Commit Graph

86 Commits

Author SHA1 Message Date
Zuul 4a3666c103 Merge "Support image property protections configuration" 2024-01-09 06:06:07 +00:00
Takashi Kajinami d1401c48ad Support image property protections configuration
This allows users to configure the image property protections
feature[1] using this module.

[1] https://docs.openstack.org/glance/latest/admin/property-protections.html

Closes-Bug: 2036732
Change-Id: I3b985b2b280e6d2b678078f4430db02dccca657c
2024-01-03 11:05:00 +09:00
Zuul daf01a83ba Merge "Fix wrong config file name described in type description" 2023-12-24 08:13:24 +00:00
Takashi Kajinami cf09386478 Fix wrong config file name described in type description
Trivial-Fix

Change-Id: I3ce5f8cec7852dbb8124d52df7ef2c429f4a0152
2023-12-24 13:12:01 +09:00
Takashi Kajinami 89513a4d61 glance_image: Enforce correct type for properties
This property supports only strings or hashes.

Change-Id: Icf25ce9e2d76c726d3299eb3b5833b3bb3dfc4f0
2023-11-26 02:26:10 +09:00
Takashi Kajinami 50e67be163 Stop reading keystone_authtoken options
Using credentials in keystone_authtoken options for glance_* resources
was deprecated some cycles ago[1].

[1] 17cc71c509

Change-Id: I57a2ecc763ccac52d9122afa86871ad74bca7450
2023-11-16 15:26:30 +09:00
Takashi Kajinami 1473037e7f Add support for rootwrap.conf
Change-Id: Ib28c3f1a8b46c439a16874c5695f121bf63c3bb9
2022-07-11 14:22:58 +00:00
Takashi Kajinami 27a2efbd04 Remove handling of 'u' prefix
... because the prefix is no longer printed in Python 3.

In python 2
>>> print({u'foo': u'baa'})
{u'foo': u'baa'}
>>> print([u'foo', 'baa'])
[u'foo', 'baa']

In python 3
>>> print({u'foo': u'baa'})
{'foo': 'baa'}
>>> print([u'foo', 'baa'])
['foo', 'baa']

Change-Id: I21de3254caad3cf1805e41faa2ac8d458e61acbe
2022-05-18 10:49:40 +09:00
Zuul 627dfd3318 Merge "Deprecate usage of authtoken parameters in providers" 2022-03-12 05:31:02 +00:00
Takashi Kajinami 17cc71c509 Deprecate usage of authtoken parameters in providers
When SRBAC is completely implemented according to the current spec,
each service user no longer has full admin privilege but has access
limited to the actual requirement. This means that we are no longer
able to use service users to create resources.

This change is a prep-work to get rid of usage of the service user,
currently loaded from authtoken parameters in the .conf file. Now
each providers loads clouds.yaml file placed in /etc/openstack/puppet.

Depends-on: https://review.opendev.org/806474
Depends-on: https://review.opendev.org/828025
Change-Id: Ia4a1edf49f1c47ea77a0197e4e7de172a3431532
2022-02-22 00:16:54 +09:00
Takashi Kajinami 14fdd891fe Ensure auth_endpoint is reset
The auth_endpoint variable is loaded from glance-api.conf, thus it
should be cleared when configurations loaded by glance-api.conf is
cleared.

Change-Id: I77fddcb26589dd975043c2487e672c26013479fc
2022-02-20 12:21:07 +09:00
Takashi Kajinami aaa352a3af Support more file backend parameters
This change improves coverage of the file backend parameters. Because
the filesystem_store_datadirs parameter is MultiStrOpt, support for
MultiStrOpt is also introduced to the glance_cache_config resource
type.

Change-Id: I5785605bf4224c0f189fd7700d5a9b05def058e8
2022-02-13 01:28:44 +09:00
Takashi Kajinami 1d2fe7caee glance_image: Refactor property setters
Change-Id: I129bc214b90024197fe5f69773b589b5bdb0e473
2021-11-25 18:45:50 +09:00
Takashi Kajinami 983f6199d4 glance_image: Add support for project_id/name
This change adds the new project_id/name attribute to the glance_image
resource type, so that users can customize owner of glance images
managed by the resource.

Change-Id: I79c231d857079896bf101408aa758ef056669585
2021-11-25 18:45:46 +09:00
Takashi Kajinami 6488c46733 glance_image: Fix handling of image_tag
The image_tag attribute corresponds to the tags key in openstack CLI.
This change updates the key to parse CLI output accordingly.

Change-Id: I97e3eac6ff2fc34a8471f047160f8c14981bf232
2021-11-25 08:54:22 +09:00
Takashi Kajinami 53b75099d0 Allow customizing separator for api-paste.ini
The api-paste.ini accepts not only "=" but also ":" and some services
like Barbican have been using ":" for their default api-paste.ini
files.

[composite:main]
use = egg:Paste#urlmap
/: barbican_version
/v1: barbican-api-keystone

This change allows users to use ":" so that they can update the ini
files with keeping it consistent with the default fules

Depends-on: https://review.opendev.org/813614
Change-Id: I200a971d120feed0afaa7833ee383f01bfe6b9b7
2021-10-15 12:04:41 +09:00
Takashi Kajinami 10872d13eb Add support for MultiStrOpt
This replaces the provider implementation of glance_api_config type
so that MultiStrOpt, which is used by several options like
 - oslo_messaging_notifications/driver
 - oslo_policy/policy_dirs
is handled correctly.

Change-Id: I6c0ea1276d16722c9908a20333890a4a17404b61
2021-05-08 12:02:31 +09:00
Thomas Goirand 36e09b4bb2 Add support for glance_api_uwsgi_config in Debian
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Glance API. Therefore, this patch adds a new
glance_api_uwsgi_config provider as well as a new
glance::wsgi::uwsgi class.

Change-Id: If02def38d583f2255b8a0219dc53c26f0980521c
2021-04-09 23:43:59 +02:00
Takashi Kajinami 2ae1115e42 Clean up remaining items for glance-registry
This change drops remaining items about support for glance-registry.
These were deprecated by the removal patch[1] which was merged during
the previous cycle thus we are now ready to drop them.

[1] 11599ba429

Change-Id: If2d371a372cf4d95d84e3d71fb4ce272565ac659
2021-03-17 07:41:23 +09:00
Takashi Kajinami 2e5e78de0e Filter out direct_url from image properties
The direct_url property is set by glance-api and it is not allowed
to update the parameter from client side. This change ensures that
the property is filtered out.

Note that this property is visible only when show_image_direct_url is
True, thus the problem has not been detected in the current acceptance
test which use show_image_direct_url=False.

Change-Id: Ief5cf6c6e4767516ff152f9ee5487fc52854e298
2021-02-12 17:27:17 +09:00
Takashi Kajinami 5791916206 Ignore stores image property
Currently Glance includes "stores" image property automatically in
image show API. This property is assigned at api side and client
is not allowed to update the value.

This change ensures that the property is ignored to prevent
the glance_image resource from detecting false change because of that
read-only property.

Change-Id: I0242f13402a56cf898439fa6b0b3972da38dbebb
2021-02-12 17:25:11 +09:00
Javier Pena a7ed6f0309 Follow redirects in glance_image provider
When glance_image receives an URL, and that URL has a redirect,
the provider does not follow the redirect and the generated image
contains just the HTML text from the initial HTTP output.

This commit fixes that behavior by making the Net.HTTP request follow
redirects.

Change-Id: Iaf82f68f6371259852eb3232a4012847ed8307ff
2020-10-05 23:03:11 +00:00
Takashi Kajinami 15d4c59153 Ignore onwer_specifed.* properties in images
Since Ussuri release, openstackclient uses OpenStackSDK instead of
glanceclient to create an image[1]. This switch made "openstack image
create" command to create images with owner_specified.* properties.

This patch makes glance_image type filter out these properties to avoid
false changes in image properties.

[1] 60e7c51df4cf061ebbb435a959ad63c7d3a296bf

Change-Id: I0439509589a7b28daf96d5a88ae2f5e01a27cf40
2020-08-28 01:37:09 +09:00
Takashi Kajinami 11599ba429 Remove support for glance-registry service
This patch removes support for glance-registry service, because it has
been removed from glance [1].
 [1] https://review.opendev.org/#/c/738671/

Change-Id: Id05f736dbbddaff2cb90aa6678c777b9a0318e40
2020-07-28 19:41:10 +09:00
Takashi Kajinami 10a9cbe4d7 Use anchor to require necessary packages/services
... so that correct packages and services are required according
without re-defining them in resource implementations.

Change-Id: I03016890692b406ca86750d7ec8b3b3e1d276b1a
2020-05-04 02:15:52 +09:00
Takashi Kajinami 066f45758d Fix broken Puppet::Provider::Glance
This patch fixes Puppet::Provider::Glance, broken because it still
depends on glance_store/os_region_name, which was removed in [1].

This patch also updates outdated provider implementation, and introduce
the implementetion consisntent with other modules like puppet-nova or
puppet-neutron.

[1] 9e82f598ad

Closes-Bug: #1872656
Closes-Bug: #1872691
Change-Id: I1dfcb311c10c633788c24484c21277255b60e4e5
2020-04-15 12:53:40 +09:00
yatinkarel 1365358978 Fix properties in glance_image provider for osc >= 4.0.0
Similar to I6a68505d15473b140c85a199a09d2fee45864800

Openstackclient 4.0.0 changed the way some properties are displayed
on screen.

Old:
...,"Properties"
...,"foo='bar'"

New:
...,"Properties"
...,"{u'foo': u'bar'}"
or
...,"{'foo': 'bar'}"

This is breaking idempotency on the glance_image provider, since it
does not detect them correctly. This patch aims at fixing this, by
trying to detect the new format, and using JSON parsing in that case.

Change-Id: I1829c7e59058fa72690dc08b3e2f65afcad7ea46
2019-10-09 21:48:47 +05:30
Tobias Urdin 97c5ff3874 Change keystone v2.0 url to v3
Change-Id: Ic90c6394acad605b4a2172b4993bf32cab3e7c20
2019-02-24 13:01:33 +01:00
PranaliD 091c01b7b8 Enable image import conversion & image output format
Glance image conversion configuration is not enabled by
puppet-glance in glance-image-import.conf.

Adding image_import_plugins & output format parameters to enable
glance image conversion.

Change-Id: I098aa0cabf2518b8861d5b58b885d9bdef54a7f6
Closes-Bug: #1807366
2018-12-10 13:41:53 +05:30
Daniel Pawlik 896f4cebbd Added tag property for glance_image provider class
Change-Id: I1772a231c6e3c8ece7f13ca6935d38e3818d2990
2018-11-14 13:51:11 +00:00
Tobias Urdin f0137bfc94 Fix properties for glance_image provider
There are some changes in Glance where it now does
som calculus on the image and adds these three new
values to the image properties. [1]

This change fixes so we dont update these properties
when we flush or create the glance_image resource.

It also changes the spec acceptance so it tests if
our custom property is there and not the only property.

[1] https://github.com/openstack/glance/blob/master/releasenotes/notes/multihash-081466a98601da20.yaml

Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Change-Id: I7f1245be6c2446f0d4336630e800da3e110f3408
2018-08-15 12:57:17 -06:00
Tobias Urdin 8a275afc76 Add proxy support to glance_image resource
The glance_image resource provides the ability to
download remote images using the source parameter.
Specifying the proxy parameter will allow one to
use a proxy server when downloading the image.

Change-Id: I540a29be3eb6c95b1c3975228c23c9154b1a0cbe
Closes-Bug: 1719874
2018-04-04 22:51:14 +02:00
Pierre Riteau 7fa183bd58 Fix Puppet syntax in glance_image example
Change-Id: If14aa8966d6cff3baad0529a029d210260a00fa9
2017-10-23 16:01:55 +01:00
yatin fc6fd4b50c Use Keystone v3 credentials
Keystone v2.0 api's are removed and we need to use
keystone v3 credentials to communicate with keystone v3.
This patch makes use of Keystone v3 credentials in
glance_image provider.

Depends-On: I385e2f34dd925bdc2fdbc1553d49dce104f566f2
Change-Id: I5d90d17a8127eb6f563aca6c9adc33bccf80f9d5
2017-10-11 17:21:50 +00:00
Denis Egorenko 1123f79809 Drop Glare service from puppet-glance
Glare service is now totally dropped from Glance [1] and now should
be configured only with puppet-glare module.

[1] https://review.openstack.org/#/c/427535/

Change-Id: I695ad518285a92a80dd7a9d5bebd11e804359224
2017-09-20 20:31:08 +00:00
Evgeny Antyshev dea0beff1a Fix parsing of image properties
when more then one pair of key/value's are given
then this code shows wrong behavior:

vm_mode=exe,cinder_img_volume_type=vstorage
it makes this:
vm_mode=''exe',cinder_img_volume_type=vstorage'

Reason is the first conversion being to broad, and 2nd match matches
the whole string.

Change-Id: I5bcf23374b57197680b87b554392ee172bf90571
2017-06-13 15:35:50 +00:00
Evgeny Antyshev d66fa43019 Add ploop to supported disk formats
"ploop" image format is supported in upstream Glance:
https://review.openstack.org/341633
And also in python-openstackclient
in Ic79f29a1fe9ea5016d3d5520c2b06e39da01ff61

Change-Id: I2336687db363136e12c5fca5d46e9ce0ba5d791c
2017-01-18 13:24:29 +00:00
Flavio Percoco b5e0ce81b1 Don't use copy from but download the image locally
Glance's v2 doesn't have support for copy-from. This patch removes that
capability in a backwards compatible way by keeping the parameter and
downloading the image locally first and then uploading it into Glance.

Change-Id: Id475b1204f80062bdd357cf2bd979f757e6573ff
2017-01-04 10:06:20 +01:00
Denis Egorenko 1e09e553ed Move Glance to new authtoken scheme
Use glance::<service>::authtoken to configure keystone_authtoken
section in glance configs, with all parameters required
to configure keystonemiddleware.

Also changed auth_type to auth_strategy, because auth_type is
related to keystone authentication.

Change-Id: I722a1e41b2cee0b3040c37f07adfd13c33edaa5c
Closes-bug: #1604463
2016-08-05 13:46:22 +03:00
Alexander Arzhanov 804afb9c3e Fix typo in values for disk_format
Fix typo in value vmd to vmdk.

Closes-Bug: #1604829

Change-Id: I0f2a3b7e37a3adbde7fdfaf91e518e0b97a40679
2016-07-20 17:40:18 +03:00
Alfredo Moralejo 3079b7caae Add option id to glance_image
In glance, user can specify the desired id when creating
a new image. This can be convenient for some cases where
users want predictable ids for image, as referencing ramdisk_id
or kernel_id for AMI images.

Change-Id: I7868f2005041dea6ecd63cd601e9244cefd08e5b
2016-05-25 09:26:27 +00:00
Javier Pena 109cda8b24 Fix image list in glance_image provider
https://review.openstack.org/298718 changed the way images are listed,
by removing the '--long' parameter. This breaks when called by the
openstacklib provider, because that was the "properties" argument in
adb0b1d012/lib/puppet/provider/openstack.rb (L74)
so the command-line used '' as a last argument, causing the failure.

This will require a stable/mitaka backport.

Change-Id: I69e3cc848fbacbda01f9bd7d8a079c99b15cb5cf
2016-04-08 19:27:00 +00:00
Michael Polenchuk d0957fb622 Add ability to set properties with glance_image
This change updates the glance_image provider to support the ability to
specify properties for an image.  This change only adds the support for
setting properties. The conversion and update to using the v2 will
require further rework of this provider.

Change-Id: I22b92c5ccd0f77c837e9abe987cee07c7d90867e
Co-Authored-By: Alex Schultz <aschultz@mirantis.com>
2016-04-04 14:57:25 -06:00
Denis Egorenko da8a3aa022 Add Glance Glare API service
In Mitaka Glance v3 was moved to stand alone service [1] - now
it's called Glance Artifacts Repository (Glare).

This patch adds appropriate service managing, package installation,
configuration and related spec tests.

[1] I5b7bd4cdcc5f2a40fc4a5f74bcc422fd700c4fb0

Change-Id: I3371d1d57486e79ccfae565417f2195d3ae66bc9
Closes-bug: #1555697
2016-03-22 18:50:29 +03:00
Denis Egorenko c8b7d3319b Use glance-swift conf for swift backend
For working with Swift backend, Glance needs authentication parameters,
which are supplied to Swift when making calls to its storage system.
Glance will use information from the file specified under parameter
swift_store_config_file. When this parameter is set to the same file
(glance-api.conf), we have lot of non-critical errors in glance-api
log, because of 'Invalid format of swift store config'.

The same problem, when we have RadosGW.

Change-Id: I18ee8f68f7ce793d2580685e79ed636556c57ddd
Related-bug: #1540890
2016-02-02 17:34:33 +03:00
gcmalloc 7e2e1162d0 Add support for min ram and min disk
Add min_ram and min_disk properties to the glance_image resource.

Change-Id: I27202559bc73283a318575669c957238f5aee988
2016-01-25 17:54:41 -08:00
Cody Herriges b011f42591 Make sure Facter is only executed on agent
This commit moves conditionals based on values obtained from Facter
  inside code blocks that are only executed on agents and replaces
  the use of Facter['osfamily'].value with Facter.value:(:osfamily).

  Without this change we are returning values based off the master's
  facts, so if a Debian agent checks into a RedHat master then the type
  is currently making a decision based off of RedHat and not the actual
  OS of the agent running the catalog.  Code ran outside blocks is
  evaluated on masters and inside a block is evaluated by the agent when
  the catalog is executed.  We do not notice this because all our
  testing uses "puppet apply" and autorequire only matters when they
  find a matching resource name in the catalog.  The latter results
  in no error because the relationship is simply ignored on the Debian
  agent if a package resource with the RedHat name is not found.

  This issue was found by running facter 3, the C++11 re-implementation
  under the jruby and clojure implemented puppetserver.  The clojure
  jni shim written so that facter can be ran inside of puppetserver does
  not implement the [] method for the Facter module but the ruby shim
  does.  So I noticed that the code had an issue when
  Facter['osfamily'].value was executed on the master, which returned a
  not method error.  Once again, something we didn't notice becuase we
  do not test against a master.  I decided to migrate to
  Facter.value(:osfamily) to simply keep to an API that is consistent
  across both puppet and puppetserver but fixing where the code runs
  does actually solve the not method found error.

Change-Id: I773f20e0bc1e917f6ec5fa8830f5bbfa60b6cd8a
2015-11-12 14:59:21 -08:00
Emilien Macchi 7147ba0323 glance_image: hardcode os-image-api-version to 1
Glance_image provider is using 'openstack image create' operation to
create an image.
This operation is supported by glanceclient but not in openstackclient.
Since openstackclient recently switched the default image-api-version to
2, we need to hardcode the version when using this operation so we can
still create images with openstackclient.

See https://bugs.launchpad.net/python-openstackclient/+bug/1405562

Closes-Bug: 1497385
Change-Id: I68adf3fb5c983f37b4b80171466928f6b94a0f6d
2015-09-18 15:54:36 -04:00
Dan Prince bce0eac01c Autorequire correct package based on the distro
Some distros (RHEL based) have a single glance package. On those
distros the ensure_package/autorequire stuff doesn't quite work
correctly as per the type code it is assumed two packages 'glance-api'
and 'glance-registry'

This commit makes sure that on RHEL based distros type only autorequire
'openstack-glance' while on other distros it correctly autorequire
'glance-api' and 'glance-registry'

Change-Id: I17c84b2282beadaec80f4db42fa5696b7967159f
Closes-bug: #1493442
Co-Authored-By: Yanis Guenane <yguenane@redhat.com>
2015-09-09 12:37:30 +02:00
Yanis Guenane 8db8143c89 Reflect provider change in puppet-openstacklib
With the creation of the new openstack_config provider, some processing
that was done in glance_api_config has been centralized in
openstack_config.

The same changes apply for glance_registry_config and
glance_cache_config

Impacted methods are :

  * section
  * setting
  * separator

Also, this commit adds the fact that, when passing a specific string
(ensure_absent_val) the provider will behave as if ensure => absent was
specified. '<SERVICE DEFAULT>' is the default value for
ensure_absent_val.

The use case is the following :

glance_api_config { 'DEFAULT/foo' : value => 'bar' } # will work as usual

glance_api_config { 'DEFAULT/foo' : value => '<SERVICE DEFAULT>' } # will mean absent

That means that all the current :

if $myvar {
  glance_api_config { 'DEFAULT/foo' : value => $myvar }
} else {
  glance_api_config { 'DEFAULT/foo' : ensure => absent }
}

can be removed in favor of :

glance_api_config { 'DEFAULT/foo' : value => $myvar }

If for any reason '<SERVICE DEFAULT>' turns out to be a valid value for
a specific parameter. One could by pass that doing the following :

glance_api_config { 'DEFAULT/foo' : value => '<SERVICE DEFAULT>',
ensure_absent_val => 'foo' }

Change-Id: I3bbdf63d1b9b5a2daba30fd4ba897db703f979ae
Depends-On: I0eeebde3aac2662cc7e69bfad7f8d2481463a218
2015-08-19 12:42:38 +02:00