This change introduces new 'v2/stores/<store_id>/<image_id>'
endpoint that accepts 'DELETE' method request. Once successful
the request will delete the image <image_id>'s location that
matches the store <store_id>. If the store is not read-only
or return image in use exception the image data will be
deleted. In the case of read-only store, the location will
be removed and if the image in use is raised, the call will
fail.
bp: delete-from-store
Co-authored-by: Brian Rosmaita <rosmaita.fossdev@gmail.com>
Change-Id: I1cb45026489a96a283b82e8e7efc9975c181fceb
Added new import method 'copy-image' which will copy existing image into
specified list of stores. Introduced additional task which will serve
as internal plugin which will allow copying existing image into staging
area and then this data will be uploaded to specified stores via regula
import flow.
NOTE: This new import method 'copy-image' is only supported if multiple
stores are enabled in deployment.
APIImpact
Implements: blueprint copy-existing-image
Change-Id: I13eaab7ab013f44ce18465bdbdbe8052942570ff
The import image api now supports a list of stores to import data into.
This list can be specified through a new "stores" field that has been
added to the request body.
During import stage, Glance iterates overs this list and send the data
to each store one by one.
If an invalid backend is requested by the user, an exception is raised.
If an errors occurs during verify, already pushed data is removed and
image state is unchanged.
Change-Id: Id3ac19488c0a693d7042be4a3c83f3b9f12313d0
Implements: blueprint import-multi-stores
Supplying a policy.json file is no longer necessary.
Change-Id: I33b84c4d68e8077271447bcbdea4b7052eb01204
Depends-On: https://review.opendev.org/694386
Instead of a default policy.json file, policy defaults are now defined
in code. An operator need not supply policy.json data except to the
extent they want to override the defaults. Currently an empty
policy.json is still shipped because it is expected by devstack, but
this can be removed later. A sample policy.yaml file can be generated
using the genpolicy tox environment.
This partly fulfils the requirements of the policy in code goal[1].
However, because policies don't map 1:1 with APIs, it will not be
possible to fully document the policies until changes are made in how
policies are applied as proposed in https://review.opendev.org/528021
Due to the fact that existing policy files may rely on a rule named
"default" to specifiy policies not explicitly listed in the policy.json
file, all policies that are not admin-only by default now default to
"rule:default", so that the "default" rule will continue to apply to
those policies that are not listed in policy.json.
To ensure that this yields the expected policy in a standard
policy-in-code config file, the default value of the "default" rule is
now the empty string "". This is a change; between the Queens release
and now the default was set to "role:admin" to match the value specified
in the default policy.json file. An installation relying on both the
"default" rule for some policies and the default value of the default
rule may end up with a more permissive policy after upgrading. It's
likely that no such policies exist in the wild, because prior to the
Queens release the default value for the "default" rule was "@" (allow
all requests), so anybody relying on this rule will surely have
specified it explicitly in their policy.json.
Policies whose default is "role:admin" no longer use the "default" rule.
Therefore existing policy.json files that rely on the "default" rule for
those policies, and who have specified a value for the "default" rule
that is more permissive, will result in a more restrictive policy after
upgrading. It is unlikely that any of these policies exist in the wild
either.
[1] https://governance.openstack.org/tc/goals/selected/queens/policy-in-code.html
Change-Id: I8d1ccf5844078cc0b1652fb1130794daf07cedbc
Change tox.ini so that all jobs are python3, and add explicit
unit/functional testenvs for the two ussuri python runtimes
(3.6 and 3.7).
Remove py2 jobs from .zuul.yaml and redefine the periodic "tips"
jobs so that they are testing with the ussuri python runtimes.
Added nodeset: ubuntu-bionic to the abstract base jobs so that
py3.7 is available.
Co-authored-by: Ghanshyam Mann <gmann@ghanshyammann.com>
Co-authored-by: Brian Rosmaita <rosmaita.fossdev@gmail.com>
Closes-bug: #1853693
Change-Id: I15467c34fc8466fa1724c5401dc879ae77c1922d
As eventlet ssl termination is broken with python 3 and
we won't be supporting python 2.7 anymore we will just
remove ssl termination to glance-api and expect the
termination being handled by something else, like HAProxy.
This patch also removes the broken ssl test job as the
non-existing feature is not broken anymore.
Change-Id: Iaf16dfcfdb3a2c93312dcad1ea1229e6b3c8caaa
Add file to the reno documentation build to show release notes for
stable/train.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.
Change-Id: I6ed9645bebb9a63a1e70d8f6630c7d53fba4e35e
Sem-Ver: feature
In Rocky multiple backend support is added as experimental feature. In
order to take advantage of this feature it is decided to deprecate
work_dir and node_staging_uri configuration options
and reserve two filesystem stores 'os_glance_tasks_store' and
'os_glance_staging_store', which can be used to get rid of initializing
store via internal functions.
These internal stores are considered "reserved stores" by Glance.
For the time being, these are hard-coded as filesystem stores. The
store prefix 'os_glance_' is reserved for internal Glance use and
the glance-api service will refuse to start if a store with this
prefix is included in the enabled_backends config option in
glance-api.conf.
NOTE: Because there are no sensible default values for the location
of the datadir for each of these stores, the operator must define
'os_glance_tasks_store' and 'os_glance_staging_store' in
glance-api.conf configuration file as shown below.
[os_glance_tasks_store]
filesystem_store_datadir = /var/lib/glance/tasks_work_dir/
[os_glance_staging_store]
filesystem_store_datadir = /var/lib/glance/staging/
Each filesystem store must have a unique datadir.
Depends-On: https://review.openstack.org/#/c/639765/
Implements: blueprint rethinking-filesystem-access
Change-Id: I86ec513c5fc653dbb97b79d953d8430f014e684f
The AMD SEV support recently introduced to nova[0] depends on certain
metadata properties for flavors and images which were either missing
or only partially covered by existing glance metadata, so fill the
missing gaps:
- Add the hw:mem_encryption flavor extra spec and corresponding
hw_mem_encryption image property.
- hw_firmware_type has been supported by nova for quite a while,
so register it as an official metadata property.
- Add hw_cdrom_bus which was missing as per
https://bugs.launchpad.net/glance/+bug/1808868. This shares
values with hw_disk_bus, so document that too.
[0] https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization
Closes-Bug: 1808868
Change-Id: I8116565ad0326d0125b320d840d787edcb086aa9
- This change adds the newly supported libvirt
video models, virtio, gop and none.
- This change updates the train metadefs changes
release note.
Change-Id: I440a038b53825b5f92fc977566edcf3cabfba673
This change adds a new hw_pmu metadef property to the
OS::Compute::LibvirtImage namespace and extends the train
metadef changes releasenote.
Depends-on: https://review.opendev.org/#/c/671338/
Change-Id: I2f4e7ef4f816afbd0524a6265d5605afa1da5f86
In Rocky multiple backend support is added as an experimental API
feature. As of now multiple backend works with glance-api but it
is missing in glance-scrubber.
Made provision to initialize multiple backend related config options
in scrubber.
NOTE:
Operator needs to define multiple backends related config options in
glance-scrubber.conf.
Change-Id: I7327ff5db8fa19e6813a0fe0fb657eab19f8b61f
Closes-Bug: #1794225
"powervm" as hypervisor type is required for image metadata
prefiltering in glance.
Closes-Bug: #1826136
Change-Id: I7afd43c2e0581d30a78d5ed4e30f8eb2af1cf444
Add file to the reno documentation build to show release notes for
stable/stein.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.
Change-Id: Ibb86938983e78fae4b6ce55fc067f013b018b302
Sem-Ver: feature
Add the 'description' attribute to common image properties to allow
users to record the purpose of the image in a human-readable format
in an interoperable way.
Co-authored-by: zhangbailin <zhangbailin@inspur.com>
Co-authored-by: Brian Rosmaita <rosmaita.fossdev@gmail.com>
Change-Id: Id0b148190cfa5fb9851ad2085a6b1ac1e0e7e352
Blueprint: add-description-field-to-image
This change will allow glance services to run on Windows, using
eventlet wsgi for API services.
This change will:
* avoid monkey patching the os module on Windows (which causes Popen
to fail)
* avoiding unavailable signals
* avoid renaming in-use files or leaking handles
* update the check that ensures that just one scrubber process may
run at a time. We can't rely on process names as there might be
wrapper processes that have similar names (no she-bangs on Windows,
so the scripts are called a bit differently). We'll use a global
named mutex instead.
A subsequent change will leverage Windows job objects as a
replacement for process groups, also avoiding forking when spawning
workers.
At the moment, some Glance tests cannot run on Windows, which is
also covered by subsequent patches.
DocImpact
blueprint windows-support
Change-Id: I3bca69638685ceb11a1a316511ad9a298c630ad5
Update logged text to indicate our intentions with respect
to the show_multiple_locations configuration option, which
has been deprecated since Newton and advertised as subject
to removal in Pike. Also correct the misleading impression
in the deprecation notice and earlier release notes that
functionality that requires show_multiple_locations = True
can be configured via policies at the current time. Also
adds a release note to this effect.
Change-Id: I5bf0c8af9dfe87e0d17f7a16d4676f387b4379f6
Closes-bug: #1808375
One of the community goals for Stein is to implement a command-line
tool for operators that runs programmable checks that might impact
upgradability.
This commit lays down the basic structure for the upgrade checks and
ties it up to `glance-status` command.
Change-Id: I7fcf5235a76d15dbcb2c49255bc26c2b586cd71c
Story: 2003657
Task: 26135
The requirements/upper-constraints file was modified to allow WebOb
1.8.1 by commit 88bafa11deb9bd7595983d97ffabca338f073ba3. This
patch simplifies some Glance code that could handle both WebOb
1.7.4 and 1.8.1 so that it now only handles the latter, and updates
the glance/requirements.txt and glance/lower-constraints.txt to
reflect that we support WebOb 1.8.1+ only.
Change-Id: I03e03013927cc5434aa0d97657d5e7efd8223ee5
Closes-bug: #1770410