1、glance架構
glance的架構如圖1-1所示。
圖1-1 glance的架構
圖1-2 openstack官方文檔中的glance架構圖
1)鏡像服務組件:
Glance-api:是一個對外的API接口,能夠接受外部的API鏡像請求。主要用於分析、分發、響應各種鏡像管理的REST Request,然後通過其他模塊(EG. glance-registry、Store Backend後端存儲接口)完成鏡像的發現、獲取、存儲等操作。默認綁定端口是9292。
Glance提供REST API來支持以下鏡像操作:查詢、註冊、上傳、獲取、刪除、訪問權限管理
glance-registry:用於存儲、處理、獲取Image Metadata。通過響應從glance-api發送過來的Image Metadata REST Request,然後與MySQL進行交互,實現Image Metadate的存儲、處理、獲取。默認綁定的端口是9191。
glance-db:在Openstack中使用MySQL來支撐,用於存放Image Metadata。
Image Metadate(鏡像元數據):指通過glance-registry來保存在MySQL Database; image 的chunk 數據 通過 glance-store 存放在各種 backend store 中,並從中獲取。
Glance Store:用於存儲鏡像文件。通過Store Backend後端存儲接口來與glance-api聯繫。通過這個接口,glance可以從Image Store獲取鏡像文件再交由Nova用於創建虛擬機。
Glance 通過Store Adapter(存儲適配器)支持多種Imange Store方案
支持swift、file system、s3、sheepdog、rbd、cinder等。
2)image 的 訪問權限分爲:
public 公共的:可以被所有的 tenant 使用。
private 私有的/項目的:只能被 image owner 所在的 tenant 使用。
shared 共享的:一個非共有的image 可以共享給另外的 tenant,可通過member-* 操作來實現。
protected 受保護的:protected 的 image 不能被刪除。
3)image 的各種狀態
queued:沒有上傳 image 數據,只有db 中的元數據。
saving:正在上傳 image data
active:正常狀態
deleted/pending_delete: 已刪除/等待刪除
killed:image 元數據不正確,等待被刪除。
2、Glance支持的Image格式
raw – 非結構化的鏡像格式
vhd – 一種通用的虛擬機磁盤格式, 可用於Vmware、Xen、Microsoft Virtual PC/Virtual Server/Hyper-V、VirtualBox等
vmdk – Vmware的虛擬機磁盤格式, 同樣也支持多種Hypervisor
vdi – VirtualBox、QEMU等支持的虛擬機磁盤格式
qcow2 – 一種支持QEMU並且可以動態擴展的磁盤格式
aki – Amazon Kernel 鏡像
ari – Amazon Ramdisk 鏡像
ami – Amazon 虛擬機鏡像
3、常見面試題
1)、openstack對接ceph集羣,image使用哪種格式?
答:使用raw格式。
2)、raw與qcow2的區別:
答:
(1)空間佔用區別,如指定空間20G,實際僅用5G時,raw對外顯示爲20G,而qcow2對外則顯示真實的大小5G,從節省空間大小來看使用qcow2;
(2)如果使用ceph使用raw格式,它對raw格式的兼容性更好,即使指定爲qcow2格式,後端也會先轉換成raw格式。
4、glance組件的工作過程
5、實戰: glance的手動搭建
5.1、控制節點的安裝配置
(1)創建glance數據庫:
[root@controller ~]# mysql -uroot -popenstack <<EOF
create database glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'openstack'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'openstack';
EOF
(2)創建glance用戶,並在service項目中添加管理員角色
[root@controller ~]# source admin_openrc
下面這句要分開執行,要輸入glance用戶的密碼:
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | cd90f56cf9bc4c8f8a01f88c5c179762 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
(3)創建glance服務及端口
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | ad61f9ee483e4bea9cb374796f097dd3 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b781cb1117f040f1a18615b649fb5388 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad61f9ee483e4bea9cb374796f097dd3 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 129da42ca64c4cfb821afcf3c2e81dfd |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad61f9ee483e4bea9cb374796f097dd3 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9fc675719b1d49a48851abeee9f2622c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad61f9ee483e4bea9cb374796f097dd3 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint list
---------+-----------+-----------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
---------+-----------+-----------------------------+
| 01ccfab5acb0407888620ca056f93dfe | RegionOne | keystone | identity | True | admin | http://controller:35357/v3/ |
| 129da42ca64c4cfb821afcf3c2e81dfd | RegionOne | glance | image | True | internal | http://controller:9292 |
| 4c2bd465260043039bcf7bf78776dd6b | RegionOne | keystone | identity | True | internal | http://controller:5000/v3/ |
| 9cd64dded6014abea4936800d3fd614c | RegionOne | glance | image | True | public | http://controller:9292 |
| 9fc675719b1d49a48851abeee9f2622c | RegionOne | glance | image | True | admin | http://controller:9292 |
| bdc34c7c99bb432eb13fa83a45d0065e | RegionOne | keystone | identity | True | public | http://controller:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
操作刪除endpoint命令
[root@controller ~]# openstack endpoint delete IDNAME
(4)控制節點安裝相關包並配置
[root@controller ~]# yum -y install openstack-glance
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:openstack@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000 內部端口
auth_url = http://controller:35357 管理員端口
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = openstack
[paste_deploy] (開啓如下配置)
flavor = keystone
[glance_store] (開啓如下配置)
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[root@controller ~]# egrep -v "^#|^$" /etc/glance/glance-api.conf
[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:openstack@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = openstack
[paste_deploy]
flavor = keystone
[root@controller ~]# egrep -v "^#|^$" /etc/glance/glance-registry.conf
(5)初始化數據庫表結構
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1336: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_expand01, current revision(s): queens_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database migration is up to date. No migration needed.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_contract01, current revision(s): queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.
[root@controller ~]# mysql -hlocalhost -uglance -popenstack -e "use glance;show tables;"
(6)服務啓動並設置開啓自啓
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
5.2、驗證
(1)執行授權
[root@controller ~]# source admin_openrc
(2)下載實驗鏡像cirros
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
(3)創建鏡像:
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2020-03-17T14:16:48Z |
| disk_format | qcow2 |
| file | 2/images/7dfa1f88-6e3a-45aa-90ff-f348e6e399c0/file |
| id | 7dfa1f88-6e3a-45aa-90ff-f348e6e399c0 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | db82536ef7124608b3f3931ba4ce9615 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2020-03-17T14:16:48Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 7dfa1f88-6e3a-45aa-90ff-f348e6e399c0 | cirros | active |
+--------------------------------------+--------+--------+
#查看鏡像文件信息
[root@controller ~]# openstack image show cirros
#設置鏡像受保護狀態(不可刪除)
[root@controller ~]# openstack image set --protected IDNAME
#設置鏡像未受保護狀態(可刪除)
[root@controller ~]# openstack image set --unprotected IDNAME
至此完成Glance的安裝,下一章節簡介Nova 組件,以及它的安裝過程