Merge "Complete and update Newton release notes"

This commit is contained in:
Jenkins 2016-09-16 00:08:15 +00:00 committed by Gerrit Code Review
commit ee667852f5
12 changed files with 230 additions and 109 deletions

View File

@ -1,6 +1,6 @@
---
prelude: >
- Add VHDX to list of supported disk format.
- Add ``vhdx`` to list of supported disk format.
features:
- The identifier ``vhdx`` has been added to the list of
supported disk formats in Glance. The respective

View File

@ -0,0 +1,13 @@
---
prelude: >
- Glance API ``minor`` version bumped to 2.4.
upgrade:
- |
Glance API **CURRENT** ``minor`` version is now ``2.4``.
* To partially fix an important image locations
bug 1587985, an API impacting change has been merged
into Glance.
* This will result into a non-backward compatible
experience before and after **Newton** release, for
users using ``add`` feature to image locations.

View File

@ -1,26 +1,32 @@
---
prelude: >
Deprecate the ``show_multiple_locations`` configuration
- Deprecate the ``show_multiple_locations`` configuration
option in favor of the existing Role Based Access
Control (RBAC) for Image locations which uses
``policy.json`` file to define the appropriate rules.
Maintaining two different ways to configure, enable
and/or disable a feature is painful for developers and
operators, so the less granular means of controlling
this feature will be eliminated in the **Ocata**
release. Please read upgrade section for more details.
upgrade:
- For the Newton release, this option will still be
honored. However, it is important to update
``policy.json`` file for glance-api nodes. In
particular, please consider updating the policies
``delete_image_location``, ``get_image_location`` and
``set_image_location`` as per your requirements. As this
is an advanced option and prone to expose some risks,
please check the policies to ensure security and privacy
of your cloud.
- Future releases will ignore this option and just
follow the policy rules. It is recommended that this
option is disabled for public endpoints and is being
only used internally for service-to-service
communication.
- |
Some additional points about ``show_multiple_locations``
configuration option deprecation.
* Maintaining two different ways to configure, enable
and/or disable a feature is painful for developers and
operators, so the less granular means of controlling
this feature will be eliminated in the **Ocata**
release.
* For the Newton release, this option will still be
honored. However, it is important to update
``policy.json`` file for glance-api nodes. In
particular, please consider updating the policies
``delete_image_location``, ``get_image_location`` and
``set_image_location`` as per your requirements. As
this is an advanced option and prone to expose some
risks, please check the policies to ensure security
and privacy of your cloud.
* Future releases will ignore this option and just
follow the policy rules. It is recommended that this
option is disabled for public endpoints and is used
only internally for service-to-service communication.
* As mentioned above, the same recommendation applies
to the policy-based configuration for exposing
multiple image locations.

View File

@ -1,29 +1,30 @@
---
prelude: >
Improved configuration options for glance. Please
refer to the ``other`` section for more information.
- Improved configuration option descriptions and handling.
other:
- The glance configuration options have been
improved with detailed help texts, defaults for
sample configuration files, explicit choices
of values for operators to choose from, and a
strict range defined with ``min`` and ``max``
boundaries.
- |
The glance configuration options have been improved with
detailed help texts, defaults for sample configuration
files, explicit choices of values for operators to
choose from, and a strict range defined with ``min`` and
``max`` boundaries.
It must be noted that the configuration options
that take integer values now have a strict range defined
with "min" and/or "max" boundaries where appropriate. This
renders the configuration options incapable of taking certain
values that may have been accepted before but were actually
invalid. For example, configuration options specifying counts,
where a negative value was undefined, would have still accepted
the supplied negative value. Such options will no longer accept
negative values. However, options where a negative value was
previously defined (for example, -1 to mean unlimited) will
remain unaffected by this change.
Values that do not comply with the appropriate restrictions
will prevent the service from starting. The logs will contain
a message indicating the problematic configuration option and
the reason why the supplied value has been rejected.
* It must be noted that the configuration options that
take integer values now have a strict range defined
with ``min`` and/or ``max`` boundaries where
appropriate.
* This renders the configuration options incapable of
taking certain values that may have been accepted
before but were actually invalid.
* For example, configuration options specifying counts,
where a negative value was undefined, would have still
accepted the supplied negative value. Such options
will no longer accept negative values.
* Options where a negative value was previously defined
(for example, -1 to mean unlimited) will remain
unaffected by this change.
* Values which do not comply with the new restrictions
will prevent the service from starting. The logs will
contain a message indicating the problematic
configuration option and the reason why the supplied
value has been rejected.

View File

@ -0,0 +1,38 @@
---
prelude: >
- Adding locations to a non-active or non-queued image
is no longer allowed.
critical:
- |
Attempting to set image locations to an image *not* in
``active`` or ``queued`` status will now result in a
HTTP Conflict (HTTP status code 409) to the user.
* Until now, no image status checks were in place while
**adding** a location on it. In some circumstances,
this may result in a bad user experience. It may also
cause problems for a security team evaluating the
condition of an image in ``deactivated`` status.
* **Adding** locations is disallowed on the following
image statuses - ``saving``, ``deactivated``,
``deleted``, ``pending_delete``, ``killed``.
* Note that there are race conditions associated with
adding a location to an image in the ``active``,
``queued``, ``saving``, or ``deactivated`` status.
Because these are non-terminal image statuses, it is
possible that when a user attempts to add a location,
a status transition could occur that might block the
**add** (or might appear to allow an add that should
not be allowed).
* For example, a user is not allowed to add a location
to an image in ``saving`` status. Suppose a user
decides to add a location anyway. It is possible that
before the user's request is processed, the
transmission of data being saved is completed and the
image transitioned into ``active`` status, in which
case the user's add location request will succeed. To
the user, however, this success will appear anomalous
because in most cases, an attempt to add a location to
an image in ``saving`` status will fail.
* We mention this so that you can be aware of this
situation in your own testing.

View File

@ -1,35 +1,20 @@
---
prelude: >
Several in-tree documentation updates exist in newton-1.
An important bug 1570789 that will handle 4 byte unicode
chars for metadefs APIs is fixed which will prevent 500s
on the same. Deprecated sign-the-hash approach for image
signing and old run_tests and related scripts have been
removed.
- Glance no longer returns a 500 when 4 byte unicode
characters are passed to the metadefs API.
- Deprecated "sign-the-hash" approach for image signing.
Old run_tests and related scripts have been removed.
upgrade:
- The image signature verification feature has been updated
to follow the "sign-the-data" approach, which uses a
signature of the image data directly. The prior deprecated
"sign-the-hash" approach, which uses a signature of an MD5
hash of the image data, has been removed.
- The image signature verification feature has been
updated to follow the "sign-the-data" approach, which
uses a signature of the image data directly. The prior
deprecated "sign-the-hash" approach, which uses a
signature of an MD5 hash of the image data, has been
removed.
security:
- The initial implementation of the image signature
verification feature in Glance was insecure, because it
relied on an MD5 hash of the image data. More details can
be found in bug 1516031. This "sign-the-hash" approach was
deprecated in Mitaka, and removed in newton-1.
Related CVE-2015-8234.
fixes:
- |
Please find below a list of some other important bugs along with
their descriptions that have been fixed in newton-1.
* bug 1580848: There's no exception when import task is created
without properties
* bug 1585584: Glare v0.1 is unable to create public artifact draft
* bug 1582304: Allow tests to run when http proxy is set
* bug 1570789: various md-* create and update api's
return 500 error if 4 bytes unicode characters is passed
* bug 1568894: glance_store opts missing in glance-scrubber.conf
and glance-cache.conf sample files
* bug 1568723: secure_proxy_ssl_header not in sample config files
relied on an MD5 hash of the image data. More details
can be found in bug 1516031. This "sign-the-hash"
approach was deprecated in Mitaka, and has been removed
in Newton. Related CVE-2015-8234.

View File

@ -0,0 +1,61 @@
---
fixes:
- |
Here is a list of other important bugs that have been
fixed (or partially fixed) along with their
descriptions.
* bug 1617258: Image signature base64 needs to wrap
lines
* bug 1612341: Add cpu thread pinning flavor metadef
* bug 1609571: version negotiation api middleware was
NOT up to date to include v2.3
* bug 1602081: Glance needs to use oslo.context's
policy dict
* bug 1599169: glance-replicator size raises object of
type 'NoneType' has no len() exception when no args
provided
* bug 1599192: glance-replicator needs to display
human-readable size
* bug 1585917: member-create will raise 500 error if
member-id is greater than 255 characters
* bug 1598985: glance-replicator compare output should
show image name in addition to image id for missing
images
* bug 1533949: Glance tasks missing configuration item
"conversion_format"
* bug 1593177: The default policy needs to be admin for
safer default deployment scenarios
* bug 1584076: Swift ACLs disappears on v1 Glance
images
* bug 1591004: Unable to download image with no
checksum when cache is enabled
* bug 1584415: Listing images with the created_at and
updated_at filters fails if an operator is not
specified
* bug 1590608: Services should use http_proxy_to_wsgi
middleware from oslo.middleware library
* bug 1584350: etc/glance-registry.conf sample file has
redundant store section
* bug 1543937: db-purge fails for very large number
* bug 1580848: There's no exception when import task is
created without properties
* bug 1585584: Glare v0.1 is unable to create public
artifact draft
* bug 1582304: Allow tests to run when http proxy is set
* bug 1570789: Metadefs API returns 500 error when 4
byte unicode character is passed
* bug 1532243: glance fails silently if a task flow
can not be loaded
* bug 1568894: glance_store options missing in
glance-scrubber.conf and glance-cache.conf sample
files
* bug 1568723: secure_proxy_ssl_header not in sample
configuration files
* bug 1535231: md-meta with case insensitive string has
problem during creating
* bug 1555275: Tags set changes on delete
* bug 1558683: Versions endpoint does not support
X-Forwarded-Proto
* bug 1557495: Possible race conditions during status
change

View File

@ -1,11 +1,11 @@
---
prelude: >
Database downgrades have been removed from the Glance source tree. Please
see ``upgrade`` section for more details.
- Database downgrades have been removed from the Glance
source tree.
upgrade:
- The ``db_downgrade`` command has been removed from the
``glance-manage`` utility and all database downgrade
scripts have been removed. In accord with OpenStack
policy, Glance cannot be downgraded any more. Operators
are advised to make a full database backup of their
production data before attempting any upgrade.
production data before attempting any upgrade.

View File

@ -1,11 +1,12 @@
---
prelude: >
s3 store driver has been removed.
- The ``s3`` store driver has been removed.
upgrade:
- The latest release of glance_store library does not
have the support for s3 driver. All code references of
s3 have been removed from the library. As this release
of Glance uses the updated glance_store library, you
will find s3 driver support removed from Glance too.
One such important example is the location strategy
which no longer has s3 support.
- The latest release of glance_store library does not have
the support for the ``s3`` driver. All code references
of the same have been removed from the library. As this
release of Glance uses the updated glance_store library,
you will find the ``s3`` driver support removed from
Glance too. For example the Glance image location
strategy modules no longer offer the ``s3`` driver
support.

View File

@ -0,0 +1,31 @@
---
prelude: >
- Sample configuration file shipped with Glance source now
has reordered store drivers configuration options for
future consistent ordering.
other:
- |
The sample configuration files autogenerated using the
oslo-config-generator tool now give consistent ordering
of the store drivers configurations.
* Some operators have reported issues with reordering
observed in the sample configurations shipped with
Glance release tarballs. This reordering may result
into a incorrect "diff" of the configurations used
downstream vs. newly introduced upstream.
* Latest release of ``glance_store`` library (used
in the **Newton** release of Glance) will include fix
for the ``glance_store`` bug 1619487.
* Until now every run of the oslo-config-generator
resulted in random ordering of the store drivers
configuration. After **Newton** release this order
will remain consistent.
* The store drivers configuration order in the sample or
autogenerated files should be expected to be
alphabetical as - ``cinder``, ``filesystem``,
``http``, ``rbd``, ``sheepdog``, ``swift``,
``vmware``.
* Note the code name for the "ceph" driver is ``rbd``.
* Note the ordering of the options within a store is not
alphabetical.

View File

@ -1,25 +1,10 @@
---
prelude: >
Adds a new function that is called in the
tasks_get_all function, so that everytime tasks
lists are called, the function checks if tasks in
the database have surpassed the expired_at value;
if that is the case, then it marks the deleted value
as 1 for all the expired tasks.
- Expired tasks are now deleted.
other:
- Tasks are soft deleted, in Glance, a resource can
be soft deleted in the Database Table, these resources
still exist in the database. The same thing happens
with tasks; they are marked as deleted using the
delete flag in the Tasks table which are not queried
on the regular list or show call. The tasks are not
instantly deleted because there may be information
contained in the task resource that may not be
available elsewhere(For example, a successful
import task will eventually result in the creation
of an image in Glance, and it would be useful to
know the UUID of this image. Similarly, if the
import task fails, end user should be given time
to read the task resource to analyze the error
message.)
- Expired tasks are now deleted in Glance. As with other
Glance resources, this is a "soft" deletion, that is, a
deleted task is marked as ``deleted`` in the database so
that the task will not appear in API responses, but the
information associated with the task persists in the
database.

View File

@ -5,6 +5,6 @@
.. toctree::
:maxdepth: 1
liberty
unreleased
mitaka
liberty