安裝glance映象服務
一、映象服務glance的介紹
1. glance服務概覽
映象服務 (glance) 允許使用者發現、註冊和獲取虛擬機器映象。它提供了一個 REST API,允許查詢虛擬機器映象的 metadata 並獲取一個現存的映象。可以將虛擬機器映象儲存到各種位置,從簡單的檔案系統到物件儲存系統—-例如 OpenStack 物件儲存, 並通過映象服務使用。
本節描述了使用`file``作為後端配置映象服務,能夠上傳並存儲在一個託管映象服務的控制節點目錄中。預設情況下,這個目錄是 /var/lib/glance/images/
OpenStack映象服務是IaaS的核心服務,它接受磁碟映象或伺服器映象API請求,和來自終端使用者或OpenStack計算元件的元資料定義。它也支援包括OpenStack物件儲存在內的多種型別倉庫上的磁碟映象或伺服器映象儲存。
2. OpenStack映象服務包括以下元件:
glance-api
接收映象API的呼叫,諸如映象發現、恢復、儲存。
glance-registry
儲存、處理和恢復映象的元資料,元資料包括項諸如大小和型別。
注:glance-registry是私有內部服務,用於服務OpenStack Image服務。不要向用戶暴露該服務
資料庫
存放映象元資料,使用者是可以依據個人喜好選擇資料庫的,多數的部署使用MySQL或SQLite
映象檔案的儲存倉庫
支援多種型別的倉庫,它們有普通檔案系統、物件儲存、RADOS塊裝置、HTTP、以及亞馬遜S3。記住,其中一些倉庫僅支援只讀方式使用。
元資料定義服務
通用的API,是用於為廠商,管理員,服務,以及使用者自定義元資料。這種元資料可用於不同的資源,例如映象,工件,卷,配額以及集合。一個定義包括了新屬性的鍵,描述,約束以及可以與之關聯的資源的型別。
二、glance 安裝和配置
在控制節點上安裝和配置映象服務,即 glance。簡單來說,這個配置將映象儲存在本地檔案系統中。
1. 先決條件
安裝和配置映象服務之前,必須建立建立一個數據庫、服務憑證和API端點。
1)資料庫創庫授權
a. 用資料庫連線客戶端以 root使用者連線到資料庫伺服器
[root@controller ~]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection idis 18 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
b.建立 glance資料庫
MariaDB [(none)]> CREATE DATABASE glance; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | glance | | information_schema | | keystone | | mysql | | performance_schema | | test | +--------------------+ 6 rows in set (0.00 sec) MariaDB [(none)]>
c.對``glance``資料庫授予恰當的許可權
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>
d.退出資料庫客戶端
MariaDB [(none)]> exit
Bye
[root@controller ~]#
2)獲得 admin 憑證來獲取只有管理員能執行的命令的訪問許可權
[root@controller ~]# source admin-openrc
3)要建立服務證書,完成這些步驟
a.建立 glance使用者
[root@controller ~]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d9ffe8683c84401cbad69ac5a73482a8 | | enabled | True | | id | acf0a73244c746d78a6fcc57117e8780 | | name | glance | +-----------+----------------------------------+
b.新增 admin 角色到 glance 使用者和 service 專案上
[root@controller ~]# openstack role add --project service --user glance admin
c.建立``glance``服務實體
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | 2474b3971aad497389bf0b8580ec3ef6 | | name | glance | | type | image | +-------------+----------------------------------+
d.建立映象服務的 API 端點
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | ff6b67d33f2e47d49777db92644eb323 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 2474b3971aad497389bf0b8580ec3ef6 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 47e6122cde03447c93db46b76d47ba7b | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 2474b3971aad497389bf0b8580ec3ef6 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | af239c4d874d46c5b65c9aedf58c251e | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 2474b3971aad497389bf0b8580ec3ef6 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+
2. 配置glance 元件
1)安裝軟體包
[root@controller ~]# yum install openstack-glance -y
2)編輯檔案 /etc/glance/glance-api.conf 並完成如下動作
[root@controller ~]# cp /etc/glance/glance-api.conf{,.bak} [root@controller ~]# grep -Ev '^$|#' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf [root@controller ~]# cat /etc/glance/glance-api.conf [DEFAULT] [cors] [cors.subdomain] [database] [glance_store] [image_format] [keystone_authtoken] [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] [profiler] [store_type_location_strategy] [task] [taskflow_executor]
a.在 [database]部分,配置資料庫訪問
使用用openstack-config更改上面的配置
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:123456@controller/glance [root@controller ~]# cat /etc/glance/glance-api.conf [DEFAULT] [cors] [cors.subdomain] [database] connection = mysql+pymysql://glance:123456@controller/glance [glance_store] [image_format] [keystone_authtoken] [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] [profiler] [store_type_location_strategy] [task] [taskflow_executor]
b.在 [keystone_authtoken] 和 [paste_deploy] 部分,配置認證服務訪問
使用用openstack-config更改上面的配置
#配置[keystone_authtoken]部分
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000 [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357 [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211 [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password 123456
#配置[paste_deploy]部分 [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
#檢視 [root@controller ~]# cat /etc/glance/glance-api.conf [DEFAULT] [cors] [cors.subdomain] [database] connection = mysql+pymysql://glance:123456@controller/glance [glance_store] [image_format] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor]
c.在 [glance_store] 部分,配置本地檔案系統儲存和映象檔案位置
使用用openstack-config更改上面的配置
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf glance_store default_store file [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/ [root@controller ~]# cat /etc/glance/glance-api.conf [DEFAULT] [cors] [cors.subdomain] [database] connection = mysql+pymysql://glance:123456@controller/glance [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ #本地儲存位置 [image_format] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor]
3)編輯檔案 ``/etc/glance/glance-registry.conf``並完成如下動作
[root@controller ~]# cp /etc/glance/glance-registry.conf{,.bak} [root@controller ~]# grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak >/etc/glance/glance-registry.conf [root@controller ~]# cat /etc/glance/glance-registry.conf [DEFAULT] [database] [glance_store] [keystone_authtoken] [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] [profiler]
a.在 [database] 部分,配置資料庫訪問
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:123456@controller/glance [root@controller ~]# cat /etc/glance/glance-registry.conf [DEFAULT] [database] connection = mysql+pymysql://glance:123456@controller/glance [glance_store] [keystone_authtoken] [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] [profiler]
b.在 [keystone_authtoken] 和 [paste_deploy] 部分,配置認證服務訪問
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000 [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357 [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211 [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password 123456 [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone [root@controller ~]# cat /etc/glance/glance-registry.conf [DEFAULT] [database] connection = mysql+pymysql://glance:123456@controller/glance [glance_store] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler]
4)寫入映象服務資料庫
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future. /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade expire_on_commit=expire_on_commit, _conf=conf) /usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.') result = self._query(query) #忽略輸出中任何不推薦使用的資訊
#測試驗證同步是否成功 [root@controller ~]# mysql -uroot -p123456 glance -e "show tables;" +----------------------------------+ | Tables_in_glance | +----------------------------------+ | artifact_blob_locations | | artifact_blobs | | artifact_dependencies | | artifact_properties | | artifact_tags | | artifacts | | image_locations | | image_members | | image_properties | | image_tags | | images | | metadef_namespace_resource_types | | metadef_namespaces | | metadef_objects | | metadef_properties | | metadef_resource_types | | metadef_tags | | migrate_version | | task_info | | tasks | +----------------------------------+
3.啟動映象服務、配置他們隨機啟動
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl status openstack-glance-api.service openstack-glance-registry.service ● openstack-glance-api.service - OpenStack Image Service (code-named Glance) API server Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2020-11-14 20:07:16 CST; 8s ago Main PID: 88266 (glance-api) CGroup: /system.slice/openstack-glance-api.service ├─88266 /usr/bin/python2 /usr/bin/glance-api └─88285 /usr/bin/python2 /usr/bin/glance-api Nov 14 20:07:18 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately. Nov 14 20:07:18 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:19 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately. Nov 14 20:07:19 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:19 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately. Nov 14 20:07:19 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately. Nov 14 20:07:21 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately. Nov 14 20:07:21 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) ● openstack-glance-registry.service - OpenStack Image Service (code-named Glance) Registry server Loaded: loaded (/usr/lib/systemd/system/openstack-glance-registry.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2020-11-14 20:07:16 CST; 8s ago Main PID: 88267 (glance-registry) CGroup: /system.slice/openstack-glance-registry.service ├─88267 /usr/bin/python2 /usr/bin/glance-registry └─88286 /usr/bin/python2 /usr/bin/glance-registry Nov 14 20:07:20 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately. Nov 14 20:07:20 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately. Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately. Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately. Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately. Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Hint: Some lines were ellipsized, use -l to show in full.
[root@controller ~]# netstat -lntup |grep python2 tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 88266/python2 tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 88267/python2
注:監聽埠一個9191,一個9292
4. 驗證
使用`CirrOS <http://launchpad.net/cirros>`__對映象服務進行驗證,CirrOS是一個小型的Linux映象可以用來進行 OpenStack部署測試
1)獲得 admin憑證來獲取只有管理員能執行的命令的訪問許可權
[root@controller ~]# source admin-openrc
2)下載源映象
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# ll total 12988 -rw-r--r-- 1 root root 271 Nov 13 22:26 admin-openrc -rw-------. 1 root root 1448 Aug 9 2018 anaconda-ks.cfg -rw-r--r-- 1 root root 13287936 Sep 8 21:34 cirros-0.3.4-x86_64-disk.img
3)使用 qcow2磁碟格式, bare容器格式上傳映象到映象服務並設定公共可見,這樣所有的專案都可以訪問它
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2020-11-14T12:17:52Z | | disk_format | qcow2 | | file | /v2/images/13dcc297-97dd-4c59-9a81-b6c731e792e1/file | | id | 13dcc297-97dd-4c59-9a81-b6c731e792e1 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | b5eb87802cca4ada8f71be3483cd959c | | protected | False | | schema | /v2/schemas/image | | size | 13287936 | | status | active | | tags | | | updated_at | 2020-11-14T12:17:54Z | | virtual_size | None | | visibility | public | +------------------+------------------------------------------------------+#檢視儲存的檔案大小 [root@controller ~]# ll -h /var/lib/glance/images/ total 13M -rw-r----- 1 glance glance 13M Nov 14 20:17 13dcc297-97dd-4c59-9a81-b6c731e792e1 [root@controller ~]# ll -h . total 13M -rw-r--r-- 1 root root 271 Nov 13 22:26 admin-openrc -rw-------. 1 root root 1.5K Aug 9 2018 anaconda-ks.cfg -rw-r--r-- 1 root root 13M Sep 8 21:34 cirros-0.3.4-x86_64-disk.img
4)確認映象的上傳並驗證屬性
[root@controller ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 13dcc297-97dd-4c59-9a81-b6c731e792e1 | cirros | active | +--------------------------------------+--------+--------+ [root@controller ~]# glance image-list +--------------------------------------+--------+ | ID | Name | +--------------------------------------+--------+ | 13dcc297-97dd-4c59-9a81-b6c731e792e1 | cirros | +--------------------------------------+--------+ [root@controller ~]# glance image-show 13dcc297-97dd-4c59-9a81-b6c731e792e1 +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2020-11-14T12:17:52Z | | disk_format | qcow2 | | id | 13dcc297-97dd-4c59-9a81-b6c731e792e1 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | b5eb87802cca4ada8f71be3483cd959c | | protected | False | | size | 13287936 | | status | active | | tags | [] | | updated_at | 2020-11-14T12:17:54Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------+