)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"5a1bb1286f5301c784a1dd6028ed5dd3ad6b80fe","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"7439b4d3_4207a929","updated":"2025-09-25 14:04:45.000000000","message":"Still in progress on use case and actual implementation, just added here so that we can discuss the idea in PTG","commit_id":"2a1130eb3df99be75c086241223449655c2af9e6"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"102707c12955af330c271015b15cbb962da0f6c2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"859d3def_17dcc750","updated":"2025-09-25 13:39:58.000000000","message":"Still in progress on use case and actual implementation, just added here so that we can discuss the idea in PTG","commit_id":"2a1130eb3df99be75c086241223449655c2af9e6"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"18edc9c29973c9a7cf35645ddcd2ca356b742e88","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"1050965c_95258780","updated":"2025-09-25 12:41:12.000000000","message":"sounds interesting.","commit_id":"2a1130eb3df99be75c086241223449655c2af9e6"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"359baaeacd17ac585bd342b4b5d5b74ecacf862b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"e0577b8b_9b3f2616","updated":"2025-10-10 16:01:06.000000000","message":"Hi Dan, thank you for review!","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a973d67dfc4e58da69bb832c906783bbc98aa5ef","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"d378a965_dfa63e67","updated":"2025-09-30 16:10:42.000000000","message":"Thank you for inputs cyril, I think we can discuss about the approach you suggested during the PTG","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"cbd80cde97ea3a2717a30174840bed208f5771ff","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"3f614189_66673773","updated":"2026-01-05 13:21:22.000000000","message":"Moved to next cycle","commit_id":"b9c0a1fbc3054821db9a9fe56a027e8b19be6a0f"}],"specs/2026.1/approved/glance/container-registry-import.rst":[{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"18edc9c29973c9a7cf35645ddcd2ca356b742e88","unresolved":true,"context_lines":[{"line_number":16,"context_line":"importing container images directly from container registries (Docker Hub,"},{"line_number":17,"context_line":"Harbor, Quay.io, OCI-compatible registries, etc.) in glance. This will"},{"line_number":18,"context_line":"bridge the gap between container and VM ecosystems, allowing organizations"},{"line_number":19,"context_line":"to seamlessly import container images for use in VM-based workloads while"},{"line_number":20,"context_line":"maintaining unified image management across platforms."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Problem description"}],"source_content_type":"text/x-rst","patch_set":1,"id":"4be953a2_ef5396d3","line":19,"range":{"start_line":19,"start_character":13,"end_line":19,"end_character":67},"updated":"2025-09-25 12:41:12.000000000","message":"I\u0027m mostly curious, but do you intend to use the imported container images as usual vm images (by format conversion) or do you mean users may use the imported images to run containers on their VMs ?","commit_id":"2a1130eb3df99be75c086241223449655c2af9e6"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"4d2f9dd9dc7db18fb145675a368752d0282e8e3f","unresolved":true,"context_lines":[{"line_number":16,"context_line":"importing container images directly from container registries (Docker Hub,"},{"line_number":17,"context_line":"Harbor, Quay.io, OCI-compatible registries, etc.) in glance. This will"},{"line_number":18,"context_line":"bridge the gap between container and VM ecosystems, allowing organizations"},{"line_number":19,"context_line":"to seamlessly import container images for use in VM-based workloads while"},{"line_number":20,"context_line":"maintaining unified image management across platforms."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Problem description"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5d5610c2_d3f363c6","line":19,"range":{"start_line":19,"start_character":13,"end_line":19,"end_character":67},"in_reply_to":"4be953a2_ef5396d3","updated":"2025-09-25 12:53:08.000000000","message":"this is intended to convert container images into VM-compatible images that can be used to boot VMs, not to run containers on VMs.","commit_id":"2a1130eb3df99be75c086241223449655c2af9e6"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"c2125cdb93b5c8f8b1ec97b6da4e62cd8a2de71a","unresolved":true,"context_lines":[{"line_number":16,"context_line":"importing container images directly from container registries (Docker Hub,"},{"line_number":17,"context_line":"Harbor, Quay.io, OCI-compatible registries, etc.) in glance. This will"},{"line_number":18,"context_line":"bridge the gap between container and VM ecosystems, allowing organizations"},{"line_number":19,"context_line":"to seamlessly import container images for use in VM-based workloads while"},{"line_number":20,"context_line":"maintaining unified image management across platforms."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Problem description"}],"source_content_type":"text/x-rst","patch_set":1,"id":"c0ae40d1_e8ec0c17","line":19,"range":{"start_line":19,"start_character":13,"end_line":19,"end_character":67},"in_reply_to":"5d5610c2_d3f363c6","updated":"2025-10-10 15:41:37.000000000","message":"I\u0027m super very much interested (read: skeptical) about how this would be used. Can we get more detail about why this is actually a useful thing to do in the context of openstack? Like, actual workflow details.\n\nThe below (I assume AI-generated) list of \"challenges\" all sound like good things to address, but they seem more like a list of buzzwords and less like something I can actually grok as a current problem in need of this solution.","commit_id":"2a1130eb3df99be75c086241223449655c2af9e6"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8097c57291a220eba0fd9305d6be0c212cb3893","unresolved":false,"context_lines":[{"line_number":16,"context_line":"importing container images directly from container registries (Docker Hub,"},{"line_number":17,"context_line":"Harbor, Quay.io, OCI-compatible registries, etc.) in glance. This will"},{"line_number":18,"context_line":"bridge the gap between container and VM ecosystems, allowing organizations"},{"line_number":19,"context_line":"to seamlessly import container images for use in VM-based workloads while"},{"line_number":20,"context_line":"maintaining unified image management across platforms."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Problem description"}],"source_content_type":"text/x-rst","patch_set":1,"id":"2a6de88f_d99a0ed1","line":19,"range":{"start_line":19,"start_character":13,"end_line":19,"end_character":67},"in_reply_to":"693b8de6_4270746b","updated":"2025-10-29 15:29:38.000000000","message":"Done","commit_id":"2a1130eb3df99be75c086241223449655c2af9e6"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"359baaeacd17ac585bd342b4b5d5b74ecacf862b","unresolved":true,"context_lines":[{"line_number":16,"context_line":"importing container images directly from container registries (Docker Hub,"},{"line_number":17,"context_line":"Harbor, Quay.io, OCI-compatible registries, etc.) in glance. This will"},{"line_number":18,"context_line":"bridge the gap between container and VM ecosystems, allowing organizations"},{"line_number":19,"context_line":"to seamlessly import container images for use in VM-based workloads while"},{"line_number":20,"context_line":"maintaining unified image management across platforms."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Problem description"}],"source_content_type":"text/x-rst","patch_set":1,"id":"693b8de6_4270746b","line":19,"range":{"start_line":19,"start_character":13,"end_line":19,"end_character":67},"in_reply_to":"c0ae40d1_e8ec0c17","updated":"2025-10-10 16:01:06.000000000","message":"I was looking at docker container-format supported by glance for very long and was wondering what should be the use cases of having this container-format supported. So while using claude ai, I explored whether there are any ways we can add any images from directly from container registries like docker etc. and found some use cases around it. \n\nAlso I think we have images with docker, podman included with those, If user create vm from these images then they can directly download any image from glance and deploy it using docker or podman.\n\nI think I should include actual workflows rather than having generic list rephrased with the help of AI","commit_id":"2a1130eb3df99be75c086241223449655c2af9e6"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"18edc9c29973c9a7cf35645ddcd2ca356b742e88","unresolved":true,"context_lines":[{"line_number":97,"context_line":"  disallowed_registries \u003d"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"  # Allowed authentication methods"},{"line_number":100,"context_line":"  container_registry_auth_methods \u003d anonymous,basic,token"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"  # Security Settings"},{"line_number":103,"context_line":"  # SSL verification"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3649d452_4f11460e","line":100,"range":{"start_line":100,"start_character":2,"end_line":100,"end_character":33},"updated":"2025-09-25 12:41:12.000000000","message":"Maybe you don\u0027t need container_registry prefixes, because these options appear in container_registry section.","commit_id":"2a1130eb3df99be75c086241223449655c2af9e6"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"4d2f9dd9dc7db18fb145675a368752d0282e8e3f","unresolved":false,"context_lines":[{"line_number":97,"context_line":"  disallowed_registries \u003d"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"  # Allowed authentication methods"},{"line_number":100,"context_line":"  container_registry_auth_methods \u003d anonymous,basic,token"},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"  # Security Settings"},{"line_number":103,"context_line":"  # SSL verification"}],"source_content_type":"text/x-rst","patch_set":1,"id":"e602d220_7369072b","line":100,"range":{"start_line":100,"start_character":2,"end_line":100,"end_character":33},"in_reply_to":"3649d452_4f11460e","updated":"2025-09-25 12:53:08.000000000","message":"Acknowledged","commit_id":"2a1130eb3df99be75c086241223449655c2af9e6"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"95e93241e1f39cc31da64bf124a61a65d6964fe5","unresolved":true,"context_lines":[{"line_number":103,"context_line":""},{"line_number":104,"context_line":"  [container_registry]"},{"line_number":105,"context_line":"  # Registry Access Control"},{"line_number":106,"context_line":"  # Whitelist allowed registries"},{"line_number":107,"context_line":"  allowed_registries \u003d docker.io,quay.io,harbor.company.com"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"  # Blacklist disallowed registries (ignored if whitelist is set)"}],"source_content_type":"text/x-rst","patch_set":2,"id":"cf0f2ce0_6d7d8840","line":106,"range":{"start_line":106,"start_character":4,"end_line":106,"end_character":13},"updated":"2025-09-30 15:45:39.000000000","message":"These days I\u0027ll think you\u0027ll want \"allowlist\" here...","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a973d67dfc4e58da69bb832c906783bbc98aa5ef","unresolved":false,"context_lines":[{"line_number":103,"context_line":""},{"line_number":104,"context_line":"  [container_registry]"},{"line_number":105,"context_line":"  # Registry Access Control"},{"line_number":106,"context_line":"  # Whitelist allowed registries"},{"line_number":107,"context_line":"  allowed_registries \u003d docker.io,quay.io,harbor.company.com"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"  # Blacklist disallowed registries (ignored if whitelist is set)"}],"source_content_type":"text/x-rst","patch_set":2,"id":"4f323d0d_c7796b44","line":106,"range":{"start_line":106,"start_character":4,"end_line":106,"end_character":13},"in_reply_to":"cf0f2ce0_6d7d8840","updated":"2025-09-30 16:10:42.000000000","message":":) ack","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"95e93241e1f39cc31da64bf124a61a65d6964fe5","unresolved":true,"context_lines":[{"line_number":106,"context_line":"  # Whitelist allowed registries"},{"line_number":107,"context_line":"  allowed_registries \u003d docker.io,quay.io,harbor.company.com"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"  # Blacklist disallowed registries (ignored if whitelist is set)"},{"line_number":110,"context_line":"  disallowed_registries \u003d"},{"line_number":111,"context_line":""},{"line_number":112,"context_line":"  # Allowed authentication methods"}],"source_content_type":"text/x-rst","patch_set":2,"id":"d86ac956_2c8e65d0","line":109,"range":{"start_line":109,"start_character":4,"end_line":109,"end_character":13},"updated":"2025-09-30 15:45:39.000000000","message":"... and \"denylist\" here.","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a973d67dfc4e58da69bb832c906783bbc98aa5ef","unresolved":false,"context_lines":[{"line_number":106,"context_line":"  # Whitelist allowed registries"},{"line_number":107,"context_line":"  allowed_registries \u003d docker.io,quay.io,harbor.company.com"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"  # Blacklist disallowed registries (ignored if whitelist is set)"},{"line_number":110,"context_line":"  disallowed_registries \u003d"},{"line_number":111,"context_line":""},{"line_number":112,"context_line":"  # Allowed authentication methods"}],"source_content_type":"text/x-rst","patch_set":2,"id":"dc3c4ec5_4ea2ce1d","line":109,"range":{"start_line":109,"start_character":4,"end_line":109,"end_character":13},"in_reply_to":"d86ac956_2c8e65d0","updated":"2025-09-30 16:10:42.000000000","message":"Acknowledged","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"95e93241e1f39cc31da64bf124a61a65d6964fe5","unresolved":true,"context_lines":[{"line_number":119,"context_line":""},{"line_number":120,"context_line":"  # Timeout and retry settings"},{"line_number":121,"context_line":"  container_registry_timeout \u003d 300"},{"line_number":122,"context_line":"  container_registry_max_retries \u003d 3"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"Additional features such as layer caching can be implemented in future to"},{"line_number":125,"context_line":"optimize performance and reduce bandwidth usage."}],"source_content_type":"text/x-rst","patch_set":2,"id":"114f0d29_48e3fee6","line":122,"range":{"start_line":122,"start_character":2,"end_line":122,"end_character":32},"updated":"2025-09-30 15:45:39.000000000","message":"Maybe these settings should be per-registry? Users may need different certificates/settings for different registries.","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a973d67dfc4e58da69bb832c906783bbc98aa5ef","unresolved":false,"context_lines":[{"line_number":119,"context_line":""},{"line_number":120,"context_line":"  # Timeout and retry settings"},{"line_number":121,"context_line":"  container_registry_timeout \u003d 300"},{"line_number":122,"context_line":"  container_registry_max_retries \u003d 3"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"Additional features such as layer caching can be implemented in future to"},{"line_number":125,"context_line":"optimize performance and reduce bandwidth usage."}],"source_content_type":"text/x-rst","patch_set":2,"id":"2f7c65e6_8804c456","line":122,"range":{"start_line":122,"start_character":2,"end_line":122,"end_character":32},"in_reply_to":"114f0d29_48e3fee6","updated":"2025-09-30 16:10:42.000000000","message":"Acknowledged","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"95e93241e1f39cc31da64bf124a61a65d6964fe5","unresolved":true,"context_lines":[{"line_number":248,"context_line":""},{"line_number":249,"context_line":"* **Authentication Handling**: The plugin will handle various"},{"line_number":250,"context_line":"  authentication methods (anonymous, basic, token, service account) and"},{"line_number":251,"context_line":"  must securely store and manage credentials during the import process."},{"line_number":252,"context_line":""},{"line_number":253,"context_line":"* **Registry Access Control**: The plugin will support registry"},{"line_number":254,"context_line":"  whitelisting/blacklisting to control which registries can be accessed."}],"source_content_type":"text/x-rst","patch_set":2,"id":"2265f7ca_fc1bde25","line":251,"range":{"start_line":251,"start_character":16,"end_line":251,"end_character":21},"updated":"2025-09-30 15:45:39.000000000","message":"I think this is something Docker/Podman can already do...","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8097c57291a220eba0fd9305d6be0c212cb3893","unresolved":false,"context_lines":[{"line_number":248,"context_line":""},{"line_number":249,"context_line":"* **Authentication Handling**: The plugin will handle various"},{"line_number":250,"context_line":"  authentication methods (anonymous, basic, token, service account) and"},{"line_number":251,"context_line":"  must securely store and manage credentials during the import process."},{"line_number":252,"context_line":""},{"line_number":253,"context_line":"* **Registry Access Control**: The plugin will support registry"},{"line_number":254,"context_line":"  whitelisting/blacklisting to control which registries can be accessed."}],"source_content_type":"text/x-rst","patch_set":2,"id":"4408d7c1_4d29d15d","line":251,"range":{"start_line":251,"start_character":16,"end_line":251,"end_character":21},"in_reply_to":"2265f7ca_fc1bde25","updated":"2025-10-29 15:29:38.000000000","message":"Done","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"95e93241e1f39cc31da64bf124a61a65d6964fe5","unresolved":true,"context_lines":[{"line_number":255,"context_line":""},{"line_number":256,"context_line":"* **SSL/TLS Verification**: The plugin will support configurable SSL"},{"line_number":257,"context_line":"  certificate verification with custom CA certificates for enterprise"},{"line_number":258,"context_line":"  environments."},{"line_number":259,"context_line":""},{"line_number":260,"context_line":"* **Network Security**: The plugin will support configurable timeouts and"},{"line_number":261,"context_line":"  retry mechanisms to prevent resource exhaustion attacks."}],"source_content_type":"text/x-rst","patch_set":2,"id":"4c3ddbbc_e78a99a8","line":258,"range":{"start_line":258,"start_character":2,"end_line":258,"end_character":14},"updated":"2025-09-30 15:45:39.000000000","message":"... and Docker/Podman can probably alreay do this as well...","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8097c57291a220eba0fd9305d6be0c212cb3893","unresolved":false,"context_lines":[{"line_number":255,"context_line":""},{"line_number":256,"context_line":"* **SSL/TLS Verification**: The plugin will support configurable SSL"},{"line_number":257,"context_line":"  certificate verification with custom CA certificates for enterprise"},{"line_number":258,"context_line":"  environments."},{"line_number":259,"context_line":""},{"line_number":260,"context_line":"* **Network Security**: The plugin will support configurable timeouts and"},{"line_number":261,"context_line":"  retry mechanisms to prevent resource exhaustion attacks."}],"source_content_type":"text/x-rst","patch_set":2,"id":"a723273a_6454e5fa","line":258,"range":{"start_line":258,"start_character":2,"end_line":258,"end_character":14},"in_reply_to":"4c3ddbbc_e78a99a8","updated":"2025-10-29 15:29:38.000000000","message":"Done","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"95e93241e1f39cc31da64bf124a61a65d6964fe5","unresolved":true,"context_lines":[{"line_number":261,"context_line":"  retry mechanisms to prevent resource exhaustion attacks."},{"line_number":262,"context_line":""},{"line_number":263,"context_line":"* **Data Integrity**: The plugin will verify manifest and blob digests to"},{"line_number":264,"context_line":"  ensure image integrity during the import process."},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"* **Access Control**: The plugin will respect Glance\u0027s existing access"},{"line_number":267,"context_line":"  control mechanisms and policies."}],"source_content_type":"text/x-rst","patch_set":2,"id":"db8ba0a8_ef139f26","line":264,"range":{"start_line":264,"start_character":15,"end_line":264,"end_character":24},"updated":"2025-09-30 15:45:39.000000000","message":"... Docker/Podman definitely does this too\n\nAre you thinkning of reusing Docker/Podman under the hood rather than reimplementing all of this?","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8097c57291a220eba0fd9305d6be0c212cb3893","unresolved":false,"context_lines":[{"line_number":261,"context_line":"  retry mechanisms to prevent resource exhaustion attacks."},{"line_number":262,"context_line":""},{"line_number":263,"context_line":"* **Data Integrity**: The plugin will verify manifest and blob digests to"},{"line_number":264,"context_line":"  ensure image integrity during the import process."},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"* **Access Control**: The plugin will respect Glance\u0027s existing access"},{"line_number":267,"context_line":"  control mechanisms and policies."}],"source_content_type":"text/x-rst","patch_set":2,"id":"d521fc5e_e78cdd1a","line":264,"range":{"start_line":264,"start_character":15,"end_line":264,"end_character":24},"in_reply_to":"95cae15a_d950d329","updated":"2025-10-29 15:29:38.000000000","message":"Done","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a973d67dfc4e58da69bb832c906783bbc98aa5ef","unresolved":true,"context_lines":[{"line_number":261,"context_line":"  retry mechanisms to prevent resource exhaustion attacks."},{"line_number":262,"context_line":""},{"line_number":263,"context_line":"* **Data Integrity**: The plugin will verify manifest and blob digests to"},{"line_number":264,"context_line":"  ensure image integrity during the import process."},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"* **Access Control**: The plugin will respect Glance\u0027s existing access"},{"line_number":267,"context_line":"  control mechanisms and policies."}],"source_content_type":"text/x-rst","patch_set":2,"id":"95cae15a_d950d329","line":264,"range":{"start_line":264,"start_character":15,"end_line":264,"end_character":24},"in_reply_to":"db8ba0a8_ef139f26","updated":"2025-09-30 16:10:42.000000000","message":"I haven\u0027t thought on this line, I need to understand how I can use this better way. May be we can discuss this during the PTG as well","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"95e93241e1f39cc31da64bf124a61a65d6964fe5","unresolved":true,"context_lines":[{"line_number":284,"context_line":""},{"line_number":285,"context_line":"    glance image-create-via-import --import-method container-registry \\"},{"line_number":286,"context_line":"      --uri \"docker://docker.io/nginx:1.21\" nginx-vm-image --token mytoken \\"},{"line_number":287,"context_line":"      --disk-format raw --container-format docker"},{"line_number":288,"context_line":""},{"line_number":289,"context_line":"* **OpenStack CLI**: will be updated to support the new ``container-registry``"},{"line_number":290,"context_line":"  import method through the existing import workflow:"}],"source_content_type":"text/x-rst","patch_set":2,"id":"81d410ec_3853da22","line":287,"range":{"start_line":287,"start_character":12,"end_line":287,"end_character":13},"updated":"2025-09-30 15:45:39.000000000","message":"Maybe we freeze glanceclient development before this happens, and therefore we can skip this.","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a973d67dfc4e58da69bb832c906783bbc98aa5ef","unresolved":false,"context_lines":[{"line_number":284,"context_line":""},{"line_number":285,"context_line":"    glance image-create-via-import --import-method container-registry \\"},{"line_number":286,"context_line":"      --uri \"docker://docker.io/nginx:1.21\" nginx-vm-image --token mytoken \\"},{"line_number":287,"context_line":"      --disk-format raw --container-format docker"},{"line_number":288,"context_line":""},{"line_number":289,"context_line":"* **OpenStack CLI**: will be updated to support the new ``container-registry``"},{"line_number":290,"context_line":"  import method through the existing import workflow:"}],"source_content_type":"text/x-rst","patch_set":2,"id":"2703712f_33542fad","line":287,"range":{"start_line":287,"start_character":12,"end_line":287,"end_character":13},"in_reply_to":"81d410ec_3853da22","updated":"2025-09-30 16:10:42.000000000","message":"Acknowledged","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":8122,"name":"Cyril Roelandt","email":"cyril@redhat.com","username":"cyril.roelandt.enovance"},"change_message_id":"95e93241e1f39cc31da64bf124a61a65d6964fe5","unresolved":true,"context_lines":[{"line_number":303,"context_line":""},{"line_number":304,"context_line":"* **Memory Usage**: The plugin will need to handle large container images"},{"line_number":305,"context_line":"  and their layers efficiently. Streaming downloads and memory-efficient"},{"line_number":306,"context_line":"  image assembly will be implemented to minimize memory usage."},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"* **Concurrent Operations**: The plugin will support concurrent layer"},{"line_number":309,"context_line":"  downloads to improve performance for multi-layer images."}],"source_content_type":"text/x-rst","patch_set":2,"id":"cb8c6f50_c5ce5d28","line":306,"range":{"start_line":306,"start_character":48,"end_line":306,"end_character":49},"updated":"2025-09-30 15:45:39.000000000","message":"Again, this is probably something Docker/Podman does extremely well already. How can we reuse that?","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"a973d67dfc4e58da69bb832c906783bbc98aa5ef","unresolved":true,"context_lines":[{"line_number":303,"context_line":""},{"line_number":304,"context_line":"* **Memory Usage**: The plugin will need to handle large container images"},{"line_number":305,"context_line":"  and their layers efficiently. Streaming downloads and memory-efficient"},{"line_number":306,"context_line":"  image assembly will be implemented to minimize memory usage."},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"* **Concurrent Operations**: The plugin will support concurrent layer"},{"line_number":309,"context_line":"  downloads to improve performance for multi-layer images."}],"source_content_type":"text/x-rst","patch_set":2,"id":"fe1ef569_ee5ccac2","line":306,"range":{"start_line":306,"start_character":48,"end_line":306,"end_character":49},"in_reply_to":"cb8c6f50_c5ce5d28","updated":"2025-09-30 16:10:42.000000000","message":"Ack, we can discuss this during our PTG session","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"c8097c57291a220eba0fd9305d6be0c212cb3893","unresolved":false,"context_lines":[{"line_number":303,"context_line":""},{"line_number":304,"context_line":"* **Memory Usage**: The plugin will need to handle large container images"},{"line_number":305,"context_line":"  and their layers efficiently. Streaming downloads and memory-efficient"},{"line_number":306,"context_line":"  image assembly will be implemented to minimize memory usage."},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"* **Concurrent Operations**: The plugin will support concurrent layer"},{"line_number":309,"context_line":"  downloads to improve performance for multi-layer images."}],"source_content_type":"text/x-rst","patch_set":2,"id":"89278262_9db791c0","line":306,"range":{"start_line":306,"start_character":48,"end_line":306,"end_character":49},"in_reply_to":"fe1ef569_ee5ccac2","updated":"2025-10-29 15:29:38.000000000","message":"Done","commit_id":"9213cc9939b0a147b7cdf5045eec7a6321fe2654"},{"author":{"_account_id":25402,"name":"Francesco Pantano","email":"fpantano@redhat.com","username":"fmount"},"change_message_id":"3228817c4f309c1c8184b4bf6adb63049c88c467","unresolved":true,"context_lines":[{"line_number":122,"context_line":"people can pull from."},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"The images get stored with ``container_format\u003d\u0027docker\u0027`` and ``disk_format\u003d\u0027raw\u0027``"},{"line_number":125,"context_line":"so Glance knows what they are. You cannot boot VMs from these images (they are"},{"line_number":126,"context_line":"application containers, not OS images), but that is not the goal. The goal is"},{"line_number":127,"context_line":"centralized storage and distribution for your container workloads running on VMs."},{"line_number":128,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"c56ddc1d_4b2eac41","line":125,"updated":"2025-10-15 09:32:23.000000000","message":"I see here an opportunity to integrate with the bootc ecosystem and RHEL/Fedora Image Mode.\nbootc might enable a more powerful use case: bootable container images as the VM operating system itself.\nI understand that storing them as tarball is the immediate solution, but in the future we might think about letting Glance to act as a gateway to a container image registry and import images as needed to optimize how the storage is consumed and take advantage of the layering that containers can actually do.\nThis might be something to discuss at the ptg, but I wanted to point out the immediate interesting use case I see in this proposal.","commit_id":"b9c0a1fbc3054821db9a9fe56a027e8b19be6a0f"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"e738c23ce669f26e6cd5a6a68f8efc5643b300a9","unresolved":true,"context_lines":[{"line_number":122,"context_line":"people can pull from."},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"The images get stored with ``container_format\u003d\u0027docker\u0027`` and ``disk_format\u003d\u0027raw\u0027``"},{"line_number":125,"context_line":"so Glance knows what they are. You cannot boot VMs from these images (they are"},{"line_number":126,"context_line":"application containers, not OS images), but that is not the goal. The goal is"},{"line_number":127,"context_line":"centralized storage and distribution for your container workloads running on VMs."},{"line_number":128,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"5d55f702_d7674b96","line":125,"in_reply_to":"c56ddc1d_4b2eac41","updated":"2025-10-29 05:23:00.000000000","message":"Ack, I think we can use image_convrsion kind of thing to use botoc to convert container to bootable image","commit_id":"b9c0a1fbc3054821db9a9fe56a027e8b19be6a0f"},{"author":{"_account_id":35491,"name":"Roberto Alfieri","display_name":"Roberto Alfieri","email":"ralfieri@redhat.com","username":"ralfieri"},"change_message_id":"831b4ea48fc2bdac5549989820d4a8895184444c","unresolved":true,"context_lines":[{"line_number":234,"context_line":"  [containers]"},{"line_number":235,"context_line":"    default_capabilities \u003d ["},{"line_number":236,"context_line":"      \"CHOWN\","},{"line_number":237,"context_line":"      \"DAC_OVERRIDE\", "},{"line_number":238,"context_line":"      \"FOWNER\","},{"line_number":239,"context_line":"      \"FSETID\","},{"line_number":240,"context_line":"      \"KILL\","}],"source_content_type":"text/x-rst","patch_set":4,"id":"d26a22f4_97c72537","line":237,"updated":"2025-10-15 09:20:26.000000000","message":"```suggestion\n      \"DAC_OVERRIDE\",\n```","commit_id":"b9c0a1fbc3054821db9a9fe56a027e8b19be6a0f"},{"author":{"_account_id":9303,"name":"Abhishek Kekane","email":"akekane@redhat.com","username":"abhishekkekane"},"change_message_id":"e738c23ce669f26e6cd5a6a68f8efc5643b300a9","unresolved":false,"context_lines":[{"line_number":234,"context_line":"  [containers]"},{"line_number":235,"context_line":"    default_capabilities \u003d ["},{"line_number":236,"context_line":"      \"CHOWN\","},{"line_number":237,"context_line":"      \"DAC_OVERRIDE\", "},{"line_number":238,"context_line":"      \"FOWNER\","},{"line_number":239,"context_line":"      \"FSETID\","},{"line_number":240,"context_line":"      \"KILL\","}],"source_content_type":"text/x-rst","patch_set":4,"id":"d73f963e_9e752f90","line":237,"in_reply_to":"d26a22f4_97c72537","updated":"2025-10-29 05:23:00.000000000","message":"Acknowledged","commit_id":"b9c0a1fbc3054821db9a9fe56a027e8b19be6a0f"}]}