glance镜像服务及部署
概念
理解Image Service
Image Service 的功能是管理 Image,让用户能够发现、获取和保存 Image。在 OpenStack 中,提供 Image Service 的是 Glance,其具体功能如下:
- 提供 REST API 让用户能够查询和获取 image 的元数据和 image 本身
- 支持多种方式存储 image,包括普通的文件系统、Swift、Amazon S3 等
- 对 Instance 执行 Snapshot 创建新的 image
架构图
glance-api:
glance-api 是系统后台运行的服务进程。 对外提供 REST API,响应 image 查询、获取和存储的调用。
glance-api 不会真正处理请求。 如果操作是与 image metadata(元数据)相关,glance-api 会把请求转发给 glance-registry; 如果操作是与 image 自身存取相关,glance-api 会把请求转发给该 image 的 store backend。
在控制节点上可以查看 glance-api 进程
ps aux | grep glance-api
glance-registry
glance-registry 是系统后台运行的服务进程。 负责处理和存取 image 的 metadata,例如 image 的大小和类型。
在控制节点上可以查看 glance-registry 进程,
ps aux | grep glance-registry
Store backend
Glance 自己并不存储 image。 真正的 image 是存放在 backend 中的。 Glance 支持多种 backend,包括:
- A directory on a local file system(这是默认配置)
- GridFS
- Ceph RBD
- Amazon S3
- Sheepdog
- OpenStack Block Storage (Cinder)
- OpenStack Object Storage (Swift)
- VMware ESX
具体使用哪种 backend,是在 /etc/glance/glance-api.conf 中配置的
查看目前存在的image
openstack image list
查看保存目录
ls /var/lib/glance/images
执行image上传镜像命令:
openstack image create “cirros” --file cirros-0.3.3-x86_64-disk.img.img --disk-format qcow2 --container-format bare --public
操作部署
mysql -uroot -p123
创建glance数据库
CREATE DATABASE glance;
创建glance数据库
设置可以本地登录
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@‘localhost’
IDENTIFIED BY ‘123’;
设置可以远程登录
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’
IDENTIFIED BY ‘123’;
创建glance用户
openstack user create --domain default --password=glance glance
[[email protected] ~]# openstack user create --domain default --password=admin glance +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | be520627818844429e73dfc84132e4a3 | | name | glance | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+
将glance用户设置为service的管理员
openstack role add --project service --user glance admin
建立glance的服务
openstack service create --name glance
–description “OpenStack Image” image
[[email protected] ~]# openstack service create --name glance \ > --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | 1bab5039ff5a4c7d9cb2887845e41535 | | name | glance | | type | image | +-------------+----------------------------------+
建立服务端口
openstack endpoint create --region RegionOne
image public http://chen1:9292
[[email protected] ~]# openstack endpoint create --region RegionOne \ > image public http://chen1:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 69d7a7c6f96442d6ba4e5e5d8e8a383c | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 1bab5039ff5a4c7d9cb2887845e41535 | | service_name | glance | | service_type | image | | url | http://chen1:9292 | +--------------+----------------------------------+
openstack endpoint create --region RegionOne
image internal http://chen1:9292
[[email protected] ~]# openstack endpoint create --region RegionOne \ > image internal http://chen1:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 2deab16e4dee47718a834d0841de1c89 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 1bab5039ff5a4c7d9cb2887845e41535 | | service_name | glance | | service_type | image | | url | http://chen1:9292 | +--------------+----------------------------------+
openstack endpoint create --region RegionOne
image admin http://chen1:9292
[[email protected] ~]# openstack endpoint create --region RegionOne \ > image admin http://chen1:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 77d87ebe3d2246d88f8e3264730e4c73 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 1bab5039ff5a4c7d9cb2887845e41535 | | service_name | glance | | service_type | image | | url | http://chen1:9292 | +--------------+----------------------------------+
如果添加错误:
openstack endpoint delete id号
安装glance服务
yum -y install openstack-glance
如果失败,检查下sr0是否挂载,以及全局dns配置文件是否更改/etc/resolve.conf
编辑glance配置文件
先备份
cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
vim /etc/glance/glance-api.conf
[DEFAULT] [cors] [cors.subdomain] [database] connection = mysql+pymysql://glance:[email protected]/glance [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ [image_format] [keystone_authtoken] auth_uri = http://chen1:5000 auth_url = http://chen1:35357 memcached_servers = chen1:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = glance [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor]
给予权限
chmod 640 glance-api.conf
chown root.glance glance-api.conf
vim /etc/glance/glance-registry.conf
[DEFAULT] [database] connection = mysql+pymysql://glance:[email protected]/glance [keystone_authtoken] auth_uri = http://chen1:5000 auth_url = http://chen1:35357 memcached_servers = chen1:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = glance [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_policy] [paste_deploy] flavor = keystone [profiler]
同步数据库
su -s /bin/sh -c “glance-manage db_sync” glance
启动glance相关服务
systemctl enable openstack-glance-api.service
openstack-glance-registry.service
systemctl start openstack-glance-api.service
openstack-glance-registry.service
进入目录进行验证
cd /var/lib/glance/images
ls
如果什么没有
则需要下载镜像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
创建cirros镜像
openstack image create "cirros" \ --file cirros-0.3.5-x86_64-disk.img \ #文件来源于刚刚下载的 --disk-format qcow2 --container-format bare \ #格式为qcow2 --public #类型为public类型
显示如下
+------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | checksum | f8ab98ff5e73ebab884d80c9dc9c7290 | | container_format | bare | | created_at | 2019-04-09T11:30:55Z | | disk_format | qcow2 | | file | /v2/images/d34fd470-b2aa-44a8-b1c9-eb9af3eb4184/file | | id | d34fd470-b2aa-44a8-b1c9-eb9af3eb4184 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | bd5cc336450942d8817b10845ef20605 | | protected | False | | schema | /v2/schemas/image | | size | 13267968 | | status | active | | tags | | | updated_at | 2019-04-09T11:30:55Z | | virtual_size | None | | visibility | public | +------------------+------------------------------------------------------+
如果失败,则检查下之前创建glance用户时密码与 /etc/glance/glance-registry.conf、/etc/glance/glance-api.conf里面设置的密码是否相同,如果不同,可以更改配置文件或者删除用户重新创建用户,但是密码必须相同
查看
openstack image list
+--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | d34fd470-b2aa-44a8-b1c9-eb9af3eb4184 | cirros | active | +--------------------------------------+--------+--------+