highlight: a11y-dark
theme: github
@TOC
部署镜像服务 glance:
Glance 是 OpenStack 镜像服务组件,glance 服务默认监听在 9292 端口,其接收 REST API 请求,然后通过其他模块(glance-registry 及 image store)来完成诸如镜像的获取、上传、删除等操作,Glance 提供 restful API 可以查询虚拟机镜像的 metadata,并且可以获得镜像,通过Glance,虚拟机镜像可以被存储到多种存储上,比如简单的文件存储或者对象存储(比如OpenStack 中 swift 项目)是在创建虚拟机的时候,需要先把镜像上传到 glance,对镜像的列出镜像、删除镜像和上传镜像都是通过 glance 进行理,glance 有两个主要的服务,一个是glace-api 接收镜像的删除上传和读取,一个是 glance-Registry。
glance-registry 负责与 mysql 数据交互,用于存储或获取镜像的元数据(metadata),提供镜像元数据相关的 REST 接口,通过 glance-registry 可以向数据库中写入或获取镜像的各种数据,glance-registyr 监听的端口是 9191,glance 数据库中有两张表,一张是 glance 表,一张是 imane property 表,image 表保存了镜像格式、大小等信息,image property 表保存了镜像的定制化信息。
image store 是一个存储的接口层,通过这个接口 glance 可以获取镜像,image store 支持的存储有 Amazon 的 S3、openstack 本身的 swift、还有 ceph、glusterFS、sheepdog 等分布式存储,image store 是镜像保存与读取的接口,但是它只是一个接口,具体的实现需要外部的支持,glance 不需要配置消息队列,但是需要配置数据库和keystone。
官方部署文档:https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/glance.html
mysql ``` [root@mysql ~]# mysql -uroot -p123.com -h127.0.0.1
MariaDB [(none)]> use keystone;
创建数据库'glance'
MariaDB [keystone]> CREATE DATABASE glance;
授权
MariaDB [keystone]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123'; ```
controller1
测试再控制端是否能连接 ``` [root@controller1 ~]# mysql -uglance -pglance123 -h 192.168.37.105 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 14 Server version: 10.3.10-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | glance | | information_schema | +--------------------+ 2 rows in set (0.001 sec)
MariaDB [(none)]> exit Bye
[root@controller1 ~]# yum install haproxy -y
第63行后面全部删除、添加下面信息(让101转到105上)
[root@controller1 ~]# vim /etc/haproxy/haproxy.cfg 63 listen mysql 64 bind 192.168.37.101:3306 65 mode tcp 66 server mysql1 192.168.37.105:3306 check
重启haproxy
[root@controller1 ~]# systemctl restart haproxy
开机启动haproxy
[root@controller1 ~]# systemctl enable haproxy 再次打卡一个新窗口()
导入变量
[root@controller1 ~]# source scripts/admin_stein.sh
查看'project'列表
[root@controller1 ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 0c1e7970dcb044c7a4b31bec89c8765d | admin | | 6981b2287cd240e3af6dce336206ae58 | service | | 6f4ccd7c5c7b4a55bc7cec2b5894e0e5 | demo | +----------------------------------+---------+
创建账号
[root@controller1 ~]# openstack user create --domain default --password-prompt glance User Password: <--密码'glance' Repeat User Password: <--密码'glance' +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domainid | 43d6f7b6f0f2454c9d166b414c7469f2 | | enabled | True | | id | 740b53b90503428bb76cb7265347a730 | | name | glance | | options | {} | | passwordexpires_at | None | +---------------------+----------------------------------+
[root@controller1 ~]# openstack role add --project service --user glance admin
[root@controller1 ~]# openstack service create --name glance --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | e479e8516dd8496ca40e9f8b8228d855 | | name | glance | | type | image | +-------------+----------------------------------+
[root@controller1 ~]# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | 16cff76e5c094b0098e996a8bf7a485a | keystone | identity | | e479e8516dd8496ca40e9f8b8228d855 | glance | image | <-- +----------------------------------+----------+----------+
注册后端API
[root@controller1 ~]# openstack endpoint create --region RegionOne image public http://openstack.123.net:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | da3db70cd7404827affd71d6149af6fb | | interface | public | | region | RegionOne | | regionid | RegionOne | | serviceid | e479e8516dd8496ca40e9f8b8228d855 | | servicename | glance | | servicetype | image | | url | http://openstack.123.net:9292 | +--------------+----------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne image internal http://openstack.123.net:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 69878d4ab13a412a9683581618e6584f | | interface | internal | | region | RegionOne | | regionid | RegionOne | | serviceid | e479e8516dd8496ca40e9f8b8228d855 | | servicename | glance | | servicetype | image | | url | http://openstack.123.net:9292 | +--------------+----------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne image admin http://openstack.123.net:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | e08dad2b105641a19fe458a483c2884e | | interface | admin | | region | RegionOne | | regionid | RegionOne | | serviceid | e479e8516dd8496ca40e9f8b8228d855 | | servicename | glance | | servicetype | image | | url | http://openstack.123.net:9292 | +--------------+----------------------------------+
安装
[root@controller1 ~]# yum install openstack-glance -y ``` mysql
安装NFS ``` [root@mysql ~]# yum install nfs-utils -y
创建目录、保存镜像文件
[root@mysql ~]# mkdir -pv /data/openstack/image
把目录共享出来
[root@mysql ~]# vim /etc/exports /data/openstack/image *(rw,norootsquash)
重启nfs
[root@mysql ~]# systemctl restart nfs
设置开机启动nfs
[root@mysql ~]# systemctl enable nfs **controller1**
[root@controller1 ~]# yum install nfs-utils -y
测试能否看到'105'共享出来的目录
[root@controller1 ~]# showmount -e 192.168.37.105 Export list for 192.168.37.105: /data/openstack/image *
配置
[root@controller1 ~]# vim /etc/glance/glance-api.conf ...
数据库
[database] connection = mysql+pymysql://glance:glance123@openstack.123.net/glance
认证
[keystoneauthtoken] wwwauthenticateuri = http://openstack.123.net:5000 authurl = http://openstack.123.net:5000 memcachedservers = openstack.123.net:11211 authtype = password projectdomainname = Default userdomainname = Default project_name = service username = glance password = glance
使用'keystone'认证
[paste_deploy] flavor = keystone
存储
[glancestore] stores = file,http defaultstore = file filesystemstoredatadir = /var/lib/glance/images/ <--目录自动创建 ...
[root@controller1 ~]# vim /etc/glance/glance-registry.conf ...
数据库
[database] connection = mysql+pymysql://glance:glance123@openstack.123.net/glance
认证
[keystoneauthtoken] wwwauthenticateuri = http://openstack.123.net:5000 authurl = http://openstack.123.net:5000 memcachedservers = openstack.123.net:11211 authtype = password projectdomainname = Default userdomainname = Default project_name = service username = glance password = glance
使用'keystone'认证
[paste_deploy] flavor = keystone ...
[root@controller1 ~]# vim /etc/haproxy/haproxy.cfg 63 listen mysql 64 bind 192.168.37.101:3306 65 mode tcp 66 server mysql1 192.168.37.105:3306 check 67 #添加(下面4行) 68 listen memcached 69 bind 192.168.37.101:11211 70 mode tcp 71 server mysql1 192.168.37.105:11211 check
重启haproxy服务
[root@controller1 ~]# systemctl restart haproxy **mysql**
[root@mysql ~]# mysql -uroot -p123.com -h127.0.0.1 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 37 Server version: 10.3.10-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use glance; Database changed
现在是空的
MariaDB [glance]> show tables; Empty set (0.000 sec) ``` controller1
在控制端初始化数据库 [root@controller1 ~]# su -s /bin/sh -c "glance-manage db_sync" glance
mysql
控制端初始化完成后、再测试,发现已经有表了 MariaDB [glance]> show tables; +----------------------------------+ | Tables_in_glance | +----------------------------------+ | alembic_version | | image_locations | | image_members | | image_properties | | image_tags | | images | | metadef_namespace_resource_types | | metadef_namespaces | | metadef_objects | | metadef_properties | | metadef_resource_types | | metadef_tags | | migrate_version | | task_info | | tasks | +----------------------------------+ 15 rows in set (0.000 sec)
controller1 ```
设置glance开机启动
[root@controller1 ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
启动glance
[root@controller1 ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
属主属组都是'glance'
[root@controller1 ~]# ll -d /var/lib/glance/images/ drwxr-x--- 2 glance glance 6 Sep 19 16:13 /var/lib/glance/images/
'glance'ID是161
[root@controller1 ~]# id glance uid=161(glance) gid=161(glance) groups=161(glance)
把服务停了
[root@controller1 ~]# systemctl stop openstack-glance-api.service openstack-glance-registry.service
挂载
[root@controller1 ~]# mount -t nfs 192.168.37.105:/data/openstack/image /var/lib/glance/images
启动服务
[root@controller1 ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
开机挂载
[root@controller1 ~]# vim /etc/fstab
网络挂载加上此项'_netdev',否则挂载不上会一直挂载,导致机器无法正常运行
192.168.37.105:/data/openstack/image /var/lib/glance/images nfs defaults,_netdev 0 0
[root@controller1 ~]# mount -a
[root@controller1 ~]# ll -d /var/lib/glance/images/ drwxr-xr-x 2 root root 6 Sep 19 15:24 /var/lib/glance/images/
'-R'递归修改权限
[root@controller1 ~]# chown glance.glance /var/lib/glance/images/ -R [root@controller1 ~]# ll -d /var/lib/glance/images/ drwxr-xr-x 2 glance glance 6 Sep 19 15:24 /var/lib/glance/images/
glance端口号是'9191'和'9292'
[root@controller1 ~]# ss -tnlp|grep glance LISTEN 0 128 :9191 *: users:(("glance-registry",pid=8215,fd=4),("glance-registry",pid=8214,fd=4),("glance-registry",pid=8193,fd=4)) LISTEN 0 128 :9292 *: users:(("glance-api",pid=8218,fd=4),("glance-api",pid=8217,fd=4),("glance-api",pid=8192,fd=4))
下载镜像
[root@controller1 ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
重启服务
[root@controller1 ~]# systemctl restart openstack-glance-api.service openstack-glance-registry.service
导入环境变量
[root@controller1 ~]# source scripts/admin_stein.sh
上传镜像
[root@controller1 ~]# openstack image create "cirros-0.4.0" --file /root/cirros-0.4.0-x8664-disk.img --disk-format qcow2 --container-format bare --public +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | checksum | 443b7623e27ecf03dc9e01ee93f67afe | | containerformat | bare | | createdat | 2022-09-20T01:46:06Z | | diskformat | qcow2 | | file | /v2/images/a36cbc0c-1813-46e7-9698-deef028a2a71/file | | id | a36cbc0c-1813-46e7-9698-deef028a2a71 | | mindisk | 0 | | minram | 0 | | name | cirros-0.4.0 | | owner | c26c5975bb5a4519a7894f3191b0b425 | | properties | oshashalgo='sha512', oshashvalue='6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e2161b5b5186106570c17a9e58b64dd39390617cd5a350f78', oshidden='False' | | protected | False | | schema | /v2/schemas/image | | size | 12716032 | | status | active | | tags | | | updatedat | 2022-09-20T01:46:07Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller1 ~]# openstack image list +--------------------------------------+--------------+--------+ | ID | Name | Status | +--------------------------------------+--------------+--------+ | a36cbc0c-1813-46e7-9698-deef028a2a71 | cirros-0.4.0 | active | +--------------------------------------+--------------+--------+ ```