镜像服务,顾名思义就是管理镜像文件用的。当你在openstack中创建虚拟机的时候,需要的系统镜像文件就是由这个服务提供的。因为它提供了一个REST API让你能够查询虚拟机镜像的元数据和检索一个实际的镜像。所以无论是一个简单的file systems还是一个OpenStack Object Storage,你都可以通过Image service在各种不同的位置上存储一个虚拟机镜像。
一个拓展知识–>不知道大家有没有疑问,服务之间都是如何通过一个API去发送请求和响应请求的?我觉得这得从RESET API说起,如果有开发经验的小朋友还是很清楚这东西的。RESTful(Representational State Transfer)是一种设计风格而不是标准,它是目前最流行的一种互联网软件架构。openstack各个项目都提供了RESTful架构的API作为对外提供的接口,而RESETful架构的核心是资源与资源上的操作(从RESTful的角度上看,任何东西都可以是资源,包括一张图片,一段文本,一首歌曲和一种服务等等)。这也就是说,openstack定义了很多资源,并实现了针对这些资源的各种操作函数。openstack的API服务进程收到客户端的HTTP请求时,一个所谓的路由模块会将请求的URL转换成相应的资源,并路由到合适的操作函数上。比如执行nova list命令时,nova客户端将这个命令转换成HTTP请求发送给Nova的API服务进程,然后被路由到一个’index’操作,最后就会列出当前租户的所有虚拟机。
Before you install and configure the Image service, you must create a database, service credentials, and API endpoints.
1.创建glance数据库,设置密码,123456是我设置的密码
command:
mysql -u root -p123456 CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456'; exit
OutPut:
[root@controller ~]# mysql -u root -p123456 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 24 Server version: 10.1.12-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE glance; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit Bye [root@controller ~]#
2.创建glance用户,设置密码
[root@controller ~]# source ~/admin-openrc [root@controller ~]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 098b1a4d36d241ed87e979ec86d32722 | | enabled | True | | id | ac242ac0f6b34296aa411a864fc32b16 | | name | glance | +-----------+----------------------------------+ [root@controller ~]# openstack role add --project service --user glance admin #添加glance用户为service project的adminRole
3.创建glance service :
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | 09dfb860d1654ecfa2a67ee84e25d47c | | name | glance | | type | image | +-------------+----------------------------------+
4.创建镜像服务的API认证端口,同样提供三种形式的API endpoint:admin管理, internal内部, and public外部
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller.example.com:9292 +--------------+------------------------------------+ | Field | Value | +--------------+------------------------------------+ | enabled | True | | id | f593b133cdf442f786531fb2c12f594f | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 09dfb860d1654ecfa2a67ee84e25d47c | | service_name | glance | | service_type | image | | url | http://controller.example.com:9292 | +--------------+------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller.example.com:9292 +--------------+------------------------------------+ | Field | Value | +--------------+------------------------------------+ | enabled | True | | id | 8b89a264a4d04f3a9f4d1706e4456521 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 09dfb860d1654ecfa2a67ee84e25d47c | | service_name | glance | | service_type | image | | url | http://controller.example.com:9292 | +--------------+------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller.example.com:9292 +--------------+------------------------------------+ | Field | Value | +--------------+------------------------------------+ | enabled | True | | id | 37870c664e1841fea72e24ad0b8f38c0 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 09dfb860d1654ecfa2a67ee84e25d47c | | service_name | glance | | service_type | image | | url | http://controller.example.com:9292 | +--------------+------------------------------------+ [root@controller ~]#
1.安装glance组件
yum install openstack-glance -y
2.编辑 /etc/glance/glance-api.conf
编辑前我们先对文件做个备份,用处挺多的。
cp -p /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
vim /etc/glance/glance-api.conf
[database] ... connection = mysql+pymysql://glance:123456@controller.example.com/glance [keystone_authtoken] ... auth_uri = http://controller.example.com:5000 auth_url = http://controller.example.com:35357 memcached_servers = controller.example.com:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 [paste_deploy] ... flavor = keystone [glance_store] ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
总览:
[root@controller ~]# cat /etc/glance/glance-api.conf | grep -v ^# | grep -v ^$ [DEFAULT] [cors] [cors.subdomain] [database] #连接数据库,123456是我的glance数据库的密码 connection = mysql+pymysql://glance:123456@controller.example.com/glance [glance_store] #配置本地文件系统存储和镜像文件的存放路径 stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ [image_format] [keystone_authtoken] #keystone认证模块,官档强调要注释或者删除这个模块中的其他参数,M版默认是全注释掉的,所以我们不需要做其他多余的操作,注意一下就行 auth_uri = http://controller.example.com:5000 auth_url = http://controller.example.com:35357 memcached_servers = controller.example.com:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 #123456是我glance用户的密码 [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor] [root@controller ~]#
3.编辑/etc/glance/glance-registry.conf
cp -p /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
vim /etc/glance/glance-registry.conf
[database] ... connection = mysql+pymysql://glance:123456@controller.example.com/glance [keystone_authtoken] ... auth_uri = http://controller.example.com:5000 auth_url = http://controller.example.com:35357 memcached_servers = controller.example.com:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 [paste_deploy] ... flavor = keystone
总览:
[root@controller ~]# cat /etc/glance/glance-registry.conf | grep -v ^# | grep -v ^$ [DEFAULT] [database] #连接数据库 connection = mysql+pymysql://glance:123456@controller.example.com/glance [glance_store] [keystone_authtoken] #keystone认证模块,官档强调要注释或者删除这个模块中的其他参数,M版默认是全注释掉的,所以我们不需要做其他多余的操作,注意一下就行 auth_uri = http://controller.example.com:5000 auth_url = http://controller.example.com:35357 memcached_servers = controller.example.com:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 #123456是我glance用户的密码 [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [root@controller ~]#
4.同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
忽略所有有关’弃用’(deprecate)的输出,如:
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future. /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade expire_on_commit=expire_on_commit, _conf=conf) /usr/lib/python2.7/site-packages/pymysql/cursors.py:146: Warning: Duplicate index 'ix_image_properties_image_id_name' defined on the table 'glance.image_properties'. This is deprecated and will be disallowed in a future release. result = self._query(query)
5.启动服务,并设置为开机自启
systemctl enable openstack-glance-api.service \ openstack-glance-registry.service systemctl start openstack-glance-api.service \ openstack-glance-registry.service
1.用wget下载一个 CirrOS镜像,CirrOS是一个小型的系统镜像,有兴趣的朋友可以百度或者谷歌一下。centos7好像自带wget的,反正我的就有,没有的可以用yum install -y wget安装一个。
command:
source ~/admin-openrc wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
OutPut:
[root@controller ~]# source ~/admin-openrc [root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img --2016-08-04 11:46:56-- http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img Resolving download.cirros-cloud.net (download.cirros-cloud.net)... 64.90.42.85 Connecting to download.cirros-cloud.net (download.cirros-cloud.net)|64.90.42.85|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13287936 (13M) [text/plain] Saving to: ‘cirros-0.3.4-x86_64-disk.img’ 100%[==============================================>] 13,287,936 113KB/s in 2m 23s 2016-08-04 11:49:19 (90.8 KB/s) - ‘cirros-0.3.4-x86_64-disk.img’ saved [13287936/13287936] [root@controller ~]#
2.上传镜像
[root@controller ~]# openstack image create "cirros" \ > --file cirros-0.3.4-x86_64-disk.img \ > --disk-format qcow2 --container-format bare \ > --public +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2016-08-04T03:53:44Z | | disk_format | qcow2 | | file | /v2/images/4bbf51ba-f211-400b-9dfd-eb6db10f4592/file | | id | 4bbf51ba-f211-400b-9dfd-eb6db10f4592 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | a406cf3ba524428bbcb853c1d6d4f2f3 | | protected | False | | schema | /v2/schemas/image | | size | 13287936 | | status | active | | tags | | | updated_at | 2016-08-04T03:53:45Z | | virtual_size | None | | visibility | public | +------------------+------------------------------------------------------+ [root@controller ~]#
因为是以QCOW2的磁盘格式、bare容器格式、public visibility的方式将镜像上传到Image service,所以所有的用户都能访问这个镜像。
可以在我们之前设置的镜像存储路劲找到我们刚上传的镜像:
[root@controller ~]# ll /var/lib/glance/images/ total 12980 -rw-r----- 1 glance glance 13287936 Aug 4 11:53 4bbf51ba-f211-400b-9dfd-eb6db10f4592
至此Openstack的镜像服务的安装就完成,到目前为止,还没有翻过车,这不清真·····