57fee4ea33
Apparently the existing instructions lack the configuration keys necessary for Glance to authenticate via Keystone which breaks various features. I added 'flavor = keystone' to glance-api.conf and glance-registry.conf to resolve this issue. However, this generated a warning about the lack of 'auth_uri' which I also added to resolve this issue. This patch also includes general clarifications. Since this patch plays a significant role in building a functional environment, I recommend considering it for backporting to Havana. Change-Id: If112a7d039f3943238e915ef0066765529c7d668 backport: havana Closes-Bug: #1262755 Closes-Bug: #1267854
224 lines
12 KiB
XML
224 lines
12 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xml:id="glance-install" xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xmlns:svg="http://www.w3.org/2000/svg"
|
|
xmlns:html="http://www.w3.org/1999/xhtml" version="5.0">
|
|
<title>Install the Image Service</title>
|
|
<para>The OpenStack Image Service acts as a registry for virtual disk
|
|
images. Users can add new images or take a snapshot of an image from an
|
|
existing server for immediate storage. Use snapshots for back up
|
|
and as templates to launch new servers. You can store registered
|
|
images in Object Storage or in other locations. For example, you
|
|
can store images in simple file systems or external web
|
|
servers.</para>
|
|
<note>
|
|
<para>This procedure assumes you set the appropriate environment
|
|
variables to your credentials as described in <xref
|
|
linkend="keystone-verify"/>.</para>
|
|
</note>
|
|
<procedure>
|
|
<step>
|
|
<para>Install the Image Service on the controller node:</para>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install glance python-glanceclient</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-glance</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-glance python-glanceclient</userinput></screen>
|
|
</step>
|
|
|
|
<step os="debian">
|
|
<para>Respond to prompts for <link
|
|
linkend="debconf-dbconfig-common">database
|
|
management</link>, <link linkend="debconf-keystone_authtoken"
|
|
><literal>[keystone_authtoken]</literal> settings</link>,
|
|
<link linkend="debconf-rabbitqm">RabbitMQ credentials</link>
|
|
and <link linkend="debconf-api-endpoints">API endpoint</link>
|
|
registration. You must also select the caching type:</para>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata scale="50"
|
|
fileref="figures/debconf-screenshots/glance-common_pipeline_flavor.png"
|
|
/>
|
|
</imageobject>
|
|
</mediaobject>
|
|
</step>
|
|
<step>
|
|
<para>The Image Service stores information about images in a
|
|
database. The examples in this guide use the MySQL database
|
|
that is used by other OpenStack services.</para>
|
|
<para>Configure the location of the database. The Image Service
|
|
provides the <systemitem class="service"
|
|
>glance-api</systemitem> and <systemitem class="service"
|
|
>glance-registry</systemitem> services, each with its own
|
|
configuration file. You must update both configuration files
|
|
throughout this section. Replace
|
|
<replaceable>GLANCE_DBPASS</replaceable> with your Image
|
|
Service database password.</para>
|
|
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf \
|
|
DEFAULT sql_connection mysql://glance:<replaceable>GLANCE_DBPASS</replaceable>@<replaceable>controller</replaceable>/glance</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf \
|
|
DEFAULT sql_connection mysql://glance:<replaceable>GLANCE_DBPASS</replaceable>@<replaceable>controller</replaceable>/glance</userinput></screen>
|
|
<para os="ubuntu;debian">Edit
|
|
<filename>/etc/glance/glance-api.conf</filename> and
|
|
<filename>/etc/glance/glance-registry.conf</filename> and
|
|
change the <literal>[DEFAULT]</literal> section.</para>
|
|
<programlisting os="ubuntu;debian" language="ini">...
|
|
[DEFAULT]
|
|
...
|
|
# SQLAlchemy connection string for the reference implementation
|
|
# registry server. Any valid SQLAlchemy connection string is fine.
|
|
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
|
|
sql_connection = mysql://glance:GLANCE_DBPASS@<replaceable>controller</replaceable>/glance
|
|
...</programlisting>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles">
|
|
<para>Use the <command>openstack-db</command> command to create
|
|
the Image Service database and tables and a
|
|
<literal>glance</literal> database user:</para>
|
|
<screen><prompt>#</prompt> <userinput>openstack-db --init --service glance --password <replaceable>GLANCE_DBPASS</replaceable></userinput></screen>
|
|
</step>
|
|
<step os="ubuntu">
|
|
<para>By default, the Ubuntu packages create an SQLite database.
|
|
Delete the <filename>glance.sqlite</filename> file created in
|
|
the <filename>/var/lib/glance/</filename> directory so that it
|
|
does not get used by mistake.</para>
|
|
</step>
|
|
<step os="ubuntu">
|
|
<para>Use the password you created to log in as root and create
|
|
a <literal>glance</literal> database user:</para>
|
|
<screen><prompt>#</prompt> <userinput>mysql -u root -p</userinput>
|
|
<prompt>mysql></prompt> <userinput>CREATE DATABASE glance;</userinput>
|
|
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
|
|
IDENTIFIED BY '<replaceable>GLANCE_DBPASS</replaceable>';</userinput>
|
|
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
|
|
IDENTIFIED BY '<replaceable>GLANCE_DBPASS</replaceable>';</userinput></screen>
|
|
</step>
|
|
<step os="ubuntu">
|
|
<para>Create the database tables for the Image Service:</para>
|
|
<screen><prompt>#</prompt> <userinput>glance-manage db_sync</userinput></screen>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
|
<para>Create a <literal>glance</literal> user that the Image
|
|
Service can use to authenticate with the Identity Service.
|
|
Choose a password and specify an email address for the
|
|
<literal>glance</literal> user. Use the
|
|
<literal>service</literal> tenant and give the user the
|
|
<literal>admin</literal> role.</para>
|
|
<screen><prompt>#</prompt> <userinput>keystone user-create --name=glance --pass=<replaceable>GLANCE_PASS</replaceable> \
|
|
--email=<replaceable>glance@example.com</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>keystone user-role-add --user=glance --tenant=service --role=admin</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Configure the Image Service to use the Identity
|
|
Service for authentication.</para>
|
|
<para os="rhel;centos;fedora;sles;opensuse">Run the following commands
|
|
and replace <replaceable>GLANCE_PASS</replaceable> with the password
|
|
you chose for the <literal>glance</literal> user in the Identity
|
|
Service:</para>
|
|
<screen os="rhel;centos;fedora;sles;opensuse"><prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
|
|
auth_uri http://<replaceable>controller</replaceable>:5000</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
|
|
auth_host <replaceable>controller</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
|
|
admin_tenant_name service</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
|
|
admin_user glance</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
|
|
admin_password <replaceable>GLANCE_PASS</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf paste_deploy \
|
|
flavor keystone</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
|
|
auth_uri http://<replaceable>controller</replaceable>:5000</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
|
|
auth_host <replaceable>controller</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
|
|
admin_tenant_name service</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
|
|
admin_user glance</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
|
|
admin_password <replaceable>GLANCE_PASS</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf paste_deploy \
|
|
flavor keystone</userinput></screen>
|
|
<para os="ubuntu">Edit the
|
|
<filename>/etc/glance/glance-api.conf</filename> and
|
|
<filename>/etc/glance/glance-registry.conf</filename> files. Replace
|
|
<replaceable>GLANCE_PASS</replaceable> with the password you chose
|
|
for the <literal>glance</literal> user in the Identity Service.</para>
|
|
<substeps os="ubuntu">
|
|
<step>
|
|
<para>Add the following keys under the
|
|
<literal>[keystone_authtoken]</literal> section:</para>
|
|
<programlisting language="ini">[keystone_authtoken]
|
|
...
|
|
auth_uri = http://<replaceable>controller</replaceable>:5000
|
|
auth_host = <replaceable>controller</replaceable>
|
|
auth_port = 35357
|
|
auth_protocol = http
|
|
admin_tenant_name = service
|
|
admin_user = glance
|
|
admin_password = <replaceable>GLANCE_PASS</replaceable></programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Add the following key under the
|
|
<literal>[paste_deploy]</literal> section:</para>
|
|
<programlisting language="ini">[paste_deploy]
|
|
...
|
|
flavor = keystone</programlisting>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
|
<para>Add the credentials to the
|
|
<filename>/etc/glance/glance-api-paste.ini</filename> and
|
|
<filename>/etc/glance/glance-registry-paste.ini</filename>
|
|
files.</para>
|
|
<para os="centos">On CentOS, you may need to copy these files to the
|
|
correct location.</para>
|
|
<screen os="centos">
|
|
<prompt>#</prompt> <userinput>cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini</userinput>
|
|
<prompt>#</prompt> <userinput>cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini</userinput>
|
|
</screen>
|
|
<para>Edit each file to set the following options in the
|
|
<literal>[filter:authtoken]</literal> section and leave
|
|
any other existing option as it is.</para>
|
|
<programlisting language="ini">[filter:authtoken]
|
|
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
|
|
auth_host=controller
|
|
admin_user=glance
|
|
admin_tenant_name=service
|
|
admin_password=<replaceable>GLANCE_PASS</replaceable></programlisting>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
|
<para>Register the Image Service with the Identity Service so
|
|
that other OpenStack services can locate it. Register the
|
|
service and create the endpoint:</para>
|
|
<screen><prompt>#</prompt> <userinput>keystone service-create --name=glance --type=image \
|
|
--description="Glance Image Service"</userinput></screen>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
|
<para>Use the <literal>id</literal> property returned for the
|
|
service to create the endpoint:</para>
|
|
<screen><prompt>#</prompt> <userinput>keystone endpoint-create \
|
|
--service-id=<replaceable>the_service_id_above</replaceable> \
|
|
--publicurl=http://<replaceable>controller</replaceable>:9292 \
|
|
--internalurl=http://<replaceable>controller</replaceable>:9292 \
|
|
--adminurl=http://<replaceable>controller</replaceable>:9292</userinput></screen>
|
|
</step>
|
|
<step os="ubuntu">
|
|
<para>Restart the <systemitem class="service">glance</systemitem>
|
|
service with its new settings.</para>
|
|
<screen><prompt>#</prompt> <userinput>service glance-registry restart</userinput>
|
|
<prompt>#</prompt> <userinput>service glance-api restart</userinput></screen>
|
|
</step>
|
|
<step os="rhel;fedora;centos;opensuse;sles">
|
|
<para>Start the <systemitem class="service"
|
|
>glance-api</systemitem> and <systemitem class="service"
|
|
>glance-registry</systemitem> services and configure them to
|
|
start when the system boots:</para>
|
|
<screen os="rhel;fedora;centos;opensuse;sles"><prompt>#</prompt> <userinput>service openstack-glance-api start</userinput>
|
|
<prompt>#</prompt> <userinput>service openstack-glance-registry start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openstack-glance-api on</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openstack-glance-registry on</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|