2024.2 Series Release Notes¶
29.0.0¶
New Features¶
This release brings the additional functionality of adding new location to a
queued
state image which will replace the image-update mechanism for consumers like cinder and nova to address OSSN-0090 and OSSN-0065.
This release brings the additional functionality of get locations associated to an image accessible to only service users i.e., consumers like cinder and nova for OSSN-0090 and OSSN-0065.
Known Issues¶
In case of
http
store if bad value is passed foros_hash_value
in validation data then task fails which is expected but it stores location of the image which is wrong, that needs to be popped out. The location doesn’t get deleted because deletion of locatio is not allowed forhttp
store. Here image needs to be deleted as it is of no use.
During validation of hashing data when do_secure_hash is false, we can just validate length expected for hash_algo and not actual expected hash value. If garbage hash_value with expected size has been provided, image becomes active after adding location but it will be of no use as download or boot will fail with corrupt image error.
Upgrade Notes¶
The following metadata definitions have been modified in the Dalmatian release:
Added
hw_firmware_stateless
boolean in theOS::Compute::LibvirtImage
namespace.
You may upgrade these definitions using:
glance-manage db load_metadefs [--path <path>] [--merge] [--prefer_new]
The
allow_additional_image_properties
configuration option, which was deprecated in Ussuri, has been removed in this release.
The
location_strategy
functionality which was deprecated in Bobcat(2023.2), has been removed in this release.
Deprecation Notes¶
The
digest_algorithm
configuration option has been deprecated in this release and is subject to removal at the beginning of the F development cycle, following the OpenStack standard deprecation policy.This option has had no effect since the removal of native SSL support.
The Glance API configuration options
metadata_encryption_key
is deprecated in this release and is subject to removal at the beginning of the F (2025.2) development cycle.The metadata_encryption_key and it’s related functioanlity don’t serve the purpose of encryption of location metadata, whereas it encrypts location url only for specific APIs. Also if enabled this during an upgrade, may disrupt existing deployments, as it does not support/provide db upgrade script to encrypt existing location URLs. Moreover, its functionality for encrypting location URLs is inconsistent which resulting in download failures.
Security Issues¶
Images in the qcow2 format with an external data file are now rejected from glance because such images could be used in an exploit to expose host information. See Bug #2059809 for details.
Bug Fixes¶
Bug #2059809: Fixed issue where a qcow2 format image with an external data file could expose host information. Such an image format with an external data file will be rejected from glance. To achieve the same, format_inspector has been extended by adding safety checks for qcow2 and vmdk files in glance. Unsafe qcow and vmdk files will be rejected by pre-examining them with a format inspector to ensure safe configurations prior to any qemu-img operations.
Bug 2065087: glance-cache-prefetcher is not working as threadpool is not set
Bug 2059829: Install and configure (Ubuntu) in glance
Bug 1636243: Add CPU Mode Metadata Def
Bug 2072483: Revert image status to queued if image conversion fails
Bug 2061947: stores-info –detail command fails if swift store is enabled
The glance-api service no longer attempts to load
api-paste.ini
file as its service config file. All config options should be written in service config files such asglance-api.conf
.
Bug #2073945: Fixed issue with VM creation in DCN cases with RBD backend where an edge node doesn’t have the store defined which is part of the image locations and the operation fails.
Bug #2054575: Fixed the issue when cinder uploads a volume to glance in the optimized path and glance rejects the request with invalid location. Now we convert the old location format sent by cinder into the new location format supported by multi store, hence allowing volumes to be uploaded in an optimized way.