Fix for bug 929591. Change glance to require server certificate validation by default when using https. The standard system CA file will be used if available (and an alternative was not provided). The --insecure option can be used by clients to skip server certificate validation if appropriate. * This change will impact Nova clients accessing glance over https. If the standard CA file is not suitable they will need to provide a CA file or else create an 'insecure' glance client. * Accesses to a https registry server must now perform server certificate validation. * If the package which provides the standard system CA file is installed then that file will be used by default. It probably makes sense for the glance package to have a dependency on whichever package provides the default CA bundle. (In Ubuntu this is 'ca-certificates') Change-Id: I7c83361ba0881559ec77d4baf10dfeb5b8e32185
20 KiB
Using the Glance CLI Tool
Glance ships with a command-line tool for querying and managing Glance It has a fairly simple but powerful interface of the form:
Usage: glance <command> [options] [args]
Where <command>
is one of the following:
help
Show detailed help information about a specific command
add
Adds an image to Glance
update
Updates an image's stored metadata in Glance
delete
Deletes an image and its metadata from Glance
index
Lists brief information about public images that Glance knows about
details
Lists detailed information about public images that Glance knows about
show
Lists detailed information about a specific image
clear
Destroys all public images and their associated metadata
This document describes how to use the glance
tool for
each of the above commands.
The help
command
Issuing the help
command with a
<COMMAND>
argument shows detailed help about a
specific command. Running glance
without any arguments
shows a brief help message, like so:
$> glance
Usage: glance <command> [options] [args]
Commands:
help <command> Output help for one of the commands below
add Adds a new image to Glance
update Updates an image's metadata in Glance
delete Deletes an image from Glance
index Return brief information about images in Glance
details Return detailed information about images in
Glance
show Show detailed information about an image in
Glance
clear Removes all images and metadata from Glance
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-v, --verbose Print more verbose output
-H ADDRESS, --host=ADDRESS
Address of Glance API host. Default: example.com
-p PORT, --port=PORT Port the Glance API host listens on. Default: 9292
-U URL, --url=URL URL of Glance service. This option can be used to
specify the hostname, port and protocol (http/https)
of the glance server, for example -U
https://localhost:9292/v1 Default: None
-k, --insecure Explicitly allow glance to perform insecure SSL
requests. The server certificate will not be
verified against any certificate authorities.
This option should be used with caution.
--limit=LIMIT Page size to use while requesting image metadata
--marker=MARKER Image index after which to begin pagination
--sort_key=KEY Sort results by this image attribute.
--sort_dir=[desc|asc]
Sort results in this direction.
-f, --force Prevent select actions from requesting user
confirmation
--dry-run Don't actually execute the command, just print output
showing what WOULD happen.
With a <COMMAND>
argument, more information on the
command is shown, like so:
$> glance help update
glance update [options] <ID> <field1=value1 field2=value2 ...>
Updates an image's metadata in Glance. Specify metadata fields as arguments.
All field/value pairs are converted into a mapping that is passed
to Glance that represents the metadata for an image.
Field names that can be specified:
name A name for the image.
is_public If specified, interpreted as a boolean value
and sets or unsets the image's availability to the public.
disk_format Format of the disk image
container_format Format of the container
All other field names are considered to be custom properties so be careful
to spell field names correctly. :)
The add
command
The add
command is used to do both of the following:
- Store virtual machine image data and metadata about that image in Glance
- Let Glance know about an existing virtual machine image that may be stored somewhere else
We cover both use cases below.
Important Information about Uploading Images
Before we go over the commands for adding an image to Glance, it is important to understand that Glance does not currently inspect the image files you add to it. In other words, Glance only understands what you tell it, via attributes and custom properties.
If the file extension of the file you upload to Glance ends in
'.vhd', Glance does not know that the image you are
uploading has a disk format of vhd
. You have to
tell Glance that the image you are uploading has a disk
format by using the disk_format=vhd
on the command line
(see more below).
By the same token, Glance does not currently allow you to upload "multi-part" disk images at once. The common operation of bundling a kernel image and ramdisk image into a machine image is not done automagically by Glance.
Store virtual machine image data and metadata
When adding an actual virtual machine image to Glance, you use the
add
command. You will pass metadata about the VM image on
the command line, and you will use a standard shell redirect to stream
the image data file to glance
.
Let's walk through a simple example. Suppose we have a virtual disk
image stored on our local filesystem that we wish to "upload" to Glance.
This image is stored on our local filesystem in
/tmp/images/myimage.iso
.
We'd also like to tell Glance that this image should be called "My Image", and that the image should be public -- anyone should be able to fetch it.
Here is how we'd upload this image to Glance. Change example IP number to your server IP number.:
$> glance add name="My Image" is_public=true < /tmp/images/myimage.iso \
--host=65.114.169.29
If Glance was able to successfully upload and store your VM image data and metadata attributes, you would see something like this:
$> glance add name="My Image" is_public=true < /tmp/images/myimage.iso \
--host=65.114.169.29
Added new image with ID: 991baaf9-cc0d-4183-a201-8facdf1a1430
You can use the --verbose
(or -v
)
command-line option to print some more information about the metadata
that was saved with the image:
$> glance --verbose add name="My Image" is_public=true < \
/tmp/images/myimage.iso --host=65.114.169.29
Added new image with ID: 541424be-27b1-49d6-a55b-6430b8ae0f5f
Returned the following metadata for the new image:
container_format => ovf
created_at => 2011-02-22T19:20:53.298556
deleted => False
deleted_at => None
disk_format => raw
id => 541424be-27b1-49d6-a55b-6430b8ae0f5f
is_public => True
location => file:///tmp/images/4
name => My Image
properties => {}
size => 58520278
status => active
updated_at => None
Completed in 0.6141 sec.
If you are unsure about what will be added, you can use the
--dry-run
command-line option, which will simply show you
what would have happened:
$> glance --dry-run add name="Foo" distro="Ubuntu" is_public=True < \
/tmp/images/myimage.iso --host=65.114.169.29
Dry run. We would have done the following:
Add new image with metadata:
container_format => ovf
disk_format => raw
is_public => False
name => Foo
properties => {'is_public': 'True', 'distro': 'Ubuntu'}
This is useful for detecting problems and for seeing what the default
field values supplied by glance
are. For instance, there
was a typo in the command above (the is_public
field was
incorrectly spelled is_public
which resulted in the image
having an is_public
custom property added to the image and
the real is_public
field value being False (the default) and not True...
Examples of uploading different kinds of images
To upload an EC2 tarball VM image:
$> glance add name="ubuntu-10.10-amd64" is_public=true < \
/root/maverick-server-uec-amd64.tar.gz
To upload an EC2 tarball VM image with an associated property (e.g., distro):
$> glance add name="ubuntu-10.10-amd64" is_public=true \
distro="ubuntu 10.10" < /root/maverick-server-uec-amd64.tar.gz
To upload an EC2 tarball VM image from a URL:
$> glance add name="uubntu-10.04-amd64" is_public=true \
location="http://uec-images.ubuntu.com/lucid/current/\
lucid-server-uec-amd64.tar.gz"
To upload a qcow2 image:
$> glance add name="ubuntu-11.04-amd64" is_public=true \
distro="ubuntu 11.04" disk_format="qcow2" < /data/images/rock_natty.qcow2
To upload a kernel file, ramdisk file and filesystem image file:
$> glance add --disk-format=aki --container-format=aki \
./maverick-server-uec-amd64-vmlinuz-virtual \
maverick-server-uec-amd64-vmlinuz-virtual
$> glance add --disk-format=ari --container-format=ari \
./maverick-server-uec-amd64-loader maverick-server-uec-amd64-loader
# Determine what the ids associated with the kernel and ramdisk files
$> glance index
# Assuming the ids are 7 and 8:
$> glance add --disk-format=ami --container-format=ami --kernel=7 \
--ramdisk=8 ./maverick-server-uec-amd64.img maverick-server-uec-amd64.img
To upload a raw image file:
$> glance add --disk_format=raw ./maverick-server-uec-amd64.img \
maverick-server-uec-amd64.img_v2
Register a virtual machine image in another location
Sometimes, you already have stored the virtual machine image in some
non-Glance location -- perhaps even a location you have no write access
to -- and you want to tell Glance where this virtual machine image is
located and some metadata about it. The add
command can do
this for you.
When registering an image in this way, the only difference is that
you do not use a shell redirect to stream a virtual machine image file
into Glance, but instead, you tell Glance where to find the existing
virtual machine image by setting the location
field. Below
is an example of doing this.
Let's assume that there is a virtual machine image located at the URL
http://example.com/images/myimage.vhd
. We can register this
image with Glance using the following:
$> glance --verbose add name="Some web image" disk_format=vhd \
container_format=ovf location="http://example.com/images/myimage.vhd"
Added new image with ID: 71c675ab-d94f-49cd-a114-e12490b328d9
Returned the following metadata for the new image:
container_format => ovf
created_at => 2011-02-23T00:42:04.688890
deleted => False
deleted_at => None
disk_format => vhd
id => 71c675ab-d94f-49cd-a114-e12490b328d9
is_public => True
location => http://example.com/images/myimage.vhd
name => Some web image
properties => {}
size => 0
status => active
updated_at => None
Completed in 0.0356 sec.
The update
command
After uploading/adding a virtual machine image to Glance, it is not possible to modify the actual virtual machine image -- images are read-only after all --however, it is possible to update any metadata about the image after you add it to Glance.
The update
command allows you to update the metadata
fields of a stored image. You use this command like so:
glance update <ID> [field1=value1 field2=value2 ...]
Let's say we have an image with identifier '9afc4097-1c70-45c3-8c12-1b897f083faa' that we wish to change the is_public attribute of the image from False to True. The following would accomplish this:
$> glance update 9afc4097-1c70-45c3-8c12-1b897f083faa is_public=true \
--host=65.114.169.29
Updated image 9afc4097-1c70-45c3-8c12-1b897f083faa
Using the --verbose
flag will show you all the updated
data about the image:
$> glance --verbose update 97243446-9c74-42af-a31a-34ba16555868 \
is_public=true --host=65.114.169.29
Updated image 97243446-9c74-42af-a31a-34ba16555868
Updated image metadata for image 97243446-9c74-42af-a31a-34ba16555868:
URI: http://example.com/images/97243446-9c74-42af-a31a-34ba16555868
Id: 97243446-9c74-42af-a31a-34ba16555868
Public? Yes
Name: My Image
Size: 58520278
Disk format: raw
Container format: ovf
Completed in 0.0596 sec.
The delete
command
You can delete an image by using the delete
command,
shown below:
$> glance --verbose delete 660c96a7-ef95-45e7-8e48-595df6937675 \
--host=65.114.169.29 -f
Deleted image 660c96a7-ef95-45e7-8e48-595df6937675
The index
command
The index
command displays brief information about the
public images available in Glance, as shown below:
$> glance index --host=65.114.169.29
ID Name Disk Format Container Format Size
------------------------------------ ------------------------------ -------------------- -------------------- --------------
baa87554-34d2-4e9e-9949-e9e5620422bb Ubuntu 10.10 vhd ovf 58520278
9e1aede2-dc6e-4981-9f3e-93dee24d48b1 Ubuntu 10.04 ami ami 58520278
771c0223-27b4-4789-a83d-79eb9c166578 Fedora 9 vdi bare 3040
cb8f4908-ef58-4e4b-884e-517cf09ead86 Vanilla Linux 2.6.22 qcow2 bare 0
Image metadata such as 'name', 'disk_format', 'container_format' and 'status' may be used to filter the results of an index or details command. These commands also accept 'size_min' and 'size_max' as lower and upper bounds of the image metadata 'size.' Any unrecognized fields are handled as custom image properties.
The 'limit' and 'marker' options are used by the index and details commands to control pagination. The 'marker' indicates the last record that was seen by the user. The page of results returned will begin after the provided image ID. The 'limit' param indicates the page size. Each request to the api will be restricted to returning a maximum number of results. Without the 'force' option, the user will be prompted before each page of results is fetched from the API.
Results from index and details commands may be ordered using the 'sort_key' and 'sort_dir' options. Any image attribute may be used for 'sort_key', while only 'asc' or 'desc' are allowed for 'sort_dir'.
The details
command
The details
command displays detailed information about
the public images available in Glance, as shown below:
$> glance details --host=65.114.169.29
==============================================================================
URI: http://example.com/images/baa87554-34d2-4e9e-9949-e9e5620422bb
Id: baa87554-34d2-4e9e-9949-e9e5620422bb
Public? Yes
Name: Ubuntu 10.10
Status: active
Size: 58520278
Disk format: vhd
Container format: ovf
Property 'distro_version': 10.10
Property 'distro': Ubuntu
==============================================================================
URI: http://example.com/images/9e1aede2-dc6e-4981-9f3e-93dee24d48b1
Id: 9e1aede2-dc6e-4981-9f3e-93dee24d48b1
Public? Yes
Name: Ubuntu 10.04
Status: active
Size: 58520278
Disk format: ami
Container format: ami
Property 'distro_version': 10.04
Property 'distro': Ubuntu
==============================================================================
URI: http://example.com/images/771c0223-27b4-4789-a83d-79eb9c166578
Id: 771c0223-27b4-4789-a83d-79eb9c166578
Public? Yes
Name: Fedora 9
Status: active
Size: 3040
Disk format: vdi
Container format: bare
Property 'distro_version': 9
Property 'distro': Fedora
==============================================================================
URI: http://example.com/images/cb8f4908-ef58-4e4b-884e-517cf09ead86
Id: cb8f4908-ef58-4e4b-884e-517cf09ead86
Public? Yes
Name: Vanilla Linux 2.6.22
Status: active
Size: 0
Disk format: qcow2
Container format: bare
==============================================================================
The show
command
The show
command displays detailed information about a
specific image, specified with <ID>
, as shown
below:
$> glance show 771c0223-27b4-4789-a83d-79eb9c166578 --host=65.114.169.29
URI: http://example.com/images/771c0223-27b4-4789-a83d-79eb9c166578
Id: 771c0223-27b4-4789-a83d-79eb9c166578
Public? Yes
Name: Fedora 9
Status: active
Size: 3040
Disk format: vdi
Container format: bare
Property 'distro_version': 9
Property 'distro': Fedora
The clear
command
The clear
command is an administrative command that
deletes ALL images and all image metadata. Passing the
--verbose
command will print brief information about all
the images that were deleted, as shown below:
$> glance --verbose clear --host=65.114.169.29
Deleting image ab15b8d3-8f33-4467-abf2-9f89a042a8c4 "Some web image" ... done
Deleting image dc9698b4-e9f1-4f75-b777-1a897633e488 "Some other web image" ... done
Completed in 0.0328 sec.
The image-members
Command
The image-members
command displays the list of members
with which a specific image, specified with <ID>
, is
shared, as shown below:
$> glance image-members ab15b8d3-8f33-4467-abf2-9f89a042a8c4 \
--host=65.114.169.29
tenant1
tenant2 *
(*: Can share image)
The member-images
Command
The member-images
command displays the list of images
which are shared with a specific member, specified with
<MEMBER>
, as shown below:
$> glance member-images tenant1 --host=65.114.169.29
ab15b8d3-8f33-4467-abf2-9f89a042a8c4
dc9698b4-e9f1-4f75-b777-1a897633e488 *
(*: Can share image)
The member-add
Command
The member-add
command grants a member, specified with
<MEMBER>
, access to a private image, specified with
<ID>
. The --can-share
flag can be given
to allow the member to share the image, as shown below:
$> glance member-add ab15b8d3-8f33-4467-abf2-9f89a042a8c4 tenant1 \
--host=65.114.169.29
$> glance member-add ab15b8d3-8f33-4467-abf2-9f89a042a8c4 tenant2 \
--can-share --host=65.114.169.29
The member-delete
Command
The member-delete
command revokes the access of a
member, specified with <MEMBER>
, to a private image,
specified with <ID>
, as shown below:
$> glance member-delete ab15b8d3-8f33-4467-abf2-9f89a042a8c4 tenant1
$> glance member-delete ab15b8d3-8f33-4467-abf2-9f89a042a8c4 tenant2
The members-replace
Command
The members-replace
command revokes all existing
memberships on a private image, specified with <ID>
,
and replaces them with a membership for one member, specified with
<MEMBER>
. The --can-share
flag can be
given to allow the member to share the image, as shown below:
$> glance members-replace ab15b8d3-8f33-4467-abf2-9f89a042a8c4 tenant1 \
--can-share --host=65.114.169.29
The command is given in plural form to make it clear that all existing memberships are affected by the command.