OpenStack Image Management (Glance)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

cache.py 13KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326
  1. # Copyright 2011 OpenStack Foundation
  2. # All Rights Reserved.
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  5. # not use this file except in compliance with the License. You may obtain
  6. # a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13. # License for the specific language governing permissions and limitations
  14. # under the License.
  15. """
  16. Transparent image file caching middleware, designed to live on
  17. Glance API nodes. When images are requested from the API node,
  18. this middleware caches the returned image file to local filesystem.
  19. When subsequent requests for the same image file are received,
  20. the local cached copy of the image file is returned.
  21. """
  22. import re
  23. import six
  24. from oslo_log import log as logging
  25. from six.moves import http_client as http
  26. import webob
  27. from glance.api.common import size_checked_iter
  28. from glance.api import policy
  29. from glance.common import exception
  30. from glance.common import utils
  31. from glance.common import wsgi
  32. import glance.db
  33. from glance.i18n import _LE, _LI
  34. from glance import image_cache
  35. from glance import notifier
  36. import glance.registry.client.v1.api as registry
  37. LOG = logging.getLogger(__name__)
  38. PATTERNS = {
  39. ('v1', 'GET'): re.compile(r'^/v1/images/([^\/]+)$'),
  40. ('v1', 'DELETE'): re.compile(r'^/v1/images/([^\/]+)$'),
  41. ('v2', 'GET'): re.compile(r'^/v2/images/([^\/]+)/file$'),
  42. ('v2', 'DELETE'): re.compile(r'^/v2/images/([^\/]+)$')
  43. }
  44. class CacheFilter(wsgi.Middleware):
  45. def __init__(self, app):
  46. self.cache = image_cache.ImageCache()
  47. self.policy = policy.Enforcer()
  48. LOG.info(_LI("Initialized image cache middleware"))
  49. super(CacheFilter, self).__init__(app)
  50. def _verify_metadata(self, image_meta):
  51. """
  52. Sanity check the 'deleted' and 'size' metadata values.
  53. """
  54. # NOTE: admins can see image metadata in the v1 API, but shouldn't
  55. # be able to download the actual image data.
  56. if image_meta['status'] == 'deleted' and image_meta['deleted']:
  57. raise exception.NotFound()
  58. if not image_meta['size']:
  59. # override image size metadata with the actual cached
  60. # file size, see LP Bug #900959
  61. if not isinstance(image_meta, policy.ImageTarget):
  62. image_meta['size'] = self.cache.get_image_size(
  63. image_meta['id'])
  64. else:
  65. image_meta.target.size = self.cache.get_image_size(
  66. image_meta['id'])
  67. @staticmethod
  68. def _match_request(request):
  69. """Determine the version of the url and extract the image id
  70. :returns: tuple of version and image id if the url is a cacheable,
  71. otherwise None
  72. """
  73. for ((version, method), pattern) in PATTERNS.items():
  74. if request.method != method:
  75. continue
  76. match = pattern.match(request.path_info)
  77. if match is None:
  78. continue
  79. image_id = match.group(1)
  80. # Ensure the image id we got looks like an image id to filter
  81. # out a URI like /images/detail. See LP Bug #879136
  82. if image_id != 'detail':
  83. return (version, method, image_id)
  84. def _enforce(self, req, action, target=None):
  85. """Authorize an action against our policies"""
  86. if target is None:
  87. target = {}
  88. try:
  89. self.policy.enforce(req.context, action, target)
  90. except exception.Forbidden as e:
  91. LOG.debug("User not permitted to perform '%s' action", action)
  92. raise webob.exc.HTTPForbidden(explanation=e.msg, request=req)
  93. def _get_v1_image_metadata(self, request, image_id):
  94. """
  95. Retrieves image metadata using registry for v1 api and creates
  96. dictionary-like mash-up of image core and custom properties.
  97. """
  98. try:
  99. image_metadata = registry.get_image_metadata(request.context,
  100. image_id)
  101. return utils.create_mashup_dict(image_metadata)
  102. except exception.NotFound as e:
  103. LOG.debug("No metadata found for image '%s'", image_id)
  104. raise webob.exc.HTTPNotFound(explanation=e.msg, request=request)
  105. def _get_v2_image_metadata(self, request, image_id):
  106. """
  107. Retrieves image and for v2 api and creates adapter like object
  108. to access image core or custom properties on request.
  109. """
  110. db_api = glance.db.get_api()
  111. image_repo = glance.db.ImageRepo(request.context, db_api)
  112. try:
  113. image = image_repo.get(image_id)
  114. # Storing image object in request as it is required in
  115. # _process_v2_request call.
  116. request.environ['api.cache.image'] = image
  117. return policy.ImageTarget(image)
  118. except exception.NotFound as e:
  119. raise webob.exc.HTTPNotFound(explanation=e.msg, request=request)
  120. def process_request(self, request):
  121. """
  122. For requests for an image file, we check the local image
  123. cache. If present, we return the image file, appending
  124. the image metadata in headers. If not present, we pass
  125. the request on to the next application in the pipeline.
  126. """
  127. match = self._match_request(request)
  128. try:
  129. (version, method, image_id) = match
  130. except TypeError:
  131. # Trying to unpack None raises this exception
  132. return None
  133. self._stash_request_info(request, image_id, method, version)
  134. # Partial image download requests shall not be served from cache
  135. # Bug: 1664709
  136. # TODO(dharinic): If an image is already cached, add support to serve
  137. # only the requested bytes (partial image download) from the cache.
  138. if (request.headers.get('Content-Range') or
  139. request.headers.get('Range')):
  140. return None
  141. if request.method != 'GET' or not self.cache.is_cached(image_id):
  142. return None
  143. method = getattr(self, '_get_%s_image_metadata' % version)
  144. image_metadata = method(request, image_id)
  145. # Deactivated images shall not be served from cache
  146. if image_metadata['status'] == 'deactivated':
  147. return None
  148. try:
  149. self._enforce(request, 'download_image', target=image_metadata)
  150. except exception.Forbidden:
  151. return None
  152. LOG.debug("Cache hit for image '%s'", image_id)
  153. image_iterator = self.get_from_cache(image_id)
  154. method = getattr(self, '_process_%s_request' % version)
  155. try:
  156. return method(request, image_id, image_iterator, image_metadata)
  157. except exception.ImageNotFound:
  158. msg = _LE("Image cache contained image file for image '%s', "
  159. "however the registry did not contain metadata for "
  160. "that image!") % image_id
  161. LOG.error(msg)
  162. self.cache.delete_cached_image(image_id)
  163. @staticmethod
  164. def _stash_request_info(request, image_id, method, version):
  165. """
  166. Preserve the image id, version and request method for later retrieval
  167. """
  168. request.environ['api.cache.image_id'] = image_id
  169. request.environ['api.cache.method'] = method
  170. request.environ['api.cache.version'] = version
  171. @staticmethod
  172. def _fetch_request_info(request):
  173. """
  174. Preserve the cached image id, version for consumption by the
  175. process_response method of this middleware
  176. """
  177. try:
  178. image_id = request.environ['api.cache.image_id']
  179. method = request.environ['api.cache.method']
  180. version = request.environ['api.cache.version']
  181. except KeyError:
  182. return None
  183. else:
  184. return (image_id, method, version)
  185. def _process_v2_request(self, request, image_id, image_iterator,
  186. image_meta):
  187. # We do some contortions to get the image_metadata so
  188. # that we can provide it to 'size_checked_iter' which
  189. # will generate a notification.
  190. # TODO(mclaren): Make notification happen more
  191. # naturally once caching is part of the domain model.
  192. image = request.environ['api.cache.image']
  193. self._verify_metadata(image_meta)
  194. response = webob.Response(request=request)
  195. response.app_iter = size_checked_iter(response, image_meta,
  196. image_meta['size'],
  197. image_iterator,
  198. notifier.Notifier())
  199. # NOTE (flwang): Set the content-type, content-md5 and content-length
  200. # explicitly to be consistent with the non-cache scenario.
  201. # Besides, it's not worth the candle to invoke the "download" method
  202. # of ResponseSerializer under image_data. Because method "download"
  203. # will reset the app_iter. Then we have to call method
  204. # "size_checked_iter" to avoid missing any notification. But after
  205. # call "size_checked_iter", we will lose the content-md5 and
  206. # content-length got by the method "download" because of this issue:
  207. # https://github.com/Pylons/webob/issues/86
  208. response.headers['Content-Type'] = 'application/octet-stream'
  209. if image.checksum:
  210. response.headers['Content-MD5'] = (image.checksum.encode('utf-8')
  211. if six.PY2 else image.checksum)
  212. response.headers['Content-Length'] = str(image.size)
  213. return response
  214. def process_response(self, resp):
  215. """
  216. We intercept the response coming back from the main
  217. images Resource, removing image file from the cache
  218. if necessary
  219. """
  220. status_code = self.get_status_code(resp)
  221. if not 200 <= status_code < 300:
  222. return resp
  223. # Note(dharinic): Bug: 1664709: Do not cache partial images.
  224. if status_code == http.PARTIAL_CONTENT:
  225. return resp
  226. try:
  227. (image_id, method, version) = self._fetch_request_info(
  228. resp.request)
  229. except TypeError:
  230. return resp
  231. if method == 'GET' and status_code == http.NO_CONTENT:
  232. # Bugfix:1251055 - Don't cache non-existent image files.
  233. # NOTE: Both GET for an image without locations and DELETE return
  234. # 204 but DELETE should be processed.
  235. return resp
  236. method_str = '_process_%s_response' % method
  237. try:
  238. process_response_method = getattr(self, method_str)
  239. except AttributeError:
  240. LOG.error(_LE('could not find %s') % method_str)
  241. # Nothing to do here, move along
  242. return resp
  243. else:
  244. return process_response_method(resp, image_id, version=version)
  245. def _process_DELETE_response(self, resp, image_id, version=None):
  246. if self.cache.is_cached(image_id):
  247. LOG.debug("Removing image %s from cache", image_id)
  248. self.cache.delete_cached_image(image_id)
  249. return resp
  250. def _process_GET_response(self, resp, image_id, version=None):
  251. image_checksum = resp.headers.get('Content-MD5')
  252. if not image_checksum:
  253. # API V1 stores the checksum in a different header:
  254. image_checksum = resp.headers.get('x-image-meta-checksum')
  255. if not image_checksum:
  256. LOG.error(_LE("Checksum header is missing."))
  257. # fetch image_meta on the basis of version
  258. image_metadata = None
  259. if version:
  260. method = getattr(self, '_get_%s_image_metadata' % version)
  261. image_metadata = method(resp.request, image_id)
  262. # NOTE(zhiyan): image_cache return a generator object and set to
  263. # response.app_iter, it will be called by eventlet.wsgi later.
  264. # So we need enforce policy firstly but do it by application
  265. # since eventlet.wsgi could not catch webob.exc.HTTPForbidden and
  266. # return 403 error to client then.
  267. self._enforce(resp.request, 'download_image', target=image_metadata)
  268. resp.app_iter = self.cache.get_caching_iter(image_id, image_checksum,
  269. resp.app_iter)
  270. return resp
  271. def get_status_code(self, response):
  272. """
  273. Returns the integer status code from the response, which
  274. can be either a Webob.Response (used in testing) or httplib.Response
  275. """
  276. if hasattr(response, 'status_int'):
  277. return response.status_int
  278. return response.status
  279. def get_from_cache(self, image_id):
  280. """Called if cache hit"""
  281. with self.cache.open_for_read(image_id) as cache_file:
  282. chunks = utils.chunkiter(cache_file)
  283. for chunk in chunks:
  284. yield chunk