{{tag>OpenStack}}

= Notes OpenStack Glance (images)

== Install de Glance (Pour gérer les images)

Voir : 
* https://docs.openstack.org/glance/latest/install/
* https://openstack-xenserver.readthedocs.io/en/latest/05-install-images-glance-on-controller.html

<code bash>
sudo yum install openstack-glance penstack-glance-doc
</code>

<code bash>
sudo su - postgres
</code>

<code sql>
CREATE ROLE glanceuser WITH LOGIN PASSWORD 'toor';
CREATE DATABASE glance OWNER glanceuser ;
</code>

<code bash>
source openrc
openstack project create service

openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create image --name glance --description "Glance Image Service"

openstack endpoint create --region RegionOne glance public http://srv-openstack-controller:9292
</code>

Conf 
* /etc/glance/glance-api.conf
* /etc/glance/glance-registry.conf


''/etc/glance/glance-api.conf''
<code ini>
[DEFAULT]
debug = true

[database]
connection = postgresql://glanceuser:toor@127.0.0.1/glance

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images

[keystone_authtoken]
www_authenticate_uri = http://srv-openstack-controller:5000/v3:
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = toor

[paste_deploy]
flavor = keystone
</code>

Idem pour ''/etc/glance/glance-registry.conf''



<code bash>
su -s /bin/sh -c 'glance-manage db_sync' glance

mkdir /var/lib/glance/images
chown glance:nobody /var/lib/glance/images/

systemctl start openstack-glance-api.service
systemctl start openstack-glance-registry.service

systemctl enable openstack-glance-api.service
systemctl enable openstack-glance-registry.service
</code>

Test
<code bash>
openstack image list

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
openstack image create cirros --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
</code>



== API CLI

''openstack.rc''
<code bash>

unset $(set |grep _ENDPOINT_ |cut -d= -f1)
unset $(set |grep ^OS_ |cut -d= -f1)

export LC_ALL=C
# LC_ALL=C.UTF-8
export OS_NO_CACHE='true'
export OS_CACERT=/etc/ssl/certs/

export OS_IDENTITY_API_VERSION='3'
export OS_AUTH_URL='https://192.168.21.53:5000/v3'
export OS_USERNAME=admin
export OS_PASSWORD='P@ssw0rd'
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
</code>

<code bash>
glance image-list

glance image-create --name plop --file plop.vmdk --disk-format vmdk --container-format bare --visibility private
</code>


== Policy

Voir 
* https://docs.openstack.org/glance/latest/admin/policies.html
* https://github.com/openstack/glance/blob/master/etc/policy.json
* https://docs.openstack.org/ocata/config-reference/image/policy.json.html
* https://books.google.fr/books?id=dpZGDwAAQBAJ&pg=PA103&lpg=PA103&dq=glance+policy.json&source=bl&ots=ikatRpxayu&sig=ACfU3U2raylarBHToQuTOKW0ca-owoLRhg&hl=fr&sa=X&ved=2ahUKEwihrcza37HhAhVG1-AKHdnXA9MQ6AEwCHoECAgQAQ#v=onepage&q=glance%20policy.json&f=false

=== OpenStack Glance: allow user to create public images

Source : https://www.sebastien-han.fr/blog/2014/10/30/openstack-glance-allow-user-to-create-public-images/