Current Series Release Notes

New Features

  • Policy enforcement for several Metadata Definition delete APIs are added in this release. The following actions are enforced and added to the policy.json:

    • delete_metadef_namespace

    • delete_metadef_object

    • remove_metadef_resource_type_association

    • remove_metadef_property

    • delete_metadef_tag

    • delete_metadef_tags

    This prevents roles that should not have access to these APIs from performing the APIs associated with the actions above.

  • As part of the multi-store efforts this release introduces deletion from single store. Through new ‘/v2/stores’ endpoint the API user can request image to be deleted from single store instead of deleting the whole image. This feature can be used to clean up store metadata in cases where the image data has for some reason disappeared from the store already, except 410 Gone HTTP response.

  • New Interoperable Image Import plugin has been introduced to address the use case of providing compressed images either through ‘web-download’ or to optimize the network utilization between the client and Glance.

Upgrade Notes

  • The show_multiple_locations configuration option remains DEPRECATED but not removed in the Ussuri release. We continue to recommend that image locations not be exposed to end users. See OSSN-0065 for more information.

    The plan continues to be to eliminate the option and use only policies to control image locations access. This, however, requires some major refactoring, as discussed in the draft Policy Refactor spec. Further, there is no projected timeline for this change, as no one has been able to commit time to it. (The Glance team would be happy to discuss this more with anyone interested in working on it.)

    Please keep a watch on the Glance release notes and the glance-specs repository to stay informed about developments on this issue.

  • The sheepdog storage backend driver was deprecated in the Train release and has now been removed. Any deployments still using Sheepdog storage will need to migrate to a different backend storage prior to upgrading to this release.

  • Operators who use property protections with the property_protection_rule_format set to policies must still define the policy rules used for property protections in a policy file. The content of the file may be JSON or YAML. Additionally, we suggest that the absolute pathname of this file be set as the value of policy_file in the [oslo_policy] section of the glance-api.conf file.

    Be aware that if you define a policy rule for default or context_is_admin, that policy rule will also be used by the policies that govern permissions to perform actions using the Images API, even if these actions are not specified in the policy file.

Deprecation Notes

  • The Glance API configuration option allow_additional_image_properties is deprecated in this release and is subject to removal at the beginning of the Victoria development cycle, following the OpenStack standard deprecation policy.

    The migration path for operators who were using this option in its nondefault False setting is to set the image_property_quota option to 0. Since many other OpenStack services depend upon the ability to read/write custom image properties, however, we suspect that no one has been using the option with a nondefault value.

Bug Fixes

  • Bug 1861334: cors config defaults not used when Glance is run as WSGI app

New Features

  • Added new import method copy-image which will copy existing image into multiple stores.

Upgrade Notes

  • Added new import method copy-image which will copy existing image into multiple stores. The new import method will work only if multiple stores are enabled in the deployment. To use this feature operator needs to mention copy-image import method in enabled_import_methods configuration option. Note that this new internal plugin applies only to images imported via the interoperable image import process.

  • Add ability to import image into multiple stores during interoperable image import process. This feature will only work if multiple stores are enabled in the deployment. It introduces 3 new optional body fields to the import API path:

    • stores: List containing the stores id to import the image binary data to.

    • all_stores: To import the data in all configured stores.

    • all_stores_must_succeed: Control wether the import have to succeed in all stores.

    Users can follow workflow execution with 2 new reserved properties:

    • os_glance_importing_to_stores: list of stores that has not yet been processed.

    • os_glance_failed_import: Each time an import in a store fails, it is added to this list.

  • Policy defaults are now defined in code, as they already were in other OpenStack services. After upgrading there is no need to provide a policy.json file (and you should not do so) unless you want to override the default policies, and only policies you want to override need be mentioned in the file. You should no longer rely on the default rule, and especially not the default value of the rule (which has been relaxed), to assign a non-default policy to rules not explicitly specified in the policy file.

Security Issues

  • If the existing policy.json file relies on the default rule for some policies (i.e. not all policies are explicitly specified in the file) then the default rule must be explicitly set (e.g. to "role:admin") in the file. The new default value for the default rule is "", whereas since the Queens release it has been "role:admin" (prior to Queens it was "@", which allows everything). After upgrading to this release, the policy file should be replaced by one that overrides only policies that need to be different from the defaults, without relying on the default rule.

Upgrade Notes

  • Python 2.7 support has been dropped. Last release of Glance to support py2.7 is OpenStack Train (Glance 19.x). The minimum version of Python now supported by Glance is Python 3.6.

  • If upgrade is conducted from PY27 where ssl connections has been terminated into glance-api, the termination needs to happen externally from now on.

Security Issues

  • The ssl support from Glance has been removed as it worked only under PY27 which is not anymore supported environment. Termination of encrypted connections needs to happen externally as soon as move to PY3 happens. Any deployment needing end to end encryption would need to put either reverse proxy (using fully blown http server like Apache or Nginx will cause significant performance hit and we advice using something more simple that does not break the http protocol) in front of the service or utilize ssl tunneling (like stunnel) between loadbalancers and glance-api.