- A+
所属分类:linux技术
一、glance简介
openstack中的glance服务是用来存储在openstack上启动虚拟机所需镜像;它主要用于发现、注册及检索虚拟机镜像;它通过提供RESTful风格的api对外提供服务;所谓RESTful风格的api指用户可以通过http请求查询虚拟机的镜像元数据以及通过http请求获取镜像文件;其中虚拟机镜像文件的存储可以是本地文件系统,或者对象存储系统(如openstack object storage)或者http,总之存储镜像的系统有很多;其大致的架构如下
glance服务主要有四部分组成,其中glance-api主要提供服务接口,负责接收对image service api中的镜像文件的查看、下载以及存储请求;glance-registry主要用来存储、处理及获取镜像文件中的元数据信息;比如虚拟机镜像文件大小、类型、创建时间、名称等等;glance database主要用来存储虚拟机镜像文件的元数据信息;不同于glace-registry,它不处理元数据信息,而是将glance-registry处理以后的信息保存下来,我们可以理解glance-registry是将虚拟机的镜像元数据信息通过某种格式写入到glance database中进行存储;最后是存放镜像文件的存储仓库;镜像存储仓库就是用来存放真正的镜像文件,它支持多种类型的镜像文件存储机制,包括使用普通的文件系统、对象存储、RADOS块设备、http以及亚马逊的s3等等;
glance工作过程
客户端(通常是openstack中的其他组件,Horizon/nova或者glance专有客户端工具)将请求发送给glance-api,glance-api接收到客户端的请求,它首先会去glance-registry中查询对应的镜像元数据信息,拿到元数据信息后,glance-api会通过返回的元数据信息,用对应的存储适配器连接镜像仓库,进行镜像下载;
二、glance服务的安装、配置、测试
1、创建glance数据库和glance用户,并授权glance用户允许从任何主机连接以及对glance数据库有所有的权限
[root@node02 ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 11 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE glance; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>
验证:在别的主机上使用glance用户连接数据库,看看是否能够正常连接?
[root@node01 ~]# mysql -uglance -pglance123 -hnode02 Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 12 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | glance | | information_schema | | test | +--------------------+ 3 rows in set (0.00 sec) MariaDB [(none)]>
2、导出admin用户的环境变量,创建glance用户并设置其密码为glance
[root@node01 ~]# source admin.sh [root@node01 ~]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | 47c0915c914c49bb8670703e4315a80f | | enabled | True | | id | 11adbc225a88482fb0313b415d2e909f | | name | glance | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ [root@node01 ~]#
3、将glance用户授权为admin角色,并将其添加到service项目中
[root@node01 ~]# openstack role add --project service --user glance admin [root@node01 ~]#
4、创建glance服务
[root@node01 ~]# openstack service create --name glance > --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | a6e98cad2c744ed9b73735a149f1bfe9 | | name | glance | | type | image | +-------------+----------------------------------+ [root@node01 ~]#
5、创建glance endport (服务端点,注册服务)
公共端点
[root@node01 ~]# openstack endpoint create --region RegionOne image public http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 358ccfc245264b60a9d1a0c113dfa628 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | a6e98cad2c744ed9b73735a149f1bfe9 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@node01 ~]#
私有端点
[root@node01 ~]# openstack endpoint create --region RegionOne image internal http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 09f5ec434ea24d4c8dc9efe2bbb62b01 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | a6e98cad2c744ed9b73735a149f1bfe9 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@node01 ~]#
管理端点
[root@node01 ~]# openstack endpoint create --region RegionOne image admin http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 04cd3747614b42a3ba086cef39a1acd9 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | a6e98cad2c744ed9b73735a149f1bfe9 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@node01 ~]#
6、安装openstack-glance
[root@node01 ~]# yum install openstack-glance -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * centos-qemu-ev: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package openstack-glance.noarch 1:17.0.1-1.el7 will be installed --> Processing Dependency: python-glance = 1:17.0.1-1.el7 for package: 1:openstack-glance-17.0.1-1.el7.noarch --> Running transaction check ---> Package python-glance.noarch 1:17.0.1-1.el7 will be installed --> Processing Dependency: python2-glance-store >= 0.26.1 for package: 1:python-glance-17.0.1-1.el7.noarch --> Processing Dependency: python2-os-brick >= 1.8.0 for package: 1:python-glance-17.0.1-1.el7.noarch --> Processing Dependency: python2-oslo-vmware >= 0.11.1 for package: 1:python-glance-17.0.1-1.el7.noarch --> Processing Dependency: python2-swiftclient >= 2.2.0 for package: 1:python-glance-17.0.1-1.el7.noarch --> Processing Dependency: python2-taskflow >= 2.16.0 for package: 1:python-glance-17.0.1-1.el7.noarch --> Processing Dependency: python2-wsme >= 0.8 for package: 1:python-glance-17.0.1-1.el7.noarch --> Processing Dependency: pysendfile for package: 1:python-glance-17.0.1-1.el7.noarch --> Processing Dependency: python-httplib2 for package: 1:python-glance-17.0.1-1.el7.noarch --> Processing Dependency: python-retrying for package: 1:python-glance-17.0.1-1.el7.noarch --> Processing Dependency: python2-boto for package: 1:python-glance-17.0.1-1.el7.noarch --> Processing Dependency: python2-cursive for package: 1:python-glance-17.0.1-1.el7.noarch --> Running transaction check ……省略部分内容…… Installed: openstack-glance.noarch 1:17.0.1-1.el7 Dependency Installed: atlas.x86_64 0:3.10.1-12.el7 device-mapper-multipath.x86_64 0:0.4.9-131.el7 device-mapper-multipath-libs.x86_64 0:0.4.9-131.el7 libgfortran.x86_64 0:4.8.5-39.el7 libquadmath.x86_64 0:4.8.5-39.el7 libxslt.x86_64 0:1.1.28-5.el7 pysendfile.x86_64 0:2.0.0-5.el7 python-glance.noarch 1:17.0.1-1.el7 python-lxml.x86_64 0:3.2.1-4.el7 python-networkx.noarch 0:1.10-1.el7 python-networkx-core.noarch 0:1.10-1.el7 python-nose.noarch 0:1.3.7-7.el7 python-oslo-privsep-lang.noarch 0:1.29.2-1.el7 python-oslo-vmware-lang.noarch 0:2.31.0-1.el7 python-retrying.noarch 0:1.2.3-4.el7 python-simplegeneric.noarch 0:0.8-7.el7 python2-automaton.noarch 0:1.15.0-1.el7 python2-boto.noarch 0:2.45.0-3.el7 python2-castellan.noarch 0:0.19.0-1.el7 python2-cursive.noarch 0:0.2.2-1.el7 python2-glance-store.noarch 0:0.26.2-1.el7 python2-httplib2.noarch 0:0.18.1-3.el7 python2-numpy.x86_64 1:1.14.5-1.el7 python2-os-brick.noarch 0:2.5.10-1.el7 python2-os-win.noarch 0:4.0.1-1.el7 python2-oslo-privsep.noarch 0:1.29.2-1.el7 python2-oslo-rootwrap.noarch 0:5.14.2-1.el7 python2-oslo-vmware.noarch 0:2.31.0-1.el7 python2-rsa.noarch 0:3.4.2-1.el7 python2-scipy.x86_64 0:0.18.0-3.el7 python2-suds.noarch 0:0.7-0.4.94664ddd46a6.el7 python2-swiftclient.noarch 0:3.6.1-1.el7 python2-taskflow.noarch 0:3.2.0-1.el7 python2-wsme.noarch 0:0.9.3-1.el7 sg3_utils.x86_64 1:1.37-19.el7 sg3_utils-libs.x86_64 1:1.37-19.el7 sysfsutils.x86_64 0:2.1.0-16.el7 Dependency Updated: kpartx.x86_64 0:0.4.9-131.el7 Complete! [root@node01 ~]#
7、配置gilance-api
编辑/etc/glance/glance-api.conf文件,在【database】配置段配置连接glance数据的地址
在【keystone_authtoken】配置段中配置认证相关信息
提示:这里需要注意memcached服务的地址;我这里memcached没有在控制节点,而是单独放在了数据库节点上的;
在【paste_deploy】配置段中添加flavor = keystone
在【glance_store】配置段中配置后端存储相关信息
glance-api.conf最终配置
[root@node01 ~]# grep "^[a-Z[]" /etc/glance/glance-api.conf [DEFAULT] [cors] [database] connection = mysql+pymysql://glance:glance123@node02/glance [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ [image_format] [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = node02:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = glance [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor] [root@node01 ~]#
8、配置glance-registry
编辑/etc/glance/glance-registry.conf,在【database】配置段配置连接glance数据的地址
在【keystone_authtoken】配置段中配置认证相关信息
在【paste_deploy】配置段中添加flavor = keystone
glance-registry.conf的最终配置
[root@node01 ~]# grep "^[a-Z[]" /etc/glance/glance-registry.conf [DEFAULT] [database] connection = mysql+pymysql://glance:glance123@node02/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = node02:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = glance [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [root@node01 ~]#
9、初始化glance数据,生成相关表
[root@node01 ~]# su -s /bin/sh -c "glance-manage db_sync" glance /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1352: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade expire_on_commit=expire_on_commit, _conf=conf) INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01 INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01 INFO [alembic.runtime.migration] Running upgrade queens_expand01 -> rocky_expand01, add os_hidden column to images table INFO [alembic.runtime.migration] Running upgrade rocky_expand01 -> rocky_expand02, add os_hash_algo and os_hash_value columns to images table INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Upgraded database to: rocky_expand02, current revision(s): rocky_expand02 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Database migration is up to date. No migration needed. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01 INFO [alembic.runtime.migration] Running upgrade queens_contract01 -> rocky_contract01 INFO [alembic.runtime.migration] Running upgrade rocky_contract01 -> rocky_contract02 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Upgraded database to: rocky_contract02, current revision(s): rocky_contract02 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Database is synced successfully. [root@node01 ~]#
验证:去数据库中查看glance库中是否有表生成?
MariaDB [(none)]> use glance; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [glance]> show tables; +----------------------------------+ | Tables_in_glance | +----------------------------------+ | alembic_version | | image_locations | | image_members | | image_properties | | image_tags | | images | | metadef_namespace_resource_types | | metadef_namespaces | | metadef_objects | | metadef_properties | | metadef_resource_types | | metadef_tags | | migrate_version | | task_info | | tasks | +----------------------------------+ 15 rows in set (0.00 sec) MariaDB [glance]>
10、启动openstack-glance-api和openstack-glance-registry服务,并将其设置为开机启动
[root@node01 ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service [root@node01 ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service. [root@node01 ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:9292 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 *:9191 *:* LISTEN 0 128 :::80 :::* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 128 :::5000 :::* [root@node01 ~]#
提示:glance-api服务将听在9292端口,glance-registry服务监听在9191端口,确保对应的端口处于监听状态,说明我们的配置没有问题,服务已经正常启动了;
验证:导入admin用户的环境变量,下载一个测试镜像,看看能不能将其上传至glance中去?
[root@node01 ~]# source admin.sh [root@node01 ~]# rz rz waiting to receive. zmodem trl+C ȡ 100% 12418 KB 12418 KB/s 00:00:01 0 Errorsk.img... [root@node01 ~]# ll total 12428 -rwxr-xr-x 1 root root 272 Oct 28 20:23 admin.sh -rw-r--r-- 1 root root 12716032 Oct 29 01:10 cirros-0.4.0-x86_64-disk.img -rwxr-xr-x 1 root root 269 Oct 28 20:24 demo.sh [root@node01 ~]#
提示:我这里准备了一个cirros的测试镜像;
将cirros上传至glance看看是否能够正常上传?
[root@node01 ~]# openstack image create "cirros" > --file cirros-0.4.0-x86_64-disk.img > --disk-format qcow2 --container-format bare > --public +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | checksum | 443b7623e27ecf03dc9e01ee93f67afe | | container_format | bare | | created_at | 2020-10-28T17:12:58Z | | disk_format | qcow2 | | file | /v2/images/94dd2ba0-1736-4307-865d-7cb86b85d32e/file | | id | 94dd2ba0-1736-4307-865d-7cb86b85d32e | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | b4e56eeb160948c581e98d685133d19a | | properties | os_hash_algo='sha512', os_hash_value='6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e2161b5b5186106570c17a9e58b64dd39390617cd5a350f78', os_hidden='False' | | protected | False | | schema | /v2/schemas/image | | size | 12716032 | | status | active | | tags | | | updated_at | 2020-10-28T17:12:58Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [root@node01 ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 94dd2ba0-1736-4307-865d-7cb86b85d32e | cirros | active | +--------------------------------------+--------+--------+ [root@node01 ~]#
提示:可以看到我们上传到镜像已经在镜像列表中能够看到,说明镜像已经成功上传到glance中去了;
验证:查看glance的镜像仓库目录下是否有文件生成?
[root@node01 ~]# ll /var/lib/glance/images/ total 12420 -rw-r----- 1 glance glance 12716032 Oct 29 01:12 94dd2ba0-1736-4307-865d-7cb86b85d32e [root@node01 ~]# file /var/lib/glance/images/94dd2ba0-1736-4307-865d-7cb86b85d32e /var/lib/glance/images/94dd2ba0-1736-4307-865d-7cb86b85d32e: QEMU QCOW Image (v3), 46137344 bytes [root@node01 ~]#
提示:可以看到在对应的目录下有一个文件生成,其文件格式为qcow image的文件;到此openstack的镜像服务glance的安装配置和测试就完成了;
