Sharing images among tenants
When an image is private, it is only available to the tenant to which that image was uploaded. OpenStack Image Service provides a mechanism whereby these private images can be shared between different tenants. This allows greater control over images that need to exist for different tenants without making them public for all tenants.
Getting ready
To begin with, ensure you are logged in to our Ubuntu client where we can run the glance tool. This can be installed using the following command:
sudo apt-get update sudo apt-get install glance-client
Ensure that you have your environment variable set up correctly with our admin user and password, as created in the previous chapter:
export OS_TENANT_NAME=cookbook export OS_USERNAME=admin export OS_PASSWORD=openstack export OS_AUTH_URL=https://192.168.100.200:5000/v2.0/ export OS_NO_CACHE=1 export OS_KEY=/vagrant/cakey.pem export OS_CACERT=/vagrant/ca.pem
How to do it...
Carry out the following steps to share a private image in our cookbook tenant to another tenant:
- We first get the tenant ID of the tenant that is able to use our image. We do this as follows:
keystone tenant-list - We then list our images as follows:
glance image-list - From our cookbook tenant with ID
45c787efeaec42aa9cab522711bf5f4dand an image with ID18584bff-2c12-4c2d-85f6-59771073c936, we would share the image as follows:glance member-create \ 18584bff-2c12-4c2d-85f6-59771073c93 \ 45c787efeaec42aa9cab522711bf5f4d
How it works...
The member-create option for the glance command allows us to share images with other tenants. The syntax is as follows:
glance [--can-share] member-create image-id tenant-id
The preceding command comes with an optional extra parameter, --can-share, that gives permission to that tenant to share the image.