| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Update glance-control to send a SIGHUP rather than
perform a start/stop for the 'reload' operation.
This allows picking up new configuration values without
interrupting the service.
Closes-bug: 1436275
Change-Id: I5a653daa3e582b665c0a2c402cf2d7c9e47e1c38
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Wikipedia's list of common misspellings [1] has a machine-readable
version. This patch fixes those misspellings mentioned in the list
which don't have multiple right variants (as e.g. "accension", which can
be both "accession" and "ascension"), such misspellings are left
untouched. The list of changes was manually re-checked for false
positives.
[1] https://en.wikipedia.org/wiki/Wikipedia:Lists_of_common_misspellings/For_machines
Change-Id: I6f549eb78998ead9b2f1a04e196e65b3f08f1be7
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the documentation of glance-manage is missing the commands
to handle the glance metadata defnition. This patch provides details
on following commands:
db_load_metadefs
db_unload_metadefs
db_export_metadefs
Closes-Bug: #1414725
Change-Id: I90865831d38478f76e7379ca447ed99c17387710
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, every call to policy.enforce passed an empty dictionary as
the target. This prevents operators from using tenant specific
restrictions in their policy.json files since the target will always be
an empty dictionary.
If you try to restrict some actions so an image owner (users with the
correct tenant id) can perform actions, the check categorically fails
because the target is okay is an empty dictionary. By passing the
ImageTarget instance wrapping an Image, we can properly grant access to
the image owner(s) based on tenant (e.g., owner:%(tenant)). Without this
fix, the only check that actually works in glance is a RoleCheck (e.g.,
role:admin).
Partial-bug: 1346648
Implements: blueprint pass-targets-to-policy-enforcer
Change-Id: Id914c478ca7c4dfde3f08028d8b70c623f26b6e9
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch provides the ability to 'deactivate' an image by
providing two new API calls and a new image status 'deactivated'.
Attempting to download a deactivated image will result in a
403 'Forbidden' return code. Also, image locations won't be visible
for deactivated images unless the user is admin.
All other image operations should remain unaffected.
The two new API calls are:
- POST /images/{image_id}/actions/deactivate
- POST /images/{image_id}/actions/reactivate
DocImpact
UpgradeImpact
Change-Id: I32b7cc7ce8404457a87c8c05041aa2a30152b930
Implements: bp deactivate-image
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adds a basic architecture description section
to the Glance Developer guide.
Change-Id: I782490bb8757cd67d83057176f8e3eeffa007b84
Co-Authored-By: Mike Fedosin <mfedosin@mirantis.com>
Co-Authored-By: Olena Logvinova <ologvinova@mirantis.com>
Co-Authored-By: Alexander Adamov <aadamov@mirantis.com>
|
|\ \ \ |
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The patch adds the necessary configuration options defined in the
multiple datastore spec for VMware Store backend.
Approved Spec:
I16229da839ab7f147c36d5857e2269999e8215d7
Implementation:
I176f1143cd2d9b0a01a0f4f4256e7ac7d9b09afd
blueprint vmware-store-multiple-datastores
Depends-On: I4a52347cdbc238a3cb36a67d453591d0f8576a39
UpgradeImpact
DocImpact
Change-Id: Ic459b3b579d2b02e9abd9655ea2eb3e99fddcfcd
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Metadefinition resources - namespaces, objects, properties, tags and
resource types - don't provide any notification events when certain
operations are performed on them. This patch includes following events
that will be triggered when necessary:
* metadef_namespace.create - namespace has been created
* metadef_namespace.update - namespace has been updated
* metadef_namespace.delete - namespace has been deleted
* metadef_namespace.delete_properties - all properties have been removed
from namespace
* metadef_namespace.delete_objects - all objects have been removed from
namespace
* metadef_namespace.delete_tags - all tags have been removed from
namespace
* metadef_object.create - object has been created
* metadef_object.update - object has been updated
* metadef_object.delete - object has been deleted
* metadef_property.create - property has been created
* metadef_property.update - property has been updated
* metadef_property.delete - property has been deleted
* metadef_tag.create - tag has been created
* metadef_tag.update - tag has been updated
* metadef_tag.delete - tag has been deleted
* metadef_resource_type.create - resource type has been added to
namespace
* metadef_resource_type.delete - resource type has been removed from
namespace
Additionally new configuration option has been added to allow for
disabling either individual or group of notifications.
DocImpact
UpgradeImpact
Depends-On: Iaa771ead0114e3941667b1e07ff32472d2f77afd
Change-Id: Ie1635793d80188f8f7a07aea91b9f0842900ffa6
Implements: blueprint metadefs-notifications
|
|\ \ |
|
| | |
| | |
| | |
| | | |
Change-Id: Ic8a19d9fd1d6d551b9ca2ee36389c69e63cf0869
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Presently, the wsgi server allows persist connections. Hence even after
the response is sent to the client, it doesn't close the client socket
connection. Because of this problem, the green thread is not released
back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
DocImpact:
Added http_keepalive option (default=True).
SecurityImpact
Closes-Bug: #1361360
Change-Id: I93aaca24935a4f3096210233097dd6b8c5440176
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We added the eventlet executor waiting for taskflow to land and be ready
for us to consume it. Now that we have it, it's time to remove the
eventlet executor in favor of taskflow's parallel executors.
DocImpact
UpgradeImpact
Partially-implements blueprint: new-upload-workflow
Change-Id: I220a14b2a92949772d5322c9947c42e892cfdbfa
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
There are no boto imports in glance anymore since the s3 driver moved
out with glance_store, so remove the boto requirement from glance.
Also cleans up an old install reference for RPMs.
Change-Id: Iea294c4416630e441f8a183b32b2f1c9b7b88821
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Change I5b356170ec82d033204e22f79c862201400a0a31 introduced a new
swift_store configuration option. Prior to accepting that, it was
determined that we needed to add it to the relevant configuration files
and document the option.
DocImpact
Closes-bug: 1375857
Change-Id: I4cbfae3c1ac84d6c85875d34a58dd2a87ae85d6f
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The description of 'image_cache_max_size' was ambiguous. There was not
the certainty that the 'image_cache_max_size' parameter was about the
aggregate size of the cache or a per image limit.
The 'image_cache_max_size' is an upper limit beyond which pruner,
if running, starts cleaning the images cache.
Hence added detail description of 'image_cache_max_size' in document
and configuration file.
Bug: #1411813
Change-Id: Ide8e087db544aeea1990bac92c97cb9ca9f0b522
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Rewrote description of the public_endpoint configuration option
to make the purpose of the setting more explicit.
Change-Id: Ic4d5ce9884b6641eed076e5b6fad71ec0e6659a4
Closes-Bug: #1419328
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This patch adds support for a new task executor. This executor
leverages the taskflow library which is responsible for dispatching
the tasks.
The taskflow executor provides basic serial execution of the
tasks and uses eventlet by default. The execution mode is configurable
to have parallel execution in which case it is possible to also
configure the number of workers running at the same time.
TaskFlow wiki: https://wiki.openstack.org/wiki/TaskFlow
partially implements bp async-glance-workers
partially implements bp taskflow-integration
DocImpact
UpgradeImpact
Co-Authored by: Arnaud Legendre <arnaudleg@gmail.com>
Co-Authored by: Flavio Percoco <flaper87@gmail.com>
Co-Authored by: Nikhil Komawar <nikhil.komawar@rackspace.com>
Change-Id: Ie31e64f8fee7f9fe7336cde50d5db89577c4f76d
|
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The snet option forces the deployer to name the desired endpoint after
the public endpoint. In order to switch between multiple internal
networks, names have to be changed. Instead of constructing a URL with a
prefix from what is returned by auth, specify the URL via configuration.
DocImpact
UpgradeImpact
bp replace-snet-config-with-endpoint-config
Change-Id: I7b7e14d7da082ae37a9737d2078017b04c19b87b
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It would be great to enhance Glance to use minimum of SHA2
to do digital signature for FIPS compliance. Since in
FIPS(FEDERAL INFORMATION PROCESSING STANDARDS) says the
SHA-1 is not suitable for general-purpose digital signature
applications (as specified in FIPS 186-3) that require 112
bits of security. In the case of digital signatures, SHA-1
does not provide the 112 bits of collision resistance needed
to achieve the security strength.
Now we're using hardcode 'sha1'. So this patch will make it
configurable firstly and set the default value as sha1 in
Kilo for smooth upgrade, which will be changed with sha256
in next release(L).
DocImpact
UpgradeImapact
SecurityImpact
Closes-Bug: #1288545
Change-Id: I9236cc85f4e9881ac1aa35d69bc6761a59c1b6c8
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The documentation for glance_stores was missing any mention of the
stores option which is required to make a default_store work if it's
non-default.
Closes-Bug: #1406182
Change-Id: I89e8fe2d8b31cd66609fd4132cb263eecb3db4c3
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixing a typo in documentation
Change-Id: I2e36bac15878ccd5a4285462af8689c7d188ac7b
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When this part of 'Use common db code from oslo' blueprint was merged
into master: https://review.openstack.org/#/c/36207/ some code related
to db_auto_create was removed but some still remained in tempest tests,
documentation and configuration samples.
This fix removes every reference to db_auto_create option.
Closes-Bug: #1343907
Change-Id: Ibca3f633e61574d77339fc98fdf73340c9d9b8dc
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Based on current implementation, image in pending_delete
status can't be recovered. This patch will fix the
document issue.
Change-Id: If4fe75cfb759ae0288f378cee77a71be4a306456
|
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[DEFAULT] default_store was deprecated in Juno and moved into the
[glance_store] section. Yet it remains in the old place in the sample
glance-api.conf. Additionally, some comments still refer to the
known_stores option, which is now simply stores.
DocImpact
Change-Id: I7215e35534fd9a77730d39b96f9ba3bf6c3ea065
|
|\ \ \ |
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As specified in the blueprint, we are only going to set log_file in the
configuration file for now, and we read it last in glance.cmd.manage.
This allows glance-manage to use the appropriate log-file and still
retain the settings it needs in glance-api.conf and glance-registry.conf
DocImpact
Change-Id: I87595a29634e6ffda4e1581d42a92dfe6f84044b
Implements: blueprint create-glance-manage-conf
Closes-bug: #1391211
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds appropriate config options to reflect
changes in the Multiple Containers spec.
Approved spec:
https://review.openstack.org/#/c/124522
DocImpact
bp: swift-store-multiple-containers
Change-Id: Ia6b4cb215c4945fb0373e9af5358725209353aa8
|
|/
|
|
| |
Change-Id: I8190b102ab827a4cf4c23f0f350fae051c1d33f0
Signed-off-by: Zhi Yan Liu <zhiyanl@cn.ibm.com>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The "auth_port", "auth_host", and "auth_protocol" variables were
deprecated in favour of a single "identity_uri" variable.
* Adjust authentication.rst doc to reference "identity_uri"
Change-Id: I48de53f21b8d767b276858ed274066015d765f0e
Closes-Bug: #1361613
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove intersphinx from the docs build as it triggers network calls that
occasionally fail, and we don't really use intersphinx (links other
sphinx documents out on the internet)
This also removes the requirement for internet access during docs build.
This causes docs jobs to fail because we error out on warnings.
Change-Id: I71e941e2a639641a662a163c682eb86d51de42fb
Related-Bug: #1368910
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The http://docs.openstack.org/developer/glance/
site currently doesn't include the Juno Metadata
Definitions concepts. This patch adds
an overview of the concepts to this site.
This provides a synopis of the concepts in:
https://github.com/openstack/glance-specs/blob/master/specs/juno/metadata-schema-catalog.rst
DocImpact
Closes-Bug: 1367432
Related-Bug: 1367908
Related-Bug: 1363615
Related-Bug: 1366286
Related-Bug: 1363383
Change-Id: Iad4d388cbbf2f63fa243d04d35032de0cb0bc1b4
|
| |
| |
| |
| |
| |
| |
| | |
This patch adds a detailed description for filesystem_store_file_perm option which
was added in https://review.openstack.org/#/c/119529.
Change-Id: Ia567b9d56891940a8170d67d95c1cb318545094e
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
- Rename resource_type to resource_type_
associations in namespace API input/output
- Add created_at/updated_at in resource_
type_associations block of namespace API
input/output.
- Fix minor nits
Closes-bug: 1367908
Change-Id: Ie74bfb36a7023abb346852f5b863f19d0d7bc4ff
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A sample import script to successfully import image from http or https
location is introduced. This should work on a devstack installtion.
Also, the following changes are introduced:-
1. An interface for implementing any other type of executor.
2. Provides namespace for keeping Tasks scripts.
3. A config for choosing deployer specific executor.
4. An interface for writing Tasks scripts.
5. A module for common script related methods.
6. Logic for limiting number of simultaneous tasks execution on the
Glance API server.
partially implements bp async-glance-workers
DocImpact
Change-Id: I382472fffd0fdad43573e72b2e78a9a6ed1e1f1a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implements: blueprint metadata-schema-catalog
A common API hosted by the Glance service for vendors, admins,
services, and users to meaningfully define available key / value
pair and tag metadata. The intent is to enable better metadata
collaboration across artifacts, services, and projects for
OpenStack users.
This is about the definition of the available metadata that can
be used on different types of resources (images, artifacts,
volumes, flavors, aggregates, etc). A definition includes the
properties type, its key, it's description, and it's constraints.
This catalogue will not store the values for specific instance
properties.
- REST API for CRUD on metadef namespace
- REST API for CRUD on metadef objects
- REST API for CRUD on metadef properites
- REST API for CRUD on metadef resource types
- REST API for JSON schemas on metadef API's
Change-Id: I8e6d88ffee9a9337bf82b1da85648ba638a154ab
DocImpact
Co-Authored-By: Lakshmi N Sampath <lakshmi.sampath@hp.com>
Co-Authored-By: Wayne Okuma <wayne.okuma@hp.com>
Co-Authored-By: Travis Tripp <travis.tripp@hp.com>
Co-Authored-By: Pawel Koniszewski <pawel.koniszewski@intel.com>
Co-Authored-By: Michal Jastrzebski <michal.jastrzebski@intel.com>
Co-Authored-By: Michal Dulko <michal.dulko@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
*) Add osprofiler wsgi middleware
This middleware is used for 2 things:
1) It checks that person who want to trace is trusted and knows
secret HMAC key.
2) It start tracing in case of proper trace headers
and add first wsgi trace point, with info about HTTP request
*) Add initialization of osprofiler at start of serivce
Set's olso.messaging notifer instance (to send notifications to
Ceilometer)
*) Add tracing support for sqlalchemy
*) Add profiler CONF group that has to options:
1) Enable or disable profiler
2) Enable or disable sqlalchemy tracing
(the reason why we put this in Conf options, is that usually
db requests create a lot of trace info)
*) Glance-registry wasn't setted properly to send notifications.
To test it you need 2 things:
1) Enable ceilometer in devstack:
http://paste.openstack.org/show/85724/
2) Initialize osprofiler and send out API request. You can use
one of follow approaches:
a. Run this script (pls provide proper credentials)
http://paste.openstack.org/show/85722/
b. Use the function https://review.openstack.org/#/c/111184/
added from glanceclient CLI directly.
DocImpact
Change-Id: I45a19f5eb5304c2b78a9e12cbc0744941a807304
Co-author: Zhi Yan Liu <zhiyanl@cn.ibm.com>#
|