This does two things:
1. It makes us check that the QCOW backing_file is unset on those
types of images. Nova and Cinder do this already to prevent an
arbitrary (and trivial to accomplish) host file exposure exploit.
2. It makes us restrict VMDK files to only allowed subtypes. These
files can name arbitrary files on disk as extents, providing the
same sort of attack. Default that list to just the types we believe
are actually useful for openstack, and which are monolithic.
The configuration option to specify allowed subtypes is added in
glance's config and not in the import options so that we can extend
this check later to image ingest. The format_inspector can tell us
what the type and subtype is, and we could reject those images early
and even in the case where image_conversion is not enabled.
Closes-Bug: #1996188
Change-Id: Idf561f6306cebf756c787d8eefdc452ce44bd5e0
oslo.config 4.5.1 contains change I2e1f187feaf4, which makes
the workaround introduced by change Ic40f582f83e0 unnecessary.
Change-Id: Ib7fc2f2082981b1765e901ca5b277fce08221ba8
Related-bug: #1962581
Related-bug: #1962603
The default value is being set too early. We don't want to use
the value of sys.executable at the time the config is generated,
because that's unlikely to map to an existing interpreter in an
actual deployment.
Change-Id: Ic40f582f83e04c6915a3fcb231d6d95ca071c100
Closes-bug: #1962581
When we convert an image to a specified format during import, we
update the disk_format to match. At that point, we also know the (new)
image.size, so we should set it.
This is somewhat related to setting image size on stage, in that once
it is set we will validate that it does not change in later steps.
Since this one comes between stage and the actual store upload, this
patch makes conversion set it and confirms that the later steps are
happy with that. A later patch sets it during stage, confirming that
we can change it here during conversion when we are changing the
actual image file itself.
Related to blueprint glance-unified-quotas
Change-Id: I795c52f606f85955e39efc29b75f2941be1264b4
This makes the image_conversion plugin use the action wrapper for
its image inspection and mutation activities.
Note that several important actions from the execute handler are not
asserted in the test, so this adds those checks to make sure they
are actually happening.
Change-Id: I575dbc45781aaed521aeb5ef085322ad2018f378
The tests for the image_conversion plugin were missing basically all
of the places where the task can fail (or NOP). This adds tests for
those things to validate behavior before moving the task to use the
import wrapper.
Note that in the process, I found a potential bug in the handling of
the metadata response from qemu-img when probing for the format. We
tolerate "format" being missing from the result, but will end up
passing None as an argument to 'qemu-img convert', which will fail.
This fixes that to raise RuntimeError in line with the existing
behavior of "raise RuntimeError if any error is reported".
Change-Id: I8f1d03275e6ec51a802cc4b4107f3ab648f535a1
The image conversion plugin does a processutils exec(), which needs
to spawn python for prlimit support. Under uwsgi, sys.executable
points to uwsgi itself, which won't work in this case. This introduces
a [wsgi]/python_interpreter config option (because I don't think
there is any way to get this from uwsgi itself) which we use for
the exec. By default, it's sys.executable, which is what is used
right now so nobody should notice a change unless they need it.
Note: Making this depend on the devstack change to remove the wsgi
import restriction so we can get a test on it.
Partial-Bug: #1888713
Change-Id: I7cb2e135d6ea2cb21de55060df3f7bf40b3e64b6
A typo in the oslo.config 'choices' for the output_format config
option definition for the image conversion plugin in the
interoperable image import workflow prevents conversion to the
vmdk format. This patch corrects the typo and regenerates the
sample image import conf file.
Change-Id: I1836a46d969aab8ce09967db63d66f215d2cc920
Closes-bug: #1809462
Related-bug: #1805765
It is not possible to convert glance images as it fails with error,
NoSuchOptError: no such option 'conversion_plugin_options' in group
[DEFAULT] as there is no 'conversion_plugin_options' option or group
in glance-image-import.conf file.
Used correct option group 'image_conversion' to fetch the image
'output_format' option.
Change-Id: Ia7ced170bcddcd3639b7edfb644deef3018b11a8
Closes-Bug: #1805765
In Python 3.7, "async" is a keyword. To prevent it from
conflicting, rename the async package to async_.
Change-Id: I1eaf87eedb86679d9ca9323aac05f0770c33efea
Closes-Bug: #1781617
Dan Smith