openstack/glance
Code Issues Proposed changes

Merge "Complete and update Newton release notes"

Browse Source
This commit is contained in:
Jenkins 2016-09-16 00:08:15 +00:00 committed by Gerrit Code Review
commit ee667852f5
12 changed files with 230 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
releasenotes/notes/add-vhdx-format-2be99354ad320cca.yaml
View File

@ -1,6 +1,6 @@
--- ---
prelude: > prelude: >
- Add VHDX to list of supported disk format. - Add ``vhdx`` to list of supported disk format.
features: features:
- The identifier ``vhdx`` has been added to the list of - The identifier ``vhdx`` has been added to the list of
supported disk formats in Glance. The respective supported disk formats in Glance. The respective

13
releasenotes/notes/bump-api-2-4-efa266aef0928e04.yaml Normal file
View File

@ -0,0 +1,13 @@
---
prelude: >
- Glance API ``minor`` version bumped to 2.4.
upgrade:
- |
Glance API **CURRENT** ``minor`` version is now ``2.4``.
* To partially fix an important image locations
bug 1587985, an API impacting change has been merged
into Glance.
* This will result into a non-backward compatible
experience before and after **Newton** release, for
users using ``add`` feature to image locations.

46
releasenotes/notes/deprecate-show-multiple-location-9890a1e961def2f6.yaml
View File

@ -1,26 +1,32 @@
--- ---
prelude: > prelude: >
Deprecate the ``show_multiple_locations`` configuration - Deprecate the ``show_multiple_locations`` configuration
option in favor of the existing Role Based Access option in favor of the existing Role Based Access
Control (RBAC) for Image locations which uses Control (RBAC) for Image locations which uses
``policy.json`` file to define the appropriate rules. ``policy.json`` file to define the appropriate rules.
Maintaining two different ways to configure, enable
and/or disable a feature is painful for developers and
operators, so the less granular means of controlling
this feature will be eliminated in the **Ocata**
release. Please read upgrade section for more details.
upgrade: upgrade:
- For the Newton release, this option will still be - |
honored. However, it is important to update Some additional points about ``show_multiple_locations``
``policy.json`` file for glance-api nodes. In configuration option deprecation.
particular, please consider updating the policies
``delete_image_location``, ``get_image_location`` and * Maintaining two different ways to configure, enable
``set_image_location`` as per your requirements. As this and/or disable a feature is painful for developers and
is an advanced option and prone to expose some risks, operators, so the less granular means of controlling
please check the policies to ensure security and privacy this feature will be eliminated in the **Ocata**
of your cloud. release.
- Future releases will ignore this option and just * For the Newton release, this option will still be
follow the policy rules. It is recommended that this honored. However, it is important to update
option is disabled for public endpoints and is being ``policy.json`` file for glance-api nodes. In
only used internally for service-to-service particular, please consider updating the policies
communication. ``delete_image_location``, ``get_image_location`` and
``set_image_location`` as per your requirements. As
this is an advanced option and prone to expose some
risks, please check the policies to ensure security
and privacy of your cloud.
* Future releases will ignore this option and just
follow the policy rules. It is recommended that this
option is disabled for public endpoints and is used
only internally for service-to-service communication.
* As mentioned above, the same recommendation applies
to the policy-based configuration for exposing
multiple image locations.

51
releasenotes/notes/improved-config-options-221c58a8c37602ba.yaml
View File

@ -1,29 +1,30 @@
--- ---
prelude: > prelude: >
Improved configuration options for glance. Please - Improved configuration option descriptions and handling.
refer to the ``other`` section for more information.
other: other:
- The glance configuration options have been - |
improved with detailed help texts, defaults for The glance configuration options have been improved with
sample configuration files, explicit choices detailed help texts, defaults for sample configuration
of values for operators to choose from, and a files, explicit choices of values for operators to
strict range defined with ``min`` and ``max`` choose from, and a strict range defined with ``min`` and
boundaries. ``max`` boundaries.
It must be noted that the configuration options * It must be noted that the configuration options that
that take integer values now have a strict range defined take integer values now have a strict range defined
with "min" and/or "max" boundaries where appropriate. This with ``min`` and/or ``max`` boundaries where
renders the configuration options incapable of taking certain appropriate.
values that may have been accepted before but were actually * This renders the configuration options incapable of
invalid. For example, configuration options specifying counts, taking certain values that may have been accepted
where a negative value was undefined, would have still accepted before but were actually invalid.
the supplied negative value. Such options will no longer accept * For example, configuration options specifying counts,
negative values. However, options where a negative value was where a negative value was undefined, would have still
previously defined (for example, -1 to mean unlimited) will accepted the supplied negative value. Such options
remain unaffected by this change. will no longer accept negative values.
* Options where a negative value was previously defined
Values that do not comply with the appropriate restrictions (for example, -1 to mean unlimited) will remain
will prevent the service from starting. The logs will contain unaffected by this change.
a message indicating the problematic configuration option and * Values which do not comply with the new restrictions
the reason why the supplied value has been rejected. will prevent the service from starting. The logs will
contain a message indicating the problematic
configuration option and the reason why the supplied
value has been rejected.

38
releasenotes/notes/location-add-status-checks-b70db66100bc96b7.yaml Normal file
View File

@ -0,0 +1,38 @@
---
prelude: >
- Adding locations to a non-active or non-queued image
is no longer allowed.
critical:
- |
Attempting to set image locations to an image *not* in
``active`` or ``queued`` status will now result in a
HTTP Conflict (HTTP status code 409) to the user.
* Until now, no image status checks were in place while
**adding** a location on it. In some circumstances,
this may result in a bad user experience. It may also
cause problems for a security team evaluating the
condition of an image in ``deactivated`` status.
* **Adding** locations is disallowed on the following
image statuses - ``saving``, ``deactivated``,
``deleted``, ``pending_delete``, ``killed``.
* Note that there are race conditions associated with
adding a location to an image in the ``active``,
``queued``, ``saving``, or ``deactivated`` status.
Because these are non-terminal image statuses, it is
possible that when a user attempts to add a location,
a status transition could occur that might block the
**add** (or might appear to allow an add that should
not be allowed).
* For example, a user is not allowed to add a location
to an image in ``saving`` status. Suppose a user
decides to add a location anyway. It is possible that
before the user's request is processed, the
transmission of data being saved is completed and the
image transitioned into ``active`` status, in which
case the user's add location request will succeed. To
the user, however, this success will appear anomalous
because in most cases, an attempt to add a location to
an image in ``saving`` status will fail.
* We mention this so that you can be aware of this
situation in your own testing.

43
releasenotes/notes/newton-1-release-065334d464f78fc5.yaml
View File

@ -1,35 +1,20 @@
--- ---
prelude: > prelude: >
Several in-tree documentation updates exist in newton-1. - Glance no longer returns a 500 when 4 byte unicode
An important bug 1570789 that will handle 4 byte unicode characters are passed to the metadefs API.
chars for metadefs APIs is fixed which will prevent 500s - Deprecated "sign-the-hash" approach for image signing.
on the same. Deprecated sign-the-hash approach for image Old run_tests and related scripts have been removed.
signing and old run_tests and related scripts have been
removed.
upgrade: upgrade:
- The image signature verification feature has been updated - The image signature verification feature has been
to follow the "sign-the-data" approach, which uses a updated to follow the "sign-the-data" approach, which
signature of the image data directly. The prior deprecated uses a signature of the image data directly. The prior
"sign-the-hash" approach, which uses a signature of an MD5 deprecated "sign-the-hash" approach, which uses a
hash of the image data, has been removed. signature of an MD5 hash of the image data, has been
removed.
security: security:
- The initial implementation of the image signature - The initial implementation of the image signature
verification feature in Glance was insecure, because it verification feature in Glance was insecure, because it
relied on an MD5 hash of the image data. More details can relied on an MD5 hash of the image data. More details
be found in bug 1516031. This "sign-the-hash" approach was can be found in bug 1516031. This "sign-the-hash"
deprecated in Mitaka, and removed in newton-1. approach was deprecated in Mitaka, and has been removed
Related CVE-2015-8234. in Newton. Related CVE-2015-8234.
fixes:
- |
Please find below a list of some other important bugs along with
their descriptions that have been fixed in newton-1.
* bug 1580848: There's no exception when import task is created
without properties
* bug 1585584: Glare v0.1 is unable to create public artifact draft
* bug 1582304: Allow tests to run when http proxy is set
* bug 1570789: various md-* create and update api's
return 500 error if 4 bytes unicode characters is passed
* bug 1568894: glance_store opts missing in glance-scrubber.conf
and glance-cache.conf sample files
* bug 1568723: secure_proxy_ssl_header not in sample config files

61
releasenotes/notes/newton-bugs-06ed3727b973c271.yaml Normal file
View File

@ -0,0 +1,61 @@
---
fixes:
- |
Here is a list of other important bugs that have been
fixed (or partially fixed) along with their
descriptions.
* bug 1617258: Image signature base64 needs to wrap
lines
* bug 1612341: Add cpu thread pinning flavor metadef
* bug 1609571: version negotiation api middleware was
NOT up to date to include v2.3
* bug 1602081: Glance needs to use oslo.context's
policy dict
* bug 1599169: glance-replicator size raises object of
type 'NoneType' has no len() exception when no args
provided
* bug 1599192: glance-replicator needs to display
human-readable size
* bug 1585917: member-create will raise 500 error if
member-id is greater than 255 characters
* bug 1598985: glance-replicator compare output should
show image name in addition to image id for missing
images
* bug 1533949: Glance tasks missing configuration item
"conversion_format"
* bug 1593177: The default policy needs to be admin for
safer default deployment scenarios
* bug 1584076: Swift ACLs disappears on v1 Glance
images
* bug 1591004: Unable to download image with no
checksum when cache is enabled
* bug 1584415: Listing images with the created_at and
updated_at filters fails if an operator is not
specified
* bug 1590608: Services should use http_proxy_to_wsgi
middleware from oslo.middleware library
* bug 1584350: etc/glance-registry.conf sample file has
redundant store section
* bug 1543937: db-purge fails for very large number
* bug 1580848: There's no exception when import task is
created without properties
* bug 1585584: Glare v0.1 is unable to create public
artifact draft
* bug 1582304: Allow tests to run when http proxy is set
* bug 1570789: Metadefs API returns 500 error when 4
byte unicode character is passed
* bug 1532243: glance fails silently if a task flow
can not be loaded
* bug 1568894: glance_store options missing in
glance-scrubber.conf and glance-cache.conf sample
files
* bug 1568723: secure_proxy_ssl_header not in sample
configuration files
* bug 1535231: md-meta with case insensitive string has
problem during creating
* bug 1555275: Tags set changes on delete
* bug 1558683: Versions endpoint does not support
X-Forwarded-Proto
* bug 1557495: Possible race conditions during status
change

4
releasenotes/notes/remove-db-downgrade-0d1cc45b97605775.yaml
View File

@ -1,7 +1,7 @@
--- ---
prelude: > prelude: >
Database downgrades have been removed from the Glance source tree. Please - Database downgrades have been removed from the Glance
see ``upgrade`` section for more details. source tree.
upgrade: upgrade:
- The ``db_downgrade`` command has been removed from the - The ``db_downgrade`` command has been removed from the
``glance-manage`` utility and all database downgrade ``glance-manage`` utility and all database downgrade

17
releasenotes/notes/remove-s3-driver-639c60b71761eb6f.yaml
View File

@ -1,11 +1,12 @@
--- ---
prelude: > prelude: >
s3 store driver has been removed. - The ``s3`` store driver has been removed.
upgrade: upgrade:
- The latest release of glance_store library does not - The latest release of glance_store library does not have
have the support for s3 driver. All code references of the support for the ``s3`` driver. All code references
s3 have been removed from the library. As this release of the same have been removed from the library. As this
of Glance uses the updated glance_store library, you release of Glance uses the updated glance_store library,
will find s3 driver support removed from Glance too. you will find the ``s3`` driver support removed from
One such important example is the location strategy Glance too. For example the Glance image location
which no longer has s3 support. strategy modules no longer offer the ``s3`` driver
support.

31
releasenotes/notes/reordered-store-config-opts-newton-3a6575b5908c0e0f.yaml Normal file
View File

@ -0,0 +1,31 @@
---
prelude: >
- Sample configuration file shipped with Glance source now
has reordered store drivers configuration options for
future consistent ordering.
other:
- |
The sample configuration files autogenerated using the
oslo-config-generator tool now give consistent ordering
of the store drivers configurations.
* Some operators have reported issues with reordering
observed in the sample configurations shipped with
Glance release tarballs. This reordering may result
into a incorrect "diff" of the configurations used
downstream vs. newly introduced upstream.
* Latest release of ``glance_store`` library (used
in the **Newton** release of Glance) will include fix
for the ``glance_store`` bug 1619487.
* Until now every run of the oslo-config-generator
resulted in random ordering of the store drivers
configuration. After **Newton** release this order
will remain consistent.
* The store drivers configuration order in the sample or
autogenerated files should be expected to be
alphabetical as - ``cinder``, ``filesystem``,
``http``, ``rbd``, ``sheepdog``, ``swift``,
``vmware``.
* Note the code name for the "ceph" driver is ``rbd``.
* Note the ordering of the options within a store is not
alphabetical.

29
releasenotes/notes/soft_delete-tasks-43ea983695faa565.yaml
View File

@ -1,25 +1,10 @@
--- ---
prelude: > prelude: >
Adds a new function that is called in the - Expired tasks are now deleted.
tasks_get_all function, so that everytime tasks
lists are called, the function checks if tasks in
the database have surpassed the expired_at value;
if that is the case, then it marks the deleted value
as 1 for all the expired tasks.
other: other:
- Tasks are soft deleted, in Glance, a resource can - Expired tasks are now deleted in Glance. As with other
be soft deleted in the Database Table, these resources Glance resources, this is a "soft" deletion, that is, a
still exist in the database. The same thing happens deleted task is marked as ``deleted`` in the database so
with tasks; they are marked as deleted using the that the task will not appear in API responses, but the
delete flag in the Tasks table which are not queried information associated with the task persists in the
on the regular list or show call. The tasks are not database.
instantly deleted because there may be information
contained in the task resource that may not be
available elsewhere(For example, a successful
import task will eventually result in the creation
of an image in Glance, and it would be useful to
know the UUID of this image. Similarly, if the
import task fails, end user should be given time
to read the task resource to analyze the error
message.)

2
releasenotes/source/index.rst
View File

@ -5,6 +5,6 @@
.. toctree:: .. toctree::
:maxdepth: 1 :maxdepth: 1
liberty
unreleased unreleased
mitaka mitaka
liberty