1、glance架构
glance的架构如图1-1所示。
图1-1 glance的架构
图1-2 openstack官方文档中的glance架构图
1)镜像服务组件:
Glance-api:是一个对外的API接口,能够接受外部的API镜像请求。主要用于分析、分发、响应各种镜像管理的REST Request,然后通过其他模块(EG. glance-registry、Store Backend后端存储接口)完成镜像的发现、获取、存储等操作。默认绑定端口是9292。
Glance提供REST API来支持以下镜像操作:查询、注册、上传、获取、删除、访问权限管理
glance-registry:用于存储、处理、获取Image Metadata。通过响应从glance-api发送过来的Image Metadata REST Request,然后与MySQL进行交互,实现Image Metadate的存储、处理、获取。默认绑定的端口是9191。
glance-db:在Openstack中使用MySQL来支撑,用于存放Image Metadata。
Image Metadate(镜像元数据):指通过glance-registry来保存在MySQL Database; image 的chunk 数据 通过 glance-store 存放在各种 backend store 中,并从中获取。
** Glance Store**:用于存储镜像文件。通过Store Backend后端存储接口来与glance-api联系。通过这个接口,glance可以从Image Store获取镜像文件再交由Nova用于创建虚拟机。
Glance 通过Store Adapter(存储适配器)支持多种Imange Store方案
支持swift、file system、s3、sheepdog、rbd、cinder等。
2)image 的 访问权限分为:
public 公共的:可以被所有的 tenant 使用。
private 私有的/项目的:只能被 image owner 所在的 tenant 使用。
shared 共享的:一个非共有的image 可以共享给另外的 tenant,可通过member-* 操作来实现。
protected 受保护的:protected 的 image 不能被删除。
** 3)image 的各种状态** queued:没有上传 image 数据,只有db 中的元数据。 saving:正在上传 image data active:正常状态 deleted/pending_delete: 已删除/等待删除 killed:image 元数据不正确,等待被删除。
2、Glance支持的Image格式
raw – 非结构化的镜像格式 vhd – 一种通用的虚拟机磁盘格式, 可用于Vmware、Xen、Microsoft Virtual PC/Virtual Server/Hyper-V、VirtualBox等 vmdk – Vmware的虚拟机磁盘格式, 同样也支持多种Hypervisor vdi – VirtualBox、QEMU等支持的虚拟机磁盘格式 qcow2 – 一种支持QEMU并且可以动态扩展的磁盘格式 aki – Amazon Kernel 镜像 ari – Amazon Ramdisk 镜像 ami – Amazon 虚拟机镜像
3、常见面试题
1)、openstack对接ceph集群,image使用哪种格式? 答:使用raw格式。
2)、raw与qcow2的区别: 答: (1)空间占用区别,如指定空间20G,实际仅用5G时,raw对外显示为20G,而qcow2对外则显示真实的大小5G,从节省空间大小来看使用qcow2; (2)如果使用ceph使用raw格式,它对raw格式的兼容性更好,即使指定为qcow2格式,后端也会先转换成raw格式。
4、glance组件的工作过程
5、实战: glance的手动搭建
5.1、控制节点的安装配置
(1)创建glance数据库:
[root@controller ~]# mysql -uroot -popenstack <<EOF
create database glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'openstack'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'openstack';
EOF
(2)创建glance用户,并在service项目中添加管理员角色
[root@controller ~]# source admin_openrc
下面这句要分开执行,要输入glance用户的密码:
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | cd90f56cf9bc4c8f8a01f88c5c179762 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
(3)创建glance服务及端口
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | ad61f9ee483e4bea9cb374796f097dd3 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b781cb1117f040f1a18615b649fb5388 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad61f9ee483e4bea9cb374796f097dd3 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 129da42ca64c4cfb821afcf3c2e81dfd |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad61f9ee483e4bea9cb374796f097dd3 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9fc675719b1d49a48851abeee9f2622c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad61f9ee483e4bea9cb374796f097dd3 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint list
---------+-----------+-----------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
---------+-----------+-----------------------------+
| 01ccfab5acb0407888620ca056f93dfe | RegionOne | keystone | identity | True | admin | http://controller:35357/v3/ |
| 129da42ca64c4cfb821afcf3c2e81dfd | RegionOne | glance | image | True | internal | http://controller:9292 |
| 4c2bd465260043039bcf7bf78776dd6b | RegionOne | keystone | identity | True | internal | http://controller:5000/v3/ |
| 9cd64dded6014abea4936800d3fd614c | RegionOne | glance | image | True | public | http://controller:9292 |
| 9fc675719b1d49a48851abeee9f2622c | RegionOne | glance | image | True | admin | http://controller:9292 |
| bdc34c7c99bb432eb13fa83a45d0065e | RegionOne | keystone | identity | True | public | http://controller:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
操作删除endpoint命令
[root@controller ~]# openstack endpoint delete IDNAME
(4)控制节点安装相关包并配置
[root@controller ~]# yum -y install openstack-glance
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:openstack@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000 内部端口
auth_url = http://controller:35357 管理员端口
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = openstack
[paste_deploy] (开启如下配置)
flavor = keystone
[glance_store] (开启如下配置)
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[root@controller ~]# egrep -v "^#|^$" /etc/glance/glance-api.conf
[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:openstack@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = openstack
[paste_deploy]
flavor = keystone
[root@controller ~]# egrep -v "^#|^$" /etc/glance/glance-registry.conf
(5)初始化数据库表结构
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1336: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_expand01, current revision(s): queens_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database migration is up to date. No migration needed.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_contract01, current revision(s): queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.
[root@controller ~]# mysql -hlocalhost -uglance -popenstack -e "use glance;show tables;"
(6)服务启动并设置开启自启
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
5.2、验证
(1)执行授权
[root@controller ~]# source admin_openrc
(2)下载实验镜像cirros
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
(3)创建镜像:
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2020-03-17T14:16:48Z |
| disk_format | qcow2 |
| file | 2/images/7dfa1f88-6e3a-45aa-90ff-f348e6e399c0/file |
| id | 7dfa1f88-6e3a-45aa-90ff-f348e6e399c0 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | db82536ef7124608b3f3931ba4ce9615 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2020-03-17T14:16:48Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 7dfa1f88-6e3a-45aa-90ff-f348e6e399c0 | cirros | active |
+--------------------------------------+--------+--------+
#查看镜像文件信息
[root@controller ~]# openstack image show cirros
#设置镜像受保护状态(不可删除)
[root@controller ~]# openstack image set --protected IDNAME
#设置镜像未受保护状态(可删除)
[root@controller ~]# openstack image set --unprotected IDNAME
至此完成Glance的安装,下一章节简介Nova 组件,以及它的安装过程
