Using credentials in keystone_authtoken options for glance_* resources
was deprecated some cycles ago[1].
[1] 17cc71c509
Change-Id: I57a2ecc763ccac52d9122afa86871ad74bca7450
When SRBAC is completely implemented according to the current spec,
each service user no longer has full admin privilege but has access
limited to the actual requirement. This means that we are no longer
able to use service users to create resources.
This change is a prep-work to get rid of usage of the service user,
currently loaded from authtoken parameters in the .conf file. Now
each providers loads clouds.yaml file placed in /etc/openstack/puppet.
Depends-on: https://review.opendev.org/806474
Depends-on: https://review.opendev.org/828025
Change-Id: Ia4a1edf49f1c47ea77a0197e4e7de172a3431532
The auth_endpoint variable is loaded from glance-api.conf, thus it
should be cleared when configurations loaded by glance-api.conf is
cleared.
Change-Id: I77fddcb26589dd975043c2487e672c26013479fc
This change improves coverage of the file backend parameters. Because
the filesystem_store_datadirs parameter is MultiStrOpt, support for
MultiStrOpt is also introduced to the glance_cache_config resource
type.
Change-Id: I5785605bf4224c0f189fd7700d5a9b05def058e8
This change adds the new project_id/name attribute to the glance_image
resource type, so that users can customize owner of glance images
managed by the resource.
Change-Id: I79c231d857079896bf101408aa758ef056669585
The image_tag attribute corresponds to the tags key in openstack CLI.
This change updates the key to parse CLI output accordingly.
Change-Id: I97e3eac6ff2fc34a8471f047160f8c14981bf232
This replaces the provider implementation of glance_api_config type
so that MultiStrOpt, which is used by several options like
- oslo_messaging_notifications/driver
- oslo_policy/policy_dirs
is handled correctly.
Change-Id: I6c0ea1276d16722c9908a20333890a4a17404b61
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Glance API. Therefore, this patch adds a new
glance_api_uwsgi_config provider as well as a new
glance::wsgi::uwsgi class.
Change-Id: If02def38d583f2255b8a0219dc53c26f0980521c
This change drops remaining items about support for glance-registry.
These were deprecated by the removal patch[1] which was merged during
the previous cycle thus we are now ready to drop them.
[1] 11599ba429
Change-Id: If2d371a372cf4d95d84e3d71fb4ce272565ac659
The direct_url property is set by glance-api and it is not allowed
to update the parameter from client side. This change ensures that
the property is filtered out.
Note that this property is visible only when show_image_direct_url is
True, thus the problem has not been detected in the current acceptance
test which use show_image_direct_url=False.
Change-Id: Ief5cf6c6e4767516ff152f9ee5487fc52854e298
Currently Glance includes "stores" image property automatically in
image show API. This property is assigned at api side and client
is not allowed to update the value.
This change ensures that the property is ignored to prevent
the glance_image resource from detecting false change because of that
read-only property.
Change-Id: I0242f13402a56cf898439fa6b0b3972da38dbebb
When glance_image receives an URL, and that URL has a redirect,
the provider does not follow the redirect and the generated image
contains just the HTML text from the initial HTTP output.
This commit fixes that behavior by making the Net.HTTP request follow
redirects.
Change-Id: Iaf82f68f6371259852eb3232a4012847ed8307ff
Since Ussuri release, openstackclient uses OpenStackSDK instead of
glanceclient to create an image[1]. This switch made "openstack image
create" command to create images with owner_specified.* properties.
This patch makes glance_image type filter out these properties to avoid
false changes in image properties.
[1] 60e7c51df4cf061ebbb435a959ad63c7d3a296bf
Change-Id: I0439509589a7b28daf96d5a88ae2f5e01a27cf40
This patch fixes Puppet::Provider::Glance, broken because it still
depends on glance_store/os_region_name, which was removed in [1].
This patch also updates outdated provider implementation, and introduce
the implementetion consisntent with other modules like puppet-nova or
puppet-neutron.
[1] 9e82f598ad
Closes-Bug: #1872656
Closes-Bug: #1872691
Change-Id: I1dfcb311c10c633788c24484c21277255b60e4e5
Similar to I6a68505d15473b140c85a199a09d2fee45864800
Openstackclient 4.0.0 changed the way some properties are displayed
on screen.
Old:
...,"Properties"
...,"foo='bar'"
New:
...,"Properties"
...,"{u'foo': u'bar'}"
or
...,"{'foo': 'bar'}"
This is breaking idempotency on the glance_image provider, since it
does not detect them correctly. This patch aims at fixing this, by
trying to detect the new format, and using JSON parsing in that case.
Change-Id: I1829c7e59058fa72690dc08b3e2f65afcad7ea46
Glance image conversion configuration is not enabled by
puppet-glance in glance-image-import.conf.
Adding image_import_plugins & output format parameters to enable
glance image conversion.
Change-Id: I098aa0cabf2518b8861d5b58b885d9bdef54a7f6
Closes-Bug: #1807366
There are some changes in Glance where it now does
som calculus on the image and adds these three new
values to the image properties. [1]
This change fixes so we dont update these properties
when we flush or create the glance_image resource.
It also changes the spec acceptance so it tests if
our custom property is there and not the only property.
[1] https://github.com/openstack/glance/blob/master/releasenotes/notes/multihash-081466a98601da20.yaml
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Change-Id: I7f1245be6c2446f0d4336630e800da3e110f3408
The glance_image resource provides the ability to
download remote images using the source parameter.
Specifying the proxy parameter will allow one to
use a proxy server when downloading the image.
Change-Id: I540a29be3eb6c95b1c3975228c23c9154b1a0cbe
Closes-Bug: 1719874
Keystone v2.0 api's are removed and we need to use
keystone v3 credentials to communicate with keystone v3.
This patch makes use of Keystone v3 credentials in
glance_image provider.
Depends-On: I385e2f34dd925bdc2fdbc1553d49dce104f566f2
Change-Id: I5d90d17a8127eb6f563aca6c9adc33bccf80f9d5
Glare service is now totally dropped from Glance [1] and now should
be configured only with puppet-glare module.
[1] https://review.openstack.org/#/c/427535/
Change-Id: I695ad518285a92a80dd7a9d5bebd11e804359224
Glance's v2 doesn't have support for copy-from. This patch removes that
capability in a backwards compatible way by keeping the parameter and
downloading the image locally first and then uploading it into Glance.
Change-Id: Id475b1204f80062bdd357cf2bd979f757e6573ff
Use glance::<service>::authtoken to configure keystone_authtoken
section in glance configs, with all parameters required
to configure keystonemiddleware.
Also changed auth_type to auth_strategy, because auth_type is
related to keystone authentication.
Change-Id: I722a1e41b2cee0b3040c37f07adfd13c33edaa5c
Closes-bug: #1604463
In glance, user can specify the desired id when creating
a new image. This can be convenient for some cases where
users want predictable ids for image, as referencing ramdisk_id
or kernel_id for AMI images.
Change-Id: I7868f2005041dea6ecd63cd601e9244cefd08e5b
https://review.openstack.org/298718 changed the way images are listed,
by removing the '--long' parameter. This breaks when called by the
openstacklib provider, because that was the "properties" argument in
adb0b1d012/lib/puppet/provider/openstack.rb (L74)
so the command-line used '' as a last argument, causing the failure.
This will require a stable/mitaka backport.
Change-Id: I69e3cc848fbacbda01f9bd7d8a079c99b15cb5cf
This change updates the glance_image provider to support the ability to
specify properties for an image. This change only adds the support for
setting properties. The conversion and update to using the v2 will
require further rework of this provider.
Change-Id: I22b92c5ccd0f77c837e9abe987cee07c7d90867e
Co-Authored-By: Alex Schultz <aschultz@mirantis.com>
In Mitaka Glance v3 was moved to stand alone service [1] - now
it's called Glance Artifacts Repository (Glare).
This patch adds appropriate service managing, package installation,
configuration and related spec tests.
[1] I5b7bd4cdcc5f2a40fc4a5f74bcc422fd700c4fb0
Change-Id: I3371d1d57486e79ccfae565417f2195d3ae66bc9
Closes-bug: #1555697
For working with Swift backend, Glance needs authentication parameters,
which are supplied to Swift when making calls to its storage system.
Glance will use information from the file specified under parameter
swift_store_config_file. When this parameter is set to the same file
(glance-api.conf), we have lot of non-critical errors in glance-api
log, because of 'Invalid format of swift store config'.
The same problem, when we have RadosGW.
Change-Id: I18ee8f68f7ce793d2580685e79ed636556c57ddd
Related-bug: #1540890
Glance_image provider is using 'openstack image create' operation to
create an image.
This operation is supported by glanceclient but not in openstackclient.
Since openstackclient recently switched the default image-api-version to
2, we need to hardcode the version when using this operation so we can
still create images with openstackclient.
See https://bugs.launchpad.net/python-openstackclient/+bug/1405562
Closes-Bug: 1497385
Change-Id: I68adf3fb5c983f37b4b80171466928f6b94a0f6d
With the creation of the new openstack_config provider, some processing
that was done in glance_api_config has been centralized in
openstack_config.
The same changes apply for glance_registry_config and
glance_cache_config
Impacted methods are :
* section
* setting
* separator
Also, this commit adds the fact that, when passing a specific string
(ensure_absent_val) the provider will behave as if ensure => absent was
specified. '<SERVICE DEFAULT>' is the default value for
ensure_absent_val.
The use case is the following :
glance_api_config { 'DEFAULT/foo' : value => 'bar' } # will work as usual
glance_api_config { 'DEFAULT/foo' : value => '<SERVICE DEFAULT>' } # will mean absent
That means that all the current :
if $myvar {
glance_api_config { 'DEFAULT/foo' : value => $myvar }
} else {
glance_api_config { 'DEFAULT/foo' : ensure => absent }
}
can be removed in favor of :
glance_api_config { 'DEFAULT/foo' : value => $myvar }
If for any reason '<SERVICE DEFAULT>' turns out to be a valid value for
a specific parameter. One could by pass that doing the following :
glance_api_config { 'DEFAULT/foo' : value => '<SERVICE DEFAULT>',
ensure_absent_val => 'foo' }
Change-Id: I3bbdf63d1b9b5a2daba30fd4ba897db703f979ae
Depends-On: I0eeebde3aac2662cc7e69bfad7f8d2481463a218
This patch changes the glance_image provider to use
puppet-openstacklib's authentication methods, which use
python-openstackclient as an interface, instead of the glance command
line client. The benefits of this is:
- Code reduction. This patch reduces the amount of code in the
glance parent provider and glance_image provider by reusing code from
Puppet::Provider::Openstack instead of implementing authentication,
retries, and response parsing in the provider.
- Presumed reduction in sudden API changes that require quick fixes in
this module, such as f377c0229c.
- Ability to set project-based access control for images
Additional reasoning for this change is in the blueprint.
Important note: this change does not work on Ubuntu under Juno due to a
major bug in the version of python-openstackclient shipped in UCA [1].
This change targets the Kilo releases.
Note about performance: the self.instances and instances methods make
API requests for each image found in the list of instances. This is not
a change from how this was implemented before. The --long formatted
list, either from the glance client or openstackclient, does not
provide all information needed to query an instance and populate
setters. Future patches could possibly improve on this.
Other details of this change:
- Removes auth_glance method, replaced by the request and
glance_request methods
- Removes auth_glance_stdin method which was not being used
- Removes parse_table which is now unnecessary because openstackclient
formats its responses as CSV and Puppet::Provider::Openstack#request
returns the results a hash
- Removes remove_warnings methods which are handled by
Puppet::Provider::Openstack#request
- Removes list_glance_images and get_glance_image_attr which are
sufficiently replaced by using the 'list' and 'show' commands with
Puppet::Provider::Openstack's request method.
- Removed self.prefetch since we can't populate auth parameters during
a prefetch. Instead we prepopulate the list via the instances method.
- Added a flush method to do updates more efficiently
- Changed is_public property to accept true/false in addition to yes/no
and to munge to a symbol instead of a capitalized string, for
consistency with keystone_tenant's enabled property
- Move the reset method into the spec tests since it is only necessary
for testing
- Added tests for glance_image, which did not exist before
- Removed connection retry test since this is taken care of in
openstacklib
[1] https://bugs.launchpad.net/python-openstackclient/+bug/1269821
blueprint use-openstackclient-in-module-resources
Change-Id: Iceab5e1c6138e7aba0f883ed4acb8f7ecbcd2830
This reverts commit b76fbcbea3.
With 268370457c now merged, we need to go
back to looking for os_region_name in [glance_store] instead of
[DEFAULT].
Change-Id: I197d012387d630ca6fb3a38c48f0603add6c6de1
In ::glance::api, os_region_name is set in DEFAULT which work for both
Juno & Kilo.
'glance_store' section has been introduced in Kilo which breaks Juno.
Until we decide our policy to manage master, let's use DEFAULT so both
releases work well.
Change-Id: I1c519146d3fe62f8c8fc8c2d85805db11af21e4c
When we revert the change that moved os_region_name, we must also
revert this fix that resulted from that change.
Depends on https://review.openstack.org/#/c/174968/
This reverts commit 354ae692a5.
Change-Id: I65249b0734ae1a1bfbf0e5e153d19787f6aded5f
Commit e6e8f6a562 changed the section
where the os_region_name setting is placed from 'DEFAULT' to
'glance_store'. However, the provider was not updated to reflect
this change, so it broke.
Change-Id: I9e91faac2a45ac4eba4cc27c328e8dc67e619ab3
The location property of the glance_image type has nearly identical
functionality as the source param, yet one is a param and one is a
property. It is possible to change either of these for a glance image,
but only if it is as of yet unset, and therefore unsaved. It is not
possible to change the location of a glance image once it has been
saved, nor is it possible to query it afterward. Since having location
be a property when it is usually unsettable and is always unqueryable
does not make much sense, we change it to be a param to be consistent
with the source param.
Change-Id: I686c3fec9bf571d18e282888c626d795c9958a6b
After https://review.openstack.org/152321 was merged, it was no
longer guaranteed that some now deprecated settings like auth_host
and auth_protocol would be present in glance-api.conf. This breaks
the Glance provider, which expects them to be present.
This patch adds support for identity_uri in provider, while
keeping backwards compatibility.
Change-Id: Ie8a2e45a4afea4828e02af36e64d65e7d4b7557e
When trying to upload an image from the local file system, the
resource provider was failing. Fixing it to use the --file option
for the glance client instead of going through stdin.
Change-Id: Ic6bade025d28e2eb33f86c2d4421b65d06e8274c
This is pretty important in situations where Keystone contains information about
multiple regions. The holding assumption is that the glance::image etc are used
for image upload for the current region.
Change-Id: I0a24cd24ddf3e0b1fab94e693a2fac847cc7271c
Since this patch has been merged in python-glanceclient 0.14.1:
1dfce5301c
We have to update the way to call Glance Client.
This patch updates for glance image-list, image-show and the way to get
a token, and also the way the glance command output is parsed.
Change-Id: If3e1e42b1245dd064fa00e07037535afc9caa04c
The output of the glance show command in get_glance_image_attrs
does not get properly converted while being added to the
attrs array.
Change-Id: Ibe503b24ae3bfa10944537d5deaa068a01eaa5f3
Closes-Bug: #1199513
The python-glanceclient (glance) was updated to not report back
on the id of an uploaded image with the v2 API [1]. This broke
the parser for the glance_image provider. This change first checks
for the previous behavior (for performance and backwards
compatability), and failing that parses the results table and
pulls the id (if it exits) out of the results.
The new parse_table method was made to be generic so that any result
from the glance client could be parsed into an array of maps.
[1]
https://github.com/openstack/python-glanceclient/search?q=Added+new+image+with+ID&ref=cmdform
Change-Id: If7b5445c6f51d886427248827a73cc16b5a2e488
Takashi Kajinami
yatinkarel