nova/nova/image/glance.py

1311 lines
55 KiB
Python

# Copyright 2010 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Implementation of an image service that uses Glance as the backend."""
import copy
import inspect
import itertools
import os
import random
import re
import stat
import sys
import time
import urllib.parse as urlparse
import cryptography
from cursive import certificate_utils
from cursive import exception as cursive_exception
from cursive import signature_utils
import glanceclient
from glanceclient.common import utils as glance_utils
import glanceclient.exc
from glanceclient.v2 import schemas
from keystoneauth1 import loading as ks_loading
from oslo_log import log as logging
from oslo_serialization import jsonutils
from oslo_utils import excutils
from oslo_utils import timeutils
import nova.conf
from nova import exception
from nova import objects
from nova.objects import fields
from nova import profiler
from nova import service_auth
from nova import utils
LOG = logging.getLogger(__name__)
CONF = nova.conf.CONF
_SESSION = None
def _session_and_auth(context):
# Session is cached, but auth needs to be pulled from context each time.
global _SESSION
if not _SESSION:
_SESSION = ks_loading.load_session_from_conf_options(
CONF, nova.conf.glance.glance_group.name)
auth = service_auth.get_auth_plugin(context)
return _SESSION, auth
def _glanceclient_from_endpoint(context, endpoint, version):
sess, auth = _session_and_auth(context)
return glanceclient.Client(version, session=sess, auth=auth,
endpoint_override=endpoint,
global_request_id=context.global_id)
def generate_glance_url(context):
"""Return a random glance url from the api servers we know about."""
return next(get_api_servers(context))
def _endpoint_from_image_ref(image_href):
"""Return the image_ref and guessed endpoint from an image url.
:param image_href: href of an image
:returns: a tuple of the form (image_id, endpoint_url)
"""
parts = image_href.split('/')
image_id = parts[-1]
# the endpoint is everything in the url except the last 3 bits
# which are version, 'images', and image_id
endpoint = '/'.join(parts[:-3])
return (image_id, endpoint)
def generate_identity_headers(context, status='Confirmed'):
return {
'X-Auth-Token': getattr(context, 'auth_token', None),
'X-User-Id': getattr(context, 'user_id', None),
'X-Tenant-Id': getattr(context, 'project_id', None),
'X-Roles': ','.join(getattr(context, 'roles', [])),
'X-Identity-Status': status,
}
def get_api_servers(context):
"""Shuffle a list of service endpoints and return an iterator that will
cycle through the list, looping around to the beginning if necessary.
"""
# NOTE(efried): utils.get_ksa_adapter().get_endpoint() is the preferred
# mechanism for endpoint discovery. Only use `api_servers` if you really
# need to shuffle multiple endpoints.
if CONF.glance.api_servers:
api_servers = CONF.glance.api_servers
random.shuffle(api_servers)
else:
sess, auth = _session_and_auth(context)
ksa_adap = utils.get_ksa_adapter(
nova.conf.glance.DEFAULT_SERVICE_TYPE,
ksa_auth=auth, ksa_session=sess,
min_version='2.0', max_version='2.latest')
endpoint = utils.get_endpoint(ksa_adap)
if endpoint:
# NOTE(mriedem): Due to python-glanceclient bug 1707995 we have
# to massage the endpoint URL otherwise it won't work properly.
# We can't use glanceclient.common.utils.strip_version because
# of bug 1748009.
endpoint = re.sub(r'/v\d+(\.\d+)?/?$', '/', endpoint)
api_servers = [endpoint]
return itertools.cycle(api_servers)
class GlanceClientWrapper(object):
"""Glance client wrapper class that implements retries."""
def __init__(self, context=None, endpoint=None):
version = 2
if endpoint is not None:
self.client = self._create_static_client(context,
endpoint,
version)
else:
self.client = None
self.api_servers = None
def _create_static_client(self, context, endpoint, version):
"""Create a client that we'll use for every call."""
self.api_server = str(endpoint)
return _glanceclient_from_endpoint(context, endpoint, version)
def _create_onetime_client(self, context, version):
"""Create a client that will be used for one call."""
if self.api_servers is None:
self.api_servers = get_api_servers(context)
self.api_server = next(self.api_servers)
return _glanceclient_from_endpoint(context, self.api_server, version)
def call(self, context, version, method, controller=None, args=None,
kwargs=None):
"""Call a glance client method. If we get a connection error,
retry the request according to CONF.glance.num_retries.
:param context: RequestContext to use
:param version: Numeric version of the *Glance API* to use
:param method: string method name to execute on the glanceclient
:param controller: optional string name of the client controller to
use. Default (None) is to use the 'images'
controller
:param args: optional iterable of arguments to pass to the
glanceclient method, splatted as positional args
:param kwargs: optional dict of arguments to pass to the glanceclient,
splatted into named arguments
"""
args = args or []
kwargs = kwargs or {}
retry_excs = (glanceclient.exc.ServiceUnavailable,
glanceclient.exc.InvalidEndpoint,
glanceclient.exc.CommunicationError,
IOError)
num_attempts = 1 + CONF.glance.num_retries
controller_name = controller or 'images'
for attempt in range(1, num_attempts + 1):
client = self.client or self._create_onetime_client(context,
version)
try:
controller = getattr(client, controller_name)
result = getattr(controller, method)(*args, **kwargs)
if inspect.isgenerator(result):
# Convert generator results to a list, so that we can
# catch any potential exceptions now and retry the call.
return list(result)
return result
except retry_excs as e:
if attempt < num_attempts:
extra = "retrying"
else:
extra = 'done trying'
LOG.exception("Error contacting glance server "
"'%(server)s' for '%(method)s', "
"%(extra)s.",
{'server': self.api_server,
'method': method, 'extra': extra})
if attempt == num_attempts:
raise exception.GlanceConnectionFailed(
server=str(self.api_server), reason=str(e))
time.sleep(1)
class GlanceImageServiceV2(object):
"""Provides storage and retrieval of disk image objects within Glance."""
def __init__(self, client=None):
self._client = client or GlanceClientWrapper()
# NOTE(danms): This used to be built from a list of external modules
# that were loaded at runtime. Preserve this list for implementations
# to be added here.
self._download_handlers = {}
if CONF.glance.enable_rbd_download:
self._download_handlers['rbd'] = self.rbd_download
def rbd_download(self, context, url_parts, dst_path, metadata=None):
"""Use an explicit rbd call to download an image.
:param context: The `nova.context.RequestContext` object for the
request
:param url_parts: Parts of URL pointing to the image location
:param dst_path: Filepath to transfer the image file to.
:param metadata: Image location metadata (currently unused)
"""
# avoid circular import
from nova.storage import rbd_utils
try:
# Parse the RBD URL from url_parts, it should consist of 4
# sections and be in the format of:
# <cluster_uuid>/<pool_name>/<image_uuid>/<snapshot_name>
url_path = str(urlparse.unquote(url_parts.path))
cluster_uuid, pool_name, image_uuid, snapshot_name = (
url_path.split('/'))
except ValueError as e:
msg = f"Invalid RBD URL format: {e}"
LOG.error(msg)
raise nova.exception.InvalidParameterValue(msg)
rbd_driver = rbd_utils.RBDDriver(
user=CONF.glance.rbd_user,
pool=CONF.glance.rbd_pool,
ceph_conf=CONF.glance.rbd_ceph_conf,
connect_timeout=CONF.glance.rbd_connect_timeout)
try:
LOG.debug("Attempting to export RBD image: "
"[pool_name: %s] [image_uuid: %s] "
"[snapshot_name: %s] [dst_path: %s]",
pool_name, image_uuid, snapshot_name, dst_path)
rbd_driver.export_image(dst_path, image_uuid,
snapshot_name, pool_name)
except Exception as e:
LOG.error("Error during RBD image export: %s", e)
raise nova.exception.CouldNotFetchImage(image_id=image_uuid)
def show(self, context, image_id, include_locations=False,
show_deleted=True):
"""Returns a dict with image data for the given opaque image id.
:param context: The context object to pass to image client
:param image_id: The UUID of the image
:param include_locations: (Optional) include locations in the returned
dict of information if the image service API
supports it. If the image service API does
not support the locations attribute, it will
still be included in the returned dict, as an
empty list.
:param show_deleted: (Optional) show the image even the status of
image is deleted.
"""
try:
image = self._client.call(context, 2, 'get', args=(image_id,))
except Exception:
_reraise_translated_image_exception(image_id)
if not show_deleted and getattr(image, 'deleted', False):
raise exception.ImageNotFound(image_id=image_id)
if not _is_image_available(context, image):
raise exception.ImageNotFound(image_id=image_id)
image = _translate_from_glance(image,
include_locations=include_locations)
if include_locations:
locations = image.get('locations', None) or []
du = image.get('direct_url', None)
if du:
locations.append({'url': du, 'metadata': {}})
image['locations'] = locations
return image
def _get_transfer_method(self, scheme):
"""Returns a transfer method for scheme, or None."""
try:
return self._download_handlers[scheme]
except KeyError:
return None
def detail(self, context, **kwargs):
"""Calls out to Glance for a list of detailed image information."""
params = _extract_query_params_v2(kwargs)
try:
images = self._client.call(context, 2, 'list', kwargs=params)
except Exception:
_reraise_translated_exception()
_images = []
for image in images:
if _is_image_available(context, image):
_images.append(_translate_from_glance(image))
return _images
@staticmethod
def _safe_fsync(fh):
"""Performs os.fsync on a filehandle only if it is supported.
fsync on a pipe, FIFO, or socket raises OSError with EINVAL. This
method discovers whether the target filehandle is one of these types
and only performs fsync if it isn't.
:param fh: Open filehandle (not a path or fileno) to maybe fsync.
"""
fileno = fh.fileno()
mode = os.fstat(fileno).st_mode
# A pipe answers True to S_ISFIFO
if not any(check(mode) for check in (stat.S_ISFIFO, stat.S_ISSOCK)):
os.fsync(fileno)
def download(self, context, image_id, data=None, dst_path=None,
trusted_certs=None):
"""Calls out to Glance for data and writes data."""
# First, check if image could be directly downloaded by special handler
if (self._download_handlers and dst_path is not None):
image = self.show(context, image_id, include_locations=True)
for entry in image.get('locations', []):
loc_url = entry['url']
loc_meta = entry['metadata']
o = urlparse.urlparse(loc_url)
xfer_method = self._get_transfer_method(o.scheme)
if xfer_method:
try:
xfer_method(context, o, dst_path, loc_meta)
LOG.info("Successfully transferred using %s", o.scheme)
# Load chunks from the downloaded image file
# for verification (if required)
with open(dst_path, 'rb') as fh:
downloaded_length = os.path.getsize(dst_path)
image_chunks = glance_utils.IterableWithLength(fh,
downloaded_length)
self._verify_and_write(context, image_id,
trusted_certs, image_chunks, None, None)
return
except Exception:
LOG.exception("Download image error")
# By default (or if direct download has failed), use glance client call
# to fetch the image and fill image_chunks
try:
image_chunks = self._client.call(
context, 2, 'data', args=(image_id,))
except Exception:
_reraise_translated_image_exception(image_id)
if image_chunks.wrapped is None:
# None is a valid return value, but there's nothing we can do with
# a image with no associated data
raise exception.ImageUnacceptable(image_id=image_id,
reason='Image has no associated data')
return self._verify_and_write(context, image_id, trusted_certs,
image_chunks, data, dst_path)
def _verify_and_write(self, context, image_id, trusted_certs,
image_chunks, data, dst_path):
"""Perform image signature verification and save the image file if needed.
This function writes the content of the image_chunks iterator either to
a file object provided by the data parameter or to a filepath provided
by dst_path parameter. If none of them are provided then no data will
be written out but instead image_chunks iterator is returned.
:param image_id: The UUID of the image
:param trusted_certs: A 'nova.objects.trusted_certs.TrustedCerts'
object with a list of trusted image certificate
IDs.
:param image_chunks An iterator pointing to the image data
:param data: File object to use when writing the image.
If passed as None and dst_path is provided, new file is opened.
:param dst_path: Filepath to transfer the image file to.
:returns an iterable with image data, or nothing. Iterable is returned
only when data param is None and dst_path is not provided (assuming
the caller wants to process the data by itself).
"""
close_file = False
if data is None and dst_path:
data = open(dst_path, 'wb')
close_file = True
write_image = True
if data is None:
write_image = False
try:
# Retrieve properties for verification of Glance image signature
verifier = self._get_verifier(context, image_id, trusted_certs)
# Exit early if we do not need write nor verify
if verifier is None and write_image is False:
if data is None:
return image_chunks
else:
return
for chunk in image_chunks:
if verifier:
verifier.update(chunk)
if write_image:
data.write(chunk)
if verifier:
verifier.verify()
LOG.info('Image signature verification succeeded '
'for image %s', image_id)
except cryptography.exceptions.InvalidSignature:
if write_image:
data.truncate(0)
with excutils.save_and_reraise_exception():
LOG.error('Image signature verification failed '
'for image %s', image_id)
except Exception as ex:
if write_image:
with excutils.save_and_reraise_exception():
LOG.error("Error writing to %(path)s: %(exception)s",
{'path': dst_path, 'exception': ex})
else:
with excutils.save_and_reraise_exception():
LOG.error("Error during image verification: %s", ex)
finally:
if close_file:
# Ensure that the data is pushed all the way down to
# persistent storage. This ensures that in the event of a
# subsequent host crash we don't have running instances
# using a corrupt backing file.
data.flush()
self._safe_fsync(data)
data.close()
if isinstance(image_chunks, glance_utils.IterableWithLength):
image_chunks.iterable.close()
if data is None:
return image_chunks
def _get_verifier(self, context, image_id, trusted_certs):
verifier = None
# Use the default certs if the user didn't provide any (and there are
# default certs configured).
if (not trusted_certs and CONF.glance.enable_certificate_validation and
CONF.glance.default_trusted_certificate_ids):
trusted_certs = objects.TrustedCerts(
ids=CONF.glance.default_trusted_certificate_ids)
# Verify image signature if feature is enabled or trusted
# certificates were provided
if trusted_certs or CONF.glance.verify_glance_signatures:
image_meta_dict = self.show(context, image_id,
include_locations=False)
image_meta = objects.ImageMeta.from_dict(image_meta_dict)
img_signature = image_meta.properties.get('img_signature')
img_sig_hash_method = image_meta.properties.get(
'img_signature_hash_method'
)
img_sig_cert_uuid = image_meta.properties.get(
'img_signature_certificate_uuid'
)
img_sig_key_type = image_meta.properties.get(
'img_signature_key_type'
)
try:
verifier = signature_utils.get_verifier(
context=context,
img_signature_certificate_uuid=img_sig_cert_uuid,
img_signature_hash_method=img_sig_hash_method,
img_signature=img_signature,
img_signature_key_type=img_sig_key_type,
)
except cursive_exception.SignatureVerificationError:
with excutils.save_and_reraise_exception():
LOG.error('Image signature verification failed '
'for image: %s', image_id)
# Validate image signature certificate if trusted certificates
# were provided
# NOTE(jackie-truong): Certificate validation will occur if
# trusted_certs are provided, even if the certificate validation
# feature is disabled. This is to provide safety for the user.
# We may want to consider making this a "soft" check in the future.
if trusted_certs:
_verify_certs(context, img_sig_cert_uuid, trusted_certs)
elif CONF.glance.enable_certificate_validation:
msg = ('Image signature certificate validation enabled, '
'but no trusted certificate IDs were provided. '
'Unable to validate the certificate used to '
'verify the image signature.')
LOG.warning(msg)
raise exception.CertificateValidationFailed(msg)
else:
LOG.debug('Certificate validation was not performed. A list '
'of trusted image certificate IDs must be provided '
'in order to validate an image certificate.')
return verifier
def create(self, context, image_meta, data=None):
"""Store the image data and return the new image object."""
# Here we workaround the situation when user wants to activate an
# empty image right after the creation. In Glance v1 api (and
# therefore in Nova) it is enough to set 'size = 0'. v2 api
# doesn't allow this hack - we have to send an upload request with
# empty data.
force_activate = data is None and image_meta.get('size') == 0
# The "instance_owner" property is set in the API if a user, who is
# not the owner of an instance, is creating the image, e.g. admin
# snapshots or shelves another user's instance. This is used to add
# member access to the image for the instance owner.
sharing_member_id = image_meta.get('properties', {}).pop(
'instance_owner', None)
sent_service_image_meta = _translate_to_glance(image_meta)
try:
image = self._create_v2(context, sent_service_image_meta,
data, force_activate,
sharing_member_id=sharing_member_id)
except glanceclient.exc.HTTPException:
_reraise_translated_exception()
return _translate_from_glance(image)
def _add_location(self, context, image_id, location):
# 'show_multiple_locations' must be enabled in glance api conf file.
try:
return self._client.call(
context, 2, 'add_location', args=(image_id, location, {}))
except glanceclient.exc.HTTPBadRequest:
_reraise_translated_exception()
def _add_image_member(self, context, image_id, member_id):
"""Grant access to another project that does not own the image
:param context: nova auth RequestContext where context.project_id is
the owner of the image
:param image_id: ID of the image on which to grant access
:param member_id: ID of the member project to grant access to the
image; this should not be the owner of the image
:returns: A Member schema object of the created image member
"""
try:
return self._client.call(
context, 2, 'create', controller='image_members',
args=(image_id, member_id))
except glanceclient.exc.HTTPBadRequest:
_reraise_translated_exception()
def _upload_data(self, context, image_id, data):
# NOTE(aarents) offload upload in a native thread as it can block
# coroutine in busy environment.
utils.tpool_execute(self._client.call,
context, 2, 'upload',
args=(image_id, data))
return self._client.call(context, 2, 'get', args=(image_id,))
def _get_image_create_disk_format_default(self, context):
"""Gets an acceptable default image disk_format based on the schema.
"""
# These preferred disk formats are in order:
# 1. we want qcow2 if possible (at least for backward compat)
# 2. vhd for hyperv
# 3. vmdk for vmware
# 4. raw should be universally accepted
preferred_disk_formats = (
fields.DiskFormat.QCOW2,
fields.DiskFormat.VHD,
fields.DiskFormat.VMDK,
fields.DiskFormat.RAW,
)
# Get the image schema - note we don't cache this value since it could
# change under us. This looks a bit funky, but what it's basically
# doing is calling glanceclient.v2.Client.schemas.get('image').
image_schema = self._client.call(
context, 2, 'get', args=('image',), controller='schemas')
# get the disk_format schema property from the raw schema
disk_format_schema = (
image_schema.raw()['properties'].get('disk_format') if image_schema
else {}
)
if disk_format_schema and 'enum' in disk_format_schema:
supported_disk_formats = disk_format_schema['enum']
# try a priority ordered list
for preferred_format in preferred_disk_formats:
if preferred_format in supported_disk_formats:
return preferred_format
# alright, let's just return whatever is available
LOG.debug('Unable to find a preferred disk_format for image '
'creation with the Image Service v2 API. Using: %s',
supported_disk_formats[0])
return supported_disk_formats[0]
LOG.warning('Unable to determine disk_format schema from the '
'Image Service v2 API. Defaulting to '
'%(preferred_disk_format)s.',
{'preferred_disk_format': preferred_disk_formats[0]})
return preferred_disk_formats[0]
def _create_v2(self, context, sent_service_image_meta, data=None,
force_activate=False, sharing_member_id=None):
# Glance v1 allows image activation without setting disk and
# container formats, v2 doesn't. It leads to the dirtiest workaround
# where we have to hardcode this parameters.
if force_activate:
data = ''
if 'disk_format' not in sent_service_image_meta:
sent_service_image_meta['disk_format'] = (
self._get_image_create_disk_format_default(context)
)
if 'container_format' not in sent_service_image_meta:
sent_service_image_meta['container_format'] = 'bare'
location = sent_service_image_meta.pop('location', None)
image = self._client.call(
context, 2, 'create', kwargs=sent_service_image_meta)
image_id = image['id']
# Sending image location in a separate request.
if location:
image = self._add_location(context, image_id, location)
# Add image membership in a separate request.
if sharing_member_id:
LOG.debug('Adding access for member %s to image %s',
sharing_member_id, image_id)
self._add_image_member(context, image_id, sharing_member_id)
# If we have some data we have to send it in separate request and
# update the image then.
if data is not None:
image = self._upload_data(context, image_id, data)
return image
def update(self, context, image_id, image_meta, data=None,
purge_props=True):
"""Modify the given image with the new data."""
sent_service_image_meta = _translate_to_glance(image_meta)
# NOTE(bcwaldon): id is not an editable field, but it is likely to be
# passed in by calling code. Let's be nice and ignore it.
sent_service_image_meta.pop('id', None)
sent_service_image_meta['image_id'] = image_id
try:
if purge_props:
# In Glance v2 we have to explicitly set prop names
# we want to remove.
all_props = set(self.show(
context, image_id)['properties'].keys())
props_to_update = set(
image_meta.get('properties', {}).keys())
remove_props = list(all_props - props_to_update)
sent_service_image_meta['remove_props'] = remove_props
image = self._update_v2(context, sent_service_image_meta, data)
except Exception:
_reraise_translated_image_exception(image_id)
return _translate_from_glance(image)
def _update_v2(self, context, sent_service_image_meta, data=None):
location = sent_service_image_meta.pop('location', None)
image_id = sent_service_image_meta['image_id']
image = self._client.call(
context, 2, 'update', kwargs=sent_service_image_meta)
# Sending image location in a separate request.
if location:
image = self._add_location(context, image_id, location)
# If we have some data we have to send it in separate request and
# update the image then.
if data is not None:
image = self._upload_data(context, image_id, data)
return image
def delete(self, context, image_id):
"""Delete the given image.
:raises: ImageNotFound if the image does not exist.
:raises: NotAuthorized if the user is not an owner.
:raises: ImageNotAuthorized if the user is not authorized.
:raises: ImageDeleteConflict if the image is conflicted to delete.
"""
try:
self._client.call(context, 2, 'delete', args=(image_id,))
except glanceclient.exc.NotFound:
raise exception.ImageNotFound(image_id=image_id)
except glanceclient.exc.HTTPForbidden:
raise exception.ImageNotAuthorized(image_id=image_id)
except glanceclient.exc.HTTPConflict as exc:
raise exception.ImageDeleteConflict(reason=str(exc))
return True
def image_import_copy(self, context, image_id, stores):
"""Copy an image to another store using image_import.
This triggers the Glance image_import API with an opinionated
method of 'copy-image' to a list of stores. This will initiate
a copy of the image from one of the existing stores to the
stores provided.
:param context: The RequestContext
:param image_id: The image to copy
:param stores: A list of stores to copy the image to
:raises: ImageNotFound if the image does not exist.
:raises: ImageNotAuthorized if the user is not permitted to
import/copy this image
:raises: ImageImportImpossible if the image cannot be imported
for workflow reasons (not active, etc)
:raises: ImageBadRequest if the image is already in the requested
store (which may be a race)
"""
try:
self._client.call(context, 2, 'image_import', args=(image_id,),
kwargs={'method': 'copy-image',
'stores': stores})
except glanceclient.exc.NotFound:
raise exception.ImageNotFound(image_id=image_id)
except glanceclient.exc.HTTPForbidden:
raise exception.ImageNotAuthorized(image_id=image_id)
except glanceclient.exc.HTTPConflict as exc:
raise exception.ImageImportImpossible(image_id=image_id,
reason=str(exc))
except glanceclient.exc.HTTPBadRequest as exc:
raise exception.ImageBadRequest(image_id=image_id,
response=str(exc))
def _extract_query_params_v2(params):
_params = {}
accepted_params = ('filters', 'marker', 'limit',
'page_size', 'sort_key', 'sort_dir')
for param in accepted_params:
if params.get(param):
_params[param] = params.get(param)
# ensure filters is a dict
_params.setdefault('filters', {})
# NOTE(vish): don't filter out private images
_params['filters'].setdefault('is_public', 'none')
# adopt filters to be accepted by glance v2 api
filters = _params['filters']
new_filters = {}
for filter_ in filters:
# remove 'property-' prefix from filters by custom properties
if filter_.startswith('property-'):
new_filters[filter_.lstrip('property-')] = filters[filter_]
elif filter_ == 'changes-since':
# convert old 'changes-since' into new 'updated_at' filter
updated_at = 'gte:' + filters['changes-since']
new_filters['updated_at'] = updated_at
elif filter_ == 'is_public':
# convert old 'is_public' flag into 'visibility' filter
# omit the filter if is_public is None
is_public = filters['is_public']
if is_public.lower() in ('true', '1'):
new_filters['visibility'] = 'public'
elif is_public.lower() in ('false', '0'):
new_filters['visibility'] = 'private'
else:
new_filters[filter_] = filters[filter_]
_params['filters'] = new_filters
return _params
def _is_image_available(context, image):
"""Check image availability.
This check is needed in case Nova and Glance are deployed
without authentication turned on.
"""
# The presence of an auth token implies this is an authenticated
# request and we need not handle the noauth use-case.
if hasattr(context, 'auth_token') and context.auth_token:
return True
def _is_image_public(image):
# NOTE(jaypipes) V2 Glance API replaced the is_public attribute
# with a visibility attribute. We do this here to prevent the
# glanceclient for a V2 image model from throwing an
# exception from warlock when trying to access an is_public
# attribute.
if hasattr(image, 'visibility'):
return str(image.visibility).lower() == 'public'
else:
return image.is_public
if context.is_admin or _is_image_public(image):
return True
properties = image.properties
if context.project_id and ('owner_id' in properties):
return str(properties['owner_id']) == str(context.project_id)
if context.project_id and ('project_id' in properties):
return str(properties['project_id']) == str(context.project_id)
try:
user_id = properties['user_id']
except KeyError:
return False
return str(user_id) == str(context.user_id)
def _translate_to_glance(image_meta):
image_meta = _convert_to_string(image_meta)
image_meta = _remove_read_only(image_meta)
image_meta = _convert_to_v2(image_meta)
return image_meta
def _convert_to_v2(image_meta):
output = {}
for name, value in image_meta.items():
if name == 'properties':
for prop_name, prop_value in value.items():
# if allow_additional_image_properties is disabled we can't
# define kernel_id and ramdisk_id as None, so we have to omit
# these properties if they are not set.
if prop_name in ('kernel_id', 'ramdisk_id') and \
prop_value is not None and \
prop_value.strip().lower() in ('none', ''):
continue
# in glance only string and None property values are allowed,
# v1 client accepts any values and converts them to string,
# v2 doesn't - so we have to take care of it.
elif prop_value is None or isinstance(prop_value, str):
output[prop_name] = prop_value
else:
output[prop_name] = str(prop_value)
elif name in ('min_ram', 'min_disk'):
output[name] = int(value)
elif name == 'is_public':
output['visibility'] = 'public' if value else 'private'
elif name in ('size', 'deleted'):
continue
else:
output[name] = value
return output
def _translate_from_glance(image, include_locations=False):
image_meta = _extract_attributes_v2(
image, include_locations=include_locations)
image_meta = _convert_timestamps_to_datetimes(image_meta)
image_meta = _convert_from_string(image_meta)
return image_meta
def _convert_timestamps_to_datetimes(image_meta):
"""Returns image with timestamp fields converted to datetime objects."""
for attr in ['created_at', 'updated_at', 'deleted_at']:
if image_meta.get(attr):
image_meta[attr] = timeutils.parse_isotime(image_meta[attr])
return image_meta
# NOTE(bcwaldon): used to store non-string data in glance metadata
def _json_loads(properties, attr):
prop = properties[attr]
if isinstance(prop, str):
properties[attr] = jsonutils.loads(prop)
def _json_dumps(properties, attr):
prop = properties[attr]
if not isinstance(prop, str):
properties[attr] = jsonutils.dumps(prop)
_CONVERT_PROPS = ('block_device_mapping', 'mappings')
def _convert(method, metadata):
metadata = copy.deepcopy(metadata)
properties = metadata.get('properties')
if properties:
for attr in _CONVERT_PROPS:
if attr in properties:
method(properties, attr)
return metadata
def _convert_from_string(metadata):
return _convert(_json_loads, metadata)
def _convert_to_string(metadata):
return _convert(_json_dumps, metadata)
def _extract_attributes(image, include_locations=False):
# TODO(mfedosin): Remove this function once we move to glance V2
# completely.
# NOTE(hdd): If a key is not found, base.Resource.__getattr__() may perform
# a get(), resulting in a useless request back to glance. This list is
# therefore sorted, with dependent attributes as the end
# 'deleted_at' depends on 'deleted'
# 'checksum' depends on 'status' == 'active'
IMAGE_ATTRIBUTES = ['size', 'disk_format', 'owner',
'container_format', 'status', 'id',
'name', 'created_at', 'updated_at',
'deleted', 'deleted_at', 'checksum',
'min_disk', 'min_ram', 'is_public',
'direct_url', 'locations']
queued = getattr(image, 'status') == 'queued'
queued_exclude_attrs = ['disk_format', 'container_format']
include_locations_attrs = ['direct_url', 'locations']
output = {}
for attr in IMAGE_ATTRIBUTES:
if attr == 'deleted_at' and not output['deleted']:
output[attr] = None
elif attr == 'checksum' and output['status'] != 'active':
output[attr] = None
# image may not have 'name' attr
elif attr == 'name':
output[attr] = getattr(image, attr, None)
# NOTE(liusheng): queued image may not have these attributes and 'name'
elif queued and attr in queued_exclude_attrs:
output[attr] = getattr(image, attr, None)
# NOTE(mriedem): Only get location attrs if including locations.
elif attr in include_locations_attrs:
if include_locations:
output[attr] = getattr(image, attr, None)
# NOTE(mdorman): 'size' attribute must not be 'None', so use 0 instead
elif attr == 'size':
# NOTE(mriedem): A snapshot image may not have the size attribute
# set so default to 0.
output[attr] = getattr(image, attr, 0) or 0
else:
# NOTE(xarses): Anything that is caught with the default value
# will result in an additional lookup to glance for said attr.
# Notable attributes that could have this issue:
# disk_format, container_format, name, deleted, checksum
output[attr] = getattr(image, attr, None)
output['properties'] = getattr(image, 'properties', {})
return output
def _extract_attributes_v2(image, include_locations=False):
include_locations_attrs = ['direct_url', 'locations']
omit_attrs = ['self', 'schema', 'protected', 'virtual_size', 'file',
'tags']
raw_schema = image.schema
schema = schemas.Schema(raw_schema)
output = {'properties': {}, 'deleted': False, 'deleted_at': None,
'disk_format': None, 'container_format': None, 'name': None,
'checksum': None}
for name, value in image.items():
if (name in omit_attrs or
name in include_locations_attrs and not include_locations):
continue
elif name == 'visibility':
output['is_public'] = value == 'public'
elif name == 'size' and value is None:
output['size'] = 0
elif schema.is_base_property(name):
output[name] = value
else:
output['properties'][name] = value
return output
def _remove_read_only(image_meta):
IMAGE_ATTRIBUTES = ['status', 'updated_at', 'created_at', 'deleted_at']
output = copy.deepcopy(image_meta)
for attr in IMAGE_ATTRIBUTES:
if attr in output:
del output[attr]
return output
def _reraise_translated_image_exception(image_id):
"""Transform the exception for the image but keep its traceback intact."""
exc_type, exc_value, exc_trace = sys.exc_info()
new_exc = _translate_image_exception(image_id, exc_value)
raise new_exc.with_traceback(exc_trace)
def _reraise_translated_exception():
"""Transform the exception but keep its traceback intact."""
exc_type, exc_value, exc_trace = sys.exc_info()
new_exc = _translate_plain_exception(exc_value)
raise new_exc.with_traceback(exc_trace)
def _translate_image_exception(image_id, exc_value):
if isinstance(exc_value, (glanceclient.exc.Forbidden,
glanceclient.exc.Unauthorized)):
return exception.ImageNotAuthorized(image_id=image_id)
if isinstance(exc_value, glanceclient.exc.NotFound):
return exception.ImageNotFound(image_id=image_id)
if isinstance(exc_value, glanceclient.exc.BadRequest):
return exception.ImageBadRequest(image_id=image_id,
response=str(exc_value))
if isinstance(exc_value, glanceclient.exc.HTTPOverLimit):
return exception.ImageQuotaExceeded(image_id=image_id)
return exc_value
def _translate_plain_exception(exc_value):
if isinstance(exc_value, (glanceclient.exc.Forbidden,
glanceclient.exc.Unauthorized)):
return exception.Forbidden(str(exc_value))
if isinstance(exc_value, glanceclient.exc.NotFound):
return exception.NotFound(str(exc_value))
if isinstance(exc_value, glanceclient.exc.BadRequest):
return exception.Invalid(str(exc_value))
return exc_value
def _verify_certs(context, img_sig_cert_uuid, trusted_certs):
try:
certificate_utils.verify_certificate(
context=context,
certificate_uuid=img_sig_cert_uuid,
trusted_certificate_uuids=trusted_certs.ids)
LOG.debug('Image signature certificate validation '
'succeeded for certificate: %s',
img_sig_cert_uuid)
except cursive_exception.SignatureVerificationError as e:
LOG.warning('Image signature certificate validation '
'failed for certificate: %s',
img_sig_cert_uuid)
raise exception.CertificateValidationFailed(
cert_uuid=img_sig_cert_uuid, reason=str(e))
def get_remote_image_service(context, image_href):
"""Create an image_service and parse the id from the given image_href.
The image_href param can be an href of the form
'http://example.com:9292/v1/images/b8b2c6f7-7345-4e2f-afa2-eedaba9cbbe3',
or just an id such as 'b8b2c6f7-7345-4e2f-afa2-eedaba9cbbe3'. If the
image_href is a standalone id, then the default image service is returned.
:param image_href: href that describes the location of an image
:returns: a tuple of the form (image_service, image_id)
"""
# NOTE(bcwaldon): If image_href doesn't look like a URI, assume its a
# standalone image ID
if '/' not in str(image_href):
image_service = get_default_image_service()
return image_service, image_href
try:
(image_id, endpoint) = _endpoint_from_image_ref(image_href)
glance_client = GlanceClientWrapper(context=context,
endpoint=endpoint)
except ValueError:
raise exception.InvalidImageRef(image_href=image_href)
image_service = GlanceImageServiceV2(client=glance_client)
return image_service, image_id
def get_default_image_service():
return GlanceImageServiceV2()
class UpdateGlanceImage(object):
def __init__(self, context, image_id, metadata, stream):
self.context = context
self.image_id = image_id
self.metadata = metadata
self.image_stream = stream
def start(self):
image_service, image_id = get_remote_image_service(
self.context, self.image_id)
image_service.update(self.context, image_id, self.metadata,
self.image_stream, purge_props=False)
@profiler.trace_cls("nova_image")
class API(object):
"""API for interacting with the image service."""
def _get_session_and_image_id(self, context, id_or_uri):
"""Returns a tuple of (session, image_id). If the supplied `id_or_uri`
is an image ID, then the default client session will be returned
for the context's user, along with the image ID. If the supplied
`id_or_uri` parameter is a URI, then a client session connecting to
the URI's image service endpoint will be returned along with a
parsed image ID from that URI.
:param context: The `nova.context.Context` object for the request
:param id_or_uri: A UUID identifier or an image URI to look up image
information for.
"""
return get_remote_image_service(context, id_or_uri)
def _get_session(self, _context):
"""Returns a client session that can be used to query for image
information.
:param _context: The `nova.context.Context` object for the request
"""
# TODO(jaypipes): Refactor get_remote_image_service and
# get_default_image_service into a single
# method that takes a context and actually respects
# it, returning a real session object that keeps
# the context alive...
return get_default_image_service()
@staticmethod
def generate_image_url(image_ref, context):
"""Generate an image URL from an image_ref.
:param image_ref: The image ref to generate URL
:param context: The `nova.context.Context` object for the request
"""
return "%s/images/%s" % (next(get_api_servers(context)), image_ref)
def get_all(self, context, **kwargs):
"""Retrieves all information records about all disk images available
to show to the requesting user. If the requesting user is an admin,
all images in an ACTIVE status are returned. If the requesting user
is not an admin, the all public images and all private images that
are owned by the requesting user in the ACTIVE status are returned.
:param context: The `nova.context.Context` object for the request
:param kwargs: A dictionary of filter and pagination values that
may be passed to the underlying image info driver.
"""
session = self._get_session(context)
return session.detail(context, **kwargs)
def get(self, context, id_or_uri, include_locations=False,
show_deleted=True):
"""Retrieves the information record for a single disk image. If the
supplied identifier parameter is a UUID, the default driver will
be used to return information about the image. If the supplied
identifier is a URI, then the driver that matches that URI endpoint
will be used to query for image information.
:param context: The `nova.context.Context` object for the request
:param id_or_uri: A UUID identifier or an image URI to look up image
information for.
:param include_locations: (Optional) include locations in the returned
dict of information if the image service API
supports it. If the image service API does
not support the locations attribute, it will
still be included in the returned dict, as an
empty list.
:param show_deleted: (Optional) show the image even the status of
image is deleted.
"""
session, image_id = self._get_session_and_image_id(context, id_or_uri)
return session.show(context, image_id,
include_locations=include_locations,
show_deleted=show_deleted)
def create(self, context, image_info, data=None):
"""Creates a new image record, optionally passing the image bits to
backend storage.
:param context: The `nova.context.Context` object for the request
:param image_info: A dict of information about the image that is
passed to the image registry.
:param data: Optional file handle or bytestream iterator that is
passed to backend storage.
"""
session = self._get_session(context)
return session.create(context, image_info, data=data)
def update(self, context, id_or_uri, image_info,
data=None, purge_props=False):
"""Update the information about an image, optionally along with a file
handle or bytestream iterator for image bits. If the optional file
handle for updated image bits is supplied, the image may not have
already uploaded bits for the image.
:param context: The `nova.context.Context` object for the request
:param id_or_uri: A UUID identifier or an image URI to look up image
information for.
:param image_info: A dict of information about the image that is
passed to the image registry.
:param data: Optional file handle or bytestream iterator that is
passed to backend storage.
:param purge_props: Optional, defaults to False. If set, the backend
image registry will clear all image properties
and replace them the image properties supplied
in the image_info dictionary's 'properties'
collection.
"""
session, image_id = self._get_session_and_image_id(context, id_or_uri)
return session.update(context, image_id, image_info, data=data,
purge_props=purge_props)
def delete(self, context, id_or_uri):
"""Delete the information about an image and mark the image bits for
deletion.
:param context: The `nova.context.Context` object for the request
:param id_or_uri: A UUID identifier or an image URI to look up image
information for.
"""
session, image_id = self._get_session_and_image_id(context, id_or_uri)
return session.delete(context, image_id)
def download(self, context, id_or_uri, data=None, dest_path=None,
trusted_certs=None):
"""Transfer image bits from Glance or a known source location to the
supplied destination filepath.
:param context: The `nova.context.RequestContext` object for the
request
:param id_or_uri: A UUID identifier or an image URI to look up image
information for.
:param data: A file object to use in downloading image data.
:param dest_path: Filepath to transfer image bits to.
:param trusted_certs: A 'nova.objects.trusted_certs.TrustedCerts'
object with a list of trusted image certificate
IDs.
Note that because of the poor design of the
`glance.ImageService.download` method, the function returns different
things depending on what arguments are passed to it. If a data argument
is supplied but no dest_path is specified (not currently done by any
caller) then None is returned from the method. If the data argument is
not specified but a destination path *is* specified, then a writeable
file handle to the destination path is constructed in the method and
the image bits written to that file, and again, None is returned from
the method. If no data argument is supplied and no dest_path argument
is supplied (VMWare virt driver), then the method returns an iterator
to the image bits that the caller uses to write to wherever location it
wants. Finally, if the allow_direct_url_schemes CONF option is set to
something, then the nova.image.download modules are used to attempt to
do an SCP copy of the image bits from a file location to the dest_path
and None is returned after retrying one or more download locations
(libvirt and Hyper-V virt drivers through nova.virt.images.fetch).
I think the above points to just how hacky/wacky all of this code is,
and the reason it needs to be cleaned up and standardized across the
virt driver callers.
"""
# TODO(jaypipes): Deprecate and remove this method entirely when we
# move to a system that simply returns a file handle
# to a bytestream iterator and allows the caller to
# handle streaming/copying/zero-copy as they see fit.
session, image_id = self._get_session_and_image_id(context, id_or_uri)
return session.download(context, image_id, data=data,
dst_path=dest_path,
trusted_certs=trusted_certs)
def copy_image_to_store(self, context, image_id, store):
"""Initiate a store-to-store copy in glance.
:param context: The RequestContext.
:param image_id: The image to copy.
:param store: The glance store to target the copy.
"""
session, image_id = self._get_session_and_image_id(context, image_id)
return session.image_import_copy(context, image_id, [store])