OpenStack——glance
-
-
- One, glance mirroring service
- Two, deploy glance
-
- 1. Create a database instance and database user (ct)
- 2. Create users and modify configuration files
- 3. Create a mirroring service API endpoint
- 4. Install and modify the openstack-glance software package, glance configuration file
- 5. Initialize the glance database and generate related table structures;
- 6. Turn on the glance service (after opening here, a directory /var/lib/glance/image will be generated to store the image)
- 7. Give the openstack-glance-api.service service the writable permission to the storage device (-h: value to the file modification of the symbolic link/soft link)
- 8. Mirror import
- 9. Two ways to view mirroring
One, glance mirroring service
Its project name in OpenStack is Glance. In the early versions of OpenStack, Glance only had the function of managing images, and did not have the function of image storage. Now, Glance has developed into an OpenStack core service that integrates multiple functions such as image upload, retrieval, management, and storage.
1. Mirror service
The mirroring service is used to manage mirrors, allowing users to discover, obtain, and save mirrors. The image service provided in OpenStack is Glance, and its main functions are as follows
Query and get the metadata of the image and the image itself
Register and upload virtual machine images, including image creation, upload, download and management
Maintain image information, including metadata and the image itself
Supports multiple ways to store images, including ordinary file systems, Swift, Amazon S3, etc.
Execute the create snapshot command on the virtual machine instance to create a new image, or back up the state of the virtual machine
2. The version of the Images API
The RESTful API provided by Glance currently has two versions: API v1 and API v2
v1 only provides basic mirror and member operation functions, including mirror creation, deletion, download, list, detailed information query, update, and the creation, deletion and list of mirror tenant members
In addition to supporting all the functions of v1, v2 mainly adds the addition, deletion, modification of the mirror position, metadata and name space operations, and mirror mark operations
Both versions have the same support for mirrored storage, v1 has been obsolete since version N, and the migration path is replaced by v2
3. Mirror format
Disk format of virtual machine image file
raw: unstructured disk format, very fast access speed, but does not support dynamic expansion, which consumes a lot in the early stage
vhd: This format is commonly used in VMware, Xen, VirtualBox and other hypervisors
vhdx: An enhanced version of the vhd format that supports larger disk sizes
vmdk: A more general virtual machine disk format
vdi: Disk format supported by VirtualBox hypervisor and QEMU emulator
iso: The file format used for the data content of the compact disc (CD-ROM)
ploop: Supported by virtuozzo, the disk format used to run OS containers
qcow2: Supported by QEMU simulation, dynamically expandable, and supports Copy on Write disk format
aki: Amazon kernel format stored in Glance
ari: Amazon virtual RAM disk (Ramdisk) format stored in Glance
ami: Amazon machine format stored in Glance
4. Mirror format
Mirror bare: Mirror without container or metadata "envelope"
ovf: Open Virtualization Format
ova: Open virtualization device format stored in Glance
aki: Amazon kernel format stored in Glance
ari: Amazon virtual RAM disk (Ramdisk) format stored in Glance
Docker: Docker's tar archive file container format of the container file system stored in Glance
5. Mirror status
State One
queued: This is an initialization state. The mirror file has just been created, and only its metadata is available in the Glance database. The mirrored data has not been uploaded to the database.
saving: is a transitional state where the original data of the image is uploaded to the database, indicating that the image is being uploaded
uploading: indicates that the import data submission call has been made, and PUT/file is not allowed to be called in this state (the saving state will execute PUT/file, which is another upload method)
importing: indicates that the import call has been completed, but the image is not yet ready to be used
State two
active: indicates that when the mirror data is successfully uploaded, it becomes an available mirror in Glance
deactivated: means that any non-administrator user has no right to access the mirror data, and it is forbidden to download the mirror, and also prohibit the mirror export and mirror clone operations.
killed: Indicates that an error occurred during the image upload process, and the image is not readable
deleted: The image will be automatically deleted in the near future. The image can no longer be used, but Glance still retains the relevant information and original data of the image.
pending_delete: Similar to deleted, Glance has not cleared the image data, but the image in this state cannot be restored
6. Access authority
Public: can be used by all projects
Private: Only used by the project where the mirror owner is located
Shared (shared): A non-shared image can be shared with other projects, which is achieved through project member (member-*) operations
Protected: This image cannot be deleted
7. Architecture diagram
The client is the Glance service application user, which is the OpenStack command line tool, Horizon or Nova service
glance-api is a service process running in the background of the system. It is the entrance to Glance. It provides REST API externally, is responsible for receiving RESTful requests from users, and responding to mirror query, acquisition and storage calls
glance-registry is a glancei registration service process running in the background of the system, responsible for processing RESTful requests related to image metadata. The metadata includes information such as image size and type. If the request received by Glance-api is related to mirroring metadata, glance-api will forward the request to glance-registry. Glance-registry will parse the request content and interact with the database. Store, process, and retrieve mirrored metadata. glance-api provides API externally. The API of gllance-registry is only used by glance-api
The DB module of Glance stores mirrored metadata, and databases such as MYSQL, MariaDB, and SQLite can be used. The image metadata is stored in the database through glance-registry. Note that the image itself (chunk data) is stored in various storage backends through the glance storage driver
Store Backend Glance itself does not store images, it stores the images in the backend storage system. The data of the image itself is stored in various backends through glance_store and can be obtained from it. Support local storage, object storage, RBD block device, Sheepdog distributed storage, Cinder block storage, VMware data storage
Which backend to use is configured in /etc/glancelglance-api.conf [glance_store]
8. Work flow
OpenStack operations require authentication (AuthN) and authorization (AuthZ) by Keystone, and Glance is no exception. Glance is a C/S architecture that provides a REST API, and users can perform various operations of mirroring through the REST API. [Glance Domain Controller is a main middleware, equivalent to a scheduler, and its role is to distribute the operations of Glance internal services to the following functional layers
Registry Layer: is an optional layer that controls the secure interaction between Glance Domain Controller and GlanceDB by using a separate service
Glance DB: is the core library used by the Glance service, which is shared by all components that rely on the database within Glance. (This library stores some metadata information, not a mirrored database)
Glance Store: Used to organize and process the interaction between Glance and various storage backends, and provides a unified interface to access the backend storage. All mirror file operations are performed by calling the Glance Store library, which is responsible for the interaction with the external storage terminal or the local file storage system
Two, deploy glance
1. Create a database instance and database user (ct)
mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@‘localhost’ IDENTIFIED BY ‘GLANCE_DBPASS’;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’ IDENTIFIED BY ‘GLANCE_DBPASS’;
flush privileges;
quit
2. Create users and modify configuration files
#Before creating a user, you need to execute the administrator environment variable script first (it has been defined in ~/.bashrc here)
openstack user create --domain default --password GLANCE_PASS glance ###创建glance用户
#Add the glance user to the service project, and have admin permission for this project; to register the glance API, you need to have admin permission for the service project
openstack role add --project service --user glance admin
#Create a service service, service name is glance, type is image; after creation, you can use openstack
service list view
openstack service create --name glance --description “OpenStack Image” image
3. Create a mirroring service API endpoint
Create an API endpoint for the mirroring service. OpenStack uses three API endpoints to represent three services: admin, internal, and public
openstack endpoint create --region RegionOne image public http://ct:9292
openstack endpoint create --region RegionOne image internal http://ct:9292
openstack endpoint create --region RegionOne image admin http://ct:9292
4. Install and modify the openstack-glance software package, glance configuration file
yum -y install openstack-glance
#Modify the glance configuration file, glance has two configuration files: /etc/glance/glance-api.conf and /etc/glance/glance-registry.conf
cp -a /etc/glance/glance-api.confản,.bak}
grep -Ev ‘^$|#’ /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
Add glance-api.conf configuration
#Incoming modified parameters
openstack-config --set /etc/glance/glance-api.conf database connection
mysql+pymysql://glance:GLANCE_DBPASS@ct/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://ct:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://ct:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
Modify the glance-registry.conf configuration file
##Before modifying the configuration file, first backup the filter comment information
cp -a /etc/glance/glance-registry.conf{,.bak}
grep -Ev ‘^$|#’ /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
#修改配置文件参数
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@t/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://ct:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://ct:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
5. Initialize the glance database and generate related table structures;
su -s /bin/sh -c “glance-manage db_sync” glance
6. Turn on the glance service (after opening here, a directory /var/lib/glance/image will be generated to store the image)
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
7. Give the openstack-glance-api.service service the writable permission to the storage device (-h: value to the file modification of the symbolic link/soft link)
chown -hR glance:glance /var/lib/glance/
8. Mirror import
#First upload the cirros image to /opt of the control node (file location is customized), then import glance, and finally check whether the creation is successful
openstack image create --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public cirros
9. Two ways to view mirroring
openstack image list
或者
glance image-list