openstack-4glance(镜像服务)
openstack-4glance(镜像服务)
Image service overview
Image服务(glance)使用户能够发现,注册和检索虚拟机映像。它提供了一个 REST API,使您可以查询虚拟机图像元数据并检索实际图像。您可以将通过Image服务提供的虚拟机映像存储在各种位置,从简单的文件系统到OpenStack Object Storage等对象存储系统。
Glance 是 OpenStack 镜像服务组件,glance 服务默认监听在 9292 端口,其接收 REST API 请
求,然后通过其他模块(glance-registry 及 image store)来完成诸如镜像的获取、上传、删除
等操作,Glance 提供 restful API 可以查询虚拟机镜像的 metadata,并且可以获得镜像,通过
Glance,虚拟机镜像可以被存储到多种存储上,比如简单的文件存储或者对象存储(比如
OpenStack 中 swift 项目)是在创建虚拟机的时候,需要先把镜像上传到 glance,对镜像的列
出镜像、删除镜像和上传镜像都是通过 glance 进行理,glance 有两个主要的服务,一个是
glace-api 接收镜像的删除上传和读取,一个是 glance-Registry。
glance-registry 负责与 mysql 数据交互,用于存储或获取镜像的元数据(metadata),提供镜
像元数据相关的 REST 接口,通过 glance-registry 可以向数据库中写入或获取镜像的各种数
据,glance-registyr 监听的端口是 9191,glance 数据库中有两张表,一张是 glance 表,一张
是 imane property 表,image 表保存了镜像格式、大小等信息,image property 表保存了镜像
的定制化信息。
image store 是一个存储的接口层,通过这个接口 glance 可以获取镜像,image store 支持的
存储有 Amazon 的 S3、openstack 本身的 swift、还有 ceph、glusterFS、sheepdog 等分布式存
储,image store 是镜像保存与读取的接口,但是它只是一个接口,具体的实现需要外部的支
持,glance 不需要配置消息队列,但是需要配置数据库和 keystone。
官方部署文档:https://docs.openstack.org/ocata/zh_CN/install-guide-rdo/common/get-started-image-service.html
安装和配置
先决条件
yum install nfs-utils
mkdir /data/images -p
chown 161.161 /data/images/ -R
cat /etc/exports
/data/images *(rw,no_root_squash)
systemctl restart nfs
systemctl enable nfs
客户端
[root@controller1 ~]# tail -1 /etc/fstab
192.168.10.254:/data/images /var/lib/glance/images/ nfs defaults,_netdev 0 0
mysql
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glancepass';
安全并配置组件
yum install openstack-glance python-memcached
编辑文件 /etc/glance/glance-api.conf 并完成如下动作:
在 [database] 部分,配置数据库访问:
[database]
connection = mysql+pymysql://glance:glancepass@192.168.10.233/glance
在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问:
[keystone_authtoken]
auth_uri = http://192.168.10.233:5000
auth_url = http://192.168.10.233:35357
memcached_servers = 192.168.10.233:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
在 [glance_store] 部分,配置本地文件系统存储和镜像文件位置:
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
编辑文件 /etc/glance/glance-registry.conf
并完成如下动作:
在 [database] 部分,配置数据库访问:
[database]
connection = mysql+pymysql://glance:glancepass@192.168.10.233/glance
在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问:
[keystone_authtoken]
auth_uri = http://192.168.10.233:5000
auth_url = http://192.168.10.233:35357
memcached_servers = 192.168.10.233:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
写入镜像服务数据库:
su -s /bin/sh -c "glance-manage db_sync" glance
glance 服务注册
glance 服务注册
获得 admin 凭证来获取只有管理员能执行的命令的访问权限
source admin-ocata.sh
各服务之间与 keystone 进行访问和认证,service 用于给服务创建用户
创建 service 项目:
[root@controller1 ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | 0a8f301960df4c76bea868524707efe8 |
| enabled | True |
| id | ff71bd18ddc842599845c08a7ef7fbca |
| is_domain | False |
| name | service |
| parent_id | 0a8f301960df4c76bea868524707efe8 |
+-------------+----------------------------------+
要创建服务证书
[root@controller1 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 0a8f301960df4c76bea868524707efe8 |
| enabled | True |
| id | 7903947d3df2430a9de170282b17a123 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
对 glance 用户授权
添加 admin 角色到 glance 用户和 service 项目上。
openstack role add --project service --user glance admin
创建 glance 服务
[root@controller1 ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 1d282d7b7b57405a98aac596f42f173d |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建镜像服务的 API 端点
创建公有 endpoint :
[root@controller1 ~]# openstack endpoint create --region RegionOne image public http://192.168.10.233:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3d1bc5df827c48de9df3772ae00dacf4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1d282d7b7b57405a98aac596f42f173d |
| service_name | glance |
| service_type | image |
| url | http://192.168.10.233:9292 |
+--------------+----------------------------------+
创建私有 endpoint :
[root@controller1 ~]# openstack endpoint create --region RegionOne image internal http://192.168.10.233:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | dc9f039ed9ec4ed286b76ddf7ebb8a81 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1d282d7b7b57405a98aac596f42f173d |
| service_name | glance |
| service_type | image |
| url | http://192.168.10.233:9292 |
+--------------+----------------------------------+
创建 管理 endpoint :
[root@controller1 ~]# openstack endpoint create --region RegionOne image admin http://192.168.10.233:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 36d59ff6ca284344bfa4990d5c7bc071 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1d282d7b7b57405a98aac596f42f173d |
| service_name | glance |
| service_type | image |
| url | http://192.168.10.233:9292 |
+--------------+----------------------------------+
查看
[root@controller1 ~]# openstack endpoint list
+-------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+-------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| 36d59ff6ca284344bfa4990d5c7bc | RegionOne | glance | image | True | admin | http://192.168.10.233:9292 |
| 071 | | | | | | |
| 3d1bc5df827c48de9df3772ae00da | RegionOne | glance | image | True | public | http://192.168.10.233:9292 |
| cf4 | | | | | | |
| 4862d7d814f04fc08b0d5c5073a12 | RegionOne | keystone | identity | True | admin | http://192.168.10.233:35357/v3 |
| 09a | | | | | | |
| 6b6ecf1ca488400784b0f9e35f5c4 | RegionOne | keystone | identity | True | internal | http://192.168.10.233:5000/v3 |
| b7e | | | | | | |
| dc9f039ed9ec4ed286b76ddf7ebb8 | RegionOne | glance | image | True | internal | http://192.168.10.233:9292 |
| a81 | | | | | | |
| e0ecf07f27494ac1b1fadc11e1162 | RegionOne | keystone | identity | True | public | http://192.168.10.233:5000/v3 |
| b53 | | | | | | |
+-------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
[root@controller1 ~]# openstack user list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 7903947d3df2430a9de170282b17a123 | glance |
| f7e61b8a40b7490694e8082dc6ecf9bc | admin |
+----------------------------------+--------+
[root@controller1 ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 14c7c0b953754e0d9f30d4973e3e369d | admin |
| ff71bd18ddc842599845c08a7ef7fbca | service |
+----------------------------------+---------+
完成安装
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
这就是为什么之前将这个文件夹权限改为161
[root@controller1 ~]# id glance
uid=161(glance) gid=161(glance) groups=161(glance)
验证操作
获得 admin 凭证来获取只有管理员能执行的命令的访问权限
source admin-ocata.sh
在 glance 下载一个 0.3.5 版本的测试镜像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
[root@controller1 ~]# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | f8ab98ff5e73ebab884d80c9dc9c7290 |
| container_format | bare |
| created_at | 2019-09-11T03:14:51Z |
| disk_format | qcow2 |
| file | /v2/images/cac9811d-6590-4648-b1a0-6eda2e8e799e/file |
| id | cac9811d-6590-4648-b1a0-6eda2e8e799e |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 14c7c0b953754e0d9f30d4973e3e369d |
| protected | False |
| schema | /v2/schemas/image |
| size | 13267968 |
| status | active |
| tags | |
| updated_at | 2019-09-11T03:14:52Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
验证 glance 镜像:
[root@controller1 ~]# glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| cac9811d-6590-4648-b1a0-6eda2e8e799e | cirros |
+--------------------------------------+--------+
[root@controller1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| cac9811d-6590-4648-b1a0-6eda2e8e799e | cirros | active |
+--------------------------------------+--------+--------+
查看指定镜像信息:
[root@controller1 ~]# openstack image show cirros
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | f8ab98ff5e73ebab884d80c9dc9c7290 |
| container_format | bare |
| created_at | 2019-09-11T03:14:51Z |
| disk_format | qcow2 |
| file | /v2/images/cac9811d-6590-4648-b1a0-6eda2e8e799e/file |
| id | cac9811d-6590-4648-b1a0-6eda2e8e799e |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 14c7c0b953754e0d9f30d4973e3e369d |
| protected | False |
| schema | /v2/schemas/image |
| size | 13267968 |
| status | active |
| tags | |
| updated_at | 2019-09-11T03:14:52Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+