The oslo.reports library provides some options under the [oslo_reports]
section. This change ensures these parameters are rendered by
the oslo-config-generator command.
Closes-Bug: #1940733
Change-Id: Icdfa374640e8962198790c30f4d0e0ec03b2f2cd
Currently Glance relies on the castellan library for encryption, but
the option for the library have been missing from glance-api.conf .
This change ensures options from the castellan library are rendered
into glance-api.conf by the oslo-config-generator command.
Closes-Bug: #1940090
Change-Id: I5b9459dfc3060ea40272d13f21ae87ff4ade64c5
The healthcheck middleware was added to the api pipelines a long ago[1]
but parameters of the middleware are missing from the example
glance-api.conf file.
This change adds the oslo.config.opts endpoint so that the parameters
of the middleware are rendered by the oslo-config-generator command.
[1] 562cb0429f9e2657dbcf108c534ef6c4779eb177
Closes-Bug: #1939944
Change-Id: Ibf6839b3cf202b2a1b253c4687d08f072349513e
The etc/glance-api-paste.ini had still couple of pipelines left
behind from registry and osprofile options deprecated in 2015.
This change clears those and removes the reference note from
configuring doc.
Change-Id: Idb78cd2935a9ea5a1b1bc3ee6153311190422ca5
The XenAPI driver is dead. Let's hold the tissues and clear out
references from the documentation instead.
Change-Id: I6ec331cf7d2d1ded924893f707ed963027939754
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This patch removes majority of the registry and it's related
endpoints and config options that has been deprecated for
removal in various releases.
Change-Id: I75014bd50bf382efebe56bd89c20ffefbdde25f5
Including removal of the example conf in docs.
Including glance-registry command entrypoint to eventlet.
Including rpc_controller from wsgi, changed to reject.
Not including the files devstack is depending on.
This change means that glance-registry starts and announces
that it has been removed.
This change means that when ran as wsgi app, all calls to
/rpc endpoint will be rejected.
This will allow devstack to make a graceful transition to
life without the glance registry, which was deprecated in
Newton release.
Change-Id: I7bf3284cba4c38605fb50b3c458e53f896f34086
Add the missing hw_vif_multiqueue_enabled property and its descriptions
in doc/source/admin/useful-image-properties.rst to:
- etc/metadefs/compute-libvirt-image.json
- etc/metadefs/compute-vmware.json
Co-authored-by: Brian Rosmaita <rosmaita.fossdev@gmail.com>
Change-Id: I3b5ffc25a8d3fb5d55aa1ef93b20c5f8aefe93e8
Closes-bug: #1843576
Add missing properties, as of Train, defined in etc/schema-image.json
for OS::Glance::CommonImageProperties defined in
etc/metadefs/glance-common-image-props.json
Change-Id: I3e6d2ab88cca41bbf66dbced8b576637f13b9f57
Closes-bug: #1856581
This reverts commit 2a28696de9e18a3866631507739944ceb3460872.
Devstack still references a number of these files; revert until
devstack incorporates removal.
Change-Id: I1e90ceee1f87291668e447f180f37bb809763836
Supplying a policy.json file is no longer necessary.
Change-Id: I33b84c4d68e8077271447bcbdea4b7052eb01204
Depends-On: https://review.opendev.org/694386
Instead of a default policy.json file, policy defaults are now defined
in code. An operator need not supply policy.json data except to the
extent they want to override the defaults. Currently an empty
policy.json is still shipped because it is expected by devstack, but
this can be removed later. A sample policy.yaml file can be generated
using the genpolicy tox environment.
This partly fulfils the requirements of the policy in code goal[1].
However, because policies don't map 1:1 with APIs, it will not be
possible to fully document the policies until changes are made in how
policies are applied as proposed in https://review.opendev.org/528021
Due to the fact that existing policy files may rely on a rule named
"default" to specifiy policies not explicitly listed in the policy.json
file, all policies that are not admin-only by default now default to
"rule:default", so that the "default" rule will continue to apply to
those policies that are not listed in policy.json.
To ensure that this yields the expected policy in a standard
policy-in-code config file, the default value of the "default" rule is
now the empty string "". This is a change; between the Queens release
and now the default was set to "role:admin" to match the value specified
in the default policy.json file. An installation relying on both the
"default" rule for some policies and the default value of the default
rule may end up with a more permissive policy after upgrading. It's
likely that no such policies exist in the wild, because prior to the
Queens release the default value for the "default" rule was "@" (allow
all requests), so anybody relying on this rule will surely have
specified it explicitly in their policy.json.
Policies whose default is "role:admin" no longer use the "default" rule.
Therefore existing policy.json files that rely on the "default" rule for
those policies, and who have specified a value for the "default" rule
that is more permissive, will result in a more restrictive policy after
upgrading. It is unlikely that any of these policies exist in the wild
either.
[1] https://governance.openstack.org/tc/goals/selected/queens/policy-in-code.html
Change-Id: I8d1ccf5844078cc0b1652fb1130794daf07cedbc
Replace seconds with milliseconds
in the description of hw_rng:rate_period[1].
[1]https://libvirt.org/formatdomain.html#elementsRng
Change-Id: I53848359704d68dd84c5be8106f4e259937b8092
Related-Bug:#1843542
This patch introduced double registering of the same
config option groups which fails glance-api start
if reserved stores are actually defined.
The code utilizing these config options has not been
merged which prevented testing to catch this.
Closes-Bug: #1844108
This reverts commit 4265e61bc84ce9bd085a95d8734647f4875af740.
Change-Id: Iaf338d29673e68a15d37fdda81add552e4175634
The nova TrustedFilter scheduler filter was removed in the Queens
release [1] so the compute trust metadef is now just noise so we
should remove it.
[1] https://review.opendev.org/506864/
Change-Id: I71825cd5317d458fa30287b78cd1030cbc457dbd
This change contains minor version bump to Images API to
indicate latest changes to the API.
Also has config file sync for for M3 release.
These two are combined for saving some gating time due to
busy infra at Train milestone 3 deadline.
Change-Id: I13133c32734751d43cc3afed9b68d015cebd5b6b
The AMD SEV support recently introduced to nova[0] depends on certain
metadata properties for flavors and images which were either missing
or only partially covered by existing glance metadata, so fill the
missing gaps:
- Add the hw:mem_encryption flavor extra spec and corresponding
hw_mem_encryption image property.
- hw_firmware_type has been supported by nova for quite a while,
so register it as an official metadata property.
- Add hw_cdrom_bus which was missing as per
https://bugs.launchpad.net/glance/+bug/1808868. This shares
values with hw_disk_bus, so document that too.
[0] https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization
Closes-Bug: 1808868
Change-Id: I8116565ad0326d0125b320d840d787edcb086aa9
We add two extra properties for images:
- cinder_encryption_key_id, which stores the encryption key id;
- cinder_encryption_key_deletion_policy, which states whether the secret
key should be deleted on image deletion.
This feature uses the Castellan key manager, and will therefore work
with all its supported backends.
Implements: blueprint barbican-secret-deletion-support
DocImpact
Change-Id: Iacd0b3785ad4cdd06961e6d11967775806e009ff
- This change adds the newly supported libvirt
video models, virtio, gop and none.
- This change updates the train metadefs changes
release note.
Change-Id: I440a038b53825b5f92fc977566edcf3cabfba673