Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1293472 - [RFE][glance] Implement trust support for Glance images [NEEDINFO]
[RFE][glance] Implement trust support for Glance images
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-glance (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
medium Severity medium
: Upstream M1
: 11.0 (Ocata)
Assigned To: Cyril Roelandt
Avi Avraham
Don Domingo
https://blueprints.launchpad.net/glan...
upstream_milestone_none upstream_defi...
: FutureFeature, TestOnly, Triaged
Depends On:
Blocks: 1341956
  Show dependency treegraph
 
Reported: 2015-12-21 15:13 EST by Sean Cohen
Modified: 2017-05-17 15:25 EDT (History)
11 users (show)

See Also:
Fixed In Version: openstack-glance-14.0.0-2.el7ost
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-05-17 15:25:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
scohen: needinfo+
lbopf: needinfo? (cyril)

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 241986 None None None 2016-09-14 06:30 EDT
Red Hat Product Errata RHEA-2017:1245 normal SHIPPED_LIVE Red Hat OpenStack Platform 11.0 Bug Fix and Enhancement Advisory 2017-05-17 19:01:50 EDT

  None (edit)
Description Sean Cohen 2015-12-21 15:13:25 EST 
Problem description

Keystone tokens have some restricted lifetime. After the user token has expired, any request initiated by Glance which needs a valid user token will fail. This causes the original user’s request to also fail, even though the token was originally valid when passed to Glance.

This this spec intends to address the specific case where a token expires during image upload causing the call to the registry to set the image state ‘active’ to fail:

    User requests image-upload.
    Keystone Middleware accepts the request and passes the request to Glance.
    Glance passes all required data to glance_store.
    glance_store uploads an image but it takes a lot of time (more than token expiration time)
    Glance sends a request to registry to change image status.
    Keystone Middleware rejects the request because user token has expired.

As a result the image never transitions to ‘active’ status and so isn’t usable.

Increasing the token expiration time doesn’t seem to be a good long-term solution.

Full spec: https://specs.openstack.org/openstack/glance-specs/specs/mitaka/glance-trusts.html
Comment 2 Mike McCune 2016-03-28 18:35:49 EDT 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 8 Avi Avraham 2017-02-13 01:48:03 EST 
Missing RPM version that includes this fix.
Comment 10 Cyril Roelandt 2017-03-20 14:07:51 EDT 
@Avi: the target is 11.0 (Ocata), so I believe this should be available in 14.0.0-2.
Comment 13 errata-xmlrpc 2017-05-17 15:25:49 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1245
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.