04.OpenStack镜像服务Glance
徐亮伟, 江湖人称标杆徐。多年互联网运维工作经验,曾负责过大规模集群架构自动化运维管理工作。擅长Web集群架构与自动化运维,曾负责国内某大型电商运维工作。
个人博客"徐亮伟架构师之路"累计受益数万人。
笔者Q:552408925、572891887
架构师群:471443208
1.Glance存储概述
Glance主要由三个部分构成: Glance-api、Glance-registry、image store
- Glance-api 接受云系统镜像的创建、删除、读取请求
- Glance-registry 云系统镜像注册服务
2.Glance安装和配置
本节将介绍如何安装和配置镜像服务,部署至控制器节点上。为简单起见,存储在本地文件系统上的镜像。
2.1存储服务先决条件
配置OpenStack的认证服务之前,你必须创建一个数据库和管理令牌。
1.创建Glance数据库,赋予数据库梯形权限,完成以下操作
mysql -u root -p123456 -e "CREATE DATABASE glance;"
mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON \
glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON \
glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
2.source admin来访问管理
[root@linux-node1 ~]# source admin-openrc
3.创建服务的凭证,完成下列步骤:
创建glance用户
[root@linux-node1 ~]# openstack user create --domain default \
--password=glance glance
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 7ae44f98164c4a19b667b49ef45322fb |
| name | glance |
| password_expires_at | None |
+---------------------+----------------------------------+
添加glance用户至 "admin" 角色和服务项目
[root@linux-node1 ~]# openstack role add --project service --user glance admin
创建glance服务实体
[root@linux-node1 ~]# openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 94ad4f5614724257b2f8b134d1e0dc84 |
| name | glance |
| type | image |
+-------------+----------------------------------+
4.创建镜像服务API端点
[root@linux-node1 ~]# openstack endpoint create --region RegionOne \
image public http://192.168.56.11:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 301ce3eff94148139e9bcb36a3116844 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 94ad4f5614724257b2f8b134d1e0dc84 |
| service_name | glance |
| service_type | image |
| url | http://192.168.56.11:9292 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne \
image internal http://192.168.56.11:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d1698636914a4c42ad36bb8f02835705 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 94ad4f5614724257b2f8b134d1e0dc84 |
| service_name | glance |
| service_type | image |
| url | http://192.168.56.11:9292 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne \
image admin http://192.168.56.11:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 61b21cae4524476fb25905a6ef5c678c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 94ad4f5614724257b2f8b134d1e0dc84 |
| service_name | glance |
| service_type | image |
| url | http://192.168.56.11:9292 |
+--------------+----------------------------------+
2.2安装和配置Glance组件
1.安装Openstack Glance镜像服务
[root@linux-node1 ~]# yum install -y openstack-glance
2.编辑/etc/glance/glance-api.conf文件,并完成以下操作:
在[database]部分中,配置数据库访问
[database]
...
connection=mysql://glance:glance@192.168.56.11/glance
在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务
[keystone_authtoken]
...
auth_uri = http://192.168.56.11:5000
auth_url = http://192.168.56.11:35357
memcached_servers = 192.168.56.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
...
flavor = keystone
在 [glance_store]部分,配置镜像文件的本地文件系统存储的位置
[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
3.编辑/etc/glance/glance-registry.conf文件,并完成以下操作:
在[database]部分中,配置数据库访问
[database]
...
connection=mysql://glance:glance@192.168.56.11/glance
在[keystone_authtoken]和[paste_deploy]部分,配置认证服务访问
[keystone_authtoken]
...
auth_uri = http://192.168.56.11:5000
auth_url = http://192.168.56.11:35357
memcached_servers = 192.168.56.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
...
flavor = keystone
4.初始化Glance存储服数据库,并验证 (忽视此输出任何消息。)
[root@linux-node1 ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@linux-node1 ~]# mysql -h192.168.56.11 -uglance -pglance -e "use glance;show tables;"|wc -l
21
2.3完成存储服务安装
启动镜像服务,并将其配置启动系统时启动,api端口9292、registry端口9191
[root@linux-node1 ~]# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
[root@linux-node1 ~]# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
3.验证Glance服务操作
验证使用CirrOS,一个很小的Linux镜像,可以帮助测试OpenStack部署镜像服务是否正常。
控制器节点上执行如下命令
1.source admin来访问管理
[root@linux-node1 ~]# source admin-openrc
2.下载源CentOS镜像
[root@linux-node1 ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
3.将图像上传至使用QCOW2磁盘格式,因此所有的项目都可以访问它的服务
[root@linux-node1 ~]# openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2016-10-09T06:03:13Z |
| disk_format | qcow2 |
| file | /v2/images/54daa962-097b-4968-aa71-8fa3123e4c41/file |
| id | 54daa962-097b-4968-aa71-8fa3123e4c41 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 0ec016bd5701495ab9cf2b7ffbea28b9 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2016-10-09T06:03:14Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
4.确认图像的上传和验证属性
[root@linux-node1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 54daa962-097b-4968-aa71-8fa3123e4c41 | cirros | active |
+--------------------------------------+--------+--------+