openstack-4glance(镜像服务)

openstack-4glance(镜像服务)

Image service overview

Image服务(glance)使用户能够发现,注册和检索虚拟机映像。它提供了一个 REST API,使您可以查询虚拟机图像元数据并检索实际图像。您可以将通过Image服务提供的虚拟机映像存储在各种位置,从简单的文件系统到OpenStack Object Storage等对象存储系统。

Glance 是 OpenStack 镜像服务组件,glance 服务默认监听在 9292 端口,其接收 REST API 请
求,然后通过其他模块(glance-registry 及 image store)来完成诸如镜像的获取、上传、删除
等操作,Glance 提供 restful API 可以查询虚拟机镜像的 metadata,并且可以获得镜像,通过
Glance,虚拟机镜像可以被存储到多种存储上,比如简单的文件存储或者对象存储(比如
OpenStack 中 swift 项目)是在创建虚拟机的时候,需要先把镜像上传到 glance,对镜像的列
出镜像、删除镜像和上传镜像都是通过 glance 进行理,glance 有两个主要的服务,一个是
glace-api 接收镜像的删除上传和读取,一个是 glance-Registry。
glance-registry 负责与 mysql 数据交互,用于存储或获取镜像的元数据(metadata),提供镜
像元数据相关的 REST 接口,通过 glance-registry 可以向数据库中写入或获取镜像的各种数
据,glance-registyr 监听的端口是 9191,glance 数据库中有两张表,一张是 glance 表,一张
是 imane property 表,image 表保存了镜像格式、大小等信息,image property 表保存了镜像
的定制化信息。
image store 是一个存储的接口层,通过这个接口 glance 可以获取镜像,image store 支持的
存储有 Amazon 的 S3、openstack 本身的 swift、还有 ceph、glusterFS、sheepdog 等分布式存
储,image store 是镜像保存与读取的接口,但是它只是一个接口,具体的实现需要外部的支
持,glance 不需要配置消息队列,但是需要配置数据库和 keystone。
官方部署文档:https://docs.openstack.org/ocata/zh_CN/install-guide-rdo/common/get-started-image-service.html

安装和配置

先决条件

yum install nfs-utils
mkdir /data/images -p
chown 161.161 /data/images/ -R
cat /etc/exports
/data/images *(rw,no_root_squash)
systemctl restart nfs
systemctl enable nfs

客户端

[root@controller1 ~]# tail -1 /etc/fstab 
192.168.10.254:/data/images /var/lib/glance/images/ nfs defaults,_netdev 0 0

mysql

CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glancepass';

安全并配置组件

yum install openstack-glance python-memcached

编辑文件 /etc/glance/glance-api.conf 并完成如下动作:
在 [database] 部分,配置数据库访问:

[database]
connection = mysql+pymysql://glance:glancepass@192.168.10.233/glance

在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问:

[keystone_authtoken]
auth_uri = http://192.168.10.233:5000
auth_url = http://192.168.10.233:35357
memcached_servers = 192.168.10.233:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

在 [glance_store] 部分,配置本地文件系统存储和镜像文件位置:

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

编辑文件 /etc/glance/glance-registry.conf并完成如下动作:
在 [database] 部分,配置数据库访问:

[database]
connection = mysql+pymysql://glance:glancepass@192.168.10.233/glance

在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问:

[keystone_authtoken]
auth_uri = http://192.168.10.233:5000
auth_url = http://192.168.10.233:35357
memcached_servers = 192.168.10.233:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

写入镜像服务数据库:

su -s /bin/sh -c "glance-manage db_sync" glance

glance 服务注册

glance 服务注册
获得 admin 凭证来获取只有管理员能执行的命令的访问权限

source admin-ocata.sh

各服务之间与 keystone 进行访问和认证,service 用于给服务创建用户
创建 service 项目:

[root@controller1 ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | 0a8f301960df4c76bea868524707efe8 |
| enabled     | True                             |
| id          | ff71bd18ddc842599845c08a7ef7fbca |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | 0a8f301960df4c76bea868524707efe8 |
+-------------+----------------------------------+

要创建服务证书

[root@controller1 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | 0a8f301960df4c76bea868524707efe8 |
| enabled             | True                             |
| id                  | 7903947d3df2430a9de170282b17a123 |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
对 glance 用户授权

添加 admin 角色到 glance 用户和 service 项目上。

openstack role add --project service --user glance admin

创建 glance 服务

[root@controller1 ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 1d282d7b7b57405a98aac596f42f173d |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

创建镜像服务的 API 端点
创建公有 endpoint :

[root@controller1 ~]# openstack endpoint create --region RegionOne image public http://192.168.10.233:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3d1bc5df827c48de9df3772ae00dacf4 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1d282d7b7b57405a98aac596f42f173d |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.233:9292       |
+--------------+----------------------------------+

创建私有 endpoint :

[root@controller1 ~]# openstack endpoint create --region RegionOne image internal http://192.168.10.233:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | dc9f039ed9ec4ed286b76ddf7ebb8a81 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1d282d7b7b57405a98aac596f42f173d |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.233:9292       |
+--------------+----------------------------------+

创建 管理 endpoint :

[root@controller1 ~]# openstack endpoint create --region RegionOne image admin http://192.168.10.233:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 36d59ff6ca284344bfa4990d5c7bc071 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1d282d7b7b57405a98aac596f42f173d |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.233:9292       |
+--------------+----------------------------------+

查看

[root@controller1 ~]# openstack endpoint list
+-------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID                            | Region    | Service Name | Service Type | Enabled | Interface | URL                            |
+-------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| 36d59ff6ca284344bfa4990d5c7bc | RegionOne | glance       | image        | True    | admin     | http://192.168.10.233:9292     |
| 071                           |           |              |              |         |           |                                |
| 3d1bc5df827c48de9df3772ae00da | RegionOne | glance       | image        | True    | public    | http://192.168.10.233:9292     |
| cf4                           |           |              |              |         |           |                                |
| 4862d7d814f04fc08b0d5c5073a12 | RegionOne | keystone     | identity     | True    | admin     | http://192.168.10.233:35357/v3 |
| 09a                           |           |              |              |         |           |                                |
| 6b6ecf1ca488400784b0f9e35f5c4 | RegionOne | keystone     | identity     | True    | internal  | http://192.168.10.233:5000/v3  |
| b7e                           |           |              |              |         |           |                                |
| dc9f039ed9ec4ed286b76ddf7ebb8 | RegionOne | glance       | image        | True    | internal  | http://192.168.10.233:9292     |
| a81                           |           |              |              |         |           |                                |
| e0ecf07f27494ac1b1fadc11e1162 | RegionOne | keystone     | identity     | True    | public    | http://192.168.10.233:5000/v3  |
| b53                           |           |              |              |         |           |                                |
+-------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

[root@controller1 ~]# openstack user list
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 7903947d3df2430a9de170282b17a123 | glance |
| f7e61b8a40b7490694e8082dc6ecf9bc | admin  |
+----------------------------------+--------+
[root@controller1 ~]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 14c7c0b953754e0d9f30d4973e3e369d | admin   |
| ff71bd18ddc842599845c08a7ef7fbca | service |
+----------------------------------+---------+

完成安装

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service

这就是为什么之前将这个文件夹权限改为161

[root@controller1 ~]# id glance
uid=161(glance) gid=161(glance) groups=161(glance)

验证操作

获得 admin 凭证来获取只有管理员能执行的命令的访问权限

source admin-ocata.sh

在 glance 下载一个 0.3.5 版本的测试镜像

wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img

使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它

[root@controller1 ~]# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | f8ab98ff5e73ebab884d80c9dc9c7290                     |
| container_format | bare                                                 |
| created_at       | 2019-09-11T03:14:51Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/cac9811d-6590-4648-b1a0-6eda2e8e799e/file |
| id               | cac9811d-6590-4648-b1a0-6eda2e8e799e                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros                                               |
| owner            | 14c7c0b953754e0d9f30d4973e3e369d                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13267968                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2019-09-11T03:14:52Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+

验证 glance 镜像:

[root@controller1 ~]# glance image-list
+--------------------------------------+--------+
| ID                                   | Name   |
+--------------------------------------+--------+
| cac9811d-6590-4648-b1a0-6eda2e8e799e | cirros |
+--------------------------------------+--------+
[root@controller1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| cac9811d-6590-4648-b1a0-6eda2e8e799e | cirros | active |
+--------------------------------------+--------+--------+

查看指定镜像信息:

[root@controller1 ~]# openstack image show cirros
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | f8ab98ff5e73ebab884d80c9dc9c7290                     |
| container_format | bare                                                 |
| created_at       | 2019-09-11T03:14:51Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/cac9811d-6590-4648-b1a0-6eda2e8e799e/file |
| id               | cac9811d-6590-4648-b1a0-6eda2e8e799e                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros                                               |
| owner            | 14c7c0b953754e0d9f30d4973e3e369d                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13267968                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2019-09-11T03:14:52Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+
posted @ 2019-09-27 10:00  Final233  阅读(456)  评论(0编辑  收藏  举报