目錄
前文列表
Openstack組件部署 — Overview和前期環境準備
Openstack組建部署 — Environment of Controller Node
Openstack組件部署 — Keystone功能介紹與認證實現流程
Openstack組件部署 — Keystone Install & Create service entity and API endpoints
Openstack組件部署 — keystone(domain, projects, users, and roles)
Image service overview
官檔:The Image service (glance) enables users to discover, register, and retrieve virtual machine images. It offers a REST API that enables you to query virtual machine image metadata and retrieve an actual image. You can store virtual machine images made available through the Image service in a variety of locations, from simple file systems to object-storage systems like OpenStack Object Storage.
粗譯:Image service (glance)使用戶能夠發現、註冊、檢索虛擬機鏡像。它提供了一個REST API讓你能夠查詢虛擬機鏡像的元數據和檢索一個實際的鏡像。無論是一個簡單的file systems還是一個OpenStack Object Storage,你都可以通過Image service在各種不同的位置上存儲一個虛擬機鏡像。
Important:
For simplicity, this guide describes configuring the Image service to use the file back end, which uploads and stores in a directory on the controller node hosting the Image service. By default, this directory is /var/lib/glance/images/.
Before you proceed, ensure that the controller node has at least several gigabytes of space available in this directory.
重要提示:爲了簡單起見,該指南記錄了使用Controller Node中的目錄來上傳和存儲鏡像文件。默認的,這個目錄是/var/lib/glance/images/。
在開始之前,確定Controller Node上的鏡像存儲目錄還有幾個G的空間。
官檔:The OpenStack Image service is central to Infrastructure-as-a-Service (IaaS) as shown in Conceptual architecture. It accepts API requests for disk or server images, and metadata definitions from end users or OpenStack Compute components. It also supports the storage of disk or server images on various repository types, including OpenStack Object Storage.
A number of periodic processes run on the OpenStack Image service to support caching. Replication services ensure consistency and availability through the cluster. Other periodic processes include auditors, updaters, and reapers.
粗譯:Openstack Image service是IaaS中非常重要的組件。它能夠爲磁盤或者服務器鏡像接受來自於User或者Openstack Compute service的API請求和元數據定義。它也支持磁盤存儲、服務器鏡像、OpenStack Object Storage等何種存儲方式。OpenStack Image service還運行着一些週期性的進程來支持緩存。而且同步服務(Replication services)還能確保集羣中的鏡像的一致性和可用性。其他的週期性進程還包括auditors, updaters, and reapers。
Openstack Image service包含的組件
glance-api:提供了Image service的發現、檢索、存儲功能的API調用。
glance-registry:用於存儲、處理、檢索Image元數據。這些元數據包含了鏡像的size和type等信息。需要注意的是,註冊(glance-registry)是OpenStack Image service私有的內部服務,這意味着不能向User公開該服務。
Database:用於存儲Image的元數據,支持大多數Database種類,常使用MySQL或SQLite來實現。
Storage repository for image files(鏡像文件的存儲倉庫):支持多種存儲類型,包括file systems、Object Storage、RADOS block devices、HTTP、Amazon S3等類型。但有些存儲類型只支持只讀訪問。
Metadata definition service(元數據定義服務):是一個統一的vendors API,管理員、服務、用戶可以定義他們所擁有的自定義元數據(custom metadata)。這個自定義的元數據可以使用不同的資源類型,如:images、artifacts、volumes、flavors、aggregates。定義包含了new property’s key、description、constraints和相關的資源類型。
Install and configure
在Controller Node上安裝並配置OpenStack Image service
Prerequisites 先決條件
Before you install and configure the Image service, you must create a database, service credentials, and API endpoints.
在安裝個配置Image service之前,你必須創建一個Database,service credentials,API endpoints。
To create the database
Use the database access client to connect to the database server as the root
以數據庫管理員root的身份登錄數據庫
mysql -u root -pfanguiju11
Create the glance database
創建glance數據庫
CREATE DATABASE glance;11
Grant proper access to the glance database
創建數據庫用戶glance,並授予其對glance數據庫的管理權限
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'fanguiju';GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'fanguiju';1212
Exit the database access client.
To create the service credentials
創建服務憑證
Source the admin credentials to gain access to admin-only CLI commands
[root@controller ~]# . admin-openrc11
Create the glance user
創建glance用戶
[root@controller ~]# openstack user create --domain default --password-prompt glance User Password:Repeat User Password: +-----------+----------------------------------+| Field | Value | +-----------+----------------------------------+| domain_id | 011fbf8c04f1479ab1a4e49b019b22d1 | | enabled | True | | id | 81712fe752e942fab0750288fb6bb103 | | name | glance | +-----------+----------------------------------+12345678910111234567891011
Add the admin role to the glance user and service project
添加Project service和User glance到Role admin中
openstack role add --project service --user glance admin11
Create the glance service entity
創建glance服務實體,將Image service加入到服務目錄。
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image+-------------+----------------------------------+| Field | Value | +-------------+----------------------------------+| description | OpenStack Image | | enabled | True | | id | d15d7716542f4c0ca128796b33a76eed | | name | glance || type | image | +-------------+----------------------------------+1234567891012345678910
Create the Image service API endpoints
爲OpenStack Image service創建認證服務端點
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller.jmilk.com:9292+--------------+----------------------------------+| Field | Value | +--------------+----------------------------------+| enabled | True | | id | 357e08b29f7f4a56a05877cf760b79f4 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | d15d7716542f4c0ca128796b33a76eed | | service_name | glance | | service_type | image || url | http://controller.jmilk.com:9292 | +--------------+----------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller.jmilk.com:9292+--------------+----------------------------------+| Field | Value | +--------------+----------------------------------+| enabled | True | | id | c46bab42157942f0a77562bdfb73a25f | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | d15d7716542f4c0ca128796b33a76eed | | service_name | glance | | service_type | image || url | http://controller.jmilk.com:9292 | +--------------+----------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller.jmilk.com:9292 +--------------+----------------------------------+| Field | Value | +--------------+----------------------------------+| enabled | True | | id | e71b8c296f4442ccab8966ca6ec99da8 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | d15d7716542f4c0ca128796b33a76eed | | service_name | glance | | service_type | image | | url | http://controller.jmilk.com:9292 |+--------------+----------------------------------+ 123456789101112131415161718192021222324252627282930313233343536373839404142123456789101112131415161718192021222324252627282930313233343536373839404142
Install and configure components
Install the packages
yum install openstack-glance -y11
Edit the /etc/glance/glance-api.conf file
In the [database] section, configure database access
配置Image service的數據庫連接
vim /etc/glance/glance-api.conf
[database]connection = mysql+pymysql://glance:[email protected]/glance1212
配置詳細日誌報告
[DEFAULT]verbose = True1212
In the [keystone_authtoken] and [paste_deploy] sections, configure Identity service access
配置Identity service訪問
注意:在[keystone_authtoken] 節點中,註釋或刪除其他別的選項。
[keystone_authtoken]auth_uri = http://controller.jmilk.com:5000auth_url = http://controller.jmilk.com:35357memcached_servers = controller.jmilk.com:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = fanguiju[paste_deploy]flavor = keystone1234567891011121312345678910111213
In the [glance_store] section, configure the local file system store and location of image files
配置本地文件系統存儲和鏡像文件的存放路徑
[glance_store]stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/12341234
總覽
[root@controller ~]# cat /etc/glance/glance-api.conf | grep -v ^# | grep -v ^$[DEFAULT]verbose = True [cors] [cors.subdomain] [database]connection = mysql+pymysql://glance:[email protected]/glance [glance_store]stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/ [image_format] [keystone_authtoken]auth_uri = http://controller.jmilk.com:5000auth_url = http://controller.jmilk.com:35357memcached_servers = controller.jmilk.com:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = fanguiju [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy]flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor]1234567891011121314151617181920212223242526272829303132333412345678910111213141516171819202122232425262728293031323334
Edit the /etc/glance/glance-registry.conf file
In the [database] section, configure database access
vim /etc/glance/glance-registry.conf
[database]connection = mysql+pymysql://glance:[email protected]/glance1212
In the [keystone_authtoken] and [paste_deploy] sections, configure Identity service access
注意:在[keystone_authtoken] 節點中,註釋或刪除其他別的選項。
[keystone_authtoken]auth_uri = http://controller.jmilk.com:5000auth_url = http://controller.jmilk.com:35357memcached_servers = controller.jmilk.com:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = fanguiju[paste_deploy]flavor = keystone1234567891011121312345678910111213
總覽
[root@controller ~]# cat /etc/glance/glance-registry.conf | grep -v ^# | grep -v ^$[DEFAULT] [database]connection = mysql+pymysql://glance:[email protected]/glance [glance_store] [keystone_authtoken]auth_uri = http://controller.jmilk.com:5000auth_url = http://controller.jmilk.com:35357memcached_servers = controller.jmilk.com:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = fanguiju [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy]flavor = keystone [profiler]12345678910111213141516171819202122231234567891011121314151617181920212223
Populate the Image service database
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future. /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade expire_on_commit=expire_on_commit, _conf=conf) /usr/lib/python2.7/site-packages/pymysql/cursors.py:146: Warning: Duplicate index 'ix_image_properties_image_id_name' defined on the table 'glance.image_properties'. This is deprecated and will be disallowed in a future release. result = self._query(query)123456123456
Note:忽略所有的警告輸出信息
查看glance數據庫:
[root@controller ~]# mysql -u root -pfanguijuWelcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 8Server version: 10.1.12-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+| glance || information_schema || keystone || mysql || performance_schema |+--------------------+5 rows in set (0.00 sec)MariaDB [(none)]> use glanceReading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -ADatabase changedMariaDB [glance]> show tables; +----------------------------------+ | Tables_in_glance | +----------------------------------+| artifact_blob_locations || artifact_blobs || artifact_dependencies || artifact_properties || artifact_tags || artifacts || image_locations || image_members || image_properties || image_tags || images || metadef_namespace_resource_types || metadef_namespaces || metadef_objects || metadef_properties || metadef_resource_types || metadef_tags || migrate_version || task_info || tasks |+----------------------------------+20 rows in set (0.00 sec)1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515212345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152
Finalize installation
systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl start openstack-glance-api.service openstack-glance-registry.service1212
Verify operation驗證操作
Verify operation of the Image service using CirrOS, a small Linux image that helps you test your OpenStack deployment.
使用CirrOS鏡像來進行Image service的測試操作,CirrOS是一個小型的Linux鏡像文件。
Note:在Controller Node上執行下列操作
1.Source the admin credentials to gain access to admin-only CLI commands
. admin-openrc11
2.Download the source image
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img11
或者點這裏下載。
3.Upload the image to the Image service using the QCOW2 disk format, bare Container format, and public visibility so all projects can access it
以QCOW2的磁盤格式、bare容器格式、public visibility的方式將鏡像上傳到Image service,所以所有的用戶都能否訪問這個鏡像。
openstack image create "cirros" \ --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public 12341234
Example:
[root@controller ~]# openstack image create "cirros" \> --file cirros-0.3.4-x86_64-disk.img \ > --disk-format qcow2 --container-format bare \ > --public +------------------+------------------------------------------------------+| Field | Value |+------------------+------------------------------------------------------+| checksum | ee1eca47dc88f4879d8a229cc70a07c6 || container_format | bare || created_at | 2016-06-21T16:07:16Z || disk_format | qcow2 || file | /v2/images/cced0c86-9841-451b-9497-929380dc53f8/file || id | cced0c86-9841-451b-9497-929380dc53f8 || min_disk | 0 || min_ram | 0 || name | cirros || owner | 6c04f1d3ecd04aafb427f4f8d01be534 || protected | False || schema | /v2/schemas/image || size | 13287936 || status | active || tags | || updated_at | 2016-06-21T16:07:16Z || virtual_size | None || visibility | public |+------------------+------------------------------------------------------+ 12345678910111213141516171819202122232425261234567891011121314151617181920212223242526
查看鏡像文件存儲目錄:
[root@controller ~]# ll /var/lib/glance/images/total 12980-rw-r----- 1 glance glance 13287936 Jun 21 12:07 cced0c86-9841-451b-9497-929380dc53f8123123
ERROR1:500 Internal Server Error: The server has either erred or is incapable of performing the requested operation. (HTTP 500)
解決:systemctl restart mariadb.service
ERROR2:An unexpected error prevented the server from fulfilling your request.
Glance Log:
2016-06-21 11:52:03.196 3949 ERROR glance.common.wsgi [req-4a033bf7-2bf3-4af9-bd50-03d5ce089e87 d5e5331d665540159f1bfabb7327eca5 6c04f1d3ecd04aafb427f4f8d01be534 - - -] Caught error: (pymysql.err.OperationalError) (2003, "Can't connect to MySQL server on '127.0.0.1' ([Errno 111] ECONNREFUSED)")11
解決:重啓Controller Node主機
4.Confirm upload of the image and validate attributes
[root@controller ~]# openstack image list+--------------------------------------+--------+--------+| ID | Name | Status | +--------------------------------------+--------+--------+| cced0c86-9841-451b-9497-929380dc53f8 | cirros | active | +--------------------------------------+--------+--------+123456123456
至此Openstack Image service的安裝就完成
版權聲明:轉載請註明出處 JmilkFan:http://blog.csdn.net/jmilk