32 Commits

Author SHA1 Message Date
Erno Kuvaja
04541ae72b Clean out deprecations from paste.ini
The etc/glance-api-paste.ini had still couple of pipelines left
behind from registry and osprofile options deprecated in 2015.

This change clears those and removes the reference note from
configuring doc.

Change-Id: Idb78cd2935a9ea5a1b1bc3ee6153311190422ca5
2021-07-29 12:50:36 +01:00
Erno Kuvaja
3068096199 Cleanup remove api v1 and registry code
Change-Id: I86a3cbf4374bc2b083ccd86f75b88490b305eaab
2020-07-14 10:38:19 +00:00
Jamie Lennox
b0d0b1d0ba Use http-proxy-to-wsgi middleware from oslo.middleware
The HTTP_X_FORWARDED_PROTO handling fails to handle the case of
redirecting the /v1 request to /v1/ because it is handled purely by
routes and does not enter the glance wsgi code. This means a https
request is redirect to http and fails.

oslo.middleware has middleware for handling the X-Forwarded-Proto header
in a standard way so that services don't have to and so we should use
that instead of our own mechanism.

Leaving the existing header handling around until removal should not be
a problem as the worst that will happen is it overwrites an existing
'https' header value set by the middleware.

Closes-Bug: #1558683
Closes-Bug: #1590608
Change-Id: I481d88020b6e8420ce4b9072dd30ec82fe3fb4f7
2016-06-09 09:52:04 +10:00
Michael Krotscheck
7a93458baa Moved CORS middleware configuration into oslo-config-generator
The default values needed for glance's implementation of cors
middleware have been moved from paste.ini into the configuration
hooks provided by oslo.config. Furthermore, these values have been
added to glance's default configuration parsing. This ensures
that if a value remains unset in glance-api.conf, it will be set to use
sane defaults, and that an operator modifying the configuration
file will be presented with a default set of necessary sane headers.

Change-Id: I3c9d267b6224d6c7e5cc2c41cb51fb7e363c4955
Closes-Bug: 1551836
2016-03-02 07:48:05 -08:00
Alexander Tivelkov
b974a63660 Move Glance Artifact Repository API to separate endpoint
EXPERIMENTAL Glance v3 API has been removed in favor of standalone API
(EXPERIMENTAL Artifacts API of v0.1).
This patch introduces a new process entry point to run on a different
port (9494 by default), with its own configuration file and a paste
config.

A controller stub for old /v3 api remains in the glnace.api package for
the compatibility with existing paste configuration which may reference
it. This stub returns a 301 redirects to glare endpoint if it is present
or 410 errors otherwise.

To reuse  the existing version_negotiation middleware some refactoring
has been made.

Implements blueprint: move-v3-to-glare

Change-Id: I5b7bd4cdcc5f2a40fc4a5f74bcc422fd700c4fb0
2016-02-10 18:34:55 +03:00
Dina Belova
3bdb51e947 Do not use api-paste.ini osprofiler options
Starting with opsrofiler 0.3.1 release there is no need to set HMAC_KEYS
and ENABLED arguments in the glance-api-paste.ini and
glance-registry-paste.ini files, this can be set in glance-api.conf and
glance-registry.conf configuration files.

DocImpact
Change-Id: I068504913c93be0f506262930eadc2e40879ce0f
2016-01-11 17:55:10 +03:00
Michael Krotscheck
761751064b Added CORS support to Glance
This adds the CORS support middleware to Glance, allowing a deployer
to optionally configure rules under which a javascript client may
break the single-origin policy and access the API directly.

For Glance, the paste.ini method of deploying the middleware was
chosen, because it needs to be able to annotate responses created
by keystonemiddleware. If the middleware were explicitly included
as in the previous patch, keystone would reject the request before
the cross-domain headers could be annotated, resulting in an
error response that was unreadable by the user agent.

A special consideration has been made to accomodate Glance's
nonstandard configuration files, by using 'glance-api' as the
value of oslo_config_project in paste.ini. This is to trigger
automatic oslo configuration loading for paste-loaded middleware,
in order to ensure that it finds glance-api.conf rather than
glance.conf.

DocImpact: Add link to CORS configuration in Admin Guide
OpenStack CrossProject Spec:
   http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html
Oslo_Middleware Docs:
   http://docs.openstack.org/developer/oslo.middleware/cors.html
OpenStack Cloud Admin Guide:
   http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html

Change-Id: Icf5fb91a0b9e6736e70314c72c1c99c5f170ba53
2015-12-04 08:41:20 -08:00
Erno Kuvaja
562cb0429f Healthcheck Middleware
Provide healthcheck middleware from oslo_middleware to be able to
disable given nodes from loadbalancer. It's achieved by adding a new
pipeline which depending on existing of the
/etc/glance/healthcheck_disable file can return one of the following
results:

- 200 OK (if file does not exist)
- 503 DISABLED BY FILE (if file exist)

The healthcheck is available under /healthcheck URL, and the whole
mechanism behave similar to the Swift healthcheck system.

implements bp: healthcheck-middleware

Co-Authored-By: Erno Kuvaja <jokke@usr.fi>
Co-Authored-By: Kamil Rykowski <kamil.rykowski@intel.com>

DocImpact

Change-Id: I45f6a8c59ec3040aaf06f8bab46d8001c44dac7a
2015-07-07 11:55:21 +02:00
Mike Fedosin
3cdd5bba7c REST API layer for Artifact Repository
Adds REST API layer for Artifact Repository, binds all other changes
together.

Artifact Repository is run as a part of Glance api.
Requests are routed to /v3/artifacts endpoint on the api port.
API version in version selector is marked as experimental.

Registers artifacts service and a sample Artifact Type in Glance entry
points config.

Implements-blueprint: artifact-repository

FastTrack

Co-Authored-By: Inessa Vasilevskaya <ivasilevskaya@mirantis.com>
Co-Authored-By: Mike Fedosin <mfedosin@mirantis.com>
Co-Authored-By: Alexander Tivelkov <ativelkov@mirantis.com>

Change-Id: Ib6a0d2482208a37aa343a747dfe5f63f9080dd04
2015-06-10 18:49:21 +03:00
Boris Pavlovic
725ce9dfa3 Improve Glance profiling
Put osprofiler middleware as a almost first middleware.
This allows us to:
1) Get more preciese duration. We are measuring duration of all middlewares.
2) authenticate middleware is requesting keystone, so if we init osprofiler
   before this middleware, we will get trace infomration from keystone as well.

Change-Id: I11c5d21e6e6b0bd514dee295da410b208d7c798c
2014-08-24 03:58:03 +04:00
Boris Pavlovic
94b670c199 Integrate OSprofiler and Glance
*) Add osprofiler wsgi middleware
This middleware is used for 2 things:
1) It checks that person who want to trace is trusted and knows
secret HMAC key.
2) It start tracing in case of proper trace headers
and add first wsgi trace point, with info about HTTP request

*) Add initialization of osprofiler at start of serivce
Set's olso.messaging notifer instance (to send notifications to
Ceilometer)

*) Add tracing support for sqlalchemy

*) Add profiler CONF group that has to options:
1) Enable or disable profiler
2) Enable or disable sqlalchemy tracing
(the reason why we put this in Conf options, is that usually
db requests create a lot of trace info)

*) Glance-registry wasn't setted properly to send notifications.

To test it you need 2 things:
1) Enable ceilometer in devstack:
http://paste.openstack.org/show/85724/
2) Initialize osprofiler and send out API request. You can use
one of follow approaches:
a. Run this script (pls provide proper credentials)
http://paste.openstack.org/show/85722/
b. Use the function https://review.openstack.org/#/c/111184/
added from glanceclient CLI directly.

DocImpact

Change-Id: I45a19f5eb5304c2b78a9e12cbc0744941a807304
Co-author: Zhi Yan Liu <zhiyanl@cn.ibm.com>#
2014-08-07 21:05:16 +08:00
Brant Knudson
adeca09124 Use auth_token from keystonemiddleware
The auth_token middleware in python-keystoneclient is now
deprecated and has been moved to keystonemiddleware.

Closes-Bug: #1342274

Change-Id: Ic8ba2d2f470ec052ba13c3b63b26d5e2270f7412
2014-07-15 18:36:14 +00:00
iccha.sethi
4b71309280 Include pipeline option for using identity headers
There have been patches in nova, glance client and glance
registry to give the user the option of not reauthenticating
in glance. Below are the related reviews. This patch
provides pipeline options the users will want to use for the same.

Nova: https://review.openstack.org/#/c/37070/
Glanceclient: https://review.openstack.org/#/c/37062/
Glance Registry: https://review.openstack.org/#/c/36563/

Change-Id: I904f8bafb7e5abceac5723ed8504c672a00c5ec7
2013-07-29 20:25:19 +00:00
Flaper Fesp
0a4f4aff6c Compress response's content according to client's accepted encoding
Currently Glance ignores the Accept-Encoding header and returns
responses as they are regardless the client accepts gzip or other type
of compression.

This patch adds this capability to glance (by using a middleware)
supporting just gzip for now.

Important note:
    - The patch uses a lazy compression for Content-Type
    application/octet-stream but in order to do that, the
    content-length has to be unset which means that when an image is
    downloaded the content-length will be unknown to the client.

Fixes bug: 1150380

Change-Id: Ieb65837d4e3fe310f97d9666882ecc572b14956a
2013-04-30 19:31:57 +02:00
Yaguang Tang
a3a87e49f2 Use auth_token middleware from python-keystoneclient.
auth_token middleware has been moved from keystone to python-keystoneclient,
so add python-keystoneclient dependency.

Change-Id: Ic4122d575b26277f68a4336c27f12a67fbdbbd20
2012-11-28 10:30:50 +08:00
isethi
39700637e3 Makes deployed APIs configurable
Uses config options enable_v1_api and enable_v2_api
to control which APIs have been deployed.
(Thanks markwash for all the help)

Fixes bug 1043497

Change-Id: I42dc1d88f94e61b9550c5f114ffc1abad25be7ff
2012-09-05 21:01:25 +00:00
Brian Waldon
9736d299a4 Clean up comments in paste files
* Reduce comments in paste files to just what is necessary
* Add a 'cachemanage' pipeline to complete our set of paste
  deploy flavors in glance-api-paste.ini
* Add a sample [paste_deploy] section to both glance-api and
  glance-registry configs

Related to bp glance-folsom-docs-cleanup.

Change-Id: I0208b12f6861b48e52260b25802c47ebf6316b9a
2012-09-03 12:51:56 -07:00
Brian Waldon
b7197041fe Move authtoken config out of paste
Since we can now configure Keystone's auth_token middleware using
our own config files, we should ship our example config to show
how this is done. This moves the auth_* variables out of
glance-api-paste.ini and glance-registry-paste.ini into
glance-api.conf and glance-registry.conf.

Fixes bug 1043490

Change-Id: Ibdaf8b2ef0f55e5e892fbd1b994dceb323f07c7b
2012-08-29 12:24:52 -07:00
Brian Waldon
2e9a467dc8 Set proper auth middleware option for anon. access
Fixes bug 1037793

Change-Id: I89c05b5004f6a93608c0e23302f04b95b9018c29
2012-08-16 17:07:43 -04:00
Brian Waldon
ce899351da Reorganize context module
* Move RequestContext class to glance.context
* Move context middlewares to glance.api.middleware
* Update tests to reflect move
* Update paste configs

Related to bp glance-request-tracking

Change-Id: I289b546ec28c973a3022be779ce378ae2febb340
2012-07-10 08:31:50 -07:00
Mark McLoughlin
d33ce445d3 Remove the conf passing PasteDeploy factories
Implements blueprint cfg-global-object

In glance.common.wsgi we have a paste_deploy_app() API which allows
a ConfigOpts instance to be passed the the applications and filters
constructed by PasteDeploy.

Now that we're using a global object, we don't need this anymore

Change-Id: I222d3c58308bc2f504cd802c0c8405d3baa2e49a
2012-06-08 17:36:26 +01:00
Brian Waldon
1533e6d8b8 Fix paste to correctly deploy v2 API
Corrects a typo where 'apiv1app' should be 'apiv2app'

Change-Id: I4ef29f7539a572ed65422fd548e9718e86161b5f
2012-05-22 13:23:44 -07:00
Dan Prince
06821eaff2 Update noauth caching pipeline to use unauth-ctx.
Updates the noauth version of the caching pipeline to use
unauthenticated-context.

Fixes LP Bug #995323.

Change-Id: Id83be95f582a4a6ebe47dbeddc8101a51988e05e
2012-05-05 22:09:19 -04:00
Brian Waldon
59aa1ef2a7 Add /v2 to sample glance-api-paste.ini
* Related to bp api-2

Change-Id: I147624128bea7e0ca84c1673857b227f0590ec78
2012-05-03 17:52:25 -07:00
Brian Waldon
eb4aaa97bd Split noauth context middleware into new class
Use UnauthenticatedContextMiddleware in the case that you want to deploy
without an auth service. ContextMiddleware is now solely for authenticated
requests.

* Rewrite ownership tests for adding/updating images through the v1 API
* Fixes bug 992859

Change-Id: I608671aac8300c9195769542708708afda991e04
2012-05-03 09:00:07 -07:00
Joe Gordon
f0a0c4a000 Cleanup authtoken examples
* remove auth_uri - do not need when set auth_port, auth_host, auth_protocol
* remove servce_*  variables - not needed in new keystone
* update associated documentation

Change-Id: I9bf7d53f7d62371848645a242ae63f77b42319db
2012-05-01 15:38:07 -07:00
Jay Pipes
c449d76ff2 Fixes LP #978119 - cachemanagement w/o keystone
Removes section of glance-api-paste.ini that refers to
an improper cachemanagement middleware without keystone

Change-Id: I86a1a84aac16a8345b06ce83562f4508b49dac10
2012-04-24 13:06:44 -04:00
Brian Waldon
35ed310555 Reorganize pipelines for multiple api versions
* Partially implements bp api-2

Change-Id: Ie942c54e0ba294da661de870a95d685a9b8966de
2012-04-05 08:52:12 -07:00
Brian Waldon
5bd453b14e Remove keystone.middleware.glance_auth_token
* The use of this middleware is no longer necessary
* Fixes bug 957501

Change-Id: I2536babe6b34aa0cb6aca2b3e768ac85800f93e7
2012-03-16 15:53:23 -07:00
Dan Prince
2773170d73 Update paste file to use service tenant.
Update the keystone section of api-paste.ini with example settings
for the keystone service tenant.

Remove the admin_token example lines.

Change-Id: I6169ae727a07e75879b5e2e5c4099c9688c726c6
2012-03-07 18:17:34 -05:00
Eoghan Glynn
5835b30cc2 Avoid the need for users to manually edit PasteDeploy config in order to switch pipelines.
Define multiple pipelines in glace-api.conf to reflect the
various supported deployment flavors (minimal, with caching,
with cache management, with keystone-based auth etc.).

Add an optional paste_deploy.flavor config variable to allow the
user select the appropriate pipeline without having to edit the
paste config (i.e. uncommenting lines as before). For example
in glance-api.conf, a setting of:

  [paste_deploy]
  flavor = keystone+caching

identifies the following pipeline in glace-api-paste.ini:

  [pipeline:glance-api-keystone+caching]
  pipeline = versionnegotiation authtoken auth-context cache apiv1app

the advantage being that the user need not be concerned with
the precise sequence of filters required to realize the QoS
they desire.

Modify the functional tests that patch configuration (i.e. the
keystone and caching tests) to use the new deployment_flavor
mechanism.

Extend the TestConfigOpts to support option groups.

Change-Id: Ide843ada11bce115b7dc650440397853c6409b03
2012-01-17 12:00:33 +00:00
Eoghan Glynn
14593a3b96 Split out paste deployment config from the core glance
*.conf files into corresponding *-paste.ini files.

Fixes LP #815208

Change-Id: I5acb8488cc25bb3c7dd735c8c2b0fe62fcea8e5e
2012-01-17 11:40:26 +00:00