← Back to team overview

openstack team mailing list archive

Public image repository via a synchronization script


I think it would be very convenient to have public image repositories and
an easy way to use them, so someone installing OpenStack can easily get
images into Glance with minimal work.

At the design summit, there were a number of talks which all seemed to
hinge on how to get an image into glance from a public store.  I'd like to
make a proposal to get the ball rolling, which we can collectively pick
apart to figure out the best way.

   1. A public image repository lives on an HTTP / FTP / ... site and can
   be dumb. (Glance could one day be the server here as well, but this should
   also work on a CDN or simple webserver etc).
   2. Each image is stored as a (possibly compressed) file.
   3. Each image has a .properties file alongside it.
   4. There is a 'directory' file which lists the property files.  An
   md5sum of the directory is easy, and the hashes be useful generally.
   5. If there are different sets of images, we have multiple directory
   files.  They can point to the same images.
   6. We don't try to solve security initially.  But this could be as
   simple as signing the directory files, if they had hashes of all the other
   files (e.g. md5sum).

Then we have a client-side utility which takes a property file URL,
download it, and copies the associated image into Glance if it doesn't yet
exist.  It can verify checksums, and it uploads any image properties which
are present.

Finally, a simple bash script can download the directory file and call the
utility for each image.

This script could be run as a cron job if desired, to download new images
e.g. as Canonical publishes them.


An example 'properties' file might look like this:


A few things to note:

   - The org.openstack.sync__ prefix is used for controlling the mirror
   script.  It specifies the path to the image, the uncompressed size, the
   compression technique, the checksum etc.
   - The image can be compressed using e.g. gzip.  My 8GB raw image became
   a 600MB qcow2 image, which became a 220MB gzip image.  A bzip2 image was
   200MB (10% smaller), but bzip2 does not have as easy decompression in many
   - Properties which aren't in the org.openstack.sync__ prefix become
   image properties in glance
   - This example is using the common image properties, which I've just got
   around to writing up: http://wiki.openstack.org/CommonImageProperties


I've implemented this in the Java bindings, and it works great:


Called with...

bin/image-sync http://images.platformlayer.org/ --prefix

This then syncs the images, prefixing the names to avoid collisions.  And
yes, there is a real image up there - check out
http://images.platformlayer.org/md5sum ...



Justin Santa Barbara
Founder, FathomDB

Follow ups