glance return uploaded image size 0

Hi Dubi,

> The glance-api.conf has the following field : default_store = swift . Is that correct ?

Yes, if you want swift to be used as the default store and have the other swift-specific config in place, i.e.

  swift_store_auth_address
  swift_store_user
  swift_store_key
  swift_store_container

> anyhow : glance image-create ......--location:http:<my server name>: /path/to/local/image works . No error message.
> I see it on the glance image-list. It is active but size =0 (and the load time is short) .

A HEAD request should be used in this case to determine the image size.

What does the following return:

   curl -X HEAD -vvv http:<my server name>: /path/to/local/image

> also : --locarion file:///path/to/file does not work and returns the following error message :

For security reasons, we do not allow file:// URLs to be specified as the external location or copy-from source for a newly registered image.

Otherwise glance would be open to an exploit whereby any file readable to the user associated with the glance-api service could also be retrieved by a remote glance client, e.g. via:

  glance image-create --location=file:///etc/passwd ...

is glance-api is running as root.

Only HTTP, S3 and Swift URLs are supported for externally-sourced images.

Cheers,
Eoghan

 curl -X HEAD -vvv http:<my server name>: /path/to/local/image returns:
....
 Connected to 9.148.4.71 (9.148.4.71) port 80 (#0)
> HEAD /home/dubi/bootImage.img HTTP/1.1
> User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3
> Host: 9.148.4.71
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Date: Wed, 06 Jun 2012 05:06:27 GMT
< Server: Apache/2.2.20 (Ubuntu)
< Vary: Accept-Encoding
< Content-Type: text/html; charset=iso-8859-1
* no chunk, no close, no size. Assume close to signal end

It is on the same server as the glance . I guess I must make it a real Http server with the image file exposקd as in a web server .
(even if it has : container type = bare) . Or am I missing some info that has to be attached to the image file ?

Is there a way to still use the file:/// protocol as the --location parameter ?

Besides : If when running the Pyhton examples of programatically accesing glance like :
"
from glance.client import Client

c = Client("9.148.4.71", 9292)

print c.get_images()

print c.get_images_detailed()
"

and I get back the error :

Details: 401 Unauthorized

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
--------------------------------------

while I can access glance from CLI.
  should I enable keystone under glance and programaticcaly authenticate to keystone before accessing glance images ?
Is there python exmple for that ?

thx

> It is on the same server as the glance .
> I guess I must make it a real Http server with the image file exposקd as in a web server .

Yes, absolutely!

Providing a http URL as the location is like saying: "there's a HTTP server running on this host & port that will return the file indicated by the path segment in response to a HTTP GET request".

You must ensure that the http endpoint is "live" in order for glance to use the http URL.

> (even if it has : container type = bare) . Or am I missing some info that has to be attached to the image file ?

No, the problem here is how you're identifying the image location, not necessarily with the image itself.

> Is there a way to still use the file:/// protocol as the --location parameter ?

No, as I indicated in my first answer, that is simply not supported by glance for security reasons.

But I'm confused as to why you want to approach it in that way. Are you running the client on the <my server name> host? If so, why not just use shell redirection instead of the --location option? i.e

  glance image-create ... < /path/to/local/image

> while I can access glance from CLI.
> should I enable keystone under glance and programaticcaly authenticate to keystone before accessing glance images ?

Are you already using keystone for authentication with the CLI?

Have you set the OS_* environment variables with your username and password? Check with:

  env | grep '^OS_'

> from glance.client import Client
>
> c = Client("9.148.4.71", 9292)

Should that be V1Client as opposed to Client?

You can create a client with a credentials dict containing the username, password, tenant, auth URL, auth strategy, region etc. to use with a programmatic client.

There is also a convenience glance.client.get_client() method that will pull this information in from the environment and construct the client with an appropriate creds dict, see:

  https://github.com/openstack/glance/blob/master/glance/client.py#L404

Thx Eoghan

The info on the programmatic client helped .

The image-create issue with uploading an image to Glance using shell redirect does not work . that is why I turned into the --location option.

here is the error :

 glance image-create --name dubi --disk-format qcow2 --container-format bare < bootImage.img

No handlers could be found for logger "glanceclient.common.http"
Unable to communicate with image service: 400 Bad Request

The server could not comply with the request since it is either malformed or otherwise incorrect.

 Error uploading image: (SSLError): [Errno 1] _ssl.c:503: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol . (HTTP 400)

If it SSL error can I avoid it or need establish something ?

thx

continued:

something is wrong with the image repository of glance . I can see the existing images (via image-list) . But I cannot add a real image there either or even download it from there

e.g by : glance image-create .. < /path/to/image

Or programmatically uploading by calling:

c - Client (...)
new_meta = c.add_image(meta, open('/home/dubi/stack.sh'))

I get the same error of SSLEror as above

If I try to GET an existing (original) glance image from glance repository as follows :

image_file = c.get_image("62c02ea3-76c1-438a-9847-acdf1e3cced9")

I get :
"glance.common.exception.NotFound: An object with the specified identifier was not found.
Details: 404 Not Found

An object with the specified identifier was not found. Details: Image file /opt/stack/glance/images/62c02ea3-76c1-438a-9847-acdf1e3cced9 not found"

I see no images under opt/stack/glance/images/ . it is an empty directory

where does glance store its images ?
 to remind: I installed swift on the local server (file based not real disk based)

Finally: But I <CAN > get meta info of an existing image in Glance repository by :
c.get_image_meta("efd93bb8-622b-4295-bae1-4be02b5a69ad")

Authentication protocol is defined in proxy-server.conf as http (not https).
I do not see anywhere in glance registry/api.conf any ssl definition ( cert and key are commented out in the SSL section)
so why do I have an SSL error when trying to 'glance image-create' as shown above ?

still need an answer as per a bove . thx

solved