The etc/glance-api-paste.ini had still couple of pipelines left
behind from registry and osprofile options deprecated in 2015.
This change clears those and removes the reference note from
configuring doc.
Change-Id: Idb78cd2935a9ea5a1b1bc3ee6153311190422ca5
The HTTP_X_FORWARDED_PROTO handling fails to handle the case of
redirecting the /v1 request to /v1/ because it is handled purely by
routes and does not enter the glance wsgi code. This means a https
request is redirect to http and fails.
oslo.middleware has middleware for handling the X-Forwarded-Proto header
in a standard way so that services don't have to and so we should use
that instead of our own mechanism.
Leaving the existing header handling around until removal should not be
a problem as the worst that will happen is it overwrites an existing
'https' header value set by the middleware.
Closes-Bug: #1558683
Closes-Bug: #1590608
Change-Id: I481d88020b6e8420ce4b9072dd30ec82fe3fb4f7
The default values needed for glance's implementation of cors
middleware have been moved from paste.ini into the configuration
hooks provided by oslo.config. Furthermore, these values have been
added to glance's default configuration parsing. This ensures
that if a value remains unset in glance-api.conf, it will be set to use
sane defaults, and that an operator modifying the configuration
file will be presented with a default set of necessary sane headers.
Change-Id: I3c9d267b6224d6c7e5cc2c41cb51fb7e363c4955
Closes-Bug: 1551836
EXPERIMENTAL Glance v3 API has been removed in favor of standalone API
(EXPERIMENTAL Artifacts API of v0.1).
This patch introduces a new process entry point to run on a different
port (9494 by default), with its own configuration file and a paste
config.
A controller stub for old /v3 api remains in the glnace.api package for
the compatibility with existing paste configuration which may reference
it. This stub returns a 301 redirects to glare endpoint if it is present
or 410 errors otherwise.
To reuse the existing version_negotiation middleware some refactoring
has been made.
Implements blueprint: move-v3-to-glare
Change-Id: I5b7bd4cdcc5f2a40fc4a5f74bcc422fd700c4fb0
Starting with opsrofiler 0.3.1 release there is no need to set HMAC_KEYS
and ENABLED arguments in the glance-api-paste.ini and
glance-registry-paste.ini files, this can be set in glance-api.conf and
glance-registry.conf configuration files.
DocImpact
Change-Id: I068504913c93be0f506262930eadc2e40879ce0f
This adds the CORS support middleware to Glance, allowing a deployer
to optionally configure rules under which a javascript client may
break the single-origin policy and access the API directly.
For Glance, the paste.ini method of deploying the middleware was
chosen, because it needs to be able to annotate responses created
by keystonemiddleware. If the middleware were explicitly included
as in the previous patch, keystone would reject the request before
the cross-domain headers could be annotated, resulting in an
error response that was unreadable by the user agent.
A special consideration has been made to accomodate Glance's
nonstandard configuration files, by using 'glance-api' as the
value of oslo_config_project in paste.ini. This is to trigger
automatic oslo configuration loading for paste-loaded middleware,
in order to ensure that it finds glance-api.conf rather than
glance.conf.
DocImpact: Add link to CORS configuration in Admin Guide
OpenStack CrossProject Spec:
http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html
Oslo_Middleware Docs:
http://docs.openstack.org/developer/oslo.middleware/cors.html
OpenStack Cloud Admin Guide:
http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html
Change-Id: Icf5fb91a0b9e6736e70314c72c1c99c5f170ba53
Provide healthcheck middleware from oslo_middleware to be able to
disable given nodes from loadbalancer. It's achieved by adding a new
pipeline which depending on existing of the
/etc/glance/healthcheck_disable file can return one of the following
results:
- 200 OK (if file does not exist)
- 503 DISABLED BY FILE (if file exist)
The healthcheck is available under /healthcheck URL, and the whole
mechanism behave similar to the Swift healthcheck system.
implements bp: healthcheck-middleware
Co-Authored-By: Erno Kuvaja <jokke@usr.fi>
Co-Authored-By: Kamil Rykowski <kamil.rykowski@intel.com>
DocImpact
Change-Id: I45f6a8c59ec3040aaf06f8bab46d8001c44dac7a
Adds REST API layer for Artifact Repository, binds all other changes
together.
Artifact Repository is run as a part of Glance api.
Requests are routed to /v3/artifacts endpoint on the api port.
API version in version selector is marked as experimental.
Registers artifacts service and a sample Artifact Type in Glance entry
points config.
Implements-blueprint: artifact-repository
FastTrack
Co-Authored-By: Inessa Vasilevskaya <ivasilevskaya@mirantis.com>
Co-Authored-By: Mike Fedosin <mfedosin@mirantis.com>
Co-Authored-By: Alexander Tivelkov <ativelkov@mirantis.com>
Change-Id: Ib6a0d2482208a37aa343a747dfe5f63f9080dd04
Put osprofiler middleware as a almost first middleware.
This allows us to:
1) Get more preciese duration. We are measuring duration of all middlewares.
2) authenticate middleware is requesting keystone, so if we init osprofiler
before this middleware, we will get trace infomration from keystone as well.
Change-Id: I11c5d21e6e6b0bd514dee295da410b208d7c798c
*) Add osprofiler wsgi middleware
This middleware is used for 2 things:
1) It checks that person who want to trace is trusted and knows
secret HMAC key.
2) It start tracing in case of proper trace headers
and add first wsgi trace point, with info about HTTP request
*) Add initialization of osprofiler at start of serivce
Set's olso.messaging notifer instance (to send notifications to
Ceilometer)
*) Add tracing support for sqlalchemy
*) Add profiler CONF group that has to options:
1) Enable or disable profiler
2) Enable or disable sqlalchemy tracing
(the reason why we put this in Conf options, is that usually
db requests create a lot of trace info)
*) Glance-registry wasn't setted properly to send notifications.
To test it you need 2 things:
1) Enable ceilometer in devstack:
http://paste.openstack.org/show/85724/
2) Initialize osprofiler and send out API request. You can use
one of follow approaches:
a. Run this script (pls provide proper credentials)
http://paste.openstack.org/show/85722/
b. Use the function https://review.openstack.org/#/c/111184/
added from glanceclient CLI directly.
DocImpact
Change-Id: I45a19f5eb5304c2b78a9e12cbc0744941a807304
Co-author: Zhi Yan Liu <zhiyanl@cn.ibm.com>#
The auth_token middleware in python-keystoneclient is now
deprecated and has been moved to keystonemiddleware.
Closes-Bug: #1342274
Change-Id: Ic8ba2d2f470ec052ba13c3b63b26d5e2270f7412
Currently Glance ignores the Accept-Encoding header and returns
responses as they are regardless the client accepts gzip or other type
of compression.
This patch adds this capability to glance (by using a middleware)
supporting just gzip for now.
Important note:
- The patch uses a lazy compression for Content-Type
application/octet-stream but in order to do that, the
content-length has to be unset which means that when an image is
downloaded the content-length will be unknown to the client.
Fixes bug: 1150380
Change-Id: Ieb65837d4e3fe310f97d9666882ecc572b14956a
auth_token middleware has been moved from keystone to python-keystoneclient,
so add python-keystoneclient dependency.
Change-Id: Ic4122d575b26277f68a4336c27f12a67fbdbbd20
Uses config options enable_v1_api and enable_v2_api
to control which APIs have been deployed.
(Thanks markwash for all the help)
Fixes bug 1043497
Change-Id: I42dc1d88f94e61b9550c5f114ffc1abad25be7ff
* Reduce comments in paste files to just what is necessary
* Add a 'cachemanage' pipeline to complete our set of paste
deploy flavors in glance-api-paste.ini
* Add a sample [paste_deploy] section to both glance-api and
glance-registry configs
Related to bp glance-folsom-docs-cleanup.
Change-Id: I0208b12f6861b48e52260b25802c47ebf6316b9a
Since we can now configure Keystone's auth_token middleware using
our own config files, we should ship our example config to show
how this is done. This moves the auth_* variables out of
glance-api-paste.ini and glance-registry-paste.ini into
glance-api.conf and glance-registry.conf.
Fixes bug 1043490
Change-Id: Ibdaf8b2ef0f55e5e892fbd1b994dceb323f07c7b
* Move RequestContext class to glance.context
* Move context middlewares to glance.api.middleware
* Update tests to reflect move
* Update paste configs
Related to bp glance-request-tracking
Change-Id: I289b546ec28c973a3022be779ce378ae2febb340
Implements blueprint cfg-global-object
In glance.common.wsgi we have a paste_deploy_app() API which allows
a ConfigOpts instance to be passed the the applications and filters
constructed by PasteDeploy.
Now that we're using a global object, we don't need this anymore
Change-Id: I222d3c58308bc2f504cd802c0c8405d3baa2e49a
Updates the noauth version of the caching pipeline to use
unauthenticated-context.
Fixes LP Bug #995323.
Change-Id: Id83be95f582a4a6ebe47dbeddc8101a51988e05e
Use UnauthenticatedContextMiddleware in the case that you want to deploy
without an auth service. ContextMiddleware is now solely for authenticated
requests.
* Rewrite ownership tests for adding/updating images through the v1 API
* Fixes bug 992859
Change-Id: I608671aac8300c9195769542708708afda991e04
* remove auth_uri - do not need when set auth_port, auth_host, auth_protocol
* remove servce_* variables - not needed in new keystone
* update associated documentation
Change-Id: I9bf7d53f7d62371848645a242ae63f77b42319db
Removes section of glance-api-paste.ini that refers to
an improper cachemanagement middleware without keystone
Change-Id: I86a1a84aac16a8345b06ce83562f4508b49dac10
Update the keystone section of api-paste.ini with example settings
for the keystone service tenant.
Remove the admin_token example lines.
Change-Id: I6169ae727a07e75879b5e2e5c4099c9688c726c6
Define multiple pipelines in glace-api.conf to reflect the
various supported deployment flavors (minimal, with caching,
with cache management, with keystone-based auth etc.).
Add an optional paste_deploy.flavor config variable to allow the
user select the appropriate pipeline without having to edit the
paste config (i.e. uncommenting lines as before). For example
in glance-api.conf, a setting of:
[paste_deploy]
flavor = keystone+caching
identifies the following pipeline in glace-api-paste.ini:
[pipeline:glance-api-keystone+caching]
pipeline = versionnegotiation authtoken auth-context cache apiv1app
the advantage being that the user need not be concerned with
the precise sequence of filters required to realize the QoS
they desire.
Modify the functional tests that patch configuration (i.e. the
keystone and caching tests) to use the new deployment_flavor
mechanism.
Extend the TestConfigOpts to support option groups.
Change-Id: Ide843ada11bce115b7dc650440397853c6409b03