Current Series Release Notes

18.0.0-63

New Features

  • The identifier compressed has been added to the list of supported container formats. The intent is that this format identifier will be used for any compressed file archive format (for example, gzip or rar) that is not otherwise covered by the existing container format identifiers.

    As with all container formats, Glance does not verify that the data payload of an image is actually in that format. Further, you should not expect other OpenStack services to be able to handle arbitrary compressed file formats. Consult the documentation of any services that will consume your image for details.

  • To support the Block Storage service (Cinder) upload-volume-to-image action when the volume is an encrypted volume type, when such an image is deleted, Glance will now contact the OpenStack Key Management service (Barbican) and request it to delete the associated encryption key. Two extra properties must be set on the image for this to work: cinder_encryption_key_id (whose value is the identifier in the OpenStack Key Management service for the encryption key used to encrypt the volume) and cinder_encryption_key_deletion_policy (whose value may be either on_image_deletion or do_not_delete). Please note the following:

    • An image created by the Block Storage service will have these properties set automatically, with the deletion policy set to on_image_deletion.

    • The Block Storage service always creates a new secret in Barbican when it uploads a volume as an image, keeping a 1-1 relation between each secret stored in the Key Management Service and each image of an encrypted volume stored in Glance. Thus, deleting the Barbican secret at the time when the image is deleted will not cause data loss as long as the secret is not being used for any other purpose.

      • The Block Storage service will not use the secret associated with an image for any other purpose.

      • If you choose to use the Barbican secret identified by the value of cinder_encryption_key_id for any other purpose, you risk data loss.

      • Manual use of the cinder_encryption_key_* properties is not recommended.

    • If the cinder_encryption_key_deletion_policy image property is missing or has any value other than on_image_deletion, Glance will not attempt to delete the key whose identifier is the value of cinder_encryption_key_id.

  • The glance-scrubber utility is now multistore aware. If you are using the multistore feature, you must define configuration options for os_glance_tasks_store and os_glance_staging_store in the glance-scrubber.conf file. See the “Reserved Stores” section of the “Multi Store Support” chapter of the Glance Administration Guide for more information.

Known Issues

  • The introduction of the compressed container format in this release gives us the opportunity to remind you that Glance does not verify that the container_format image property is accurate for any container format. It is the responsibility of the image consumer to verify the image data payload format and take appropriate action in the case of a misdescribed image.

  • The intent of the compressed container format identifier introduced in this release is that it will be used for any compressed file archive format (for example, gzip or rar) that is not otherwise covered by the existing container format identifiers.

    The exact format of the compressed file is unspecified. It is the responsibility of the consuming service to analyze the data payload and determine the compression format. A particular OpenStack service may only support specific formats. Thus, even if a service does support the compressed container format, this does not imply that the service can handle arbitrary compression formats. Consult the documentation for the service that will consume your image for details.

  • As of this release, the only service using the compressed container format is Cinder (Block Storage Service), when Cinder is configured to use compression when uploading a volume-image to Glance. While you may expect that Cinder will be able to consume any image in compressed container format that Cinder has created, you should not expect Cinder to be able to successfully use an image in compressed format that it has not created itself. Consult the Cinder documentation for more information.

Upgrade Notes

  • The identifier compressed has been added to the list of supported container formats. The intent is that this format identifier will be used for any compressed file archive format (for example, gzip or rar) that is not otherwise covered by the existing container format identifiers.

    The compressed container format was added in support of the Cinder (Block Storage Service) feature Leverage compression accelerator. You may expect that Cinder will be able to consume any image in compressed container format that Cinder has created. You should not expect, however, for other services to be able to consume such an image at the present time. Further, you should not expect Cinder to be able to successfully use an image in compressed format that it has not created itself.

  • The properties cinder_encryption_key_id and cinder_encryption_key_deletion_policy have been added to the common image properties and appear in the image schema. See the “New Features” section of these notes for information about these image properties.

  • If you are using the multistore feature, you must define configuration options for os_glance_tasks_store and os_glance_staging_store in the glance-scrubber.conf file. See the “Reserved Stores” section of the “Multi Store Support” chapter of the Glance Administration Guide for more information.

  • The following metadata definitions have been modified in the Train release:

    • Added hw_pmu boolean in the OS::Compute::LibvirtImage namespace.

    • Added powervm to the hypervisor_type enumeration in the OS:::Compute::Hypervisor namespace.

    • Added virtio, gop and none to the hw_video_model enumeration in the OS::Compute::LibvirtImage namespace.

    You may upgrade these definitions using:

    glance-manage db load_metadefs [--path <path>] [--merge] [--prefer_new]