Patchset addresses reviewer's comments, rebase against master,
and follows new guidance from Foundation:
http://wiki.openstack.org/Documentation/Copyright
Change-Id: I94367461505778973528eb8835d991f4fb796dab
Add a "registry_client_timeout" parameter which specifies the
time, in seconds, that an API server will wait for a registry
request to complete.
This prevents API clients hanging indefinitely in the event
that the registry becomes unresponsive.
Addresses LP bug 1089391.
Change-Id: Ib27b6eecdcb65cbe644c156a0ca5cd0d0b4638dd
This fixes LP bug #1063793.
This adds a new API config option registry_client_insecure
(default false) which optionally allows not to specify a ca
file for registry connections from the API server.
The default is false so existing behaviour is
unchanged unless this option is specified.
Adding this option makes the registry symmetric wrt the API
with which you can connect using clients with --insecure
Change-Id: I4fa462cd68afaf14f7d7de6c572980a41c0849d6
This documents how to disable the v1 and v2 APIs. It also makes a note
about sql configuration on the glance-api node when the v2 API is
enabled.
Fixes bug 1054168
Change-Id: I4faa29f1b05d8831347febc261f7e47e49dfa09a
Fixes bug 1054183
Avoid AMQPChannelException: (406, "PRECONDITION_FAILED...") failures
due to a mismatch between the durability of rabbitmq exchange/queue
declared by glance and ceilometer.
Change-Id: I4e25986a1f503782e701aa1168c4eb231ff25d06
The blurb about configuring glance client doesn't belong in the
server project documentation. This removes it.
Related to bp glance-folsom-docs-cleanup
Change-Id: I3932e1af382813bf069f4920218dd60cd04790f5
* Drop image sharing blurb from authentication docs.
* Link to authentication page from api page
Related to bp glance-folsom-docs-cleanup
Change-Id: Idac46a78f79fac0c673f6a9b91c1f44df7b705b4
* Add bit about images api vs glance
* Explain how to send auth token
* Prepend '/v1' to example URIs
Related to bp glance-folsom-docs-cleanup
Change-Id: I2c3b568e463f62033268573f50f2d8a74d053965
Link out to the necessary python-glanceclient resources rather than
maintain docs on legacy usage.
Related to bp glance-folsom-docs-cleanup
Change-Id: I769cd21b900df353e7eee3d675989b1ad32f8edf
* Remove autodoc sphinx extension
* Ignore auto-generated 'api' docs
* Prevent the corresponding 'api' index from being created
* Prevent an empty 'index' page from getting generated
Related to bp glance-folsom-docs-cleanup
Change-Id: I82c9389f884ea4af853f1215731c051d1fb596e8
This patch adds a policy, 'download_image', to be enforced when image data is
retrieved. It also does some basic refactoring of how policies are enforced.
Fixes bug 1038086
Change-Id: Idd844b615d362eae3197e106067c29dba8e3eeda
This adds a 'ca_file' config option that points to a local
CA cert that will be used to verify certs provided by
connecting clients. The 'ca_file' option is only used if the
server is already properly configured to to use SSL - that
means having a valid 'cert_file' and 'key_file'. If no 'ca_file'
is provided, the behavior will remain the same - the server
will still provide its cert to clients, but it will ignore
certs sent back from those clients.
Fixes bug 1032451
Change-Id: Ie48646b0fc5398ba7cda2fb627b820f533482e00
Add a swift storage option to configure a default list of admin
tenant IDs which will be granted write access on any swift
images.
This setting might be useful when a user choose not to use a global
swift admin role when managing glance images. This might also
be useful when implementing delayed delete for glance swift
multi-tenant.
Partially implements blueprint: swift-tenant-specific-storage.
Change-Id: Id65e1c8d114c9551b99f6a18c527ba26aefd341f
Updates the swift store to support multiple tenants:
* Added configuration option for swift_store_multi_tenant.
* Updated the swift connection creation logic so that in multi-tenant
mode the token and storage URL from the service catalog are used
to create swift connection.
* When in multi-tenant mode locations URL's (stored in the DB) do
not contain hard coded swift credentials.
Includes unit tests to verify multi-tenant swift storage URLs.
Partially implements blueprint: swift-tenant-specific-storage.
Change-Id: I45fc97027e6f211ac353513c2d9d6da51ccf4489
Addresses LP 1025353 for the v1 API.
Transition image status to active immediately on creation
(as opposed to leaving it queued forever) if the size is set
to zero from the get-go.
The v2 implementation is left unchanged for now, as the image
status does not appear to ever transition from queued to active
in that case.
This change allows an image to be created that simply acts as
a properties bucket, but requires no image data. For example,
an image created from a booted-from-volume instance where only
the kernel, ramdisk ID, and block device mappings are required.
Change-Id: I61e96f3fe5f5245fec791170b4a8b4c72135c3de
Implements blueprint cfg-global-object
In glance.common.wsgi we have a paste_deploy_app() API which allows
a ConfigOpts instance to be passed the the applications and filters
constructed by PasteDeploy.
Now that we're using a global object, we don't need this anymore
Change-Id: I222d3c58308bc2f504cd802c0c8405d3baa2e49a
Use UnauthenticatedContextMiddleware in the case that you want to deploy
without an auth service. ContextMiddleware is now solely for authenticated
requests.
* Rewrite ownership tests for adding/updating images through the v1 API
* Fixes bug 992859
Change-Id: I608671aac8300c9195769542708708afda991e04
* remove auth_uri - do not need when set auth_port, auth_host, auth_protocol
* remove servce_* variables - not needed in new keystone
* update associated documentation
Change-Id: I9bf7d53f7d62371848645a242ae63f77b42319db
Allow multiple config files to be pulled in from a config directory,
as opposed to individual config files being explicitly enumerated.
This logic is enabled using the --config-dir=/path/to/config CLI option,
causing config to be retrived from all matching /path/to/config/*.conf
files.
Sections may be re-opened across config files, and all config items
must reside in an explicitly specified section (i.e. it does not default
to [DEFAULT]). This behavior is unchanged.
The common elements of this patch (i.e. not specific to the
glance-specific location of paste.ini files) have landed in
to openstack-common as:
https://github.com/openstack/openstack-common/commit/fd8c2e7c
Change-Id: I3b659f1837c082bd1a78fe860a468f9d68f0f132
