delta/openstack/python-glanceclient.git/glanceclient/shell.py, branch 1.0.0 opendev.org: openstack/python-glanceclient.git Remove custom SSL compression handling 2015-08-26T12:26:21+00:00 Stuart McLaren stuart.mclaren@hp.com 2015-06-08T14:49:52+00:00 618637a5bd545d8271d9349b08a8e4ab2841d086 Custom SSL handling was introduced because disabling SSL layer compression provided an approximately five fold performance increase in some cases. Without SSL layer compression disabled the image transfer would be CPU bound -- with the CPU performing the DEFLATE algorithm. This would typically limit image transfers to < 20 MB/s. When --no-ssl-compression was specified the client would not negotiate any compression algorithm during the SSL handshake with the server which would remove the CPU bottleneck and transfers could approach wire speed. In order to support '--no-ssl-compression' two totally separate code paths exist depending on whether this is True or False. When SSL compression is disabled, rather than using the standard 'requests' library, we enter some custom code based on pyopenssl and httplib in order to disable compression. This patch/spec proposes removing the custom code because: * It is a burden to maintain Eg adding new code such as keystone session support is more complicated * It can introduce additional failure modes We have seen some bugs related to the 'custom' certificate checking * Newer Operating Systems disable SSL for us. Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression 'off'. This makes both servers and client less likely to have compression enabled. * Newer combinations of 'requests' and 'python' do this for us Requests disables compression when backed by a version of python which supports it (>= 2.7.9). This makes clients more likely to disable compression out-of-the-box. * It is (in principle) possible to do this on older versions too If pyopenssl, ndg-httpsclient and pyasn1 are installed on older operating system/python combinations, the requests library should disable SSL compression on the client side. * Systems that have SSL compression enabled may be vulnerable to the CRIME (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack. Installations which are security conscious should be running the Glance server with SSL disabled. Full Spec: https://review.openstack.org/#/c/187674 Blueprint: remove-custom-client-ssl-handling Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf 
Custom SSL handling was introduced because disabling SSL layer compression
provided an approximately five fold performance increase in some
cases. Without SSL layer compression disabled the image transfer would be
CPU bound -- with the CPU performing the DEFLATE algorithm.  This would
typically limit image transfers to < 20 MB/s. When --no-ssl-compression
was specified the client would not negotiate any compression algorithm
during the SSL handshake with the server which would remove the CPU
bottleneck and transfers could approach wire speed.

In order to support '--no-ssl-compression' two totally separate code
paths exist depending on whether this is True or False.  When SSL
compression is disabled, rather than using the standard 'requests'
library, we enter some custom code based on pyopenssl and httplib in
order to disable compression.

This patch/spec proposes removing the custom code because:

* It is a burden to maintain

 Eg adding new code such as keystone session support is more complicated

* It can introduce additional failure modes

 We have seen some bugs related to the 'custom' certificate checking

* Newer Operating Systems disable SSL for us.

 Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression
 'off'. This makes both servers and client less likely to have compression
 enabled.

* Newer combinations of 'requests' and 'python' do this for us

 Requests disables compression when backed by a version of python which
 supports it (>= 2.7.9). This makes clients more likely to disable
 compression out-of-the-box.

* It is (in principle) possible to do this on older versions too

 If pyopenssl, ndg-httpsclient and pyasn1 are installed on older
 operating system/python combinations, the requests library should
 disable SSL compression on the client side.

* Systems that have SSL compression enabled may be vulnerable to the CRIME
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack.
Installations which are security conscious should be running the Glance
server with SSL disabled.

Full Spec: https://review.openstack.org/#/c/187674
Blueprint: remove-custom-client-ssl-handling

Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf
Use API v2 as default 2015-08-11T02:01:28+00:00 Fei Long Wang flwang@catalyst.net.nz 2015-06-22T03:47:48+00:00 181131ef2ea153a3cb768bd224ddcde4a2b42665 Now we have claimed v2 is the current API version of Glance, we should change the Glance client as well to be consistent with Glance server. DocImpact Change-Id: I09c9e409d149e2d797785591183e06c13229b7f7 
Now we have claimed v2 is the current API version of Glance,
we should change the Glance client as well to be consistent
with Glance server.

DocImpact

Change-Id: I09c9e409d149e2d797785591183e06c13229b7f7
Enable flake8 checks 2015-07-21T14:08:27+00:00 Darja Shakhray dshakhray@mirantis.com 2015-07-20T14:29:49+00:00 ec0f2dfd8500d230895e286462aaf69c43777038 This commit enables new flake8 checks: * E265 block comment should start with '# ' * H405 multi line docstring summary not separated with an empty line * E123 closing bracket does not match indentation of opening bracket's line * H238 old style class declaration, use new style (inherit from `object`) * E128 continuation line under-indented for visual indent and makes related changes in the code. Change-Id: Ie993afc930f6b74d7a990bcaa9fc0e9f5ba1585c 
This commit enables new flake8 checks:
* E265  block comment should start with '# '
* H405  multi line docstring summary not separated with an empty line
* E123  closing bracket does not match indentation of opening bracket's line
* H238  old style class declaration, use new style (inherit from `object`)
* E128  continuation line under-indented for visual indent
and makes related changes in the code.

Change-Id: Ie993afc930f6b74d7a990bcaa9fc0e9f5ba1585c
Import only modules and update tox.ini 2015-06-17T15:56:37+00:00 Cindy Pallares cindy.pallaresq@gmail.com 2015-05-20T00:59:06+00:00 997c12d3abfd9a571a4e8f0b022dfb1d27c62edb As stated in the OpenStack Hacking Guidelines, it is prefered that only modules should be imported. Also updated tox.ini to ignore opestack/common among others. Change-Id: I2f0a603c31052eadee581c11880c0ec6bd392829 
As stated in the OpenStack Hacking Guidelines, it is prefered
that only modules should be imported.

Also updated tox.ini to ignore opestack/common among others.

Change-Id: I2f0a603c31052eadee581c11880c0ec6bd392829
Merge "Improve import related error handling" 2015-05-26T18:20:16+00:00 Jenkins jenkins@review.openstack.org 2015-05-26T18:20:16+00:00 d80c70e58abdc4260600ceadc81a49802d7878d6 






Do not crash on homedir mkdir
2015-05-14T15:41:24+00:00

Thomas Goirand
zigo@debian.org

2015-04-20T08:26:31+00:00

1686d6aa535562ae2ea6e04b6dfd59b86c998c8a

Glanceclient is trying to create ~/.glanceclient, and crashes if it can't
do that. In some environment (for example, when building the package
under Jenkins), writing on $HOME is simply not allowed, and Glanceclient
can simply ignore it. This patch allows the mkdir() to fail, which fixes
the issue.

Closes-Bug: #1446096
Change-Id: Ib3591fb4e54ccd2fe63a1a4815551ac10ef5b961





Glanceclient is trying to create ~/.glanceclient, and crashes if it can't
do that. In some environment (for example, when building the package
under Jenkins), writing on $HOME is simply not allowed, and Glanceclient
can simply ignore it. This patch allows the mkdir() to fail, which fixes
the issue.

Closes-Bug: #1446096
Change-Id: Ib3591fb4e54ccd2fe63a1a4815551ac10ef5b961







Improve import related error handling
2015-05-08T12:51:02+00:00

Stuart McLaren
stuart.mclaren@hp.com

2015-04-07T12:32:36+00:00

1f89beb6098f4f6a8d8c2912392b273bc068b2e3

If there was a problem importing a library we would incorrectly raise
an unsupported version error:

  $ glance --os-image-api-version 1 image-list
  "1" is not a supported API version. Example values are "1" or "2".

We should change this to provide information on the failed import, eg:

  $ glance --os-image-api-version 1 image-list
  No module named badimport

We also now raise the full stacktrace in this case if '--debug' is passed
on the command line.

Change-Id: I1c687ae6c5da239090b0b7a4a855b3271a9076da
Related-bug: 1402632





If there was a problem importing a library we would incorrectly raise
an unsupported version error:

  $ glance --os-image-api-version 1 image-list
  "1" is not a supported API version. Example values are "1" or "2".

We should change this to provide information on the failed import, eg:

  $ glance --os-image-api-version 1 image-list
  No module named badimport

We also now raise the full stacktrace in this case if '--debug' is passed
on the command line.

Change-Id: I1c687ae6c5da239090b0b7a4a855b3271a9076da
Related-bug: 1402632







Merge "Remove duplicate 'a' in the help string of --os-image-url"
2015-03-10T11:50:53+00:00

Jenkins
jenkins@review.openstack.org

2015-03-10T11:50:53+00:00

9e09211914aaa33bd8108b03bc7547ba4a92d23b












Merge "Remove graduated gettextutils from openstack/common"
2015-03-03T23:38:17+00:00

Jenkins
jenkins@review.openstack.org

2015-03-03T23:38:17+00:00

7f9b64337119c7900c3d7c7d3948f1a19dc6685f












Merge "Strip json and html from error messages"
2015-03-01T16:19:15+00:00

Jenkins
jenkins@review.openstack.org

2015-03-01T16:19:14+00:00

99c46d64a0ca62b43af06da8acc1556fd8b18465