Checking the integrity of images in OpenStack

OpenStack has built-in mechanisms for monitoring the integrity of instance images, in case of violation of the integrity of the image, the instance running from this image will automatically go into the “Error” status.

To check the integrity of images, do the following:

  1. On the mysql control node, log in to the Database, switch the database to Glance. View a list of all Glance database tables. Select a mirror database:

    ../../_images/mirroring_db.png

    Database tables

    Describe the images:

    ../../_images/describe_images.png

    Database tables

  2. Request a Mirror Checksum Value:

    ../../_images/query_hash.png

    Request a checksum value

  3. Changing the mirror checksum value updates the images to checksum=‘123’ where id=”aaac937e-afdd-40fb-b682-b0a04944ac2d”:

    ../../_images/image_updating.png

    Request a checksum value

    ../../_images/checksum.png

    Changing the checksum

  4. Use an image to create instance and the creation will fail (if successful, the image cache may not be cleared):

    ../../_images/creation_vm.png

    Changing the checksum

This mechanism can be effectively used to control the integrity of instance images.