Victoria Series Release Notes


Bug Fixes

  • Bug 1889666: ‘stores’ property added when using image-create-via-import –stores <list>

    • Bug 1886650: Glance client does not correctly forward global request IDs


Other Notes

  • -| For legacy (pre-Rocky) images that do not contain “multihash” metadata, or when the --allow-md5-fallback option is used in cases where the multihash metadata is present but the specified algorithm is not available to the glanceclient, the glanceclient uses an MD5 checksum to validate the download. When operating in a FIPS-compliant environment, however, the MD5 algorithm may be unavailable to the glanceclient. In such a case, (that is, when the MD5 checksum information is available to the glanceclient but the MD5 algorithm is not), the glanceclient will fail the download as corrupt because it cannot prove otherwise. This is consistent with current behavior.



This version of python-glanceclient finalizes client-side support for the Glance import image in multiple stores, copy existing image in multiple stores and delete image from single store.

New Features

  • Support for deleting the image data from single store.

Upgrade Notes

  • The following Command Line Interface calls now take --stores, --all-stores and --allow-failure option:

    • glance image-create-via-import

    • glance image-import

    The value for --stores option is a list of store identifiers. The list of available stores may be obtained from the glance stores-info command.

    The value for --all-stores option could be True or False.

    The value for --allow-failure option could be True or False.

Bug Fixes

  • Bug 1838694: glanceclient doesn’t cleanup session it creates if one is not provided


New Features

  • Adds support for copy-image import method which will copy existing images into multiple stores.

  • Adds support for multi-store import where user can import image into multiple backend stores with single command.

Upgrade Notes

  • Python 2.7 support has been dropped. Last release of python-glanceclient to support py2.7 is OpenStack Train. The minimum version of Python now supported by python-glanceclient is Python 3.6.



This version of python-glanceclient finalizes client-side support for the Glance multiple stores feature. See the Multi Store Support section of the Glance documentation for more information.

Support for Glance multiple stores has been available on an EXPERIMENTAL basis since release 2.12.0. For the Train release, the Image service has finalized how API users interact with multiple stores. See the “Upgrade Notes” section of this document for information about changes this has necessitated in multistore support in the glanceclient.

Upgrade Notes

  • The following Command Line Interface calls now take a --store option:

    • glance image-create

    • glance image-create-via-import

    • glance image-upload

    • glance image-import

    The value for this option is a store identifier. The list of available stores may be obtained from the glance stores-info command.

  • The --backend option, available on some commands on an experimental basis since release 2.12.0, is no longer available. Use --store instead.

Bug Fixes

  • Bug 1822052: HTTPClient: actually set a timeout for requests



This version of python-glanceclient adds Python 3.6 classifier and gating on Python 3.7 environment.

New Features

  • For parity with the old checksum field, this release adds the ability for CLI users to filter the image list based upon a particular multihash value using the --hash <HASH_VALUE> option. Issue the command:

    glance help image-list

    for more information.

  • Support for embedding validation data (checksum and multihash) when adding a location to an image. Requires the Stein release server-side.

    The glance.images.add_location() method now accepts an optional argument validation_data, in the form of a dictionary containing checksum, os_hash_algo and os_hash_value.

    The location-add command now accepts optional arguments --checksum, --hash-algo and --hash-value.

Bug Fixes

    • Bug 1788271: Add image-list filter for multihash

    • Bug 1598714: Remove redundant information from error message


New Features

  • This release adds verification of image data downloads using the Glance “multihash” feature introduced in the OpenStack Rocky release. When the os_hash_value is populated on an image, the glanceclient will verify this value by computing the hexdigest of the downloaded data using the algorithm specified by the image’s os_hash_algo property.

    Because the secure hash algorithm specified is determined by the cloud provider, it is possible that the os_hash_algo may identify an algorithm not available in the version of the Python hashlib library used by the client. In such a case the download will fail due to an unsupported hash type. In the event this occurs, a new option, --allow-md5-fallback, is introduced to the image-download command. When present, this option will allow the glanceclient to use the legacy MD5 checksum to verify the downloaded data if the secure hash algorithm specified by the os_hash_algo image property is not supported.

    Note that the fallback is not used in the case where the algorithm is supported but the hexdigest of the downloaded data does not match the os_hash_value. In that case the download fails regardless of whether the option is present or not.

    Whether using the --allow-md5-fallback option is a good idea depends upon the user’s expectations for the verification. MD5 is an insecure hashing algorithm, so if you are interested in making sure that the downloaded image data has not been replaced by a datastream carefully crafted to have the same MD5 checksum, then you should not use the fallback. If, however, you are using Glance in a trusted environment and your interest is simply to verify that no bits have flipped during the data transfer, the MD5 fallback is sufficient for that purpose. That being said, it is our recommendation that the multihash should be used whenever possible.

Security Issues

  • This release of the glanceclient uses the Glance “multihash” feature, introduced in Rocky, to use a secure hashing algorithm to verify the integrity of downloaded data. Legacy images without the “multihash” image properties (os_hash_algo and os_hash_value) are verified using the MD5 checksum image property.


New Features

  • This release adds client support for the Glance “hidden images” feature described in the spec Operator maintained images lifecycle.

    Support in the glanceclient includes the following:

    • The following calls now allow the specification of a --hidden option that takes a boolean value (true or false). When this option is omitted, the default value is false.

      • image-create

      • image-create-via-import

      • image-update

    • The image-list call now allows the specification of a --hidden filter that takes a boolean value (true or false). By default, “hidden” images are not displayed in the image-list response (that’s why they’re called “hidden”). To see those images, use --hidden true as a filter on the image-list call.

  • This release adds client support for the Glance feature multi-store backend support, introduced in the Rocky release. This feature allows end users to direct uploaded or imported image data to a particular backend when a cloud operator has configured the Image Service to use multiple backends.

    The available backends are discoverable by making the stores-info call, which will return a list of available backends. The list contains an identifier (id) and a description of each available backend. The default backend is indicated in this response.

    When uploading or importing an image, the glanceclient now accepts the --backend option. Its value must be the id of a backend configured in the cloud against which the call is being made. This option may also be configured by exporting the OS_IMAGE_BACKEND environment variable with the id of a configured backend as its value.

    Some other points to keep in mind:

    • If no backend is specified, the image data is stored in the default backend.

    • If the version of the Image Service API contacted does not support multi-store backends, the option is silently ignored and the image data is stored in the default backend.

    • If an invalid backend identifier is used, the glanceclient will exit with an error message.

    • Backend identifiers and their meanings are unique to each cloud. Consult the stores-info call and your cloud provider’s documentation for details.

  • This release adds client support for the Glance “multihash” feature introduced in Rocky. This feature introduces two new image properties, os_hash_algo and os_hash_value. The content of os_hash_algo is an algorithm identifier recognized by the Python hashlib library. The os_hash_value is a hexdigest of the image data computed using this algorithm. The os_hash_algo is not end-user settable; it is configured in Glance by the cloud operator. In the glanceclient, the feature is limited solely to the display of these values.

    If the “multihash” properties are not available on an image, their values are displayed as None in the glanceclient image-show and image-list responses.

Bug Fixes

    • Bug 1783290: glance will return 401 error if the request token contains url code


Bug Fixes

  • Bug 1766235: Handle HTTP headers per RFC 8187

    Previously the glanceclient encoded HTTP headers as UTF-8 bytes. According to RFC 8187, however, headers should be encoded as 7-bit ASCII. The glanceclient now sends all headers as 7-bit ASCII. It handles unicode strings by percent-encoding them before sending them in headers.


Known Issues

  • Help texts for some properties has possibly outdated links. Please refer to the documentation of the deployment while we try to find a way how to document these references in a way that they do not point user to false information.

Bug Fixes

    • Bug 1762044: Sync schema with glance-api service

Other Notes

  • The following options to the command line client, which have been deprecated since Icehouse, have been removed:

    • --key-file (use --os-key instead)

    • --ca-file (use --os-cacert instead)

    • --cert-file (use --os-cert instead)



This was a quiet development cycle for the python-glanceclient. There were several improvements made in the testing code, and the documentation was reorganized in accord with the new standard layout for OpenStack projects. The main feature in this release is the addition of support for the new image import functionality introduced into Glance during this cycle.

New Features

  • Client support has been added for the new image import functionality introduced into Glance in this cycle. This is a feature of the Images API version 2 only, and it is disabled by default in Glance. The following commands have been added to the command line interface:

    • import-info - gets information about the import configuration of the target Glance

    • image-stage - uploads image data to the staging area

    • image-import - initiates the import process for a previously created image record whose image data is currently in the staging area

    • image-create-via-import - this is an EXPERIMENTAL command that compresses the three-step import process of the Images API version 2 into a single call from the command line, just as the current client image-create command compresses a two-step process into one step. It is EXPERIMENTAL because the name of the command may change or it may be removed entirely in future releases. The intent is that as Glance image import is adopted by deployers, this command may be renamed to image-create as it behaves exactly the same from the user’s point of view. It is included in this release so that the Glance team can get feedback from deployers and end users.

Bug Fixes

  • The following are some highlights of the bug fixes included in this release.

    • Bug 1659010: Help text inaccurate for container_format, disk_format

    • Bug 1570766: Fix ‘UnicodeEncodeError’ for unicode values in url

    • Bug 1583919: –no-ssl-compression is deprecated

Other Notes

  • The deprecated --no-ssl-compression option to the python-glanceclient command line interface has been removed. The option has been inoperative since the Liberty release.

  • An optimization was added in the case where an image download is requested from the command line interface without specifying either a filename destination for the data or output redirection. The optimization properly delays opening a connection to the server until after the CLI has verified that the user has specified a location for the downloaded data. In the pre-optimized code, if a user did not have permission to download the requested image or if the image had no data associated with it, the CLI would fail with an appropriate message when the client attempted to create the connection but before it had determined that there was no place to put the data. With this optimization, a user will not be able to “probe” the server to see whether image data is available without specifying either the --file option or command line redirection.

  • The argument to the --profile option of the command line interface may now be specified by setting the value of the OS_PROFILE environment variable.



Switch to using keystoneauth for session and auth plugins.

New Features

  • Added support to return “x-openstack-request-id” header in request_ids attribute for better tracing. | For ex. | >>> from glanceclient import Client | >>> glance = Client(‘2’, endpoint=’OS_IMAGE_ENDPOINT’, token=’OS_AUTH_TOKEN’) | >>> res = glance.images.get(‘<image_id>’) | >>> res.request_ids

Other Notes

  • [bp use-keystoneauth] As of keystoneclient 2.2.0, the session and auth plugins code has been deprecated. These modules have been moved to the keystoneauth library. Consumers of the session and plugin modules are encouraged to move to keystoneauth. Note that there should be no change to end users of glanceclient.


New Features