Merge lp:~jaypipes/glance/bug713126 into lp:~glance-coresec/glance/cactus-trunk

Checking out this patch right now.

cheers!

To me this branch was long overdue :)

At a first _glance_, I couldn't find anything wrong with it...only two small niggley bits:

- maybe if tests don't find swift they should say 'skipped' rather than 'ok', but I don't know if nosetest can do that easily. The effect is the same but it just draws attention to the user
- the default swift store options are a bit weak: DEFAULT_SWIFT_ACCOUNT = 'glance' and DEFAULT_SWIFT_CONTAINER = 'glance' do not seem very unique to me :)

Other than that, I'd like to give this branch a whirl on a live swift deployment we got here before giving a full 'approve' from my side :)

> To me this branch was long overdue :)

:) Yes, I know.

> At a first _glance_, I couldn't find anything wrong with it...only two small
> niggley bits:
>
> - maybe if tests don't find swift they should say 'skipped' rather than 'ok',
> but I don't know if nosetest can do that easily. The effect is the same but it
> just draws attention to the user

Yes, I thought about this. I had originally used unittest2's @skipIf decorator, but I had proposed an earlier branch and people didn't want to require dependency on unittest2. nose has some ability to do skipping; I could check into this.

> - the default swift store options are a bit weak: DEFAULT_SWIFT_ACCOUNT =
> 'glance' and DEFAULT_SWIFT_CONTAINER = 'glance' do not seem very unique to me
> :)

Well, the account and container are more general-purpose than anything to do with authenticating (user and key are for that purpose). What do you think I should set account and container to?

> Other than that, I'd like to give this branch a whirl on a live swift
> deployment we got here before giving a full 'approve' from my side :)

Can't wait for feedback! Thanks, Armando!

-jay

I guess that as long as we use an account that cannot be used by anyone else, then there will never be a risk of having image files mixed up with user data, so in that respect it's safe.

As for the swift_store_auth_address I wonder if we need to append /v1.0 at the end of it.

When I use ST (the tool that comes with swift) without it, I get the following error:

__main__.ClientException: Auth GET failed: https://192.168.1.199:11000 400 Bad Request

Jay, this may sound silly, but can you spot why I am getting this exception?

2011-02-28 14:30:49 ERROR [glance.store.swift] auch
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 336, in handle_one_response
    result = self.application(self.environ, start_response)
  File "build/bdist.linux-i686/egg/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "build/bdist.linux-i686/egg/routes/middleware.py", line 131, in __call__
    response = self.app(environ, start_response)
  File "build/bdist.linux-i686/egg/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "build/bdist.linux-i686/egg/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "build/bdist.linux-i686/egg/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 215, in __call__
    result = method(**arg_dict)
  File "/usr/lib/python2.6/site-packages/glance/server.py", line 352, in create
    self._upload_and_activate(req, image_meta)
  File "/usr/lib/python2.6/site-packages/glance/server.py", line 315, in _upload_and_activate
    raise e
ImportError: No module named common.client

I have swift installed in my site-packages, and I can import swift.common.client.Connection using the python interpreter. This exception occurs every time I try to upload. As the problem is here:

272 + connection_class = get_connection_class(conn_class)

Thanks,
Armando

I'd like to see this in trunk asap :)

Excellent work Jay. I got it working with my CloudFiles account with some small-fixes:

> 237 + account = options.get('swift_store_account',
> 238 + DEFAULT_SWIFT_ACCOUNT)

Account is referenced but not used. AFAIK, there isn't a distinction between
account and username, so, I think we can remove all references to account.

> 143 -from __future__ import absolute_import

Was this removed for a reason? The `swift` adapter is shadowing the `swift`
module so `import swift.common.client` won't do the right thing without this.

> 215 + def add(cls, id, data, options, conn_class=None):

We probably shouldn't be using `id`, but, we can save that for a cleanup-patch
where we fix that everywhere, all-at-once.

> 308 + "location %(location)s" % locals())

One space to the right :)

> 334 + except Exception, e:

This should probably be `except swift.common.client.ClientException, e` in
order to guarantee that it has the `http_status` attribute.

Since, you'll need swift.common.client in the local-namespace to do this, you
can either:

* Use separate imports in each function that has to use something from the
  swift module

* Use a lazy-import pattern: define a global SWIFT global variable (initialized to None) and then lazily populate it. Then use that to access sub-modules. I believe this is done in Nova.

> 281 + obj_etag = swift_conn.put_object(container, id, data)

Needs to be `str(id)` since the `quote` method used by swift.Client expects a
string.

Since this is used repeatedly (in the head_object call too), probably best to
do something like:

    obj_name = str(id)

at the top of each method.

Currently we're assuming that the container already exists (if it doesn't, the
PUT will fail with a 404). I would vote that we automatically create the
container if it doesn't exist.

Perhaps this behavior should be governed by a configuration option, something
like `swift_store_create_container_on_put`

> Jay, this may sound silly, but can you spot why I am getting this exception?
>
> 2011-02-28 14:30:49 ERROR [glance.store.swift] auch
> Traceback (most recent call last):
> File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 336, in
> handle_one_response
> result = self.application(self.environ, start_response)
> File "build/bdist.linux-i686/egg/webob/dec.py", line 159, in __call__
> return resp(environ, start_response)
> File "build/bdist.linux-i686/egg/routes/middleware.py", line 131, in
> __call__
> response = self.app(environ, start_response)
> File "build/bdist.linux-i686/egg/webob/dec.py", line 159, in __call__
> return resp(environ, start_response)
> File "build/bdist.linux-i686/egg/webob/dec.py", line 147, in __call__
> resp = self.call_func(req, *args, **self.kwargs)
> File "build/bdist.linux-i686/egg/webob/dec.py", line 208, in call_func
> return self.func(req, *args, **kwargs)
> File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 215, in
> __call__
> result = method(**arg_dict)
> File "/usr/lib/python2.6/site-packages/glance/server.py", line 352, in
> create
> self._upload_and_activate(req, image_meta)
> File "/usr/lib/python2.6/site-packages/glance/server.py", line 315, in
> _upload_and_activate
> raise e
> ImportError: No module named common.client
>
> I have swift installed in my site-packages, and I can import
> swift.common.client.Connection using the python interpreter. This exception
> occurs every time I try to upload. As the problem is here:
>
> 272 + connection_class = get_connection_class(conn_class)

It's because there is a module glance.store.swift and a module swift.common.client. Local namespacing is confusing Python into thinking it should search for "common.client" at a module path of glance.store.swift.common.client. It's a bug, and there are a couple solutions to it. Rick refers to a couple below. Working on it...

Thanks!
jay

Thanks Rick, working on fixes now. Should push a branch shortly... gah, jury duty is a pain in the business schedule :)

> Excellent work Jay. I got it working with my CloudFiles account with some
> small-fixes:
>
> > 237 + account = options.get('swift_store_account',
> > 238 + DEFAULT_SWIFT_ACCOUNT)
>
> Account is referenced but not used. AFAIK, there isn't a distinction between
> account and username, so, I think we can remove all references to account.

account definitely != username in Swift. username/key is used for auth'ing against an authentication service, but account is used to determine which containers a user has access to, at least if I'm understanding the docs correctly. I believe that the auth middleware inserts the X-User-Account header into the environ? Not quite sure...

Hmm, so I was a little unsure about this and was hoping the Swift guys could shine some light. As far as I have read, I guess Swift objects are always in an account and a container, with the URI structure:

auth_url/account/container/objectname

Our previous code was ignoring account so I ignored it too, but I think I will add it now? This relates to LP bug #717431

> > 143 -from __future__ import absolute_import
>
> Was this removed for a reason? The `swift` adapter is shadowing the `swift`
> module so `import swift.common.client` won't do the right thing without this.

I removed it because absolute_import wasn't being used. :) Though, might need to use it per your answer below ;)

> > 215 + def add(cls, id, data, options, conn_class=None):
>
> We probably shouldn't be using `id`, but, we can save that for a cleanup-patch
> where we fix that everywhere, all-at-once.

Ya, cleanup patch.

> > 308 + "location %(location)s" %
> locals())
>
> One space to the right :)

Done.

> > 334 + except Exception, e:
>
> This should probably be `except swift.common.client.ClientException, e` in
> order to guarantee that it has the `http_status` attribute.
>
> Since, you'll need swift.common.client in the local-namespace to do this, you
> can either:
>
> * Use separate imports in each function that has to use something from the
> swift module
>
> * Use a lazy-import pattern: define a global SWIFT global variable
> (initialized to None) and then lazily populate it. Then use that to access
> sub-modules. I believe this is done in Nova.

The main problem is not having the import of glance.store.swift in tests/unit/test_swift_store.py blow up when Swift isn't installed. I could try the Nova solution, but it always seems hacky compared to just wrapping an import swift.common.client in a try: except ImportError: block...

I could solve the problem using nose's skip stuff, too, I think?

> > 281 + obj_etag = swift_conn.put_object(container, id, data)
>
> Needs to be `str(id)` since the `quote` method used by swift.Client expects a
> string.
>
> Since this is used repeatedly (in the head_object call too), probably best to
> do something like:
>
> obj_name = str(id)
>
> at the top of each method.

Done.

> Currently we're assuming that the container already exists (if it doesn't, the
> PUT will fail with a 404). I would vote that we automatically create the
> container if i...

>Our previous code was ignoring account so I ignored it too, but I think I will add it now? This relates to LP bug #717431

Ah ok. So, yeah, probably need some clarification, but `account` should be
used in crafting the URI.

> 283 + try:
> 284 + swift_conn.head_container(container)
> 285 + except Exception, e:
> 286 + if e.http_status == httplib.NOT_FOUND:
> 287 + add_container = config.get_option(options,
> 288 + 'swift_store_create_container_on_put',
> 289 + type='bool', default=False)
> 290 + if add_container:
> 291 + try:
> 292 + swift_conn.put_container(container)
> 293 + except Exception, e:
> 294 + msg = ("Failed to add container to Swift.\n"
> 295 + "Got error from Swift: %(e)s" % locals())
> 296 + raise glance.store.BackendException(msg)
> 297 + else:
> 298 + msg = ("The container %(container)s does not exist in "
> 299 + "Swift. Please set the "
> 300 + "swift_store_create_container_on_put option"
> 301 + "to add container to Swift automatically."
> 302 + % locals())
> 303 + raise glance.store.BackendException(msg)

The `add()` method is starting to get a bit long. I'd vote that we break this
code out into a separate method called something like
`_create_container_if_needed`.

> 245 + user = options.get('swift_store_user')
...
> 287 + add_container = config.get_option(options,
> 288 + 'swift_store_create_container_on_put',
> 289 + type='bool', default=False)

We're getting options two--really three if you could CLI options--different
ways. One way is to use paste and the other--the new way-- is to use the
ConfigParser api directly.

I'd vote to continue to use the `paste` method for now, and, if we want to
refactor config options, do that as another, config-options-improvement patch.

> 263 + if not user:
> 264 + logger.error(msg)
> 265 + msg = ("Could not find swift_store_user in configuration "
> 266 + "options.")
> 267 + raise glance.store.BackendException(msg)

There is some repeated code similar to this. Wonder if we'd benefit from a
`_get_required_option` function that returns the value if present, and logs
and raises if not.

> 157 +DEFAULT_SWIFT_ACCOUNT = 'glance'
> 158 +DEFAULT_SWIFT_CONTAINER = 'glance'

I don't see a reason to have these constants. We already have the config-file,
we can just treat the `account` and `container` config options as required. Seems
less confusing to me, IMHO.

On Tue, Mar 1, 2011 at 2:20 AM, Rick Harris <email address hidden> wrote:
>> 245   +        user = options.get('swift_store_user')
> ...
>> 287   +                add_container = config.get_option(options,
>> 288   +                                    'swift_store_create_container_on_put',
>> 289   +                                    type='bool', default=False)
>
> We're getting options two--really three if you could CLI options--different
> ways. One way is to use paste and the other--the new way-- is to use the
> ConfigParser api directly.
>
> I'd vote to continue to use the `paste` method for now, and, if we want to
> refactor config options, do that as another, config-options-improvement patch.

Sorry, I'm lost. The above is the glance.common.config.get_option()
function you added in a recent patch that I specifically argued
against using... I'm only following the convention you set in
/glance/registry/db/api.py.

-jay

Does line:

279 + logger.debug("Adding image object to Swift using "
280 + "(auth_address=%(auth_address)s, user=%(user)s, "
281 + "key=%(key)s)")

need % locals() ?

Rick,

did you specify the version for swift_store_auth_address? like this:

swift_store_auth_address=127.0.0.1:11000/v1.0

If I don't do it, I get this error:

BackendException: Failed to add object to Swift.
Got error from Swift: Auth GET failed: https://127.0.0.1:11000 400 Bad Request

If the version is required, we might want to tweak the default otherwise it will raise a lot of false positives from swift newbies :)

Many thanks,
Armando

Jay:

> I'm only following the convention you set in
/glance/registry/db/api.py

You're right. Disregard comment, acquire sanity. :)

Sorry about the mix-up, I'm just generally confused by config-options at this point. Something we can revisit down the road, I guess.

Armando:

> did you specify the version for swift_store_auth_address?

Yep.

> If the version is required, we might want to tweak the default otherwise it will raise a lot of false positives from swift newbies

Yeah I agree, it's a bit confusing. We can use use a BASE_URI which encapsulates both scheme, host, port, and version number like:

https://auth.api.rackspacecloud.com/v1.0/

Or, we can use a separate config for each part:

swift_store_port = 80
swift_store_host = auth.api.rackspacecloud.com
swift_store_api_version = 1.0

I lean towards the separate-config approach since it seems a little simpler.

Greetings, everyone!

So, I am getting VMs to boot, and for all intents and purposes this is 'working.' One thing that I feel is odd, when I jump on my swift proxy, and check the containers...they are empty.

##nova-compute log##
2011-03-01 10:28:02,909 INFO nova.virt.xenapi.vmops [-] Spawning VM instance-00000009 created OpaqueRef:8d097152-7213-607d-a8a0-89acf8b265d6.
2011-03-01 10:28:03,242 INFO nova.virt.xenapi [-] Task [Async.host.call_plugin] OpaqueRef:b0af1d35-2a7a-39be-cecd-377d5f021df5 status: success <value>null</value>
2011-03-01 10:28:03,452 INFO nova.virt.xenapi.vm_utils [-] (VM_UTILS) xenserver vm state -> |Running|
2011-03-01 10:28:03,452 INFO nova.virt.xenapi.vm_utils [-] (VM_UTILS) xenapi power_state -> |1|
2011-03-01 10:28:03,502 DEBUG nova.virt.xenapi.vmops [-] Instance instance-00000009: booted from (pid=964) _wait_for_boot /root/openstack/nova/nova/virt/xenapi/vmops.py:150
2011-03-01 10:28:03,506 INFO nova.virt.xenapi.vm_utils [-] (VM_UTILS) xenserver vm state -> |Running|
2011-03-01 10:28:03,506 INFO nova.virt.xenapi.vm_utils [-] (VM_UTILS) xenapi power_state -> |1|

##on domU##
+----+--------+--------+-----------+----------------+
| ID | Name | Status | Public IP | Private IP |
+----+--------+--------+-----------+----------------+
| 7 | test01 | active | | 184.106.17.204 |
| 8 | test01 | active | | 184.106.17.205 |
| 9 | test01 | active | | 184.106.17.206 |
+----+--------+--------+-----------+----------------+

##On swift proxy##
root@colo01:~# st -A https://184.106.17.135:8080/auth/v1.0 -U system:root -K XXXXX stat
   Account: AUTH_XXXXXXXX
Containers: 0
   Objects: 0
     Bytes: 0

Maybe I am setting up something wrong in my glance.conf? Here it is for your review:

# ============ Swift Store Options =============================

# Address where the Swift authentication service lives
swift_store_auth_address = 184.106.17.135:8080/auth/v1.0

# User to authenticate against the Swift authentication service
swift_store_user = root

# Auth key for the user authenticating against the
# Swift authentication service
swift_store_key = AUTH_XXXXXXXXXXXXXXXXXXXXXX

# Account to use for the user:key Swift auth combination
# for storing images in Swift
swift_store_account = root

# Container within the account that the account should use
# for storing images in Swift
swift_store_container = glance

# Do we create the container if it does not exist?
swift_store_create_container_on_put = True

Any ideas? What else are you folks running into?

Cheers!

Oh, and I'm using swauth (bind to 8080) for swift, not devauth.

thanks!

Wayne:

I tested Jay's code against production CloudFiles. You could sanity check your setup, by first hitting CloudFiles, then, if that works, repointing to your local instance of Swift.

Wayne,
should your swift_store_account option in glance.conf be system rather than root?

Just guessing here...

> Greetings, everyone!
>
> So, I am getting VMs to boot, and for all intents and purposes this is
> 'working.' One thing that I feel is odd, when I jump on my swift proxy, and
> check the containers...they are empty.
>
> ##nova-compute log##
> 2011-03-01 10:28:02,909 INFO nova.virt.xenapi.vmops [-] Spawning VM
> instance-00000009 created OpaqueRef:8d097152-7213-607d-a8a0-89acf8b265d6.
> 2011-03-01 10:28:03,242 INFO nova.virt.xenapi [-] Task
> [Async.host.call_plugin] OpaqueRef:b0af1d35-2a7a-39be-cecd-377d5f021df5
> status: success <value>null</value>
> 2011-03-01 10:28:03,452 INFO nova.virt.xenapi.vm_utils [-] (VM_UTILS)
> xenserver vm state -> |Running|
> 2011-03-01 10:28:03,452 INFO nova.virt.xenapi.vm_utils [-] (VM_UTILS) xenapi
> power_state -> |1|
> 2011-03-01 10:28:03,502 DEBUG nova.virt.xenapi.vmops [-] Instance
> instance-00000009: booted from (pid=964) _wait_for_boot
> /root/openstack/nova/nova/virt/xenapi/vmops.py:150
> 2011-03-01 10:28:03,506 INFO nova.virt.xenapi.vm_utils [-] (VM_UTILS)
> xenserver vm state -> |Running|
> 2011-03-01 10:28:03,506 INFO nova.virt.xenapi.vm_utils [-] (VM_UTILS) xenapi
> power_state -> |1|
>
> ##on domU##
> +----+--------+--------+-----------+----------------+
> | ID | Name | Status | Public IP | Private IP |
> +----+--------+--------+-----------+----------------+
> | 7 | test01 | active | | 184.106.17.204 |
> | 8 | test01 | active | | 184.106.17.205 |
> | 9 | test01 | active | | 184.106.17.206 |
> +----+--------+--------+-----------+----------------+
>
> ##On swift proxy##
> root@colo01:~# st -A https://184.106.17.135:8080/auth/v1.0 -U system:root -K
> XXXXX stat
> Account: AUTH_XXXXXXXX
> Containers: 0
> Objects: 0
> Bytes: 0
>
> Maybe I am setting up something wrong in my glance.conf? Here it is for your
> review:
>
> # ============ Swift Store Options =============================
>
> # Address where the Swift authentication service lives
> swift_store_auth_address = 184.106.17.135:8080/auth/v1.0
>
> # User to authenticate against the Swift authentication service
> swift_store_user = root
>
> # Auth key for the user authenticating against the
> # Swift authentication service
> swift_store_key = AUTH_XXXXXXXXXXXXXXXXXXXXXX
>
> # Account to use for the user:key Swift auth combination
> # for storing images in Swift
> swift_store_account = root
>
> # Container within the account that the account should use
> # for storing images in Swift
> swift_store_container = glance
>
> # Do we create the container if it does not exist?
> swift_store_create_container_on_put = True
>
>
>
> Any ideas? What else are you folks running into?
>
> Cheers!

@Rick, alright I'll give that a try, good idea.

@Armando, I tried 'root' 'system:root' 'system', and a variety of other names. When using cyberduck, I have to use system:root and point to the right auth path "/auth/v1.0" This worked before I changed to swauth, now it's back to giving me errors...shrug

@Rick -- Well, same result. VMs are booting, but no containers are being made on my CloudFiles account. I'm not even sure /where/ these VMs are going... I'll continue to check this out...

On Tue, Mar 1, 2011 at 3:11 PM, Wayne A. Walls <email address hidden> wrote:
> @Armando, I tried 'root' 'system:root' 'system', and a variety of other names.  When using cyberduck, I have to use system:root and point to the right auth path "/auth/v1.0" This worked before I changed to swauth, now it's back to giving me errors...shrug

The account isn't even being used. In fact, in the swift client code
(/swift/common/client.py in Swift) there's no mention of account
anywhere. We are still trying to figure out how to even specify the
thing or even what it is or if it's different between Cloud Files and
Swift. Some people say that this is the URI structure:

http://user:key@authurl/account/container/objname

Others say this is:

http://user:account:key@authurl/container/objname

Frankly, after going through the Swift docs, I'm at a loss as to what
the account is and how it's different from the swift auth user... if
someone could explain this, we could code it up.

-jay

> Does line:
>
> 279 + logger.debug("Adding image object to Swift using "
> 280 + "(auth_address=%(auth_address)s, user=%(user)s, "
> 281 + "key=%(key)s)")
>
> need % locals() ?

Yes it does :) Good catch!

Added fixes from reviews. Please do re-review. Thanks :)

Looks good, unit-tests pass, and I confirmed it works functionally.

Just a couple of femto-nits:

> 189 + conn_class=None):

Looks like several methods are taking the `conn_class` kwarg that is never
used.

> import urllib

Not directly related, but it looks like this import isn't used anymore.

> 377 + except ClientException, e:
> 378 + if e.http_status == httplib.NOT_FOUND:
> 379 + add_container = config.get_option(options,
> 380 + 'swift_store_create_container_on_put',
> 381 + type='bool', default=False)
> 382 + if add_container:
> 383 + try:
> 384 + swift_conn.put_container(container)
> 385 + except ClientException, e:
> 386 + msg = ("Failed to add container to Swift.\n"
> 387 + "Got error from Swift: %(e)s" % locals())
> 388 + raise glance.store.BackendException(msg)
> 389 + else:
> 390 + msg = ("The container %(container)s does not exist in "
> 391 + "Swift. Please set the "
> 392 + "swift_store_create_container_on_put option"
> 393 + "to add container to Swift automatically."
> 394 + % locals())
> 395 + raise glance.store.BackendException(msg)

In the case where e.http_status != HTTP_FOUND, we probably want to re-raise
the current exception.

Yep, all good catches. Fixing now.

210 + location = "swift://%s:%s@%s/%s/%s" % (user, key, authurl,
211 + container, obj)

305 + location = "swift://%(user)s:%(key)s@%(auth_address)s/"\
306 + "%(container)s/%(obj_name)s" % locals()

319 + location = "swift://%s:%s@%s/%s/%s" % (user, key, auth_address,
320 + container, id)

350 + location = "swift://%s:%s@%s/%s/%s" % (user, key, authurl,
351 + container, obj)

Can you add a helper method to make this cleaner?

Devin and Rick, pushed fixes from your reviews. Please re-check :) Thanks again!

Jay,

this looks good!

However, I am still a bit confused about the use of the account bit. Were you able to clarify the point below?

> On Tue, Mar 1, 2011 at 3:11 PM, Wayne A. Walls <email address hidden> wrote:
> The account isn't even being used. In fact, in the swift client code
> (/swift/common/client.py in Swift) there's no mention of account
> anywhere. We are still trying to figure out how to even specify the
> thing or even what it is or if it's different between Cloud Files and
> Swift. Some people say that this is the URI structure:
>
> http://user:key@authurl/account/container/objname
>
> Others say this is:
>
> http://user:account:key@authurl/container/objname
>
> Frankly, after going through the Swift docs, I'm at a loss as to what
> the account is and how it's different from the swift auth user... if
> someone could explain this, we could code it up.
>
> -jay

Moreover:

1) It looks that the variable 'account' is still not used in the 'add' method
2) In the glance.conf.sample it's specified:

+# Address where the Swift authentication service lives
+# The auth address should be in the form:
+# <DOMAIN>[:<PORT>]/<VERSION>/<ACCOUNT>
+swift_store_auth_address = 127.0.0.1:8080/v1.0/glance-account

so one would understand that swift_store_account is 'glance-account', but then the code specifies:

+DEFAULT_SWIFT_ACCOUNT = 'glance'

3) swift_store_account is a missing option in the glance.conf.sample
4) swift_store_create_container_on_put = False (I'd rather see True as a default option)

All of these add up to the confusion :)

I would like to see glance.conf.sample with a set of sensible defaults so that one who does not have a great deal of experience with glance/swift can get up and running without troubles. The above mentioned points make me feel we are not quite there yet :)

Hope this help!
Cheers,
Armando

On Sun, Mar 6, 2011 at 1:14 PM, Armando Migliaccio
<email address hidden> wrote:
> 1) It looks that the variable 'account' is still not used in the 'add' method
> 2) In the glance.conf.sample it's specified:
>
> +# Address where the Swift authentication service lives
> +# The auth address should be in the form:
> +# <DOMAIN>[:<PORT>]/<VERSION>/<ACCOUNT>
> +swift_store_auth_address = 127.0.0.1:8080/v1.0/glance-account
>
> so one would understand that swift_store_account is 'glance-account', but then the code specifies:
>
> +DEFAULT_SWIFT_ACCOUNT = 'glance'

I meant to remove this. The account should be specified in the
swift_store_auth_address option, and nothing else.

> 3) swift_store_account is a missing option in the glance.conf.sample

I removed this option.

> 4) swift_store_create_container_on_put = False (I'd rather see True as a default option)

I didn't feel comfortable setting it to True by default since that
would change data in Swift (add the container), but I could go either
way I suppose... this is an easy fix obviously.

> All of these add up to the confusion :)
>
> I would like to see glance.conf.sample with a set of sensible defaults so that one who does not have a great deal of experience with glance/swift can get up and running without troubles. The above mentioned points make me feel we are not quite there yet :)

So would I. :) Unfortunately, its not exactly simple to setup Swift
and get everything working without, frankly, knowing what you are
doing and knowing how Swift authentication works (some "auth service"
with a URL like http://localhost:8080/v1.0/account/ authenticates a
user/key combination for an account and returns a storage management
URL that subsequent requests use as their base request URL...

Anyway, I've tried my best to make it sensible to configure *if* you
know how to setup Swift, but I was tentative to try anything more
complex.

-jay

lgtm!

> On Sun, Mar 6, 2011 at 1:14 PM, Armando Migliaccio
> <email address hidden> wrote:
> > 1) It looks that the variable 'account' is still not used in the 'add'
> method
> > 2) In the glance.conf.sample it's specified:
> >
> > +# Address where the Swift authentication service lives
> > +# The auth address should be in the form:
> > +# <DOMAIN>[:<PORT>]/<VERSION>/<ACCOUNT>
> > +swift_store_auth_address = 127.0.0.1:8080/v1.0/glance-account
> >
> > so one would understand that swift_store_account is 'glance-account', but
> then the code specifies:
> >
> > +DEFAULT_SWIFT_ACCOUNT = 'glance'
>
> I meant to remove this. The account should be specified in the
> swift_store_auth_address option, and nothing else.
>
> > 3) swift_store_account is a missing option in the glance.conf.sample
>
> I removed this option.
>
> > 4) swift_store_create_container_on_put = False (I'd rather see True as a
> default option)
>
> I didn't feel comfortable setting it to True by default since that
> would change data in Swift (add the container), but I could go either
> way I suppose... this is an easy fix obviously.
>
> > All of these add up to the confusion :)
> >
> > I would like to see glance.conf.sample with a set of sensible defaults so
> that one who does not have a great deal of experience with glance/swift can
> get up and running without troubles. The above mentioned points make me feel
> we are not quite there yet :)
>
> So would I. :) Unfortunately, its not exactly simple to setup Swift
> and get everything working without, frankly, knowing what you are
> doing and knowing how Swift authentication works (some "auth service"
> with a URL like http://localhost:8080/v1.0/account/ authenticates a
> user/key combination for an account and returns a storage management
> URL that subsequent requests use as their base request URL...
>

fair enough!

> Anyway, I've tried my best to make it sensible to configure *if* you
> know how to setup Swift, but I was tentative to try anything more
> complex.
>
> -jay

I think you did great, as I was able to get this up and running fairly quickly. Apart the niggley bit of

> > +DEFAULT_SWIFT_ACCOUNT = 'glance'

lying around in the code, this branch has both thumbs up from my side

Agree with Armando, we should probably remove this bit of vestigial code:

257 + account = options.get('swift_store_account',
258 + DEFAULT_SWIFT_ACCOUNT)

170 +DEFAULT_SWIFT_ACCOUNT = 'glance'

Vestigial account stuff gone! :) Please set to approved if that's the final fix...

lgtm

The attempt to merge lp:~jaypipes/glance/bug713126 into lp:glance failed. Below is the output from the failed tests.

running test
running egg_info
creating glance.egg-info
writing glance.egg-info/PKG-INFO
writing top-level names to glance.egg-info/top_level.txt
writing dependency_links to glance.egg-info/dependency_links.txt
writing manifest file 'glance.egg-info/SOURCES.txt'
reading manifest file 'glance.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no files found matching 'LICENSE'
warning: no files found matching 'ChangeLog'
warning: no files found matching 'tests/test_data.py'
writing manifest file 'glance.egg-info/SOURCES.txt'
running build_ext

Tests raises BadRequest for invalid store header ... ERROR
Tests to add a basic image in the file store ... ERROR
Tests creates a queued image for no body and no loc header ... ok
test_bad_container_format (tests.unit.test_api.TestGlanceAPI) ... ok
test_bad_disk_format (tests.unit.test_api.TestGlanceAPI) ... ok
test_delete_image (tests.unit.test_api.TestGlanceAPI) ... ERROR
test_delete_non_exists_image (tests.unit.test_api.TestGlanceAPI) ... ok
Test for HEAD /images/<ID> ... ok
test_show_image_basic (tests.unit.test_api.TestGlanceAPI) ... ERROR
test_show_non_exists_image (tests.unit.test_api.TestGlanceAPI) ... ok
Tests that the /images POST registry API creates the image ... ok
Tests proper exception is raised if a bad disk_format is set ... ok
Tests proper exception is raised if a bad disk_format is set ... ok
Tests proper exception is raised if a bad status is set ... ok
Tests that exception raised for bad matching disk and container ... ok
Tests that the /images DELETE registry API deletes the image ... ok
Tests proper exception is raised if attempt to delete non-existing ... ok
Tests that the /images/detail registry API returns ... ok
Tests that the /images registry API returns list of ... ok
Tests that the root registry API returns "index", ... ok
Tests that the /images PUT registry API updates the image ... ok
Tests proper exception is raised if attempt to update non-existing ... ok
Tests that exception raised trying to set a bad container_format ... ok
Tests that exception raised trying to set a bad disk_format ... ok
Tests that exception raised trying to set a bad status ... ok
Tests that exception raised for bad matching disk and container ... ok
Test ClientConnectionError raised ... ok
Tests proper exception is raised if image with ID already exists ... ok
Tests that we can add image metadata and returns the new id ... ok
Tests a bad status is set to a proper one by server ... ok
Tests BadRequest raised when supplying bad store name in meta ... ERROR
Tests can add image by passing image data as file ... ERROR
Tests can add image by passing image data as string ... ERROR
Tests add image by passing image data as string w/ no size attr ... ERROR
Tests that we can add image metadata with properties ... ok
Tests client returns image as queued ... ok
Tests that image metadata is deleted properly ... ERROR
Tests cannot delete non-existing image ... ok
Test a simple file backend retrieval works as expected ... ERROR
Tests that the detailed info about public images retu...