Updates the swift store to support multiple tenants:
* Added configuration option for swift_store_multi_tenant.
* Updated the swift connection creation logic so that in multi-tenant
mode the token and storage URL from the service catalog are used
to create swift connection.
* When in multi-tenant mode locations URL's (stored in the DB) do
not contain hard coded swift credentials.
Includes unit tests to verify multi-tenant swift storage URLs.
Partially implements blueprint: swift-tenant-specific-storage.
Change-Id: I45fc97027e6f211ac353513c2d9d6da51ccf4489
Addresses LP 1025353 for the v1 API.
Transition image status to active immediately on creation
(as opposed to leaving it queued forever) if the size is set
to zero from the get-go.
The v2 implementation is left unchanged for now, as the image
status does not appear to ever transition from queued to active
in that case.
This change allows an image to be created that simply acts as
a properties bucket, but requires no image data. For example,
an image created from a booted-from-volume instance where only
the kernel, ramdisk ID, and block device mappings are required.
Change-Id: I61e96f3fe5f5245fec791170b4a8b4c72135c3de
Implements blueprint cfg-global-object
In glance.common.wsgi we have a paste_deploy_app() API which allows
a ConfigOpts instance to be passed the the applications and filters
constructed by PasteDeploy.
Now that we're using a global object, we don't need this anymore
Change-Id: I222d3c58308bc2f504cd802c0c8405d3baa2e49a
Use UnauthenticatedContextMiddleware in the case that you want to deploy
without an auth service. ContextMiddleware is now solely for authenticated
requests.
* Rewrite ownership tests for adding/updating images through the v1 API
* Fixes bug 992859
Change-Id: I608671aac8300c9195769542708708afda991e04
* remove auth_uri - do not need when set auth_port, auth_host, auth_protocol
* remove servce_* variables - not needed in new keystone
* update associated documentation
Change-Id: I9bf7d53f7d62371848645a242ae63f77b42319db
Allow multiple config files to be pulled in from a config directory,
as opposed to individual config files being explicitly enumerated.
This logic is enabled using the --config-dir=/path/to/config CLI option,
causing config to be retrived from all matching /path/to/config/*.conf
files.
Sections may be re-opened across config files, and all config items
must reside in an explicitly specified section (i.e. it does not default
to [DEFAULT]). This behavior is unchanged.
The common elements of this patch (i.e. not specific to the
glance-specific location of paste.ini files) have landed in
to openstack-common as:
https://github.com/openstack/openstack-common/commit/fd8c2e7c
Change-Id: I3b659f1837c082bd1a78fe860a468f9d68f0f132
Pull the extra methods defined in glance.registry.context:RequestContext into
glance.common.context:RequestContext. This is necessary as the new v2 API
implementation talks directly to the database.
* Partially implements bp api-2
Change-Id: Ia8c1fde511bdca69be0dcf61ce12976ace5f7dc3
Updated the RST documentation that discusses container formats, since they
aren't really used right now.
Changed some examples from ovf to bare, since in most cases, users just upload
a bare image file.
Change-Id: I844d7827c3de4df6cdddb9b963cc2f236a3e6767
* Allow a deployer to define the role that should give an authenticated
user admin privileges. Defaults to 'admin'
* Fixes bug 956547
Change-Id: I018b9c438a12c527833ed8e2e6c377a93fde9130
* bin/glance-cache-queue-image duplicates functionality provided by
bin/ glance-cache-manage, and it is currently broken. Let's just remove it.
Change-Id: Ib18be2116055154047df6ca9b4c335323c8b2dde
* Update docs to reflect correct attribute names for configs and env vars
* Remove old env var conversion tool
* Fixes bug 952405
Change-Id: I45b2519fe97e76987a9e0acda14b303ba75afd02
The image cache configuration needs to be duplicated between glance-api.conf
and glance-cache.conf. This adds a note in the documentation to help clarify
that fact.
Change-Id: I125a56fecadc89d127570581c3ddb5d3faa3475c
This page is duplicated several times over on the wiki, let's get rid of
it rather than worry about keeping it up to date.
Change-Id: I09a9c093b708526d6c73eb270b05131bfb715af0
* Rewords how we refer to to our 'reference' implementation of the registry
API. glance-registry is an implementation detail of the main glance API, not
an example of a community-driven API spec
* Remove duplicate 'gettingstarted' information
* Fixes bug 954554
Change-Id: I889f61a399c398897f2146b756b2c3c310847718
Fix for bug 936798. Allow a client to select which
region endpoint they want from the service catalogue.
The region can be set via the environment variable
OS_REGION_NAME or via the '-R/--region' command line
option.
If a single image endpoint is returned from keystone,
the client will use that even if no region was specified
(the default). Where multiple endpoints exist a region
must be provided.
Change-Id: I6797f8ddf88d5875caf194913082c3fe24c86585
Implements bp retrieve-image-from
Added support for a new header:
x-glance-api-copy-from: URI
where URI is a HTTP, S3, or Swift location that's accessible to the
glance API service. Where present, the image content is copied from
the external store to the backend store currently configured for
the glance API service.
Impedence between the representation returned by Store.get() and
the implicit requirements of Store.add() required careful iterator/
filelike wrapping.
Also rationalized the S3 and Swift functional test setup logic and
added a new decorator-based mechanism to allow a functional testcase
require multiple backend stores to be available and configured.
Change-Id: If783a09c273832b8926aabc60b7eba8b3ab956d6
Fixes lp 933702
For images created via the glance CLI, the container and disk formats
were previously defaulted if not explicitly set. However if created via
the python or REST APIs, these attributes were not defaulted if unset.
There is no real sensible default for these formats, so now an image
create fails with 400 "Bad Request" if the format metadata are missing.
Also we ensure unset image metadata are not reported in x-image-meta-*
headers in order to disambiguate None and empty string values.
Change-Id: I8189383f5f9adf42a8cdac7f8dc7e9327baf46da
Fix for bug 929591.
Change glance to require server certificate validation
by default when using https. The standard system
CA file will be used if available (and an alternative was not
provided).
The --insecure option can be used by clients to skip server
certificate validation if appropriate.
* This change will impact Nova clients accessing glance over https.
If the standard CA file is not suitable they will need to provide
a CA file or else create an 'insecure' glance client.
* Accesses to a https registry server must now perform server
certificate validation.
* If the package which provides the standard
system CA file is installed then that file will be used by default.
It probably makes sense for the glance package to have a
dependency on whichever package provides the default CA bundle.
(In Ubuntu this is 'ca-certificates')
Change-Id: I7c83361ba0881559ec77d4baf10dfeb5b8e32185
This patch implements a new notification strategy that sends
notifications to a message queue via Qpid.
Change-Id: Ie2640139dcf735e428af63e9e87b3667a2b22eb5
Fixes bug 923894
Add new '--respawn' option to cause glance services launched via
glance-control to be monitored for unexpected death and resuscitated
as necessary.
This option will cause glance-control itself to remain running.
Deliberately stopped services are not respawned, neither are rapidly
bouncing services (where process death occurred within one second
of the last launch).
Change-Id: I1a9a99cce9b6ad43274836e39ebe4f29c19455af
Fixes bug 923894
Previously all stdout/err from glance services was discarded
if launched via glance-control.
The --capture-output option allows such output to be instead
captured in the syslog.
Non-termination output should be flushed to ensure timely
arrival in /var/log/messages.
Change-Id: I5c11ad4b9f7f321a3d1cab71e34c2a6707ef1b5e
Fixes bug 853933
Add new --username|--password|--tenant|--auth_url|--auth_strategy
switches to bin/glance to allow the username, password, tenant name,
and authentication URL & strategy be specified on the command line.
Avoid needlessly falling back to keystone v2 auth after a successful:
GET /v1.0/tokens
returns with the X-Image-Management-Url or X-Glance header set,
as opposed to X-Server-Management-Url.
Extend the keystone functional test support to ensure that the URL
returned by keystone via the X-*-Url header contains the appropriate
dynamically allocated port for the glance API service.
Ensure the underlying $OS_* environment variables do not leak into the
TestPrivateImagesCli functional tests, also explicitly exercise both
noauth and keystone strategies.
Change-Id: Iee8bf3745d65a9c57a9da803d5cf9ae5f343a159
Implements blueprint multi-process-server. Allows several Glance API
worker processes to be started, which can increase performance on machines
with more than one CPU.
Change-Id: I1cbb48945fd23afd71de3a30b80836b590c023a1