Openstack之路(三)鏡像服務Glance
Glance是為虛擬機的創建提供鏡像的服務,我們基於Openstack是構建基本的IaaS平臺對外提供虛擬機,而虛擬機在創建時必須為選擇需要安裝的操作系統,Glance服務就是為該選擇提供不同的操作系統鏡像。
Glance的組件
- Glance-API
主要用來響應各種REST請求然後通過其它模塊(主要是glance-registry組件和後端存儲接口)完成鏡像的上傳、刪除、查詢等操作。可以簡單的再分為兩部分:一層中間件,它主要是做一些對請求的解析工作(如分析出版本號), 另外一部分提供實際的服務(如與鏡像上傳下載的後端存儲接×××互)。默認綁定端口是9292。
- Glance-Registry
鏡像註冊服務用於提供鏡像元數據的REST接口。主要工作是存儲或者獲取鏡像的元數據,與MySQL數據庫進行交互。也可以簡單的再細分為兩部分,API和具體的Server。元數據是指鏡像相關的一些信息(如id,size, status,location,checksum,min_disk,min_ram,owner等)真正的鏡像數據保存在實際所使用的後端存儲裏(如Swift,S3,Filesystem等)。默認綁定的端口是9191。
- Image Store
嚴格來說Image Store不屬於Glance的組件,這裏把它單獨分出來只是為了方便理解,它只是一個接口層,提供鏡像存儲和查詢的接口。具體的實現則需要外部存儲(Swift,S3)的支持。
Glance的工作流程
Glance安裝配置
Glance的安裝
- 創建一個數據庫、服務憑證和API端點
MariaDB [(none)]> create database glance; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | glance | | information_schema | | keystone | | mysql | | performance_schema | +--------------------+ 5 rows in set (0.00 sec) MariaDB [(none)]> grant all on glance.* to ‘glance‘@‘localhost‘ identified by ‘glance‘; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on glance.* to ‘glance‘@‘%‘ identified by ‘glance‘; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit Bye
- 獲得admin憑證來獲取只有管理員能執行的命令的訪問權限
[root@linux-node1 ~]# source admin-openrc
- 要創建服務證書,完成這些步驟
創建glance用戶
[root@linux-node1 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | bd7a2a0f75384a33a4abb349c6840bc8 |
| name | glance |
| password_expires_at | None |
+---------------------+----------------------------------+
添加admin角色到glance用戶和service項目上
[root@linux-node1 ~]# openstack role add --project service --user glance admin
- 創建glance服務實體
[root@linux-node1 ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 8188d497252d44f59cb2e8e0c4017055 |
| name | glance |
| type | image |
+-------------+----------------------------------+
- 創建鏡像服務的API端點
[root@linux-node1 ~]# openstack endpoint create --region RegionOne image public http://192.168.56.11:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d52e57b312ab4fadb2f84222660f01a8 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8188d497252d44f59cb2e8e0c4017055 |
| service_name | glance |
| service_type | image |
| url | http://192.168.56.11:9292 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne image internal http://192.168.56.11:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f44c4a6fb1d64140bded5f220cbad948 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8188d497252d44f59cb2e8e0c4017055 |
| service_name | glance |
| service_type | image |
| url | http://192.168.56.11:9292 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne image admin http://192.168.56.11:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f1b9538274f54cae8b0349bfbf17dca0 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8188d497252d44f59cb2e8e0c4017055 |
| service_name | glance |
| service_type | image |
| url | http://192.168.56.11:9292 |
+--------------+----------------------------------+
- 安裝Glance相關軟件包
[root@linux-node1 ~]# yum -y install openstack-glance
[root@linux-node1 ~]# rpm -qa openstack-glance
openstack-glance-13.0.0-1.el7.noarch
Glance的配置
- 編輯/etc/glance/glance-api.conf文件,並完成如下更改
[root@linux-node1 ~]# cp -a /etc/glance/glance-api.conf /etc/glance/glance-api.conf_$(date +%F)
[root@linux-node1 ~]# vim /etc/glance/glance-api.conf
在[database]
部分,配置數據庫訪問
[database]
......
1748 connection = mysql+pymysql://glance:[email protected]/glance
在[keystone_authtoken]
和[paste_deploy]
部分,配置認證服務訪問
[keystone_authtoken]
......
3179 auth_uri = http://192.168.56.11:5000
3180 auth_url = http://192.168.56.11:35357
3181 memcached_servers = 192.168.56.11:11211
3182 auth_type = password
3183 project_domain_name = Default
3184 user_domain_name = Default
3185 project_name = service
3186 username = glance
3187 password = glance
[paste_deploy]
......
3990 flavor = keystone
在[glance_store]
部分,配置本地文件系統存儲和鏡像文件位置
[glance_store]
......
1864 stores = file,http
1896 default_store = file
2196 filesystem_store_datadir = /var/lib/glance/images
- 編輯/etc/glance/glance-registry.conf文件,並完成如下更改
[root@linux-node1 ~]# cp -a /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf_$(date +%F)
[root@linux-node1 ~]# vim /etc/glance/glance-registry.conf
在[database]
部分,配置數據庫訪問
[database]
......
1038 connection = mysql+pymysql://glance:[email protected]/glance
在[keystone_authtoken]
和[paste_deploy]
部分,配置認證服務訪問
[keystone_authtoken]
......
1128 auth_uri = http://192.168.56.11:5000
1129 auth_url = http://192.168.56.11:35357
1130 memcached_servers = 192.168.56.11:11211
1131 auth_type = password
1132 project_domain_name = Default
1133 user_domain_name = Default
1134 project_name = service
1135 username = glance
1136 password = glance
[paste_deploy]
......
1910 flavor = keystone
- 寫入鏡像服務數據庫,可以忽略警告信息
[root@linux-node1 ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@linux-node1 ~]# mysql -uglance -pglance -e "use glance;show tables;"
- 啟動鏡像服務glance-api、glance-registry,並配置為開機自啟
[root@linux-node1 ~]# systemctl enable openstack-glance-api.service
[root@linux-node1 ~]# systemctl start openstack-glance-api.service
[root@linux-node1 ~]# systemctl status openstack-glance-api.service
[root@linux-node1 ~]# systemctl enable openstack-glance-registry.service
[root@linux-node1 ~]# systemctl start openstack-glance-registry.service
[root@linux-node1 ~]# systemctl status openstack-glance-registry.service
Glance驗證操作
使用CirrOS對鏡像服務進行驗證,CirrOS是一個小型的Linux鏡像可以用來幫助你進行Openstack部署測試。
- 獲得admin憑證來獲取只有管理員能執行的命令的訪問權限
[root@linux-node1 ~]# source admin-openrc
- 下載CirrOS源鏡像
[root@linux-node1 ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@linux-node1 ~]# ls -l cirros-0.3.4-x86_64-disk.img
-rw-r--r-- 1 root root 13287936 May 8 2015 cirros-0.3.4-x86_64-disk.img
- 使用qcow2磁盤格式,bare容器格式上傳鏡像到鏡像服務並設置公共可見,這樣所有的項目都可以訪問它
[root@linux-node1 ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2018-01-15T07:07:12Z |
| disk_format | qcow2 |
| file | /v2/images/b4223969-0add-4641-8317-18e2b1d25b54/file |
| id | b4223969-0add-4641-8317-18e2b1d25b54 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 71c9b608e79546f4b90f710fea475de3 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2018-01-15T07:07:13Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
- 確認鏡像的上傳並驗證屬性
[root@linux-node1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| b4223969-0add-4641-8317-18e2b1d25b54 | cirros | active |
+--------------------------------------+--------+--------+
Openstack之路(三)鏡像服務Glance