8004 Commits

Author SHA1 Message Date
OpenStack Proposal Bot
48e6471e90 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Id3d8e8771e42215451b54b5e6372698283ebfdae
2024-09-02 03:51:10 +00:00
Takashi Kajinami
1f3e66fb4f Add metadef value for stateless firmware
Add the new hw_firmware_stateless image property, which is now used to
request launching instances with stateless firmware in nova.

Depends-on: https://review.opendev.org/c/openstack/nova/+/908890
Change-Id: I24868b89bc79eda5657a6e2a5e98fb8fa150b1f3
2024-08-30 02:17:59 +00:00
Pranali Deore
ca40d49f4d Add new wait logic for functional test of add location API
Some add location functional tests fail intermittently since
in current wait logic, wait call returns as soon as the image
reaches to expected status but hash calculation doens't get
completed sometimes within the provided time stamp.

Adding a separate wait method instead of modifying the existing
one, which will check checksum is set to image along with the
expected status.

Change-Id: Ie17dc6561e65fbf5d0b1669bd33cd30a53176d74
2024-08-29 06:05:05 +00:00
Zuul
f3bb1336b6 Merge "Add iso file format inspector" 29.0.0.0b3 2024-08-28 23:23:37 +00:00
Dan Smith
0be2737d66 Use format_inspector from oslo
This removes glance's in-tree format_inspector implementation and
makes it use the newly-released oslo_utils' one. We need very few
changes for this to work, but this is the summary:

- Oslo's safety_check() raises instead of returns false
- Oslo uses InspectWrapper which does in-flight detection, which we
  need to handle just a little differently.
- Oslo detects GPT-formatted disks as 'gpt' format, which we need to
  consider as 'raw' for compatibility reasons.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/927395
Change-Id: I7e32d5ae717224b504e06f7fccb854f68c713643
2024-08-28 07:03:54 -07:00
Pranali Deore
acb8ed5b3f Refresh Glance example configs for dalmatian m3
Change-Id: Ic839b415637128dbba0dc11bf0ffa51a692b7a28
2024-08-26 05:24:22 +00:00
Pranali Deore
f2cda8581b Release notes for Dalmatian Milestone 3
Change-Id: I5b43020531f8d98c61b8e66e22c2862f1ec4d7d9
2024-08-26 05:17:41 +00:00
Abhishek Kekane
d8de63a500 Add iso file format inspector
This change excludes image conversion if source image
format is ISO.

This change includes unit tests for the ISO
format inspector using mkisofs to generate
the iso files.

A test for stashing qcow content in the system_area
of an iso file is also included.

This change modifies format_inspector.detect_file_format
to evaluate all inspectors until they are complete and
raise an InvalidDiskInfo exception if multiple formats
match.

Related-Bug: #2059809
Change-Id: Id706480e31687d8ade6f7199b600aff3ad7c68f7
2024-08-19 14:13:49 +00:00
Ghanshyam Mann
273825d01d Remove default override for RBAC config options
RBAC config options enforce_scope and enforce_new_defaults
were disabled by default in oslo.policy and Glance had to override
the default value to enable those by default. Now oslo.policy
(4.4.0 onwards[1]) changed the default values[2] and enabled
by default for all the services. OpenStack service does not need
to override the default anymore.

As every job run with glance new defaults:
- Removing glance-tox-functional-py39-rbac-defaults
- Add new periodic job to test old defaults
  - tempest-integrated-storage-rbac-old-defaults

NOTE: There is no change in behaviour here, oslo.policy provides the
same configuration that Glance has overridden till now.

[1] https://review.opendev.org/c/openstack/releases/+/925032
[2] https://review.opendev.org/c/openstack/oslo.policy/+/924283

Depends-On: https://review.opendev.org/c/openstack/requirements/+/925464
Change-Id: Ib9a503783df6fb40058089319c7c8b7e9d89d3b8
2024-08-13 11:14:59 -07:00
Zuul
695fcb67c9 Merge "Revert image state to queued if conversion fails" 2024-08-02 18:19:23 +00:00
Zuul
b957e7a68c Merge "Deprecate the "metadata_encryption_key" option" 2024-08-01 17:42:46 +00:00
Abhishek Kekane
ea131dd144 Revert image state to queued if conversion fails
Made changes to revert image state to `queued` and deleting image data
from staging area if image conversion fails. If image is importing to
multiple stores at a time then resetting the image properties
`os_glance_importing_to_stores` and `os_glance_failed_imports` to
reflect the actual result of the operation.

Closes-Bug: 2072483
Change-Id: I373dde3a07332184c43d9605bad7a59c70241a71
2024-08-01 16:34:34 +00:00
Eric Harney
93ae58c61c Auto-detect qemu-img qed support for unit tests
This will let downstream distros with qemu-img versions
that don't support the qed format pass unit tests without
having to patch this test out.

Change-Id: I50907c90686366cab12be072b53c65b048b7c510
2024-08-01 07:14:32 -04:00
Zuul
7e75dc9e9a Merge "Make separate schema for new location API" 2024-08-01 04:19:44 +00:00
Zuul
536a34b5d7 Merge "Remove location_strategy functionality" 2024-07-31 18:50:00 +00:00
Pranali Deore
c5e29b6c80 Make separate schema for new location API
This will eliminate the regression of adding the schema validation
in existing schema which is defined for image create/update API.

Change-Id: Icd704f37a0a770b6cad63207276825d97c87eb5b
2024-07-31 09:27:20 +00:00
Abhishek Kekane
5d5f570f46 Remove location_strategy functionality
Removing deprecated location_strategy functionality which was used
to prioritize location order for downloading the image.

The weighing mechanism introduced in the Bobcat development cycle
now should be used by operators who would like to prioritize
certain stores over others.

Change-Id: I7b760d2b28a8b289a303a0a9c1d91a9de0c7138a
2024-07-26 07:14:19 +00:00
Pranali Deore
6f4d9c4346 Bump Images API version to 2.17
Related blueprint new-location-apis

Change-Id: I6e7bdc2d092c32c060d2f3c72fc83cecc73ee7f6
2024-07-26 06:34:52 +00:00
Pranali Deore
cedf499e86 Add api-ref and documentation for new location apis
Change-Id: Ia8501b19e95f8285a7a32d1087b8c5b7453adafc
2024-07-26 06:32:48 +00:00
Pranali Deore
5369a825ed Add new get location api
This change adds a new location api GET
/v2/images/{image_id}/locations to get the locations associated
to the image.
This operation will be allowed to service user only,
and validated by the new policy rule `fetch_image_location`.

Implements: blueprint new-location-apis
Change-Id: I9d14465a83e76c73e12cec3b96d42e568ab97072
2024-07-25 10:22:47 +00:00
Pranali Deore
b83f38cf25 Add functional tests for new add-location API
Related blueprint new-location-apis

Change-Id: If94d7d1fbec07a49222b65aa3e530748a95eaf5b
2024-07-25 10:22:17 +00:00
Pranali Deore
4281558dff Add new add location api
This change adds a new location api POST
/v2/images/{image_id}/locations to add the new location to
the image when in `queued` state only.
This operation will be service user & image owner only,
and validated by the new policy rule `add_image_location`.

Implements: blueprint new-location-apis

Change-Id: I238c21efd09de296e8928d8fa68bac4b41f81694
2024-07-25 10:11:36 +00:00
Pranali Deore
a0b7650c4b Add Location Import task flow
This change adds location_import task flow which includes
below tasks which are required for new add location api,
1. UpdateLocationTask
2. CalculateHash
3. VerifyValidationData
3. SetHashValues
4. SetImageToActiveTask

Related blueprint new-location-apis

Change-Id: Id5482582a29d947dcb74a506bf715cf6a2d05b3e
2024-07-25 10:06:27 +00:00
Rajat Dhasmana
ee7e96f06a Do not set_acls if store is not associated to glance node
In case of glance multiple stores (mostly for ceph) nova initiates
copy-image functionality if image, from which the sever is being
created, is not present in the referring ceph store. This can fail if
image location which is already present in image but not available for
that glance edge node. This scenario can only be reproducible
with EDGE deployment.

In order to fix this, if the store is defined on that glance node
then only call set_acls method, else ignore it.

Closes-Bug: #2073945
Change-Id: I0409982ae27b662e60dd2363ba2f7863d0722fea
2024-07-24 07:34:30 +00:00
OpenStack Proposal Bot
38a2828e8f Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Iac3eaade4a6aae48250dfa669c9cc3fb2e0a542d
2024-07-19 03:05:06 +00:00
Zuul
dfab4bc598 Merge "Revert "Fix import job to provide valid disk-formats list to tempest"" 2024-07-18 13:35:17 +00:00
Pranali Deore
57f0c93d25 Revert "Fix import job to provide valid disk-formats list to tempest"
This reverts commit 244ccb68dd9c1be8b8c6223c50998464a394b688.

Reason for revert: disk-format list not required to be passed to the import jobs after the tempest change [1].

[1]: https://review.opendev.org/c/openstack/tempest/+/924252

Change-Id: Id2548fad3e90144b47964b82bb4f702ad6407ae2
2024-07-18 09:07:53 +00:00
Zuul
146ec27167 Merge "zuul: Drop openstack-tox-functional-py38-fips job" 2024-07-18 08:21:51 +00:00
Zuul
a42114c5fd Merge "Fix /healthcheck url typo in glance-api-paste" 2024-07-12 07:32:22 +00:00
Zuul
f87f202bad Merge "Fix 500 if multi-tenant swift is used" 2024-07-11 22:55:27 +00:00
Sam Morrison
629ea06a50 Fix /healthcheck url typo in glance-api-paste
Change-Id: I3350fd45adbd5ba878ca588d28cb0057fc1465e9
2024-07-11 10:45:39 +00:00
Dr. Jens Harbott
726b186e34 zuul: Drop openstack-tox-functional-py38-fips job
The openstack-tox-functional-py38-fips job is based on centos-8-stream,
which is no longer working and will soon be dropped completely, so
remove the job.

Change-Id: Ie419f2cf9f685bba770b6b2c88571e41758cb212
2024-07-06 19:36:01 +02:00
Zuul
2e65391744 Merge "Add releasenote for CVE-2024-32498 fix" 29.0.0.0b2 2024-07-05 20:27:16 +00:00
fungi.admin
57c64d1510 Merge "Add safety check and detection support to FI tool" 2024-07-05 15:49:57 +00:00
Dan Smith
5f36dbb0c4 Add safety check and detection support to FI tool
This adds a safety check and detection mechanism to the
tools/test_format_inspector.py utility for verifying those features
outside of glance.

Change-Id: I447e7e51315472f8fa6013d4c4852f54c1e0c43d
2024-07-05 15:45:19 +00:00
Zuul
610a020592 Merge "Fix: optimized upload volume in Cinder store" 2024-07-05 08:07:56 +00:00
Zuul
d8ee31228d Merge "Revert "Make import jobs non-voting"" 2024-07-04 21:35:33 +00:00
Rajat Dhasmana
8318da1d5f Fix: optimized upload volume in Cinder store
When Glance is configured to use Cinder store and we upload
volume to Glance in the optimized path, it fails with
InvalidLocation error.
This happens because Cinder is not aware about the store
in which we will create the image and supplies the old
format URL i.e. cinder://<vol-id> whereas Glance expects
new location format i.e. cinder://<store-id>/<vol-id>.

Glance has code to update the format from old location format
to new location format but it isn't triggered in case of
old location APIs.

This patch adds the context to the update store ID request
which calls the Cinder store to provide the updated location,
hence fixing the optimized path for upload volume to image.

Closes-Bug: #2054575
Change-Id: Idd1cb8982b40b85a17821596f76dfa10207f6381
2024-07-04 17:39:28 +00:00
Abhishek Kekane
6459f761e6 Revert "Make import jobs non-voting"
This reverts commit b75f3e4a4278f71d5379d40858df49c8920ca53d.

Reason for revert: Since we have landed all important patches on master branch, we can now revert this change and make jobs voting.

Change-Id: I2f5fa707a2cb7f6ffb38a8b919f224897684c795
2024-07-04 14:24:32 +00:00
Pranali Deore
867d1dd8b6 Add releasenote for CVE-2024-32498 fix
Related-Bug: #2059809
Change-Id: I3259dd013ba5e3fefd0e172bf0e7cc502158c8db
2024-07-04 12:19:46 +00:00
Zuul
0d8e79b713 Merge "Add file format detection to format_inspector" 2024-07-04 09:46:24 +00:00
Zuul
62976197ac Merge "Add QED format detection to format_inspector" 2024-07-04 09:46:22 +00:00
Zuul
cc7d53adbe Merge "Reject unsafe qcow and vmdk files" 2024-07-04 09:46:19 +00:00
Zuul
68b155ec88 Merge "Add VMDK safety check" 2024-07-04 09:46:17 +00:00
Zuul
22f0c9c6f9 Merge "Extend format_inspector for QCOW safety" 2024-07-04 09:39:34 +00:00
Zuul
d607e78630 Merge "Reject qcow files with data-file attributes" 2024-07-04 09:21:18 +00:00
frickler.admin
3d916f7de4 Merge "Increase timeout for tempest-integrated-storage-import job" 2024-07-04 07:17:42 +00:00
Rajat Dhasmana
9df48a3071 Increase timeout for tempest-integrated-storage-import job
The tempest-integrated-storage-import has been timing out
frequently around 2 hour 5 minutes mark and similarly one
of the jobs inheriting from it,
tempest-integrated-storage-import-standalone, also times
out around the same time. The timeout issue has increased
recently as can be seen in the job build history[1].

We had a similar issue with the glance-multistore-cinder-import
job for which we increased the timeout to 3 hours[2] but the
job completes successfully on average 2 hour 10 minutes
and has been completing in that time for more than 8 months
since the change to increase timout landed.

The underlying cause could be due to a lot of reasons:
1. Lower concurrency (3) as compared to parent job (6)
2. More number of tests being added to tempest
3. Slow Devstack installation
4. Slow tempest test execution
5. memory consumption of OpenStack services
increased making environment slow
6. no significant improvement in the hardware
specifications on which we run the job

This patch generalizes the timeout to the tempest-integrated-storage-import
job so all of it's child jobs also don't face similar timeouts.

Also we are updating timeout for tempest-integrated-storage-enforce-scope-new-defaults
job as we see similar time out issues in that job.

[1] https://zuul.opendev.org/t/openstack/builds?job_name=tempest-integrated-storage-import&skip=0
[2] 64e6da6fe1

Change-Id: I7165bb8c588659362b7b36394111c41772ac802d
2024-07-04 00:27:41 +05:30
Abhishek Kekane
b75f3e4a42 Make import jobs non-voting
Revert this once tempest fix is merged.

Change-Id: I93e8e71a20a858a3239d8c8ad99bd4b1d9da7fcf
2024-07-03 17:41:44 +00:00
Dan Smith
22d59d93b9 Add file format detection to format_inspector
Change-Id: If0a4251465507be035ffaf9d855299611637cfa9
2024-07-03 05:48:58 +00:00