openstack/openstack-manuals
Code Issues Proposed changes
5dfff9b231
openstack-manuals/doc/install-guide/section_install-config-glance.xml
Andreas Jaeger 38a8c5245d Further openSUSE instructions for the Install Guide 
Change-Id: If2e732873c6735e3402857f10aa3f0dd6263e514
2013-09-09 22:04:57 +02:00

183 lines
10 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<section xml:id="install-glance"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:html="http://www.w3.org/1999/xhtml"
version="5.0">
<title>Installing and Configuring the Image Service</title>
<para>Install the Image service, as root:</para>
<screen os="ubuntu"><prompt>#</prompt> <userinput>sudo apt-get install glance</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-glance</userinput></screen>
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install openstack-glance</userinput></screen>
<para os="ubuntu">If you are using Ubuntu, delete the <filename>glance.sqlite</filename> file created in the
<filename>/var/lib/glance/</filename> directory:
<screen><prompt>#</prompt> <userinput>rm /var/lib/glance/glance.sqlite</userinput></screen>
</para>
<section xml:id="configure-glance-mysql">
<title>Configuring the Image Service database backend</title>
<para>Configure the backend data store. For MySQL, create a glance
MySQL database and a glance MySQL user. Grant the "glance" user
full access to the glance MySQL database.</para>
<para>Start the MySQL command line client by running:</para>
<para><screen><prompt>$</prompt> <userinput>mysql -u root -p</userinput></screen></para>
<para>Enter the MySQL root user's password when prompted.</para>
<para>To configure the MySQL database, create the glance database.</para>
<para><screen><prompt>mysql></prompt> <userinput>CREATE DATABASE glance;</userinput></screen>
</para><para>Create a MySQL user for the newly-created glance database that has full control of the database.</para>
<para><screen><prompt>mysql></prompt> <userinput>GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY '<replaceable>[YOUR_GLANCEDB_PASSWORD]</replaceable>';</userinput>
<prompt>mysql></prompt> <userinput>GRANT ALL ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '<replaceable>[YOUR_GLANCEDB_PASSWORD]</replaceable>';</userinput></screen></para>
<note>
<para>In the above commands, even though the <literal>'glance'@'%'</literal> also matches
<literal>'glance'@'localhost'</literal>, you must explicitly specify the
<literal>'glance'@'localhost'</literal> entry.</para>
<para>By default, MySQL will create entries in the user table with
<literal>User=''</literal> and <literal>Host='localhost'</literal>. The
<literal>User=''</literal> acts as a wildcard, matching all users. If you do not
have the <literal>'glance'@'localhost'</literal> account, and you try to log in as the
glance user, the precedence rules of MySQL will match against the <literal>User=''
Host='localhost'</literal> account before it matches against the
<literal>User='glance' Host='%'</literal> account. This will result in an error
message that looks like:</para>
<para>
<screen><computeroutput>ERROR 1045 (28000): Access denied for user 'glance'@'localhost' (using password: YES)</computeroutput></screen>
</para>
<para>Thus, we create a separate <literal>User='glance' Host='localhost'</literal> entry that
will match with higher precedence.</para>
<para>See the <link xlink:href="http://dev.mysql.com/doc/refman/5.5/en/connection-access.html"
>MySQL documentation on connection verification</link> for more details on how MySQL
determines which row in the user table it uses when authenticating connections.</para>
</note>
<para>Enter <literal>quit</literal> at the
<literal>mysql></literal> prompt to exit MySQL.</para>
<para><screen><prompt>mysql></prompt> <userinput>quit</userinput></screen></para>
</section>
<section xml:id="configure-glance-files">
<title>Edit the Glance configuration files</title>
<para>The Image service has a number of options that you can
use to configure the Glance API server, optionally the
Glance Registry server, and the various storage backends
that Glance can use to store images. By default, the
storage backend is in a file, specified in the
<filename>glance-api.conf</filename> config file in the section <literal>[DEFAULT]</literal>.
</para>
<para>The <systemitem class="service">glance-api</systemitem> service implements
versions 1 and 2 of the OpenStack Images API. By default,
both are enabled by setting these configuration options to
<literal>True</literal> in the <filename>glance-api.conf</filename>
file.
</para>
<programlisting language="ini">enable_v1_api=True</programlisting>
<programlisting language="ini">enable_v2_api=True</programlisting>
<para>Disable either version of the Images API by setting the
option to False in the
<filename>glance-api.conf</filename> file.</para>
<note>
<para>In order to use the v2 API, you must copy the
necessary SQL configuration from your <systemitem class="service">glance-registry</systemitem>
service to your <systemitem class="service">glance-api</systemitem> configuration file. The
following instructions assume that you want to use the
v2 Image API for your installation. The v1 API is
implemented on top of the <systemitem class="service">glance-registry</systemitem> service
while the v2 API is not.</para>
</note>
<para>Most configuration is done via configuration files, with the Glance API server (and
possibly the Glance Registry server) using separate configuration files. When installing
through an operating system package management system, sample configuration files are
installed in <literal>/etc/glance</literal>.</para>
<para>This walkthrough installs the image service using a file
backend and the Identity service (Keystone) for
authentication.</para>
<para>Add the admin and service identifiers and
<literal>flavor=keystone</literal> to the end of
<filename>/etc/glance/glance-api.conf</filename> as
shown below.</para>
<programlisting language="ini">[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = glance
[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
config_file = /etc/glance/glance-api-paste.ini
# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-api-keystone], you would configure the flavor below
# as 'keystone'.
flavor=keystone</programlisting>
<para>Ensure that
<filename>/etc/glance/glance-api.conf</filename>
points to the MySQL database rather than
sqlite.<programlisting>sql_connection = mysql://glance:<replaceable>[YOUR_GLANCEDB_PASSWORD]</replaceable>@192.168.206.130/glance</programlisting></para>
<para>Restart <systemitem class="service">glance-api</systemitem> to pick up these changed
settings.</para>
<screen><prompt>#</prompt> <userinput>service openstack-glance-api restart</userinput></screen>
<para>Update the last sections of
<filename>/etc/glance/glance-registry.conf</filename>
to reflect the values you set earlier for admin user and
the service tenant, plus enable the Identity service with
<literal>flavor=keystone</literal>.</para>
<programlisting>[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = glance
[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
config_file = /etc/glance/glance-registry-paste.ini
# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-api-keystone], you would configure the flavor below
# as 'keystone'.
flavor=keystone</programlisting>
<para>Update
<filename>/etc/glance/glance-registry-paste.ini</filename>
by enabling the Identity service, keystone:</para>
<screen># Use this pipeline for keystone auth
[pipeline:glance-registry-keystone]
pipeline = authtoken context registryapp</screen>
<para>Ensure that
<filename>/etc/glance/glance-registry.conf</filename>
points to the MySQL database rather than
sqlite.<programlisting>sql_connection = mysql://glance:<replaceable>[YOUR_GLANCEDB_PASSWORD]</replaceable>@192.168.206.130/glance</programlisting></para>
<para>Restart <systemitem class="service">glance-registry</systemitem> to pick up these changed
settings.</para>
<screen><prompt>#</prompt> <userinput>service openstack-glance-registry restart</userinput></screen>
<note>
<para>Any time you change the .conf files, restart the
corresponding service.</para>
</note>
<para os="ubuntu">On Ubuntu 12.04, the database tables are
under version control and you must do these steps on a new
install to prevent the Image service from breaking
possible upgrades, as root:
<screen><prompt>#</prompt> <userinput>glance-manage version_control 0</userinput></screen></para>
<para>Now you can populate or migrate the database.
<screen><prompt>#</prompt> <userinput>glance-manage db_sync</userinput></screen></para>
<para>Restart <systemitem class="service">glance-registry</systemitem> and <systemitem class="service">glance-api</systemitem> services, as
root:</para>
<screen><prompt>#</prompt> <userinput>service glance-registry restart</userinput>
<prompt>#</prompt> <userinput>service glance-api restart</userinput></screen>
<note>
<para>This guide does not configure image caching. Refer
to <link xlink:href="http://glance.openstack.org"
>http://docs.openstack.org/developer/glance/</link>
for more information.</para>
</note>
</section></section>
View Git Blame Copy Permalink