Category Archives: Red Hat

I have an OpenStack environment, now what? Loading Images into Glance #OpenStack 101

With an OpenStack environment up and running based on an OpenStack Ansible Deployment, now what?

Using Horizon with OSAD

First, we can log into Horizon (point your web browser at your load balance pool address, the one labelled external_lb_vip_address in the /etc/openstack_deploy/openstack_user_config.yml):

  lb_name: haproxy

Where are the username/password credentials for Horizon?

In step 4.5 of we randomly generated all passwords used by OpenStack. This also generated a random password for the ‘admin‘ user. This user is the equivalent of ‘root’ on a Linux system, so generating a strong password is highly recommended. But to get that password, we need to get it out of a file.

The easiest place to find this password is to look on the deployment host itself as that is where we wrote out the passwords. Take a look in /etc/openstack_deploy/user_secrets.yml file and find the line that says ‘keystone_auth_admin_password‘. This random string of characters is the ‘admin‘ user’s password that you can use for Horizon:

keystone_auth_admin_password: bfbbb99316ae0a4292f8d07cd4db5eda2578c5253dabfa0


The Utility Container and openrc credentials file

Alternatively, you can grab the ‘openrc‘ file from a ‘utility’ container which is found on a controller node. To do this, carry out the following:

  1. Log into a controller node and change to root. In my case I can choose either openstack4, openstack5 or openstack6. Here I can list the containers running on here as follows:
    lxc-ls -f

    This brings back output like the following:
    lxcls-openstack4(Click to enlarge)

  2. Locate the name of the utility container and attach to it as follows
    lxc-attach -n controller-01_utility_container-71cceb47
  3. Here you will find the admin user’s credentials in the /root/openrc file:
    cat openrc
    # Do not edit, changes will be overwritten
    export CINDER_ENDPOINT_TYPE=internalURL
    export NOVA_ENDPOINT_TYPE=internalURL
    export OS_ENDPOINT_TYPE=internalURL
    export OS_USERNAME=admin
    export OS_PASSWORD=bfbbb99316ae0a4292f8d07cd4db5eda2578c5253dabfa0
    export OS_TENANT_NAME=admin
    export OS_AUTH_URL=
    export OS_NO_CACHE=1
  4. To use this, we simply source this into our environment as follows:
    . openrc


    source openrc
  5. And now we can use the command line tools such as nova, glance, cinder, keystone, neutron and heat.

Loading images into Glance

Glance is the Image Service. This service provides you with a list of available images you can use to launch instances in OpenStack. To do this, we use the Glance command line tool.

There are plenty of public images available for OpenStack. You essentially grab them from the internet, and load them into Glance for your use. A list of places for OpenStack images can be found below:

CirrOS test image (can use username/password to log in):

Ubuntu images:

Windows 2012 R2:

CentOS 7:


To load these, log into a Utililty container as described above and load into the environment as follows.

Note that you can either grab the files from the website, save them locally and upload to Glance, or have Glance grab the files and load into the environment direct from the site. I’ll describe both as you will have to load from a locally saved file for Windows due to having to accept an EULA before gaining access.


glance image-create \
  --name "cirros-image" \
  --disk-format qcow2 \
  --container-format bare \
  --copy-from \
  --is-public True \

You can use a username and password to log into CirrOS. This makes this tiny just-enough-OS great for testing and troubleshooting. Username: cirros, Password: Cubswin:)

Ubuntu 14.04

glance image-create \
–name “trusty-image” \
–disk-format qcow2 \
–container-format bare \
–copy-from \
–is-public True \

You’d specify a keypair to use when launching this image as there is no default username or password on these cloud images [that would be a disastrous security fail if so]. The username to log into these will be ‘root’ and the private key that matched the public key specified at launch would get you access.

Windows 2012 R2

For Windows, you can download an evaluation copy of Windows 2012 R2 and to do so you need to accept a license. Head over to and follow the instructions to download the image.

Once downloaded, you need to get this to OpenStack. As we’re using the Utility container for our access we need to get the image so it is accessible from there. There are alternative ways such as installing the OpenStack Client tools on your client which is ultimately how you’d use OpenStack. For now though, we will copy to the Utility container.

  1. Copy the Windows image to the Utility Container. All of the containers have an IP on the container ‘management’ network ( in my lab). View the IP address of the Utility container and use this IP. This network is available via my deployment host so I simply secure copy this over to the container:

    (performed as root on my deployment host as that has SSH access using keypairs to the containers)

    scp Windows2012R2.qcow2 root@
  2. We can then upload this to Glance as follows, note the use of –file instead of –copy-from:
    glance image-create \
      --name "windows-image" \
      --disk-format qcow2 \
      --container-format bare \
      --file ./Windows2012R2.qcow2 \
      --is-public True \

    This will take a while as the Windows images are naturally bigger than Linux ones. Once uploaded it will be available for our use.

Access to Windows instances will be by RDP, and although SSH keypairs are not used by this Windows image for RDP access, it is still required to get access to the randomly generated ‘Administrator’ passphrase, so when launching the Windows instance, specify a keypair.

Access to the Administrator password is then carried out using the following once you’ve launched an instance:

nova get-password myWindowsInstance .ssh/ida_rsa
Launching instances will be covered in a later topic!

OpenStack Nova CentOS Instance

I’ve been working on tweaking a CentOS 5.3 image you can download from as there seems to be a big bias towards running Ubuntu under OpenStack. This is great for getting OpenStack up and running, but for us evangelists that operate a RHEL family house, its crucial to be able to demonstrate like-for-like offerings against what you currently run to help promote its use.

This guide should get you to a point where you have a usable, useful CentOS image for your environment. When I get around to it I’ll upload my version for use in your environment with the modifications laid out in this blog post.

The Guide

  • Start off by downloading a compatible image from Eucalyptus: I’ll work on the 64-Bit CentOS 5.3 image for this guide.
  • mkdir cloud/images and unpack the tarball here
    • mkdir -p cloud/images
    • cd cloud/images
    • tar zxvf <path_to_tarball>/euca-centos-5.3-x86_64.tar.gz
    • cd euca-centos-5.3-x86_64
    • At this stage we’d normally upload the image to OpenStack but some modifications are needed such as increasing the size of the image to accommodate some new packages so we must first mount the image (read-only because we’re not needing to make edits to this yet) as follows
      • mkdir image
      • sudo mount centos.5-3.x86-64.img image -o loop,ro
    • Increase the size of the image as follows and copy the contents
      • dd if=/dev/zero of=newcentos.img bs=1M count=2048
      • mkfs.ext3 newcentos.img
      • mkdir newcentos
      • sudo mount newcentos.img newcentos -o loop,rw
      • sudo cp -pR image/* newcentos/
      • sudo umount image
  • Modify the image as follows
  • IMPORTANT! (ensure you’re chrooted as described below to your mounted image and you have verified that you’re not modifying your running environment – I accept no responsibility because you can’t read)
    • sudo su -
    • chroot ~/cloud/images/euca-centos-5.3-x86_64/newcentos
    • mount proc -t proc /proc
  • Now to modify the image and install some new packages…
    • yum update
    • yum install redhat-lsb sudo enhanced-vim
    • Remove /etc/udev/rules.d/* to stop the lengthy wait on boot
    • edit /etc/sysconfig/network and disable ZEROCONF (your instance will fail to download meta data from OpenStack nova-api otherwise)
      • NOZEROCONF=yes
    • Edit /etc/profile.d/
      • if [ -n "$BASH_VERSION" -o -n "$KSH_VERSION" -o -n "$ZSH_VERSION" ]
        [ -x /usr/bin/id ] || return
        tmpid=$(/usr/bin/id -u)
        [ "$tmpid" = "" ] && tmpid=0
        # for bash and zsh, only if no alias is already set
        alias vi >/dev/null 2>&1 || alias vi=vim
        alias view >/dev/null 2>&1 || alias view='vim -R'
    • Ensure /dev/null is writeable by all
      • chmod 777 /dev/null
  • That’s the modifications done, but feel free to add your own to suit your own environment so to wrap it up
    • umount /proc
    • logout
    • logout
    • sudo umount newcentos
    • To make things neat rename it appropriately
      • mv newcentos.img centos-5.5-x86_64.img

Upload CentOS image to OpenStack

  • Now you have a CentOS image suitable for OpenStack you need to upload it to OpenStack.
  • The tarball ships with 2 lots of kernels and ramdisks. I’ll assume you’ll be using KVM, but change the instructions to suit a Xen hypervisor.
    • Upload the kernel and make note of the ami
      • euca-bundle-image -i kvm-kernel/vmlinuz-2.6.28-11-generic
        --kernel true
      • euca-upload-bundle -b mybucket
        -m /tmp/vmlinuz-2.6.28-11-generic.manifest.xml
      • euca-register mybucket/vmlinuz-2.6.28-11-generic.manifest.xml
    • Upload the ramdisk and make a note of the ami
      • euca-bundle-image -i kvm-kernel/initrd.img-2.6.28-11-generic
        --ramdisk true
      • euca-upload-bundle -b mybucket
        -m /tmp/initrd.img-2.6.28-11-generic.manifest.xml
      • euca-register mybucket/initrd.img-2.6.28-11-generic.manifest.xml
    • Upload the machine image you modifed above, specifying the ami values from the steps above to specify the kernel and ramdisk to load with this
      • euca-bundle-image -i centos-5.5-x86_64.img
        --kernel aki-XXXXXXXX --ramdisk ari-XXXXXXXX
      • euca-upload-bundle -b mybucket
        -m /tmp/centos-5.5-x86_64.img.manifest.xml
      • euca-register mybucket/centos-5.5-x86_64.img.manifest.xml
  • That’s it done (you may have to wait a short while whilst it uploads to the nova-objectstore server) – you should now see your new AMI available
    • euca-describe-images
      • IMAGE    ami-reey5wk5    mybucket/centos.5-5.x86-64.img.manifest.xml   
        myproject    available    private        x86_64    machine    ami-f4ks8moj   
  • You can now use this to launch an instance
    • euca-run-instances ami-reey5wk5 -k openstack -t m1.tiny