Glance

Add inherited property support to glance

Registered by Jim Lindeman

Glance currently has support for storing image metadata in single or nested key-pairs. However, there are use-cases which need more capability from this metadata storage service, which would benefit from an admin-manageable list of "inherited" properties.

One use-case is having the "configuration_strategy" values (which stores OVF or sysprep related data) get cloned into child images from the parent image's so the image-owner doesn't have to re-enter those values every time they snapshot an instance.

A second use-case is having a cloud-administrator want to store license-cost properties on a per-image basis (like how much to charge per hour per cpu). This property can already be protected by role with the blueprint for "api-v2-property-protection", but a cloud owner will want this property to be automatically inherited to child images. The cloud-administrator doesn't want to develop a second database to store this data in as it could get out of sync with the list of images in glance.

Glance would know which property keys to inherit to child images with a "inherited" property list, stored in the glance database. A new API-extension to glance would be required for a cloud-admin to manage the "inherited" property list, which should have a similar API to to that used by whatever is proposed as part of https://blueprints.launchpad.net/glance/+spec/api-v2-property-protection . Based on how that property-protection blueprint gets implemented, it might be possible to have this inheritance managed at the level of the role required to access that property.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
Obsolete
Series goal:
Declined for havana
Implementation:
Unknown
Milestone target:
None
Completed by
Jim Lindeman

Related branches

Sprints

Whiteboard

This was discussed at the Havana design summit, here's a quick summary:

For snapshots: there's a 'non_inheritable_image_properties' config option in Nova, except for these, all image properties are put on a snapshot (see http://docs.openstack.org/trunk/openstack-compute/admin/content/list-of-compute-config-options.html )

For uploaded images: nothing to inherit (no way to know if the uploaded image was created from a base image)

For images cloned from another region: the initial copy would preserve all appropriate metadata. (Presumably the clould provider would have the properties protected the same way in all regions, so this metadata would "stick".)

So it looks like there may be nothing to do here?
-- rosmaita

Thank you for the link. I tested with a nova.conf setting like this:
non_inheritable_image_properties=cache_in_nova, instance_uuid, user_id, image_type, backup_type, min_ram, min_disk, test_prop_2
and confirmed that test_prop_2 was not inherited from the parent image. So individual tenants can not currently control which properties get inherited or not, only the cloud administrator, but that is good enough for our current use-cases. So at this point, I think we can cancel out this blueprint and I'll just track and assist the "api-v2-property-protection" blueprint against the use-case above.
- lindj

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.