acad9f47daa3
Adds a domain model description section
to the Glance Developer guide.
Change-Id: I87a0cc4e97f2bbd44dd33917dbf74c93e580e43b
Co-Authored-By: Mike Fedosin <mfedosin@mirantis.com>
Co-Authored-By: Olena Logvinova <ologvinova@mirantis.com>
Updated the reference to the Nova "Virt driver guest
vCPU topology configuration" spec to its current
location among the implemented Juno specs.
Change-Id: I4832a73444a6372c0ecede11fa437f14c90fc76a
Closes-Bug: #1488924
Since v3 is still unstable and has experimental status it's
better to disable it by default for security reasons. This
commit does it by setting 'enable_v3_api=False'.
Also all required documentation was added to related sections.
DocImpact
Change-Id: I412d0645d667400333532123008a24966aa23880
Setting sensible maximum size for Request ID. 64 should be enough for
normal use cases but limited enough from current 16384 to not flood
the logs by malicious requests.
DocImpact
SecurityImpact
Related-to-bug: #1482301
Change-Id: I52ebf810f4699826baa2bdf91d28e24d902cf950
This patch adds a new parameter rados_connect_timeout
and its description to the Configuring the RBD Storage Backend
sub-section in the Basic Configuration section.
Change-Id: Ib909519e46902a2f8888625951c6e761de15d48d
Depends-On: Ib44f74063d5a8332c6b5f3e15bcfa044c86bef9b
This commit updates the developer docs to reflect
the change in default digest algorithm to sha256
made by https://review.openstack.org/#/c/197372/
Closes-Bug: #1471938
Change-Id: I1b1044a506d7e3657ec360489fb236c6e5214688
Provide healthcheck middleware from oslo_middleware to be able to
disable given nodes from loadbalancer. It's achieved by adding a new
pipeline which depending on existing of the
/etc/glance/healthcheck_disable file can return one of the following
results:
- 200 OK (if file does not exist)
- 503 DISABLED BY FILE (if file exist)
The healthcheck is available under /healthcheck URL, and the whole
mechanism behave similar to the Swift healthcheck system.
implements bp: healthcheck-middleware
Co-Authored-By: Erno Kuvaja <jokke@usr.fi>
Co-Authored-By: Kamil Rykowski <kamil.rykowski@intel.com>
DocImpact
Change-Id: I45f6a8c59ec3040aaf06f8bab46d8001c44dac7a
Add a parameter to take advantage of the new(ish) eventlet socket timeout
behaviour. Allows closing idle client connections after a period of
time, eg:
$ time nc localhost 9292
real 1m0.063s
Setting 'client_socket_timeout = 0' means do not timeout.
DocImpact
Closes-bug: 1371022
Change-Id: I9e7edcbf25ece61dc16b8cd5a8bef5ed9a14e3d6
This commit adds strings that describe how to prevent situations
related to the issues with token expiration during big file upload.
DocImpact
Change-Id: Iddc78a8ce32b78aefe5b702d35b30c13935117bf
Co-Authored-By: Mike Fedosin <mfedosin@mirantis.com>
Was looking for something else and noticed that the documentation for
the swift_store_cacert option was merged into the middle of the doc
for the swift_store_ssl_compression option. This patch corrects that.
DocImpact
Change-Id: I86c7a9d045cb7784cb68020a13b7682b3ea8c94d
Update glance-control to send a SIGHUP rather than
perform a start/stop for the 'reload' operation.
This allows picking up new configuration values without
interrupting the service.
Closes-bug: 1436275
Change-Id: I5a653daa3e582b665c0a2c402cf2d7c9e47e1c38
Currently the documentation of glance-manage is missing the commands
to handle the glance metadata defnition. This patch provides details
on following commands:
db_load_metadefs
db_unload_metadefs
db_export_metadefs
Closes-Bug: #1414725
Change-Id: I90865831d38478f76e7379ca447ed99c17387710
Wikipedia's list of common misspellings [1] has a machine-readable
version. This patch fixes those misspellings mentioned in the list
which don't have multiple right variants (as e.g. "accension", which can
be both "accession" and "ascension"), such misspellings are left
untouched. The list of changes was manually re-checked for false
positives.
[1] https://en.wikipedia.org/wiki/Wikipedia:Lists_of_common_misspellings/For_machines
Change-Id: I6f549eb78998ead9b2f1a04e196e65b3f08f1be7
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
This patch provides the ability to 'deactivate' an image by
providing two new API calls and a new image status 'deactivated'.
Attempting to download a deactivated image will result in a
403 'Forbidden' return code. Also, image locations won't be visible
for deactivated images unless the user is admin.
All other image operations should remain unaffected.
The two new API calls are:
- POST /images/{image_id}/actions/deactivate
- POST /images/{image_id}/actions/reactivate
DocImpact
UpgradeImpact
Change-Id: I32b7cc7ce8404457a87c8c05041aa2a30152b930
Implements: bp deactivate-image
Previously, every call to policy.enforce passed an empty dictionary as
the target. This prevents operators from using tenant specific
restrictions in their policy.json files since the target will always be
an empty dictionary.
If you try to restrict some actions so an image owner (users with the
correct tenant id) can perform actions, the check categorically fails
because the target is okay is an empty dictionary. By passing the
ImageTarget instance wrapping an Image, we can properly grant access to
the image owner(s) based on tenant (e.g., owner:%(tenant)). Without this
fix, the only check that actually works in glance is a RoleCheck (e.g.,
role:admin).
Partial-bug: 1346648
Implements: blueprint pass-targets-to-policy-enforcer
Change-Id: Id914c478ca7c4dfde3f08028d8b70c623f26b6e9
Adds a basic architecture description section
to the Glance Developer guide.
Change-Id: I782490bb8757cd67d83057176f8e3eeffa007b84
Co-Authored-By: Mike Fedosin <mfedosin@mirantis.com>
Co-Authored-By: Olena Logvinova <ologvinova@mirantis.com>
Co-Authored-By: Alexander Adamov <aadamov@mirantis.com>
Metadefinition resources - namespaces, objects, properties, tags and
resource types - don't provide any notification events when certain
operations are performed on them. This patch includes following events
that will be triggered when necessary:
* metadef_namespace.create - namespace has been created
* metadef_namespace.update - namespace has been updated
* metadef_namespace.delete - namespace has been deleted
* metadef_namespace.delete_properties - all properties have been removed
from namespace
* metadef_namespace.delete_objects - all objects have been removed from
namespace
* metadef_namespace.delete_tags - all tags have been removed from
namespace
* metadef_object.create - object has been created
* metadef_object.update - object has been updated
* metadef_object.delete - object has been deleted
* metadef_property.create - property has been created
* metadef_property.update - property has been updated
* metadef_property.delete - property has been deleted
* metadef_tag.create - tag has been created
* metadef_tag.update - tag has been updated
* metadef_tag.delete - tag has been deleted
* metadef_resource_type.create - resource type has been added to
namespace
* metadef_resource_type.delete - resource type has been removed from
namespace
Additionally new configuration option has been added to allow for
disabling either individual or group of notifications.
DocImpact
UpgradeImpact
Depends-On: Iaa771ead0114e3941667b1e07ff32472d2f77afd
Change-Id: Ie1635793d80188f8f7a07aea91b9f0842900ffa6
Implements: blueprint metadefs-notifications
The patch adds the necessary configuration options defined in the
multiple datastore spec for VMware Store backend.
Approved Spec:
I16229da839ab7f147c36d5857e2269999e8215d7
Implementation:
I176f1143cd2d9b0a01a0f4f4256e7ac7d9b09afd
blueprint vmware-store-multiple-datastores
Depends-On: I4a52347cdbc238a3cb36a67d453591d0f8576a39
UpgradeImpact
DocImpact
Change-Id: Ic459b3b579d2b02e9abd9655ea2eb3e99fddcfcd
We added the eventlet executor waiting for taskflow to land and be ready
for us to consume it. Now that we have it, it's time to remove the
eventlet executor in favor of taskflow's parallel executors.
DocImpact
UpgradeImpact
Partially-implements blueprint: new-upload-workflow
Change-Id: I220a14b2a92949772d5322c9947c42e892cfdbfa
There are no boto imports in glance anymore since the s3 driver moved
out with glance_store, so remove the boto requirement from glance.
Also cleans up an old install reference for RPMs.
Change-Id: Iea294c4416630e441f8a183b32b2f1c9b7b88821
