本章目录
1、概述
2、Glance架构
3、安装配置Glance
一、概述
理解image Service
Image Service的功能是管理Image,让用户能够发现、获取和保存Image。
在OpenStack中,提供Image Service的是Glance,其具体功能如下:
- 提供REST API,让用户能够查询和获取image的元数据和image本身。
- 支持多种方式存储image,包括普通的文件系统、Swift、Amazon S3等。
- 对Instance执行Snapshot创建新的image。
二、Glance架构
glance架构.jpg
OpenStack镜像服务包括以下组件:
-
glance-api
接收镜像API的调用,诸如镜像发现、恢复、存储。
-
glance-registry
存储、处理和恢复镜像的元数据,元数据包括项诸如大小和类型。
-
有两个配置文件,一个api.conf和registry.conf
需要keystone认证
三、安装配置Glance
1、创建数据库并授权
1、登录数据库
mysql mysql -u root -p
2、创建数据库
MariaDB [(none)]> CREATE DATABASE glance;
3、授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'glance';
4、查看验证
[root@controller ~]# mysql -uglance -pglance -e "show databases;"
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
+--------------------+
[root@controller ~]#
2、创建glance用户、关联角色、在keystone上创建服务和注册api
1、创建用户
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:glance
Repeat User Password:glance
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 31be40e20245472da1e5a6da135777f6 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
帮助小技巧:(例如查看openstack的user如何使用)
#扩展非交互式创建用户方法(可以将上述创建用户的步骤改为此方法)
#[root@controller ~]# openstack user create --domain default --password glance(密码) glance(用户)
2、关联角色
Add the admin role to the glance user and service project:
添加 admin 角色到 glance 用户和 service 项目上:
[root@controller ~]# openstack role add --project service --user glance admin
#查看命令小技巧,执行错误命令
[root@controller ~]# openstack user (错误执行可以查看相关命令)
openstack: 'user' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
user create
user delete
user list
user password set
..........
[root@controller ~]# openstack user list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 31be40e20245472da1e5a6da135777f6 | glance |
| e1011877fc5d4275b7e4394463883ee0 | myuser |
| ef761eff8f434c558b42ed37406dd217 | admin |
+----------------------------------+--------+
可以看到这些表都在keystone库中:
[root@controller ~]# mysql keystone -e "show tables"|grep user
federated_user
local_user
nonlocal_user
user
user_group_membership
user_option
3、在keystone上创建服务和注册api(都存在于keystone的表里)
3.1 Create the glance service entity:
[root@controller ~]# openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| name | glance |
| type | image |
+-------------+----------------------------------+
3.2 Create the Image service API endpoints:
注意:理论上是需要三个不同的IP创建,三块网卡,例如公网内网,但是这里也可以使用一块网卡
创建注册api:
[root@controller ~]# openstack endpoint create --region RegionOne \
image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 340be3625e9b4239a6415d034e98aace |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a6e4b153c2ae4c919eccfdbb7dceb5d2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0c37ed58103f4300a84ff125a539032d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
注意:如果上边创建错误,可以使用如下方法删除
[root@controller ~]# openstack endpoint
openstack: 'endpoint' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
endpoint add project
endpoint create
endpoint delete
....
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
| 316aea3c70c644a3a7f730f09a0d13bd | RegionOne | keystone | identity | True | internal | http://192.168.223.157:5000/v3/ |
| 388088f25766420b8e4a5e0dac81c3aa | RegionOne | glance | image | True | public | http://192.168.223.157:9292 |
| 4449ed76319d47ab94f1755b370b0089 | RegionOne | keystone | identity | True | admin | http://192.168.223.157:5000/v3/ |
| 5728a92401f54d03891daa85ee8e0409 | RegionOne | glance | image | True | internal | http://192.168.223.157:9292 |
| 82003a6672cb4f38a8bf2300c8cf5b91 | RegionOne | keystone | identity | True | public | http://192.168.223.157:5000/v3/ |
| e14725b9f6ae4c1ab442ceffd59c2232 | RegionOne | glance | image | True | admin | http://192.168.223.157:9292 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
[root@controller ~]# openstack endpoint delete ID号
3、安装、配置glance
安装软件包
[root@controller ~]# yum -y install openstack-glance
修改配置文件
(1) 修改配置文件:/etc/glance/glance-api.conf
修改配置文件(两个配置文件需要修改)
配置文件:/etc/glance/glance-api.conf
三处:数据库连接信息、keystone认证信息、paste_deploy、glance_store
[root@controller ~]# vim /etc/glance/glance-api.conf
第一处:
[database]
connection = mysql+pymysql://glance:glance@controller/glance
第二处:
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
第三处:
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
自动化配置工具:yum -y install openstack-utils.noarch
——————————————————————————————————————————————————————————————————————————————————————
cp -a /etc/glance/glance-api.conf{,.bak}
grep -Ev '^$|#' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password glance
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
(2) 修改配置文件/etc/glance/glance-registry.conf
配置文件/etc/glance/glance-registry.conf
修改三处:
[root@host157_node1 ~]# vim /etc/glance/glance-registry.conf
1、数据库
[database]
#connection = <None>修改此行配置
connection = mysql+pymysql://glance:glance@controller/glance
2、keystone认证
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
3、启用keystone认证
[paste_deploy]
flavor = keystone
-------------------------------------------------------------------------------------
cp -a /etc/glance/glance-registry.conf{,.bak}
grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password glance
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
4、同步数据库
1、同步数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
Database is synced successfully.
2、查看同步的表结构
[root@controller ~]# mysql -uglance -pglance -e "use glance;show tables;"
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| alembic_version |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
5、启动glance
1、设置开机自启:
[root@controller ~]# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
2、启动
[root@controller ~]#systemctl start openstack-glance-api.service \
openstack-glance-registry.service
[root@controller ~]# ps -ef|grep glance
glance 14942 1 20 18:33 ? 00:00:01 /usr/bin/python2 /usr/bin/glance-api
glance 14943 1 15 18:33 ? 00:00:01 /usr/bin/python2 /usr/bin/glance-registry
glance 14966 14943 0 18:33 ? 00:00:00 /usr/bin/python2 /usr/bin/glance-registry
glance 14967 14942 0 18:33 ? 00:00:00 /usr/bin/python2 /usr/bin/glance-api
root 14969 14366 0 18:33 pts/1 00:00:00 grep --color=auto glance
3、查看监听的端口(两个端口9191和9292,重点查看9292注册api的时候使用的9292)
[root@controller ~]# netstat -tunlp | egrep "9191|9292"
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 20343/python2
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 20342/python2
.....
[root@controller ~]# ps -ef|grep 20342
glance 20342 1 1 17:02 ? 00:00:05 /usr/bin/python2 /usr/bin/glance-api
glance 20367 20342 0 17:02 ? 00:00:00 /usr/bin/python2 /usr/bin/glance-api
root 20611 14875 0 17:08 pts/1 00:00:00 grep --color=auto 20342
[root@controller ~]# ps -ef|grep 20343
glance 20343 1 1 17:02 ? 00:00:05 /usr/bin/python2 /usr/bin/glance-registry
glance 20366 20343 0 17:02 ? 00:00:00 /usr/bin/python2 /usr/bin/glance-registry
root 20615 14875 0 17:08 pts/1 00:00:00 grep --color=auto 20343
6、创建认证
[root@controller ~]# . admin-openrc #需要source环境变量,要无法执行openstack短命令
[root@controller ~]# openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | c3eb02a214464a5e9dbf45b2f4854356 |
| name | glance |
| type | image |
+-------------+----------------------------------+
7、验证
验证步骤:下载个镜像--->上传镜像---->查看镜像
1、查看是否报错
[root@controller ~]# openstack image list
显示为空
2、下载比较慢(软件已经提前下载了)
[root@controller ~]# . admin-openrc
[root@controller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
3、上传
[root@controller ~]# openstack image create "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
解释:
放哪: --file cirros-0.4.0-x86_64-disk.img
镜像格式:--disk-format qcow2
容器的格式:--container-format bare (bare证明是普通的虚拟机的镜像,不是容器的镜像)
所以人可以看到: --public
#验证是否上传成功:
[root@controller ~]# ll -h /var/lib/glance/images/ #上边配置文件中指定存储镜像的路径
总用量 13M
-rw-r-----. 1 glance glance 13M 2月 21 23:57 bd4a8b1e-93e6-4cac-bd07-1926e0c015b0
[root@controller ~]# md5sum /var/lib/glance/images/bd4a8b1e-93e6-4cac-bd07-1926e0c015b0
443b7623e27ecf03dc9e01ee93f67afe /var/lib/glance/images/bd4a8b1e-93e6-4cac-bd07-1926e0c015b0
[root@controller ~]# md5sum cirros-0.4.0-x86_64-disk.img
443b7623e27ecf03dc9e01ee93f67afe cirros-0.4.0-x86_64-disk.img
4 、查看
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 39aa0651-08fb-4c17-bb9a-c03f1d41b740 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# mysql glance -e "show tables;"|grep image
image_locations
image_members
image_properties
image_tags
images
删除注意事项:
删除的时候要删除镜像,也要删除数据库中记录
8、日志查看
[root@controller ~]# grep 'ERROR' /var/log/glance/api.log
[root@controller ~]# grep 'ERROR' /var/log/glance/registry.log
