openstack实验(三):镜像服务
一、镜像服务概览
- OpenStack镜像服务是IaaS的核心服务,如同
:ref:get_started_conceptual_architecture所示。它接受磁盘镜像或服务器镜像API请求,和来自终端用户或OpenStack计算组件的元数据定义。它也支持包括OpenStack对象存储在内的多种类型仓库上的磁盘镜像或服务器镜像存储。 - 大量周期性进程运行于OpenStack镜像服务上以支持缓存。同步复制(Replication)服务保证集群中的一致性和可用性。其它周期性进程包括auditors,updaters, 和 reapers。
- OpenStack镜像服务包括以下组件:
glance-api: 接收镜像API的调用,诸如镜像发现、恢复、存储。
glance-registry: 存储、处理和恢复镜像的元数据,元数据包括项诸如大小和类型。
警告:
glance-registry是私有内部服务,用于服务OpenStack Image服务。不要向用户暴露该服务
数据库:存放镜像元数据,用户是可以依据个人喜好选择数据库的,多数的部署使用MySQL或SQLite。
镜像文件的存储仓库:支持多种类型的仓库,它们有普通文件系统、对象存储、RADOS块设备、HTTP、以及亚马逊S3。记住,其中一些仓库仅支持只读方式使用。
== 元数据定义服务==:通用的API,是用于为厂商,管理员,服务,以及用户自定义元数据。这种元数据可用于不同的资源,例如镜像,工件,卷,配额以及集合。一个定义包括了新属性的键,描述,约束以及可以与之关联的资源的类型。
二、安装和配置
1.创建数据库
(1)以 root 用户连接到数据库服务器
[root@controller ~]# mysql -p
(2)创建 glance 数据库:
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
(3)对glance数据库授予恰当的权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
-> IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
2.获得 admin 凭证来获取只有管理员能执行的命令的访问权限
[root@controller ~]# source admin-openrc
3.创建 glance 用户
[root@controller ~]# openstack user create --domain default --password glance glance
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 63a9992134eb452da1c8d950231c2b06 |
| enabled | True |
| id | 07e6f27a74d14612b59f992535add19d |
| name | glance |
+-----------+----------------------------------+
4.添加 admin 角色到 glance 用户和 service 项目上
[root@controller ~]# openstack role add --project service --user glance admin
5.创建glance服务实体
[root@controller ~]# openstack service create --name glance \
> --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 00886c6e75b245fd94470b5905c2401f |
| name | glance |
| type | image |
+-------------+----------------------------------+
6.创建镜像服务的 API 端点:
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 92002570b61b4649afcb7c11a5057706 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 00886c6e75b245fd94470b5905c2401f |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1336393b535e4890abcaef743dd2025e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 00886c6e75b245fd94470b5905c2401f |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0468efa79c9941729daaffee8bd0ad71 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 00886c6e75b245fd94470b5905c2401f |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
7.安全并配置组件
(1)安装软件包:
[root@controller ~]# yum install openstack-glance -y
(2)编辑文件 /etc/glance/glance-api.conf
[root@controller ~]# vim /etc/glance/glance-api.conf
配置数据库访问
[database]
connection = mysql+pymysql://glance:glance@controller/glance
配置认证服务访问
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
配置本地文件系统存储和镜像文件位置:
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
(3)编辑文件 /etc/glance/glance-registry.conf
[root@controller ~]# vim /etc/glance/glance-registry.conf
配置数据库访问
[database]
connection = mysql+pymysql://glance:glance@controller/glance
配置认证服务访问
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
(4)写入镜像服务数据库,会出现警告
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
(5)启动镜像服务、配置他们开机启动:
[root@controller ~]# systemctl enable openstack-glance-api.service \
> openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller ~]# systemctl start openstack-glance-api.service \
> openstack-glance-registry.service
(6)再次写入镜像服务数据库
[root@controller ~]# su -s /bin/sh -c “glance-manage db_sync” glance
- 验证操作
1.下载源镜像这里镜像已经下载好了
使用 qcow2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见
[root@controller ~]# openstack image create "cirros" \
> --file cirros-0.3.4-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2019-06-23T06:17:47Z |
| disk_format | qcow2 |
| file | /v2/images/3671054c-7599-49b0-af3b-980988d86581/file |
| id | 3671054c-7599-49b0-af3b-980988d86581 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | d82e8f7c6ce044b98fe70f91943d0bfe |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2019-06-23T06:17:48Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
2.确认镜像的上传并验证属性:
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 3671054c-7599-49b0-af3b-980988d86581 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# cd /var/lib/glance/
[root@controller glance]# ls
images
[root@controller glance]# cd images/
[root@controller images]# ls
3671054c-7599-49b0-af3b-980988d86581
[root@controller images]# du -h 3671054c-7599-49b0-af3b-980988d86581
13M 3671054c-7599-49b0-af3b-980988d86581
[root@controller images]# cd
[root@controller ~]# ls
admin-openrc cirros-0.3.4-x86_64-disk.img demo-openrc
[root@controller ~]# du -h cirros-0.3.4-x86_64-disk.img ##查看镜像的大小
13M cirros-0.3.4-x86_64-disk.img