[Yahoo-eng-team] [Bug 2023228] [NEW] api-ref: 'Show image schema' response needs an update
Public bug reported: The current response in the api-ref for GET /v2/schemas/image is missing the validation_data from change https://review.opendev.org/#/q/I1308fb1dec21002a9777bd0c77e9c02e59527551 --- Release: on 2023-04-20 14:38:22 SHA: 084c8a32f5abddc6ad6ebfeb804cefc504928b45 Source: https://opendev.org/openstack/glance/src/api-ref/source/v2/index.rst URL: https://docs.openstack.org/api-ref/image/v2/index.html ** Affects: glance Importance: Low Status: Triaged ** Tags: api-ref -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/2023228 Title: api-ref: 'Show image schema' response needs an update Status in Glance: Triaged Bug description: The current response in the api-ref for GET /v2/schemas/image is missing the validation_data from change https://review.opendev.org/#/q/I1308fb1dec21002a9777bd0c77e9c02e59527551 --- Release: on 2023-04-20 14:38:22 SHA: 084c8a32f5abddc6ad6ebfeb804cefc504928b45 Source: https://opendev.org/openstack/glance/src/api-ref/source/v2/index.rst URL: https://docs.openstack.org/api-ref/image/v2/index.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/2023228/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1745905] Re: system scope doesn't work for the service which use project specified endpoint
There was a change in direction with the "Consistent and Secure RBAC" community goal and system scope will not be implemented across OpenStack services. See https://governance.openstack.org/tc/goals/selected/consistent-and- secure-rbac.html#direction-change for details. ** Changed in: cinder Milestone: wallaby-2 => None ** Changed in: cinder Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1745905 Title: system scope doesn't work for the service which use project specified endpoint Status in Cinder: Won't Fix Status in OpenStack Identity (keystone): Confirmed Bug description: For some project, such as Cinder, the endpoint is project specified, the format is like: http://ip/volume/v3/{project_id}/os-services There are two problem: 1. For this kind of endpoint, system-scoped token doesn't work because that there is no project_id in the token. 2. When issue a system-scoped token, the Cinder's endpoint in the token catalog is empty. It means the Cinder service will not be discoverable when use system-scoped token. To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1745905/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 2006631] Re: service token does not work if user auth is token based
This looks like a keystone middleware issue to me ... you should check with the Keystone team about how this feature is supposed to work and whether it's a bug or a configuration problem. ** Also affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/2006631 Title: service token does not work if user auth is token based Status in Cinder: New Status in OpenStack Identity (keystone): New Bug description: To deal with long running operation service token is used alongwith user token. In this case user token is generated from password auth type and then service token wrapped alongwith user token is used for authentication, which allows to run operation upto 48 hours fine. However if user token is used as token auth type and then service token wrapped alongwith user token, operation fails immediately when user token is expired. That service token is of no use in this case, this is bug and needs to fixed. steps to reproduce - https://paste.opendev.org/show/bAoAjwVMVCBxsNt6Z9kB/ Failure logs - https://paste.opendev.org/show/bhAZ33JYpkhrbBLZzCdK/ To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/2006631/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1996188] Re: [OSSA-2023-002] Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951)
** Changed in: cinder Importance: Undecided => Critical ** Changed in: cinder Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1996188 Title: [OSSA-2023-002] Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) Status in Cinder: Fix Released Status in Glance: Fix Released Status in OpenStack Compute (nova): Fix Released Status in OpenStack Security Advisory: Fix Released Bug description: The vulnerability managers received the following report from Sébastien Meriot with OVH via encrypted E-mail: Our Openstack team did discover what looks like a security issue in Nova this morning allowing a remote attacker to read any file on the system. After making a quick CVSS calculation, we got a CVSS of 5.8 (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N). Here is the details : By using a VMDK file, you can dump any file on the hypervisor. 1. Create an image: qemu-img create -f vmdk leak.vmdk 1M -o subformat=monolithicFlat 2. Edit the leak.vmdk and change the name this way: RW 2048 FLAT "leak-flat.vmdk" 0 --> RW 2048 FLAT "/etc/nova/nova.conf" 0 3. Upload the image: openstack image create --file leak.vmdk leak.vmdk 4. Start a new instance: openstack server create --image leak.vmdk --net demo --flavor nano leak-instance 5. The instance won't boot of course. You can create an image from this instance: openstack server image create --name leak-instance-image leak-instance 6. Download the image: openstack image save --file leak-instance-image leak-instance-image 7. You get access to the nova.conf file content and you can get access to the openstack admin creds. We are working on a fix and would be happy to share it with you if needed. We think it does affect Nova but it could affect Glance as well. We're not sure yet. [postscript per Arnaud Morin (amorin) in IRC] cinder seems also affected To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1996188/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1389772] Re: Glance image hash use MD5
Glance uses os_hash_algo and os_hash_value since Rocky (default os_hash_algo is sha512). Legacy 'checksum' field is populated for backward compatibility. ** Changed in: glance Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1389772 Title: Glance image hash use MD5 Status in Glance: Fix Released Status in OpenStack Security Advisory: Won't Fix Bug description: Apparently, Glance still use MD5 to hash image. Considering the recent disclosed attack[1] (that supposedly allow to generate chosen colision in an effective amount of time), it's safe to assume MD5 is broken to verify anything... If someone is able to generate another image with the same hash, I guess it will appear as another entry in "glance list", but then beside the glance uuid, there is no other way to identify the malicious one right ? I guess it would be a nice security hardening change to, at least, allow the configuration of hash algorithm. [1]: http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images- with-same-md5.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1389772/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1875439] Re: glance requires md5 implementation be available
This was fixed by Change-Id: I0603ba217d6dc19f5c9f73c60c7b365efd28d30b to glance_store, which was merged in Wallaby. ** Changed in: glance Status: Triaged => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1875439 Title: glance requires md5 implementation be available Status in Glance: Fix Released Status in OpenStack Security Advisory: Won't Fix Bug description: Glance populates a legacy 'checksum' image property which is an md5 hash of image data content. It's a "legacy" property because it has not been required for the validation of downloaded image data since glance version 17.0.0 (Rocky) when the operator-configurable secure "multihash" was implemented. However, the 'checksum' property has continued to be populated for backward compatibility. In order to populate the field, even as a courtesy, an implementation of the md5 algorithm must be available to glance; but this cannot be guaranteed in environments that comply with various security standards (for example, FIPS). As a result, there are environments in which glance cannot be run, and of course, these are most likely exactly the environments in which people want to run glance. To remove the dependency on the insecure MD5 algorithm, glance should stop populating the legacy 'checksum' field. It has already been made redundant by the secure "multihash" and is unnecessary. In order to preserve backward compatibility, the field will not be removed. As a timeframe for fixing this: an announcement can be made to operators as part of the Ussuri release, and code using md5 will be removed during the Victoria development cycle. Thus the Victoria release will not require Glance to be executed in a non-compliant security environment. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1875439/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1808456] Re: ceph backend reporting meaningless error when no space left
** Changed in: glance-store Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1808456 Title: ceph backend reporting meaningless error when no space left Status in Glance: Invalid Status in glance_store: Fix Released Bug description: When uploading image, but there's no space left in ceph(rbd) backend, client(such as glanceclient) will receive a meaningless error: 500 Internal Server Error: The server has either erred or is incapable of performing the requested operation. (HTTP 500) steps to reproduce: - 1.Prepare ceph backend for glance, make the free space small enough, e.g. 10MB. To be simple, you also can modify ceph's code(function resize), to let it raise errno.ENOSPC. I did this way. 2.uploading image: glance image-create --name img2-ceph --visibility public --disk-format raw --container-format bare --progress --backend rbd --file /opt/stack/data/glance/images/d4ca8259-168b-42f5-a719-40038362ae8c logs - stack@ubuntu16vmliang:~$ glance image-create --name img2-ceph --visibility public --disk-format raw --container-format bare --progress --backend rbd --file /opt/stack/data/glance/images/d4ca8259-168b-42f5-a719-40038362ae8c > /usr/local/lib/python2.7/dist-packages/glanceclient/v2/shell.py(555)do_image_upload() -> backend = None (Pdb) c [=>] 100% +--+--+ | Property | Value| +--+--+ | checksum | None | | container_format | bare | | created_at | 2018-12-14T02:08:36Z | | disk_format | raw | | id | 8c2e48f0-aafc-4744-95b6-fe0b6fbfe975 | | min_disk | 0| | min_ram | 0| | name | img2-ceph| | os_hash_algo | None | | os_hash_value| None | | os_hidden| False| | owner| 3242a198f7044fcd9b756866ec296391 | | protected| False| | size | None | | status | queued | | tags | [] | | updated_at | 2018-12-14T02:08:36Z | | virtual_size | Not available| | visibility | public | +--+--+ 500 Internal Server Error: The server has either erred or is incapable of performing the requested operation. (HTTP 500) expected - The correct message should be something related "Storage Full", rbd.py should raise glance_store.StorageFull, and this exception will be caught by notifier.py. Some code snippet in notifier.py: except glance_store.StorageFull as e: msg = (_("Image storage media is full: %s") % encodeutils.exception_to_unicode(e)) _send_notification(notify_error, 'image.upload', msg) raise webob.exc.HTTPRequestEntityTooLarge(explanation=msg) After doing this, the expected behavior will be: stack@ubuntu16vmliang:~$ glance image-create --name img2-ceph --visibility public --disk-format raw --container-format bare --progress --backend rbd --file /opt/stack/data/glance/images/d4ca8259-168b-42f5-a719-40038362ae8c > /usr/local/lib/python2.7/dist-packages/glanceclient/v2/shell.py(555)do_image_upload() -> backend = None (Pdb) c [=>] 100% +--+--+ | Property | Value| +--+--+ | checksum | None | | container_format | bare | | created_at | 2018-12-14T01:41:36Z | | disk_format | raw | | id | 8aefa92d-bd9c-4726-95ae-d8f698d7bc82 | | min_disk | 0| | min_ram | 0| | name | img2-ceph| | os_hash_algo | None | | os_hash_value| None | | os_hidden| False
[Yahoo-eng-team] [Bug 1989013] Re: Large images uploaded but then deleted
I suspect this is a glance_store issue, but keeping both components until more research is done. ** Also affects: glance-store Importance: Undecided Status: New ** Summary changed: - Large images uploaded but then deleted + s3: Large images uploaded but then deleted -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1989013 Title: s3: Large images uploaded but then deleted Status in Glance: New Status in glance_store: New Bug description: We are trying to upload images to an on-premise minio-based S3 compatible storage cluster. We have been using it for ~30GB images for months. However when increasing the size to >30GB, the image is successfully uploaded and then glance seems to tell it to delete. Successful log looks like this: Sep 6, 2022 @ 08:40:22.8121 1 rPR1E4MBBdpF5mC-rsYE test_logs - ttcloud-image ttcloud-image CompleteMultipartUpload CompleteMultipartUpload Sep 6, 2022 @ 08:39:39.0381 1 q_R1E4MBBdpF5mC-A8YF test_logs - ttcloud-image ttcloud-image PutObjectPart PutObjectPart ... Whole bunch of PutObjectPart... Failure log looks like this: Sep 2, 2022 @ 18:11:46.0671 1 PvTnAIMBBdpF5mC-XLv7 test_logs - ttcloud-image ttcloud-image DeleteObject DeleteObject Sep 2, 2022 @ 18:11:45.9871 1 PfTnAIMBBdpF5mC-XLur test_logs - ttcloud-image ttcloud-image HeadObject HeadObject Sep 2, 2022 @ 18:11:45.9271 1 PPTnAIMBBdpF5mC-XLtw test_logs - ttcloud-image ttcloud-image CompleteMultipartUpload CompleteMultipartUpload Sep 2, 2022 @ 18:10:49.3701 1 O_TmAIMBBdpF5mC-f7uE test_logs - ttcloud-image ttcloud-image PutObjectPart PutObjectPart We were able to get the 38GB image to work by increasing the chunk size from 10MB to 100MB. However this does not help the 50GB or 100GB. The storage system is correctly responding to all S3 request with either 200 or 204 replies. It appears that something important is happening with the HeadObject which is then causing glance to send a DeleteObject. I've attached shortened versions of the S3 logs - I've deleted the majority of PutObjectPart entries to keep the size down. We're not finding any information. What is causing this behavior? To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1989013/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1978723] [NEW] docs: policies page in the admin guide needs an update
Public bug reported: The page still refers to the v1 API, so those things can go. Additionally, some of the descriptions are misleading, for example, publicize_image - Create or update public images That permission really only has to do with the image visibility, I'm pretty sure the image owner can always update the "reglar" properties on a public image. It would also be nice to say something about the policy filename, where it should go, etc., something like cinder has at the top of this page: https://docs.openstack.org/cinder/latest/configuration/block- storage/samples/policy.yaml.html --- Release: 25.0.0.dev67 on 2020-11-24 16:30:47 SHA: 39b44ce1cca0cb3cdb95248b589e0f55fd421856 Source: https://opendev.org/openstack/glance/src/doc/source/admin/policies.rst URL: https://docs.openstack.org/glance/latest/admin/policies.html ** Affects: glance Importance: Low Status: Triaged ** Tags: documentation -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1978723 Title: docs: policies page in the admin guide needs an update Status in Glance: Triaged Bug description: The page still refers to the v1 API, so those things can go. Additionally, some of the descriptions are misleading, for example, publicize_image - Create or update public images That permission really only has to do with the image visibility, I'm pretty sure the image owner can always update the "reglar" properties on a public image. It would also be nice to say something about the policy filename, where it should go, etc., something like cinder has at the top of this page: https://docs.openstack.org/cinder/latest/configuration/block- storage/samples/policy.yaml.html --- Release: 25.0.0.dev67 on 2020-11-24 16:30:47 SHA: 39b44ce1cca0cb3cdb95248b589e0f55fd421856 Source: https://opendev.org/openstack/glance/src/doc/source/admin/policies.rst URL: https://docs.openstack.org/glance/latest/admin/policies.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1978723/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1978722] [NEW] docs: update sharing discussion for removal of owner_is_tenant
Public bug reported: The section "How do you identify a producer or consumer?" can be simplified because it is no longer possible for an operator to configure whether images are owned by projects or by individual users. That config option was removed by Change I8edc957ad50ec28 in wallaby. --- Release: 0.0.1.dev436 on 2017-01-29 16:15:44 SHA: 3a02b069a42d9741cd0df39b161310de4bceac2b Source: https://opendev.org/openstack/glance-specs/src/doc/source/specs/api/v2/sharing-image-api-v2.rst URL: https://specs.openstack.org/openstack/glance-specs/specs/api/v2/sharing-image-api-v2.html ** Affects: glance Importance: Low Status: Triaged ** Tags: documentation -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1978722 Title: docs: update sharing discussion for removal of owner_is_tenant Status in Glance: Triaged Bug description: The section "How do you identify a producer or consumer?" can be simplified because it is no longer possible for an operator to configure whether images are owned by projects or by individual users. That config option was removed by Change I8edc957ad50ec28 in wallaby. --- Release: 0.0.1.dev436 on 2017-01-29 16:15:44 SHA: 3a02b069a42d9741cd0df39b161310de4bceac2b Source: https://opendev.org/openstack/glance-specs/src/doc/source/specs/api/v2/sharing-image-api-v2.rst URL: https://specs.openstack.org/openstack/glance-specs/specs/api/v2/sharing-image-api-v2.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1978722/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1975609] Re: requirements-check job failing on PrettyTable
Fixed in openstack/requirements by https://review.opendev.org/c/openstack/requirements/+/843191 ** Changed in: glance Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1975609 Title: requirements-check job failing on PrettyTable Status in Glance: Fix Released Bug description: I've got a patch up that updates requirements.txt, and I'm getting a requirements-check job failure (not due to the requirement I'm actually changing on the patch). Patch is: https://review.opendev.org/c/openstack/glance/+/841135 Failure is: WARNING: possible mismatch found for package "PrettyTable" Attribute "package" does not match "PrettyTable" does not match "prettytable" Requirement(package='PrettyTable', location='', specifiers='>=0.7.1', markers='', comment='# BSD', extras=frozenset()) Requirement(package='prettytable', location='', specifiers='', markers='', comment='# BSD', extras=frozenset()) ERROR: Package 'prettytable' requirement does not match number of lines (2) in openstack/requirements Both 'PrettyTable' and 'prettytable' are in global-requirements, but it's only 'prettytable' in upper-constraints. My guesses are: - maybe it needs to be all lowercase? (doubt it, but you never know) - maybe the version we're specifying as a minimum is so old it can't run in python 3.8? To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1975609/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1975609] [NEW] requirements-check job failing on PrettyTable
Public bug reported: I've got a patch up that updates requirements.txt, and I'm getting a requirements-check job failure (not due to the requirement I'm actually changing on the patch). Patch is: https://review.opendev.org/c/openstack/glance/+/841135 Failure is: WARNING: possible mismatch found for package "PrettyTable" Attribute "package" does not match "PrettyTable" does not match "prettytable" Requirement(package='PrettyTable', location='', specifiers='>=0.7.1', markers='', comment='# BSD', extras=frozenset()) Requirement(package='prettytable', location='', specifiers='', markers='', comment='# BSD', extras=frozenset()) ERROR: Package 'prettytable' requirement does not match number of lines (2) in openstack/requirements Both 'PrettyTable' and 'prettytable' are in global-requirements, but it's only 'prettytable' in upper-constraints. My guesses are: - maybe it needs to be all lowercase? (doubt it, but you never know) - maybe the version we're specifying as a minimum is so old it can't run in python 3.8? ** Affects: glance Importance: High Assignee: Brian Rosmaita (brian-rosmaita) Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1975609 Title: requirements-check job failing on PrettyTable Status in Glance: Triaged Bug description: I've got a patch up that updates requirements.txt, and I'm getting a requirements-check job failure (not due to the requirement I'm actually changing on the patch). Patch is: https://review.opendev.org/c/openstack/glance/+/841135 Failure is: WARNING: possible mismatch found for package "PrettyTable" Attribute "package" does not match "PrettyTable" does not match "prettytable" Requirement(package='PrettyTable', location='', specifiers='>=0.7.1', markers='', comment='# BSD', extras=frozenset()) Requirement(package='prettytable', location='', specifiers='', markers='', comment='# BSD', extras=frozenset()) ERROR: Package 'prettytable' requirement does not match number of lines (2) in openstack/requirements Both 'PrettyTable' and 'prettytable' are in global-requirements, but it's only 'prettytable' in upper-constraints. My guesses are: - maybe it needs to be all lowercase? (doubt it, but you never know) - maybe the version we're specifying as a minimum is so old it can't run in python 3.8? To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1975609/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1975514] Re: API v2.13 should not be a default allowed version
** Changed in: glance Status: Triaged => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1975514 Title: API v2.13 should not be a default allowed version Status in Glance: Invalid Bug description: Change I6882fd2381e6ae245 added API v2.13 (stores detail request). This API is only available when multistore is enabled, but the version negotiation code includes it as an allowed version by default. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1975514/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1975514] [NEW] API v2.13 should not be a default allowed version
Public bug reported: Change I6882fd2381e6ae245 added API v2.13 (stores detail request). This API is only available when multistore is enabled, but the version negotiation code includes it as an allowed version by default. ** Affects: glance Importance: Low Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1975514 Title: API v2.13 should not be a default allowed version Status in Glance: Triaged Bug description: Change I6882fd2381e6ae245 added API v2.13 (stores detail request). This API is only available when multistore is enabled, but the version negotiation code includes it as an allowed version by default. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1975514/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1971176] [NEW] api-ref: cache manage needs improvements
Public bug reported: A few things: 1. unnecessary trailing '/' on all 4 urls 2. request parameters are displaying as: - image_id: image_id-in-path 3. query-cache-status is missing the list of response paramaters and the example response --- Release: on 2022-04-20 05:36:37 SHA: ffe6ce076d39ee406c8f3e9d9266f664a63b1888 Source: https://opendev.org/openstack/glance/src/api-ref/source/v2/index.rst URL: https://docs.openstack.org/api-ref/image/v2/index.html ** Affects: glance Importance: Low Assignee: Brian Rosmaita (brian-rosmaita) Status: Triaged ** Tags: api-ref -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1971176 Title: api-ref: cache manage needs improvements Status in Glance: Triaged Bug description: A few things: 1. unnecessary trailing '/' on all 4 urls 2. request parameters are displaying as: - image_id: image_id-in-path 3. query-cache-status is missing the list of response paramaters and the example response --- Release: on 2022-04-20 05:36:37 SHA: ffe6ce076d39ee406c8f3e9d9266f664a63b1888 Source: https://opendev.org/openstack/glance/src/api-ref/source/v2/index.rst URL: https://docs.openstack.org/api-ref/image/v2/index.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1971176/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1969794] Re: backport of the fix for bug #1947370 make lock_path a requird config option when prvisouls it was optional
To follow up on Sean's last comment, we discussed the issue of whether this was a breaking change on the release patch for the wallaby backport: https://review.opendev.org/c/openstack/releases/+/829590 Both nova and cinder already use external locks and require lock_path to be configured; see for example the installation instructions for nova and cinder. So in real deployments, this won't be an issue. We don't set a default value because there's really no sensible default. ** Changed in: os-brick Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1969794 Title: backport of the fix for bug #1947370 make lock_path a requird config option when prvisouls it was optional Status in OpenStack Compute (nova): Triaged Status in os-brick: Invalid Bug description: https://review.opendev.org/q/topic:bug%252F1947370 as part of fixing bug 1947370 (https://launchpad.net/bugs/1947370) https://review.opendev.org/c/openstack/os-brick/+/814139 made the external lock_path config option required with no default provided this was then backported breaking nova unit tests on stabel branches and potentially any deployment that upgrade to a new version of os-brick without this defined. i don't belive that such a backport is in line with stable policy and if it was to be backported a sane default like /tmp/os_brick_lock would be required to not break existing installs. this i currently breaking downstream unit test for redhat osp 17 and its also breaking the upstream stable wallayb unittest for nova. it is unclear if this has directly broken any real world deployment but it has the potential too. as noted in this revert patch https://review.opendev.org/c/openstack/os-brick/+/838871 it is trival to reproduce this git clone https://opendev.org/openstack/nova nova-test cd nova-test git checkout --track origin/stable/wallaby tox -e py3 ^ this shoudl fail with the lock_path excption cd .. git clone https://opendev.org/openstack/os-brick os-brick-revert cd os-brick-revert git fetch https://review.opendev.org/openstack/os-brick refs/changes/71/838871/1 && git checkout FETCH_HEAD cd ../nova-test .tox/py3/bin/python3 -m pip install -e ../os-brick-revert tox -e py3 that will no longer have the lock_path error .tox/py38/bin/python3 -m pip install os-brick\<4.3.3 while I'm not sure the revert is the correct way to proceed we will need to blacklist the broken os-brick release in the requirement repo and come up with a backportable fix for all affected branches. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1969794/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1962581] [NEW] bad default value for [wsgi] /python_interpreter option
Public bug reported: Noticed when reviewing glance-api.conf in https://review.opendev.org/c/openstack/glance/+/831368 # Path to the python interpreter to use when spawning external # processes. By default this is sys.executable, which should be the # same interpreter running Glance itself. However, in some situations # (i.e. uwsgi) this may not actually point to a python interpreter # itself. (string value) #python_interpreter = /home/ubuntu/glance/.tox/genconfig/bin/python It's pretty unlikely that that's going to be correct in any actual deployment. The option is used by us at: https://opendev.org/openstack/glance/src/commit/b434adba615fd139f6d3c8bd173e5870d102ae83/glance/async_/flows/plugins/image_conversion.py#L72 (to set self.python) and https://opendev.org/openstack/glance/src/commit/b434adba615fd139f6d3c8bd173e5870d102ae83/glance/async_/flows/plugins/image_conversion.py#L95 (to pass self.python as the value of the 'python_exec' argument to putils) processutils does this with it: https://opendev.org/openstack/oslo.concurrency/src/commit/95b9334cfab6849fbe47e2b118e5355af3675dba/oslo_concurrency/processutils.py#L332 python_exec = kwargs.pop('python_exec', sys.executable) This is the point where sys.executable should be evaluated, not when the option help text is generated. Thus, the default value glance sets for this option should be None, which corresponds to putils using sys.executable if the option isn't set. ** Affects: glance Importance: Low Assignee: Brian Rosmaita (brian-rosmaita) Status: Triaged ** Changed in: glance Assignee: (unassigned) => Brian Rosmaita (brian-rosmaita) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1962581 Title: bad default value for [wsgi] /python_interpreter option Status in Glance: Triaged Bug description: Noticed when reviewing glance-api.conf in https://review.opendev.org/c/openstack/glance/+/831368 # Path to the python interpreter to use when spawning external # processes. By default this is sys.executable, which should be the # same interpreter running Glance itself. However, in some situations # (i.e. uwsgi) this may not actually point to a python interpreter # itself. (string value) #python_interpreter = /home/ubuntu/glance/.tox/genconfig/bin/python It's pretty unlikely that that's going to be correct in any actual deployment. The option is used by us at: https://opendev.org/openstack/glance/src/commit/b434adba615fd139f6d3c8bd173e5870d102ae83/glance/async_/flows/plugins/image_conversion.py#L72 (to set self.python) and https://opendev.org/openstack/glance/src/commit/b434adba615fd139f6d3c8bd173e5870d102ae83/glance/async_/flows/plugins/image_conversion.py#L95 (to pass self.python as the value of the 'python_exec' argument to putils) processutils does this with it: https://opendev.org/openstack/oslo.concurrency/src/commit/95b9334cfab6849fbe47e2b118e5355af3675dba/oslo_concurrency/processutils.py#L332 python_exec = kwargs.pop('python_exec', sys.executable) This is the point where sys.executable should be evaluated, not when the option help text is generated. Thus, the default value glance sets for this option should be None, which corresponds to putils using sys.executable if the option isn't set. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1962581/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1962480] [NEW] api-ref: versions response needs an update
Public bug reported: This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes: - [x] This doc is inaccurate in this way: __ Shows current version of the API as 2.9; whereas it's at least 2.15 now. Also, everyone finds the "Version History" part of the doc confusing. (Sorry!) Could use a rewrite. --- Release: on 2022-02-17 14:52:25 SHA: e99b63af063f463bf20c526bf3938b8305925167 Source: https://opendev.org/openstack/glance/src/api-ref/source/versions/index.rst URL: https://docs.openstack.org/api-ref/image/versions/index.html ** Affects: glance Importance: Low Status: Triaged ** Tags: api-ref documentation -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1962480 Title: api-ref: versions response needs an update Status in Glance: Triaged Bug description: This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes: - [x] This doc is inaccurate in this way: __ Shows current version of the API as 2.9; whereas it's at least 2.15 now. Also, everyone finds the "Version History" part of the doc confusing. (Sorry!) Could use a rewrite. --- Release: on 2022-02-17 14:52:25 SHA: e99b63af063f463bf20c526bf3938b8305925167 Source: https://opendev.org/openstack/glance/src/api-ref/source/versions/index.rst URL: https://docs.openstack.org/api-ref/image/versions/index.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1962480/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1933966] Re: sync-images fails with Invalid glance image: . Expected size= md5=None. Found size= md5=
Glance has already (in Rocky) introduced a "multihash" (self-describing hash fields that use SHA-512 by default). See the Rocky release notes for details: https://docs.openstack.org/releasenotes/glance/rocky.html#new-features The 'checksum' property remains on images for backward compatability. ** Changed in: glance Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1933966 Title: sync-images fails with Invalid glance image: . Expected size= md5=None. Found size= md5= Status in OpenStack Glance-Simplestreams-Sync Charm: Triaged Status in charm-octavia-diskimage-retrofit: Triaged Status in cloud-images: New Status in Glance: Invalid Status in simplestreams: New Bug description: Visible in this gate: https://review.opendev.org/c/openstack/charm-octavia-diskimage-retrofit/+/778995 https://openstack-ci-reports.ubuntu.com/artifacts/d09/778995/5/check/bionic-ussuri/d092848/job-output.txt zaza.model.ActionFailed: Run of action "sync-images" with parameters "" on "glance-simplestreams-sync/0" failed with "exit status 1" (id=36 status=failed enqueued=2021-06-28T16:55:10Z started=2021-06-28T16:55:11Z completed=2021-06-28T16:55:28Z output={'Code': '1', 'Stderr': '/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py:179: UserWarning: Using keystoneclient sessions has been deprecated. Please update your software to use keystoneauth1.\n warnings.warn(\'Using keystoneclient sessions has been deprecated. \'\nTraceback (most recent call last): File "/snap/simplestreams/27/bin/sstream-mirror-glance", line 185, in main() File "/snap/simplestreams/27/bin/sstream-mirror-glance", line 181, in main tmirror.sync(smirror, args.path) File "/snap/simplestreams/27/lib/python3.6/site-packages/simplestreams/mirrors/__init__.py", line 91, in sync return self.sync_index(reader, path, data, content) File "/snap/simplestreams/27/lib/python3.6/site-packages/simplestreams/mirrors/__init__.py", line 254, in sync_index self.sync(reader, path=epath) File "/snap/simplestreams/27/lib/python3.6/site-packages/simplestreams/mirrors/__init__.py", line 89, in sync return self.sync_products(reader, path, data, content) File "/snap/simplestreams/27/lib/python3.6/site-packages/simplestreams/mirrors/__init__.py", line 360, in sync_products (prodname, vername)) File "/snap/simplestreams/27/lib/python3.6/site-packages/simplestreams/mirrors/glance.py", line 582, in insert_version self._insert_item(*iargs) File "/snap/simplestreams/27/lib/python3.6/site-packages/simplestreams/mirrors/glance.py", line 501, in _insert_item self.validate_image(glance_image.id, new_md5, new_size) File "/snap/simplestreams/27/lib/python3.6/site-packages/simplestreams/mirrors/glance.py", line 537, in validate_image raise IOError(msg) OSError: Invalid glance image: 3c4b49a4-a4c9-4b84-95eb-dbf0ce3d1e83. Expected size=172883968 md5=None. Found size=172883968 md5=078ff054bceec76f66ffeaa748f9f2e5. ', 'Stdout': 'sending incremental file list\nstreams/\nstreams/v1/\nstreams/v1/auto.sync.json\nstreams/v1/index.json\n\nsent 1,230 bytes received 66 bytes 2,592.00 bytes/sec\ntotal size is 2,535 speedup is 1.96\n'}) To manage notifications about this bug go to: https://bugs.launchpad.net/charm-glance-simplestreams-sync/+bug/1933966/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1926399] Re: UT failing with sqlalchemy 1.4
Fixes for the bugs mentioned in comment #9 have merged. ** Changed in: cinder Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1926399 Title: UT failing with sqlalchemy 1.4 Status in Cinder: Fix Released Status in masakari: In Progress Status in neutron: Fix Released Status in OpenStack Compute (nova): In Progress Status in oslo.db: Fix Released Bug description: See job cross-neutron-py36 in test patch https://review.opendev.org/c/openstack/requirements/+/788339/ https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_ac7/788339/1/check /cross-neutron-py36/ac77335/testr_results.html To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1926399/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1921381] Re: iSCSI: Flushing issues when multipath config has changed
** Also affects: os-brick/train Importance: Undecided Status: New ** Also affects: os-brick/ussuri Importance: Undecided Status: New ** Also affects: os-brick/victoria Importance: Undecided Status: New ** Also affects: os-brick/queens Importance: Undecided Status: New ** Also affects: os-brick/rocky Importance: Undecided Status: New ** Also affects: os-brick/stein Importance: Undecided Status: New ** Changed in: os-brick/xena Status: In Progress => Fix Committed ** Changed in: os-brick/wallaby Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1921381 Title: iSCSI: Flushing issues when multipath config has changed Status in OpenStack Compute (nova): In Progress Status in OpenStack Compute (nova) wallaby series: In Progress Status in OpenStack Compute (nova) xena series: Fix Released Status in os-brick: Fix Committed Status in os-brick queens series: New Status in os-brick rocky series: New Status in os-brick stein series: New Status in os-brick train series: New Status in os-brick ussuri series: New Status in os-brick victoria series: New Status in os-brick wallaby series: Fix Released Status in os-brick xena series: Fix Committed Bug description: OS-Brick disconnect_volume code assumes that the use_multipath parameter that is used to instantiate the connector has the same value than the connector that was used on the original connect_volume call. Unfortunately this is not necessarily true, because Nova can attach a volume, then its multipath configuration can be enabled or disabled, and then a detach can be issued. This leads to a series of serious issues such as: - Not flushing the single path on disconnect_volume (possible data loss) and leaving it as a leftover device on the host when Nova calls terminate-connection on Cinder. - Not flushing the multipath device (possible data loss) and leaving it as a lefover device similarly to the other case. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1921381/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1906768] Re: Evacuation results in multipath residue when use fc
The Pike release has reached EOL and no bugfixes are being provided for it. Please investigate upgrading to a more recent release. ** Changed in: os-brick Status: New => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1906768 Title: Evacuation results in multipath residue when use fc Status in OpenStack Compute (nova): New Status in os-brick: Won't Fix Bug description: My environment uses the OpenStack Pike,fibre Channel is used for back-end storage,when we place 'volume_use_multipath=True' in nova.conf, we found that evacuation leads to multipath residue。 Trace code through Debug,we find os-brick can not find volume_paths, So the residual multipath cannot be removed。 By analyzing the code,the Volume_path acquired through FC is not in a local directory, because it's on the new node. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1906768/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1895696] [NEW] unable to boot instance from encrypted volume created from a glance image of an encrypted volume
Public bug reported: Description === What the title says, plus see "steps to reproduce" below. This is a regression caused by the fix for https://bugs.launchpad.net/nova/+bug/1852106 Steps to Reproduce == 1. Let Image-1 be a "regular" (non-encrypted, bootable) image in Glance (like the cirros image). 2. Create volume V-1 in Cinder from Image-1 specifying encrypted volume-type T-1. 3. Boot an instance from V-1 (make sure delete-on-terminate is false). Works fine. Delete the instance to free up the volume. 4. Call cinder upload-to-image on V-1 to create Image-2. 5. Create volume V-2 in Cinder specifying encrypted volume-type T-1 from Image-2. 6. Boot an instance from V-2. Expected result === Working instance booted from volume. Actual result = ERROR (BadRequest): Image None is unacceptable: Direct booting of an image uploaded from an encrypted volume is unsupported. (HTTP 400) Note: If we bypass the check at https://review.opendev.org/#/c/707738/3/nova/compute/api.py@894, the instance goes 'active' and is operable (you can ssh into it). (Of course, we don't want to bypass the check, it just needs to be made aware that we are booting from a volume, not trying to boot from an image.) ** Affects: nova Importance: Undecided Assignee: Brian Rosmaita (brian-rosmaita) Status: New ** Tags: volumes ** Changed in: nova Assignee: (unassigned) => Brian Rosmaita (brian-rosmaita) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1895696 Title: unable to boot instance from encrypted volume created from a glance image of an encrypted volume Status in OpenStack Compute (nova): New Bug description: Description === What the title says, plus see "steps to reproduce" below. This is a regression caused by the fix for https://bugs.launchpad.net/nova/+bug/1852106 Steps to Reproduce == 1. Let Image-1 be a "regular" (non-encrypted, bootable) image in Glance (like the cirros image). 2. Create volume V-1 in Cinder from Image-1 specifying encrypted volume-type T-1. 3. Boot an instance from V-1 (make sure delete-on-terminate is false). Works fine. Delete the instance to free up the volume. 4. Call cinder upload-to-image on V-1 to create Image-2. 5. Create volume V-2 in Cinder specifying encrypted volume-type T-1 from Image-2. 6. Boot an instance from V-2. Expected result === Working instance booted from volume. Actual result = ERROR (BadRequest): Image None is unacceptable: Direct booting of an image uploaded from an encrypted volume is unsupported. (HTTP 400) Note: If we bypass the check at https://review.opendev.org/#/c/707738/3/nova/compute/api.py@894, the instance goes 'active' and is operable (you can ssh into it). (Of course, we don't want to bypass the check, it just needs to be made aware that we are booting from a volume, not trying to boot from an image.) To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1895696/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1863611] Re: Nova allows direct boot of an image created from an encrypted cinder volume
This was fixed in Ussuri by https://review.opendev.org/#/c/707738/ ** Changed in: glance Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1863611 Title: Nova allows direct boot of an image created from an encrypted cinder volume Status in Glance: Fix Released Bug description: Cinder allows encrypted volumes to be uploaded as images to Glance. Nova has never supported the direct boot of such images; instead, the user is supposed to use the image to create a volume, which can then be booted from. NOTE: Allowing such an instance to go 'active' allows it to be snapshotted, leading to the problem described in Bug #1852106. When a user does attempt to boot directly from such an image, the instance goes 'active' but is unusable. The end user will eventually figure out what the problem is, but it would be better if the Compute API rejected the boot request. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1863611/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1885288] [NEW] cinder glance_store docs out of date
Public bug reported: Release: 20.1.0.dev24 on 2020-03-03 11:38:02 SHA: e6db0b10a703037f754007bef6f56451086850cd Source: https://opendev.org/openstack/glance/src/doc/source/configuration/configuring.rst URL: https://docs.openstack.org/glance/latest/configuration/configuring.html The section "Configuring the Cinder Storage Backend" needs an update. For one thing, it says that the Cinder backend is experimental (I think experimental status was removed in Rocky, check the release notes). Also (and this is the real point), it is missing the cinder_volume_type option, which has some constraints associated with it that we need to point out. See https://review.opendev.org/#/c/732506/ ** Affects: glance Importance: Low Status: Triaged ** Tags: documentation -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1885288 Title: cinder glance_store docs out of date Status in Glance: Triaged Bug description: Release: 20.1.0.dev24 on 2020-03-03 11:38:02 SHA: e6db0b10a703037f754007bef6f56451086850cd Source: https://opendev.org/openstack/glance/src/doc/source/configuration/configuring.rst URL: https://docs.openstack.org/glance/latest/configuration/configuring.html The section "Configuring the Cinder Storage Backend" needs an update. For one thing, it says that the Cinder backend is experimental (I think experimental status was removed in Rocky, check the release notes). Also (and this is the real point), it is missing the cinder_volume_type option, which has some constraints associated with it that we need to point out. See https://review.opendev.org/#/c/732506/ To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1885288/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1884996] [NEW] default value for all_stores_must_succeed is not stated
Public bug reported: Found in: Release: on 2020-06-01 07:01:44 SHA: 03cb88a4376cab5e80697800591db47ca801cc56 Source: https://opendev.org/openstack/glance/src/api-ref/source/v2/index.rst URL: https://docs.openstack.org/api-ref/image/v2/ Actually, it does say "(default to True)" somewhere, but it would be helpful if it said that in the table where the request parameters are listed. ** Affects: glance Importance: Low Status: Triaged ** Tags: api-ref documentation -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1884996 Title: default value for all_stores_must_succeed is not stated Status in Glance: Triaged Bug description: Found in: Release: on 2020-06-01 07:01:44 SHA: 03cb88a4376cab5e80697800591db47ca801cc56 Source: https://opendev.org/openstack/glance/src/api-ref/source/v2/index.rst URL: https://docs.openstack.org/api-ref/image/v2/ Actually, it does say "(default to True)" somewhere, but it would be helpful if it said that in the table where the request parameters are listed. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1884996/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1875629] [NEW] api-ref needs update about 'checksum' image property
Public bug reported: A value for the 'checksum' image property will no longer be computed from Victoria onwards. The field itself will remain (so no change in the API response). Current text is: Hash that is used over the image data. The Image service uses this value for verification. The value might be null (JSON null data type). Should change to something like: An MD5 hash over the image data. The value might be null (JSON null data type), as this field is no longer populated by the Image Service beginning with the Victoria release. It remains present for backward compatibility with legacy images. To validate image data, instead use the secure multihash fields ``os_hash_algo`` and ``os_hash_value``. ** Affects: glance Importance: Medium Status: Triaged ** Tags: documentation low-hanging-fruit -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1875629 Title: api-ref needs update about 'checksum' image property Status in Glance: Triaged Bug description: A value for the 'checksum' image property will no longer be computed from Victoria onwards. The field itself will remain (so no change in the API response). Current text is: Hash that is used over the image data. The Image service uses this value for verification. The value might be null (JSON null data type). Should change to something like: An MD5 hash over the image data. The value might be null (JSON null data type), as this field is no longer populated by the Image Service beginning with the Victoria release. It remains present for backward compatibility with legacy images. To validate image data, instead use the secure multihash fields ``os_hash_algo`` and ``os_hash_value``. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1875629/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1875630] [NEW] issue OSSN when glance no longer requires an md5 implementation
Public bug reported: See https://bugs.launchpad.net/glance/+bug/1875439 for background. ** Affects: glance Importance: Medium Status: Triaged ** Tags: documentation security ** Changed in: glance Importance: Undecided => Medium -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1875630 Title: issue OSSN when glance no longer requires an md5 implementation Status in Glance: Triaged Bug description: See https://bugs.launchpad.net/glance/+bug/1875439 for background. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1875630/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1875439] [NEW] glance requires md5 implementation be available
*** This bug is a security vulnerability *** Public security bug reported: Glance populates a legacy 'checksum' image property which is an md5 hash of image data content. It's a "legacy" property because it has not been required for the validation of downloaded image data since glance version 17.0.0 (Rocky) when the operator-configurable secure "multihash" was implemented. However, the 'checksum' property has continued to be populated for backward compatibility. In order to populate the field, even as a courtesy, an implementation of the md5 algorithm must be available to glance; but this cannot be guaranteed in environments that comply with various security standards (for example, FIPS). As a result, there are environments in which glance cannot be run, and of course, these are most likely exactly the environments in which people want to run glance. To remove the dependency on the insecure MD5 algorithm, glance should stop populating the legacy 'checksum' field. It has already been made redundant by the secure "multihash" and is unnecessary. In order to preserve backward compatibility, the field will not be removed. As a timeframe for fixing this: an announcement can be made to operators as part of the Ussuri release, and code using md5 will be removed during the Victoria development cycle. Thus the Victoria release will not require Glance to be executed in a non-compliant security environment. ** Affects: glance Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1875439 Title: glance requires md5 implementation be available Status in Glance: New Bug description: Glance populates a legacy 'checksum' image property which is an md5 hash of image data content. It's a "legacy" property because it has not been required for the validation of downloaded image data since glance version 17.0.0 (Rocky) when the operator-configurable secure "multihash" was implemented. However, the 'checksum' property has continued to be populated for backward compatibility. In order to populate the field, even as a courtesy, an implementation of the md5 algorithm must be available to glance; but this cannot be guaranteed in environments that comply with various security standards (for example, FIPS). As a result, there are environments in which glance cannot be run, and of course, these are most likely exactly the environments in which people want to run glance. To remove the dependency on the insecure MD5 algorithm, glance should stop populating the legacy 'checksum' field. It has already been made redundant by the secure "multihash" and is unnecessary. In order to preserve backward compatibility, the field will not be removed. As a timeframe for fixing this: an announcement can be made to operators as part of the Ussuri release, and code using md5 will be removed during the Victoria development cycle. Thus the Victoria release will not require Glance to be executed in a non-compliant security environment. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1875439/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1871419] [NEW] need multihash info in glance user, admin guides
Public bug reported: The user guide and admin guide need info about the secure "multihash" feature. Both need to describe the idea of the self-describing secure hash. Additionally: admin guide: the os_hash_algo is operator-configurable; explain how user guide: the os_hash_algo value can be passed to hashlib to obtain a digest algorithm to validate a download Current sources for this info are: (1) description of os_hash_value, os_hash_algo in the api-ref (2) the multihash spec: https://specs.openstack.org/openstack/glance-specs/specs/rocky/implemented/glance/multihash.html (3) rocky release notes: https://docs.openstack.org/releasenotes/glance/rocky.html ** Affects: glance Importance: Undecided Status: Triaged ** Tags: docs documentation low-hanging-fruit -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1871419 Title: need multihash info in glance user, admin guides Status in Glance: Triaged Bug description: The user guide and admin guide need info about the secure "multihash" feature. Both need to describe the idea of the self-describing secure hash. Additionally: admin guide: the os_hash_algo is operator-configurable; explain how user guide: the os_hash_algo value can be passed to hashlib to obtain a digest algorithm to validate a download Current sources for this info are: (1) description of os_hash_value, os_hash_algo in the api-ref (2) the multihash spec: https://specs.openstack.org/openstack/glance-specs/specs/rocky/implemented/glance/multihash.html (3) rocky release notes: https://docs.openstack.org/releasenotes/glance/rocky.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1871419/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1841862] Re: Add 'compressed' option to container_format
Already fixed by Change-Id: I62159315346e99522740383dd4bb5d2cc0ee368d ** Changed in: glance Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1841862 Title: Add 'compressed' option to container_format Status in Glance: Fix Released Bug description: https://review.opendev.org/677788 Dear bug triager. This bug was created since a commit was marked with DOCIMPACT. Your project "openstack/glance" is set up so that we directly report the documentation bugs against it. If this needs changing, the docimpact-group option needs to be added for the project. You can ask the OpenStack infra team (#openstack-infra on freenode) for help if you need to. commit 43aa0479229c23c828530f25dac5208395761b5f Author: ZhengMa Date: Wed Aug 21 16:31:53 2019 + Add 'compressed' option to container_format This patch is purposed to support a new container_format so that we can do image compression when uploading a volume to glance and decompression when downloading a image from glance. This patch includes: 1. A new container_format option: 'compressed'. 2. Unit test for new option. DocImpact Implements: blueprint leverage-compression-accelerator Depends-On: https://review.opendev.org/#/c/670454/ Change-Id: I62159315346e99522740383dd4bb5d2cc0ee368d To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1841862/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1870336] [NEW] Update 'common image properties' doc
Public bug reported: This doc: https://opendev.org/openstack/glance/src/branch/master/doc/source/user /common-image-properties.rst has gotten out of sync with the actual list of properties: https://opendev.org/openstack/glance/src/branch/master/etc/schema- image.json ** Affects: glance Importance: Low Status: Triaged ** Tags: doc documentation low-hanging-fruit -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1870336 Title: Update 'common image properties' doc Status in Glance: Triaged Bug description: This doc: https://opendev.org/openstack/glance/src/branch/master/doc/source/user /common-image-properties.rst has gotten out of sync with the actual list of properties: https://opendev.org/openstack/glance/src/branch/master/etc/schema- image.json To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1870336/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1858379] Re: Verify operation in glance
*** This bug is a duplicate of bug 1852835 *** https://bugs.launchpad.net/bugs/1852835 ** This bug has been marked a duplicate of bug 1852835 the parameter "--public" has been removed in new version -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1858379 Title: Verify operation in glance Status in Glance: New Bug description: This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes: - [x] This doc is inaccurate in this way: __ - [ ] This is a doc addition request. - [x] I have a fix to the document that I can paste below including example: input and output. OS:centos7 Original command: glance image-create --name "cirros" \ --file cirros-0.4.0-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public error: glance: error: unrecognized arguments: --public Right command: glance image-create --name "cirros" --file cirros-0.4.0-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --visibility public If you have a troubleshooting or support issue, use the following resources: - Ask OpenStack: http://ask.openstack.org - The mailing list: http://lists.openstack.org - IRC: 'openstack' channel on Freenode --- Release: on 2019-09-27 09:57:38 SHA: 6e3ced8251cd6e273aa73f553a24fc475b219db5 Source: https://opendev.org/openstack/glance/src/doc/source/install/verify.rst URL: https://docs.openstack.org/glance/train/install/verify.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1858379/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1859978] Re: Verify operation in glance
*** This bug is a duplicate of bug 1852835 *** https://bugs.launchpad.net/bugs/1852835 ** This bug has been marked a duplicate of bug 1852835 the parameter "--public" has been removed in new version -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1859978 Title: Verify operation in glance Status in Glance: New Bug description: This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes: - [x] This doc is inaccurate in this way: The command: glance image-create --name "cirros" \ --file cirros-0.4.0-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public does not work. Instead, the correct format seems to be: glance image-create --name "cirros" \ --file cirros-0.4.0-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --visibility public - [ ] This is a doc addition request. - [ ] I have a fix to the document that I can paste below including example: input and output. If you have a troubleshooting or support issue, use the following resources: - Ask OpenStack: http://ask.openstack.org - The mailing list: http://lists.openstack.org - IRC: 'openstack' channel on Freenode --- Release: on 2019-09-27 09:57:38 SHA: 8c2bc60820783f76c9421d615d3828a88008ca96 Source: https://opendev.org/openstack/glance/src/doc/source/install/verify.rst URL: https://docs.openstack.org/glance/train/install/verify.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1859978/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1860298] Re: Wrong visibility flag in the glance image-create
*** This bug is a duplicate of bug 1852835 *** https://bugs.launchpad.net/bugs/1852835 ** This bug has been marked a duplicate of bug 1852835 the parameter "--public" has been removed in new version -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1860298 Title: Wrong visibility flag in the glance image-create Status in Glance: In Progress Bug description: This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes: - [x] This doc is inaccurate in this way: __ - [ ] This is a doc addition request. - [ ] I have a fix to the document that I can paste below including example: input and output. x $ glance image-create --name "cirros" \ --file cirros-0.4.0-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --visibility public --visibility --public is a flag for openstack image create. --- Release: on 2019-09-27 09:57:38 SHA: 8c2bc60820783f76c9421d615d3828a88008ca96 Source: https://opendev.org/openstack/glance/src/doc/source/install/verify.rst URL: https://docs.openstack.org/glance/train/install/verify.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1860298/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1863534] Re: [openstacksdk] Create image doesn't validate checksum correctly using sha256 algorithm
** Project changed: glance => python-openstacksdk -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1863534 Title: [openstacksdk] Create image doesn't validate checksum correctly using sha256 algorithm Status in OpenStack SDK: New Bug description: I have set config option ``hashing_algorithm`` value as sha256 in glance. Now, I'm trying to create an image using openstacksdk. I have set hash value of the image to sha256 parameter of create_image method but it fails with an error "Image checksum verification failed". Reason: glance store calculates checksum using md5 algorithm and it calculates owner_specified.openstack.sha256/os_hash_value of an image using the algorithm that's set in ``hashing_algorithm``. In openstacksdk, it compares the checksum as shown below: checksum = data.get('checksum') if checksum: valid = (checksum == md5 or checksum == sha256) if not valid: raise Exception('Image checksum verification failed') IMO, except md5 algorithm, it should compare sha256 with the os_hash_value that's calculated and set by glance for an image. for cirros-0.4.0-x86_64-disk.img image:- md5 checksum is 443b7623e27ecf03dc9e01ee93f67afe sha256 checksum is a8dd75ecffd4cdd96072d60c2237b448e0c8b2bc94d57f10fdbc8c481d9005b8 If I pass sha256 parameter to create_image as a8dd75ecffd4cdd96072d60c2237b448e0c8b2bc94d57f10fdbc8c481d9005b8, it fails to create an image. To manage notifications about this bug go to: https://bugs.launchpad.net/python-openstacksdk/+bug/1863534/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1863611] [NEW] Nova allows direct boot of an image created from an encrypted cinder volume
Public bug reported: Cinder allows encrypted volumes to be uploaded as images to Glance. Nova has never supported the direct boot of such images; instead, the user is supposed to use the image to create a volume, which can then be booted from. NOTE: Allowing such an instance to go 'active' allows it to be snapshotted, leading to the problem described in Bug #1852106. When a user does attempt to boot directly from such an image, the instance goes 'active' but is unusable. The end user will eventually figure out what the problem is, but it would be better if the Compute API rejected the boot request. ** Affects: glance Importance: Undecided Assignee: Brian Rosmaita (brian-rosmaita) Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1863611 Title: Nova allows direct boot of an image created from an encrypted cinder volume Status in Glance: In Progress Bug description: Cinder allows encrypted volumes to be uploaded as images to Glance. Nova has never supported the direct boot of such images; instead, the user is supposed to use the image to create a volume, which can then be booted from. NOTE: Allowing such an instance to go 'active' allows it to be snapshotted, leading to the problem described in Bug #1852106. When a user does attempt to boot directly from such an image, the instance goes 'active' but is unusable. The end user will eventually figure out what the problem is, but it would be better if the Compute API rejected the boot request. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1863611/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1852106] Re: Possible data loss from createImage action
Added Nova to the bug. Quickest fix will be to modify the Nova non_inheritable_image_properties setting so that the problematic metadata are not inherited. Operators can make such a change without upgrading. Glance fix will take longer and require an upgrade. (I'm not saying we shouldn't do it, just that it would be good to fix a possible data loss bug as fast as possible.) ** Also affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1852106 Title: Possible data loss from createImage action Status in Glance: New Status in OpenStack Compute (nova): New Bug description: Description === When an instance is booted from a image created from an encrypted Cinder volume and several images are created from that instance, deleting any one of these images will render the remaining images unusable. The scenario 1. User creates a volume V-1 of an encrypted type in Cinder; Cinder automatically stores the encryption key in Barbican with key_id c-1. 2. User uploads this volume as an image to Glance as I-1. Cinder stores the encryption key in Barbican with key_id c-2 and puts the metadata cinder_encryption_key_id: c-2 on the image. The idea is to preserve a 1-1 relation between key_ids and resources so that when a resource is deleted, its key in Barbican can also be deleted with no potential for data loss. This prevents cruft from accumulating in the user's Barbican account. In Train, this deletion-from-Barbican process has been automated; if the metadata cinder_encryption_key_deletion_policy: on_image_deletion is present on the image, Glance will delete the key from Barbican when the image is deleted. Beginning with Train, Cinder puts the deletion_policy metadata on all volumes uploaded as images to Glance. 3. User boots an instance from image I-1. Nova will store all the image metadata from the image. 4. User does the createImage action on the instance. Nova creates an image I-2 and copies over the image metadata, putting cinder_encryption_key_id: c-2 cinder_encryption_key_deletion_policy: on_image_deletion on the image. 5. If the user deletes I-2, key c-2 will be deleted from Barbican, thereby rendering image I-1 unusable. Similarly, if the user has created a bunch of images from the instance, deleting one of them will render all the remainder useless. NOTE: if the user creates a volume from image I-1, Cinder will create a new Barbican secret for the resulting volume. So deleting I-1 (and hence key c-2) won't affect the usability of any volumes created from it. This bug has been around for a while, but it required the user to manually delete the Barbican secret that multiple images depend on. The Cinder/Glance change in Train to automate the process makes this scenario much more likely to happen. The immediate workaround is to add 'cinder_encryption_key_deletion_policy' to the non_inheritable_image_properties list in nova.conf. The long term solution is for Nova to clone the encryption key in Barbican so that Nova always puts a unique key_id on the created image. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1852106/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1856578] [NEW] docs: image schema customization restrictions
Public bug reported: An operator can modify /etc/schema-image.json to include arbitrary properties (which was that file's original purpose) and assign them JSON types other than 'string'. The type is enforced by image create/update but an end-user making a call that sets a value on one of these gets a 500. This is because everything in the image_properties table must be a string in the database. The API, however, won't accept a string value when the schema says it's boolean or some other non-string JSON data type). We should document: (1) these things *must* be strings (2) recommend that operators not delete items from the default schema- image.json file, because this will affect interoperability (3) maybe recommend using metadefs instead of modifying the image schema? ** Affects: glance Importance: Undecided Status: Triaged ** Tags: documentation low-hanging-fruit -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1856578 Title: docs: image schema customization restrictions Status in Glance: Triaged Bug description: An operator can modify /etc/schema-image.json to include arbitrary properties (which was that file's original purpose) and assign them JSON types other than 'string'. The type is enforced by image create/update but an end-user making a call that sets a value on one of these gets a 500. This is because everything in the image_properties table must be a string in the database. The API, however, won't accept a string value when the schema says it's boolean or some other non-string JSON data type). We should document: (1) these things *must* be strings (2) recommend that operators not delete items from the default schema- image.json file, because this will affect interoperability (3) maybe recommend using metadefs instead of modifying the image schema? To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1856578/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1856581] [NEW] metadefs: OS::Glance::CommonImageProperties out of date
Public bug reported: As of Train, the OS::Glance::CommonImageProperties defined in etc/metadefs/glance-common-image-props.json is missing some properties defined in etc/image-schema.json ** Affects: glance Importance: Undecided Status: Triaged ** Tags: documentation low-hanging-fruit metadef -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1856581 Title: metadefs: OS::Glance::CommonImageProperties out of date Status in Glance: Triaged Bug description: As of Train, the OS::Glance::CommonImageProperties defined in etc/metadefs/glance-common-image-props.json is missing some properties defined in etc/image-schema.json To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1856581/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1856566] [NEW] docs: policy docs out of date
Public bug reported: As of today (16 Dec 2019) the policy docs are out of date. They refer to v1, and also are missing several policies (for example, the locations policies, the tasks and task_api_access policy, etc.) The rule-writing section should probably just contain a reference to the oslo.policy docs. ** Affects: glance Importance: Undecided Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1856566 Title: docs: policy docs out of date Status in Glance: Triaged Bug description: As of today (16 Dec 2019) the policy docs are out of date. They refer to v1, and also are missing several policies (for example, the locations policies, the tasks and task_api_access policy, etc.) The rule-writing section should probably just contain a reference to the oslo.policy docs. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1856566/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1856364] [NEW] docs: multistore no longer experimental
Public bug reported: As of today (13 Dec 2019) the api-ref contains a note that the Glance multistore feature is experimental. It became fully supported in Train. Need to fix this in the api-ref and also look through the administration guide and configuration guide to make sure multistore is no longer described as experimental. ** Affects: glance Importance: Undecided Status: Triaged ** Tags: documentation low-hanging-fruit -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1856364 Title: docs: multistore no longer experimental Status in Glance: Triaged Bug description: As of today (13 Dec 2019) the api-ref contains a note that the Glance multistore feature is experimental. It became fully supported in Train. Need to fix this in the api-ref and also look through the administration guide and configuration guide to make sure multistore is no longer described as experimental. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1856364/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1853693] [NEW] Remove Python 2 testing and gate jobs
Public bug reported: With the Ussuri release, OpenStack will no longer support Python 2. We need to remove Python 2 testing right away, because as other project and libraries remove Python 2 support, our testing and gate jobs may break. (See, for example, the discussion on https://review.opendev.org/#/c/695007/ ) The periodic "tips" jobs will definitely break. Need to remove the py2* testenvs in tox as well as py2-specific testing configured in .zuul.yaml As part of this, should make sure we are configured to test the official Ussuri python runtimes, namely, py36 and py37. See https://governance.openstack.org/tc/reference/runtimes/ussuri.html ** Affects: glance Importance: Undecided Assignee: Brian Rosmaita (brian-rosmaita) Status: In Progress ** Affects: glance-store Importance: Undecided Status: New ** Affects: python-glanceclient Importance: Undecided Status: New ** Also affects: python-glanceclient Importance: Undecided Status: New ** Also affects: glance-store Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1853693 Title: Remove Python 2 testing and gate jobs Status in Glance: In Progress Status in glance_store: New Status in Glance Client: New Bug description: With the Ussuri release, OpenStack will no longer support Python 2. We need to remove Python 2 testing right away, because as other project and libraries remove Python 2 support, our testing and gate jobs may break. (See, for example, the discussion on https://review.opendev.org/#/c/695007/ ) The periodic "tips" jobs will definitely break. Need to remove the py2* testenvs in tox as well as py2-specific testing configured in .zuul.yaml As part of this, should make sure we are configured to test the official Ussuri python runtimes, namely, py36 and py37. See https://governance.openstack.org/tc/reference/runtimes/ussuri.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1853693/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1852356] [NEW] tox testenv not installing requirements properly
Public bug reported: I've encountered this recently when building new tox environments: = Failures during discovery = --- import errors --- Failed to import test module: glance.tests.unit.api.test_cmd Traceback (most recent call last): File "/home/brosmait/repos/openstack/glance/.tox/py36/lib/python3.6/site-packages/unittest2/loader.py", line 456, in _find_test_path module = self._get_module_from_name(name) File "/home/brosmait/repos/openstack/glance/.tox/py36/lib/python3.6/site-packages/unittest2/loader.py", line 395, in _get_module_from_name __import__(name) File "/home/brosmait/repos/openstack/glance/glance/tests/unit/api/test_cmd.py", line 20, in import glance.cmd.api File "/home/brosmait/repos/openstack/glance/glance/cmd/api.py", line 42, in from oslo_reports import guru_meditation_report as gmr ModuleNotFoundError: No module named 'oslo_reports' Looking at the current tox.ini, the base testenv sets some env vars and then we have: install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} {opts} {packages} deps = -r{toxinidir}/test-requirements.txt No mention of the requirements at all. I think we are hitting a bug that Tony Breeds patched in Cinder, Change- Id: I5b1c285680f7c3256a707ea5973573f1176d4a26 Change the testenv like this: install_command = pip install {opts} {packages} deps = -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} -r{toxinidir}/test-requirements.txt -r{toxinidir}/requirements.txt This makes sure that the u-c file is applied to both the test-req and the requirements, which is what we want. ** Affects: glance Importance: Medium Assignee: Brian Rosmaita (brian-rosmaita) Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1852356 Title: tox testenv not installing requirements properly Status in Glance: In Progress Bug description: I've encountered this recently when building new tox environments: = Failures during discovery = --- import errors --- Failed to import test module: glance.tests.unit.api.test_cmd Traceback (most recent call last): File "/home/brosmait/repos/openstack/glance/.tox/py36/lib/python3.6/site-packages/unittest2/loader.py", line 456, in _find_test_path module = self._get_module_from_name(name) File "/home/brosmait/repos/openstack/glance/.tox/py36/lib/python3.6/site-packages/unittest2/loader.py", line 395, in _get_module_from_name __import__(name) File "/home/brosmait/repos/openstack/glance/glance/tests/unit/api/test_cmd.py", line 20, in import glance.cmd.api File "/home/brosmait/repos/openstack/glance/glance/cmd/api.py", line 42, in from oslo_reports import guru_meditation_report as gmr ModuleNotFoundError: No module named 'oslo_reports' Looking at the current tox.ini, the base testenv sets some env vars and then we have: install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} {opts} {packages} deps = -r{toxinidir}/test-requirements.txt No mention of the requirements at all. I think we are hitting a bug that Tony Breeds patched in Cinder, Change-Id: I5b1c285680f7c3256a707ea5973573f1176d4a26 Change the testenv like this: install_command = pip install {opts} {packages} deps = -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} -r{toxinidir}/test-requirements.txt -r{toxinidir}/requirements.txt This makes sure that the u-c file is applied to both the test-req and the requirements, which is what we want. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1852356/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1852354] [NEW] TestTasksDeserializer class not using FakePolicyEnforcer
Public bug reported: This was uncovered by a patch implementing policy-in-code for Glance: https://review.opendev.org/#/c/693129/ The TestTasksDeserializer class creates a glance.v2.tasks.RequestDeserializer but doesn't pass it a policy_enforcer. As a result, RequestDeserializer uses a real policy enforcer. The default policy in code that's checked by the RequestDeserializer is "tasks_api_access: role:admin", and with that policy in place, all the unit test requests fail. Need to pass the unit test class the FakePolicyEnforcer so that the deserialization can be tested. ** Affects: glance Importance: High Assignee: Brian Rosmaita (brian-rosmaita) Status: Triaged ** Changed in: glance Status: New => Triaged ** Changed in: glance Importance: Undecided => High ** Changed in: glance Assignee: (unassigned) => Brian Rosmaita (brian-rosmaita) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1852354 Title: TestTasksDeserializer class not using FakePolicyEnforcer Status in Glance: Triaged Bug description: This was uncovered by a patch implementing policy-in-code for Glance: https://review.opendev.org/#/c/693129/ The TestTasksDeserializer class creates a glance.v2.tasks.RequestDeserializer but doesn't pass it a policy_enforcer. As a result, RequestDeserializer uses a real policy enforcer. The default policy in code that's checked by the RequestDeserializer is "tasks_api_access: role:admin", and with that policy in place, all the unit test requests fail. Need to pass the unit test class the FakePolicyEnforcer so that the deserialization can be tested. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1852354/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1852106] [NEW] Possible data loss from createImage action
Public bug reported: Description === When an instance is booted from a image created from an encrypted Cinder volume and several images are created from that instance, deleting any one of these images will render the remaining images unusable. The scenario 1. User creates a volume V-1 of an encrypted type in Cinder; Cinder automatically stores the encryption key in Barbican with key_id c-1. 2. User uploads this volume as an image to Glance as I-1. Cinder stores the encryption key in Barbican with key_id c-2 and puts the metadata cinder_encryption_key_id: c-2 on the image. The idea is to preserve a 1-1 relation between key_ids and resources so that when a resource is deleted, its key in Barbican can also be deleted with no potential for data loss. This prevents cruft from accumulating in the user's Barbican account. In Train, this deletion-from-Barbican process has been automated; if the metadata cinder_encryption_key_deletion_policy: on_image_deletion is present on the image, Glance will delete the key from Barbican when the image is deleted. Beginning with Train, Cinder puts the deletion_policy metadata on all volumes uploaded as images to Glance. 3. User boots an instance from image I-1. Nova will store all the image metadata from the image. 4. User does the createImage action on the instance. Nova creates an image I-2 and copies over the image metadata, putting cinder_encryption_key_id: c-2 cinder_encryption_key_deletion_policy: on_image_deletion on the image. 5. If the user deletes I-2, key c-2 will be deleted from Barbican, thereby rendering image I-1 unusable. Similarly, if the user has created a bunch of images from the instance, deleting one of them will render all the remainder useless. NOTE: if the user creates a volume from image I-1, Cinder will create a new Barbican secret for the resulting volume. So deleting I-1 (and hence key c-2) won't affect the usability of any volumes created from it. This bug has been around for a while, but it required the user to manually delete the Barbican secret that multiple images depend on. The Cinder/Glance change in Train to automate the process makes this scenario much more likely to happen. The immediate workaround is to add 'cinder_encryption_key_deletion_policy' to the non_inheritable_image_properties list in nova.conf. The long term solution is for Nova to clone the encryption key in Barbican so that Nova always puts a unique key_id on the created image. ** Affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1852106 Title: Possible data loss from createImage action Status in OpenStack Compute (nova): New Bug description: Description === When an instance is booted from a image created from an encrypted Cinder volume and several images are created from that instance, deleting any one of these images will render the remaining images unusable. The scenario 1. User creates a volume V-1 of an encrypted type in Cinder; Cinder automatically stores the encryption key in Barbican with key_id c-1. 2. User uploads this volume as an image to Glance as I-1. Cinder stores the encryption key in Barbican with key_id c-2 and puts the metadata cinder_encryption_key_id: c-2 on the image. The idea is to preserve a 1-1 relation between key_ids and resources so that when a resource is deleted, its key in Barbican can also be deleted with no potential for data loss. This prevents cruft from accumulating in the user's Barbican account. In Train, this deletion-from-Barbican process has been automated; if the metadata cinder_encryption_key_deletion_policy: on_image_deletion is present on the image, Glance will delete the key from Barbican when the image is deleted. Beginning with Train, Cinder puts the deletion_policy metadata on all volumes uploaded as images to Glance. 3. User boots an instance from image I-1. Nova will store all the image metadata from the image. 4. User does the createImage action on the instance. Nova creates an image I-2 and copies over the image metadata, putting cinder_encryption_key_id: c-2 cinder_encryption_key_deletion_policy: on_image_deletion on the image. 5. If the user deletes I-2, key c-2 will be deleted from Barbican, thereby rendering image I-1 unusable. Similarly, if the user has created a bunch of images from the instance, deleting one of them will render all the remainder useless. NOTE: if the user creates a volume from image I-1, Cinder will create a new Barbican secret for the resulting volume. So deleting I-1 (and hence key c-2) won't affect the usability of any volumes created from it. This bug has been around for a while, but it required the user to manually delete the
[Yahoo-eng-team] [Bug 1842343] [NEW] docs: move image formats doc to glance repo
Public bug reported: The "Disk and container formats for images" section of the "VM Image Guide" in the openstack-manuals repo has gotten out date with respect to Glance image format changes. Additionally, it duplicates some information from documentation maintained by the Glance team. To make the docs easier to maintain, we should make these changes: (1) rewrite the Introduction page of the VM Image Guide so that it discusses the concept of "container format" and "disk format". Don't discuss the set of identifiers that Glance recognizes in the manual; instead, give a link to the appropriate place in the glance docs. Remove the two sub-pages (image-formats.rst and image-metadata.rst). (2) merge the content from openstack-manuals/image-formats.rst and openstack-manuals/image-metadata.rst into docs/user/formats.rst in the glance repo ** Affects: glance Importance: Low Assignee: Brian Rosmaita (brian-rosmaita) Status: Triaged ** Affects: openstack-manuals Importance: Undecided Assignee: Brian Rosmaita (brian-rosmaita) Status: In Progress ** Also affects: openstack-manuals Importance: Undecided Status: New ** Changed in: openstack-manuals Assignee: (unassigned) => Brian Rosmaita (brian-rosmaita) ** Changed in: openstack-manuals Status: New => In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1842343 Title: docs: move image formats doc to glance repo Status in Glance: Triaged Status in openstack-manuals: In Progress Bug description: The "Disk and container formats for images" section of the "VM Image Guide" in the openstack-manuals repo has gotten out date with respect to Glance image format changes. Additionally, it duplicates some information from documentation maintained by the Glance team. To make the docs easier to maintain, we should make these changes: (1) rewrite the Introduction page of the VM Image Guide so that it discusses the concept of "container format" and "disk format". Don't discuss the set of identifiers that Glance recognizes in the manual; instead, give a link to the appropriate place in the glance docs. Remove the two sub-pages (image-formats.rst and image-metadata.rst). (2) merge the content from openstack-manuals/image-formats.rst and openstack-manuals/image-metadata.rst into docs/user/formats.rst in the glance repo To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1842343/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1837921] [NEW] enforce filesystem store datadir uniqueness
Public bug reported: The multistore admin docs say that using the same filesystem_store_datadir for different stores is not supported. This is important enough that it should be enforced in the code. ** Affects: glance Importance: Undecided Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1837921 Title: enforce filesystem store datadir uniqueness Status in Glance: Triaged Bug description: The multistore admin docs say that using the same filesystem_store_datadir for different stores is not supported. This is important enough that it should be enforced in the code. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1837921/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1831996] [NEW] glance project "tips" jobs should be runnable on demand
Public bug reported: We have periodic "tips" jobs configured so that we can get advance notice of breaking changes merged into the master branches of various projects. Since we are also the team most likely to be working on glance_store and the glanceclient, we know when changes have been merged into master on those projects. It would be useful to be able to run the "tips" jobs on-demand so we can find out if anything is going to break without having to wait until the next day. See https://launchpad.net/bugs/1831963 for an example. ** Affects: glance Importance: Low Assignee: Brian Rosmaita (brian-rosmaita) Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1831996 Title: glance project "tips" jobs should be runnable on demand Status in Glance: In Progress Bug description: We have periodic "tips" jobs configured so that we can get advance notice of breaking changes merged into the master branches of various projects. Since we are also the team most likely to be working on glance_store and the glanceclient, we know when changes have been merged into master on those projects. It would be useful to be able to run the "tips" jobs on-demand so we can find out if anything is going to break without having to wait until the next day. See https://launchpad.net/bugs/1831963 for an example. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1831996/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1831901] Re: glance-api-paste.ini contains reference to v1 API
Router has been adjusted to handle v1 request denials gracefully. Should not be removed from the paste config. ** Changed in: glance Status: In Progress => Invalid ** Changed in: glance Assignee: Brian Rosmaita (brian-rosmaita) => (unassigned) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1831901 Title: glance-api-paste.ini contains reference to v1 API Status in Glance: Invalid Bug description: The Image API v1 was removed in Rocky. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1831901/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1831901] [NEW] glance-api-paste.ini contains reference to v1 API
Public bug reported: The Image API v1 was removed in Rocky. ** Affects: glance Importance: Low Status: Invalid ** Changed in: glance Assignee: (unassigned) => Brian Rosmaita (brian-rosmaita) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1831901 Title: glance-api-paste.ini contains reference to v1 API Status in Glance: Invalid Bug description: The Image API v1 was removed in Rocky. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1831901/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1302976] Re: Install the Image Service in OpenStack Installation Guide for Ubuntu 12.04 (LTS) - icehouse - Configuration error
Looks like this was fixed via documentation. Config option no longer exists in stable branches. ** Changed in: glance Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1302976 Title: Install the Image Service in OpenStack Installation Guide for Ubuntu 12.04 (LTS) - icehouse - Configuration error Status in Glance: Invalid Status in openstack-manuals: Fix Released Status in Ubuntu: New Bug description: Hello, The rpc_backend field set as "glance.rpc.impl_kombu" is not recognized. The process crashes with a CRITICAL error (see below) Using "glance.openstack.common.rpc.impl_kombu" instead seem to resolve the problem. CRITICAL glance [-] DriverLoadFailure: Failed to load transport driver "glance.rpc.impl_kombu": No 'oslo.messaging.drivers' driver found, looking for 'glance.rpc.impl_kombu' TRACE glance Traceback (most recent call last): TRACE glance File "/usr/bin/glance-api", line 10, in TRACE glance sys.exit(main()) TRACE glance File "/usr/lib/python2.7/dist-packages/glance/cmd/api.py", line 63, in main TRACE glance server.start(config.load_paste_app('glance-api'), default_port=9292) TRACE glance File "/usr/lib/python2.7/dist-packages/glance/common/config.py", line 210, in load_paste_app TRACE glance app = deploy.loadapp("config:%s" % conf_file, name=app_name) TRACE glance File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 247, in loadapp TRACE glance return loadobj(APP, uri, name=name, **kw) TRACE glance File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 272, in loadobj TRACE glance return context.create() TRACE glance File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 710, in create TRACE glance return self.object_type.invoke(self) TRACE glance File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 203, in invoke TRACE glance app = context.app_context.create() TRACE glance File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 710, in create TRACE glance return self.object_type.invoke(self) TRACE glance File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 144, in invoke TRACE glance **context.local_conf) TRACE glance File "/usr/lib/python2.7/dist-packages/paste/deploy/util.py", line 55, in fix_call TRACE glance val = callable(*args, **kw) TRACE glance File "/usr/lib/python2.7/dist-packages/glance/api/__init__.py", line 27, in root_app_factory TRACE glance return paste.urlmap.urlmap_factory(loader, global_conf, **local_conf) TRACE glance File "/usr/lib/python2.7/dist-packages/paste/urlmap.py", line 28, in urlmap_factory TRACE glance app = loader.get_app(app_name, global_conf=global_conf) TRACE glance File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 350, in get_app TRACE glance name=name, global_conf=global_conf).create() TRACE glance File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 710, in create TRACE glance return self.object_type.invoke(self) TRACE glance File "/usr/lib/python2.7/dist-packages/paste/deploy/loadwsgi.py", line 146, in invoke TRACE glance return fix_call(context.object, context.global_conf, **context.local_conf) TRACE glance File "/usr/lib/python2.7/dist-packages/paste/deploy/util.py", line 55, in fix_call TRACE glance val = callable(*args, **kw) TRACE glance File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line 472, in factory TRACE glance return cls(APIMapper()) TRACE glance File "/usr/lib/python2.7/dist-packages/glance/api/v2/router.py", line 58, in __init__ TRACE glance images_resource = images.create_resource(custom_image_properties) TRACE glance File "/usr/lib/python2.7/dist-packages/glance/api/v2/images.py", line 809, in create_resource TRACE glance controller = ImagesController() TRACE glance File "/usr/lib/python2.7/dist-packages/glance/api/v2/images.py", line 49, in __init__ TRACE glance self.notifier = notifier or glance.notifier.Notifier() TRACE glance File "/usr/lib/python2.7/dist-packages/glance/notifier.py", line 83, in __init__ TRACE glance aliases=_ALIASES) TRACE glance File "/usr/lib/python2.7/dist-packages/oslo/messaging/transport.py", line 185, in get_transport TRACE glance raise DriverLoadFailure(url.transport, ex) TRACE glance DriverLoadFailure: Failed to load transport driver "glance.rpc.impl_kombu": No 'oslo.messaging.drivers' driver found, looking for 'glance.rpc.impl_kombu' TRACE glance --- Built: 2014-04-04T20:54:13 00:00 git SHA: e64c138bbff7a4268ff399f50fe92f0a4d5769c2 URL:
[Yahoo-eng-team] [Bug 1528349] Re: Nova and Glance contain a near-identical signature_utils module
This was fixed in glance by Change-Id: I80fcafa528b87a83b90ed7c0e4c0db9228852bc2 ** Changed in: glance Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1528349 Title: Nova and Glance contain a near-identical signature_utils module Status in Glance: Fix Released Status in OpenStack Compute (nova): Fix Released Bug description: It appears that https://review.openstack.org/256069 took the signature_utils modules from Glance and modified it in fairly superficial ways based on review feedback: $ diff -u nova/nova/signature_utils.py glance/glance/common/signature_utils.py | diffstat signature_utils.py | 182 - 1 file changed, 83 insertions(+), 99 deletions(-) The Oslo project was created to avoid this sort of short-sighted cut- and-pasting. This code should really be in a python library that both Glance and Nova could use directly. Perhaps the code could be moved to a new library in the Glance project, or a new library in the Oslo project, or into the cryptography library itself? To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1528349/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1793057] Re: Multiple backend related config options are not listed in sample conf file
** Changed in: glance-store Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1793057 Title: Multiple backend related config options are not listed in sample conf file Status in Glance: Fix Released Status in glance_store: Fix Released Bug description: In Rocky we have added support for multiple backend as a EXPERIMENTAL feature. However configuration options related to multiple backend are not generated in sample config file due to some issue. We have added below 2 new config options for multiple backend. 1. enabled_backneds (added in glance) 2. default_backend (added in glance_store) To fix this we need to propose two different patches one in glance and another one is glance_store. Once glance_store patch is merged and new library version released and available in glance then all the above 2 config options will be added to newly generated sample config file. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1793057/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1775782] Re: glance-image-import.conf not parsed when running under wsgi
Actually, I don't think this is fixed. Re-opening. ** Changed in: glance Importance: Low => Critical ** Changed in: glance Status: Won't Fix => Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1775782 Title: glance-image-import.conf not parsed when running under wsgi Status in Glance: Triaged Bug description: When development environment is set to run under wsgi mode (by setting WSGI_MODE=mod_wsgi in local.conf) glance-image-import.conf file is not parsed. It is working properly if glance is running under uwsgi. Steps to reproduce: NOTE: Here I am trying to use plugin "inject_image_metadata" to inject metadata properties to the image. 1. Add glance-image-import.conf as mentioned at /etc/glance [image_import_opts] image_import_plugins = ["inject_image_metadata"] [inject_metadata_properties] inject = "property1":"value" ignore_user_roles = demo 2. Restart glance api service using "devstack@g-api.service" 3. Source using admin credentials (as we are ignoring demo role in glance-image-import.conf) $ source devstack/openrc admin admin 3. Create image using import api $ glance image-create-via-import --container-format bare --disk-format qcow2 --name ceph_image_default --file temp.qcow2 Expected Output: Properties mentioned in glance-image-import.conf should be injected to the image Actual Output: Properties are not injected as plugin is not loaded. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1775782/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1790446] Re: Glance policy and image owner
> With the default policy, a normal user is able to edit/delete public images that they dont own. This is very unlikely. Are you sure you are using the default policy file? > If the public image is set as 'protected' they cant delete it. This is true for any image independently of its visibility. > How are you meant to restrict actions to the owner of an image? You don't have to do anything! The way Glance operates is that a non- admin user cannot access images which are in a project different from that user's project. The only way a non-admin user can access images in another project is to have a keystone administrator make that user a member of that other project. So for example, in the default policy file we have: "delete_image": "" That means that ANY user can make a delete-image call ... but this does NOT mean that ANY user can delete ANY image. You can still only delete those images that are owned by a project that you are a member of. An administrator can access all the images in Glance. The way you make someone an administrator is to give them the role or roles that are recognized by the "context_is_admin" policy target in the Glance policy file and then using "is_admin: True" in later policy definitions. By the way, I suspect that the documentation is incorrect. I think the is_owner rule would have to be defined as "is_owner": "owner:%(owner)s" BUT -- you DO NOT NEED an "is_owner" rule to restrict "modify_image" and "delete_image" -- they are restricted to the image owner or a Glance administrator *in the code*. ** Changed in: glance Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1790446 Title: Glance policy and image owner Status in Glance: Invalid Bug description: Trying to restrict glance to only allow editing/deleting a tenants own images. According the the docs, this should work. "is_owner": "tenant:%(owner)s", "modify_image": "rule:is_owner", "delete_image": "rule:is_owner", However, with this set, no user can then delete/modify images, as if the 'is_owner' rules never matches! With the default policy, a normal user is able to edit/delete public images that they dont own. If the public image is set as 'protected' they cant delete it. How are you meant to restrict actions to the owner of an image? To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1790446/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1818919] [NEW] CooperativeReader not py3-ready
Public bug reported: Tim Burke noticed this in IRC today: https://github.com/openstack/glance/blob/17.0.0/glance/common/utils.py#L231 Should be returning b'' since we're supposed to be returning bytes. Apparently our unit tests could use some beefing up, because they're not breaking under py3. ** Affects: glance Importance: High Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1818919 Title: CooperativeReader not py3-ready Status in Glance: Triaged Bug description: Tim Burke noticed this in IRC today: https://github.com/openstack/glance/blob/17.0.0/glance/common/utils.py#L231 Should be returning b'' since we're supposed to be returning bytes. Apparently our unit tests could use some beefing up, because they're not breaking under py3. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1818919/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1812856] [NEW] DB migration code will break after 'z' release
Public bug reported: According to https://governance.openstack.org/tc/reference/release- naming.html the next release after 'z' will be 'a'. Some of our tooling for database migrations orders the scripts alphabetically, which seemed a great idea when we did it back in Ocata, but is looking problematic as we approach the end of the alphabet. Specifically, I'm thinking of glance/db/sqlalchemy/alembic_migrations/data_migrations/__init__.py but there may be other places in the code. I have no idea what's the best approach to fix this, just wanted to file the bug so we remember to do something about it during (or before) the Z cycle. ** Affects: glance Importance: Medium Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1812856 Title: DB migration code will break after 'z' release Status in Glance: Triaged Bug description: According to https://governance.openstack.org/tc/reference/release- naming.html the next release after 'z' will be 'a'. Some of our tooling for database migrations orders the scripts alphabetically, which seemed a great idea when we did it back in Ocata, but is looking problematic as we approach the end of the alphabet. Specifically, I'm thinking of glance/db/sqlalchemy/alembic_migrations/data_migrations/__init__.py but there may be other places in the code. I have no idea what's the best approach to fix this, just wanted to file the bug so we remember to do something about it during (or before) the Z cycle. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1812856/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1809462] Re: Glance image conversion cannot convert to vmdk
** Also affects: glance/rocky Importance: Undecided Status: New ** Also affects: glance/stein Importance: High Assignee: Brian Rosmaita (brian-rosmaita) Status: Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1809462 Title: Glance image conversion cannot convert to vmdk Status in Glance: Fix Released Status in Glance rocky series: New Status in Glance stein series: Fix Released Bug description: This bug has been masked by https://bugs.launchpad.net/glance/+bug/1805765 The image conversion plugin for the interoperable import workflow does not allow conversion to the vmdk format (due to the use of oslo.config choices and a typo in the option list). To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1809462/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1809462] [NEW] Glance image conversion cannot convert to vmdk
Public bug reported: This bug has been masked by https://bugs.launchpad.net/glance/+bug/1805765 The image conversion plugin for the interoperable import workflow does not allow conversion to the vmdk format (due to the use of oslo.config choices and a typo in the option list). ** Affects: glance Importance: High Assignee: Brian Rosmaita (brian-rosmaita) Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1809462 Title: Glance image conversion cannot convert to vmdk Status in Glance: Triaged Bug description: This bug has been masked by https://bugs.launchpad.net/glance/+bug/1805765 The image conversion plugin for the interoperable import workflow does not allow conversion to the vmdk format (due to the use of oslo.config choices and a typo in the option list). To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1809462/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1808375] Re: deprecation note for show_multiple_locations needs an update
** Also affects: glance/queens Importance: Undecided Status: New ** Also affects: glance/rocky Importance: Undecided Status: New ** Also affects: glance/stein Importance: High Assignee: Brian Rosmaita (brian-rosmaita) Status: In Progress ** Changed in: glance/rocky Importance: Undecided => High ** Changed in: glance/queens Importance: Undecided => High ** Changed in: glance/rocky Assignee: (unassigned) => Brian Rosmaita (brian-rosmaita) ** Changed in: glance/queens Assignee: (unassigned) => Brian Rosmaita (brian-rosmaita) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1808375 Title: deprecation note for show_multiple_locations needs an update Status in Glance: In Progress Status in Glance queens series: New Status in Glance rocky series: New Status in Glance stein series: In Progress Bug description: It seems like this is coming up once a week in #openstack-glance these days. Need to patch the deprecation statement for show_multiple_locations to more accurately reflect the current situation (and so that people don't go crazy trying to get it to work by reconfiguring their policy files). To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1808375/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1808814] [NEW] admin docs: interoperable image import revision for stein
Public bug reported: https://docs.openstack.org/glance/latest/admin/interoperable-image- import.html The image import docs need a revision. I noticed these, there may be more: * remove mention of enable_image_import option and its effect on the v2.6 API * probably leave in the mention of the v1 copy-from (so it's clear that the OSSN doesn't apply to web-download), but change language of the v1 API being deprecated to simply, "Additionally, the Image API v1 was removed in Glance 17.0.0 (Rocky)." ** Affects: glance Importance: Low Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1808814 Title: admin docs: interoperable image import revision for stein Status in Glance: Triaged Bug description: https://docs.openstack.org/glance/latest/admin/interoperable-image- import.html The image import docs need a revision. I noticed these, there may be more: * remove mention of enable_image_import option and its effect on the v2.6 API * probably leave in the mention of the v1 copy-from (so it's clear that the OSSN doesn't apply to web-download), but change language of the v1 API being deprecated to simply, "Additionally, the Image API v1 was removed in Glance 17.0.0 (Rocky)." To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1808814/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1808375] [NEW] deprecation note for show_multiple_locations needs an update
Public bug reported: It seems like this is coming up once a week in #openstack-glance these days. Need to patch the deprecation statement for show_multiple_locations to more accurately reflect the current situation (and so that people don't go crazy trying to get it to work by reconfiguring their policy files). ** Affects: glance Importance: High Assignee: Brian Rosmaita (brian-rosmaita) Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1808375 Title: deprecation note for show_multiple_locations needs an update Status in Glance: Triaged Bug description: It seems like this is coming up once a week in #openstack-glance these days. Need to patch the deprecation statement for show_multiple_locations to more accurately reflect the current situation (and so that people don't go crazy trying to get it to work by reconfiguring their policy files). To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1808375/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1806140] [NEW] Admin docs: policy config doc requires revision
Public bug reported: doc/source/admin/policies.rst Some problems: * it mentions the policy "Brain", which was removed circa 2012 * mentions some API calls that don't exist, for example, PUT /v2/images/ * contains references to the v1 API * missing some policies (e.g., the locations policies) * missing discussion of context_is_admin, what it's for, what its effects are * the "writing rules" section could use a rewrite * mentions 'is_public' as an available image property * the example using 'protected' is really misleading ** Affects: glance Importance: Medium Status: Triaged ** Changed in: glance Importance: Undecided => Medium ** Changed in: glance Status: New => Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1806140 Title: Admin docs: policy config doc requires revision Status in Glance: Triaged Bug description: doc/source/admin/policies.rst Some problems: * it mentions the policy "Brain", which was removed circa 2012 * mentions some API calls that don't exist, for example, PUT /v2/images/ * contains references to the v1 API * missing some policies (e.g., the locations policies) * missing discussion of context_is_admin, what it's for, what its effects are * the "writing rules" section could use a rewrite * mentions 'is_public' as an available image property * the example using 'protected' is really misleading To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1806140/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1802587] [NEW] With multiple backends enabled, adding a location does not default to default store
Public bug reported: I have multiple backends set up in an S-1 devstack and make this call: data.json: [ { "op": "add", "path": "/locations/-", "value": {"url": "https://review.openstack.org/static/title.svg?e=6b20e64d6472edfb0e38b30442683e8a;, "metadata": {}, "validation_data": {"checksum": "24c3834b2a43a823c181a82b9727d687", "os_hash_algo": "sha512", "os_hash_value": "a8ddd76c5b222c772584bdc6099887cdbd9d7fbc48bc5acaa07dcd8a3ba36a32b22f502ea4789a792a66580ef316d929d0506ec3df900d44d9bd51f97ea90ae2" } } } ] demo! curl -X PATCH \ -H "x-auth-token: $TK" \ -H "Content-type: application/openstack-images-v2.1-json-patch" \ -d @data.json \ "$OS_IMAGE_URL/v2/images/$IMG" What I expect: the default store will be used. What happens: 400 Bad Request 400 Bad Request Invalid location Here's the error that's occurring. (Line numbers may be off slightly from my hacking.) Traceback (most recent call last): File "/opt/stack/glance/glance/location.py", line 108, in _check_location_uri uri, backend, context=context) File "/opt/stack/glance_store/glance_store/multi_backend.py", line 486, in get_size_from_uri_and_backend uri, backend, conf=CONF) File "/opt/stack/glance_store/glance_store/location.py", line 109, in get_location_from_uri_and_backend raise exceptions.UnknownScheme(scheme=backend) UnknownScheme: Unknown scheme 'None' found in URI The call to store_api.get_size_from_uri_and_backend() is being made with: uri: https://review.openstack.org/static/title.svg?e=6b20e64d6472edfb0e38b30442683e8a backend: None The call is happening here: https://github.com/openstack/glance/blob/97dac0f3800ad9768e5c118656c6bbbf55fc866d/glance/location.py#L106 Maybe before the call is made, if backend == None, set backend to the default backend? That won't actually set the location metadata, but it will get it past this call. The workaround is to add the backend to the location metadata as part of the PATCH. I have an http store with id == 'Wilma'. This patch works as expected: [ { "op": "add", "path": "/locations/-", "value": {"url": "https://review.openstack.org/static/title.svg?e=6b20e64d6472edfb0e38b30442683e8a;, "metadata": {"backend": "Wilma"}, "validation_data": {"checksum": "24c3834b2a43a823c181a82b9727d687", "os_hash_algo": "sha512", "os_hash_value": "a8ddd76c5b222c772584bdc6099887cdbd9d7fbc48bc5acaa07dcd8a3ba36a32b22f502ea4789a792a66580ef316d929d0506ec3df900d44d9bd51f97ea90ae2" } } } ] (Note: you have to do this same workaround to get this to work in the glanceclient on Iain's current patch when multiple backends are enabled in Glance.) Maybe this behavior is fine, that is, don't guess what store to use when multiple backends are enabled, but instead reject the request and make the user state it explicitly. But in that case we need a much better error message -- "Invalid location" is pretty vague. ** Affects: glance Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1802587 Title: With multiple backends enabled, adding a location does not default to default store Status in Glance: New Bug description: I have multiple backends set up in an S-1 devstack and make this call: data.json: [ { "op": "add", "path": "/locations/-", "value": {"url": "https://review.openstack.org/static/title.svg?e=6b20e64d6472edfb0e38b30442683e8a;, "metadata": {}, "validation_data": {"checksum": "24c3834b2a43a823c181a82b9727d687", "os_hash_algo": "sha512", "os_hash_value": "a8ddd76c5b222c772584bdc6099887cdbd9d7fbc48bc5acaa07dcd8a3ba36a32b22f502ea4789a792a66580ef316d929d0506ec3df900d44d9bd51f97ea90ae2" } } } ] demo! curl -X PATCH \ -H "x-auth-token: $TK" \ -H "Content-type: application/openstack-images-v2.1-json-patch" \ -d @data.json \ "$OS_IMAGE_URL/v2/images/$IMG" What I expect: the default store will be used. What happens: 400 Bad Request 400 Bad Request Invalid location Here's the error that's occurring. (Line numbers may be off slightly from my hacking.) Traceback (most recent call last): File "/opt/stack/glance/glance/location.py", line 108, in _check_location_uri uri, backend, context=context) File
[Yahoo-eng-team] [Bug 1800689] Re: After sharing an image with consumer, owner id is assigned as consumer project id
This is not a Glance bug. Possibly an openstackclient bug. ** Changed in: glance Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1800689 Title: After sharing an image with consumer, owner id is assigned as consumer project id Status in Glance: Invalid Bug description: [root@ip9-114-192-143 ~]# openstack image show rhel-svc ---+ | checksum | d41d8cd98f00b204e9800998ecf8427e | | container_format | bare | | created_at | 2018-10-30T13:32:25Z | | disk_format | raw | | file | /v2/images/8fa5a8c6-150b-49c0-88f0-b6a6fa8849b0/file | | id | 8fa5a8c6-150b-49c0-88f0-b6a6fa8849b0 | | min_disk | 1 | | min_ram | 0 | | name | rhel-svc | | owner| bf46fb095af344739bf78cdbba7df022
[Yahoo-eng-team] [Bug 1537044] Re: Unit test failure when buildnig debian package for Mitaka b2
Looks like this was fixed by a library version change and is no longer relevant. ** Changed in: glance Status: Triaged => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1537044 Title: Unit test failure when buildnig debian package for Mitaka b2 Status in Glance: Invalid Bug description: Hi, I have 3 unit test failures when building the Glance Mitaka b2 package, as per below. Please help me to fix them. == FAIL: glance.tests.functional.test_reload.TestReload.test_reload -- Traceback (most recent call last): testtools.testresult.real._StringException: traceback-1: {{{ Traceback (most recent call last): File "glance/tests/functional/test_reload.py", line 50, in tearDown self.stop_servers() File "glance/tests/functional/__init__.py", line 899, in stop_servers self.stop_server(self.scrubber_daemon, 'Scrubber daemon') File "glance/tests/functional/__init__.py", line 884, in stop_server server.stop() File "glance/tests/functional/__init__.py", line 257, in stop raise Exception('why is this being called? %s' % self.server_name) Exception: why is this being called? scrubber }}} Traceback (most recent call last): File "glance/tests/functional/test_reload.py", line 113, in test_reload self.start_servers(fork_socket=False, **vars(self)) File "glance/tests/functional/__init__.py", line 804, in start_servers self.start_with_retry(self.api_server, 'api_port', 3, **kwargs) File "glance/tests/functional/__init__.py", line 774, in start_with_retry launch_msg = self.wait_for_servers([server], expect_launch) File "glance/tests/functional/__init__.py", line 866, in wait_for_servers execute(cmd, raise_error=False, expect_exit=False) File "glance/tests/utils.py", line 315, in execute env=env) File "/usr/lib/python2.7/subprocess.py", line 710, in __init__ errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1335, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory == FAIL: glance.tests.functional.v1.test_multiprocessing.TestMultiprocessing.test_interrupt_avoids_respawn_storm -- Traceback (most recent call last): testtools.testresult.real._StringException: Traceback (most recent call last): File "glance/tests/functional/v1/test_multiprocessing.py", line 61, in test_interrupt_avoids_respawn_storm children = self._get_children() File "glance/tests/functional/v1/test_multiprocessing.py", line 50, in _get_children children = process.get_children() AttributeError: 'Process' object has no attribute 'get_children' == FAIL: glance.tests.unit.common.test_wsgi_ipv6.IPv6ServerTest.test_evnetlet_no_dnspython -- Traceback (most recent call last): testtools.testresult.real._StringException: Traceback (most recent call last): File "glance/tests/unit/common/test_wsgi_ipv6.py", line 61, in test_evnetlet_no_dnspython self.assertEqual(0, rc) File "/usr/lib/python2.7/dist-packages/testtools/testcase.py", line 350, in assertEqual self.assertThat(observed, matcher, message) File "/usr/lib/python2.7/dist-packages/testtools/testcase.py", line 435, in assertThat raise mismatch_error testtools.matchers._impl.MismatchError: 0 != 1 To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1537044/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1799491] [NEW] CLI docs out of date
Public bug reported: The glance-cache-manage command was removed in Rocky but its documentation was not. Also, the doc/source/cli/header.txt still contains Queens info. Has: :Date: 2018-02-28 :Version: 16.0.0 Should have: :Date: 2018-08-30 :Version: 17.0.0 ** Affects: glance Importance: Low Status: Triaged ** Affects: glance/rocky Importance: Medium Status: Triaged ** Affects: glance/stein Importance: Low Status: Triaged ** Changed in: glance Milestone: None => rocky-stable-1 ** Also affects: glance/stein Importance: Low Status: Triaged ** Changed in: glance/stein Milestone: rocky-stable-1 => None ** Also affects: glance/rocky Importance: Undecided Status: New ** Changed in: glance/rocky Importance: Undecided => Medium ** Changed in: glance/rocky Status: New => Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1799491 Title: CLI docs out of date Status in Glance: Triaged Status in Glance rocky series: Triaged Status in Glance stein series: Triaged Bug description: The glance-cache-manage command was removed in Rocky but its documentation was not. Also, the doc/source/cli/header.txt still contains Queens info. Has: :Date: 2018-02-28 :Version: 16.0.0 Should have: :Date: 2018-08-30 :Version: 17.0.0 To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1799491/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1750892] Re: Image remains in queued status after location set via PATCH
** Also affects: glance/queens Importance: Undecided Status: New ** Changed in: glance/queens Milestone: None => queens-stable-2 ** Changed in: glance/queens Assignee: (unassigned) => iain MacDonnell (imacdonn) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1750892 Title: Image remains in queued status after location set via PATCH Status in Glance: Fix Released Status in Glance queens series: New Status in Glance rocky series: In Progress Bug description: Pike release, with show_image_direct_url and show_multiple_locations enabled. Attempting to create an image using the HTTP backend with the glance v2 API. I create a new/blank image (goes into "queued" status), then set the location with: curl -g -i -X PATCH -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: imacdonn-getting-dangerous' -H 'X-Auth-Token: xxx' -H 'Content-Type: application/openstack-images-v2.1-json-patch' -d '[{"op":"replace", "path": "/locations", "value": [{"url": "http://my_http_server/cirros.img;, "metadata": {}}]}]' http://my_glance_api_endpoint:9292/v2/images/e5581f14-2d05-4ae7-8d78-9da42731a37e This results in the direct_url getting set correctly, and the size of the image is correctly determined, but the image remains in "queued" status. It should become "active". To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1750892/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1750892] Re: Image remains in queued status after location set via PATCH
** Changed in: glance Milestone: None => stein-1 ** Changed in: glance Assignee: (unassigned) => iain MacDonnell (imacdonn) ** Also affects: glance/rocky Importance: Undecided Status: New ** Changed in: glance/rocky Milestone: None => rocky-stable-1 ** Changed in: glance/rocky Assignee: (unassigned) => iain MacDonnell (imacdonn) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1750892 Title: Image remains in queued status after location set via PATCH Status in Glance: Fix Released Status in Glance rocky series: New Bug description: Pike release, with show_image_direct_url and show_multiple_locations enabled. Attempting to create an image using the HTTP backend with the glance v2 API. I create a new/blank image (goes into "queued" status), then set the location with: curl -g -i -X PATCH -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: imacdonn-getting-dangerous' -H 'X-Auth-Token: xxx' -H 'Content-Type: application/openstack-images-v2.1-json-patch' -d '[{"op":"replace", "path": "/locations", "value": [{"url": "http://my_http_server/cirros.img;, "metadata": {}}]}]' http://my_glance_api_endpoint:9292/v2/images/e5581f14-2d05-4ae7-8d78-9da42731a37e This results in the direct_url getting set correctly, and the size of the image is correctly determined, but the image remains in "queued" status. It should become "active". To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1750892/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1780428] Re: Mitigate OSSN-0075
** Changed in: glance Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1780428 Title: Mitigate OSSN-0075 Status in Glance: Fix Released Bug description: https://review.openstack.org/579507 Dear bug triager. This bug was created since a commit was marked with DOCIMPACT. Your project "openstack/glance" is set up so that we directly report the documentation bugs against it. If this needs changing, the docimpact-group option needs to be added for the project. You can ask the OpenStack infra team (#openstack-infra on freenode) for help if you need to. commit 5cc9d999352c21d3f4b5c39d3ea9d4378ca86544 Author: Abhishek Kekane Date: Mon Jul 2 10:03:48 2018 + Mitigate OSSN-0075 Modified the current ``glance-manage db purge`` command to eliminate images table from purging the records. Added new command ``glance-manage db purge_images_table`` to purge the records from images table. DocImpact SecurityImpact Change-Id: Ie6641659b54543ed9f96c393d664e52a26bfaf6a Implements: blueprint mitigate-ossn-0075 To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1780428/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1784374] Re: Image Service API v2 `filter` and `detail` missing
1. There is no 'images/detail' path in the Image API v2. 2. Property names are used as filters in the v2 API, there is not prefix required. ** Changed in: glance Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1784374 Title: Image Service API v2 `filter` and `detail` missing Status in Glance: Invalid Bug description: - [X] This doc is inaccurate in this way: Document doesn't write about the `images/detail` URL as well it doesn't state that all filter properties need to be appended by the `property-` prefix - [X] This is a doc addition request. - [ ] I have a fix to the document that I can paste below including example: input and output. --- Release: on 2018-07-27 07:29 SHA: ff77f59bd4376be3bed8f8c62258f9973b7ef1f2 Source: https://git.openstack.org/cgit/openstack/glance/tree/api-ref/source/v2/index.rst URL: https://developer.openstack.org/api-ref/image/v2/ To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1784374/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1593799] Re: glance-manage db purge breaks image immutability promise
The fix is in Rocky: spec: https://specs.openstack.org/openstack/glance- specs/specs/rocky/implemented/glance/mitigate-ossn-0075.html code: http://git.openstack.org/cgit/openstack/glance/commit/?h=stable/rocky=5cc9d999352c21d3f4b5c39d3ea9d4378ca86544 docs: http://git.openstack.org/cgit/openstack/glance/commit/?h=stable/rocky=23d4e0e9c07f1ff6646e2f6236ee9625abd2a5cb ** Changed in: glance Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1593799 Title: glance-manage db purge breaks image immutability promise Status in Glance: Fix Released Status in OpenStack Security Advisory: Opinion Status in OpenStack Security Notes: Fix Released Bug description: Using glance-manage db purge command opens possibility to recycle image-IDs. When the row is deleted from the database the ID is not known by glance anymore and thus it's not unique during the deployment lifecycle. This opens possibility to following scenario: 1) End user boots VM from private/public/shared image. 2) Image owner deletes the image. 3) glance-manage db purge gets ran which deletes record that image has ever existed. 4) Either malicious user or someone unintentionally creates new image with same ID (being same user so having access to the image by owning it or it becoming public/shared(/possbly community at some point)) 5) Same end user boots either snapshot from the original image or nova needs to migrate the VM to another host. Now the user's VM will be rebuilt on top of the new image. Worst case scenario the user had no idea that the image data changed in between. This behavior breaks Glance image immutability promise that has bee stated that the data related to image ID that has gone active will never change. We have two solutions for this. Either we introduce table to track the deleted image-IDs and get glance to cross check that during the image create or we leave it as is but issue notice/documentation what are the implications if the purge is used transferring the responsibility to the cloud operators. This was partially discussed in the virtual glance midcycle meetup so it might not be justified to leave this as private but I wanted to leave that decision to VMT. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1593799/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1695299] Re: Glance installation fails if password contains '@' symbol
Current patch: https://review.openstack.org/#/c/499410/ ** No longer affects: glance/pike ** No longer affects: glance/queens ** Also affects: glance/rocky Importance: High Status: In Progress ** Changed in: glance/rocky Milestone: None => 17.0.0.0rc2 ** Changed in: glance/rocky Assignee: (unassigned) => Ian Wienand (iwienand) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1695299 Title: Glance installation fails if password contains '@' symbol Status in Glance: In Progress Status in Glance rocky series: In Progress Bug description: I was doing a fresh installation of devstack today and had set the admin password as "Test@321" in local.conf file. The installation started failing for Glance and when I had a look at the backtrace, it looks like it converts '@' to '%40' and starts failing. Either this needs to be fixed or proper note needs to be added in devstack setup stating that one cannot use '@' symbol in passwords. ubuntu@openstack:~/devstack$ glance --version 2.6.0 ubuntu@openstack:~/devstack$ CRITICAL glance [-] Unhandled error: ValueError: invalid interpolation syntax in 'mysql+pymysql://root:Test%40321@127.0.0.1/glance?charset=utf8' at position 27 ERROR glance Traceback (most recent call last): ERROR glance File "/usr/local/bin/glance-manage", line 10, in ERROR glance sys.exit(main()) ERROR glance File "/opt/stack/glance/glance/cmd/manage.py", line 452, in main ERROR glance return CONF.command.action_fn() ERROR glance File "/opt/stack/glance/glance/cmd/manage.py", line 291, in sync ERROR glance self.command_object.sync(CONF.command.version) ERROR glance File "/opt/stack/glance/glance/cmd/manage.py", line 117, in sync ERROR glance alembic_migrations.place_database_under_alembic_control() ERROR glance File "/opt/stack/glance/glance/db/sqlalchemy/alembic_migrations/__init__.py", line 73, in place_database_under_alembic_control ERROR glance a_config = get_alembic_config() ERROR glance File "/opt/stack/glance/glance/db/sqlalchemy/alembic_migrations/__init__.py", line 37, in get_alembic_config ERROR glance config.set_main_option('sqlalchemy.url', str(engine.url)) ERROR glance File "/usr/local/lib/python2.7/dist-packages/alembic/config.py", line 218, in set_main_option ERROR glance self.set_section_option(self.config_ini_section, name, value) ERROR glance File "/usr/local/lib/python2.7/dist-packages/alembic/config.py", line 245, in set_section_option ERROR glance self.file_config.set(section, name, value) ERROR glance File "/usr/lib/python2.7/ConfigParser.py", line 752, in set ERROR glance "position %d" % (value, tmp_value.find('%'))) ERROR glance ValueError: invalid interpolation syntax in 'mysql+pymysql://root:Test%40321@127.0.0.1/glance?charset=utf8' at position 27 ERROR glance +lib/glance:init_glance:1 exit_trap +./stack.sh:exit_trap:492 local r=1 ++./stack.sh:exit_trap:493 jobs -p +./stack.sh:exit_trap:493 jobs= +./stack.sh:exit_trap:496 [[ -n '' ]] +./stack.sh:exit_trap:502 kill_spinner +./stack.sh:kill_spinner:388 '[' '!' -z '' ']' +./stack.sh:exit_trap:504 [[ 1 -ne 0 ]] +./stack.sh:exit_trap:505 echo 'Error on exit' Error on exit +./stack.sh:exit_trap:506 generate-subunit 1496417170 632 fail +./stack.sh:exit_trap:507 [[ -z /opt/stack/logs ]] +./stack.sh:exit_trap:510 /home/ubuntu/devstack/tools/worlddump.py -d /opt/stack/logs World dumping... see /opt/stack/logs/worlddump-2017-06-02-153642.txt for details +./stack.sh:exit_trap:516 exit 1 ubuntu@openstack:~/devstack$ To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1695299/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1785105] Re: Add multi-store support
https://review.openstack.org/#/c/576075/ was included in Rocky RC-1 ** Changed in: glance Importance: Undecided => High ** Changed in: glance Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1785105 Title: Add multi-store support Status in Glance: Fix Released Bug description: https://review.openstack.org/574582 Dear bug triager. This bug was created since a commit was marked with DOCIMPACT. Your project "openstack/glance" is set up so that we directly report the documentation bugs against it. If this needs changing, the docimpact-group option needs to be added for the project. You can ask the OpenStack infra team (#openstack-infra on freenode) for help if you need to. commit cb45edf5c81f7d09c9ef0b88d40d56b4750beb10 Author: Abhishek Kekane Date: Mon May 7 10:30:01 2018 + Add multi-store support Made provision for multi-store support. Added new config option 'enabled_backends' which will be a comma separated Key:Value pair of store identifier and store type. DocImpact Depends-On: https://review.openstack.org/573648 Implements: blueprint multi-store Change-Id: I9cfa066bdce51619a78ce86a8b1f1f8d05e5bfb6 To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1785105/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1764200] Re: Glance Cinder backed images & multiple regions
Need confirmation on this one. If it's confirmed, we need to get it into the next release, which is 18 July, so would need to get this fix in a bit ahead of that -- namely, as soon as possible. ** Changed in: glance-store Status: Triaged => Incomplete ** No longer affects: glance ** Changed in: glance-store Milestone: None => 0.25.0 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1764200 Title: Glance Cinder backed images & multiple regions Status in glance_store: Incomplete Bug description: When using the cinder backed images as per https://docs.openstack.org/cinder/latest/admin/blockstorage-volume- backed-image.html We have multiple locations, glance configured as /etc/glance/glance-api.conf [glance_store] stores = swift, cinder default_store = swift -snip- cinder_store_auth_address = https://hostname:5000/v3 cinder_os_region_name = Region cinder_store_user_name = glance cinder_store_password = Password cinder_store_project_name = cinder-images cinder_catalog_info = volume:cinder:internalURL cinder clones the volume correctly, then talks to glance to add the location of cinder:// glance then talks to cinder to validate the volume id, however this step uses the wrong cinder endpoint and checks the other region. From /usr/lib/python2.7/site-packages/glance_store/_drivers/cinder.py It appears the region name is only used when not passing in the project/user/password. Passing the os_region_name to the cinderclient.Client call on line 351 appears to fix this. ie c = cinderclient.Client(username, password, project, auth_url=url, region_name=glance_store.cinder_os_region_name, insecure=glance_store.cinder_api_insecure, retries=glance_store.cinder_http_retries, cacert=glance_store.cinder_ca_certificates_file) To manage notifications about this bug go to: https://bugs.launchpad.net/glance-store/+bug/1764200/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1776841] Re: functional-py35 test timed_out
Job has intermittent time outs: http://zuul.openstack.org/api/builds?job_name=openstack-tox-functional- py35=openstack/glance Does not appear traceable to a particular patch. ** Changed in: glance Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1776841 Title: functional-py35 test timed_out Status in Glance: Invalid Bug description: See this review page: https://review.openstack.org/#/c/575323/ To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1776841/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1775739] [NEW] functional-py35 tests failing with eventlet 0.22.1
Public bug reported: See https://review.openstack.org/#/c/571797/ NOTE: the cross-checks for changes in upper-constraints do not run the glance functional tests, only unit tests. The requirements gate runs a cross-nova-functional test; we should add a cross-glance-functional test. ** Affects: glance Importance: High Assignee: Erno Kuvaja (jokke) Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1775739 Title: functional-py35 tests failing with eventlet 0.22.1 Status in Glance: Triaged Bug description: See https://review.openstack.org/#/c/571797/ NOTE: the cross-checks for changes in upper-constraints do not run the glance functional tests, only unit tests. The requirements gate runs a cross-nova-functional test; we should add a cross-glance-functional test. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1775739/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1710078] Re: Fix wrong links
We've had a bunch of link-fixing patches land, so this bug is no longer relevant. ** Changed in: glance Status: Triaged => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1710078 Title: Fix wrong links Status in Glance: Invalid Bug description: Some docs links have changed. We should update the wrong links in our codes. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1710078/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1772232] Re: User gets logged out when editing a snapshot
This is not a valid Glance bug. Glance does not have a concept of "logging in", you interact with glance by presenting a token obtained from keystone as a header when you make an API call. Glance does not log a user out. This has to be fixed in Horizon. ** Changed in: glance Status: New => Invalid ** Changed in: glance Assignee: Ayman Mafarja (amafarja) => (unassigned) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1772232 Title: User gets logged out when editing a snapshot Status in Glance: Invalid Status in OpenStack Dashboard (Horizon): New Bug description: Procedure: 1- Go Project -> Compute -> Instances. 2- Create a snapshot of any instance. 3- Go to the newly created snapshot raw in Project -> Compute -> Images. 4- Edit Image -> change disk format to another format, e.g, "ISO". 5- The user logs out directly. Note: Even admin user faces the same issue. After analyzing the issue, I found that a "Forbidden HTTP request (403)" is thrown if any user tries to edit the "disk format" attribute if the image is not in "queued" status even though queued images cannot be edited. And that, in turn, logs user out. Editing disk format of any image won't really change its format. So, it might be true to have an error message when editing disk format attribute. If the case of Forbidden HTTP request is not correct, we can throw any other exception indicating that the content cannot be changed. I have the version 3.15.0 of openstack. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1772232/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1775736] [NEW] misleading documentation of filesystem_store_metadata_file config opt
Public bug reported: In glance: The short discussion of the filesystem_store_metadata_file option in doc/source/admin/manage-images.rst is misleading on two counts: (1) It makes it sound like the location metadata is dynamically pulled from the file and returned in the image-show response for any image. In fact, the way this works is that glance will use the info in the file when it writes the image location--so you will only see this metadata for images created *after* the option has been set. (2) The example is misleading in that it uses the same UUID for the mountpoint and for the image_id, which I suppose would work, but it makes it look like the two fields are related. See discussion about this in the glance channel log: http://eavesdrop.openstack.org/irclogs/%23openstack-glance/%23openstack- glance.2018-06-01.log.html#t2018-06-01T20:26:28 to about 21:05 In glance_store: The help text for this option is a bit vague; could stand a rewrite based on the improvements made in the glance docs. See https://github.com/openstack/glance_store/blob/cc97b949033f892d6675692cbc8a24df3ce0e15e/glance_store/_drivers/filesystem.py#L109-L125 ** Affects: glance Importance: Low Status: Triaged ** Affects: glance-store Importance: Low Status: Triaged ** Also affects: glance-store Importance: Undecided Status: New ** Changed in: glance-store Status: New => Triaged ** Changed in: glance-store Importance: Undecided => Low -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1775736 Title: misleading documentation of filesystem_store_metadata_file config opt Status in Glance: Triaged Status in glance_store: Triaged Bug description: In glance: The short discussion of the filesystem_store_metadata_file option in doc/source/admin/manage-images.rst is misleading on two counts: (1) It makes it sound like the location metadata is dynamically pulled from the file and returned in the image-show response for any image. In fact, the way this works is that glance will use the info in the file when it writes the image location--so you will only see this metadata for images created *after* the option has been set. (2) The example is misleading in that it uses the same UUID for the mountpoint and for the image_id, which I suppose would work, but it makes it look like the two fields are related. See discussion about this in the glance channel log: http://eavesdrop.openstack.org/irclogs/%23openstack-glance /%23openstack-glance.2018-06-01.log.html#t2018-06-01T20:26:28 to about 21:05 In glance_store: The help text for this option is a bit vague; could stand a rewrite based on the improvements made in the glance docs. See https://github.com/openstack/glance_store/blob/cc97b949033f892d6675692cbc8a24df3ce0e15e/glance_store/_drivers/filesystem.py#L109-L125 To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1775736/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1775596] [NEW] misleading message for import-image call with unknown import-method
Public bug reported: The function glance.api.v2.images.ImageController._validate_import_body checks the import method specified in the body of the request against the list of configured enabled_import_methods, and if it isn't found returns the message: "Unknown import method name '%s'." This is a bit misleading because, for example, if the operator has decided not to allow the glance-direct method, it's not really an unknown method, it's just not enabled at that site. An improvement would be something like: "Import method '%s' is not supported at this site." It might be overengineering to define a list of KNOWN_IMPORT_METHODS = ['glance-direct', 'web-download'] and then give the "not supported message" for those and the "unknown" message for any others (unless we already have a list like that somewhere that we're already maintaining). ** Affects: glance Importance: Low Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1775596 Title: misleading message for import-image call with unknown import-method Status in Glance: Triaged Bug description: The function glance.api.v2.images.ImageController._validate_import_body checks the import method specified in the body of the request against the list of configured enabled_import_methods, and if it isn't found returns the message: "Unknown import method name '%s'." This is a bit misleading because, for example, if the operator has decided not to allow the glance-direct method, it's not really an unknown method, it's just not enabled at that site. An improvement would be something like: "Import method '%s' is not supported at this site." It might be overengineering to define a list of KNOWN_IMPORT_METHODS = ['glance-direct', 'web-download'] and then give the "not supported message" for those and the "unknown" message for any others (unless we already have a list like that somewhere that we're already maintaining). To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1775596/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1769006] Re: reconfigure functional-py35 tests
Update to governance repo merged as commit http://git.openstack.org/cgit/openstack/governance/commit/?id=fdd2be2c733d8409a75ff6d8f3cd343e8ab5f12f ** Changed in: glance Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1769006 Title: reconfigure functional-py35 tests Status in Glance: Fix Released Bug description: Glance never completed the Pike py35 community goal [0]. There are two tests currently being skipped when run under py35: glance.tests.functional.test_reload.TestReload.test_reload glance.tests.functional.test_ssl.TestSSL.test_ssl_ok The last patch to touch these tests was https://review.openstack.org/#/c/456788/ (Clean up py35 env in tox.ini). The commit message has this comment: This patch enables the py35 job in tox.ini to run using ostestr. It also fixes a bytes encoding issue in the 'test_wsgi' functional test to make progress towards the community goal of enabling python3.5. Two other functional tests remain disabled and will need to be addressed in a later patch in order to fully complete the community goal - 'test_ssl' and 'test_reload'. These tests fail due to SSL handshake not working in python3.5 when using self-signed certificate and authority. OpenStack is entering the final stages of the python 3 transition [1], so we need to get these fixed and running. [0] https://etherpad.openstack.org/p/glance-pike-python35-goal [1] http://lists.openstack.org/pipermail/openstack-dev/2018-April/129866.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1769006/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1775071] [NEW] functional tests string mismatch error in py35
Public bug reported: This happens for me locally when running 'tox -e functional-py35', but doesn't seem to happen in the gate: == Failed 2 tests - output below: == glance.tests.functional.test_glance_manage.TestGlanceManage.test_contract - Captured traceback: ~~~ b'Traceback (most recent call last):' b' File "/home/rosmabr/working/repos/glance/glance/tests/utils.py", line 168, in _runner' b'func(*args, **kw)' b' File "/home/rosmabr/working/repos/glance/glance/tests/utils.py", line 184, in wrapped' b'func(*a, **kwargs)' b' File "/home/rosmabr/working/repos/glance/glance/tests/functional/test_glance_manage.py", line 176, in test_contract' b"self.assertIn('Database is up to date. No migrations needed.', out)" b' File "/home/rosmabr/working/repos/glance/.tox/functional-py35/lib/python3.5/site-packages/testtools/testcase.py", line 417, in assertIn' b'self.assertThat(haystack, Contains(needle), message)' b' File "/home/rosmabr/working/repos/glance/.tox/functional-py35/lib/python3.5/site-packages/testtools/testcase.py", line 498, in assertThat' b'raise mismatch_error' b"testtools.matchers._impl.MismatchError: 'Database is up to date. No migrations needed.' not in b'Database is up to date. No migrations needed.\\n'" b'' glance.tests.functional.test_glance_manage.TestGlanceManage.test_expand --- Captured traceback: ~~~ b'Traceback (most recent call last):' b' File "/home/rosmabr/working/repos/glance/glance/tests/utils.py", line 168, in _runner' b'func(*args, **kw)' b' File "/home/rosmabr/working/repos/glance/glance/tests/utils.py", line 184, in wrapped' b'func(*a, **kwargs)' b' File "/home/rosmabr/working/repos/glance/glance/tests/functional/test_glance_manage.py", line 137, in test_expand' b"'No expansion needed.', out)" b' File "/home/rosmabr/working/repos/glance/.tox/functional-py35/lib/python3.5/site-packages/testtools/testcase.py", line 417, in assertIn' b'self.assertThat(haystack, Contains(needle), message)' b' File "/home/rosmabr/working/repos/glance/.tox/functional-py35/lib/python3.5/site-packages/testtools/testcase.py", line 498, in assertThat' b'raise mismatch_error' b"testtools.matchers._impl.MismatchError: 'Database expansion is up to date. No expansion needed.' not in b'Database expansion is up to date. No expansion needed.\\n'" b'' The problematic line looks like this: assertIn('expected', actual) We can convert 'actual' to a string and then the comparison should work on both py27 and py35. ** Affects: glance Importance: Undecided Assignee: Brian Rosmaita (brian-rosmaita) Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1775071 Title: functional tests string mismatch error in py35 Status in Glance: In Progress Bug description: This happens for me locally when running 'tox -e functional-py35', but doesn't seem to happen in the gate: == Failed 2 tests - output below: == glance.tests.functional.test_glance_manage.TestGlanceManage.test_contract - Captured traceback: ~~~ b'Traceback (most recent call last):' b' File "/home/rosmabr/working/repos/glance/glance/tests/utils.py", line 168, in _runner' b'func(*args, **kw)' b' File "/home/rosmabr/working/repos/glance/glance/tests/utils.py", line 184, in wrapped' b'func(*a, **kwargs)' b' File "/home/rosmabr/working/repos/glance/glance/tests/functional/test_glance_manage.py", line 176, in test_contract' b"self.assertIn('Database is up to date. No migrations needed.', out)" b' File "/home/rosmabr/working/repos/glance/.tox/functional-py35/lib/python3.5/site-packages/testtools/testcase.py", line 417, in assertIn' b'self.assertThat(haystack, Contains(needle), message)' b' File "/home/rosmabr/working/repos/glance/.tox/functional-py35/lib/python3.5/site-packages/testtools/testcase.py", line 498, in assertThat' b'raise mismatch_error' b"testtools.matchers._impl.MismatchError: 'Database is up to date. No migrations needed.' not in b'Database is up to date. No migrations needed.\\n'" b'' glance.tests.functional.test_glance_manage.Tes
[Yahoo-eng-team] [Bug 1482633] Re: requests to SSL wrapped sockets hang while reading using py3
This does indeed affect Glance. We were tracking this with https://bugs.launchpad.net/glance/+bug/1769006 ** Also affects: glance Importance: Undecided Status: New ** Changed in: glance Status: New => Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1482633 Title: requests to SSL wrapped sockets hang while reading using py3 Status in Glance: Triaged Status in Manila: Triaged Status in neutron: Invalid Status in OpenStack Compute (nova): Invalid Status in oslo.service: Triaged Bug description: If we run unit tests using py3 then we get following errors: == FAIL: manila.tests.test_wsgi.TestWSGIServer.test_app_using_ssl tags: worker-0 -- Empty attachments: pythonlogging:'' stdout stderr: {{{ Traceback (most recent call last): File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/hubs/hub.py", line 457, in fire_timers timer() File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/hubs/timer.py", line 58, in __call__ cb(*args, **kw) File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/greenthread.py", line 214, in main result = function(*args, **kwargs) File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/wsgi.py", line 823, in server client_socket = sock.accept() File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/green/ssl.py", line 333, in accept suppress_ragged_eofs=self.suppress_ragged_eofs) File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/green/ssl.py", line 88, in __init__ self.do_handshake() File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/green/ssl.py", line 241, in do_handshake super(GreenSSLSocket, self).do_handshake) File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/green/ssl.py", line 106, in _call_trampolining return func(*a, **kw) File "/usr/lib/python3.4/ssl.py", line 805, in do_handshake self._sslobj.do_handshake() ssl.SSLWantReadError: The operation did not complete (read) (_ssl.c:598) }}} Traceback (most recent call last): File "/home/vponomaryov/Documents/python/projects/manila/manila/tests/test_wsgi.py", line 181, in test_app_using_ssl 'https://127.0.0.1:%d/' % server.port) File "/usr/lib/python3.4/urllib/request.py", line 153, in urlopen return opener.open(url, data, timeout) File "/usr/lib/python3.4/urllib/request.py", line 455, in open response = self._open(req, data) File "/usr/lib/python3.4/urllib/request.py", line 473, in _open '_open', req) File "/usr/lib/python3.4/urllib/request.py", line 433, in _call_chain result = func(*args) File "/usr/lib/python3.4/urllib/request.py", line 1273, in https_open context=self._context, check_hostname=self._check_hostname) File "/usr/lib/python3.4/urllib/request.py", line 1232, in do_open h.request(req.get_method(), req.selector, req.data, headers) File "/usr/lib/python3.4/http/client.py", line 1065, in request self._send_request(method, url, body, headers) File "/usr/lib/python3.4/http/client.py", line 1103, in _send_request self.endheaders(body) File "/usr/lib/python3.4/http/client.py", line 1061, in endheaders self._send_output(message_body) File "/usr/lib/python3.4/http/client.py", line 906, in _send_output self.send(msg) File "/usr/lib/python3.4/http/client.py", line 841, in send self.connect() File "/usr/lib/python3.4/http/client.py", line 1205, in connect server_hostname=server_hostname) File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/green/ssl.py", line 362, in _green_sslcontext_wrap_socket return GreenSSLSocket(sock, *a, _context=self, **kw) File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/green/ssl.py", line 88, in __init__ self.do_handshake() File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/green/ssl.py", line 241, in do_handshake super(GreenSSLSocket, self).do_handshake) File "/home/vponomaryov/Documents/python/projects/manila/.tox/py34/lib/python3.4/site-packages/eventlet/green/ssl.py", line 116, in _call_trampolining timeout_exc=timeout_exc('timed out')) File
[Yahoo-eng-team] [Bug 1772232] Re: User gets logged out when editing a snapshot
This is not a valid glance bug. Once the image data is set, no one is allowed to change the disk_format, container_format, size, or checksum. This is by design. It is particularly the case for snapshots, where Nova knows exactly what it is dealing with and will set the disk_format and container_format correctly. Additionally, it is possible to change the disk_format and container_format on images in 'queued' status using the Image API. ** Changed in: glance Status: In Progress => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1772232 Title: User gets logged out when editing a snapshot Status in Glance: Invalid Status in OpenStack Dashboard (Horizon): New Bug description: Procedure: 1- Go Project -> Compute -> Instances. 2- Create a snapshot of any instance. 3- Go to the newly created snapshot raw in Project -> Compute -> Images. 4- Edit Image -> change disk format to another format, e.g, "ISO". 5- The user logs out directly. Note: Even admin user faces the same issue. After analyzing the issue, I found that a "Forbidden HTTP request (403)" is thrown if any user tries to edit the "disk format" attribute if the image is not in "queued" status even though queued images cannot be edited. And that, in turn, logs user out. Editing disk format of any image won't really change its format. So, it might be true to have an error message when editing disk format attribute. If the case of Forbidden HTTP request is not correct, we can throw any other exception indicating that the content cannot be changed. I have the version 3.15.0 of openstack. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1772232/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1656215] Re: Add qed disk format
Nothing to do unless glance spec is approved (see glance bug). ** Changed in: python-openstackclient Status: New => Invalid ** Changed in: python-openstackclient Assignee: Yafei Yu (yu-yafei) => (unassigned) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1656215 Title: Add qed disk format Status in Glance: Invalid Status in Glance Client: Invalid Status in python-openstackclient: Invalid Bug description: QED is an image format (like qcow2, vmdk, etc) that supports backing files and sparse images. http://wiki.qemu.org/Features/QED To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1656215/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1656215] Re: Add qed disk format
Nothing to do unless glance spec is approved (see glance bug). ** Changed in: python-glanceclient Status: New => Invalid ** Changed in: python-glanceclient Assignee: Yafei Yu (yu-yafei) => (unassigned) ** Changed in: glance Status: In Progress => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1656215 Title: Add qed disk format Status in Glance: Invalid Status in Glance Client: Invalid Status in python-openstackclient: Invalid Bug description: QED is an image format (like qcow2, vmdk, etc) that supports backing files and sparse images. http://wiki.qemu.org/Features/QED To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1656215/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1703214] Re: the glance scrubber not support ca cert file
The scrubber was refactored in for the Queens release so that it connects directly to the database. See http://git.openstack.org/cgit/openstack/glance/commit/?id=d886d6d7e73dc5484e7171b7af318b1bcb2598c8 ** Changed in: glance Status: New => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1703214 Title: the glance scrubber not support ca cert file Status in Glance: Won't Fix Bug description: the glance delay delete in project is very usefully , but the glance- scrubber not support ca cert check when use https. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1703214/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1770410] [NEW] change webob to 1.8.1 in lower-constraints
Public bug reported: Can't do this until the requirements team makes webob===1.8.1 in upper- constraints.txt; see https://bugs.launchpad.net/openstack- requirements/+bug/1765748 Three parts to this fix: (1) webob===1.8.1 in lower-constraints.txt (2) simplify the code and tests that currently handle both webob 1.7.x and 1.8.x: see https://review.openstack.org/#/c/564883/ (3) add a release note with this content: Negotiation of the 'Accept-Language' header now follows the "Lookup" matching scheme described in `RFC 4647, section 3.4 <https://tools.ietf.org/html/rfc4647.html#section-3.4>`_. The "Lookup" scheme is one of the algorithms suggested in `RFC 7231, section 5.3.5 <https://tools.ietf.org/html/rfc7231.html#section-5.3.5>`_. (This is due to a change in an underlying library, which previously used a matching scheme that did not conform to `RFC 7231 <https://tools.ietf.org/html/rfc7231.html>`_.) ** Affects: glance Importance: Medium Assignee: Brian Rosmaita (brian-rosmaita) Status: Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1770410 Title: change webob to 1.8.1 in lower-constraints Status in Glance: Triaged Bug description: Can't do this until the requirements team makes webob===1.8.1 in upper-constraints.txt; see https://bugs.launchpad.net/openstack- requirements/+bug/1765748 Three parts to this fix: (1) webob===1.8.1 in lower-constraints.txt (2) simplify the code and tests that currently handle both webob 1.7.x and 1.8.x: see https://review.openstack.org/#/c/564883/ (3) add a release note with this content: Negotiation of the 'Accept-Language' header now follows the "Lookup" matching scheme described in `RFC 4647, section 3.4 <https://tools.ietf.org/html/rfc4647.html#section-3.4>`_. The "Lookup" scheme is one of the algorithms suggested in `RFC 7231, section 5.3.5 <https://tools.ietf.org/html/rfc7231.html#section-5.3.5>`_. (This is due to a change in an underlying library, which previously used a matching scheme that did not conform to `RFC 7231 <https://tools.ietf.org/html/rfc7231.html>`_.) To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1770410/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1769006] [NEW] fix skipped py35 tests
Public bug reported: Glance never completed the Pike py35 community goal [0]. There are two tests currently being skipped when run under py35: glance.tests.functional.test_reload.TestReload.test_reload glance.tests.functional.test_ssl.TestSSL.test_ssl_ok The last patch to touch these tests was https://review.openstack.org/#/c/456788/ (Clean up py35 env in tox.ini). The commit message has this comment: This patch enables the py35 job in tox.ini to run using ostestr. It also fixes a bytes encoding issue in the 'test_wsgi' functional test to make progress towards the community goal of enabling python3.5. Two other functional tests remain disabled and will need to be addressed in a later patch in order to fully complete the community goal - 'test_ssl' and 'test_reload'. These tests fail due to SSL handshake not working in python3.5 when using self-signed certificate and authority. OpenStack is entering the final stages of the python 3 transition [1], so we need to get these fixed and running. [0] https://etherpad.openstack.org/p/glance-pike-python35-goal [1] http://lists.openstack.org/pipermail/openstack-dev/2018-April/129866.html ** Affects: glance Importance: High Status: Triaged ** Tags: testing -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1769006 Title: fix skipped py35 tests Status in Glance: Triaged Bug description: Glance never completed the Pike py35 community goal [0]. There are two tests currently being skipped when run under py35: glance.tests.functional.test_reload.TestReload.test_reload glance.tests.functional.test_ssl.TestSSL.test_ssl_ok The last patch to touch these tests was https://review.openstack.org/#/c/456788/ (Clean up py35 env in tox.ini). The commit message has this comment: This patch enables the py35 job in tox.ini to run using ostestr. It also fixes a bytes encoding issue in the 'test_wsgi' functional test to make progress towards the community goal of enabling python3.5. Two other functional tests remain disabled and will need to be addressed in a later patch in order to fully complete the community goal - 'test_ssl' and 'test_reload'. These tests fail due to SSL handshake not working in python3.5 when using self-signed certificate and authority. OpenStack is entering the final stages of the python 3 transition [1], so we need to get these fixed and running. [0] https://etherpad.openstack.org/p/glance-pike-python35-goal [1] http://lists.openstack.org/pipermail/openstack-dev/2018-April/129866.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1769006/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1763761] Re: CPU topologies in nova - doesn't mention numa specific image properties
Doc is now in the Glance repo: doc/source/admin/useful-image- properties.rst ** Also affects: glance Importance: Undecided Status: New ** Changed in: glance Status: New => Triaged ** Changed in: glance Importance: Undecided => Medium ** Changed in: python-glanceclient Status: Confirmed => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1763761 Title: CPU topologies in nova - doesn't mention numa specific image properties Status in Glance: Triaged Status in OpenStack Compute (nova): Confirmed Status in Glance Client: Invalid Bug description: - [x] This is a doc addition request. This doc only talks about flavor extra specs for specifying numa nodes using the "hw:numa_nodes" flavor extra spec, but it's also possible to define numa nodes using the hw_numa_nodes image property, which coincidentally is also missing from the glance image properties doc: https://docs.openstack.org/python-glanceclient/latest/cli/property- keys.html --- Release: 17.0.0.0rc2.dev694 on 2018-04-13 15:32 SHA: e93be2690754bcba4cb346d4376ce87f94f03303 Source: https://git.openstack.org/cgit/openstack/nova/tree/doc/source/admin/cpu-topologies.rst URL: https://docs.openstack.org/nova/latest/admin/cpu-topologies.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1763761/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1766257] Re: api-ref: broken link to tasks admin doc
wha'ppen? curl -I -L -X GET http://docs.openstack.org/developer/glance/tasks.html HTTP/1.1 301 Moved Permanently Date: Mon, 30 Apr 2018 19:13:35 GMT Server: Apache/2.4.18 (Ubuntu) Location: https://docs.openstack.org/developer/glance/tasks.html Content-Length: 262 Content-Type: text/html; charset=iso-8859-1 HTTP/1.1 301 Moved Permanently Date: Mon, 30 Apr 2018 19:13:35 GMT Server: Apache/2.4.18 (Ubuntu) Location: https://docs.openstack.org/glance/latest/tasks.html Content-Length: 259 Content-Type: text/html; charset=iso-8859-1 HTTP/1.1 301 Moved Permanently Date: Mon, 30 Apr 2018 19:13:36 GMT Server: Apache/2.4.18 (Ubuntu) Location: https://docs.openstack.org/glance/latest/admin/tasks.html Content-Length: 265 Content-Type: text/html; charset=iso-8859-1 HTTP/1.1 200 OK Date: Mon, 30 Apr 2018 19:13:36 GMT Server: Apache/2.4.18 (Ubuntu) Last-Modified: Sun, 29 Apr 2018 15:46:56 GMT ETag: "7b02-56afea5981c00" Accept-Ranges: bytes Content-Length: 31490 Vary: Accept-Encoding Content-Type: text/html ** Changed in: glance Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1766257 Title: api-ref: broken link to tasks admin doc Status in Glance: Fix Released Bug description: This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes: - [x] This doc is inaccurate in this way: broken link to http://docs.openstack.org/developer/glance/tasks.html --- Release: 16.0.0.0rc2.dev123 on 'Wed Apr 18 12:08:04 2018, commit c6376ea' SHA: Source: https://git.openstack.org/cgit/openstack/glance/tree/api-ref/source/v2/index.rst URL: https://developer.openstack.org/api-ref/image/v2/index.html To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1766257/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1768077] [NEW] intermittent functional test failures related to scrubber
Public bug reported: I'm not completely sure that the scrubber tests are the culprit, but they seem to be a common factor. We're seeing different failures in the functional (py27) tests and the functional-py35 tests. (1) py27 "AssertionError: unexpected error occurred in glance-scrubber" happening in wait_for_scrubber_shutdown Observed on: - https://review.openstack.org/#/c/564077 - https://review.openstack.org/#/c/564883 See http://paste.openstack.org/show/720153/ (not sure how long the logs will be kept). (2) py35 This one is trickier because the failure is causing the subunit parser to crash during test runs, so there are several tests failing, but it looks like the scrubber tests are the constant factor. Observed on: - https://review.openstack.org/#/c/564649/ - https://review.openstack.org/#/c/564077/ - https://review.openstack.org/#/c/554174/ See http://paste.openstack.org/show/720155/ for list of tests failing when this happens. See http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2018-04-27.log.html#t2018-04-27T17:20:55 for discussion with clarkb about these failures. ** Affects: glance Importance: Undecided Status: Triaged ** Tags: testing -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1768077 Title: intermittent functional test failures related to scrubber Status in Glance: Triaged Bug description: I'm not completely sure that the scrubber tests are the culprit, but they seem to be a common factor. We're seeing different failures in the functional (py27) tests and the functional-py35 tests. (1) py27 "AssertionError: unexpected error occurred in glance-scrubber" happening in wait_for_scrubber_shutdown Observed on: - https://review.openstack.org/#/c/564077 - https://review.openstack.org/#/c/564883 See http://paste.openstack.org/show/720153/ (not sure how long the logs will be kept). (2) py35 This one is trickier because the failure is causing the subunit parser to crash during test runs, so there are several tests failing, but it looks like the scrubber tests are the constant factor. Observed on: - https://review.openstack.org/#/c/564649/ - https://review.openstack.org/#/c/564077/ - https://review.openstack.org/#/c/554174/ See http://paste.openstack.org/show/720155/ for list of tests failing when this happens. See http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2018-04-27.log.html#t2018-04-27T17:20:55 for discussion with clarkb about these failures. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1768077/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1641670] Re: Functional reload tests are flakey
Have not heard of this coming up recently. ** No longer affects: glance/newton ** Changed in: glance/ocata Status: New => Incomplete ** Changed in: glance Status: New => Incomplete -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1641670 Title: Functional reload tests are flakey Status in Glance: Incomplete Status in Glance ocata series: Incomplete Bug description: http://logs.openstack.org/periodic-stable/periodic-glance-python27-db- newton/95226d2/testr_results.html.gz is an example of a periodic gate failure in Glance's functional test suite, specifically: glance.tests.functional.test_reload.TestReload.test_reload This test fails occasionally trying to assert that new log files are created. At the moment, it's unclear exactly what the root cause of this flakey test is. The test seems to work just fine locally, so reproducing it may be time consume. For others, the complete output from the test failure is: Traceback (most recent call last): File "glance/tests/functional/test_reload.py", line 251, in test_reload for _ in self.ticker(msg): File "glance/tests/functional/test_reload.py", line 72, in ticker self.fail(message) File "/home/jenkins/workspace/periodic-glance-python27-db-newton/.tox/py27/local/lib/python2.7/site-packages/unittest2/case.py", line 690, in fail raise self.failureException(msg) AssertionError: No new log file created And the api log information has been reproduced here: http://paste.openstack.org/show/589157/ To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1641670/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1751092] Re: install guide: statement about uwsgi
** Changed in: glance Status: Fix Committed => Fix Released ** Changed in: glance/queens Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1751092 Title: install guide: statement about uwsgi Status in Glance: Fix Released Status in Glance queens series: Fix Released Bug description: Add a statement to the install guide that Glance does not currently support deployment under uwsgi. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1751092/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1767142] [NEW] functional tests need time-bounded wait-for-status
Public bug reported: Seeing occasional functional test failures in the image import tests (for example [0]). They currently sleep to wait for the server to complete an action [1], but sometimes the action apparently takes longer than expected. Would be good to introduce some kind of time-bounded wait-for-status function instead of the sleep for these tests. [0] http://logs.openstack.org/77/564077/4/check/openstack-tox- functional/56d5a64/job-output.txt.gz#_2018-04-26_01_49_20_067643 [1] https://github.com/openstack/glance/blob/8a2d1542348e8aaaee163ba629fd37c534d469d9/glance/tests/functional/v2/test_images.py#L383 ** Affects: glance Importance: Medium Assignee: Brian Rosmaita (brian-rosmaita) Status: Triaged ** Tags: testing -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1767142 Title: functional tests need time-bounded wait-for-status Status in Glance: Triaged Bug description: Seeing occasional functional test failures in the image import tests (for example [0]). They currently sleep to wait for the server to complete an action [1], but sometimes the action apparently takes longer than expected. Would be good to introduce some kind of time-bounded wait-for-status function instead of the sleep for these tests. [0] http://logs.openstack.org/77/564077/4/check/openstack-tox- functional/56d5a64/job-output.txt.gz#_2018-04-26_01_49_20_067643 [1] https://github.com/openstack/glance/blob/8a2d1542348e8aaaee163ba629fd37c534d469d9/glance/tests/functional/v2/test_images.py#L383 To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1767142/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1766705] Re: field.tags not recognized
** Project changed: glance => openstack-doc-tools ** Changed in: openstack-doc-tools Assignee: (unassigned) => Brian Rosmaita (brian-rosmaita) ** Summary changed: - field.tags not recognized + openstackdocstheme: field.tags not recognized -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1766705 Title: openstackdocstheme: field.tags not recognized Status in openstack-doc-tools: New Bug description: This is a test from the api-ref generated on patch 547714. The URL is below, you can see that it has a field.tags specification, but that field does not appear to be populated when a bug is filed. https://bugs.launchpad.net/glance/+filebug?field.title=Image%20Service%20API%20v2%20(CURRENT)%20in%20glance=%0A%0A%0AThis%20bug%20tracker%20is%20for%20errors%20with%20the%20documentation,%20use%20the%20following%20as%20a%20template%20and%20remove%20or%20add%20fields%20as%20you%20see%20fit.%20Convert%20[%20]%20into%20[x]%20to%20check%20boxes:%0A%0A-%20[%20]%20This%20doc%20is%20inaccurate%20in%20this%20way:%20__%0A-%20[%20]%20This%20is%20a%20doc%20addition%20request.%0A-%20[%20]%20I%20have%20a%20fix%20to%20the%20document%20that%20I%20can%20paste%20below%20including%20example:%20input%20and%20output.%20%0A%0AIf%20you%20have%20a%20troubleshooting%20or%20support%20issue,%20use%20the%20following%20%20resources:%0A%0A%20-%20Ask%20OpenStack:%20http://ask.openstack.org%0A%20-%20The%20mailing%20list:%20http://lists.openstack.org%0A%20-%20IRC:%20%27openstack%27%20channel%20on%20Freenode%0A%0A---%0ARelease:%20%20on%202018-04-23%2012:43%0ASHA:%205e2df55f04af52af5d7f49f8d04e2b939ed9a57f%0ASource:%20https://git.openstack.org/cgit/openstack/glance/tree /api- ref/source/v2/index.rst%0AURL:%20http://logs.openstack.org/14/547714/4/check /build-openstack-api-ref/b963253/html/v2/index.html#images =api-ref To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-doc-tools/+bug/1766705/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1766705] [NEW] field.tags not recognized
Public bug reported: This is a test from the api-ref generated on patch 547714. The URL is below, you can see that it has a field.tags specification, but that field does not appear to be populated when a bug is filed. https://bugs.launchpad.net/glance/+filebug?field.title=Image%20Service%20API%20v2%20(CURRENT)%20in%20glance=%0A%0A%0AThis%20bug%20tracker%20is%20for%20errors%20with%20the%20documentation,%20use%20the%20following%20as%20a%20template%20and%20remove%20or%20add%20fields%20as%20you%20see%20fit.%20Convert%20[%20]%20into%20[x]%20to%20check%20boxes:%0A%0A-%20[%20]%20This%20doc%20is%20inaccurate%20in%20this%20way:%20__%0A-%20[%20]%20This%20is%20a%20doc%20addition%20request.%0A-%20[%20]%20I%20have%20a%20fix%20to%20the%20document%20that%20I%20can%20paste%20below%20including%20example:%20input%20and%20output.%20%0A%0AIf%20you%20have%20a%20troubleshooting%20or%20support%20issue,%20use%20the%20following%20%20resources:%0A%0A%20-%20Ask%20OpenStack:%20http://ask.openstack.org%0A%20-%20The%20mailing%20list:%20http://lists.openstack.org%0A%20-%20IRC:%20%27openstack%27%20channel%20on%20Freenode%0A%0A---%0ARelease:%20%20on%202018-04-23%2012:43%0ASHA:%205e2df55f04af52af5d7f49f8d04e2b939ed9a57f%0ASource:%20https://git.openstack.org/cgit/openstack/glance/tree /api- ref/source/v2/index.rst%0AURL:%20http://logs.openstack.org/14/547714/4/check /build-openstack-api-ref/b963253/html/v2/index.html#images =api-ref ** Affects: glance Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1766705 Title: field.tags not recognized Status in Glance: New Bug description: This is a test from the api-ref generated on patch 547714. The URL is below, you can see that it has a field.tags specification, but that field does not appear to be populated when a bug is filed. https://bugs.launchpad.net/glance/+filebug?field.title=Image%20Service%20API%20v2%20(CURRENT)%20in%20glance=%0A%0A%0AThis%20bug%20tracker%20is%20for%20errors%20with%20the%20documentation,%20use%20the%20following%20as%20a%20template%20and%20remove%20or%20add%20fields%20as%20you%20see%20fit.%20Convert%20[%20]%20into%20[x]%20to%20check%20boxes:%0A%0A-%20[%20]%20This%20doc%20is%20inaccurate%20in%20this%20way:%20__%0A-%20[%20]%20This%20is%20a%20doc%20addition%20request.%0A-%20[%20]%20I%20have%20a%20fix%20to%20the%20document%20that%20I%20can%20paste%20below%20including%20example:%20input%20and%20output.%20%0A%0AIf%20you%20have%20a%20troubleshooting%20or%20support%20issue,%20use%20the%20following%20%20resources:%0A%0A%20-%20Ask%20OpenStack:%20http://ask.openstack.org%0A%20-%20The%20mailing%20list:%20http://lists.openstack.org%0A%20-%20IRC:%20%27openstack%27%20channel%20on%20Freenode%0A%0A---%0ARelease:%20%20on%202018-04-23%2012:43%0ASHA:%205e2df55f04af52af5d7f49f8d04e2b939ed9a57f%0ASource:%20https://git.openstack.org/cgit/openstack/glance/tree /api- ref/source/v2/index.rst%0AURL:%20http://logs.openstack.org/14/547714/4/check /build-openstack-api-ref/b963253/html/v2/index.html#images =api-ref To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1766705/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1736336] Re: Image data stays in backend if image signature verification fails
** Also affects: glance/queens Importance: Undecided Status: New ** Changed in: glance/queens Milestone: None => queens-stable-2 ** Changed in: glance/queens Importance: Undecided => High ** Changed in: glance/queens Status: New => Triaged ** Changed in: glance/queens Assignee: (unassigned) => Abhishek Kekane (abhishek-kekane) ** Tags removed: queens-backport-potential -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1736336 Title: Image data stays in backend if image signature verification fails Status in Glance: In Progress Status in Glance queens series: Triaged Bug description: If image signature verification is enabled then while creating the image if verfication fails then it returns vaild error, deletes image from the database but image data stays in the bakend forever. Ideally if image verfication fails then it should delete the data from the backend as well. Pre-requisites: 1. Ensure Barbican is enabled 2. Create Keys and Certificate (Reference https://etherpad.openstack.org/p/mitaka-glance-image-signing-instructions#90) 3. Create Signature (Reference https://etherpad.openstack.org/p/mitaka-glance-image-signing-instructions#184) and note down output of 'signature_64' 4. Create context and upload certificate using context (Reference https://etherpad.openstack.org/p/glance-image-signing-create-context) and note down output of 'cert_uuid' Steps to reproduce: 1. Upload Image to Glance, with Signature Metadata img_signature_certificate_uuid = 'fb67edd2-95ef-404b-9af2-910708c6d9b7' img_signature_hash_method = 'SHA-256' img_signature_key_type = 'RSA-PSS' img_signature = 'ezccBYtJEdj2gOrN09woioHwi2rDVvBsmRI0i+9EYAYdE7E6FV8jzJD9BImcq/m7Dm6yZZPkCUHz+y4HBKeYqK0+otcz921zaeqcKGBvU1t7J9AL0hEgJbWg0RY6RXqDXpsOQrrkrHuna4O+BUOp6sPwb3j2eFYbbsqW6d/obgM=' (different which is noted in Pre-requisites section Point 4 as 'signature_64') $ glance image-create --property name=cirrosSignedImage_goodSignature --property is-public=true --container-format bare --disk-format qcow2 --property img_signature='abcdBYtJEdj2gOrN09woioHwi2rDVvBsmRI0i+9EYAYdE7E6FV8jzJD9BImcq/m7Dm6yZZPkCUHz+y4HBKeYqK0+otcz921zaeqcKGBvU1t7J9AL0hEgJbWg0RY6RXqDXpsOQrrkrHuna4O+BUOp6sPwb3j2eFYbbsqW6d/obgM=' --property img_signature_certificate_uuid='fb67edd2-95ef-404b- 9af2-910708c6d9b7' --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' --file cirros-0.3.2-source.tar.gz Note: 'img_signature' starts with 'ezcc...' but in create command I have passed as 'abcd..' Actual Output: ++--+ | Property | Value | ++--+ | checksum | None | | container_format | bare | | created_at | 2017-12-05T07:04:38Z | | disk_format| qcow2 | | id | 6e8bec71-2176-4bcc-a732-2f76c5ac589f | | img_signature | abcdBYtJEdj2gOrN09woioHwi2rDVvBsmRI0i+9EYAYdE7E6FV8jzJD9BImcq/m7Dm6yZZPkCUHz+y4H | || BKeYqK0+otcz921zaeqcKGBvU1t7J9AL0hEgJbWg0RY6RXqDXpsOQrrkrHuna4O+BUOp6sPwb3j2eFYb | || bsqW6d/obgM= | | img_signature_certificate_uuid | fb67edd2-95ef-404b-9af2-910708c6d9b7 | | img_signature_hash_method | SHA-256 | | img_signature_key_type | RSA-PSS | | is-public | true | | min_disk | 0 | | min_ram| 0 | | name | cirrosSignedImage_goodSignature | | owner | 4f186fe25c934eeb95186fd0c5afda49