Mitaka Series Release Notes


Security Issues

  • All qemu-img info calls are now run under resource limitations that limit the CPU time and address space usage of the process running the command to 2 seconds and 1 GB respectively. This addresses the bug Current usage of “qemu-img” is limited to Glance tasks, which by default (since the Mitaka release) are only available to admin users. We continue to recommend that tasks only be exposed to trusted users


New Features

  • Implement the ability to filter images by the properties id, name, status,`container_format`, disk_format using the ‘in’ operator between the values. Following the pattern of existing filters, new filters are specified as query parameters using the field to filter as the key and the filter criteria as the value in the parameter. Filtering based on the principle of full compliance with the template, for example ‘name = in:deb’ does not match ‘debian’. Changes apply exclusively to the API v2 Image entity listings An example of an acceptance criteria using the ‘in’ operator for name ?name=in:name1,name2,name3. These filters were added using syntax that conforms to the latest guidelines from the OpenStack API Working Group.

  • Implemented re-authentication with trusts when updating image status in registry after image upload. When long-running image upload takes some a lot of time (more than token expiration time) glance uses trusts to receive new token and update image status in registry. It allows users to upload big size images without increasing token expiration time.

Upgrade Notes

  • Metadata definitions previously associated with OS::Nova::Instance have been changed to be associated with OS::Nova::Server in order to align with Heat and Searchlight. You may either upgrade them using glance-manage db load_metadefs [path] [merge] [prefer_new] or glance-manage db upgrade 44.

  • The task API is being deprecated and it has been made admin only. If deployers of Glance would like to have this API as a public one, it is necessary to change the policy.json file and remove role:admin from every task related field.

Deprecation Notes

  • The use_user_token, admin_user, admin_password, admin_tenant_name, auth_url, auth_strategy and auth_region options in the [DEFAULT] configuration section in glance-api.conf are deprecated, and will be removed in the O release. See

  • The task API was added to allow users for uploading images asynchronously and for deployers to have more control in the upload process. Unfortunately, this API has not worked the way it was expected to. Therefore, the task API has entered a deprecation period and it is meant to be replaced by the new import API. This change makes the task API admin only by default so that it is not accidentally deployed as a public API.

  • OSprofiler support requires passing of trace information between various OpenStack services. This information is signed by one of HMAC keys, which we historically defined in glance-api-paste.ini and glance-registry-paste.ini files (together with enabled option, that in fact was duplicated in the corresponding configuration files). OSprofiler 0.3.1 and higher supports passing this information via configuration files, therefore it’s recommended to modify the [filter:osprofiler] section in *-paste.ini to look like paste.filter_factor = osprofiler.web:WsgiMiddleware.factory and set the hmac_keys option in the glance-*.conf files.

Security Issues

  • Fixing bug 1525915; image might be transitioning from active to queued by regular user by removing last location of image (or replacing locations with empty list). This allows user to re-upload data to the image breaking Glance’s promise of image data immutability. From now on, last location cannot be removed and locations cannot be replaced with empty list.

Bug Fixes

  • Metadata definitions previously associated with OS::Nova::Instance have been changed to be associated with OS::Nova::Server in order to align with Heat and Searchlight.