目錄
- Glance 鏡像服務
-
- 1.鏡像
- 2.鏡像服務的功能
- 3.鏡像的 API 版本
- 4.鏡像格式
-
- 4.1虛拟機鏡像檔案磁盤格式
- 4.2 鏡像檔案容器格式
- 5.鏡像狀态
-
- 5.1 鏡像從上傳到可識别的幾個狀态:
- 5.2 鏡像在上載完成後的狀态
- 6.鏡像通路權限
- 7.工作流程
- 一、建立資料庫執行個體和資料庫使用者
- 二、建立使用者、修改配置檔案
-
- 1.建立glance使用者
- 2.建立鏡像服務API端點
- 3. 安裝 openstack-glance 軟體包
-
- 3.1 添加glance-api.conf配置
- 3.2 修改glance-registry.conf 配置檔案
- 4.初始化資料庫
- 5.開啟glance服務
- 6.賦予openstack-glance-api.service服務對儲存設備的可寫權限
- 7.鏡像導入
- 8.檢視鏡像
Glance 鏡像服務
1.鏡像
鏡像通常指的是一系列檔案或一個磁盤驅動的精确副本,将特定的一系列檔案按照一定的格式制作成獨立的檔案,以友善使用者的下載下傳和使用。簡單來說就是一系列資源/服務的集合,也可以作為模闆建立多個同樣的獨立的副本
2.鏡像服務的功能
鏡像服務主要是用來灌流鏡像,讓使用者能夠發現、擷取和儲存鏡像,主要功能如下:
- 查詢和擷取鏡像的中繼資料和鏡像本身(中繼資料:鏡像的概要資訊和描述資訊)
- 注冊和上傳虛拟機鏡像,包括鏡像的建立、.上傳、 下載下傳和管理
- 維護鏡像資訊,包括中繼資料和鏡像本身。
- 支援多種方式存儲鏡像,包括普通的檔案系統、Swift、 Amazon S3等
- 對虛拟機執行個體執行建立快照指令來建立新的鏡像,或者備份虛拟機的狀态
3.鏡像的 API 版本
Glance提供的RESTful API有兩個版本:V1,V2:
- v1隻提供基本的鏡像和成員操作功能,包括鏡像建立、删除、下載下傳、清單、詳細資訊查詢、 更新,以及鏡像租戶成員的建立、删除和清單。
- v2除了支援v1的所有功能外,主要增加了鏡像位置的添加、删除、修改,中繼資料和名稱空間操作,以及鏡像标記操作。
4.鏡像格式
4.1虛拟機鏡像檔案磁盤格式
| 磁盤格式 | 用途 |
| raw | 無結構的磁盤格式 |
| vhd | 該格式通用于VMware、Xen、 VirtualBox以及 其他虛拟機管理程式 |
| vhdx | vhd格式的增強版本,支援更大的磁盤尺寸 |
| vmdk | 一種比較通 用的虛拟機磁盤格式 |
| vdi | 由VirtualBox虛拟機監控程式和QEMU仿真器支援的磁盤格式 |
| iso | 用于CD光牒(CD- ROM)資料内容的檔案格式 |
| ploop | 由Virtuozzo支援,用于運作OS容器的磁盤格式 |
| qcow2 | 由QEMU仿真支援,可動态擴充,支援寫時複制(Copy on Write)的磁盤格式 |
| aki | 在Glance中存儲的Amazon核心格式 |
| ar | 在Glance中存儲的Amazon虛拟記憶體盤(Ramdisk)格式 |
| ami | 在Glance中存儲的Amazon機器格式 |
4.2 鏡像檔案容器格式
| bare | 沒有容器或中繼資料 “信封” 的鏡像,原始的資源集合,是以不存在相容性問題,不确定選擇哪種容器模式時,就在指定為bare最安全。 |
| Docker | 在glance中存儲的容器檔案系統的dockerd的tar檔案。能夠隔離磁盤存儲的資料、中繼資料。 |
| ovf | 開放虛拟化格式 |
| ova | 在Glance中存儲的開放虛拟化裝置格式 |
| aki | 在Glance中存儲的Amazon核心格式 |
| ari | 在Glance中存儲的Amazon虛拟記憶體盤(Ramdisk) 格式 |
5.鏡像狀态
5.1 鏡像從上傳到可識别的幾個狀态:
| queued | 這是一種初始化狀态, 鏡像檔案剛被建立,在Glance資料庫隻有其中繼資料,鏡像資料還沒有上傳至資料庫中 |
| saving | 是鏡像的原始資料在上傳到資料庫中的一種過渡狀态,表示正在上傳鏡像 |
| uploading | 指已進行導入資料送出調用,可以給服務識别和調用的狀态 |
| importing | 指已經完成導入調用,服務已經識别,可調用,但是鏡像還未準備好給虛拟機提供服務 |
5.2 鏡像在上載完成後的狀态
| active | 表示當鏡像資料成功上傳,可使用 |
| deactivated | 隻對管理者開放權限,任何非管理者使用者都無權通路鏡像資料,禁止下載下傳鏡像,也禁止鏡像導出和鏡像克隆之類的操作 |
| klled | 表示鏡像上傳過程中發生錯誤,鏡像不可讀 |
| deleted | 鏡像将在不久後被自動删除,該鏡像不可再用,但是目前Glance仍然保留該鏡像的相關資訊和原始資料,删除後可恢複 |
| pending_ delete | 與deleted相似, Glance還沒有清除鏡像資料,但處于該狀态的鏡像不可恢複 |
6.鏡像通路權限
| public公共的 | 可以被所有的項目使用 |
| private私有的 | 隻有被鏡像所有者所在的項目使用 |
| shared共享的 | 一個非共有的鏡像,可以共享給其他項目,通過項目成員(member-*)操作來實作的 |
| protected(受保護的) | 這種鏡像不能被删除 |
7.工作流程
- 首先是對用戶端的安全認證流程:openstack的操作都需要經過keystone進行身份認證,并授權,glance也不例外,授權成功再去請求glance服務,glance服務接收到外部請求後,會去keystone進行認證,此請求是否已授權,認證通過後,才會将請求傳到後端處理。
- glance domain controller 是API和後端功能子產品的中間件,相當于排程器,作用是将外部服務分發到下面的各個功能層去處理。在排程時,遵循排程算法,首先有一個預選,排除不符合要求的節點,再進行優選,通過打分機制,對都能夠處理此功能的節點進行打分,考慮它們目前的負荷,處理能力和速度,選出最優的一個。對于一些有污點的節點,排程器是直接跳過他們的,如果其餘可用節點負擔都太大,無法處理外部請求,會有一個容忍機制,由運維人員控制,讓排程器接受污點,對污點再進行優選。
一、建立資料庫執行個體和資料庫使用者
[[email protected] ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 19
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE glance; //建立資料庫
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS'; //使用者提權,glance庫的所有權限
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> flush privileges; //重新整理權限表
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> show grants for glance; 檢視glance使用者的權限
+-------------------------------------------------------------------------------------------------------+
| Grants for glance@% |
+-------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'glance'@'%' IDENTIFIED BY PASSWORD '*C0CE56F2C0C7234791F36D89700B02691C1CAB8E' |
| GRANT ALL PRIVILEGES ON `glance`.* TO 'glance'@'%' |
+-------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)
二、建立使用者、修改配置檔案
1.建立glance使用者
[[email protected] ~]# openstack user create --domain default --password GLANCE_PASS glance //建立glance使用者
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | a9d9bf07994441e9be0e9e93af2a6186 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[[email protected] ~]# openstack role add --project service --user glance admin //将glance使用者添加到service項目中,并且針對這個項目擁有admin權限
[[email protected] ~]# openstack service create --name glance --description "OpenStack Image" image //建立一個service服務,service名稱為glance,類型為image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | d92ce1778a7840f394fd18a8711c0f39 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[[email protected] ~]# openstack service list //檢視項目
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 7681affb926e43848166b7a4092857f0 | keystone | identity |
| d92ce1778a7840f394fd18a8711c0f39 | glance | image |
+----------------------------------+----------+----------+
[[email protected] ~]#
2.建立鏡像服務API端點
[[email protected] ~]# openstack endpoint create --region RegionOne image public http://ct:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 855e2d86542f4069943527e5c0bb1966 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d92ce1778a7840f394fd18a8711c0f39 |
| service_name | glance |
| service_type | image |
| url | http://ct:9292 |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne image internal http://ct:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 20850176456e414685f3351d545ada37 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d92ce1778a7840f394fd18a8711c0f39 |
| service_name | glance |
| service_type | image |
| url | http://ct:9292 |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne image admin http://ct:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 620b8b7a695646b0803121873fbbb85b |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d92ce1778a7840f394fd18a8711c0f39 |
| service_name | glance |
| service_type | image |
| url | http://ct:9292 |
+--------------+----------------------------------+
[[email protected] ~]#
3. 安裝 openstack-glance 軟體包
[[email protected] ~]# yum -y install openstack-glance
已加載插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* centos-ceph-nautilus: mirrors.cn99.com
* centos-nfs-ganesha28: mirrors.aliyun.com
* centos-openstack-train: mirrors.huaweicloud.com
* centos-qemu-ev: mirrors.aliyun.com
* extras: mirrors.cn99.com
* updates: mirrors.aliyun.com
軟體包 1:openstack-glance-19.0.4-1.el7.noarch 已安裝并且是最新版本
無須任何處理
[[email protected] ~]#
3.1 添加glance-api.conf配置
[[email protected] ~]# cp -a /etc/glance/glance-api.conf{,.bak} //備份
[[email protected] ~]# grep -Ev '^$|#' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf //過濾注釋資訊
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:[email protected]/glance
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://ct:5000
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers ct:11211
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
[[email protected] ~]# openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
[[email protected] ~]# cat /etc/glance/glance-api.conf
[DEFAULT]
[cinder]
[cors]
[database]
connection = mysql+pymysql://glance:[email protected]/glance
[file]
[glance.store.http.store]
[glance.store.rbd.store]
[glance.store.sheepdog.store]
[glance.store.swift.store]
[glance.store.vmware_datastore.store]
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
www_authenticate_uri = http://ct:5000
auth_url = http://ct:5000
memcached_servers = ct:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
[[email protected] ~]#
3.2 修改glance-registry.conf 配置檔案
[[email protected] ~]# cp -a /etc/glance/glance-registry.conf{,.bak} //備份
[[email protected] ~]# grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf //過濾注釋資訊
[[email protected] ~]# openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:[email protected]/glance
[[email protected] ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://ct:5000
[[email protected] ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://ct:5000
[[email protected] ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers ct:11211
[[email protected] ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
[[email protected] ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
[[email protected] ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
[[email protected] ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
[[email protected] ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
[[email protected] ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
[[email protected] ~]# openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
[[email protected] ~]# cat /etc/glance/glance-registry.conf
[DEFAULT]
[database]
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken]
www_authenticate_uri = http://ct:5000
auth_url = http://ct:5000
memcached_servers = ct:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[[email protected] ~]#
4.初始化資料庫
[[email protected] ~]# su -s /bin/sh -c "glance-manage db_sync" glance
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name 'alembic_version_pkc' ignored for PRIMARY key.")
result = self._query(query)
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
INFO [alembic.runtime.migration] Running upgrade queens_expand01 -> rocky_expand01, add os_hidden column to images table
INFO [alembic.runtime.migration] Running upgrade rocky_expand01 -> rocky_expand02, add os_hash_algo and os_hash_value columns to images table
INFO [alembic.runtime.migration] Running upgrade rocky_expand02 -> train_expand01, empty expand for symmetry with train_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: train_expand01, current revision(s): train_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database migration is up to date. No migration needed.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO [alembic.runtime.migration] Running upgrade queens_contract01 -> rocky_contract01
INFO [alembic.runtime.migration] Running upgrade rocky_contract01 -> rocky_contract02
INFO [alembic.runtime.migration] Running upgrade rocky_contract02 -> train_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: train_contract01, current revision(s): train_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully
5.開啟glance服務
[[email protected] ~]# systemctl enable openstack-glance-api.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
[[email protected] ~]# systemctl start openstack-glance-api.service
[[email protected] ~]# netstat -antp | grep 9292
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 84418/python2
[[email protected] ~]#
6.賦予openstack-glance-api.service服務對儲存設備的可寫權限
[[email protected] ~]# chown -hR glance:glance /var/lib/glance/ //隻對符号連接配接/軟連結的檔案修改
[[email protected] ~]# ll /var/lib/glance/
總用量 0
drwxr-x--- 2 glance glance 6 8月 24 18:18 images
7.鏡像導入
[[email protected] ~]# ls
anaconda-ks.cfg cirros-0.3.5-x86_64-disk.img
[[email protected] ~]# openstack image create --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public cirros
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | f8ab98ff5e73ebab884d80c9dc9c7290 |
| container_format | bare |
| created_at | 2021-08-24T10:23:15Z |
| disk_format | qcow2 |
| file | /v2/images/e8390729-8e4a-4a4a-9ccb-9c1f6bc4a3c2/file |
| id | e8390729-8e4a-4a4a-9ccb-9c1f6bc4a3c2 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | cdf2831522724a8b91c8b7e57bd84516 |
| properties | os_hash_algo='sha512', os_hash_value='f0fd1b50420dce4ca382ccfbb528eef3a38bbeff00b54e95e3876b9bafe7ed2d6f919ca35d9046d437c6d2d8698b1174a335fbd66035bb3edc525d2cdb187232', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 13267968 |
| status | active |
| tags | |
| updated_at | 2021-08-24T10:23:15Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[[email protected] ~]#
8.檢視鏡像
[[email protected] ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| e8390729-8e4a-4a4a-9ccb-9c1f6bc4a3c2 | cirros | active |
+--------------------------------------+--------+--------+
[[email protected] ~]# glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| e8390729-8e4a-4a4a-9ccb-9c1f6bc4a3c2 | cirros |
+--------------------------------------+--------+
[[email protected] ~]#
![openstack身份管理[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)