Control: tags -1 + confirmed moreinfo On 2021-04-26 21:37:56 +0200, Thomas Goirand wrote: > On 4/26/21 4:01 PM, Sebastian Ramacher wrote: > >> The changelog goes like this: > >> > >> 1* Add variables: DEB_BUILD_OPTIONS: nocheck DEB_BUILD_PROFILES: nocheck in > >> debian/salsa-ci.yml. > >> 2* Do not delete /etc/glance/rootwrap.conf, owned by python3-glance-store. > >> (Closes: #987193). > >> 3* mv /etc/glance/policy.json /etc/glance/disabled.policy.json.old instead of > >> deleting /etc/glance/policy.json. > >> 4* Tune glance-api-uwsgi.ini for performance. > > > > Regarding 3*: why isn't the old file not moved to the new location? > > > > Cheers > > I'm sorry, I'm too much into it, and forgot the main story. > > For a technical reason that would be long to explain, the old json > format is deprecated, and OpenStack users should stop using it as soon > as possible, otherwise, it may may create of issues. The new way of > doing things is to stop Json with every policy option declared, and > switch to a standard where everything commented-out in a yaml file, > describing what's in the python code as default. > > In Debian, we now generates a yaml file in > /etc/glance/policy.d/00_default-policy.yaml. I expect users to leave the > file as-is, and just add configuration fragments on the same folder, > rather than editing a unique policy.json like before. > > Therefore, the best thing we could do, was just move away .json format > API policy file, to make sure that it's not in use (because older > version of Glance may point to the old /etc/glance/policy.json). And > that's why I'm using such an explicit "disabled.policy.json.old" name. > > The thing is, deleting the old policy.json was a bad idea. Because > administrator may have edited that file to set various API policies in > previous releases of OpenStack. So best is to keep it, but renamed, and > tell the user to put what he edited as fragments in /etc/glance/policy.d > in yaml format only. > > Moving the policy.json in the policy.d is not a good idea either, > because it keeps the old JSON format, now deprecated by upstream, that > we explicitly require users to move away from. > > I hope it's more clear now. I tried to find some documentation on that in the package and the releases notes, but I was unable to find any info on that. Please document that as users have to be aware of the steps they have to take. Once that's done, please remove the moreinfo tag. Cheers -- Sebastian Ramacher
Attachment:
signature.asc
Description: PGP signature