Custom SSL handling was introduced because disabling SSL layer compression
provided an approximately five fold performance increase in some
cases. Without SSL layer compression disabled the image transfer would be
CPU bound -- with the CPU performing the DEFLATE algorithm. This would
typically limit image transfers to < 20 MB/s. When --no-ssl-compression
was specified the client would not negotiate any compression algorithm
during the SSL handshake with the server which would remove the CPU
bottleneck and transfers could approach wire speed.
In order to support '--no-ssl-compression' two totally separate code
paths exist depending on whether this is True or False. When SSL
compression is disabled, rather than using the standard 'requests'
library, we enter some custom code based on pyopenssl and httplib in
order to disable compression.
This patch/spec proposes removing the custom code because:
* It is a burden to maintain
Eg adding new code such as keystone session support is more complicated
* It can introduce additional failure modes
We have seen some bugs related to the 'custom' certificate checking
* Newer Operating Systems disable SSL for us.
Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression
'off'. This makes both servers and client less likely to have compression
enabled.
* Newer combinations of 'requests' and 'python' do this for us
Requests disables compression when backed by a version of python which
supports it (>= 2.7.9). This makes clients more likely to disable
compression out-of-the-box.
* It is (in principle) possible to do this on older versions too
If pyopenssl, ndg-httpsclient and pyasn1 are installed on older
operating system/python combinations, the requests library should
disable SSL compression on the client side.
* Systems that have SSL compression enabled may be vulnerable to the CRIME
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack.
Installations which are security conscious should be running the Glance
server with SSL disabled.
Full Spec: https://review.openstack.org/#/c/187674
Blueprint: remove-custom-client-ssl-handling
Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf
In v2, it's only show Id and Name. When use --verbose, although added
owner and status, it's still lack of Disk-format,Container-format and
Size.
Change-Id: I26b4b7bd3a3f6dbf82ca73c32dd94c56e8e173a1
Closes-bug:#1486329
Currently glanceclient doesn't enforce disk-format or container-format
presence in the command line on image-create when providing image data
(with --file, --location, --copy-from), which means that the POST
request is made with the whole image and error is reported by Glance
API.
This post enforces presence of those arguments when image data is
provided so we can get the error quicker and avoid sending unnecessary
data over the network.
Change-Id: I5914fa9cfef190a028b374005adbf3a804b1b677
Closes-Bug: #1309272
Now that we have stable branches for clients, it's easier to keep track
of the current default image's schema in Glance and update it
respectively. This patch adds the current image schema, including the
schema-properties.
One good reason to do this is to be able to react when a running Glance
instance is not around to be introspected. It's really unfortunate that
things like help text can't be rendered when there image schema is not
available in the system.
We could keep the schema in a json file but rather than shipping data
files with glanceclient we can just have it in the python modules.
Change-Id: I9b8cc1d18d6717ccf991fb8149ab13c06d653ee4
Closes-bug: #1481729
Now we have claimed v2 is the current API version of Glance,
we should change the Glance client as well to be consistent
with Glance server.
DocImpact
Change-Id: I09c9e409d149e2d797785591183e06c13229b7f7
Previously when listing images via v2, the first image of each batch
was validated against the v2 schema.
This could lead to unpredictable behaviour where a particular image
which failed the schema check may or may not be the first of a batch.
In some cases it also meant that operation by one user could affect the
ability of another other to list images.
Change-Id: I22974a3e3d9cbdd254099780752ae45ff2a557af
Closes-bug: 1477910
Due to a typo in an attribute named, an Attribute error is raised
causing failure in connection to glance through HTTPS
Urllib3 PoolManager class has a connection_pool_kw attribute
but not connection_kw
Closes-Bug: #1479020
Change-Id: Id4d6a5bdcf971d09e80043fd2ab399e208fd931c
This commit enables new flake8 checks:
* E265 block comment should start with '# '
* H405 multi line docstring summary not separated with an empty line
* E123 closing bracket does not match indentation of opening bracket's line
* H238 old style class declaration, use new style (inherit from `object`)
* E128 continuation line under-indented for visual indent
and makes related changes in the code.
Change-Id: Ie993afc930f6b74d7a990bcaa9fc0e9f5ba1585c
Add new tests for v2 tasks module to cover following cases:
- getting list of tasks using the marker
- getting list of tasks using sort_key & sort_dir keys
Change-Id: Ic126999ebb16e51cc472fe8f86dfe1fced0bc016
Closes-Bug: 1433637
This set provides API and shell commands support for:
- CRUD on metadef_tags;
Change-Id: I09bdf43edee6fff615d223f1a6df7c15a1e40565
Implements: blueprint metadefs-tags-cli
DocImpact
Several tests with cert verification are broken. This
code fixes it by setting right imports. Also some typos
are fixed too.
Change-Id: Ie014f90714c3dabee65459fd704dd11b1770c7de
Closed-Bug: #1472234
mock 1.1.0 was released on 10 July 2015 which prevents users from using
non-existent assertion methods. This broke the test in the diff.
Co-Authored-By: Ian Cordasco <graffatcolmingov@gmail.com>
Closes-Bug: #1473454
Change-Id: I162b76bbd7d96c96787a8dd8f9642ca1c80c596a
The Oslo libraries have moved all of their code out of the 'oslo'
namespace package into per-library packages. The namespace package was
retained during kilo for backwards compatibility, but will be removed by
the liberty-2 milestone. This change removes the use of the namespace
package, replacing it with the new package names.
The patches in the libraries will be put on hold until application
patches have landed, or L2, whichever comes first. At that point, new
versions of the libraries without namespace packages will be released as
a major version update.
Please merge this patch, or an equivalent, before L2 to avoid problems
with those library releases.
Blueprint: remove-namespace-packages
https://blueprints.launchpad.net/oslo-incubator/+spec/remove-namespace-packages
Change-Id: I831eb6b773d80edc233fd6f6e565ca6f24b65210
The v2 Glance client implementation ignores the marker attribute if
it's passed to the client as part of the kwargs. Include support
for the attribute, as the v1 client supports it and it makes it
easier to work with the Glance client.
Change-Id: Ifaa59129bc4178212b890ea591673cb154e0f110
Closes-bug: 1465373
As stated in the OpenStack Hacking Guidelines, it is prefered
that only modules should be imported.
Also updated tox.ini to ignore opestack/common among others.
Change-Id: I2f0a603c31052eadee581c11880c0ec6bd392829
This fixes a bug where if iteration is interrupted, we're stuck until
the iterable is garbage collected, which can be a very long time (e.g. if
the iterable is held in an exception stack frame).
Co-authored-by: Stuart McLaren <stuart.mclaren@hp.com>
Change-Id: Ibe9990e8c337c117a978b1cd8ec388c4bc6d3b4b
Closes-bug: 1461678
To make this work we create a different HTTPClient that extends the
basic keystoneclient Adapter. The Adapter is a standard set of
parameters that all clients should know how to use like region_name and
user_agent. We extend this with the glance specific response
manipulation like loading and sending iterables.
Implements: bp session-objects
Change-Id: Ie8eb4bbf7d1a037099a6d4b272cab70525fbfc85
periodic updates of latest from oslo-incubator. please
note that files no longer on oslo-incubator mean that
they have been moved to oslo.* libraries. So there's
more work needed to remove these files and switch
to appropriate libraries
Change-Id: Icd71b4b1ea9f1df526614a29277f25a7ab47b721
Changes included in this release:
$ git log 0.18.0..HEAD --no-merges --oneline
dfa98ab Updated from global requirements
6cb26fc Include owner and status option in v2 image list
5d933b0 Fix Metadef Object update issue with python-glanceclient
9f5c581 Fix functional tests in gate
1686d6a Do not crash on homedir mkdir
1f89beb Improve import related error handling
583adc3 Check image-download for redirection
9c172fb Add some basic CLI functional tests
bf413a6 Use assertIn instead of assertTrue in tests
6431fae Unorder compare in tests
5fa71aa Add release notes for 0.18.0
6d31116 Update README to work with release tools
71d9783 Create functional test base
f2a8a52 Move unit tests to standard directory
f931a20 Fixed doc example
Co-Authored-By: Louis Taylor <louis@kragniz.eu>
Change-Id: Ied7f5b4f298e2bbf4a5486eb6b7dbcea2d0e74d3
Jenkins