安装OpenStack镜像服务glance
一、镜像服务glance的介绍
1. glance服务概览
镜像服务 (glance) 允许用户发现、注册和获取虚拟机镜像。它提供了一个 REST API,允许查询虚拟机镜像的 metadata 并获取一个现存的镜像。可以将虚拟机镜像存储到各种位置,从简单的文件系统到对象存储系统—-例如 OpenStack 对象存储, 并通过镜像服务使用。
本节描述了使用`file``作为后端配置镜像服务,能够上传并存储在一个托管镜像服务的控制节点目录中。默认情况下,这个目录是 /var/lib/glance/images/
OpenStack镜像服务是IaaS的核心服务,它接受磁盘镜像或服务器镜像API请求,和来自终端用户或OpenStack计算组件的元数据定义。它也支持包括OpenStack对象存储在内的多种类型仓库上的磁盘镜像或服务器镜像存储。
2. OpenStack镜像服务包括以下组件:
glance-api
接收镜像API的调用,诸如镜像发现、恢复、存储。
glance-registry
存储、处理和恢复镜像的元数据,元数据包括项诸如大小和类型。
注:glance-registry是私有内部服务,用于服务OpenStack Image服务。不要向用户暴露该服务
数据库
存放镜像元数据,用户是可以依据个人喜好选择数据库的,多数的部署使用MySQL或SQLite
镜像文件的存储仓库
支持多种类型的仓库,它们有普通文件系统、对象存储、RADOS块设备、HTTP、以及亚马逊S3。记住,其中一些仓库仅支持只读方式使用。
元数据定义服务
通用的API,是用于为厂商,管理员,服务,以及用户自定义元数据。这种元数据可用于不同的资源,例如镜像,工件,卷,配额以及集合。一个定义包括了新属性的键,描述,约束以及可以与之关联的资源的类型。
二、glance 安装和配置
在控制节点上安装和配置镜像服务,即 glance。简单来说,这个配置将镜像保存在本地文件系统中。
1. 先决条件
安装和配置镜像服务之前,必须创建创建一个数据库、服务凭证和API端点。
1)数据库创库授权
a. 用数据库连接客户端以 root 用户连接到数据库服务器
[root@controller ~]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 18 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
b.创建 glance 数据库
MariaDB [(none)]> CREATE DATABASE glance; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | glance | | information_schema | | keystone | | mysql | | performance_schema | | test | +--------------------+ 6 rows in set (0.00 sec) MariaDB [(none)]>
c.对``glance``数据库授予恰当的权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>
d.退出数据库客户端
MariaDB [(none)]> exit
Bye
[root@controller ~]#
2)获得 admin 凭证来获取只有管理员能执行的命令的访问权限
[root@controller ~]# source admin-openrc
3)要创建服务证书,完成这些步骤
a.创建 glance 用户
[root@controller ~]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d9ffe8683c84401cbad69ac5a73482a8 | | enabled | True | | id | acf0a73244c746d78a6fcc57117e8780 | | name | glance | +-----------+----------------------------------+
b.添加 admin 角色到 glance 用户和 service 项目上
[root@controller ~]# openstack role add --project service --user glance admin
c.创建``glance``服务实体
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | 2474b3971aad497389bf0b8580ec3ef6 | | name | glance | | type | image | +-------------+----------------------------------+
d.创建镜像服务的 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | ff6b67d33f2e47d49777db92644eb323 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 2474b3971aad497389bf0b8580ec3ef6 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 47e6122cde03447c93db46b76d47ba7b | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 2474b3971aad497389bf0b8580ec3ef6 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | af239c4d874d46c5b65c9aedf58c251e | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 2474b3971aad497389bf0b8580ec3ef6 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+
2. 配置glance 组件
1)安装软件包
[root@controller ~]# yum install openstack-glance -y
2)编辑文件 /etc/glance/glance-api.conf 并完成如下动作
[root@controller ~]# cp /etc/glance/glance-api.conf{,.bak} [root@controller ~]# grep -Ev '^$|#' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf [root@controller ~]# cat /etc/glance/glance-api.conf [DEFAULT] [cors] [cors.subdomain] [database] [glance_store] [image_format] [keystone_authtoken] [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] [profiler] [store_type_location_strategy] [task] [taskflow_executor]
a.在 [database] 部分,配置数据库访问
使用用openstack-config更改上面的配置
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:123456@controller/glance [root@controller ~]# cat /etc/glance/glance-api.conf [DEFAULT] [cors] [cors.subdomain] [database] connection = mysql+pymysql://glance:123456@controller/glance [glance_store] [image_format] [keystone_authtoken] [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] [profiler] [store_type_location_strategy] [task] [taskflow_executor]
b.在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问
使用用openstack-config更改上面的配置
#配置[keystone_authtoken]部分
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000 [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357 [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211 [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password 123456
#配置 [paste_deploy]部分 [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
#查看 [root@controller ~]# cat /etc/glance/glance-api.conf [DEFAULT] [cors] [cors.subdomain] [database] connection = mysql+pymysql://glance:123456@controller/glance [glance_store] [image_format] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor]
c.在 [glance_store] 部分,配置本地文件系统存储和镜像文件位置
使用用openstack-config更改上面的配置
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf glance_store default_store file [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/ [root@controller ~]# cat /etc/glance/glance-api.conf [DEFAULT] [cors] [cors.subdomain] [database] connection = mysql+pymysql://glance:123456@controller/glance [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ #本地存储位置 [image_format] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor]
3)编辑文件 ``/etc/glance/glance-registry.conf``并完成如下动作
[root@controller ~]# cp /etc/glance/glance-registry.conf{,.bak} [root@controller ~]# grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak >/etc/glance/glance-registry.conf [root@controller ~]# cat /etc/glance/glance-registry.conf [DEFAULT] [database] [glance_store] [keystone_authtoken] [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] [profiler]
a.在 [database] 部分,配置数据库访问
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:123456@controller/glance [root@controller ~]# cat /etc/glance/glance-registry.conf [DEFAULT] [database] connection = mysql+pymysql://glance:123456@controller/glance [glance_store] [keystone_authtoken] [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] [profiler]
b.在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000 [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357 [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211 [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password 123456 [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone [root@controller ~]# cat /etc/glance/glance-registry.conf [DEFAULT] [database] connection = mysql+pymysql://glance:123456@controller/glance [glance_store] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler]
4)写入镜像服务数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future. /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade expire_on_commit=expire_on_commit, _conf=conf) /usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.') result = self._query(query) #忽略输出中任何不推荐使用的信息
#测试验证同步是否成功 [root@controller ~]# mysql -uroot -p123456 glance -e "show tables;" +----------------------------------+ | Tables_in_glance | +----------------------------------+ | artifact_blob_locations | | artifact_blobs | | artifact_dependencies | | artifact_properties | | artifact_tags | | artifacts | | image_locations | | image_members | | image_properties | | image_tags | | images | | metadef_namespace_resource_types | | metadef_namespaces | | metadef_objects | | metadef_properties | | metadef_resource_types | | metadef_tags | | migrate_version | | task_info | | tasks | +----------------------------------+
3.启动镜像服务、配置他们随机启动
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl status openstack-glance-api.service openstack-glance-registry.service ● openstack-glance-api.service - OpenStack Image Service (code-named Glance) API server Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2020-11-14 20:07:16 CST; 8s ago Main PID: 88266 (glance-api) CGroup: /system.slice/openstack-glance-api.service ├─88266 /usr/bin/python2 /usr/bin/glance-api └─88285 /usr/bin/python2 /usr/bin/glance-api Nov 14 20:07:18 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately. Nov 14 20:07:18 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:19 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately. Nov 14 20:07:19 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:19 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately. Nov 14 20:07:19 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately. Nov 14 20:07:21 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately. Nov 14 20:07:21 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) ● openstack-glance-registry.service - OpenStack Image Service (code-named Glance) Registry server Loaded: loaded (/usr/lib/systemd/system/openstack-glance-registry.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2020-11-14 20:07:16 CST; 8s ago Main PID: 88267 (glance-registry) CGroup: /system.slice/openstack-glance-registry.service ├─88267 /usr/bin/python2 /usr/bin/glance-registry └─88286 /usr/bin/python2 /usr/bin/glance-registry Nov 14 20:07:20 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately. Nov 14 20:07:20 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately. Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately. Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately. Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately. Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False) Hint: Some lines were ellipsized, use -l to show in full.
[root@controller ~]# netstat -lntup |grep python2 tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 88266/python2 tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 88267/python2
注:监听端口一个9191,一个9292
4. 验证
使用 `CirrOS <http://launchpad.net/cirros>`__对镜像服务进行验证,CirrOS是一个小型的Linux镜像可以用来进行 OpenStack部署测试
1)获得 admin凭证来获取只有管理员能执行的命令的访问权限
[root@controller ~]# source admin-openrc
2)下载源镜像
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# ll total 12988 -rw-r--r-- 1 root root 271 Nov 13 22:26 admin-openrc -rw-------. 1 root root 1448 Aug 9 2018 anaconda-ks.cfg -rw-r--r-- 1 root root 13287936 Sep 8 21:34 cirros-0.3.4-x86_64-disk.img
3)使用 qcow2磁盘格式, bare容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2020-11-14T12:17:52Z | | disk_format | qcow2 | | file | /v2/images/13dcc297-97dd-4c59-9a81-b6c731e792e1/file | | id | 13dcc297-97dd-4c59-9a81-b6c731e792e1 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | b5eb87802cca4ada8f71be3483cd959c | | protected | False | | schema | /v2/schemas/image | | size | 13287936 | | status | active | | tags | | | updated_at | 2020-11-14T12:17:54Z | | virtual_size | None | | visibility | public | +------------------+------------------------------------------------------+
#查看存储的文件大小 [root@controller ~]# ll -h /var/lib/glance/images/ total 13M -rw-r----- 1 glance glance 13M Nov 14 20:17 13dcc297-97dd-4c59-9a81-b6c731e792e1 [root@controller ~]# ll -h . total 13M -rw-r--r-- 1 root root 271 Nov 13 22:26 admin-openrc -rw-------. 1 root root 1.5K Aug 9 2018 anaconda-ks.cfg -rw-r--r-- 1 root root 13M Sep 8 21:34 cirros-0.3.4-x86_64-disk.img
4)确认镜像的上传并验证属性
[root@controller ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 13dcc297-97dd-4c59-9a81-b6c731e792e1 | cirros | active | +--------------------------------------+--------+--------+ [root@controller ~]# glance image-list +--------------------------------------+--------+ | ID | Name | +--------------------------------------+--------+ | 13dcc297-97dd-4c59-9a81-b6c731e792e1 | cirros | +--------------------------------------+--------+ [root@controller ~]# glance image-show 13dcc297-97dd-4c59-9a81-b6c731e792e1 +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2020-11-14T12:17:52Z | | disk_format | qcow2 | | id | 13dcc297-97dd-4c59-9a81-b6c731e792e1 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | b5eb87802cca4ada8f71be3483cd959c | | protected | False | | size | 13287936 | | status | active | | tags | [] | | updated_at | 2020-11-14T12:17:54Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------+
