Current Series Release Notes¶
18.0.0-63¶
New Features¶
The identifier
compressedhas been added to the list of supported container formats. The intent is that this format identifier will be used for any compressed file archive format (for example, gzip or rar) that is not otherwise covered by the existing container format identifiers.As with all container formats, Glance does not verify that the data payload of an image is actually in that format. Further, you should not expect other OpenStack services to be able to handle arbitrary compressed file formats. Consult the documentation of any services that will consume your image for details.
To support the Block Storage service (Cinder) upload-volume-to-image action when the volume is an encrypted volume type, when such an image is deleted, Glance will now contact the OpenStack Key Management service (Barbican) and request it to delete the associated encryption key. Two extra properties must be set on the image for this to work:
cinder_encryption_key_id(whose value is the identifier in the OpenStack Key Management service for the encryption key used to encrypt the volume) andcinder_encryption_key_deletion_policy(whose value may be eitheron_image_deletionordo_not_delete). Please note the following:An image created by the Block Storage service will have these properties set automatically, with the deletion policy set to
on_image_deletion.The Block Storage service always creates a new secret in Barbican when it uploads a volume as an image, keeping a 1-1 relation between each secret stored in the Key Management Service and each image of an encrypted volume stored in Glance. Thus, deleting the Barbican secret at the time when the image is deleted will not cause data loss as long as the secret is not being used for any other purpose.
The Block Storage service will not use the secret associated with an image for any other purpose.
If you choose to use the Barbican secret identified by the value of
cinder_encryption_key_idfor any other purpose, you risk data loss.Manual use of the
cinder_encryption_key_*properties is not recommended.
If the
cinder_encryption_key_deletion_policyimage property is missing or has any value other thanon_image_deletion, Glance will not attempt to delete the key whose identifier is the value ofcinder_encryption_key_id.
The glance-scrubber utility is now multistore aware. If you are using the multistore feature, you must define configuration options for
os_glance_tasks_storeandos_glance_staging_storein theglance-scrubber.conffile. See the “Reserved Stores” section of the “Multi Store Support” chapter of the Glance Administration Guide for more information.
Known Issues¶
The introduction of the
compressedcontainer format in this release gives us the opportunity to remind you that Glance does not verify that thecontainer_formatimage property is accurate for any container format. It is the responsibility of the image consumer to verify the image data payload format and take appropriate action in the case of a misdescribed image.
The intent of the
compressedcontainer format identifier introduced in this release is that it will be used for any compressed file archive format (for example, gzip or rar) that is not otherwise covered by the existing container format identifiers.The exact format of the compressed file is unspecified. It is the responsibility of the consuming service to analyze the data payload and determine the compression format. A particular OpenStack service may only support specific formats. Thus, even if a service does support the
compressedcontainer format, this does not imply that the service can handle arbitrary compression formats. Consult the documentation for the service that will consume your image for details.
As of this release, the only service using the
compressedcontainer format is Cinder (Block Storage Service), when Cinder is configured to use compression when uploading a volume-image to Glance. While you may expect that Cinder will be able to consume any image incompressedcontainer format that Cinder has created, you should not expect Cinder to be able to successfully use an image incompressedformat that it has not created itself. Consult the Cinder documentation for more information.
Upgrade Notes¶
The identifier
compressedhas been added to the list of supported container formats. The intent is that this format identifier will be used for any compressed file archive format (for example, gzip or rar) that is not otherwise covered by the existing container format identifiers.The
compressedcontainer format was added in support of the Cinder (Block Storage Service) feature Leverage compression accelerator. You may expect that Cinder will be able to consume any image incompressedcontainer format that Cinder has created. You should not expect, however, for other services to be able to consume such an image at the present time. Further, you should not expect Cinder to be able to successfully use an image incompressedformat that it has not created itself.
The properties
cinder_encryption_key_idandcinder_encryption_key_deletion_policyhave been added to the common image properties and appear in the image schema. See the “New Features” section of these notes for information about these image properties.
If you are using the multistore feature, you must define configuration options for
os_glance_tasks_storeandos_glance_staging_storein theglance-scrubber.conffile. See the “Reserved Stores” section of the “Multi Store Support” chapter of the Glance Administration Guide for more information.
The following metadata definitions have been modified in the Train release:
Added
hw_pmuboolean in theOS::Compute::LibvirtImagenamespace.Added
powervmto thehypervisor_typeenumeration in theOS:::Compute::Hypervisornamespace.Added
virtio,gopandnoneto thehw_video_modelenumeration in theOS::Compute::LibvirtImagenamespace.
You may upgrade these definitions using:
glance-manage db load_metadefs [--path <path>] [--merge] [--prefer_new]
