Juju Charmed Operator - Horizon K8S

  1. Bug #2065572
  2. Comment #1

Comment 1 for bug 2065572

Revision history for this message
Alex Kavanagh (ajkavanagh) wrote :

Essentially, I think this bug is about the option [1] `HORIZON_IMAGES_UPLOAD_MODE` which can be set to "legacy" or "direct".

Currently, the openstack-dashboard charm has this in it's config template:

    # Set to 'legacy' or 'direct' to allow users to upload images to glance via
    # Horizon server. When enabled, a file form field will appear on the create
    # image form. If set to 'off', there will be no file form field on the create
    # image form. See documentation for deployment considerations.
    #HORIZON_IMAGES_UPLOAD_MODE = 'legacy'

i.e. it defaults to legacy.

This means that it does use the horizon unit to upload the image to first, and then upload it to glance.

If the option is set to direct, then from [1]:

    HORIZON_IMAGES_UPLOAD_MODE
    New in version 10.0.0(Newton).

    Default: "legacy"

    Valid values are "direct", "legacy" (default) and "off". "off" disables the ability to upload images via Horizon. legacy enables local file upload by piping the image file through the Horizon’s web-server. direct sends the image file directly from the web browser to Glance. This bypasses Horizon web-server which both reduces network hops and prevents filling up Horizon web-server’s filesystem. direct is the preferred mode, but due to the following requirements it is not the default. The direct setting requires a modern web browser, network access from the browser to the public Glance endpoint, and CORS support to be enabled on the Glance API service. Without CORS support, the browser will forbid the PUT request to a location different than the Horizon server. To enable CORS support for Glance API service, you will need to edit [cors] section of glance-api.conf file (see here how to do it). Set allowed_origin to the full hostname of Horizon web-server (e.g. http://<HOST_IP>/dashboard) and restart glance-api process.

An issue here is setting CORS for the user's browser to be able to upload directly to the glance endpoint, if the endpoint domain name is different to the horizon dashboard domain name. Thus, this complicates it a little.

What I think needs to happen is that an option is added to the dashboard to enable "direct_glance_uploads" as a boolean, and for the [cors] section of the glance-api.conf file to be updated automatically depending on the endpoint for glance.

[1] https://docs.openstack.org/horizon/latest/configuration/settings.html#horizon-images-upload-mode