Configuring OpenStack Image Service with OpenStack Identity Service
Configuring OpenStack Image Service to use OpenStack Identity Service is required to allow our OpenStack Compute to operate correctly.
Getting ready
To begin with, ensure you're logged in to our OpenStack Controller host or the host that is running OpenStack Image Service. If the OpenStack Identity Service is not installed, carry out the steps in the Installing the OpenStack Identity Service recipe of Chapter 1, Keystone – OpenStack Identity Service. We also require that the Glance service user and endpoints have been set up. See the Defining Service Endpoints and Creating the service tenant and service users recipes of Chapter 1, Keystone – OpenStack Identity Service.
To log in to our OpenStack Controller host that was created using Vagrant, issue the following command:
vagrant ssh controller
How to do it...
To configure OpenStack Image Service to use OpenStack Identity Service, carry out the following steps:
- We first edit the
/etc/glance/glance-api.conffile to tell OpenStack Image Service to utilize OpenStack Identity Service by adding a[keystone_authtoken]section. Note that we are usinginsecure = Truein the configuration because we are usingself-signed certificates. In production, it is expected that issued certificates are used and they don't require this parameter. The code is as follows:[keystone_authtoken] auth_uri = https://192.168.100.200:35357/v2.0/ identity_uri = https://192.168.100.200:5000 admin_tenant_name = service admin_user = glance admin_password = glance insecure = True
- We repeat this process for the
/etc/glance/glance-registry.conffile, configuring theglanceservice user in the[keystone_authtoken]section. We are usinginsecure = Truehere because our example used self-signed certificates. The code is as follows:[keystone_authtoken] auth_uri = https://192.168.100.200:35357/v2.0/ identity_uri = https://192.168.100.200:5000 admin_tenant_name = service admin_user = glance admin_password = glance insecure = True
- Finally, we restart the two services to pick up the changes:
sudo restart glance-api sudo restart glance-registry
How it works...
OpenStack Image Service runs two services: glance-api, which is the service that our clients and services talk to, and the glance-registry service that manages the objects on the disk and database registry. Both of these services need to have matching credentials that were defined previously in OpenStack Identity Service in their configuration files in order to allow a user to authenticate with the service successfully.