openstack team mailing list archive

[Scott Moser <smoser@xxxxxxxxxx>]

On Wed, 25 Apr 2012, Justin Santa Barbara wrote:

> I think it would be very convenient to have public image repositories and
> an easy way to use them, so someone installing OpenStack can easily get
> images into Glance with minimal work.
>
> At the design summit, there were a number of talks which all seemed to
> hinge on how to get an image into glance from a public store.  I'd like to
> make a proposal to get the ball rolling, which we can collectively pick
> apart to figure out the best way.
>
>    1. A public image repository lives on an HTTP / FTP / ... site and can
>    be dumb. (Glance could one day be the server here as well, but this should
>    also work on a CDN or simple webserver etc).
>    2. Each image is stored as a (possibly compressed) file.

fwiw, qcow images support compression inside:
  qemu-img convert -c disk.img -O qcow2 my.qcow2

compression is potentially useful elsewhere.  It might be good thoguh, in
your properties to explicitly list this rather than implying by the name.

>    3. Each image has a .properties file alongside it.
>    4. There is a 'directory' file which lists the property files.  An
>    md5sum of the directory is easy, and the hashes be useful generally.
>    5. If there are different sets of images, we have multiple directory
>    files.  They can point to the same images.
>    6. We don't try to solve security initially.  But this could be as
>    simple as signing the directory files, if they had hashes of all the other
>    files (e.g. md5sum).

Overall, I think this looks reasonable.  A couple nits:
 * I don't like using md5sum as a "directory file".  Better to explicitly
   name something for that purpose.  There could be other files in that
   directory that are not images (and would be desireable to appear in the
   md5sum file)
 * your example .properties file contains things that aren't really
   properties (where properties == things that would be added to glance as
   tags)
     disk_format=qcow2
     container_format=bare
     is_public=True
   * Disk format, container_format are useful, but its possibly confusing
     as its an attribute of the image, while other things are tags.
   * is_public=True
     Just because you thought this image should be public does not mean I
     do when I sync it.

I  might suggest, something like this (hand-yaml formated):
  tags:
    org.openstack__1__os_distro=debian.org
    org.openstack__1__os_version=6.0.4
    org.openstack__1__architecture=x64
    org.openstack__1__updated_at=20120425
  data:
    file: debian_squeeze_20120425.qcow2.gz
    disk_format: qcow2
    container_format: bare
    md5sum: 224237ee1b9a341ac7d79bcebda0580d
    size: 627965952
    compression: gzip

Alternatively, 'data' above could be named 'org.openstack.sync__1__image'
or something.

Ben Howard has been doing something similar to this with
  https://code.launchpad.net/~utlemming/+junk/sync-images
which reads data at
  https://cloud-images.ubuntu.com/query2/

I'd like to work together to get something that addresses both sets of
needs.

Also, if we do this well, I suppose that the "glance aggregator" described
at https://blueprints.launchpad.net/glance/+spec/public-glance
http://etherpad.openstack.org/FolsomGlanceReadOnlyGlance could potentially
support this "source" something it presented in its aggregated list.