一、镜像服务glance的介绍
1. glance服务概览
镜像服务 (glance) 允许用户发现、注册和获取虚拟机镜像。它提供了一个 REST API,允许查询虚拟机镜像的 metadata 并获取一个现存的镜像。可以将虚拟机镜像存储到各种位置,从简单的文件系统到对象存储系统—-例如 OpenStack 对象存储, 并通过镜像服务使用。
本节描述了使用`file``作为后端配置镜像服务,能够上传并存储在一个托管镜像服务的控制节点目录中。默认情况下,这个目录是 /var/lib/glance/images/
OpenStack镜像服务是IaaS的核心服务,它接受磁盘镜像或服务器镜像API请求,和来自终端用户或OpenStack计算组件的元数据定义。它也支持包括OpenStack对象存储在内的多种类型仓库上的磁盘镜像或服务器镜像存储。
2. OpenStack镜像服务包括以下组件:
glance-api
接收镜像API的调用,诸如镜像发现、恢复、存储。
glance-registry
存储、处理和恢复镜像的元数据,元数据包括项诸如大小和类型。
注:glance-registry是私有内部服务,用于服务OpenStack Image服务。不要向用户暴露该服务
数据库
存放镜像元数据,用户是可以依据个人喜好选择数据库的,多数的部署使用MySQL或SQLite
镜像文件的存储仓库
支持多种类型的仓库,它们有普通文件系统、对象存储、RADOS块设备、HTTP、以及亚马逊S3。记住,其中一些仓库仅支持只读方式使用。
元数据定义服务
通用的API,是用于为厂商,管理员,服务,以及用户自定义元数据。这种元数据可用于不同的资源,例如镜像,工件,卷,配额以及集合。一个定义包括了新属性的键,描述,约束以及可以与之关联的资源的类型。
二、glance 安装和配置
在控制节点上安装和配置镜像服务,即 glance。简单来说,这个配置将镜像保存在本地文件系统中。
1. 先决条件
安装和配置镜像服务之前,必须创建创建一个数据库、服务凭证和API端点。
1)数据库创库授权
a. 用数据库连接客户端以 root 用户连接到数据库服务器
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 18
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
b.创建 glance 数据库
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| performance_schema |
| test |
+--------------------+
6 rows in set (0.00 sec)
MariaDB [(none)]>
c.对``glance``数据库授予恰当的权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
d.退出数据库客户端
MariaDB [(none)]> exit
Bye
[root@controller ~]#
2)获得 admin 凭证来获取只有管理员能执行的命令的访问权限
[root@controller ~]# source admin-openrc
3)要创建服务证书,完成这些步骤
a.创建 glance 用户
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | d9ffe8683c84401cbad69ac5a73482a8 |
| enabled | True |
| id | acf0a73244c746d78a6fcc57117e8780 |
| name | glance |
+-----------+----------------------------------+
b.添加 admin 角色到 glance 用户和 service 项目上
[root@controller ~]# openstack role add --project service --user glance admin
c.创建``glance``服务实体
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 2474b3971aad497389bf0b8580ec3ef6 |
| name | glance |
| type | image |
+-------------+----------------------------------+
d.创建镜像服务的 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ff6b67d33f2e47d49777db92644eb323 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2474b3971aad497389bf0b8580ec3ef6 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 47e6122cde03447c93db46b76d47ba7b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2474b3971aad497389bf0b8580ec3ef6 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | af239c4d874d46c5b65c9aedf58c251e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2474b3971aad497389bf0b8580ec3ef6 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
2. 配置glance 组件
1)安装软件包
[root@controller ~]# yum install openstack-glance -y
2)编辑文件 /etc/glance/glance-api.conf 并完成如下动作
[root@controller ~]# cp /etc/glance/glance-api.conf{,.bak}
[root@controller ~]# grep -Ev '^$|#' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
[root@controller ~]# cat /etc/glance/glance-api.conf
[DEFAULT]
[cors]
[cors.subdomain]
[database]
[glance_store]
[image_format]
[keystone_authtoken]
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
a.在 [database] 部分,配置数据库访问
使用用openstack-config更改上面的配置
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:123456@controller/glance
[root@controller ~]# cat /etc/glance/glance-api.conf
[DEFAULT]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://glance:123456@controller/glance
[glance_store]
[image_format]
[keystone_authtoken]
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
b.在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问
使用用openstack-config更改上面的配置
#配置[keystone_authtoken]部分
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password 123456
#配置 [paste_deploy]部分
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
#查看
[root@controller ~]# cat /etc/glance/glance-api.conf
[DEFAULT]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://glance:123456@controller/glance
[glance_store]
[image_format]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
c.在 [glance_store] 部分,配置本地文件系统存储和镜像文件位置
使用用openstack-config更改上面的配置
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
[root@controller ~]# cat /etc/glance/glance-api.conf
[DEFAULT]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://glance:123456@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/ #本地存储位置
[image_format]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
3)编辑文件 ``/etc/glance/glance-registry.conf``并完成如下动作
[root@controller ~]# cp /etc/glance/glance-registry.conf{,.bak}
[root@controller ~]# grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak >/etc/glance/glance-registry.conf
[root@controller ~]# cat /etc/glance/glance-registry.conf
[DEFAULT]
[database]
[glance_store]
[keystone_authtoken]
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
[profiler]
a.在 [database] 部分,配置数据库访问
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:123456@controller/glance
[root@controller ~]# cat /etc/glance/glance-registry.conf
[DEFAULT]
[database]
connection = mysql+pymysql://glance:123456@controller/glance
[glance_store]
[keystone_authtoken]
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
[profiler]
b.在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password 123456
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
[root@controller ~]# cat /etc/glance/glance-registry.conf
[DEFAULT]
[database]
connection = mysql+pymysql://glance:123456@controller/glance
[glance_store]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
4)写入镜像服务数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
#忽略输出中任何不推荐使用的信息
#测试验证同步是否成功
[root@controller ~]# mysql -uroot -p123456 glance -e "show tables;"
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| artifact_blob_locations |
| artifact_blobs |
| artifact_dependencies |
| artifact_properties |
| artifact_tags |
| artifacts |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
3.启动镜像服务、配置他们随机启动
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl status openstack-glance-api.service openstack-glance-registry.service
● openstack-glance-api.service - OpenStack Image Service (code-named Glance) API server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-11-14 20:07:16 CST; 8s ago
Main PID: 88266 (glance-api)
CGroup: /system.slice/openstack-glance-api.service
├─88266 /usr/bin/python2 /usr/bin/glance-api
└─88285 /usr/bin/python2 /usr/bin/glance-api
Nov 14 20:07:18 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately.
Nov 14 20:07:18 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Nov 14 20:07:19 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately.
Nov 14 20:07:19 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Nov 14 20:07:19 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately.
Nov 14 20:07:19 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Nov 14 20:07:21 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately.
Nov 14 20:07:21 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Nov 14 20:07:21 controller glance-api[88266]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWarning:...ately.
Nov 14 20:07:21 controller glance-api[88266]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
● openstack-glance-registry.service - OpenStack Image Service (code-named Glance) Registry server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-registry.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-11-14 20:07:16 CST; 8s ago
Main PID: 88267 (glance-registry)
CGroup: /system.slice/openstack-glance-registry.service
├─88267 /usr/bin/python2 /usr/bin/glance-registry
└─88286 /usr/bin/python2 /usr/bin/glance-registry
Nov 14 20:07:20 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately.
Nov 14 20:07:20 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately.
Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately.
Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately.
Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Nov 14 20:07:21 controller glance-registry[88267]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: DeprecationWar...ately.
Nov 14 20:07:21 controller glance-registry[88267]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Hint: Some lines were ellipsized, use -l to show in full.
[root@controller ~]# netstat -lntup |grep python2
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 88266/python2
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 88267/python2
注:监听端口一个9191,一个9292
4. 验证
使用 `CirrOS <http://launchpad.net/cirros>`__对镜像服务进行验证,CirrOS是一个小型的Linux镜像可以用来进行 OpenStack部署测试
1)获得 admin凭证来获取只有管理员能执行的命令的访问权限
[root@controller ~]# source admin-openrc
2)下载源镜像
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# ll
total 12988
-rw-r--r-- 1 root root 271 Nov 13 22:26 admin-openrc
-rw-------. 1 root root 1448 Aug 9 2018 anaconda-ks.cfg
-rw-r--r-- 1 root root 13287936 Sep 8 21:34 cirros-0.3.4-x86_64-disk.img
3)使用 qcow2磁盘格式, bare容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2020-11-14T12:17:52Z |
| disk_format | qcow2 |
| file | /v2/images/13dcc297-97dd-4c59-9a81-b6c731e792e1/file |
| id | 13dcc297-97dd-4c59-9a81-b6c731e792e1 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | b5eb87802cca4ada8f71be3483cd959c |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2020-11-14T12:17:54Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
#查看存储的文件大小
[root@controller ~]# ll -h /var/lib/glance/images/
total 13M
-rw-r----- 1 glance glance 13M Nov 14 20:17 13dcc297-97dd-4c59-9a81-b6c731e792e1
[root@controller ~]# ll -h .
total 13M
-rw-r--r-- 1 root root 271 Nov 13 22:26 admin-openrc
-rw-------. 1 root root 1.5K Aug 9 2018 anaconda-ks.cfg
-rw-r--r-- 1 root root 13M Sep 8 21:34 cirros-0.3.4-x86_64-disk.img
4)确认镜像的上传并验证属性
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 13dcc297-97dd-4c59-9a81-b6c731e792e1 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| 13dcc297-97dd-4c59-9a81-b6c731e792e1 | cirros |
+--------------------------------------+--------+
[root@controller ~]# glance image-show 13dcc297-97dd-4c59-9a81-b6c731e792e1
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2020-11-14T12:17:52Z |
| disk_format | qcow2 |
| id | 13dcc297-97dd-4c59-9a81-b6c731e792e1 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | b5eb87802cca4ada8f71be3483cd959c |
| protected | False |
| size | 13287936 |
| status | active |
| tags | [] |
| updated_at | 2020-11-14T12:17:54Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------+