When an image is private, it is only available to the tenant to which that image was uploaded. OpenStack Image Service provides a mechanism whereby these private images can be shared between different tenants. This allows greater control over images that need to exist for different tenants without making them public for all tenants.
To begin with, ensure you are logged in to our Ubuntu client where we can run the glance
tool. This can be installed using the following command:
sudo apt-get update sudo apt-get install glance-client
Ensure that you have your environment variable set up correctly with our admin user and password, as created in the previous chapter:
export OS_TENANT_NAME=cookbook export OS_USERNAME=admin export OS_PASSWORD=openstack export OS_AUTH_URL=https://192.168.100.200:5000/v2.0/ export OS_NO_CACHE=1 export OS_KEY=/vagrant/cakey.pem export OS_CACERT=/vagrant/ca.pem
Carry out the following steps to share a private image in our cookbook tenant to another tenant:
keystone tenant-list
glance image-list
45c787efeaec42aa9cab522711bf5f4d
and an image with ID 18584bff-2c12-4c2d-85f6-59771073c936
, we would share the image as follows:glance member-create 18584bff-2c12-4c2d-85f6-59771073c93 45c787efeaec42aa9cab522711bf5f4d
The member-create
option for the glance
command allows us to share images with other tenants. The syntax is as follows:
glance [--can-share] member-create image-id tenant-id
The preceding command comes with an optional extra parameter, --can-share
, that gives permission to that tenant to share the image.