Commit Graph

161 Commits

Author SHA1 Message Date
Dan Prince
8b2d038185 Adds multi tenant support for swift backend.
Updates the swift store to support multiple tenants:

 * Added configuration option for swift_store_multi_tenant.

 * Updated the swift connection creation logic so that in multi-tenant
   mode the token and storage URL from the service catalog are used
   to create swift connection.

 * When in multi-tenant mode locations URL's (stored in the DB) do
   not contain hard coded swift credentials.

Includes unit tests to verify multi-tenant swift storage URLs.

Partially implements blueprint: swift-tenant-specific-storage.

Change-Id: I45fc97027e6f211ac353513c2d9d6da51ccf4489
2012-07-20 10:12:02 -04:00
Eoghan Glynn
6873195cd1 Support zero-size image creation via the v1 API
Addresses LP 1025353 for the v1 API.

Transition image status to active immediately on creation
(as opposed to leaving it queued forever) if the size is set
to zero from the get-go.

The v2 implementation is left unchanged for now, as the image
status does not appear to ever transition from queued to active
in that case.

This change allows an image to be created that simply acts as
a properties bucket, but requires no image data. For example,
an image created from a booted-from-volume instance where only
the kernel, ramdisk ID, and block device mappings are required.

Change-Id: I61e96f3fe5f5245fec791170b4a8b4c72135c3de
2012-07-16 17:29:43 +01:00
Jenkins
00a7683555 Merge "Making docs pretty!" 2012-07-14 02:09:53 +00:00
jakedahn
8935b32686 Making docs pretty!
* Before: http://stsh.me/2Qt
  * After: http://stsh.me/2Qu

Change-Id: Idca673ee6157e62afc1aef76413f2d54ae8e5c9f
2012-07-11 15:27:26 -07:00
jakedahn
030e8b4b07 Removing 'Indices and tables' heading from docs.
* Bug 955475

Change-Id: Ibcd2d2ed535a548d76c8afad54673135c20c8232
2012-07-11 15:03:51 -07:00
Mark McLoughlin
d33ce445d3 Remove the conf passing PasteDeploy factories
Implements blueprint cfg-global-object

In glance.common.wsgi we have a paste_deploy_app() API which allows
a ConfigOpts instance to be passed the the applications and filters
constructed by PasteDeploy.

Now that we're using a global object, we don't need this anymore

Change-Id: I222d3c58308bc2f504cd802c0c8405d3baa2e49a
2012-06-08 17:36:26 +01:00
Vincent Untz
e3151459e8 Fix typo in doc
metdata -> metadata

Change-Id: I44e5e73946e9d1a37b8e3a5974083e3fbea33d2d
2012-06-07 16:33:25 +02:00
Unmesh Gurjar
a857842368 Fixes bug 997565.
Modified the help text for 'add' image command.

Change-Id: I32cbd36a3a4ef6368f9128ac0ab4a8efbd14ff2e
2012-05-11 14:23:41 +05:30
Brian Waldon
eb4aaa97bd Split noauth context middleware into new class
Use UnauthenticatedContextMiddleware in the case that you want to deploy
without an auth service. ContextMiddleware is now solely for authenticated
requests.

* Rewrite ownership tests for adding/updating images through the v1 API
* Fixes bug 992859

Change-Id: I608671aac8300c9195769542708708afda991e04
2012-05-03 09:00:07 -07:00
Jenkins
90609a35fc Merge "Support for directory source of config files" 2012-05-02 22:30:44 +00:00
Joe Gordon
f0a0c4a000 Cleanup authtoken examples
* remove auth_uri - do not need when set auth_port, auth_host, auth_protocol
* remove servce_*  variables - not needed in new keystone
* update associated documentation

Change-Id: I9bf7d53f7d62371848645a242ae63f77b42319db
2012-05-01 15:38:07 -07:00
Eoghan Glynn
6e29b0bd6d Support for directory source of config files
Allow multiple config files to be pulled in from a config directory,
as opposed to individual config files being explicitly enumerated.

This logic is enabled using the --config-dir=/path/to/config CLI option,
causing config to be retrived from all matching /path/to/config/*.conf
files.

Sections may be re-opened across config files, and all config items
must reside in an explicitly specified section (i.e. it does not default
to [DEFAULT]). This behavior is unchanged.

The common elements of this patch (i.e. not specific to the
glance-specific location of paste.ini files) have landed in
to openstack-common as:

  https://github.com/openstack/openstack-common/commit/fd8c2e7c

Change-Id: I3b659f1837c082bd1a78fe860a468f9d68f0f132
2012-05-01 17:29:34 +01:00
Brian Waldon
bd305fa07b Merge registry context with common context
Pull the extra methods defined in glance.registry.context:RequestContext into
glance.common.context:RequestContext. This is necessary as the new v2 API
implementation talks directly to the database.

* Partially implements bp api-2

Change-Id: Ia8c1fde511bdca69be0dcf61ce12976ace5f7dc3
2012-04-26 08:53:24 -07:00
Yaguang Tang
6cc4b8ea2d fix bug lp:980892,update glance doc.
Change-Id: I5b231421be4dbb38a3af45783543bef50b74c09c
2012-04-15 11:53:55 +08:00
Paul McMillan
86eb836685 Minor grammar corrections.
Fix its/it's, clarify a few other wordings.

Change-Id: I4459e72e79caf84f4c69378cf20f7c443cf48b97
2012-04-10 12:54:12 -07:00
Lorin Hochstein
fea599efcc Updated RST docs on containers, fewer references to OVF format.
Updated the RST documentation that discusses container formats, since they
aren't really used right now.

Changed some examples from ovf to bare, since in most cases, users just upload
a bare image file.

Change-Id: I844d7827c3de4df6cdddb9b963cc2f236a3e6767
2012-04-02 12:03:16 -04:00
Bhuvan Arumugam
98405b2a1f Typo.
* doc/source/configuring.rst
  Fix typo.

* Authors
  Add my name in this file.

Change-Id: I23cea08560a02897c85d031bd0f16f22d7d84db0
2012-03-25 12:58:10 -07:00
Brian Waldon
17397a9ce7 Add 'publicize_image' policy
* Allow deployers apply RBAC rules to setting the is_public image attribute to True
* Add docs for publicize_image and manage_image_cache policies
* Fixes bug 960261

Change-Id: I100a6c93377617cc0e774b6ee3a69e857a05c260
2012-03-20 08:35:46 -07:00
Brian Waldon
5bd453b14e Remove keystone.middleware.glance_auth_token
* The use of this middleware is no longer necessary
* Fixes bug 957501

Change-Id: I2536babe6b34aa0cb6aca2b3e768ac85800f93e7
2012-03-16 15:53:23 -07:00
Jenkins
e1fae1d4bb Merge "Add admin_role option" 2012-03-16 20:35:25 +00:00
Brian Waldon
eff04c5612 Add admin_role option
* Allow a deployer to define the role that should give an authenticated
  user admin privileges. Defaults to 'admin'
* Fixes bug 956547

Change-Id: I018b9c438a12c527833ed8e2e6c377a93fde9130
2012-03-16 11:50:20 -07:00
Brian Waldon
9f2de6c1e4 Remove references to admin_token
* Fixes bug 957193

Change-Id: Id9e03dd195f4d859a983703b1ed1db0700ffd29d
2012-03-16 11:46:53 -07:00
Brian Waldon
d453def814 Remove glance-cache-queue-image
* bin/glance-cache-queue-image duplicates functionality provided by
  bin/ glance-cache-manage, and it is currently broken. Let's just remove it.

Change-Id: Ib18be2116055154047df6ca9b4c335323c8b2dde
2012-03-15 14:26:59 -07:00
Brian Waldon
3a8103e68c Updating authentication docs
* Update docs to reflect correct attribute names for configs and env vars
* Remove old env var conversion tool
* Fixes bug 952405

Change-Id: I45b2519fe97e76987a9e0acda14b303ba75afd02
2012-03-14 18:03:06 -07:00
Jenkins
45b453b276 Merge "Add note about cache config options" 2012-03-14 22:09:13 +00:00
Jenkins
66c3d31219 Merge "Update cli docs" 2012-03-14 22:01:02 +00:00
Jenkins
6be4e3fdcd Merge "Remove 'community' doc page" 2012-03-14 21:52:48 +00:00
Jenkins
5f0d40b3af Merge "General docs cleanup" 2012-03-14 21:41:59 +00:00
Brian Waldon
d9f4cbfa75 General docs cleanup
Change-Id: If60b8f4bca81add9353fe1e0c6e26eb3d4230d53
2012-03-14 14:07:24 -07:00
Brian Waldon
f1bc67c24b Remove todolist from docs
* Fixes bug 954543

Change-Id: Ib6ca8bbed18f1967108825b8b219a7d46336d11d
2012-03-14 14:02:16 -07:00
Brian Waldon
b6b28d1ed4 Add note about cache config options
The image cache configuration needs to be duplicated between glance-api.conf
and glance-cache.conf. This adds a note in the documentation to help clarify
that fact.

Change-Id: I125a56fecadc89d127570581c3ddb5d3faa3475c
2012-03-14 10:30:28 -07:00
Brian Waldon
ce33576e83 Update cli docs
* Add current examples
* Remove happiness
* Remove extraneous example flags

Change-Id: Ia41d2b4763bba58ef60f140b24a0c925a8d68fca
2012-03-13 19:05:16 -07:00
Brian Waldon
691deeb4a3 Remove 'community' doc page
This page is duplicated several times over on the wiki, let's get rid of
it rather than worry about keeping it up to date.

Change-Id: I09a9c093b708526d6c73eb270b05131bfb715af0
2012-03-13 18:23:00 -07:00
Brian Waldon
6e2f39d69b Removing registry spec from docs
* Rewords how we refer to to our 'reference' implementation of the registry
  API. glance-registry is an implementation detail of the main glance API, not
  an example of a community-driven API spec
* Remove duplicate 'gettingstarted' information
* Fixes bug 954554

Change-Id: I889f61a399c398897f2146b756b2c3c310847718
2012-03-13 16:26:19 -07:00
Ken Pepple
b43b676e58 updates man page for glance-scrubber.
this time with extra pep8 scrubbing powers.
Fixes bug 908803

Change-Id: I105cc3157fe839cc35ef5e1fc1a5f032b04d1c9d
2012-03-09 09:50:56 -08:00
Hengqing Hu
bbf46b45cd Remove trailing whitespaces in regular file
Change-Id: I0d015501492902ddf7fda20e0381fc21fbcaeb91
2012-03-03 12:10:46 +08:00
Jesse Andrews
c6a626e243 add git commit date / sha1 to sphinx html docs
Change-Id: I9f92a459fbf83bb42ff2fa31c2fb9c09372c8138
2012-03-02 16:03:22 -08:00
Stuart McLaren
8d46288e9c Allow region selection when using V2 keystone
Fix for bug 936798. Allow a client to select which
region endpoint they want from the service catalogue.

The region can be set via the environment variable
OS_REGION_NAME or via the '-R/--region' command line
option.

If a single image endpoint is returned from keystone,
the client will use that even if no region was specified
(the default). Where multiple endpoints exist a region
must be provided.

Change-Id: I6797f8ddf88d5875caf194913082c3fe24c86585
2012-03-01 12:05:59 +00:00
Jenkins
44461b41f4 Merge "Support new image copied from external storage." 2012-02-22 19:02:02 +00:00
Brian Waldon
c0bce060b8 Correct kernel/ramdisk example in docs
* Fixes bug 937260

Change-Id: I43ea7d5c1434cc9e1454f6915e2b76586383bb89
2012-02-22 10:16:11 -08:00
Eoghan Glynn
c83bce1ce6 Support new image copied from external storage.
Implements bp retrieve-image-from

Added support for a new header:

  x-glance-api-copy-from: URI

where URI is a HTTP, S3, or Swift location that's accessible to the
glance API service. Where present, the image content is copied from
the external store to the backend store currently configured for
the glance API service.

Impedence between the representation returned by Store.get() and
the implicit requirements of Store.add() required careful iterator/
filelike wrapping.

Also rationalized the S3 and Swift functional test setup logic and
added a new decorator-based mechanism to allow a functional testcase
require multiple backend stores to be available and configured.

Change-Id: If783a09c273832b8926aabc60b7eba8b3ab956d6
2012-02-22 18:03:48 +00:00
Eoghan Glynn
62c913c3ad Require container & disk formats on image create
Fixes lp 933702

For images created via the glance CLI, the container and disk formats
were previously defaulted if not explicitly set. However if created via
the python or REST APIs, these attributes were not defaulted if unset.

There is no real sensible default for these formats, so now an image
create fails with 400 "Bad Request" if the format metadata are missing.

Also we ensure unset image metadata are not reported in x-image-meta-*
headers in order to disambiguate None and empty string values.

Change-Id: I8189383f5f9adf42a8cdac7f8dc7e9327baf46da
2012-02-20 18:06:51 +00:00
Stuart McLaren
0f0fe2ba1b New -k/--insecure command line option
Fix for bug 929591.

Change glance to require server certificate validation
by default when using https. The standard system
CA file will be used if available (and an alternative was not
provided).

The --insecure option can be used by clients to skip server
certificate validation if appropriate.

* This change will impact Nova clients accessing glance over https.
  If the standard CA file is not suitable they will need to provide
  a CA file or else create an 'insecure' glance client.
* Accesses to a https registry server must now perform server
  certificate validation.
* If the package which provides the standard
  system CA file is installed then that file will be used by default.
  It probably makes sense for the glance package to have a
  dependency on whichever package provides the default CA bundle.
  (In Ubuntu this is 'ca-certificates')

Change-Id: I7c83361ba0881559ec77d4baf10dfeb5b8e32185
2012-02-13 13:57:13 +00:00
Russell Bryant
2fa1ed0da1 Implement blueprint add-qpid-support.
This patch implements a new notification strategy that sends
notifications to a message queue via Qpid.

Change-Id: Ie2640139dcf735e428af63e9e87b3667a2b22eb5
2012-02-10 15:36:13 -05:00
Eoghan Glynn
804396204e Respawn glance services on unexpected death.
Fixes bug 923894

Add new '--respawn' option to cause glance services launched via
glance-control to be monitored for unexpected death and resuscitated
as necessary.

This option will cause glance-control itself to remain running.

Deliberately stopped services are not respawned, neither are rapidly
bouncing services (where process death occurred within one second
of the last launch).

Change-Id: I1a9a99cce9b6ad43274836e39ebe4f29c19455af
2012-02-08 09:41:11 +00:00
Eoghan Glynn
132c54f173 Add --capture-output option to glance-control.
Fixes bug 923894

Previously all stdout/err from glance services was discarded
if launched via glance-control.

The --capture-output option allows such output to be instead
captured in the syslog.

Non-termination output should be flushed to ensure timely
arrival in /var/log/messages.

Change-Id: I5c11ad4b9f7f321a3d1cab71e34c2a6707ef1b5e
2012-02-02 22:57:28 +00:00
Rick Harris
7c2e32511a Typofix is_publi -> is_public
Change-Id: I58d6de4387c7915acf1fc139ef9a0ad81bf64a91
2012-02-02 19:28:43 +00:00
Jay Pipes
180ae8964d Adds documentation for policy files.
Implements interim-glance-authz-service

Change-Id: Ifefa4174aa45a29fd58ab40c74b5eaf6fecb4f83
2012-01-24 21:19:26 -05:00
Eoghan Glynn
6cac288a87 More flexible specification of auth credentials.
Fixes bug 853933

Add new --username|--password|--tenant|--auth_url|--auth_strategy
switches to bin/glance to allow the username, password, tenant name,
and authentication URL & strategy be specified on the command line.

Avoid needlessly falling back to keystone v2 auth after a successful:

  GET /v1.0/tokens

returns with the X-Image-Management-Url or X-Glance header set,
as opposed to X-Server-Management-Url.

Extend the keystone functional test support to ensure that the URL
returned by keystone via the X-*-Url header contains the appropriate
dynamically allocated port for the glance API service.

Ensure the underlying $OS_* environment variables do not leak into the
TestPrivateImagesCli functional tests, also explicitly exercise both
noauth and keystone strategies.

Change-Id: Iee8bf3745d65a9c57a9da803d5cf9ae5f343a159
2012-01-24 17:45:41 +00:00
Stuart McLaren
e893b248a2 Multi-process Glance API server support.
Implements blueprint multi-process-server. Allows several Glance API
worker processes to be started, which can increase performance on machines
with more than one CPU.

Change-Id: I1cbb48945fd23afd71de3a30b80836b590c023a1
2012-01-19 09:45:21 -08:00