delta/openstack/python-glanceclient.git, branch 1.0.0 opendev.org: openstack/python-glanceclient.git 1.0.0 release notes 2015-08-27T20:02:30+00:00 Erno Kuvaja jokke@usr.fi 2015-08-27T09:23:39+00:00 54ae632f1b6dfba18a16ba934cd8052fe766693f Change-Id: I2cc3ba8d0064d6f424f16be94deaecdf1c5c8332 
Change-Id: I2cc3ba8d0064d6f424f16be94deaecdf1c5c8332
Merge "Remove custom SSL compression handling" 2015-08-26T17:35:44+00:00 Jenkins jenkins@review.openstack.org 2015-08-26T17:35:44+00:00 f25eb5e114bfa7eb82d3bb8b179840af03d43d8f 






Remove custom SSL compression handling
2015-08-26T12:26:21+00:00

Stuart McLaren
stuart.mclaren@hp.com

2015-06-08T14:49:52+00:00

618637a5bd545d8271d9349b08a8e4ab2841d086

Custom SSL handling was introduced because disabling SSL layer compression
provided an approximately five fold performance increase in some
cases. Without SSL layer compression disabled the image transfer would be
CPU bound -- with the CPU performing the DEFLATE algorithm.  This would
typically limit image transfers to < 20 MB/s. When --no-ssl-compression
was specified the client would not negotiate any compression algorithm
during the SSL handshake with the server which would remove the CPU
bottleneck and transfers could approach wire speed.

In order to support '--no-ssl-compression' two totally separate code
paths exist depending on whether this is True or False.  When SSL
compression is disabled, rather than using the standard 'requests'
library, we enter some custom code based on pyopenssl and httplib in
order to disable compression.

This patch/spec proposes removing the custom code because:

* It is a burden to maintain

 Eg adding new code such as keystone session support is more complicated

* It can introduce additional failure modes

 We have seen some bugs related to the 'custom' certificate checking

* Newer Operating Systems disable SSL for us.

 Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression
 'off'. This makes both servers and client less likely to have compression
 enabled.

* Newer combinations of 'requests' and 'python' do this for us

 Requests disables compression when backed by a version of python which
 supports it (>= 2.7.9). This makes clients more likely to disable
 compression out-of-the-box.

* It is (in principle) possible to do this on older versions too

 If pyopenssl, ndg-httpsclient and pyasn1 are installed on older
 operating system/python combinations, the requests library should
 disable SSL compression on the client side.

* Systems that have SSL compression enabled may be vulnerable to the CRIME
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack.
Installations which are security conscious should be running the Glance
server with SSL disabled.

Full Spec: https://review.openstack.org/#/c/187674
Blueprint: remove-custom-client-ssl-handling

Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf





Custom SSL handling was introduced because disabling SSL layer compression
provided an approximately five fold performance increase in some
cases. Without SSL layer compression disabled the image transfer would be
CPU bound -- with the CPU performing the DEFLATE algorithm.  This would
typically limit image transfers to < 20 MB/s. When --no-ssl-compression
was specified the client would not negotiate any compression algorithm
during the SSL handshake with the server which would remove the CPU
bottleneck and transfers could approach wire speed.

In order to support '--no-ssl-compression' two totally separate code
paths exist depending on whether this is True or False.  When SSL
compression is disabled, rather than using the standard 'requests'
library, we enter some custom code based on pyopenssl and httplib in
order to disable compression.

This patch/spec proposes removing the custom code because:

* It is a burden to maintain

 Eg adding new code such as keystone session support is more complicated

* It can introduce additional failure modes

 We have seen some bugs related to the 'custom' certificate checking

* Newer Operating Systems disable SSL for us.

 Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression
 'off'. This makes both servers and client less likely to have compression
 enabled.

* Newer combinations of 'requests' and 'python' do this for us

 Requests disables compression when backed by a version of python which
 supports it (>= 2.7.9). This makes clients more likely to disable
 compression out-of-the-box.

* It is (in principle) possible to do this on older versions too

 If pyopenssl, ndg-httpsclient and pyasn1 are installed on older
 operating system/python combinations, the requests library should
 disable SSL compression on the client side.

* Systems that have SSL compression enabled may be vulnerable to the CRIME
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack.
Installations which are security conscious should be running the Glance
server with SSL disabled.

Full Spec: https://review.openstack.org/#/c/187674
Blueprint: remove-custom-client-ssl-handling

Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf







Merge "Add more information show in v2"
2015-08-26T11:24:13+00:00

Jenkins
jenkins@review.openstack.org

2015-08-26T11:24:13+00:00

dffd67c1c644c8abd6a9428c49ce3a710c269af7












Merge "V2: Do not validate image schema when listing"
2015-08-20T17:28:21+00:00

Jenkins
jenkins@review.openstack.org

2015-08-20T17:28:21+00:00

17375a422c44641dd459bbde9473e126d874ab82












Add more information show in v2
2015-08-19T03:40:35+00:00

wangxiyuan
wangxiyuan@huawei.com

2015-08-19T03:34:57+00:00

14be6072e5fd618f527abd5ea430fa43ac4b143a

In v2, it's only show Id and Name. When use --verbose, although added
owner and status, it's still lack of Disk-format,Container-format and
Size.

Change-Id: I26b4b7bd3a3f6dbf82ca73c32dd94c56e8e173a1
Closes-bug:#1486329





In v2, it's only show Id and Name. When use --verbose, although added
owner and status, it's still lack of Disk-format,Container-format and
Size.

Change-Id: I26b4b7bd3a3f6dbf82ca73c32dd94c56e8e173a1
Closes-bug:#1486329







Require disk and container format on image-create
2015-08-14T07:59:17+00:00

Gorka Eguileor
geguileo@redhat.com

2015-03-13T16:47:09+00:00

8d118ccedc7e0544ec21e1fbb7f1b8b3a4f03715

Currently glanceclient doesn't enforce disk-format or container-format
presence in the command line on image-create when providing image data
(with --file, --location, --copy-from), which means that the POST
request is made with the whole image and error is reported by Glance
API.

This post enforces presence of those arguments when image data is
provided so we can get the error quicker and avoid sending unnecessary
data over the network.

Change-Id: I5914fa9cfef190a028b374005adbf3a804b1b677
Closes-Bug: #1309272





Currently glanceclient doesn't enforce disk-format or container-format
presence in the command line on image-create when providing image data
(with --file, --location, --copy-from), which means that the POST
request is made with the whole image and error is reported by Glance
API.

This post enforces presence of those arguments when image data is
provided so we can get the error quicker and avoid sending unnecessary
data over the network.

Change-Id: I5914fa9cfef190a028b374005adbf3a804b1b677
Closes-Bug: #1309272







Merge "Use API v2 as default"
2015-08-13T23:43:59+00:00

Jenkins
jenkins@review.openstack.org

2015-08-13T23:43:59+00:00

13af69039671d842167cb66e25b0dfbd1ce89724












Merge "Ship the default image schema in the client"
2015-08-12T11:49:45+00:00

Jenkins
jenkins@review.openstack.org

2015-08-12T11:49:45+00:00

89b2dc58da0b227937a51df479d16e5917f0e7ef












Ship the default image schema in the client
2015-08-12T09:10:54+00:00

Flavio Percoco
flaper87@gmail.com

2015-08-05T14:19:48+00:00

3949e0e918e2501c4953a7d9beb58511688d84e1

Now that we have stable branches for clients, it's easier to keep track
of the current default image's schema in Glance and update it
respectively. This patch adds the current image schema, including the
schema-properties.

One good reason to do this is to be able to react when a running Glance
instance is not around to be introspected. It's really unfortunate that
things like help text can't be rendered when there image schema is not
available in the system.

We could keep the schema in a json file but rather than shipping data
files with glanceclient we can just have it in the python modules.

Change-Id: I9b8cc1d18d6717ccf991fb8149ab13c06d653ee4
Closes-bug: #1481729





Now that we have stable branches for clients, it's easier to keep track
of the current default image's schema in Glance and update it
respectively. This patch adds the current image schema, including the
schema-properties.

One good reason to do this is to be able to react when a running Glance
instance is not around to be introspected. It's really unfortunate that
things like help text can't be rendered when there image schema is not
available in the system.

We could keep the schema in a json file but rather than shipping data
files with glanceclient we can just have it in the python modules.

Change-Id: I9b8cc1d18d6717ccf991fb8149ab13c06d653ee4
Closes-bug: #1481729