openstack-manuals/doc/install-guide/section_glance-install.xml
Matt Kassawara 57fee4ea33 Added configuration for Glance to authenticate via Keystone
Apparently the existing instructions lack the configuration keys
necessary for Glance to authenticate via Keystone which breaks various
features. I added 'flavor = keystone' to glance-api.conf and
glance-registry.conf to resolve this issue. However, this generated
a warning about the lack of 'auth_uri' which I also added to resolve
this issue. This patch also includes general clarifications.

Since this patch plays a significant role in building a functional
environment, I recommend considering it for backporting to Havana.

Change-Id: If112a7d039f3943238e915ef0066765529c7d668
backport: havana
Closes-Bug: #1262755
Closes-Bug: #1267854
2014-01-22 17:51:16 -07:00

224 lines
12 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<section xml:id="glance-install" xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:html="http://www.w3.org/1999/xhtml" version="5.0">
<title>Install the Image Service</title>
<para>The OpenStack Image Service acts as a registry for virtual disk
images. Users can add new images or take a snapshot of an image from an
existing server for immediate storage. Use snapshots for back up
and as templates to launch new servers. You can store registered
images in Object Storage or in other locations. For example, you
can store images in simple file systems or external web
servers.</para>
<note>
<para>This procedure assumes you set the appropriate environment
variables to your credentials as described in <xref
linkend="keystone-verify"/>.</para>
</note>
<procedure>
<step>
<para>Install the Image Service on the controller node:</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install glance python-glanceclient</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-glance</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-glance python-glanceclient</userinput></screen>
</step>
<step os="debian">
<para>Respond to prompts for <link
linkend="debconf-dbconfig-common">database
management</link>, <link linkend="debconf-keystone_authtoken"
><literal>[keystone_authtoken]</literal> settings</link>,
<link linkend="debconf-rabbitqm">RabbitMQ credentials</link>
and <link linkend="debconf-api-endpoints">API endpoint</link>
registration. You must also select the caching type:</para>
<mediaobject>
<imageobject>
<imagedata scale="50"
fileref="figures/debconf-screenshots/glance-common_pipeline_flavor.png"
/>
</imageobject>
</mediaobject>
</step>
<step>
<para>The Image Service stores information about images in a
database. The examples in this guide use the MySQL database
that is used by other OpenStack services.</para>
<para>Configure the location of the database. The Image Service
provides the <systemitem class="service"
>glance-api</systemitem> and <systemitem class="service"
>glance-registry</systemitem> services, each with its own
configuration file. You must update both configuration files
throughout this section. Replace
<replaceable>GLANCE_DBPASS</replaceable> with your Image
Service database password.</para>
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf \
DEFAULT sql_connection mysql://glance:<replaceable>GLANCE_DBPASS</replaceable>@<replaceable>controller</replaceable>/glance</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf \
DEFAULT sql_connection mysql://glance:<replaceable>GLANCE_DBPASS</replaceable>@<replaceable>controller</replaceable>/glance</userinput></screen>
<para os="ubuntu;debian">Edit
<filename>/etc/glance/glance-api.conf</filename> and
<filename>/etc/glance/glance-registry.conf</filename> and
change the <literal>[DEFAULT]</literal> section.</para>
<programlisting os="ubuntu;debian" language="ini">...
[DEFAULT]
...
# SQLAlchemy connection string for the reference implementation
# registry server. Any valid SQLAlchemy connection string is fine.
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
sql_connection = mysql://glance:GLANCE_DBPASS@<replaceable>controller</replaceable>/glance
...</programlisting>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<para>Use the <command>openstack-db</command> command to create
the Image Service database and tables and a
<literal>glance</literal> database user:</para>
<screen><prompt>#</prompt> <userinput>openstack-db --init --service glance --password <replaceable>GLANCE_DBPASS</replaceable></userinput></screen>
</step>
<step os="ubuntu">
<para>By default, the Ubuntu packages create an SQLite database.
Delete the <filename>glance.sqlite</filename> file created in
the <filename>/var/lib/glance/</filename> directory so that it
does not get used by mistake.</para>
</step>
<step os="ubuntu">
<para>Use the password you created to log in as root and create
a <literal>glance</literal> database user:</para>
<screen><prompt>#</prompt> <userinput>mysql -u root -p</userinput>
<prompt>mysql></prompt> <userinput>CREATE DATABASE glance;</userinput>
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY '<replaceable>GLANCE_DBPASS</replaceable>';</userinput>
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY '<replaceable>GLANCE_DBPASS</replaceable>';</userinput></screen>
</step>
<step os="ubuntu">
<para>Create the database tables for the Image Service:</para>
<screen><prompt>#</prompt> <userinput>glance-manage db_sync</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Create a <literal>glance</literal> user that the Image
Service can use to authenticate with the Identity Service.
Choose a password and specify an email address for the
<literal>glance</literal> user. Use the
<literal>service</literal> tenant and give the user the
<literal>admin</literal> role.</para>
<screen><prompt>#</prompt> <userinput>keystone user-create --name=glance --pass=<replaceable>GLANCE_PASS</replaceable> \
--email=<replaceable>glance@example.com</replaceable></userinput>
<prompt>#</prompt> <userinput>keystone user-role-add --user=glance --tenant=service --role=admin</userinput></screen>
</step>
<step>
<para>Configure the Image Service to use the Identity
Service for authentication.</para>
<para os="rhel;centos;fedora;sles;opensuse">Run the following commands
and replace <replaceable>GLANCE_PASS</replaceable> with the password
you chose for the <literal>glance</literal> user in the Identity
Service:</para>
<screen os="rhel;centos;fedora;sles;opensuse"><prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
auth_uri http://<replaceable>controller</replaceable>:5000</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
auth_host <replaceable>controller</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
admin_tenant_name service</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
admin_user glance</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
admin_password <replaceable>GLANCE_PASS</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf paste_deploy \
flavor keystone</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
auth_uri http://<replaceable>controller</replaceable>:5000</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
auth_host <replaceable>controller</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
admin_tenant_name service</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
admin_user glance</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
admin_password <replaceable>GLANCE_PASS</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-registry.conf paste_deploy \
flavor keystone</userinput></screen>
<para os="ubuntu">Edit the
<filename>/etc/glance/glance-api.conf</filename> and
<filename>/etc/glance/glance-registry.conf</filename> files. Replace
<replaceable>GLANCE_PASS</replaceable> with the password you chose
for the <literal>glance</literal> user in the Identity Service.</para>
<substeps os="ubuntu">
<step>
<para>Add the following keys under the
<literal>[keystone_authtoken]</literal> section:</para>
<programlisting language="ini">[keystone_authtoken]
...
auth_uri = http://<replaceable>controller</replaceable>:5000
auth_host = <replaceable>controller</replaceable>
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = <replaceable>GLANCE_PASS</replaceable></programlisting>
</step>
<step>
<para>Add the following key under the
<literal>[paste_deploy]</literal> section:</para>
<programlisting language="ini">[paste_deploy]
...
flavor = keystone</programlisting>
</step>
</substeps>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Add the credentials to the
<filename>/etc/glance/glance-api-paste.ini</filename> and
<filename>/etc/glance/glance-registry-paste.ini</filename>
files.</para>
<para os="centos">On CentOS, you may need to copy these files to the
correct location.</para>
<screen os="centos">
<prompt>#</prompt> <userinput>cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini</userinput>
<prompt>#</prompt> <userinput>cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini</userinput>
</screen>
<para>Edit each file to set the following options in the
<literal>[filter:authtoken]</literal> section and leave
any other existing option as it is.</para>
<programlisting language="ini">[filter:authtoken]
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
auth_host=controller
admin_user=glance
admin_tenant_name=service
admin_password=<replaceable>GLANCE_PASS</replaceable></programlisting>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Register the Image Service with the Identity Service so
that other OpenStack services can locate it. Register the
service and create the endpoint:</para>
<screen><prompt>#</prompt> <userinput>keystone service-create --name=glance --type=image \
--description="Glance Image Service"</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Use the <literal>id</literal> property returned for the
service to create the endpoint:</para>
<screen><prompt>#</prompt> <userinput>keystone endpoint-create \
--service-id=<replaceable>the_service_id_above</replaceable> \
--publicurl=http://<replaceable>controller</replaceable>:9292 \
--internalurl=http://<replaceable>controller</replaceable>:9292 \
--adminurl=http://<replaceable>controller</replaceable>:9292</userinput></screen>
</step>
<step os="ubuntu">
<para>Restart the <systemitem class="service">glance</systemitem>
service with its new settings.</para>
<screen><prompt>#</prompt> <userinput>service glance-registry restart</userinput>
<prompt>#</prompt> <userinput>service glance-api restart</userinput></screen>
</step>
<step os="rhel;fedora;centos;opensuse;sles">
<para>Start the <systemitem class="service"
>glance-api</systemitem> and <systemitem class="service"
>glance-registry</systemitem> services and configure them to
start when the system boots:</para>
<screen os="rhel;fedora;centos;opensuse;sles"><prompt>#</prompt> <userinput>service openstack-glance-api start</userinput>
<prompt>#</prompt> <userinput>service openstack-glance-registry start</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-glance-api on</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-glance-registry on</userinput></screen>
</step>
</procedure>
</section>