五、OpenStack服务-Glance

本章目录

1、概述
2、Glance架构
3、安装配置Glance

一、概述

理解image Service
Image Service的功能是管理Image，让用户能够发现、获取和保存Image。
在OpenStack中，提供Image Service的是Glance，其具体功能如下：

• 提供REST API，让用户能够查询和获取image的元数据和image本身。
• 支持多种方式存储image，包括普通的文件系统、Swift、Amazon S3等。
• 对Instance执行Snapshot创建新的image。

二、Glance架构

glance架构.jpg

OpenStack镜像服务包括以下组件：

• glance-api

  接收镜像API的调用，诸如镜像发现、恢复、存储。

• glance-registry

  存储、处理和恢复镜像的元数据，元数据包括项诸如大小和类型。

• 有两个配置文件，一个api.conf和registry.conf

  需要keystone认证

三、安装配置Glance

1、创建数据库并授权

1、登录数据库
mysql mysql -u root -p

2、创建数据库
MariaDB [(none)]> CREATE DATABASE glance;

3、授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'glance';
  
4、查看验证
[root@controller ~]# mysql -uglance -pglance -e "show databases;"
+--------------------+
| Database           |
+--------------------+
| glance             |
| information_schema |
+--------------------+
[root@controller ~]# 

2、创建glance用户、关联角色、在keystone上创建服务和注册api

1、创建用户
[root@controller ~]# . admin-openrc 
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:glance
Repeat User Password:glance
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 31be40e20245472da1e5a6da135777f6 |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

帮助小技巧：（例如查看openstack的user如何使用）
#扩展非交互式创建用户方法(可以将上述创建用户的步骤改为此方法)
#[root@controller ~]# openstack user create --domain default --password glance（密码） glance（用户）

2、关联角色
Add the admin role to the glance user and service project:
添加 admin 角色到 glance 用户和 service 项目上：
[root@controller ~]# openstack role add --project service --user glance admin

#查看命令小技巧，执行错误命令
[root@controller ~]# openstack user （错误执行可以查看相关命令）
openstack: 'user' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
  user create
  user delete
  user list
  user password set
  ..........
[root@controller ~]# openstack user list
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 31be40e20245472da1e5a6da135777f6 | glance |
| e1011877fc5d4275b7e4394463883ee0 | myuser |
| ef761eff8f434c558b42ed37406dd217 | admin  |
+----------------------------------+--------+

可以看到这些表都在keystone库中：
[root@controller ~]# mysql keystone -e "show tables"|grep user
federated_user
local_user
nonlocal_user
user
user_group_membership
user_option

3、在keystone上创建服务和注册api(都存在于keystone的表里)

3.1 Create the glance service entity:
[root@controller ~]# openstack service create --name glance \
  --description "OpenStack Image" image

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

3.2 Create the Image service API endpoints:
注意：理论上是需要三个不同的IP创建，三块网卡，例如公网内网，但是这里也可以使用一块网卡
创建注册api：
[root@controller ~]# openstack endpoint create --region RegionOne \
  image public http://controller:9292

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 340be3625e9b4239a6415d034e98aace |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne \
  image internal http://controller:9292

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | a6e4b153c2ae4c919eccfdbb7dceb5d2 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne \
  image admin http://controller:9292

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 0c37ed58103f4300a84ff125a539032d |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+


注意：如果上边创建错误，可以使用如下方法删除
[root@controller ~]# openstack endpoint
openstack: 'endpoint' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
  endpoint add project
  endpoint create
  endpoint delete
  ....
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                             |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
| 316aea3c70c644a3a7f730f09a0d13bd | RegionOne | keystone     | identity     | True    | internal  | http://192.168.223.157:5000/v3/ |
| 388088f25766420b8e4a5e0dac81c3aa | RegionOne | glance       | image        | True    | public    | http://192.168.223.157:9292     |
| 4449ed76319d47ab94f1755b370b0089 | RegionOne | keystone     | identity     | True    | admin     | http://192.168.223.157:5000/v3/ |
| 5728a92401f54d03891daa85ee8e0409 | RegionOne | glance       | image        | True    | internal  | http://192.168.223.157:9292     |
| 82003a6672cb4f38a8bf2300c8cf5b91 | RegionOne | keystone     | identity     | True    | public    | http://192.168.223.157:5000/v3/ |
| e14725b9f6ae4c1ab442ceffd59c2232 | RegionOne | glance       | image        | True    | admin     | http://192.168.223.157:9292     |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
[root@controller ~]# openstack endpoint delete ID号

3、安装、配置glance

安装软件包

[root@controller ~]# yum -y install openstack-glance

修改配置文件
(1) 修改配置文件：/etc/glance/glance-api.conf

修改配置文件（两个配置文件需要修改）
配置文件：/etc/glance/glance-api.conf 
三处：数据库连接信息、keystone认证信息、paste_deploy、glance_store
[root@controller ~]# vim /etc/glance/glance-api.conf 
第一处：
[database]
connection = mysql+pymysql://glance:glance@controller/glance
第二处：
[keystone_authtoken]
www_authenticate_uri  = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone
第三处：
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

自动化配置工具：yum -y install openstack-utils.noarch
——————————————————————————————————————————————————————————————————————————————————————
cp -a /etc/glance/glance-api.conf{,.bak}
grep -Ev '^$|#' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf

openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri  http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password glance
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/ 

(2) 修改配置文件/etc/glance/glance-registry.conf

配置文件/etc/glance/glance-registry.conf 
修改三处：
[root@host157_node1 ~]# vim /etc/glance/glance-registry.conf 
1、数据库
[database]
#connection = 修改此行配置
connection = mysql+pymysql://glance:glance@controller/glance

2、keystone认证
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance

3、启用keystone认证
[paste_deploy]
flavor = keystone

-------------------------------------------------------------------------------------
cp -a /etc/glance/glance-registry.conf{,.bak}
grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf

openstack-config --set /etc/glance/glance-registry.conf  database connection mysql+pymysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken password glance
openstack-config --set /etc/glance/glance-registry.conf  paste_deploy flavor keystone

4、同步数据库

1、同步数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
Database is synced successfully.

2、查看同步的表结构
[root@controller ~]# mysql -uglance -pglance -e "use glance;show tables;"

+----------------------------------+
| Tables_in_glance                 |
+----------------------------------+
| alembic_version                  |
| image_locations                  |
| image_members                    |
| image_properties                 |
| image_tags                       |
| images                           |
| metadef_namespace_resource_types |
| metadef_namespaces               |
| metadef_objects                  |
| metadef_properties               |
| metadef_resource_types           |
| metadef_tags                     |
| migrate_version                  |
| task_info                        |
| tasks                            |
+----------------------------------+

5、启动glance

1、设置开机自启：
[root@controller ~]# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service

2、启动
[root@controller ~]#systemctl start openstack-glance-api.service \
openstack-glance-registry.service
[root@controller ~]# ps -ef|grep glance
glance    14942      1 20 18:33 ?        00:00:01 /usr/bin/python2 /usr/bin/glance-api
glance    14943      1 15 18:33 ?        00:00:01 /usr/bin/python2 /usr/bin/glance-registry
glance    14966  14943  0 18:33 ?        00:00:00 /usr/bin/python2 /usr/bin/glance-registry
glance    14967  14942  0 18:33 ?        00:00:00 /usr/bin/python2 /usr/bin/glance-api
root      14969  14366  0 18:33 pts/1    00:00:00 grep --color=auto glance

3、查看监听的端口（两个端口9191和9292，重点查看9292注册api的时候使用的9292）
[root@controller ~]# netstat -tunlp | egrep "9191|9292"
tcp        0      0 0.0.0.0:9191            0.0.0.0:*               LISTEN      20343/python2       
tcp        0      0 0.0.0.0:9292            0.0.0.0:*               LISTEN      20342/python2     
.....      
[root@controller ~]# ps -ef|grep 20342
glance    20342      1  1 17:02 ?        00:00:05 /usr/bin/python2 /usr/bin/glance-api
glance    20367  20342  0 17:02 ?        00:00:00 /usr/bin/python2 /usr/bin/glance-api
root      20611  14875  0 17:08 pts/1    00:00:00 grep --color=auto 20342
[root@controller ~]# ps -ef|grep 20343
glance    20343      1  1 17:02 ?        00:00:05 /usr/bin/python2 /usr/bin/glance-registry
glance    20366  20343  0 17:02 ?        00:00:00 /usr/bin/python2 /usr/bin/glance-registry
root      20615  14875  0 17:08 pts/1    00:00:00 grep --color=auto 20343

6、创建认证

[root@controller ~]# . admin-openrc  #需要source环境变量，要无法执行openstack短命令
[root@controller ~]# openstack service create --name glance \
 --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | c3eb02a214464a5e9dbf45b2f4854356 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

7、验证

验证步骤：下载个镜像--->上传镜像---->查看镜像

1、查看是否报错
[root@controller ~]# openstack image list
显示为空

2、下载比较慢（软件已经提前下载了）
[root@controller ~]# . admin-openrc 
[root@controller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img

3、上传
[root@controller ~]# openstack image create "cirros" \
  --file cirros-0.4.0-x86_64-disk.img \
  --disk-format qcow2 --container-format bare \
  --public

解释：
 放哪：  --file cirros-0.4.0-x86_64-disk.img 
 镜像格式：--disk-format qcow2
 容器的格式：--container-format bare （bare证明是普通的虚拟机的镜像，不是容器的镜像）
 所以人可以看到：  --public
 
#验证是否上传成功：
 [root@controller ~]# ll -h /var/lib/glance/images/       #上边配置文件中指定存储镜像的路径
总用量 13M
-rw-r-----. 1 glance glance 13M 2月  21 23:57 bd4a8b1e-93e6-4cac-bd07-1926e0c015b0

[root@controller ~]# md5sum /var/lib/glance/images/bd4a8b1e-93e6-4cac-bd07-1926e0c015b0 
443b7623e27ecf03dc9e01ee93f67afe  /var/lib/glance/images/bd4a8b1e-93e6-4cac-bd07-1926e0c015b0
[root@controller ~]# md5sum cirros-0.4.0-x86_64-disk.img 
443b7623e27ecf03dc9e01ee93f67afe  cirros-0.4.0-x86_64-disk.img
 
4 、查看
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 39aa0651-08fb-4c17-bb9a-c03f1d41b740 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# mysql glance -e "show tables;"|grep image
image_locations
image_members
image_properties
image_tags
images

删除注意事项：
删除的时候要删除镜像，也要删除数据库中记录

8、日志查看

[root@controller ~]# grep 'ERROR' /var/log/glance/api.log 
[root@controller ~]# grep 'ERROR' /var/log/glance/registry.log