glance/doc/source/admin/interoperable-image-import.rst
Brian Rosmaita d304d2c05c Add image import docs to admin guide
Change-Id: I0222b5d6d5685029eadf04a3d19160ba018fe2e5
Closes-bug: #1713180
2017-09-06 19:23:18 +00:00

3.0 KiB

Interoperable Image Import

The EXPERIMENTAL version 2.6 of the Image Service API introduces a Minimal Viable Product of the interoperable image import process described in the Glance design document Image Import Refactor. The API calls available in the current implementation are described in the Interoperable Image Import section of the Image Service API reference. Here's how to configure Glance to enable the interoperable image import process.

The interoperable image import process uses Glance tasks, but does not require that the Tasks API be exposed to end users. Further, it requires the taskflow task executor. The following configuration options must be set:

  • in the [task] option group:
    • task_executor must either be set to taskflow or be used in its default value
  • in the [taskflow_executor] options group:
    • The default values are fine. It's a good idea to read through the descriptions in the sample glance-api.conf file to see what options are available.
  • in the default options group:
    • enable_image_import must be set to True (the default is False). When False, the /versions API response does not include the v2.6 API and calls to the import URIs will behave like they do in v2.5, that is, they'll return a 404 response.
    • node_staging_uri must specify a location writable by the glance user. If you have multiple Glance API nodes, this should be a reference to a shared filesystem available to all the nodes.

Additionally, your policies must be such that an ordinary end user can manipulate tasks. In releases prior to Pike, we recommended that the task-related policies be admin-only so that end users could not access the Tasks API. In Pike, a new policy was introduced that controls access to the Tasks API. Thus it is now possible to keep the individual task policies unrestricted while not exposing the Tasks API to end users. Thus, the following is the recommended configuration for the task-related policies:

"get_task": "",
"get_tasks": "",
"add_task": "",
"modify_task": "",
"tasks_api_access": "role:admin",