23 Commits

Author SHA1 Message Date
Boris Pavlovic
725ce9dfa3 Improve Glance profiling
Put osprofiler middleware as a almost first middleware.
This allows us to:
1) Get more preciese duration. We are measuring duration of all middlewares.
2) authenticate middleware is requesting keystone, so if we init osprofiler
   before this middleware, we will get trace infomration from keystone as well.

Change-Id: I11c5d21e6e6b0bd514dee295da410b208d7c798c
2014-08-24 03:58:03 +04:00
Boris Pavlovic
94b670c199 Integrate OSprofiler and Glance
*) Add osprofiler wsgi middleware
This middleware is used for 2 things:
1) It checks that person who want to trace is trusted and knows
secret HMAC key.
2) It start tracing in case of proper trace headers
and add first wsgi trace point, with info about HTTP request

*) Add initialization of osprofiler at start of serivce
Set's olso.messaging notifer instance (to send notifications to
Ceilometer)

*) Add tracing support for sqlalchemy

*) Add profiler CONF group that has to options:
1) Enable or disable profiler
2) Enable or disable sqlalchemy tracing
(the reason why we put this in Conf options, is that usually
db requests create a lot of trace info)

*) Glance-registry wasn't setted properly to send notifications.

To test it you need 2 things:
1) Enable ceilometer in devstack:
http://paste.openstack.org/show/85724/
2) Initialize osprofiler and send out API request. You can use
one of follow approaches:
a. Run this script (pls provide proper credentials)
http://paste.openstack.org/show/85722/
b. Use the function https://review.openstack.org/#/c/111184/
added from glanceclient CLI directly.

DocImpact

Change-Id: I45a19f5eb5304c2b78a9e12cbc0744941a807304
Co-author: Zhi Yan Liu <zhiyanl@cn.ibm.com>#
2014-08-07 21:05:16 +08:00
Brant Knudson
adeca09124 Use auth_token from keystonemiddleware
The auth_token middleware in python-keystoneclient is now
deprecated and has been moved to keystonemiddleware.

Closes-Bug: #1342274

Change-Id: Ic8ba2d2f470ec052ba13c3b63b26d5e2270f7412
2014-07-15 18:36:14 +00:00
iccha.sethi
4b71309280 Include pipeline option for using identity headers
There have been patches in nova, glance client and glance
registry to give the user the option of not reauthenticating
in glance. Below are the related reviews. This patch
provides pipeline options the users will want to use for the same.

Nova: https://review.openstack.org/#/c/37070/
Glanceclient: https://review.openstack.org/#/c/37062/
Glance Registry: https://review.openstack.org/#/c/36563/

Change-Id: I904f8bafb7e5abceac5723ed8504c672a00c5ec7
2013-07-29 20:25:19 +00:00
Flaper Fesp
0a4f4aff6c Compress response's content according to client's accepted encoding
Currently Glance ignores the Accept-Encoding header and returns
responses as they are regardless the client accepts gzip or other type
of compression.

This patch adds this capability to glance (by using a middleware)
supporting just gzip for now.

Important note:
    - The patch uses a lazy compression for Content-Type
    application/octet-stream but in order to do that, the
    content-length has to be unset which means that when an image is
    downloaded the content-length will be unknown to the client.

Fixes bug: 1150380

Change-Id: Ieb65837d4e3fe310f97d9666882ecc572b14956a
2013-04-30 19:31:57 +02:00
Yaguang Tang
a3a87e49f2 Use auth_token middleware from python-keystoneclient.
auth_token middleware has been moved from keystone to python-keystoneclient,
so add python-keystoneclient dependency.

Change-Id: Ic4122d575b26277f68a4336c27f12a67fbdbbd20
2012-11-28 10:30:50 +08:00
isethi
39700637e3 Makes deployed APIs configurable
Uses config options enable_v1_api and enable_v2_api
to control which APIs have been deployed.
(Thanks markwash for all the help)

Fixes bug 1043497

Change-Id: I42dc1d88f94e61b9550c5f114ffc1abad25be7ff
2012-09-05 21:01:25 +00:00
Brian Waldon
9736d299a4 Clean up comments in paste files
* Reduce comments in paste files to just what is necessary
* Add a 'cachemanage' pipeline to complete our set of paste
  deploy flavors in glance-api-paste.ini
* Add a sample [paste_deploy] section to both glance-api and
  glance-registry configs

Related to bp glance-folsom-docs-cleanup.

Change-Id: I0208b12f6861b48e52260b25802c47ebf6316b9a
2012-09-03 12:51:56 -07:00
Brian Waldon
b7197041fe Move authtoken config out of paste
Since we can now configure Keystone's auth_token middleware using
our own config files, we should ship our example config to show
how this is done. This moves the auth_* variables out of
glance-api-paste.ini and glance-registry-paste.ini into
glance-api.conf and glance-registry.conf.

Fixes bug 1043490

Change-Id: Ibdaf8b2ef0f55e5e892fbd1b994dceb323f07c7b
2012-08-29 12:24:52 -07:00
Brian Waldon
2e9a467dc8 Set proper auth middleware option for anon. access
Fixes bug 1037793

Change-Id: I89c05b5004f6a93608c0e23302f04b95b9018c29
2012-08-16 17:07:43 -04:00
Brian Waldon
ce899351da Reorganize context module
* Move RequestContext class to glance.context
* Move context middlewares to glance.api.middleware
* Update tests to reflect move
* Update paste configs

Related to bp glance-request-tracking

Change-Id: I289b546ec28c973a3022be779ce378ae2febb340
2012-07-10 08:31:50 -07:00
Mark McLoughlin
d33ce445d3 Remove the conf passing PasteDeploy factories
Implements blueprint cfg-global-object

In glance.common.wsgi we have a paste_deploy_app() API which allows
a ConfigOpts instance to be passed the the applications and filters
constructed by PasteDeploy.

Now that we're using a global object, we don't need this anymore

Change-Id: I222d3c58308bc2f504cd802c0c8405d3baa2e49a
2012-06-08 17:36:26 +01:00
Brian Waldon
1533e6d8b8 Fix paste to correctly deploy v2 API
Corrects a typo where 'apiv1app' should be 'apiv2app'

Change-Id: I4ef29f7539a572ed65422fd548e9718e86161b5f
2012-05-22 13:23:44 -07:00
Dan Prince
06821eaff2 Update noauth caching pipeline to use unauth-ctx.
Updates the noauth version of the caching pipeline to use
unauthenticated-context.

Fixes LP Bug #995323.

Change-Id: Id83be95f582a4a6ebe47dbeddc8101a51988e05e
2012-05-05 22:09:19 -04:00
Brian Waldon
59aa1ef2a7 Add /v2 to sample glance-api-paste.ini
* Related to bp api-2

Change-Id: I147624128bea7e0ca84c1673857b227f0590ec78
2012-05-03 17:52:25 -07:00
Brian Waldon
eb4aaa97bd Split noauth context middleware into new class
Use UnauthenticatedContextMiddleware in the case that you want to deploy
without an auth service. ContextMiddleware is now solely for authenticated
requests.

* Rewrite ownership tests for adding/updating images through the v1 API
* Fixes bug 992859

Change-Id: I608671aac8300c9195769542708708afda991e04
2012-05-03 09:00:07 -07:00
Joe Gordon
f0a0c4a000 Cleanup authtoken examples
* remove auth_uri - do not need when set auth_port, auth_host, auth_protocol
* remove servce_*  variables - not needed in new keystone
* update associated documentation

Change-Id: I9bf7d53f7d62371848645a242ae63f77b42319db
2012-05-01 15:38:07 -07:00
Jay Pipes
c449d76ff2 Fixes LP #978119 - cachemanagement w/o keystone
Removes section of glance-api-paste.ini that refers to
an improper cachemanagement middleware without keystone

Change-Id: I86a1a84aac16a8345b06ce83562f4508b49dac10
2012-04-24 13:06:44 -04:00
Brian Waldon
35ed310555 Reorganize pipelines for multiple api versions
* Partially implements bp api-2

Change-Id: Ie942c54e0ba294da661de870a95d685a9b8966de
2012-04-05 08:52:12 -07:00
Brian Waldon
5bd453b14e Remove keystone.middleware.glance_auth_token
* The use of this middleware is no longer necessary
* Fixes bug 957501

Change-Id: I2536babe6b34aa0cb6aca2b3e768ac85800f93e7
2012-03-16 15:53:23 -07:00
Dan Prince
2773170d73 Update paste file to use service tenant.
Update the keystone section of api-paste.ini with example settings
for the keystone service tenant.

Remove the admin_token example lines.

Change-Id: I6169ae727a07e75879b5e2e5c4099c9688c726c6
2012-03-07 18:17:34 -05:00
Eoghan Glynn
5835b30cc2 Avoid the need for users to manually edit PasteDeploy config in order to switch pipelines.
Define multiple pipelines in glace-api.conf to reflect the
various supported deployment flavors (minimal, with caching,
with cache management, with keystone-based auth etc.).

Add an optional paste_deploy.flavor config variable to allow the
user select the appropriate pipeline without having to edit the
paste config (i.e. uncommenting lines as before). For example
in glance-api.conf, a setting of:

  [paste_deploy]
  flavor = keystone+caching

identifies the following pipeline in glace-api-paste.ini:

  [pipeline:glance-api-keystone+caching]
  pipeline = versionnegotiation authtoken auth-context cache apiv1app

the advantage being that the user need not be concerned with
the precise sequence of filters required to realize the QoS
they desire.

Modify the functional tests that patch configuration (i.e. the
keystone and caching tests) to use the new deployment_flavor
mechanism.

Extend the TestConfigOpts to support option groups.

Change-Id: Ide843ada11bce115b7dc650440397853c6409b03
2012-01-17 12:00:33 +00:00
Eoghan Glynn
14593a3b96 Split out paste deployment config from the core glance
*.conf files into corresponding *-paste.ini files.

Fixes LP #815208

Change-Id: I5acb8488cc25bb3c7dd735c8c2b0fe62fcea8e5e
2012-01-17 11:40:26 +00:00