Glance 具体功能如下:
1 提供 RESTful API 让用户能够查询和获取镜像的元数据和镜像本身;
2 支持多种方式存储镜像,包括普通的文件系统、Swift、Ceph 等;
3 对实例执行快照创建新的镜像。
5.1 配置Glance数据库
#在任意控制节点创建数据库,数据库自动同步,以controller160节点为例;
#使用root登陆数据库:
mysql -u root -p
#创建keystone数据库:
CREATE DATABASE glance;
#授予对keystone数据库的访问权限及密码,刷新退出数据库:
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'glance.123';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'glance.123';
flush privileges;
exit
5.2 加载管理凭证
#在任意控制节点操作,以controller160节点为例;
source adminrc.sh
5.3 创建glance相关服务凭证
#创建glance服务用户,并设置密码 glance.123
openstack user create --domain default --password-prompt glance
#输出
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 8555cb0bd5924235af0201b77b4a31bc |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#赋予glance服务用户服务管理员权限及角色,无输出
openstack role add --project service --user glance admin
#创建glance服务
openstack service create --name glance --description "OpenStack Image" image
#输出
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 76406f713f834c53a68b108e48fadec5 |
| name | glance |
| type | image |
+-------------+----------------------------------+
5.4 创建glance API endpoints
#public
openstack endpoint create --region RegionOne image public http://controller168:9292
#输出
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c6a6445255984b1697f1a398becf397c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 76406f713f834c53a68b108e48fadec5 |
| service_name | glance |
| service_type | image |
| url | http://controller168:9292 |
+--------------+----------------------------------+
#internal
openstack endpoint create --region RegionOne image internal http://controller168:9292
#输出
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2d56e6feb66c4dabb8903aab47fa3041 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 76406f713f834c53a68b108e48fadec5 |
| service_name | glance |
| service_type | image |
| url | http://controller168:9292 |
+--------------+----------------------------------+
#admin
openstack endpoint create --region RegionOne image admin http://controller168:9292
#输出
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 762f877b188344dc800597b5926acafa |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 76406f713f834c53a68b108e48fadec5 |
| service_name | glance |
| service_type | image |
| url | http://controller168:9292 |
+--------------+----------------------------------+
5.5 部署与配置glance - ALL Controller
#安装包
yum install openstack-glance -y
#备份glance-api配置
cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
egrep -v "^$|^#" /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
#配置glance配置文件,在对应项底下增加以下字段
#vim /etc/glance/glance-api.conf
[DEFAULT]
bind_host = 172.16.1.160
[database]
# ...
connection = mysql+pymysql://glance:glance.123@controller168/glance
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller168:5000
auth_url = http://controller168:5000
memcached_servers = controller160:11211,controller161:11211,controller162:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance.123
[paste_deploy]
# ...
flavor = keystone
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
#创建镜像存储目录并赋权限;
#/var/lib/glance/images是默认的存储目录
mkdir /var/lib/glance/images/
chown glance:nobody /var/lib/glance/images
#填充glance数据库
su -s /bin/sh -c "glance-manage db_sync" glance
#输出
[root@controller160 ~]# su -s /bin/sh -c "glance-manage db_sync" glance
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images'table
INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
INFO [alembic.runtime.migration] Running upgrade queens_expand01 -> rocky_expand01, add os_hidden column to images table
INFO [alembic.runtime.migration] Running upgrade rocky_expand01 -> rocky_expand02, add os_hash_algo and os_hash_value columns toimages table
INFO [alembic.runtime.migration] Running upgrade rocky_expand02 -> train_expand01, empty expand for symmetry with train_contract01
INFO [alembic.runtime.migration] Running upgrade train_expand01 -> ussuri_expand01, empty expand for symmetry with ussuri_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: ussuri_expand01, current revision(s): ussuri_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database migration is up to date. No migration needed.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO [alembic.runtime.migration] Running upgrade queens_contract01 -> rocky_contract01
INFO [alembic.runtime.migration] Running upgrade rocky_contract01 -> rocky_contract02
INFO [alembic.runtime.migration] Running upgrade rocky_contract02 -> train_contract01
INFO [alembic.runtime.migration] Running upgrade train_contract01 -> ussuri_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: ussuri_contract01, current revision(s): ussuri_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.
#验证glance数据库是否正常写入:
mysql -h controller160 -uglance -pglance.123 -e "use glance;show tables;"
#启动glance服务,并配置开机启动:
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
systemctl status openstack-glance-api.service
5.6 glance服务验证
#加载管理凭证
source adminrc.sh
#下载测试镜像文件:
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
#使用QCOW2磁盘格式、共享上传到image服务,以便所有项目都可以访问它:
glance image-create --name "cirros-0.4.0" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility=public
#输出
+------------------+----------------------------------------------------------------------------------+
| Property | Value |
+------------------+----------------------------------------------------------------------------------+
| checksum | 443b7623e27ecf03dc9e01ee93f67afe |
| container_format | bare |
| created_at | 2020-06-18T10:48:18Z |
| disk_format | qcow2 |
| id | 39942527-4045-41c3-b1cb-b34127150fc5 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros-0.4.0 |
| os_hash_algo | sha512 |
| os_hash_value | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e |
| | 2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |
| os_hidden | False |
| owner | d3dda47e8c354d86b17085f9e382948b |
| protected | False |
| size | 12716032 |
| status | active |
| tags | [] |
| updated_at | 2020-06-18T10:48:23Z |
| virtual_size | Not available |
| visibility | public |
+------------------+----------------------------------------------------------------------------------+
#查看镜像列表
glance image-list
#输出
+--------------------------------------+--------------+
| ID | Name |
+--------------------------------------+--------------+
| 39942527-4045-41c3-b1cb-b34127150fc5 | cirros-0.4.0 |
+--------------------------------------+--------------+
5.7添加pcs资源
#在任意控制节点操作;
#添加资源openstack-glance-api;
[root@controller162 ~]# pcs resource create openstack-glance-api systemd:openstack-glance-api clone interleave=true
[root@controller162 ~]# pcs resource
* vip (ocf::heartbeat:IPaddr2): Started controller160
* Clone Set: lb-haproxy-clone [lb-haproxy]:
* Started: [ controller160 ]
* Stopped: [ controller161 controller162 ]
* Clone Set: openstack-keystone-clone [openstack-keystone]:
* Started: [ controller160 controller161 controller162 ]
* Clone Set: openstack-glance-api-clone [openstack-glance-api]:
* Started: [ controller160 controller161 controller162 ]
至此,Glance服务已部署完毕,如有问题请联系我改正,感激不尽!
5.x 部署过程遇到的问题汇总
eg.1 执行su -s /bin/sh -c "glance-manage db_sync" glance 报错
ERROR glance sqlalchemy.exc.OperationalError: (pymysql.err.OperationalError) (1044, "Access denied for user 'glance'@'%' to database 'glance'")
解决方案:进入数据库,对glance用户重新授权,见4.1
eg.2 执行glance image-create --name "cirros-0.4.0" \
> --file cirros-0.4.0-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --visibility=public
HTTP 403 Forbidden: You are not authorized to complete publicize_image action.
解决方案:查看/etc/glance/glance-api.conf是否有添加如下配置并去除空行
[paste_deploy]
flavor = keystone
eg3.[root@controller160 ~]# systemctl status haproxy.service
Jun 19 01:18:57 controller160 haproxy[29739]: [ALERT] 170/011857 (29739) : Starting proxy glance_api_cluster: cannot bind socket [172.16.1.168:9292]
解决方案:vim /etc/glance/glance-api.conf添加以项
[DEFAULT]
bind_host = 172.16.1.160
systemctl stop openstack-glance-api.service
systemctl restart haproxy
systemctl start openstack-glance-api.service