Xena Series Release Notes¶
The Xena release includes some important milestones in Glance development priorities.
Added support for unified quotas using keystone limits
Moved policy enforcement in API layer
Implemented Secure RBAC project scope for metadef APIs
Fixed some important bugs around multi-store imports and precaching images
Glance now has per-tenant quota support based on Keystone unified limits for resources like image and staging storage, among other things. For more information about how to configure and use these quotas, refer to the relevant section of the Administrator Guide.
Glance’s default policies for metadef APIs now support member and reader roles for Secure RBAC project persona. Administrative operations like create, delete and update are still protected using the admin role on a project. Administrative actions will be updated in the future to consume system-scope.
The database migration engine used by Glance for database upgrades was changed from SQLAlchemy Migrate to Alembic in the 14.0.0 (Ocata) release. Support for SQLAlchemy Migrate has now been removed. This means in order to upgrade from a pre-Ocata release to Xena or later, you must upgrade to Wallaby or earlier first.
The Xena release of Glance is a midpoint in the process of refactoring how our policies are applied to API operations. The goal of applying policy enforcement in the API will ultimately increase the flexibility operators have over which users can do what operations to which images, and provides a path for compliant Secure RBAC and scoped tokens. In Xena, some policies are more flexible than they once were, allowing for more fine-grained assignment of responsibilities, but not all things are possible yet. If enforce_secure_rbac is not enabled, most things are still enforcing the legacy behavior of hard and fast admin-or-owner requirements.
The cinder store lazy migration code assumed that the user performing the GET was authorized to modify the image in order to perform the update. This will not be the case for shared or public images where the user is not the owner or an admin, and would result in a 404 to the user if a migration is needed but not completed. Now, we delay the migration if we are not sufficiently authorized, allowing the first GET by the owner (or an admin) to perform it. See Bug 1932337 for more information.
Bug 1916052: Unable to create trust errors in glance-api
Bug 1934673: Policy deprecations falsely claims defaulting to role based policies
Bug 1922928: Image tasks API excludes in-progress tasks
Bug 1936665: Functional tests not available for metadef resource types
Bug 1895173: Caught error: UPDATE statement on table ‘image_properties’. expected to update 1 row(s); 0 were matched
Bug 1940090: options of the castellan library are missing from glance-api.conf
Bug 1885928: Unable to spawn VM from community image
Bug 1939307: glance-uwsgi - Add missing cache prefetching periodic job
Bug 1940733: [oslo_reports] options are missing from the config file generated by oslo-confi-generator
Bug 1939944: The parameters of the healthcheck middlewares are missing from glance-api.conf