I think it would be very convenient to have public image repositories and an easy way to use them, so someone installing OpenStack can easily get images into Glance with minimal work.<div><div><br></div><div>At the design summit, there were a number of talks which all seemed to hinge on how to get an image into glance from a public store. I'd like to make a proposal to get the ball rolling, which we can collectively pick apart to figure out the best way.</div>
<div><ol><li>A public image repository lives on an HTTP / FTP / ... site and can be dumb. (Glance could one day be the server here as well, but this should also work on a CDN or simple webserver etc).</li><li>Each image is stored as a (possibly compressed) file.</li>
<li>Each image has a .properties file alongside it.</li><li>There is a 'directory' file which lists the property files. An md5sum of the directory is easy, and the hashes be useful generally.</li><li>If there are different sets of images, we have multiple directory files. They can point to the same images.</li>
<li>We don't try to solve security initially. But this could be as simple as signing the directory files, if they had hashes of all the other files (e.g. md5sum).</li></ol></div><div>Then we have a client-side utility which takes a property file URL, download it, and copies the associated image into Glance if it doesn't yet exist. It can verify checksums, and it uploads any image properties which are present.</div>
<div><br></div><div>Finally, a simple bash script can download the directory file and call the utility for each image.</div><div><br></div><div>This script could be run as a cron job if desired, to download new images e.g. as Canonical publishes them.</div>
<div><div><br></div><div>---</div></div><div><br></div><div>An example 'properties' file might look like this:</div><div><br></div><div><div><font face="'courier new', monospace">org.openstack.sync__1__image=debian_squeeze_20120425.qcow2.gz</font></div>
<div><font face="'courier new', monospace">org.openstack.sync__1__expand=gzip</font></div><div><font face="'courier new', monospace">org.openstack.sync__1__size=627965952</font></div><div><font face="'courier new', monospace">org.openstack.sync__1__checksum=224237ee1b9a341ac7d79bcebda0580d</font></div>
<div><font face="'courier new', monospace">disk_format=qcow2</font></div><div><font face="'courier new', monospace">container_format=bare</font></div><div><font face="'courier new', monospace">is_public=True</font></div>
<div><font face="'courier new', monospace">org.openstack__1__os_distro=<a href="http://debian.org">debian.org</a></font></div><div><font face="'courier new', monospace">org.openstack__1__os_version=6.0.4</font></div>
<div><font face="'courier new', monospace">org.openstack__1__architecture=x64</font></div><div><font face="'courier new', monospace">org.openstack__1__updated_at=20120425</font></div></div><div><br></div><div>
A few things to note:</div><div><ul><li>The <span style="font-family:'courier new',monospace">org.openstack.sync__ </span>prefix is used for controlling the mirror script. It specifies the path to the image, the uncompressed size, the compression technique, the checksum etc.</li>
<li>The image can be compressed using e.g. gzip. My 8GB raw image became a 600MB qcow2 image, which became a 220MB gzip image. A bzip2 image was 200MB (10% smaller), but bzip2 does not have as easy decompression in many languages.</li>
<li>Properties which aren't in the <span style="font-family:'courier new',monospace">org.openstack.sync__ </span>prefix become image properties in glance</li><li>This example is using the common image properties, which I've just got around to writing up: <a href="http://wiki.openstack.org/CommonImageProperties">http://wiki.openstack.org/CommonImageProperties</a></li>
</ul></div><div><br></div><div>---</div><div><br></div><div>I've implemented this in the Java bindings, and it works great:</div><div><br></div><div><a href="https://github.com/platformlayer/openstack-java/blob/master/bin/image-sync">https://github.com/platformlayer/openstack-java/blob/master/bin/image-sync</a></div>
<div><a href="https://github.com/platformlayer/openstack-java/blob/master/openstack-cli/src/main/java/org/openstack/client/cli/commands/MirrorImage.java">https://github.com/platformlayer/openstack-java/blob/master/openstack-cli/src/main/java/org/openstack/client/cli/commands/MirrorImage.java</a></div>
<div><br></div><div>Called with...</div><div><br></div><div><font face="'courier new', monospace">bin/image-sync <a href="http://images.platformlayer.org/">http://images.platformlayer.org/</a> --prefix platformlayerImages/</font></div>
<div><div><br></div><div>This then syncs the images, prefixing the names to avoid collisions. And yes, there is a real image up there - check out <a href="http://images.platformlayer.org/md5sum">http://images.platformlayer.org/md5sum</a> ...</div>
<div><font face="'courier new', monospace"><br></font></div><div><font face="'courier new', monospace"><br></font></div>Justin<br><br>---<br><br>Justin Santa Barbara<br>Founder, FathomDB<br><br>
</div></div>