When creating an image in OpenStack, one must provide attributes that describe the image. These attributes include the image name, the disk format, and the container format. Images can be public, private, or shared among multiple projects.

Images for the following examples can be downloaded from the following locations:

When uploading an image, ensure that you have properly sourced your credentials or are otherwise properly authenticated.

You will need the following details, at a minimum, when uploading an image:

For our first example, the following will be used:

For our second example, the following will be used:

With the OpenStack client installed on our system, we are now able to upload an image with the following steps:

Images are created with the following syntax:

openstack image create IMAGE_NAME 
--disk-format DISK_FORMAT 
--file FILE_LOCATION 
[--public | --private | --shared | --community]

Creating an image with the OpenStack client results in the specified file being uploaded to the OpenStack image repository. The repository can be a local directory or volume specified in the Glance configuration file, or even an object store served by Swift, Ceph, Rackspace Cloud Files, or others.

The disk-format parameter defines the format of the virtual disk used by the image. Options include ami, ari, aki, vhd, vmdk, raw, qcow2, vhdx, vdi, iso, and ploop. The qcow2 format is popular among OpenStack-based clouds running QEMU/KVM hypervisors, and it supports smaller image file sizes, copy-on-write support, and various compression and encryption technologies. The default format is raw.

When uploading images to a Glance store backed by Ceph, the images must be in the raw format else they will fail to work properly. The qemu-img command can be used to identify the format of an image, and it can also be used to perform the conversion of an image from one format to another.

An example of converting an image in the qcow2 format to the raw format is shown here:

qemu-img convert -f qcow2 -O raw image.qcow2 image.raw

The file parameter defines the local location of the image file respective to where the OpenStack client is being run. The OpenStack client uploads the image to the OpenStack image repository, where it is stored according to settings within Glance.

When specified, the --public option marks the image as accessible by all projects within the cloud. Alternatively, the --private option marks the image as accessible only by the project that created it. By default, all images created are marked as shared and are eligible to be shared with another project. At the time of creation, however, the image can only be seen by the project that created it. The --shared and --community options are discussed later in this chapter in the Sharing images recipe.

To list the images in the OpenStack Image service repository, use the following OpenStack client command:

openstack image list

The output will resemble the following:

The details of individual images can be queried using the following OpenStack client command:

openstack image show IMAGE_NAME_OR_ID

The output will resemble the following:

Images can be deleted from the OpenStack image repository at any time. Keep in mind, however, that depending on the version of OpenStack installed, deleting an image can have an adverse effect on the ability to migrate an instance.

When deleting an image, the following information will be necessary:

To delete an image in OpenStack, issue the following command:

openstack image delete COOKBOOK_CIRROS_IMAGE

No output is returned if the operation is successful. To verify that the image is no longer available, use the openstack image list or openstack image show command.

Images that exist in the OpenStack image repository can be downloaded at a later time and transferred to other systems.

To download an image from the OpenStack image repository, you must have access to the image. You will need the following details, at a minimum, to download the image:

For our example, the following will be used:

With the OpenStack client installed on our system, we are now able to download an image from the repository with the following command:

openstack image save COOKBOOK_UBUNTU_IMAGE 
--file /tmp/my_downloaded_ubuntu_image.qcow2

No output is returned if the operation is successful. Use the ls command to list the downloaded file:

When an image is private, it is only available to the project from which that image was created or uploaded. On the other hand, when an image is public, it is available to all projects. The OpenStack Image service provides a mechanism whereby these private images can be shared between a subset of projects. This allows greater control over images that need to exist for different projects without making them available to all.

Sharing images among projects requires the following workflow:

When sharing an image, ensure that you are authenticated as an administrator or are the owner of the image. You will need the following details, at a minimum, to share the image:

For our example, the ADMIN project will share an image with the FINANCE project. The following will be used:

With the OpenStack client installed on our system, we are now able to share an image with the following steps:

Sharing images requires the use of the openstack image add project command on the part of the producer and the openstack image set command on the part of the consumer. The process involves communication between the producer and the consumer outside of the OpenStack API, as the image ID must be shared between them.

Producers invoke the sharing process using the following command:

openstack image add project <image> <project>

Once shared, the consumer has the ability to accept or reject the attempt using the following:

openstack image set <image> [--accept | --reject | --pending]

The producer can revoke the sharing of an image using the following command:

openstack image remove project <image> <project>

An alternative to marking an image as shared would be to mark its visibility as community using the --community option. This allows a user to share an image with all projects, but still requires the consuming projects to accept the image before it is returned in an image list. This reduces the administrative overhead on the part of the user sharing the image without unnecessarily cluttering the entire image list for all projects.

For additional information regarding the sharing of images, visit https://docs.openstack.org/image-guide/share-images.html.