2024.2 Series Release Notes

29.0.0

新機能

  • This release brings the additional functionality of adding new location to a queued state image which will replace the image-update mechanism for consumers like cinder and nova to address OSSN-0090 and OSSN-0065.

  • This release brings the additional functionality of get locations associated to an image accessible to only service users i.e., consumers like cinder and nova for OSSN-0090 and OSSN-0065.

既知の問題

  • In case of http store if bad value is passed for os_hash_value in validation data then task fails which is expected but it stores location of the image which is wrong, that needs to be popped out. The location doesn't get deleted because deletion of locatio is not allowed for http store. Here image needs to be deleted as it is of no use.

  • During validation of hashing data when do_secure_hash is false, we can just validate length expected for hash_algo and not actual expected hash value. If garbage hash_value with expected size has been provided, image becomes active after adding location but it will be of no use as download or boot will fail with corrupt image error.

アップグレード時の注意

  • The following metadata definitions have been modified in the Dalmatian release:

    • Added hw_firmware_stateless boolean in the OS::Compute::LibvirtImage namespace.

    これらの定義は、次の方法でアップグレードできます。

    glance-manage db load_metadefs [--path <path>] [--merge] [--prefer_new]

  • The allow_additional_image_properties configuration option, which was deprecated in Ussuri, has been removed in this release.

  • The location_strategy functionality which was deprecated in Bobcat(2023.2), has been removed in this release.

廃止予定の機能

  • The digest_algorithm configuration option has been deprecated in this release and is subject to removal at the beginning of the F development cycle, following the OpenStack standard deprecation policy.

    This option has had no effect since the removal of native SSL support.

  • The Glance API configuration options metadata_encryption_key is deprecated in this release and is subject to removal at the beginning of the F (2025.2) development cycle.

    The metadata_encryption_key and it's related functioanlity don't serve the purpose of encryption of location metadata, whereas it encrypts location url only for specific APIs. Also if enabled this during an upgrade, may disrupt existing deployments, as it does not support/provide db upgrade script to encrypt existing location URLs. Moreover, its functionality for encrypting location URLs is inconsistent which resulting in download failures.

セキュリティー上の問題

  • Images in the qcow2 format with an external data file are now rejected from glance because such images could be used in an exploit to expose host information. See Bug #2059809 for details.

バグ修正

  • Bug #2059809: Fixed issue where a qcow2 format image with an external data file could expose host information. Such an image format with an external data file will be rejected from glance. To achieve the same, format_inspector has been extended by adding safety checks for qcow2 and vmdk files in glance. Unsafe qcow and vmdk files will be rejected by pre-examining them with a format inspector to ensure safe configurations prior to any qemu-img operations.

  • Bug 2065087: glance-cache-prefetcher is not working as threadpool is not set

  • Bug 2059829: Install and configure (Ubuntu) in glance

  • Bug 1636243: Add CPU Mode Metadata Def

  • Bug 2072483: Revert image status to queued if image conversion fails

  • Bug 2061947: stores-info --detail command fails if swift store is enabled

  • The glance-api service no longer attempts to load api-paste.ini file as its service config file. All config options should be written in service config files such as glance-api.conf.

  • Bug #2073945: Fixed issue with VM creation in DCN cases with RBD backend where an edge node doesn't have the store defined which is part of the image locations and the operation fails.

  • Bug #2054575: Fixed the issue when cinder uploads a volume to glance in the optimized path and glance rejects the request with invalid location. Now we convert the old location format sent by cinder into the new location format supported by multi store, hence allowing volumes to be uploaded in an optimized way.