)]}'
{"specs/mitaka/cinder-store-upload-download.rst":[{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"c1a3701a8956191035de7b60c27f2401982fc221","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Support download from and upload to Cinder volumes"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Include the URL of your launchpad blueprint:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"https://blueprints.launchpad.net/glance/+spec/cinder-store-upload-download"},{"line_number":14,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"9a1a9d01_9a2b60eb","line":11,"updated":"2015-10-05 10:39:12.000000000","message":"You can remove this line","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"a4dee990662c22061b9efbf2c93af925bb9f7521","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Support download from and upload to Cinder volumes"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"Include the URL of your launchpad blueprint:"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"https://blueprints.launchpad.net/glance/+spec/cinder-store-upload-download"},{"line_number":14,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a2fa921_df7857fb","line":11,"in_reply_to":"9a1a9d01_9a2b60eb","updated":"2015-10-05 16:49:26.000000000","message":"Done","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"c1a3701a8956191035de7b60c27f2401982fc221","unresolved":false,"context_lines":[{"line_number":13,"context_line":"https://blueprints.launchpad.net/glance/+spec/cinder-store-upload-download"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Current Glance\u0027s Cinder backend driver doesn\u0027t support uploading and"},{"line_number":16,"context_line":"downloading."},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"As missing parts in Cinder side (listed in [1]_: os-brick library,"},{"line_number":19,"context_line":"readonly-volumes, multi-attach) are now supported, now we can implement"}],"source_content_type":"text/x-rst","patch_set":3,"id":"9a1a9d01_ba2e64f8","line":16,"updated":"2015-10-05 10:39:12.000000000","message":"It doesn\u0027t support reads(except for getting the volume size), writes and deletes. Is this spec planning to add support for all of this? It just mentions uploads and downloads but not deletions.","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"a4dee990662c22061b9efbf2c93af925bb9f7521","unresolved":false,"context_lines":[{"line_number":13,"context_line":"https://blueprints.launchpad.net/glance/+spec/cinder-store-upload-download"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Current Glance\u0027s Cinder backend driver doesn\u0027t support uploading and"},{"line_number":16,"context_line":"downloading."},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"As missing parts in Cinder side (listed in [1]_: os-brick library,"},{"line_number":19,"context_line":"readonly-volumes, multi-attach) are now supported, now we can implement"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a2fa921_1009dc95","line":16,"in_reply_to":"9a1a9d01_ba2e64f8","updated":"2015-10-05 16:49:26.000000000","message":"Thanks for pointing out this. Added the explanation for deletions.","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"c1a3701a8956191035de7b60c27f2401982fc221","unresolved":false,"context_lines":[{"line_number":39,"context_line":"    placed in the tenant of the current context, or a specific tenant"},{"line_number":40,"context_line":"    if it is configured in glance-api.conf."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"  - Attach the new volume to glance-api host (using os-brick library)."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"  - Write the image data to the volume."},{"line_number":45,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"9a1a9d01_5a35c843","line":42,"updated":"2015-10-05 10:39:12.000000000","message":"Would you mind expanding how the attach step would work? What are the requirements from a deployers perspective and from a glance perspective?","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"a4dee990662c22061b9efbf2c93af925bb9f7521","unresolved":false,"context_lines":[{"line_number":39,"context_line":"    placed in the tenant of the current context, or a specific tenant"},{"line_number":40,"context_line":"    if it is configured in glance-api.conf."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"  - Attach the new volume to glance-api host (using os-brick library)."},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"  - Write the image data to the volume."},{"line_number":45,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a2fa921_b08268c7","line":42,"in_reply_to":"9a1a9d01_5a35c843","updated":"2015-10-05 16:49:26.000000000","message":"Added the detailed steps for attaching. Also described the detailed requirement in \"deployer impact\" section.","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"c1a3701a8956191035de7b60c27f2401982fc221","unresolved":false,"context_lines":[{"line_number":122,"context_line":"---------------------"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"To use cinder backends, operators have to enable configure cinder and"},{"line_number":125,"context_line":"glance-api.conf appropriately."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"Developer impact"},{"line_number":128,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"9a1a9d01_7a38cc3d","line":125,"updated":"2015-10-05 10:39:12.000000000","message":"This needs to be expanded. What exactly needs to happen? Few examples would be great","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"a4dee990662c22061b9efbf2c93af925bb9f7521","unresolved":false,"context_lines":[{"line_number":122,"context_line":"---------------------"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"To use cinder backends, operators have to enable configure cinder and"},{"line_number":125,"context_line":"glance-api.conf appropriately."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"Developer impact"},{"line_number":128,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a2fa921_7054d053","line":125,"in_reply_to":"9a1a9d01_7a38cc3d","updated":"2015-10-05 16:49:26.000000000","message":"Added how to configure cinder and glance-api.","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"c1a3701a8956191035de7b60c27f2401982fc221","unresolved":false,"context_lines":[{"line_number":141,"context_line":"Reviewers"},{"line_number":142,"context_line":"---------"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Core reviewer(s):"},{"line_number":145,"context_line":"  Not sure so far"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"Work Items"}],"source_content_type":"text/x-rst","patch_set":3,"id":"9a1a9d01_1a40b0a4","line":144,"updated":"2015-10-05 10:39:12.000000000","message":"Add me: (flaper87)","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"a4dee990662c22061b9efbf2c93af925bb9f7521","unresolved":false,"context_lines":[{"line_number":141,"context_line":"Reviewers"},{"line_number":142,"context_line":"---------"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"Core reviewer(s):"},{"line_number":145,"context_line":"  Not sure so far"},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"Work Items"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a2fa921_504bd4b0","line":144,"in_reply_to":"9a1a9d01_1a40b0a4","updated":"2015-10-05 16:49:26.000000000","message":"Done. Thanks!","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"c1a3701a8956191035de7b60c27f2401982fc221","unresolved":false,"context_lines":[{"line_number":147,"context_line":"Work Items"},{"line_number":148,"context_line":"----------"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"* Import oslo-rootwrap into the glance"},{"line_number":151,"context_line":"* Import os-brick into glance_store"},{"line_number":152,"context_line":"* Extend current cinder backend driver to support uploading/downloading"},{"line_number":153,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"9a1a9d01_3a3b343a","line":150,"updated":"2015-10-05 10:39:12.000000000","message":"perhaps just into glance_store?","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"6943e69996b64b63a33ac517966d977feed72f4d","unresolved":false,"context_lines":[{"line_number":147,"context_line":"Work Items"},{"line_number":148,"context_line":"----------"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"* Import oslo-rootwrap into the glance"},{"line_number":151,"context_line":"* Import os-brick into glance_store"},{"line_number":152,"context_line":"* Extend current cinder backend driver to support uploading/downloading"},{"line_number":153,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a2fa921_95467b79","line":150,"in_reply_to":"7a2fa921_0b4f6d93","updated":"2015-10-09 08:31:26.000000000","message":"It can. You don\u0027t need to do all that in glance. We can just have glance generating the right config file and rootwrap in glance_store","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"9164902c6e76690723f6b424269ed42112312c37","unresolved":false,"context_lines":[{"line_number":147,"context_line":"Work Items"},{"line_number":148,"context_line":"----------"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"* Import oslo-rootwrap into the glance"},{"line_number":151,"context_line":"* Import os-brick into glance_store"},{"line_number":152,"context_line":"* Extend current cinder backend driver to support uploading/downloading"},{"line_number":153,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a2fa921_8df41c5b","line":150,"in_reply_to":"7a2fa921_95467b79","updated":"2015-10-09 15:44:25.000000000","message":"OK, thanks.\n\nOne more thing I want to confirm is which repository should provide the \u0027/usr/bin/glance-rootwrap\u0027 command. Is it ok to provide \u0027/usr/bin/glance-rootwrap\u0027 (or another name) command in glance_store?\n\nIn nova and cinder, \"/usr/bin/nova-rootwrap\" and \"/usr/bin/cinder-rootwrap\" commands are not provided by libraries (such as oslo-rootwrap or os-brick) but provided by nova or cinder itself.\n\nIf glance-rootwrap is provided by glance_store is imported to the other projects than glance, that means they will also use glance-rootwrap command. Does it sound OK?\n\nAlternative is glance_store provides the rootwrap filters only, and rootwrap commands (such as glance-rootwrap, nova--rootwrap, etc.) just load the filters.","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"a4dee990662c22061b9efbf2c93af925bb9f7521","unresolved":false,"context_lines":[{"line_number":147,"context_line":"Work Items"},{"line_number":148,"context_line":"----------"},{"line_number":149,"context_line":""},{"line_number":150,"context_line":"* Import oslo-rootwrap into the glance"},{"line_number":151,"context_line":"* Import os-brick into glance_store"},{"line_number":152,"context_line":"* Extend current cinder backend driver to support uploading/downloading"},{"line_number":153,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a2fa921_0b4f6d93","line":150,"in_reply_to":"9a1a9d01_3a3b343a","updated":"2015-10-05 16:49:26.000000000","message":"Possibly.\n\nCurrently a patch to introduce rootwrap is proposed to Glance ( https://review.openstack.org/#/c/186201/ ) in order to add an  \"rootwrap_config\" to common_opts.\n\nI\u0027m not sure it can be done only by the changes in glance_store.","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"c1a3701a8956191035de7b60c27f2401982fc221","unresolved":false,"context_lines":[{"line_number":159,"context_line":"Testing"},{"line_number":160,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"* Enable cinder backend in the tempest."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"* Test uploading an image to it."},{"line_number":165,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"9a1a9d01_da49d8d1","line":162,"updated":"2015-10-05 10:39:12.000000000","message":"s/tempest/devstack/","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"a4dee990662c22061b9efbf2c93af925bb9f7521","unresolved":false,"context_lines":[{"line_number":159,"context_line":"Testing"},{"line_number":160,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"* Enable cinder backend in the tempest."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"* Test uploading an image to it."},{"line_number":165,"context_line":""}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a2fa921_ab43d96b","line":162,"in_reply_to":"9a1a9d01_da49d8d1","updated":"2015-10-05 16:49:26.000000000","message":"Done","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"c1a3701a8956191035de7b60c27f2401982fc221","unresolved":false,"context_lines":[{"line_number":170,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"To enable this feature, additional settings may be required to be added in"},{"line_number":173,"context_line":"glance-api.conf. If so, the documentation to explain them should be added."},{"line_number":174,"context_line":""},{"line_number":175,"context_line":""},{"line_number":176,"context_line":"References"}],"source_content_type":"text/x-rst","patch_set":3,"id":"9a1a9d01_fa44dcb7","line":173,"updated":"2015-10-05 10:39:12.000000000","message":"Could you expand on what configs you think are required?","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"a4dee990662c22061b9efbf2c93af925bb9f7521","unresolved":false,"context_lines":[{"line_number":170,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"To enable this feature, additional settings may be required to be added in"},{"line_number":173,"context_line":"glance-api.conf. If so, the documentation to explain them should be added."},{"line_number":174,"context_line":""},{"line_number":175,"context_line":""},{"line_number":176,"context_line":"References"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a2fa921_8b093d34","line":173,"in_reply_to":"9a1a9d01_fa44dcb7","updated":"2015-10-05 16:49:26.000000000","message":"Added the explanation about cinder authentication configs.","commit_id":"c3f409a86de9a7e010568e5334056d5f368bfc54"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"19fac3fd1ba88ed9b6ae441c16ac3d394cebd058","unresolved":false,"context_lines":[{"line_number":135,"context_line":"significantly."},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"Nova-compute will be able to bypass the image copy by attaching the image"},{"line_number":138,"context_line":"volumes to the host."},{"line_number":139,"context_line":""},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"Other deployer impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7a2fa921_0faae870","line":138,"updated":"2015-10-13 11:34:48.000000000","message":"This is true only if cinder is deployed (just stating the obvious)","commit_id":"c9c95e15c2d77b898badb16f0d5865b22a47916e"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"709e25bc9e3349ee7d1412896302c2199fc9229c","unresolved":false,"context_lines":[{"line_number":135,"context_line":"significantly."},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"Nova-compute will be able to bypass the image copy by attaching the image"},{"line_number":138,"context_line":"volumes to the host."},{"line_number":139,"context_line":""},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"Other deployer impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"5a2ca52d_0d5e9ce9","line":138,"in_reply_to":"7a2fa921_0faae870","updated":"2015-10-13 13:30:53.000000000","message":"Right, I have added the note.","commit_id":"c9c95e15c2d77b898badb16f0d5865b22a47916e"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"19fac3fd1ba88ed9b6ae441c16ac3d394cebd058","unresolved":false,"context_lines":[{"line_number":157,"context_line":"- To offload the image copy on volume creation to the storage array, the"},{"line_number":158,"context_line":"  ``allowed_direct_url_schemes`` option should contain ``cinder`` in"},{"line_number":159,"context_line":"  cinder.conf. [3]_ Also, the glance-api host must be able to access to the"},{"line_number":160,"context_line":"  Cinder volumes."},{"line_number":161,"context_line":""},{"line_number":162,"context_line":""},{"line_number":163,"context_line":"Developer impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7a2fa921_6f0efce6","line":160,"updated":"2015-10-13 11:34:48.000000000","message":"mmh... I believe the glance-api node will also have to be able to attach the volume onto itself. This way the image data can be written to the volume.","commit_id":"c9c95e15c2d77b898badb16f0d5865b22a47916e"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"709e25bc9e3349ee7d1412896302c2199fc9229c","unresolved":false,"context_lines":[{"line_number":157,"context_line":"- To offload the image copy on volume creation to the storage array, the"},{"line_number":158,"context_line":"  ``allowed_direct_url_schemes`` option should contain ``cinder`` in"},{"line_number":159,"context_line":"  cinder.conf. [3]_ Also, the glance-api host must be able to access to the"},{"line_number":160,"context_line":"  Cinder volumes."},{"line_number":161,"context_line":""},{"line_number":162,"context_line":""},{"line_number":163,"context_line":"Developer impact"}],"source_content_type":"text/x-rst","patch_set":4,"id":"5a2ca52d_6d69508b","line":160,"in_reply_to":"7a2fa921_6f0efce6","updated":"2015-10-13 13:30:53.000000000","message":"Yes, I have clarified the explanation. thanks","commit_id":"c9c95e15c2d77b898badb16f0d5865b22a47916e"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"19fac3fd1ba88ed9b6ae441c16ac3d394cebd058","unresolved":false,"context_lines":[{"line_number":183,"context_line":"Work Items"},{"line_number":184,"context_line":"----------"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"* Import oslo-rootwrap into glance or glance_store"},{"line_number":187,"context_line":"* Import os-brick into glance_store"},{"line_number":188,"context_line":"* Extend current cinder backend driver to support upload, download and deletion."},{"line_number":189,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"7a2fa921_af2ad4e5","line":186,"updated":"2015-10-13 11:34:48.000000000","message":"I think I mentioned glance_store should be enough for this but I\u0027m not sure if that\u0027s even possible. We probably should add it to Glance and let glance_store use glance\u0027s rootwrap. The glance_store will indicate the rules requirements for it to work properly.","commit_id":"c9c95e15c2d77b898badb16f0d5865b22a47916e"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"709e25bc9e3349ee7d1412896302c2199fc9229c","unresolved":false,"context_lines":[{"line_number":183,"context_line":"Work Items"},{"line_number":184,"context_line":"----------"},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"* Import oslo-rootwrap into glance or glance_store"},{"line_number":187,"context_line":"* Import os-brick into glance_store"},{"line_number":188,"context_line":"* Extend current cinder backend driver to support upload, download and deletion."},{"line_number":189,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"5a2ca52d_0dba1ce2","line":186,"in_reply_to":"7a2fa921_af2ad4e5","updated":"2015-10-13 13:30:53.000000000","message":"OK, I think that works. So, we should do 2 things: add the glance-rootwrap command to Glance, and add the required rules to glance_rootwrap.\nAdded the items.","commit_id":"c9c95e15c2d77b898badb16f0d5865b22a47916e"},{"author":{"_account_id":2243,"name":"John Griffith","email":"john.griffith8@gmail.com","username":"john-griffith"},"change_message_id":"e694e6ea6e6546d4531e54ade7c0496df217ec7a","unresolved":false,"context_lines":[{"line_number":51,"context_line":"      such as the device path (e.g. ``/dev/sdX``) is returned."},{"line_number":52,"context_line":"      This step requires root privilege to execute the command for iSCSI, FC"},{"line_number":53,"context_line":"      and so on, so the ``glance-rootwrap`` must be installed and it should"},{"line_number":54,"context_line":"      allow the commands for os-brick. [2]_"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"  - Write the image data to the volume from the given device path."},{"line_number":57,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"5a2ca52d_231da973","line":54,"updated":"2015-10-13 14:16:38.000000000","message":"I\u0027m all in favor of adding this to Glance\u0027s root wrap FWIW, I think that\u0027s the right way to go.","commit_id":"48be03e26f0b8e970fa93a14b5043788bf8aa48b"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"45a18dedbf14c4871091e0171493bcfed0f5cd3a","unresolved":false,"context_lines":[{"line_number":40,"context_line":"* Uploading steps:"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"  - Create a new volume with the size that can store the image. It will be"},{"line_number":43,"context_line":"    placed in the tenant of the current context, or a specific tenant"},{"line_number":44,"context_line":"    if it is configured in glance-api.conf."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"  - Attach the new volume to the glance-api host using the os-brick library."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_af48c22e","line":43,"updated":"2015-10-18 10:11:03.000000000","message":"I guess this should go to the tenant in the context, which should be the one coming from the user. It\u0027d be weird for a user to create a volume from an image and not being able to see it. On the other hand, if the creation happens from Nova, I guess it\u0027d be fine.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"73a8197793e8c308c82f22006d0b661806af204d","unresolved":false,"context_lines":[{"line_number":40,"context_line":"* Uploading steps:"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"  - Create a new volume with the size that can store the image. It will be"},{"line_number":43,"context_line":"    placed in the tenant of the current context, or a specific tenant"},{"line_number":44,"context_line":"    if it is configured in glance-api.conf."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"  - Attach the new volume to the glance-api host using the os-brick library."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_c4e8317f","line":43,"in_reply_to":"3a29b11f_6e301ee9","updated":"2015-10-20 10:24:19.000000000","message":"The single/multi-tenant model is what I\u0027d like to avoid as a first step into this driver. We also have a spec that is aiming to use service tokens for the swift driver instead of the current approach, which makes me think that we may want to move a bit slower in the cinder case to see how it goes.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":40,"context_line":"* Uploading steps:"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"  - Create a new volume with the size that can store the image. It will be"},{"line_number":43,"context_line":"    placed in the tenant of the current context, or a specific tenant"},{"line_number":44,"context_line":"    if it is configured in glance-api.conf."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"  - Attach the new volume to the glance-api host using the os-brick library."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_6e301ee9","line":43,"in_reply_to":"3a29b11f_af48c22e","updated":"2015-10-20 10:00:04.000000000","message":"I think the proposed model is fine, it would effectively implement similar single-/multi-tenant structure as we use for the swift backend. I think in many cases it would be preferred for the user not seeing the image volume that is used for the glance store. I don\u0027t see any reasons why we wouldn\u0027t be able to serve volumes from those images still.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":59,"context_line":"      and so on, so the ``glance-rootwrap`` must be installed and it should"},{"line_number":60,"context_line":"      allow the commands for os-brick. [2]_"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"  - Write the image data to the volume from the given device path."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"  - Detach the volume from the host."},{"line_number":65,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_ae92b69d","line":62,"updated":"2015-10-20 10:00:04.000000000","message":"Should we look into the cinder image cache rather than try to implement these block operations by ourselves? IIUC cinder has already all these steps implemented and we perhaps should explore the option to tap into that.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"ff536614edc294db2e98f08b22a167f453b3619c","unresolved":false,"context_lines":[{"line_number":59,"context_line":"      and so on, so the ``glance-rootwrap`` must be installed and it should"},{"line_number":60,"context_line":"      allow the commands for os-brick. [2]_"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"  - Write the image data to the volume from the given device path."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"  - Detach the volume from the host."},{"line_number":65,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_a3864811","line":62,"in_reply_to":"3a29b11f_84b1d991","updated":"2015-10-20 11:57:21.000000000","message":"No the brick is just bringing simple way to discover/attach/detach volumes. My interest was more of how much duplication we\u0027re trying to do data handling side by implementing this in Glance as well as this part is doing pretty much exactly what in my understanding cinder image cache is doing.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"79fd8191414802ef871385bef6aea1210e65e174","unresolved":false,"context_lines":[{"line_number":59,"context_line":"      and so on, so the ``glance-rootwrap`` must be installed and it should"},{"line_number":60,"context_line":"      allow the commands for os-brick. [2]_"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"  - Write the image data to the volume from the given device path."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"  - Detach the volume from the host."},{"line_number":65,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_9f32545e","line":62,"in_reply_to":"3a29b11f_a3864811","updated":"2015-10-21 07:15:55.000000000","message":"Cinder image cache is implemented in a different way. After the image is copied to a newly created volume, the image cache clones the volume to another volume in the internal (service) tenant, and the cloned volume is managed as the cache.\n\nIt is only applicable to the image transfer between cinder and glance, but this spec is rather going to provide a way to transfer image-volume data to any glance clients such as nova.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"73a8197793e8c308c82f22006d0b661806af204d","unresolved":false,"context_lines":[{"line_number":59,"context_line":"      and so on, so the ``glance-rootwrap`` must be installed and it should"},{"line_number":60,"context_line":"      allow the commands for os-brick. [2]_"},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"  - Write the image data to the volume from the given device path."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"  - Detach the volume from the host."},{"line_number":65,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_84b1d991","line":62,"in_reply_to":"3a29b11f_ae92b69d","updated":"2015-10-20 10:24:19.000000000","message":"I believe that\u0027s what os-brick is supposed to do. There could be some other ways to optimize writes but I\u0027d rather have them in a follow-up spec.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":15961,"name":"lisali","email":"xiaoyan.li@intel.com","username":"lisali"},"change_message_id":"8d884c1004251b9ce7199bed8efef4049069915a","unresolved":false,"context_lines":[{"line_number":91,"context_line":""},{"line_number":92,"context_line":"  - Call the Cinder\u0027s ``delete`` API to delete the volume when the image is"},{"line_number":93,"context_line":"    deleted."},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"As cinder currently doesn\u0027t support ACL or public volumes among tenants,"},{"line_number":96,"context_line":"in order to support public or sharable images, the image volume should be"},{"line_number":97,"context_line":"placed in the service tenant which is only accessible from the Glance and"}],"source_content_type":"text/x-rst","patch_set":6,"id":"5a2ca52d_51a41356","line":94,"updated":"2015-10-14 03:46:48.000000000","message":"For the case: if admin wants to delete the image volume with \"cinder delete\", cinder needs to prevent.\nNeed to add in cinder?","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"21462069e1f2ae14518864c330fe2b5fee3bb438","unresolved":false,"context_lines":[{"line_number":91,"context_line":""},{"line_number":92,"context_line":"  - Call the Cinder\u0027s ``delete`` API to delete the volume when the image is"},{"line_number":93,"context_line":"    deleted."},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"As cinder currently doesn\u0027t support ACL or public volumes among tenants,"},{"line_number":96,"context_line":"in order to support public or sharable images, the image volume should be"},{"line_number":97,"context_line":"placed in the service tenant which is only accessible from the Glance and"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_29126bb5","line":94,"in_reply_to":"5a2ca52d_51a41356","updated":"2015-10-18 21:23:05.000000000","message":"Just FYI, the way to protect Cinder volumes from deletion was proposed but not approved so far.\n\nhttps://blueprints.launchpad.net/cinder/+spec/protected-volume\n\nOr, when the volume is stored in the service tenant (as mentioned below), users cannot see or delete the image volumes.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"45a18dedbf14c4871091e0171493bcfed0f5cd3a","unresolved":false,"context_lines":[{"line_number":95,"context_line":"As cinder currently doesn\u0027t support ACL or public volumes among tenants,"},{"line_number":96,"context_line":"in order to support public or sharable images, the image volume should be"},{"line_number":97,"context_line":"placed in the service tenant which is only accessible from the Glance and"},{"line_number":98,"context_line":"Cinder services to control the accessibility."},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Alternatives"},{"line_number":101,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_4f556ec4","line":98,"updated":"2015-10-18 10:11:03.000000000","message":"a-ha, this invalidates my previous comment about the tenant. We can\u0027t always use user\u0027s context. Would it be fair to *always* create the volume under the service tenant to begin with? Does the user really care about the volume when it was created from an image?\n\nIf the user creates the volume first and then the image, we need to  make sure the image is not public/sharable as other users won\u0027t be able to access the volume.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"79fd8191414802ef871385bef6aea1210e65e174","unresolved":false,"context_lines":[{"line_number":95,"context_line":"As cinder currently doesn\u0027t support ACL or public volumes among tenants,"},{"line_number":96,"context_line":"in order to support public or sharable images, the image volume should be"},{"line_number":97,"context_line":"placed in the service tenant which is only accessible from the Glance and"},{"line_number":98,"context_line":"Cinder services to control the accessibility."},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Alternatives"},{"line_number":101,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_5af60afa","line":98,"in_reply_to":"3a29b11f_1f51920e","updated":"2015-10-21 07:15:55.000000000","message":"I\u0027m not sure that is feasible.. maybe we might need another followup spec for it if there are good use-cases.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"21462069e1f2ae14518864c330fe2b5fee3bb438","unresolved":false,"context_lines":[{"line_number":95,"context_line":"As cinder currently doesn\u0027t support ACL or public volumes among tenants,"},{"line_number":96,"context_line":"in order to support public or sharable images, the image volume should be"},{"line_number":97,"context_line":"placed in the service tenant which is only accessible from the Glance and"},{"line_number":98,"context_line":"Cinder services to control the accessibility."},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Alternatives"},{"line_number":101,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_a9775bd3","line":98,"in_reply_to":"3a29b11f_4f556ec4","updated":"2015-10-18 21:23:05.000000000","message":"I agree that users usually don\u0027t want to care about the image volumes, so putting the volumes in the service tenant should be the standard configuration. It will also prevent deletion of image volumes by mistake.\n\nUsing user\u0027s context is just following the existing implementation of cinder store. In this case, glance will not be able to read other users\u0027 volume as you mentioned. However cinder may allow the cloning the image volume to create a new volume from it.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"2f03695eeebb15616e7ade95a19f3665a924439f","unresolved":false,"context_lines":[{"line_number":95,"context_line":"As cinder currently doesn\u0027t support ACL or public volumes among tenants,"},{"line_number":96,"context_line":"in order to support public or sharable images, the image volume should be"},{"line_number":97,"context_line":"placed in the service tenant which is only accessible from the Glance and"},{"line_number":98,"context_line":"Cinder services to control the accessibility."},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Alternatives"},{"line_number":101,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_8c74db9c","line":98,"in_reply_to":"3a29b11f_504dff70","updated":"2015-10-19 11:16:29.000000000","message":"I\u0027m okey to limit uploads / downloads only to the service tenant.\n\nBut, we might need to keep the functionality to use user\u0027s context for compatibility, as we can already create a new volume from a cinder-backed image in user\u0027s context (by cloning it) if allowed_direct_url_schemas is configured to cinder in cinder.conf [3], although it cannot be up/downloaded and user must create the image-volume manually.\n\nDoes it sound reasonable?","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":95,"context_line":"As cinder currently doesn\u0027t support ACL or public volumes among tenants,"},{"line_number":96,"context_line":"in order to support public or sharable images, the image volume should be"},{"line_number":97,"context_line":"placed in the service tenant which is only accessible from the Glance and"},{"line_number":98,"context_line":"Cinder services to control the accessibility."},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Alternatives"},{"line_number":101,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_8ea49aa6","line":98,"in_reply_to":"3a29b11f_8c74db9c","updated":"2015-10-20 10:00:04.000000000","message":"How about for example snapshots that would be great to keep in user\u0027s context and get extra layer of security due this fact that the tenant\u0027s volumes are not accessible for others? Same thing could improve private image safety as well. (I don\u0027t know if these are realistic at the moment and definitely should not be taken as requirements at this stage)","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"73a8197793e8c308c82f22006d0b661806af204d","unresolved":false,"context_lines":[{"line_number":95,"context_line":"As cinder currently doesn\u0027t support ACL or public volumes among tenants,"},{"line_number":96,"context_line":"in order to support public or sharable images, the image volume should be"},{"line_number":97,"context_line":"placed in the service tenant which is only accessible from the Glance and"},{"line_number":98,"context_line":"Cinder services to control the accessibility."},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Alternatives"},{"line_number":101,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_1f51920e","line":98,"in_reply_to":"3a29b11f_8ea49aa6","updated":"2015-10-20 10:24:19.000000000","message":"mmh... I\u0027m not sure snapshots are necessarily useful to have as a user. The way you\u0027d boot the instance is by pointing it to your snapshot in Glance rather than to your volume in Cinder.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"c6ab59e4b6b86bb0bb76d679f6c3a8a885b91f8d","unresolved":false,"context_lines":[{"line_number":95,"context_line":"As cinder currently doesn\u0027t support ACL or public volumes among tenants,"},{"line_number":96,"context_line":"in order to support public or sharable images, the image volume should be"},{"line_number":97,"context_line":"placed in the service tenant which is only accessible from the Glance and"},{"line_number":98,"context_line":"Cinder services to control the accessibility."},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Alternatives"},{"line_number":101,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_504dff70","line":98,"in_reply_to":"3a29b11f_a9775bd3","updated":"2015-10-19 06:52:52.000000000","message":"Do we need to support using the user\u0027s tenant/context in this phase? Can we start by supporting *just* uploads to the service tenant?","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":105,"context_line":"Data model impact"},{"line_number":106,"context_line":"-----------------"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"None"},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"REST API impact"},{"line_number":111,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_8e557a51","line":108,"updated":"2015-10-20 10:00:04.000000000","message":"If we do single-/multi-tenant implementation, new data model (probably something like cinder+config would be needed).","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"ff536614edc294db2e98f08b22a167f453b3619c","unresolved":false,"context_lines":[{"line_number":105,"context_line":"Data model impact"},{"line_number":106,"context_line":"-----------------"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"None"},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"REST API impact"},{"line_number":111,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_83846cd4","line":108,"in_reply_to":"3a29b11f_243565f6","updated":"2015-10-20 11:57:21.000000000","message":"Yes we do, that\u0027s the config file model containing user credentials for the multitenant swift implementation so that we do not need to keep those credentials in the database and do manual queries when one changes password. I think this is the preferred model for deployers, so I\u0027d rather start with that if we go with the multitenant mode than having the credentials in the db.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"73a8197793e8c308c82f22006d0b661806af204d","unresolved":false,"context_lines":[{"line_number":105,"context_line":"Data model impact"},{"line_number":106,"context_line":"-----------------"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"None"},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"REST API impact"},{"line_number":111,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_243565f6","line":108,"in_reply_to":"3a29b11f_8e557a51","updated":"2015-10-20 10:24:19.000000000","message":"Do we have this for Swift? This is another point in favor of keeping it simple to begin with, IMHO.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":110,"context_line":"REST API impact"},{"line_number":111,"context_line":"---------------"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"None"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"Security impact"},{"line_number":116,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_ced132cf","line":113,"updated":"2015-10-20 10:00:04.000000000","message":"In case of above we probably need to change the schemas as well for accepted locations.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"ff536614edc294db2e98f08b22a167f453b3619c","unresolved":false,"context_lines":[{"line_number":110,"context_line":"REST API impact"},{"line_number":111,"context_line":"---------------"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"None"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"Security impact"},{"line_number":116,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_a38728d6","line":113,"in_reply_to":"3a29b11f_5f5e2a13","updated":"2015-10-20 11:57:21.000000000","message":"Sorry to be unclear, this was for the above.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"73a8197793e8c308c82f22006d0b661806af204d","unresolved":false,"context_lines":[{"line_number":110,"context_line":"REST API impact"},{"line_number":111,"context_line":"---------------"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"None"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"Security impact"},{"line_number":116,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_5f5e2a13","line":113,"in_reply_to":"3a29b11f_ced132cf","updated":"2015-10-20 10:24:19.000000000","message":"I believe cinder is already an accepted location.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":116,"context_line":"---------------"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"To attach and detach volumes to the host, root privilege is required to"},{"line_number":119,"context_line":"operate block devices on the host. Glance needs to import oslo-rootwrap"},{"line_number":120,"context_line":"to allow only required commands for these operations to be executed as root."},{"line_number":121,"context_line":""},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_e912e808","line":119,"updated":"2015-10-20 10:00:04.000000000","message":"Based on the mailing list conversations oslo-rootwrap is pretty much in limbo stage still. Do we have other options we could use? (I think this is perhaps the biggest threat for not getting this work done.)\n\nIf rootwrap does not get agreement around privsep it looks like we need to get special filtering implemented to rootwrap for Glance. (Honestly I do not like the idea of consuming oslo-rootwrap in Glance if we have other reasonable options.)","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"ff536614edc294db2e98f08b22a167f453b3619c","unresolved":false,"context_lines":[{"line_number":116,"context_line":"---------------"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"To attach and detach volumes to the host, root privilege is required to"},{"line_number":119,"context_line":"operate block devices on the host. Glance needs to import oslo-rootwrap"},{"line_number":120,"context_line":"to allow only required commands for these operations to be executed as root."},{"line_number":121,"context_line":""},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_83a0ec44","line":119,"in_reply_to":"3a29b11f_3f91ee99","updated":"2015-10-20 11:57:21.000000000","message":"brick support even sudo as root helper if needed. I\u0027d rather start with that and migrate to what ever the stable and agreed outcome of the rootwrapper is than see the effort made to include something which future is more than messy looking.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"79fd8191414802ef871385bef6aea1210e65e174","unresolved":false,"context_lines":[{"line_number":116,"context_line":"---------------"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"To attach and detach volumes to the host, root privilege is required to"},{"line_number":119,"context_line":"operate block devices on the host. Glance needs to import oslo-rootwrap"},{"line_number":120,"context_line":"to allow only required commands for these operations to be executed as root."},{"line_number":121,"context_line":""},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_1af8927a","line":119,"in_reply_to":"3a29b11f_83a0ec44","updated":"2015-10-21 07:15:55.000000000","message":"Hmm, I\u0027m not a huge fun of using bare sudo -- we need to allow everything without password. Rather I want to use oslo-rootwrap for now and move to better solution after it is implemented.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"73a8197793e8c308c82f22006d0b661806af204d","unresolved":false,"context_lines":[{"line_number":116,"context_line":"---------------"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"To attach and detach volumes to the host, root privilege is required to"},{"line_number":119,"context_line":"operate block devices on the host. Glance needs to import oslo-rootwrap"},{"line_number":120,"context_line":"to allow only required commands for these operations to be executed as root."},{"line_number":121,"context_line":""},{"line_number":122,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_3f91ee99","line":119,"in_reply_to":"3a29b11f_e912e808","updated":"2015-10-20 10:24:19.000000000","message":"While I agree that oslo-rootwrap is not the best solution, I wouldn\u0027t block this if there\u0027s no better replacement for oslo-rootwrap in Mitaka.\n\nThat is to say, I\u0027d rather bring this in and migrate out of oslo-rootwrap later.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":117,"context_line":""},{"line_number":118,"context_line":"To attach and detach volumes to the host, root privilege is required to"},{"line_number":119,"context_line":"operate block devices on the host. Glance needs to import oslo-rootwrap"},{"line_number":120,"context_line":"to allow only required commands for these operations to be executed as root."},{"line_number":121,"context_line":""},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"Notifications impact"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_4e59a259","line":120,"updated":"2015-10-20 10:00:04.000000000","message":"Glance would also need to be part of the iSCSI network. In theory this might open new attack vectors each way.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"79fd8191414802ef871385bef6aea1210e65e174","unresolved":false,"context_lines":[{"line_number":117,"context_line":""},{"line_number":118,"context_line":"To attach and detach volumes to the host, root privilege is required to"},{"line_number":119,"context_line":"operate block devices on the host. Glance needs to import oslo-rootwrap"},{"line_number":120,"context_line":"to allow only required commands for these operations to be executed as root."},{"line_number":121,"context_line":""},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"Notifications impact"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_5f703cdc","line":120,"in_reply_to":"3a29b11f_1fed1225","updated":"2015-10-21 07:15:55.000000000","message":"I will add this in next revision.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"73a8197793e8c308c82f22006d0b661806af204d","unresolved":false,"context_lines":[{"line_number":117,"context_line":""},{"line_number":118,"context_line":"To attach and detach volumes to the host, root privilege is required to"},{"line_number":119,"context_line":"operate block devices on the host. Glance needs to import oslo-rootwrap"},{"line_number":120,"context_line":"to allow only required commands for these operations to be executed as root."},{"line_number":121,"context_line":""},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"Notifications impact"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_1fed1225","line":120,"in_reply_to":"3a29b11f_4e59a259","updated":"2015-10-20 10:24:19.000000000","message":"++\n\nWorth mentioning.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":142,"context_line":""},{"line_number":143,"context_line":"Nova-compute will be able to bypass the image copy by attaching the image"},{"line_number":144,"context_line":"volumes to the host, if Cinder is deployed."},{"line_number":145,"context_line":""},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"Other deployer impact"},{"line_number":148,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_8e26dacc","line":145,"updated":"2015-10-20 10:00:04.000000000","message":"Image uploads/downloads to/from cinder will need sufficient bandwidth that needs to be taken into account. (Only mentioning it here because we see too often people thinking that glance gets swift backend for free and that they don\u0027t need to bring in the bandwidth for these transfers).","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"79fd8191414802ef871385bef6aea1210e65e174","unresolved":false,"context_lines":[{"line_number":142,"context_line":""},{"line_number":143,"context_line":"Nova-compute will be able to bypass the image copy by attaching the image"},{"line_number":144,"context_line":"volumes to the host, if Cinder is deployed."},{"line_number":145,"context_line":""},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"Other deployer impact"},{"line_number":148,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_7f33b814","line":145,"in_reply_to":"3a29b11f_03837c99","updated":"2015-10-21 07:15:55.000000000","message":"Will mention about the bandwidth too.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"73a8197793e8c308c82f22006d0b661806af204d","unresolved":false,"context_lines":[{"line_number":142,"context_line":""},{"line_number":143,"context_line":"Nova-compute will be able to bypass the image copy by attaching the image"},{"line_number":144,"context_line":"volumes to the host, if Cinder is deployed."},{"line_number":145,"context_line":""},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"Other deployer impact"},{"line_number":148,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_dfcd5ab8","line":145,"in_reply_to":"3a29b11f_8e26dacc","updated":"2015-10-20 10:24:19.000000000","message":"++\n\nIt\u0027d be better to say that it requires bandwidth to/from cinder\u0027s store. Sounds more accurate for cases where the network layout separates the store network from the API network.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"ff536614edc294db2e98f08b22a167f453b3619c","unresolved":false,"context_lines":[{"line_number":142,"context_line":""},{"line_number":143,"context_line":"Nova-compute will be able to bypass the image copy by attaching the image"},{"line_number":144,"context_line":"volumes to the host, if Cinder is deployed."},{"line_number":145,"context_line":""},{"line_number":146,"context_line":""},{"line_number":147,"context_line":"Other deployer impact"},{"line_number":148,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_03837c99","line":145,"in_reply_to":"3a29b11f_dfcd5ab8","updated":"2015-10-20 11:57:21.000000000","message":"Tru dat.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":191,"context_line":""},{"line_number":192,"context_line":"* Import oslo-rootwrap into glance and glance_store."},{"line_number":193,"context_line":"   * glance should provide glance-rootwrap command."},{"line_number":194,"context_line":"   * glance-store should provide required rules."},{"line_number":195,"context_line":"* Import os-brick into glance_store."},{"line_number":196,"context_line":"* Extend current cinder backend driver to support upload, download and deletion."},{"line_number":197,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_49219cfa","line":194,"updated":"2015-10-20 10:00:04.000000000","message":"Based on the discussion in the mailing list this is the direction rootwrap does not want to go.\n\nAlso if this really is needed, I think both (the command and the rules) needs to live in same repo. Or is there some specific reason why this model would be needed?","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"73a8197793e8c308c82f22006d0b661806af204d","unresolved":false,"context_lines":[{"line_number":191,"context_line":""},{"line_number":192,"context_line":"* Import oslo-rootwrap into glance and glance_store."},{"line_number":193,"context_line":"   * glance should provide glance-rootwrap command."},{"line_number":194,"context_line":"   * glance-store should provide required rules."},{"line_number":195,"context_line":"* Import os-brick into glance_store."},{"line_number":196,"context_line":"* Extend current cinder backend driver to support upload, download and deletion."},{"line_number":197,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_df5b1af5","line":194,"in_reply_to":"3a29b11f_49219cfa","updated":"2015-10-20 10:24:19.000000000","message":"mmh, I think I mentioned this in a previous patchset. I believe oslo-rootwrap should be pulled into glance_store rather than Glance.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"79fd8191414802ef871385bef6aea1210e65e174","unresolved":false,"context_lines":[{"line_number":191,"context_line":""},{"line_number":192,"context_line":"* Import oslo-rootwrap into glance and glance_store."},{"line_number":193,"context_line":"   * glance should provide glance-rootwrap command."},{"line_number":194,"context_line":"   * glance-store should provide required rules."},{"line_number":195,"context_line":"* Import os-brick into glance_store."},{"line_number":196,"context_line":"* Extend current cinder backend driver to support upload, download and deletion."},{"line_number":197,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_5a0cca3a","line":194,"in_reply_to":"3a29b11f_df5b1af5","updated":"2015-10-21 07:15:55.000000000","message":"OK, I will try importing rootwrap only in glance_store.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":198,"context_line":"Dependencies"},{"line_number":199,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":200,"context_line":""},{"line_number":201,"context_line":"None"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"Testing"},{"line_number":204,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_c95a8c83","line":201,"updated":"2015-10-20 10:00:04.000000000","message":"I thought we needed oslo-rootwrap and os-brick to even start with.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"79fd8191414802ef871385bef6aea1210e65e174","unresolved":false,"context_lines":[{"line_number":198,"context_line":"Dependencies"},{"line_number":199,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":200,"context_line":""},{"line_number":201,"context_line":"None"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"Testing"},{"line_number":204,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_da2f7a86","line":201,"in_reply_to":"3a29b11f_c95a8c83","updated":"2015-10-21 07:15:55.000000000","message":"I think this section is for a reference to another ongoing specs, but I\u0027ll add them if it means dependent libraries.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":209,"context_line":""},{"line_number":210,"context_line":"* Then test downloading of the image again."},{"line_number":211,"context_line":""},{"line_number":212,"context_line":"* Delete the image and check if the volume is deleted."},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"Documentation Impact"},{"line_number":215,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_294ea096","line":212,"updated":"2015-10-20 10:00:04.000000000","message":"+ Tests for owner changes, sharing, etc. normal glance store operations needed.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"79fd8191414802ef871385bef6aea1210e65e174","unresolved":false,"context_lines":[{"line_number":209,"context_line":""},{"line_number":210,"context_line":"* Then test downloading of the image again."},{"line_number":211,"context_line":""},{"line_number":212,"context_line":"* Delete the image and check if the volume is deleted."},{"line_number":213,"context_line":""},{"line_number":214,"context_line":"Documentation Impact"},{"line_number":215,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_5a712aa7","line":212,"in_reply_to":"3a29b11f_294ea096","updated":"2015-10-21 07:15:55.000000000","message":"Will add them, thanks.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":5202,"name":"Erno Kuvaja","email":"jokke@usr.fi","username":"jokke"},"change_message_id":"a184ce21325fa314f5b00db9d005cf7e5594d424","unresolved":false,"context_lines":[{"line_number":218,"context_line":"cinder store. Especially, it should explan new options to configure cinder"},{"line_number":219,"context_line":"authentication (tenant id, username, password) to store the volume into the"},{"line_number":220,"context_line":"specific tenant."},{"line_number":221,"context_line":""},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"References"},{"line_number":224,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_c420319e","line":221,"updated":"2015-10-20 10:00:04.000000000","message":"The documentation also needs to cover the expectations for glance nodes being part of the iSCSI network and having sufficient bandwidth towards cinder.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"79fd8191414802ef871385bef6aea1210e65e174","unresolved":false,"context_lines":[{"line_number":218,"context_line":"cinder store. Especially, it should explan new options to configure cinder"},{"line_number":219,"context_line":"authentication (tenant id, username, password) to store the volume into the"},{"line_number":220,"context_line":"specific tenant."},{"line_number":221,"context_line":""},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"References"},{"line_number":224,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a29b11f_7a7666a5","line":221,"in_reply_to":"3a29b11f_c420319e","updated":"2015-10-21 07:15:55.000000000","message":"Will add this.","commit_id":"eb54f2dc3dc91f68424e8aa0ee0fa2d4252b9e04"},{"author":{"_account_id":16683,"name":"Alexey Galkin","email":"agalkin@mirantis.com","username":"agalkin"},"change_message_id":"831cdecc752481bf84f067e14dcda1bca0d6629c","unresolved":false,"context_lines":[{"line_number":217,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":218,"context_line":""},{"line_number":219,"context_line":"The documentation should be expanded to describe how to enable and use"},{"line_number":220,"context_line":"cinder store. Especially, it should explan new options to configure cinder"},{"line_number":221,"context_line":"authentication (tenant id, username, password) to store the volume into the"},{"line_number":222,"context_line":"specific tenant."},{"line_number":223,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"3a29b11f_822a5f7d","line":220,"updated":"2015-10-26 09:10:53.000000000","message":"Please, fix typo:\n\nexplan -\u003e explain","commit_id":"ab057dc73343e80941334dcada75a6dc1d54862c"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"bd4078480b6c73360b566fcfea4b4a7ce8ec76db","unresolved":false,"context_lines":[{"line_number":217,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":218,"context_line":""},{"line_number":219,"context_line":"The documentation should be expanded to describe how to enable and use"},{"line_number":220,"context_line":"cinder store. Especially, it should explan new options to configure cinder"},{"line_number":221,"context_line":"authentication (tenant id, username, password) to store the volume into the"},{"line_number":222,"context_line":"specific tenant."},{"line_number":223,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"3a29b11f_954db7c6","line":220,"in_reply_to":"3a29b11f_822a5f7d","updated":"2015-10-26 10:15:50.000000000","message":"Done","commit_id":"ab057dc73343e80941334dcada75a6dc1d54862c"},{"author":{"_account_id":11904,"name":"Sean McGinnis","email":"sean.mcginnis@gmail.com","username":"SeanM"},"change_message_id":"6edaac598831357ac6b59aa568ed0849658aa4cf","unresolved":false,"context_lines":[{"line_number":80,"context_line":""},{"line_number":81,"context_line":"* Downloading steps:"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"  - Attach the image volume to glance-api host as read-only."},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"  - Read the image data from the volume."},{"line_number":86,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"3a29b11f_e7755332","line":83,"updated":"2015-10-26 22:11:29.000000000","message":"Just a comment to make sure it\u0027s clear - this has some implications for service setup, especially when using fibre channel. Since the volume needs to mounted locally on the glance-api host, that host will need to have FC connectivity to the backend storage. Network based access such as iSCSI makes things a little easier, but there are physical constraints when using FC.\n\nIt might be worth looking into whether there is a way to leverage the Fibre Channel Zone Manager support in Cinder as well to be able to automatically zone the fabric when attaching volumes.","commit_id":"4abebcf7f9e1389fa96e4a15a06c14d2197958f2"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"67195906e247c02dc90ce99a37108105d7abc846","unresolved":false,"context_lines":[{"line_number":80,"context_line":""},{"line_number":81,"context_line":"* Downloading steps:"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"  - Attach the image volume to glance-api host as read-only."},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"  - Read the image data from the volume."},{"line_number":86,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"1a26ad4f_fd566005","line":83,"in_reply_to":"1a26ad4f_c7a3979d","updated":"2015-10-28 02:17:42.000000000","message":"Thanks for comments. I think Cinder and FCZM can handle attachment to glance-api node just as well as compute node, or cinder itself (like when it writes image on creating a new volume).\r\n\r\nAnyway I will add the deployer impact about storage connectivity.","commit_id":"4abebcf7f9e1389fa96e4a15a06c14d2197958f2"},{"author":{"_account_id":12924,"name":"Patrick East","email":"east.patrick@gmail.com","username":"patrick.east"},"change_message_id":"71e2052fc645c8a74c2c5083c2a0fd8cbd7f4592","unresolved":false,"context_lines":[{"line_number":80,"context_line":""},{"line_number":81,"context_line":"* Downloading steps:"},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"  - Attach the image volume to glance-api host as read-only."},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"  - Read the image data from the volume."},{"line_number":86,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"1a26ad4f_c7a3979d","line":83,"in_reply_to":"3a29b11f_e7755332","updated":"2015-10-28 01:17:26.000000000","message":"I agree, it probably should be noted in the deployer impact section that the glance node needs to be able to access the storage backend and may require additional hardware connectivity.\n\nFor the FCZM there isn\u0027t anything to do here, using the Cinder API\u0027s to attach the volume will do the right thing for zoning already. If a driver is written to use the FCZM and Cinder was configured for it, then the zoning gets handled automatically as-is, similar to whats done for compute nodes today.","commit_id":"4abebcf7f9e1389fa96e4a15a06c14d2197958f2"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"7b3ee40b33bf191bd5c9e3d57086c55a657a88a0","unresolved":false,"context_lines":[{"line_number":32,"context_line":""},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Proposed change"},{"line_number":35,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"This spec proposes implementing image uploading to and downloading from Cinder"},{"line_number":38,"context_line":"volumes, and deletion of the volume on the image deletion."}],"source_content_type":"text/x-rst","patch_set":9,"id":"1a26ad4f_c8d4ba48","line":35,"updated":"2015-10-30 05:28:28.000000000","message":"One concern that came up during the meetup at the summit is whether booting from the volume that has been created through the glance API will allow users to modify the actual root volume data or not.\n\nCan the above be clarified?\n\nOne property of Glance\u0027s images is that they are immutable when they become active. This would break that guarantee.","commit_id":"c68357c4faac8d2fc42d8782833ac04987be624a"},{"author":{"_account_id":9176,"name":"Tomoki Sekiyama","email":"tomoki.sekiyama@gmail.com","username":"tsekiyama"},"change_message_id":"f8eb31e78def7ebf09922bc44ef7cc600be046dc","unresolved":false,"context_lines":[{"line_number":32,"context_line":""},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"Proposed change"},{"line_number":35,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"This spec proposes implementing image uploading to and downloading from Cinder"},{"line_number":38,"context_line":"volumes, and deletion of the volume on the image deletion."}],"source_content_type":"text/x-rst","patch_set":9,"id":"1a26ad4f_b64c19c9","line":35,"in_reply_to":"1a26ad4f_c8d4ba48","updated":"2015-11-02 01:52:05.000000000","message":"When the volume is created by glance shouldn\u0027t be modified, so it will be marked read-only which will deny being attached in writable mode.\r\n\r\n\r\nInstead of attaching image-volume, a new boot volume should be created on launching the instance by cloning the image-volume. The cloning is quite rapid on the most storage arrays that supports copy-on-write.","commit_id":"c68357c4faac8d2fc42d8782833ac04987be624a"},{"author":{"_account_id":6159,"name":"Flavio Percoco Premoli","display_name":"flaper87","email":"flavio.percoco@flyrlabs.com","username":"flaper87"},"change_message_id":"c54c782d4afe9a0a4f9cfa133f585444b04cc5d5","unresolved":false,"context_lines":[{"line_number":69,"context_line":"    - Call the os-brick\u0027s ``disconnect_volume`` method and Cinder\u0027s"},{"line_number":70,"context_line":"      ``terminate_connection`` API to remove the volume connection."},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"  - Mark the volume as read-only."},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"  - Add volume metadata that indicate the image size, image ID, image owner"},{"line_number":75,"context_line":"    (to track the owner even when it is placed in the service tenant). e.g.:"}],"source_content_type":"text/x-rst","patch_set":10,"id":"da85f559_1be6ec43","line":72,"updated":"2015-11-12 18:17:56.000000000","message":"Thanks","commit_id":"315071b617474f66fb54b8ef46a415e970cb3003"}]}