table of Contents
Because the cloud platform provides infrastructure services at the Iass layer, what we get is a virtual machine, so if you want to use a virtual machine, you must have the underlying image to support it, so there is also a service to manage the image. However, the image used by our cloud platform is not an ISO image of the operating system. This image needs to be specially made. So at this time, the glance component is needed to manage the image.
1. Related concepts
1. Glance mirror
Glance is the module responsible for image management in the Openstack project. Its functions include the search, registration, and retrieval of virtual machine images. Glance provides Restful API to query the metadata of the virtual machine image and obtain the image. Glance can save images to a variety of back-end storage, such as simple file storage or object storage.
The Glance service is responsible for managing the image, not for the storage of the image. It needs to store the image under a certain directory of the server where the Glance service runs, or connect to different backends. So after setting up the Glance service, you need to specify the way to save the image.
2. Main functions
- Query and get the metadata of the image and the image itself
- Register and upload virtual machine images , including image creation, upload, download and management
- Maintain image information , including metadata and the image itself.
- Support multiple ways to store images, including ordinary file system, Swift, Amazon S3, etc.
- Execute the create snapshot command on the virtual machine instance to create a new image, or back up the state of the virtual machine.
3. The version of the images API
- First of all, you have to know that Image is a template, which contains the basic operating system and other software.
- Then the RESTful API provided by Glance currently has two versions: APl v1 and APl v2
- v1 only provides basic mirroring and member operation functions
- Including mirror creation, deletion, download, list, detailed information query, update, and creation, deletion and list of mirror tenant members.
- In addition to supporting all the functions of v1, v2
- Mainly increase the mirror location add, delete, modify, metadata and name space operations, and mirror mark operations.
- v1 only provides basic mirroring and member operation functions
- Both versions have the same support for mirrored storage, v1 has been obsolete since version N, and the migration path is replaced by v2
4. Mirror format
(1) Disk format of virtual machine image file
| Format type | Description |
|---|---|
| raw | Unstructured disk format |
| vhd | This format is commonly used in VMware, Xen, VirtualBox and other hypervisors |
| vhdx | Enhanced version of vhd format, supports larger disk size |
| vmdk | A more general virtual machine disk format |
| vdi | Disk format supported by VirtualBox hypervisor and QEMU emulator |
| iso | File format used for the data content of CD-ROM |
| ploop | Supported by Virtuozzo, the disk format used to run OS containers |
| qcow2 | Supported by QEMU simulation, dynamically expandable, and support Copy on Write disk format |
| who | Amazon kernel format stored in Glance |
| ari | Amazon Ramdisk format stored in Glance |
| which | Amazon machine format stored in Glance |
The main ones are raw and qcow2 formats
- raw is the intermediate format
- advantage:
- Format conversion can be done (raw format can be converted to qcow2 format)
- Very fast access
- But it does not support snapshots of virtual machines.
- Does not support dynamic expansion and consumes a lot in the early stage
- advantage:
- qcow2 supports virtual machine snapshots.
(2) Mirror file container format
| Format type | Description |
|---|---|
| bare | Mirror without containers or metadata "envelopes" |
| ovf | Open virtualization format |
| this | Open virtualization device format stored in Glance |
| who | Amazon kernel format stored in Glance |
| ari | Amazon Ramdisk format stored in Glance |
| Docker | Dockerd tar archive of the container file system stored in Glance |
If you are not sure which container format to choose, it is safe to simply specify the container format as bare.
The bare and Docker types are more important and commonly used.
5. Mirror status
The status before the upload was successful
| status | description |
|---|---|
| queued | This is an initialization state, the mirror file has just been created, only its metadata is in the Glance database, and the mirror data has not been uploaded to the database. First get the metadata of the car, and then upload the image itself; indicating that the image is composed of metadata and the image itself |
| saving | It is a transitional state of the original mirrored data being uploaded to the database, indicating that the mirroring is being uploaded Upload the data process of the mirror image itself |
| uploading | Indicates that the import data submission call has been made, and PUT/file is not allowed to be called in this state (PUT/file will be executed in the saving state, which is another upload method) Data has been uploaded and is being registered for identification |
| importing | Indicates that the import call has been completed, but the image is not ready to be used Successfully identified by registration, but cannot be used yet |
Status after successful upload
| status | description |
|---|---|
| active (common in enterprises) | Indicates that when the mirror data is successfully uploaded, it becomes an available mirror in Glance Indicates that it can be used, normal state |
| deactivated | Means that any non-administrator user has no right to access the mirror data, and it is forbidden to download the mirror, and also prohibit the mirror export and mirror clone operations. Non-administrator users cannot use mirrored data, (for example: server maintenance) |
| killed | Indicates that an error occurred during the image upload process, and the image is not readable The image itself is not uploaded completely, and the uploading process was interrupted due to network and other reasons, resulting in data loss |
| deleted (common in enterprises) | The image will be automatically deleted in the near future. The image can no longer be used, but Glance still retains the relevant information and original data of the image. After deletion, it can be restored |
| pending_delete | Similar to deleted, Glance has not cleared the image data, but the image in this state cannot be restored After deletion, it cannot be restored |
6. Access authority
| Authority | description |
|---|---|
| Public | Can be used by all projects |
| Private | Only used by the project of the mirror owner |
| Shared | A non-shared image can be shared with other projects, which is achieved through the operation of project members (member-*) |
| Protected | This kind of mirror cannot be deleted |
7. Glance architecture diagram
图解
client:客户端/请求体(可以是openstack命令行、horizon、nova)
Glance-api:统一的交互入口;负责接收请求、响应请求(镜像查询、获取、存储的调用)
glance-registry:负责相应和镜像元数据相关的请求;和DB数据库中交互,存储、处理、检索镜像的元数据(镜像大小、类型)
store backend:Glance 自己并不存储 image。 真正的 image 是存放在 backend 中的。用于将镜像本身的数据存放在后端
下面一排,可以理解成不同格式类型的数据库。
8、工作流程
图解:
①OpenStack的操作都需经Keystone进行身份认证(AuthN)并授权(AuthZ),Glance也不例外。Glance是一个C/S架构,提供一个REST API,用户就通过RESTAPI来执行镜像的各种操作。[Glance Domain Controller是一个主要的中间件,相当于调度器,作用是将Glance内部服务的操作分发到以下各个功能层
②Auth(授权):用来控制镜像的访问权限,决定镜像自己或者它的属性是否可以被修改,只有管理员或镜像的拥有者才可以执行修改操作。roperty Protection(属性保护):这是个可选层,要在Glance配置文件中设置了
property_protection_file参数才会生效。它提供两种类型的镜像属性,一种是核心属性,在镜像参数中指定;另一种是元数据属性,可以被附加到一个镜像上的任一键值对。该层通过调用Glance的public API管理对meta属性的访问,也可以在配置文件中限制该访问。
③Notifier(消息通知):将镜像变化的消息和使用镜像时发生的错误和警告添加到消息队列中。
④Policyx(规则定义):定义镜像操作的访问规则,这些规则在/etc/policy.json文件中定义,该层对其进行监视并实施。
⑤Quota(配额限制):如果管理员对某用户定义了镜像大小的镜像上传上限,则该用户上传了超过该限额的镜像时会上传失败。
⑥Location(定位):通过glance_store与后台存储进行交互,例如上传、下载镜像,管理镜像存储位置。该层还能够在添加新位置时检查位置URI是否正确;镜像位置改变时删除存储后端保存的镜像数据;防止镜像位置重复。
⑦DB(数据库):实现与数据库进行交互的API,一方面将镜像转换为相应的格式以存储在数据库中,另一方面将从数据库读取的信息转换为可操作的镜像对象。
⑧Registry Layer(注册层):是一个可选层,通过使用单独的服务控制Glance Domain Controller与GlanceDB之间的安全交互。
⑨Glance DB:是Glance服务使用的核心库,该库对Glance内部所有依赖数据库的组件是共享的。(这个库是存一些元数据信息的,不是真正存镜像的数据库)
⑩Glance Store:用来组织处理Glance和各种存储后端的交互,提供了一个统一的接口来访问后端的存储。所有的镜像文件操作都是通过调用Glance Store库来执行的,它负责与外部存储端或本地文件存储系统的交互。
注:文章中图片来源于网络
二、OpenStack-glance的组件部署
配置接:OpenStack的部署(二)------Keystone项目
为openstack安装glance的组件,全部在控制节点上操作
CT VM:192.168.100.10 NAT:192.168.163.10
1、创建数据库实例和数据库用户
mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
flush privileges;
exit
2、创建用户、修改配置文件
创建OpenStack的Glance用户
- 创建用户前,需要首先执行管理员环境变量脚本(此处已经在~/.bashrc 中定义过了)
#创建glance用户
openstack user create --domain default --password GLANCE_PASS glance
#将glance用户添加到service项目中,并且针对这个项目拥有admin权限;注册glance的API,需要对service项目有admin权限
openstack role add --project service --user glance admin
#创建一个service服务,service名称为glance,类型为image;创建完成后可以通过 openstack service list 查看
openstack service create --name glance --description "OpenStack Image" image
创建镜像服务 API 端点,OpenStack使用三种API端点代表三种服务:admin、internal、public
openstack endpoint create --region RegionOne image public http://ct:9292
openstack endpoint create --region RegionOne image internal http://ct:9292
openstack endpoint create --region RegionOne image admin http://ct:9292
安装 openstack-glance 软件包
yum -y install openstack-glance
修改glance配置文件,glance有两个配置文件:/etc/glance/glance-api.conf
/etc/glance/glance-registry.conf
cp -a /etc/glance/glance-api.conf{
,.bak}
grep -Ev '^$|#' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
添加glance-api.conf配置(传参部分就演示了)
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@ct/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://ct:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://ct:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
我们刚才传参的内容在文件中得到体现,当然,直接在配置文件里添加、修改参数也是可以的。
修改glance-registry.conf 配置文件
cp -a /etc/glance/glance-registry.conf{
,.bak}
grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
添加glance-registry.conf 配置(传参部分就演示了)
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@ct/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://ct:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://ct:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
初始化glance数据库,生成相关表结构;(不管有多少个controler,只需要初始化一次即可)
su -s /bin/sh -c "glance-manage db_sync" glance
开启glance服务(此处开启之后会生成存放镜像的目录/var/lib/glance/image)
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
查看端口
netstat -natp | grep 9292
#或(lsof需要安装)
yum -y install lsof
lsof -i:9292
赋予openstack-glance-api.service服务对存储设备的可写权限(-h:值对符号连接/软链接的文件修改)
chown -hR glance:glance /var/lib/glance/
3、测试是否部署成功
cirros-0.3.5-x86_64-disk.img
测试镜像下载
镜像导入
先上传cirros镜像到控制节点的/root,然后导入glance,最后查看是否创建成功
openstack image create --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public cirros
查看镜像的两种方式
openstack image list
或
glance image-list
下一步:OpenStack的部署(四)------Placement项目
总结
因为OpenStack上创建虚拟机需要镜像支持,所以先行进行部署
部署思路:
1、创建数据库、授权
2、创建openstack用户、授权、管理
3、修改配置文件(glance-api.conf、glance-registry.conf)
4、初始化数据库、上传实例镜像
验证角色、项目、用户、服务是否建立
openstack user list
openstack project list
openstack role list
openstack role assignment list
openstack service list
查看glance服务的api端口是否开启
netstat -natp | grep 9292
查看/var/lib目录下的glance目录的属主和属组是否为glance
ll /var/lib
查看镜像是否上传成功
openstack image list
或
glance image-list