目录
前文列表
Openstack组件部署 — Overview和前期环境准备
Openstack组建部署 — Environment of Controller Node
Openstack组件部署 — Keystone功能介绍与认证实现流程
Openstack组件部署 — Keystone Install & Create service entity and API endpoints
Openstack组件部署 — keystone(domain, projects, users, and roles)
Image service overview
官档:The Image service (glance) enables users to discover, register, and retrieve virtual machine images. It offers a REST API that enables you to query virtual machine image metadata and retrieve an actual image. You can store virtual machine images made available through the Image service in a variety of locations, from simple file systems to object-storage systems like OpenStack Object Storage.
粗译:Image service (glance)使用户能够发现、注册、检索虚拟机镜像。它提供了一个REST API让你能够查询虚拟机镜像的元数据和检索一个实际的镜像。无论是一个简单的file systems还是一个OpenStack Object Storage,你都可以通过Image service在各种不同的位置上存储一个虚拟机镜像。
Important:
For simplicity, this guide describes configuring the Image service to use the file back end, which uploads and stores in a directory on the controller node hosting the Image service. By default, this directory is /var/lib/glance/images/.
Before you proceed, ensure that the controller node has at least several gigabytes of space available in this directory.
重要提示:为了简单起见,该指南记录了使用Controller Node中的目录来上传和存储镜像文件。默认的,这个目录是/var/lib/glance/images/
。
在开始之前,确定Controller Node上的镜像存储目录还有几个G的空间。
官档:The OpenStack Image service is central to Infrastructure-as-a-Service (IaaS) as shown in Conceptual architecture. It accepts API requests for disk or server images, and metadata definitions from end users or OpenStack Compute components. It also supports the storage of disk or server images on various repository types, including OpenStack Object Storage.
A number of periodic processes run on the OpenStack Image service to support caching. Replication services ensure consistency and availability through the cluster. Other periodic processes include auditors, updaters, and reapers.
粗译:Openstack Image service是IaaS中非常重要的组件。它能够为磁盘或者服务器镜像接受来自于User或者Openstack Compute service的API请求和元数据定义。它也支持磁盘存储、服务器镜像、OpenStack Object Storage等何种存储方式。OpenStack Image service还运行着一些周期性的进程来支持缓存。而且同步服务(Replication services)还能确保集群中的镜像的一致性和可用性。其他的周期性进程还包括auditors, updaters, and reapers。
Openstack Image service包含的组件
glance-api:提供了Image service的发现、检索、存储功能的API调用。
glance-registry:用于存储、处理、检索Image元数据。这些元数据包含了镜像的size和type等信息。需要注意的是,注册(glance-registry)是OpenStack Image service私有的内部服务,这意味着不能向User公开该服务。
Database:用于存储Image的元数据,支持大多数Database种类,常使用MySQL或SQLite来实现。
Storage repository for image files(镜像文件的存储仓库):支持多种存储类型,包括file systems、Object Storage、RADOS block devices、HTTP、Amazon S3等类型。但有些存储类型只支持只读访问。
Metadata definition service(元数据定义服务):是一个统一的vendors API,管理员、服务、用户可以定义他们所拥有的自定义元数据(custom metadata)。这个自定义的元数据可以使用不同的资源类型,如:images、artifacts、volumes、flavors、aggregates。定义包含了new property’s key、description、constraints和相关的资源类型。
Install and configure
在Controller Node上安装并配置OpenStack Image service
Prerequisites 先决条件
Before you install and configure the Image service, you must create a database, service credentials, and API endpoints.
在安装个配置Image service之前,你必须创建一个Database,service credentials,API endpoints。
To create the database
Use the database access client to connect to the database server as the root
以数据库管理员root的身份登录数据库
mysql -u root -pfanguiju
Create the glance database
创建glance数据库
CREATE DATABASE glance;
Grant proper access to the glance database
创建数据库用户glance,并授予其对glance数据库的管理权限
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'fanguiju';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'fanguiju';
Exit the database access client.
To create the service credentials
创建服务凭证
Source the admin credentials to gain access to admin-only CLI commands
[root@controller ~]# . admin-openrc
Create the glance user
创建glance用户
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 011fbf8c04f1479ab1a4e49b019b22d1 |
| enabled | True |
| id | 81712fe752e942fab0750288fb6bb103 |
| name | glance |
+-----------+----------------------------------+
Add the admin role to the glance user and service project
添加Project service和User glance到Role admin中
openstack role add --project service --user glance admin
Create the glance service entity
创建glance服务实体,将Image service加入到服务目录。
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | d15d7716542f4c0ca128796b33a76eed |
| name | glance |
| type | image |
+-------------+----------------------------------+
Create the Image service API endpoints
为OpenStack Image service创建认证服务端点
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller.jmilk.com:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 357e08b29f7f4a56a05877cf760b79f4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d15d7716542f4c0ca128796b33a76eed |
| service_name | glance |
| service_type | image |
| url | http://controller.jmilk.com:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller.jmilk.com:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c46bab42157942f0a77562bdfb73a25f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d15d7716542f4c0ca128796b33a76eed |
| service_name | glance |
| service_type | image |
| url | http://controller.jmilk.com:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller.jmilk.com:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e71b8c296f4442ccab8966ca6ec99da8 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d15d7716542f4c0ca128796b33a76eed |
| service_name | glance |
| service_type | image |
| url | http://controller.jmilk.com:9292 |
+--------------+----------------------------------+
Install and configure components
Install the packages
yum install openstack-glance -y
Edit the /etc/glance/glance-api.conf file
In the [database] section, configure database access
配置Image service的数据库连接
vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:fanguiju@controller.jmilk.com/glance
配置详细日志报告
[DEFAULT]
verbose = True
In the [keystone_authtoken] and [paste_deploy] sections, configure Identity service access
配置Identity service访问
注意:在[keystone_authtoken]
节点中,注释或删除其他别的选项。
[keystone_authtoken]
auth_uri = http://controller.jmilk.com:5000
auth_url = http://controller.jmilk.com:35357
memcached_servers = controller.jmilk.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = fanguiju
[paste_deploy]
flavor = keystone
In the [glance_store] section, configure the local file system store and location of image files
配置本地文件系统存储和镜像文件的存放路径
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
总览
[root@controller ~]# cat /etc/glance/glance-api.conf | grep -v ^# | grep -v ^$
[DEFAULT]
verbose = True
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://glance:fanguiju@controller.jmilk.fan/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://controller.jmilk.com:5000
auth_url = http://controller.jmilk.com:35357
memcached_servers = controller.jmilk.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = fanguiju
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
Edit the /etc/glance/glance-registry.conf file
In the [database] section, configure database access
vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:fanguiju@controller.jmilk.com/glance
In the [keystone_authtoken] and [paste_deploy] sections, configure Identity service access
注意:在[keystone_authtoken]
节点中,注释或删除其他别的选项。
[keystone_authtoken]
auth_uri = http://controller.jmilk.com:5000
auth_url = http://controller.jmilk.com:35357
memcached_servers = controller.jmilk.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = fanguiju
[paste_deploy]
flavor = keystone
总览
[root@controller ~]# cat /etc/glance/glance-registry.conf | grep -v ^# | grep -v ^$
[DEFAULT]
[database]
connection = mysql+pymysql://glance:fanguiju@controller.jmilk.com/glance
[glance_store]
[keystone_authtoken]
auth_uri = http://controller.jmilk.com:5000
auth_url = http://controller.jmilk.com:35357
memcached_servers = controller.jmilk.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = fanguiju
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
Populate the Image service database
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:146: Warning: Duplicate index 'ix_image_properties_image_id_name' defined on the table 'glance.image_properties'. This is deprecated and will be disallowed in a future release.
result = self._query(query)
Note:忽略所有的警告输出信息
查看glance数据库:
[root@controller ~]# mysql -u root -pfanguiju
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.1.12-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| performance_schema |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> use glance
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| artifact_blob_locations |
| artifact_blobs |
| artifact_dependencies |
| artifact_properties |
| artifact_tags |
| artifacts |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
20 rows in set (0.00 sec)
Finalize installation
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
Verify operation验证操作
Verify operation of the Image service using CirrOS, a small Linux image that helps you test your OpenStack deployment.
使用CirrOS
镜像来进行Image service的测试操作,CirrOS
是一个小型的Linux镜像文件。
Note:在Controller Node上执行下列操作
1.Source the admin credentials to gain access to admin-only CLI commands
. admin-openrc
2.Download the source image
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
或者点这里下载。
3.Upload the image to the Image service using the QCOW2 disk format, bare container format, and public visibility so all projects can access it
以QCOW2
的磁盘格式、bare
容器格式、public visibility
的方式将镜像上传到Image service,所以所有的用户都能否访问这个镜像。
openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
Example:
[root@controller ~]# openstack image create "cirros" \
> --file cirros-0.3.4-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2016-06-21T16:07:16Z |
| disk_format | qcow2 |
| file | /v2/images/cced0c86-9841-451b-9497-929380dc53f8/file |
| id | cced0c86-9841-451b-9497-929380dc53f8 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 6c04f1d3ecd04aafb427f4f8d01be534 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2016-06-21T16:07:16Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
查看镜像文件存储目录:
[root@controller ~]# ll /var/lib/glance/images/
total 12980
-rw-r----- 1 glance glance 13287936 Jun 21 12:07 cced0c86-9841-451b-9497-929380dc53f8
ERROR1:500 Internal Server Error: The server has either erred or is incapable of performing the requested operation. (HTTP 500)
解决:systemctl restart mariadb.service
ERROR2:An unexpected error prevented the server from fulfilling your request.
Glance Log:
2016-06-21 11:52:03.196 3949 ERROR glance.common.wsgi [req-4a033bf7-2bf3-4af9-bd50-03d5ce089e87 d5e5331d665540159f1bfabb7327eca5 6c04f1d3ecd04aafb427f4f8d01be534 - - -] Caught error: (pymysql.err.OperationalError) (2003, "Can't connect to MySQL server on '127.0.0.1' ([Errno 111] ECONNREFUSED)")
解决:重启Controller Node主机
4.Confirm upload of the image and validate attributes
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| cced0c86-9841-451b-9497-929380dc53f8 | cirros | active |
+--------------------------------------+--------+--------+
至此Openstack Image service的安装就完成