Current Series Release Notes

5.3.0-5

New Features

  • Added application credential support to the Cinder backend driver. The Cinder backend now supports authentication using application credentials in addition to password authentication. This enables Zero Downtime Password Rotation (ZDPR) support for Glance deployments using Cinder as the image backend.

    Two new configuration options have been added: cinder_store_application_credential_id and cinder_store_application_credential_secret. These options are available in both the [cinder] and [backend_defaults] configuration groups. When both application credential options are set, the driver will use application credential authentication instead of password authentication. If either option is not set, the driver falls back to password authentication for backward compatibility.

    This feature allows operators to rotate service user passwords without downtime, as application credentials can be created with overlapping validity periods.

  • Added timeout protection to filesystem operations in the filesystem store driver. This prevents operations from hanging forever when storage is unavailable. Three new configuration options have been added: filesystem_store_timeout (default: 0, disabled), filesystem_store_thread_pool_size (default: 10), and filesystem_store_threadpool_threshold (default: 75). When timeout protection is enabled (timeout > 0), filesystem operations like delete(), get_size(), and _get_capacity_info() are wrapped with timeout protection using a thread pool. If an operation exceeds the timeout, a TimeoutError is raised. This feature is backward compatible by default (timeout = 0 means blocking IO, normal behavior).

  • The Swift store driver now supports authentication using Keystone application credentials in addition to password-based authentication. This enables Zero Downtime Password Rotation (ZDPR) support for Swift backend operations, as application credentials are not affected by password rotation.

    Application credentials can be configured via direct configuration options (swift_store_application_credential_id and swift_store_application_credential_secret) registered in both [swift] and [backend_defaults] sections, or in the Swift backend configuration file using application_credential_id and application_credential_secret parameters.

    The implementation maintains backward compatibility - if application credentials are not provided, the driver falls back to password authentication. Application credentials are supported for both single-tenant and multi-tenant Swift storage configurations.

    Configuration options are accessible using BackendGroupConfiguration, which supports fallback to [backend_defaults] section when per-backend configuration is not specified.

5.3.0

Bug Fixes

  • Cinder: Fixed locking mechanism to allow multiple workers to use the same image safely.

  • S3: Fixed issue when uploading a zero byte image using multipart upload.