e9e4d8870c
python-swiftclient stopped supporting the temp url structure used when radosgw was set as the endpoint_type in ocata, meaning only Newton and older versions of python-swiftclient will work. Newton is deprecated, so remove the option. This breaks the deprecation cycle, but since it has been not working for so long it needs to just be dropped. Change-Id: Ibdc93b049b7e1ae34cac9e1f599786439c46a685
78 lines
3.0 KiB
ReStructuredText
78 lines
3.0 KiB
ReStructuredText
.. _image-store:
|
|
|
|
Configure the Image service for temporary URLs
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Some drivers of the Baremetal service (in particular, any drivers using
|
|
:ref:`direct-deploy` or :ref:`ansible-deploy` interfaces,
|
|
and some virtual media drivers) require target user images to be available
|
|
over clean HTTP(S) URL with no authentication involved
|
|
(neither username/password-based, nor token-based).
|
|
|
|
When using the Baremetal service integrated in OpenStack,
|
|
this can be achieved by specific configuration of the Image service
|
|
and Object Storage service as described below.
|
|
|
|
#. Configure the Image service to have object storage as a backend for
|
|
storing images.
|
|
For more details, please refer to the Image service configuration guide.
|
|
|
|
.. note::
|
|
When using Ceph+RadosGW for Object Storage service, images stored in
|
|
Image service must be available over Object Storage service as well.
|
|
|
|
#. Enable TempURLs for the Object Storage account used by the Image service
|
|
for storing images in the Object Storage service.
|
|
|
|
#. Check if TempURLs are enabled:
|
|
|
|
.. code-block:: shell
|
|
|
|
# executed under credentials of the user used by Image service
|
|
# to access Object Storage service
|
|
$ openstack object store account show
|
|
+------------+---------------------------------------+
|
|
| Field | Value |
|
|
+------------+---------------------------------------+
|
|
| Account | AUTH_bc39f1d9dcf9486899088007789ae643 |
|
|
| Bytes | 536661727 |
|
|
| Containers | 1 |
|
|
| Objects | 19 |
|
|
| properties | Temp-Url-Key='secret' |
|
|
+------------+---------------------------------------+
|
|
|
|
#. If property ``Temp-Url-Key`` is set, note its value.
|
|
|
|
#. If property ``Temp-Url-Key`` is not set, you have to configure it
|
|
(``secret`` is used in the example below for the value):
|
|
|
|
.. code-block:: shell
|
|
|
|
$ openstack object store account set --property Temp-Url-Key=secret
|
|
|
|
#. Optionally, configure the ironic-conductor service. The default
|
|
configuration assumes that:
|
|
|
|
#. the Object Storage service is implemented by swift_,
|
|
#. the Object Storage service URL is available from the service catalog,
|
|
#. the project, used by the Image service to access the Object Storage, is
|
|
the same as the project, used by the Bare Metal service to access it,
|
|
#. the container, used by the Image service, is called ``glance``.
|
|
|
|
If any of these assumptions do not hold, you may want to change your
|
|
configuration file (typically located at ``/etc/ironic/ironic.conf``),
|
|
for example:
|
|
|
|
.. code-block:: ini
|
|
|
|
[glance]
|
|
|
|
swift_endpoint_url = http://openstack/swift
|
|
swift_account = AUTH_bc39f1d9dcf9486899088007789ae643
|
|
swift_container = glance
|
|
swift_temp_url_key = secret
|
|
|
|
#. (Re)start the ironic-conductor service.
|
|
|
|
.. _swift: https://docs.openstack.org/swift/latest/
|