Merge "Complete and update Newton release notes"13.0.0.0rc1stable/newton

12 files changed, 230 insertions, 109 deletions

diff --git a/releasenotes/notes/add-vhdx-format-2be99354ad320cca.yaml b/releasenotes/notes/add-vhdx-format-2be99354ad320cca.yaml
index 83cf4bc57..37c926c43 100644
--- a/releasenotes/notes/add-vhdx-format-2be99354ad320cca.yaml
+++ b/releasenotes/notes/add-vhdx-format-2be99354ad320cca.yaml
@@ -1,6 +1,6 @@
 ---
 prelude: >
-  - Add VHDX to list of supported disk format.
+  - Add ``vhdx`` to list of supported disk format.
 features:
   - The identifier ``vhdx`` has been added to the list of
     supported disk formats in Glance. The respective
diff --git a/releasenotes/notes/bump-api-2-4-efa266aef0928e04.yaml b/releasenotes/notes/bump-api-2-4-efa266aef0928e04.yaml
new file mode 100644
index 000000000..808a04811
--- /dev/null
+++ b/releasenotes/notes/bump-api-2-4-efa266aef0928e04.yaml
@@ -0,0 +1,13 @@
+---
+prelude: >
+  - Glance API ``minor`` version bumped to 2.4.
+upgrade:
+  - |
+    Glance API **CURRENT** ``minor`` version is now ``2.4``.
+
+    * To partially fix an important image locations
+      bug 1587985, an API impacting change has been merged
+      into Glance.
+    * This will result into a non-backward compatible
+      experience before and after **Newton** release, for
+      users using ``add`` feature to image locations.
diff --git a/releasenotes/notes/deprecate-show-multiple-location-9890a1e961def2f6.yaml b/releasenotes/notes/deprecate-show-multiple-location-9890a1e961def2f6.yaml
index 1a5757d66..5ed03e01b 100644
--- a/releasenotes/notes/deprecate-show-multiple-location-9890a1e961def2f6.yaml
+++ b/releasenotes/notes/deprecate-show-multiple-location-9890a1e961def2f6.yaml
@@ -1,26 +1,32 @@
 ---
 prelude: >
-    Deprecate the ``show_multiple_locations`` configuration
+  - Deprecate the ``show_multiple_locations`` configuration
     option in favor of the existing Role Based Access
     Control (RBAC) for Image locations which uses
     ``policy.json`` file to define the appropriate rules.
-    Maintaining two different ways to configure, enable
-    and/or disable a feature is painful for developers and
-    operators, so the less granular means of controlling
-    this feature will be eliminated in the **Ocata**
-    release. Please read upgrade section for more details.
 upgrade:
-  - For the Newton release, this option will still be
-    honored. However, it is important to update
-    ``policy.json`` file for glance-api nodes. In
-    particular, please consider updating the policies
-    ``delete_image_location``, ``get_image_location`` and
-    ``set_image_location`` as per your requirements. As this
-    is an advanced option and prone to expose some risks,
-    please check the policies to ensure security and privacy
-    of your cloud.
-  - Future releases will ignore this option and just
-    follow the policy rules. It is recommended that this
-    option is disabled for public endpoints and is being
-    only used internally for service-to-service
-    communication.
+  - |
+    Some additional points about ``show_multiple_locations``
+    configuration option deprecation.
+
+    * Maintaining two different ways to configure, enable
+      and/or disable a feature is painful for developers and
+      operators, so the less granular means of controlling
+      this feature will be eliminated in the **Ocata**
+      release.
+    * For the Newton release, this option will still be
+      honored. However, it is important to update
+      ``policy.json`` file for glance-api nodes. In
+      particular, please consider updating the policies
+      ``delete_image_location``, ``get_image_location`` and
+      ``set_image_location`` as per your requirements. As
+      this is an advanced option and prone to expose some
+      risks, please check the policies to ensure security
+      and privacy of your cloud.
+    * Future releases will ignore this option and just
+      follow the policy rules. It is recommended that this
+      option is disabled for public endpoints and is used
+      only internally for service-to-service communication.
+    * As mentioned above, the same recommendation applies
+      to the policy-based configuration for exposing
+      multiple image locations.
diff --git a/releasenotes/notes/improved-config-options-221c58a8c37602ba.yaml b/releasenotes/notes/improved-config-options-221c58a8c37602ba.yaml
index 67d9cab7f..5a3a49d34 100644
--- a/releasenotes/notes/improved-config-options-221c58a8c37602ba.yaml
+++ b/releasenotes/notes/improved-config-options-221c58a8c37602ba.yaml
@@ -1,29 +1,30 @@
 ---
 prelude: >
-    Improved configuration options for glance. Please
-    refer to the ``other`` section for more information.
-
+  - Improved configuration option descriptions and handling.
 other:
-  - The glance configuration options have been
-    improved with detailed help texts, defaults for
-    sample configuration files, explicit choices
-    of values for operators to choose from, and a
-    strict range defined with ``min`` and ``max``
-    boundaries.
-
-    It must be noted that the configuration options
-    that take integer values now have a strict range defined
-    with "min" and/or "max" boundaries where appropriate. This
-    renders the configuration options incapable of taking certain
-    values that may have been accepted before but were actually
-    invalid. For example, configuration options specifying counts,
-    where a negative value was undefined, would have still accepted
-    the supplied negative value. Such options will no longer accept
-    negative values. However, options where a negative value was
-    previously defined (for example, -1 to mean unlimited) will
-    remain unaffected by this change.
+  - |
+    The glance configuration options have been improved with
+    detailed help texts, defaults for sample configuration
+    files, explicit choices of values for operators to
+    choose from, and a strict range defined with ``min`` and
+    ``max`` boundaries.
 
-    Values that do not comply with the appropriate restrictions
-    will prevent the service from starting. The logs will contain
-    a message indicating the problematic configuration option and
-    the reason why the supplied value has been rejected.
+    * It must be noted that the configuration options that
+      take integer values now have a strict range defined
+      with ``min`` and/or ``max`` boundaries where
+      appropriate.
+    * This renders the configuration options incapable of
+      taking certain values that may have been accepted
+      before but were actually invalid.
+    * For example, configuration options specifying counts,
+      where a negative value was undefined, would have still
+      accepted the supplied negative value. Such options
+      will no longer accept negative values.
+    * Options where a negative value was previously defined
+      (for example, -1 to mean unlimited) will remain
+      unaffected by this change.
+    * Values which do not comply with the new restrictions
+      will prevent the service from starting. The logs will
+      contain a message indicating the problematic
+      configuration option and the reason why the supplied
+      value has been rejected.
diff --git a/releasenotes/notes/location-add-status-checks-b70db66100bc96b7.yaml b/releasenotes/notes/location-add-status-checks-b70db66100bc96b7.yaml
new file mode 100644
index 000000000..97b41f298
--- /dev/null
+++ b/releasenotes/notes/location-add-status-checks-b70db66100bc96b7.yaml
@@ -0,0 +1,38 @@
+---
+prelude: >
+  - Adding locations to a non-active or non-queued image
+    is no longer allowed.
+critical:
+  - |
+    Attempting to set image locations to an image *not* in
+    ``active`` or ``queued`` status will now result in a
+    HTTP Conflict (HTTP status code 409) to the user.
+
+    * Until now, no image status checks were in place while
+      **adding** a location on it. In some circumstances,
+      this may result in a bad user experience. It may also
+      cause problems for a security team evaluating the
+      condition of an image in ``deactivated`` status.
+    * **Adding** locations is disallowed on the following
+      image statuses - ``saving``, ``deactivated``,
+      ``deleted``, ``pending_delete``, ``killed``.
+    * Note that there are race conditions associated with
+      adding a location to an image in the ``active``,
+      ``queued``, ``saving``, or ``deactivated`` status.
+      Because these are non-terminal image statuses, it is
+      possible that when a user attempts to add a location,
+      a status transition could occur that might block the
+      **add** (or might appear to allow an add that should
+      not be allowed).
+    * For example, a user is not allowed to add a location
+      to an image in ``saving`` status. Suppose a user
+      decides to add a location anyway. It is possible that
+      before the user's request is processed, the
+      transmission of data being saved is completed and the
+      image transitioned into ``active`` status, in which
+      case the user's add location request will succeed. To
+      the user, however, this success will appear anomalous
+      because in most cases, an attempt to add a location to
+      an image in ``saving`` status will fail.
+    * We mention this so that you can be aware of this
+      situation in your own testing.
diff --git a/releasenotes/notes/newton-1-release-065334d464f78fc5.yaml b/releasenotes/notes/newton-1-release-065334d464f78fc5.yaml
index 5c764c129..745f95ec5 100644
--- a/releasenotes/notes/newton-1-release-065334d464f78fc5.yaml
+++ b/releasenotes/notes/newton-1-release-065334d464f78fc5.yaml
@@ -1,35 +1,20 @@
 ---
 prelude: >
-    Several in-tree documentation updates exist in newton-1.
-    An important bug 1570789 that will handle 4 byte unicode
-    chars for metadefs APIs is fixed which will prevent 500s
-    on the same. Deprecated sign-the-hash approach for image
-    signing and old run_tests and related scripts have been
-    removed.
+  - Glance no longer returns a 500 when 4 byte unicode
+    characters are passed to the metadefs API.
+  - Deprecated "sign-the-hash" approach for image signing.
+    Old run_tests and related scripts have been removed.
 upgrade:
-  - The image signature verification feature has been updated
-    to follow the "sign-the-data" approach, which uses a
-    signature of the image data directly. The prior deprecated
-    "sign-the-hash" approach, which uses a signature of an MD5
-    hash of the image data, has been removed.
+  - The image signature verification feature has been
+    updated to follow the "sign-the-data" approach, which
+    uses a signature of the image data directly. The prior
+    deprecated "sign-the-hash" approach, which uses a
+    signature of an MD5 hash of the image data, has been
+    removed.
 security:
   - The initial implementation of the image signature
     verification feature in Glance was insecure, because it
-    relied on an MD5 hash of the image data. More details can
-    be found in bug 1516031. This "sign-the-hash" approach was
-    deprecated in Mitaka, and removed in newton-1.
-    Related CVE-2015-8234.
-fixes:
-  - |
-    Please find below a list of some other important bugs along with
-    their descriptions that have been fixed in newton-1.
-
-    * bug 1580848: There's no exception when import task is created
-      without properties
-    * bug 1585584: Glare v0.1 is unable to create public artifact draft
-    * bug 1582304: Allow tests to run when http proxy is set
-    * bug 1570789: various md-* create and update api's
-      return 500 error if 4 bytes unicode characters is passed
-    * bug 1568894: glance_store opts missing in glance-scrubber.conf
-      and glance-cache.conf sample files
-    * bug 1568723: secure_proxy_ssl_header not in sample config files
+    relied on an MD5 hash of the image data. More details
+    can be found in bug 1516031. This "sign-the-hash"
+    approach was deprecated in Mitaka, and has been removed
+    in Newton. Related CVE-2015-8234.
diff --git a/releasenotes/notes/newton-bugs-06ed3727b973c271.yaml b/releasenotes/notes/newton-bugs-06ed3727b973c271.yaml
new file mode 100644
index 000000000..a7fd49ce8
--- /dev/null
+++ b/releasenotes/notes/newton-bugs-06ed3727b973c271.yaml
@@ -0,0 +1,61 @@
+---
+fixes:
+  - |
+    Here is a list of other important bugs that have been
+    fixed (or partially fixed) along with their
+    descriptions.
+
+    * bug 1617258: Image signature base64 needs to wrap
+      lines
+    * bug 1612341: Add cpu thread pinning flavor metadef
+    * bug 1609571: version negotiation api middleware was
+      NOT up to date to include v2.3
+    * bug 1602081: Glance needs to use oslo.context's
+      policy dict
+    * bug 1599169: glance-replicator size raises object of
+      type 'NoneType' has no len() exception when no args
+      provided
+    * bug 1599192: glance-replicator needs to display
+      human-readable size
+    * bug 1585917: member-create will raise 500 error if
+      member-id is greater than 255 characters
+    * bug 1598985: glance-replicator compare output should
+      show image name in addition to image id for missing
+      images
+    * bug 1533949: Glance tasks missing configuration item
+      "conversion_format"
+    * bug 1593177: The default policy needs to be admin for
+      safer default deployment scenarios
+    * bug 1584076: Swift ACLs disappears on v1 Glance
+      images
+    * bug 1591004: Unable to download image with no
+      checksum when cache is enabled
+    * bug 1584415: Listing images with the created_at and
+      updated_at filters fails if an operator is not
+      specified
+    * bug 1590608: Services should use http_proxy_to_wsgi
+      middleware from oslo.middleware library
+    * bug 1584350: etc/glance-registry.conf sample file has
+      redundant store section
+    * bug 1543937: db-purge fails for very large number
+    * bug 1580848: There's no exception when import task is
+      created without properties
+    * bug 1585584: Glare v0.1 is unable to create public
+      artifact draft
+    * bug 1582304: Allow tests to run when http proxy is set
+    * bug 1570789: Metadefs API returns 500 error when 4
+      byte unicode character is passed
+    * bug 1532243: glance fails silently if a task flow
+      can not be loaded
+    * bug 1568894: glance_store options missing in
+      glance-scrubber.conf and glance-cache.conf sample
+      files
+    * bug 1568723: secure_proxy_ssl_header not in sample
+      configuration files
+    * bug 1535231: md-meta with case insensitive string has
+      problem during creating
+    * bug 1555275: Tags set changes on delete
+    * bug 1558683: Versions endpoint does not support
+      X-Forwarded-Proto
+    * bug 1557495: Possible race conditions during status
+      change
diff --git a/releasenotes/notes/remove-db-downgrade-0d1cc45b97605775.yaml b/releasenotes/notes/remove-db-downgrade-0d1cc45b97605775.yaml
index d835b89d6..25546875f 100644
--- a/releasenotes/notes/remove-db-downgrade-0d1cc45b97605775.yaml
+++ b/releasenotes/notes/remove-db-downgrade-0d1cc45b97605775.yaml
@@ -1,11 +1,11 @@
 ---
 prelude: >
-    Database downgrades have been removed from the Glance source tree. Please
-    see ``upgrade`` section for more details.
+  - Database downgrades have been removed from the Glance
+    source tree.
 upgrade:
   - The ``db_downgrade`` command has been removed from the
     ``glance-manage`` utility and all database downgrade
     scripts have been removed.  In accord with OpenStack
     policy, Glance cannot be downgraded any more.  Operators
     are advised to make a full database backup of their
-    production data before attempting any upgrade.
\ No newline at end of file
+    production data before attempting any upgrade.
diff --git a/releasenotes/notes/remove-s3-driver-639c60b71761eb6f.yaml b/releasenotes/notes/remove-s3-driver-639c60b71761eb6f.yaml
index f093f7d62..9f3474d3b 100644
--- a/releasenotes/notes/remove-s3-driver-639c60b71761eb6f.yaml
+++ b/releasenotes/notes/remove-s3-driver-639c60b71761eb6f.yaml
@@ -1,11 +1,12 @@
 ---
 prelude: >
-    s3 store driver has been removed.
+  - The ``s3`` store driver has been removed.
 upgrade:
-  - The latest release of glance_store library does not
-    have the support for s3 driver. All code references of
-    s3 have been removed from the library. As this release
-    of Glance uses the updated glance_store library, you
-    will find s3 driver support removed from Glance too.
-    One such important example is the location strategy
-    which no longer has s3 support.
+  - The latest release of glance_store library does not have
+    the support for the ``s3`` driver. All code references
+    of the same have been removed from the library. As this
+    release of Glance uses the updated glance_store library,
+    you will find the ``s3`` driver support removed from
+    Glance too. For example the Glance image location
+    strategy modules no longer offer the ``s3`` driver
+    support.
diff --git a/releasenotes/notes/reordered-store-config-opts-newton-3a6575b5908c0e0f.yaml b/releasenotes/notes/reordered-store-config-opts-newton-3a6575b5908c0e0f.yaml
new file mode 100644
index 000000000..e6fd3daf8
--- /dev/null
+++ b/releasenotes/notes/reordered-store-config-opts-newton-3a6575b5908c0e0f.yaml
@@ -0,0 +1,31 @@
+---
+prelude: >
+  - Sample configuration file shipped with Glance source now
+    has reordered store drivers configuration options for
+    future consistent ordering.
+other:
+  - |
+    The sample configuration files autogenerated using the
+    oslo-config-generator tool now give consistent ordering
+    of the store drivers configurations.
+
+    * Some operators have reported issues with reordering
+      observed in the sample configurations shipped with
+      Glance release tarballs. This reordering may result
+      into a incorrect "diff" of the configurations used
+      downstream vs. newly introduced upstream.
+    * Latest release of ``glance_store`` library (used
+      in the **Newton** release of Glance) will include fix
+      for the ``glance_store`` bug 1619487.
+    * Until now every run of the oslo-config-generator
+      resulted in random ordering of the store drivers
+      configuration. After **Newton** release this order
+      will remain consistent.
+    * The store drivers configuration order in the sample or
+      autogenerated files should be expected to be
+      alphabetical as - ``cinder``, ``filesystem``,
+      ``http``, ``rbd``, ``sheepdog``, ``swift``,
+      ``vmware``.
+    * Note the code name for the "ceph" driver is ``rbd``.
+    * Note the ordering of the options within a store is not
+      alphabetical.
diff --git a/releasenotes/notes/soft_delete-tasks-43ea983695faa565.yaml b/releasenotes/notes/soft_delete-tasks-43ea983695faa565.yaml
index 568dd11cd..2c91f5165 100644
--- a/releasenotes/notes/soft_delete-tasks-43ea983695faa565.yaml
+++ b/releasenotes/notes/soft_delete-tasks-43ea983695faa565.yaml
@@ -1,25 +1,10 @@
 ---
 prelude: >
-    Adds a new function that is called in the
-    tasks_get_all function, so that everytime tasks
-    lists are called, the function checks if tasks in
-    the database have surpassed the expired_at value;
-    if that is the case, then it marks the deleted value
-    as 1 for all the expired tasks.
-
+  - Expired tasks are now deleted.
 other:
-  - Tasks are soft deleted, in Glance, a resource can
-    be soft deleted in the Database Table, these resources
-    still exist in the database. The same thing happens
-    with tasks; they are marked as deleted using the
-    delete flag in the Tasks table which are not queried
-    on the regular list or show call. The tasks are not
-    instantly deleted because there may be information
-    contained in the task resource that may not be
-    available elsewhere(For example, a successful
-    import task will eventually result in the creation
-    of an image in Glance, and it would be useful to
-    know the UUID of this image. Similarly, if the
-    import task fails, end user should be given time
-    to read the task resource to analyze the error
-    message.)
\ No newline at end of file
+  - Expired tasks are now deleted in Glance. As with other
+    Glance resources, this is a "soft" deletion, that is, a
+    deleted task is marked as ``deleted`` in the database so
+    that the task will not appear in API responses, but the
+    information associated with the task persists in the
+    database.
diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst
index fc85c9ded..2a5fbb230 100644
--- a/releasenotes/source/index.rst
+++ b/releasenotes/source/index.rst
@@ -5,6 +5,6 @@
 .. toctree::
    :maxdepth: 1
 
-   liberty
    unreleased
    mitaka
+   liberty