Currently Glance is exposed to users through Nova; this is becoming a problem because new Glance features require a Nova extension. It would be better to have Glance as a first-class member of the OpenStack ecosystem. But in order for this to happen, we (as in OpenStack cloud providers) would need at least: - more robust user roles to allow per-user: - quotas - (anything else?) - protected image properties - image-related restrictions - e.g., there may be contractual reasons why you wouldn't want to allow download of specific images based not on the user, but on the image itself; might be the case for other actions) - other API changes from increased load Protected properties is scheduled for Havana; blueprint but no details yet. There are currently blueprints for rate limits, but an alternative approach would be to think that rate limiting should be done in front of Glance by Repose or a similar system that understands Keystone.
(Session proposed by Iccha Sethi)
Wednesday April 17, 2013 11:00am - 11:40am PDT
B116
We (as in OpenStack) want to allow users to build in various clouds, but in order to do this we need to provide image conversion tools (or organize existing tools to make it easier on users). We'd like to get a community consensus on a starting point for this. Key issues are: - what formats to support - what format(s) for transfer - where the conversion will happen: - offline (on user side) before upload - in flight - on download - offline (on cloud side, background job) - interactions with image caching, snapshots and backups - where the code to do this should live - in Glance - in another service - as a toolset In addition to the image format problem, there's the additional problem of additional software (e.g., cloud init, Xen agent, drivers) necessary for good VM performance. We need some discussion on whether/how this can be injected into the image or what's the best way to do this.
(Session proposed by Alex Meade)
Wednesday April 17, 2013 11:50am - 12:30pm PDT
B116
Many Cloud providers have clouds in segregated "regions". AWS just announced the ability for customers to copy images to other regions -- we want to implement the same capability in OpenStack. One difference would be that we'd like to have the same UUID in every region (because the "bits" of the image would be the same).
It would make sense for this to be a Swift-to-Swift transfer, so we'd need to cooperate with Swift on this. (Swift doesn't currently have anything like this for individual files; it's currently a full-container transfer.) The reason we're proposing it as a Glance topic is: - it would make sense for Glance to be the endpoint for this service (once Glance is ready for exposure in public clouds) - we want this to be a user operation, not an admin operation - it would make sense that people will want some kind of metadata sync (determining exactly what this would be is part of the focus of this session) - Glance may need some enhancements with respect to API calls and notifications to support this
A fair number of proposals have been floated for increasing image download/upload performance by giving Nova direct access to the underlying image storage for Glance. In this session we will discuss the right way for Glance to enable these kinds of image access and concrete improvements that can be made in Havana.
One particularly hairy issue is exposing underlying image locations, which sometimes contain sensitive information that cannot be revealed to end users of Glance.
Additional possible performance-boosting topics: * booting from volumes-as-images * Image diffs * Data transfer service