169 Commits

Author SHA1 Message Date
Erno Kuvaja
e0c5440819 Add decompression import plugin
Supported compression formats initially are:
* zip
* gzip
* lha/lzh _if_ lhafile is installed

Change-Id: Id125ebb5e8a9b22a8797d3158e60451d80bfaa14
2020-03-26 15:44:59 +00:00
Erno Kuvaja
f267bd6cde Add possibility to delete image from single store
This change introduces new 'v2/stores/<store_id>/<image_id>'
endpoint that accepts 'DELETE' method request. Once successful
the request will delete the image <image_id>'s location that
matches the store <store_id>. If the store is not read-only
or return image in use exception the image data will be
deleted. In the case of read-only store, the location will
be removed and if the image in use is raised, the call will
fail.

bp: delete-from-store

Co-authored-by: Brian Rosmaita <rosmaita.fossdev@gmail.com>

Change-Id: I1cb45026489a96a283b82e8e7efc9975c181fceb
2020-03-13 14:46:13 +00:00
Zuul
dd1975bd3e Merge "Remove empty policy.json" 2020-03-05 17:40:36 +00:00
Zuul
2456c7d000 Merge "Use default cors config also when run as wsgi app" 2020-02-19 13:58:43 +00:00
Abhishek Kekane
1754c9e2b0 Copy existing image in multiple stores
Added new import method 'copy-image' which will copy existing image into
specified list of stores. Introduced additional task which will serve
as internal plugin which will allow copying existing image into staging
area and then this data will be uploaded to specified stores via regula
import flow.

NOTE: This new import method 'copy-image' is only supported if multiple
stores are enabled in deployment.

APIImpact
Implements: blueprint copy-existing-image
Change-Id: I13eaab7ab013f44ce18465bdbdbe8052942570ff
2020-02-12 05:32:46 +00:00
Grégoire Unbekandt
92492cf504 Add ability to import image into multi-stores
The import image api now supports a list of stores to import data into.
This list can be specified through a new "stores" field that has been
added to the request body.
During import stage, Glance iterates overs this list and send the data
to each store one by one.
If an invalid backend is requested by the user, an exception is raised.
If an errors occurs during verify, already pushed data is removed and
image state is unchanged.

Change-Id: Id3ac19488c0a693d7042be4a3c83f3b9f12313d0
Implements: blueprint import-multi-stores
2020-02-10 09:39:01 +01:00
Radosław Piliszek
9a6fcc2ea5 Use default cors config also when run as wsgi app
This fixes Glance CORS behind uWSGI as used in devstack.

Change-Id: If82d9b396afd87c65e035868b595ff5683cb19f6
Closes-bug: #1861334
2020-01-29 21:29:54 +01:00
Zane Bitter
5bffac0186 Remove empty policy.json
Supplying a policy.json file is no longer necessary.

Change-Id: I33b84c4d68e8077271447bcbdea4b7052eb01204
Depends-On: https://review.opendev.org/694386
2020-01-16 17:15:36 -05:00
Zuul
c632586ef3 Merge "Move policy defaults into code" 2020-01-09 14:00:55 +00:00
Zane Bitter
5c17e4c7ef Move policy defaults into code
Instead of a default policy.json file, policy defaults are now defined
in code. An operator need not supply policy.json data except to the
extent they want to override the defaults. Currently an empty
policy.json is still shipped because it is expected by devstack, but
this can be removed later. A sample policy.yaml file can be generated
using the genpolicy tox environment.

This partly fulfils the requirements of the policy in code goal[1].
However, because policies don't map 1:1 with APIs, it will not be
possible to fully document the policies until changes are made in how
policies are applied as proposed in https://review.opendev.org/528021

Due to the fact that existing policy files may rely on a rule named
"default" to specifiy policies not explicitly listed in the policy.json
file, all policies that are not admin-only by default now default to
"rule:default", so that the "default" rule will continue to apply to
those policies that are not listed in policy.json.

To ensure that this yields the expected policy in a standard
policy-in-code config file, the default value of the "default" rule is
now the empty string "". This is a change; between the Queens release
and now the default was set to "role:admin" to match the value specified
in the default policy.json file. An installation relying on both the
"default" rule for some policies and the default value of the default
rule may end up with a more permissive policy after upgrading. It's
likely that no such policies exist in the wild, because prior to the
Queens release the default value for the "default" rule was "@" (allow
all requests), so anybody relying on this rule will surely have
specified it explicitly in their policy.json.

Policies whose default is "role:admin" no longer use the "default" rule.
Therefore existing policy.json files that rely on the "default" rule for
those policies, and who have specified a value for the "default" rule
that is more permissive, will result in a more restrictive policy after
upgrading. It is unlikely that any of these policies exist in the wild
either.

[1] https://governance.openstack.org/tc/goals/selected/queens/policy-in-code.html

Change-Id: I8d1ccf5844078cc0b1652fb1130794daf07cedbc
2020-01-06 12:56:30 -05:00
OpenStack Proposal Bot
2d917f79cf Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I5f48d06a8fb2afbe02758d7e7963ff6af9b015cc
2020-01-04 07:35:27 +00:00
Brian Rosmaita
40bd312410 Remove py2 testing, jobs
Change tox.ini so that all jobs are python3, and add explicit
unit/functional testenvs for the two ussuri python runtimes
(3.6 and 3.7).

Remove py2 jobs from .zuul.yaml and redefine the periodic "tips"
jobs so that they are testing with the ussuri python runtimes.
Added nodeset: ubuntu-bionic to the abstract base jobs so that
py3.7 is available.

Co-authored-by: Ghanshyam Mann <gmann@ghanshyammann.com>
Co-authored-by: Brian Rosmaita <rosmaita.fossdev@gmail.com>

Closes-bug: #1853693
Change-Id: I15467c34fc8466fa1724c5401dc879ae77c1922d
2019-12-17 14:24:24 -05:00
Erno Kuvaja
06b2465f59 Remove native ssl support
As eventlet ssl termination is broken with python 3 and
we won't be supporting python 2.7 anymore we will just
remove ssl termination to glance-api and expect the
termination being handled by something else, like HAProxy.

This patch also removes the broken ssl test job as the
non-existing feature is not broken anymore.

Change-Id: Iaf16dfcfdb3a2c93312dcad1ea1229e6b3c8caaa
2019-12-09 15:17:03 +00:00
OpenStack Proposal Bot
4d547e277a Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ib10304b9f65fb26b2b953062ad771806728265da
2019-11-19 07:46:48 +00:00
OpenStack Proposal Bot
99938b8afe Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I033593aaf1ac8339b4e09da6602f8ed54cf49598
2019-10-03 10:57:32 +00:00
c144ce5802 Update master for stable/train
Add file to the reno documentation build to show release notes for
stable/train.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.

Change-Id: I6ed9645bebb9a63a1e70d8f6630c7d53fba4e35e
Sem-Ver: feature
2019-10-02 10:06:29 +00:00
Abhishek Kekane
6dba83ba3a Rethinking filesystem access
In Rocky multiple backend support is added as experimental feature. In
order to take advantage of this feature it is decided to deprecate
work_dir and node_staging_uri configuration options
and reserve two filesystem stores 'os_glance_tasks_store' and
'os_glance_staging_store', which can be used to get rid of initializing
store via internal functions.

These internal stores are considered "reserved stores" by Glance.
For the time being, these are hard-coded as filesystem stores.  The
store prefix 'os_glance_' is reserved for internal Glance use and
the glance-api service will refuse to start if a store with this
prefix is included in the enabled_backends config option in
glance-api.conf.

NOTE: Because there are no sensible default values for the location
of the datadir for each of these stores, the operator must define
'os_glance_tasks_store' and 'os_glance_staging_store' in
glance-api.conf configuration file as shown below.

[os_glance_tasks_store]
filesystem_store_datadir = /var/lib/glance/tasks_work_dir/

[os_glance_staging_store]
filesystem_store_datadir = /var/lib/glance/staging/

Each filesystem store must have a unique datadir.

Depends-On: https://review.openstack.org/#/c/639765/
Implements: blueprint rethinking-filesystem-access
Change-Id: I86ec513c5fc653dbb97b79d953d8430f014e684f
2019-10-01 09:53:48 +00:00
Zuul
854e425fec Merge "Add SEV-related extra spec and image properties" 2019-09-25 14:22:31 +00:00
Zuul
53fbfc8c63 Merge "Add Train milestone 3 releasenotes" 2019-09-18 09:03:12 +00:00
Erno Kuvaja
09dcdadff6 Add Train milestone 3 releasenotes
Change-Id: I4752d34b3c456ff64ce116004481d52e8b28c8c6
2019-09-17 13:48:18 +00:00
Adam Spiers
3a281b9bc6 Add SEV-related extra spec and image properties
The AMD SEV support recently introduced to nova[0] depends on certain
metadata properties for flavors and images which were either missing
or only partially covered by existing glance metadata, so fill the
missing gaps:

- Add the hw:mem_encryption flavor extra spec and corresponding
  hw_mem_encryption image property.

- hw_firmware_type has been supported by nova for quite a while,
  so register it as an official metadata property.

- Add hw_cdrom_bus which was missing as per
  https://bugs.launchpad.net/glance/+bug/1808868.  This shares
  values with hw_disk_bus, so document that too.

[0] https://docs.openstack.org/nova/latest/admin/configuration/hypervisor-kvm.html#amd-sev-secure-encrypted-virtualization

Closes-Bug: 1808868
Change-Id: I8116565ad0326d0125b320d840d787edcb086aa9
2019-09-12 19:58:27 +01:00
Zuul
99f3235acf Merge "Multiple backend support for scrubber" 2019-09-12 18:55:18 +00:00
Cyril Roelandt
defc01042f Add release notes for secret key deletion
Change-Id: Ie7961ed0fab4af0208a9add0bf06a08cc12d0b4d
Implements: blueprint barbican-secret-deletion-support
2019-09-11 18:40:57 -04:00
Zuul
ca00b48e59 Merge "add metadef vlaues for new video models" 2019-09-06 12:03:03 +00:00
Zuul
1b6ae384af Merge "add hw_pmu metadef" 2019-09-06 03:13:48 +00:00
Brian Rosmaita
e5690fcba4 Release note for 'compressed' container format
Change-Id: I2f28190e5a9af62d6073ccf47fb9338eca026567
2019-08-29 11:50:02 +00:00
Sean Mooney
5bdefff5cd add metadef vlaues for new video models
- This change adds the newly supported libvirt
  video models, virtio, gop and none.
- This change updates the train metadefs changes
  release note.

Change-Id: I440a038b53825b5f92fc977566edcf3cabfba673
2019-08-21 01:18:07 +01:00
Sean Mooney
2998c795ed add hw_pmu metadef
This change adds a new hw_pmu metadef property to the
OS::Compute::LibvirtImage namespace and extends the train
metadef changes releasenote.

Depends-on: https://review.opendev.org/#/c/671338/
Change-Id: I2f4e7ef4f816afbd0524a6265d5605afa1da5f86
2019-08-21 01:06:04 +01:00
Abhishek Kekane
915ac7ea17 Multiple backend support for scrubber
In Rocky multiple backend support is added as an experimental API
feature. As of now multiple backend works with glance-api but it
is missing in glance-scrubber.

Made provision to initialize multiple backend related config options
in scrubber.

NOTE:
Operator needs to define multiple backends related config options in
glance-scrubber.conf.

Change-Id: I7327ff5db8fa19e6813a0fe0fb657eab19f8b61f
Closes-Bug: #1794225
2019-08-06 08:34:31 +00:00
Ankit Arora
ceba6db664 Added powervm as hypervisor type for image metadata prefiltering.
"powervm" as hypervisor type is required for image metadata
prefiltering in glance.

Closes-Bug: #1826136

Change-Id: I7afd43c2e0581d30a78d5ed4e30f8eb2af1cf444
2019-04-29 01:31:07 -05:00
OpenStack Proposal Bot
117cecfb4c Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I64c424662b43ecd6eb91a5f2dadf64419225e4c0
2019-03-23 07:23:32 +00:00
ea08a00535 Update master for stable/stein
Add file to the reno documentation build to show release notes for
stable/stein.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.

Change-Id: Ibb86938983e78fae4b6ce55fc067f013b018b302
Sem-Ver: feature
2019-03-22 15:48:39 +00:00
Zuul
5c9baa88f8 Merge "Add Stein releasenotes" 2019-03-22 05:22:32 +00:00
Erno Kuvaja
ebab269948 Add Stein releasenotes
Change-Id: I19c183a1d9024012be28b0da5db82814c61c2009
2019-03-22 02:25:43 +00:00
zhangbailin
345b9e77fe Add description to common image properties
Add the 'description' attribute to common image properties to allow
users to record the purpose of the image in a human-readable format
in an interoperable way.

Co-authored-by: zhangbailin <zhangbailin@inspur.com>
Co-authored-by: Brian Rosmaita <rosmaita.fossdev@gmail.com>

Change-Id: Id0b148190cfa5fb9851ad2085a6b1ac1e0e7e352
Blueprint: add-description-field-to-image
2019-03-20 11:51:47 -04:00
Zuul
9a80f7ab86 Merge "glance Windows support" 2019-03-14 11:06:10 +00:00
Lucian Petrut
5759ec0b1c glance Windows support
This change will allow glance services to run on Windows, using
eventlet wsgi for API services.

This change will:
* avoid monkey patching the os module on Windows (which causes Popen
  to fail)
* avoiding unavailable signals
* avoid renaming in-use files or leaking handles
* update the check that ensures that just one scrubber process may
  run at a time. We can't rely on process names as there might be
  wrapper processes that have similar names (no she-bangs on Windows,
  so the scripts are called a bit differently). We'll use a global
  named mutex instead.

A subsequent change will leverage Windows job objects as a
replacement for process groups, also avoiding forking when spawning
workers.

At the moment, some Glance tests cannot run on Windows, which is
also covered by subsequent patches.

DocImpact

blueprint windows-support

Change-Id: I3bca69638685ceb11a1a316511ad9a298c630ad5
2019-03-13 16:41:11 +02:00
Zuul
a772017d3e Merge "Add new 'all' visibility filter for listing images" 2019-03-12 21:35:45 +00:00
OpenStack Proposal Bot
b0fffb2de5 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I90746bc6cf30f09d8ce23534ca7c623715746cf1
2019-03-08 08:13:02 +00:00
Sam Morrison
cfa9b6e8e8 Add new 'all' visibility filter for listing images
Closes-Bug: #1779251

Change-Id: I01368d1b375d2f538739baaa1e04462f70b43051
2019-02-25 10:34:01 +11:00
Brian Rosmaita
de72ac4a01 Update show_multiple_locations deprecation note
Update logged text to indicate our intentions with respect
to the show_multiple_locations configuration option, which
has been deprecated since Newton and advertised as subject
to removal in Pike.  Also correct the misleading impression
in the deprecation notice and earlier release notes that
functionality that requires show_multiple_locations = True
can be configured via policies at the current time.  Also
adds a release note to this effect.

Change-Id: I5bf0c8af9dfe87e0d17f7a16d4676f387b4379f6
Closes-bug: #1808375
2018-12-18 09:04:21 -05:00
Zuul
8d1beed2a8 Merge "Implement scaffolding for upgrade checks" 2018-12-07 02:41:19 +00:00
Lance Bragstad
c82ecc7463 Implement scaffolding for upgrade checks
One of the community goals for Stein is to implement a command-line
tool for operators that runs programmable checks that might impact
upgradability.

This commit lays down the basic structure for the upgrade checks and
ties it up to `glance-status` command.

Change-Id: I7fcf5235a76d15dbcb2c49255bc26c2b586cd71c
Story: 2003657
Task: 26135
2018-12-05 16:43:00 -05:00
OpenStack Proposal Bot
e7365a4474 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I80f69af223f6af7bdfc04eabc748cd89ca1661ba
2018-12-05 12:14:47 +00:00
OpenStack Proposal Bot
97dac0f380 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I80e9605cdd446f2512420c7fbf2ead3dda1143c2
2018-11-08 06:07:55 +00:00
Zuul
3e97060669 Merge "Use WebOb 1.8.1" 2018-10-09 08:51:42 +00:00
OpenStack Proposal Bot
70af2d68c0 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I37542809df3030f5ec655627f1d84bd0448b4497
2018-09-29 04:12:12 +00:00
OpenStack Proposal Bot
b8deff2ef8 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I6502ee5f8cf759289908b0f77d034f11f8f2aa7b
2018-08-29 06:34:03 +00:00
Brian Rosmaita
9b9d0567ef Use WebOb 1.8.1
The requirements/upper-constraints file was modified to allow WebOb
1.8.1 by commit 88bafa11deb9bd7595983d97ffabca338f073ba3.  This
patch simplifies some Glance code that could handle both WebOb
1.7.4 and 1.8.1 so that it now only handles the latter, and updates
the glance/requirements.txt and glance/lower-constraints.txt to
reflect that we support WebOb 1.8.1+ only.

Change-Id: I03e03013927cc5434aa0d97657d5e7efd8223ee5
Closes-bug: #1770410
2018-08-22 10:36:32 -04:00
OpenStack Proposal Bot
9657073262 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I69082515a02581ada6ec9f675d6819599e419b17
2018-08-18 06:27:20 +00:00