openstack-M版,学习笔记四

笔记为根据老男孩视频+官方文档学习,并记录,如有错漏,心情好的可以指出一下。
视频地址:https://www.bilibili.com/video/BV1LJ411Y7og?p=12 

镜像服务(glance)

镜像服务 (glance) 允许用户发现、注册和获取虚拟机镜像。它提供了一个 REST API,允许您查询虚拟机镜像的 metadata 并获取一个现存的镜像。您可以将虚拟机镜像存储到各种位置,从简单的文件系统到对象存储系统—-例如 OpenStack 对象存储, 并通过镜像服务使用。

  • OpenStack镜像服务包括以下组件:
  1. glance-api
    接收镜像API的调用,诸如镜像发现、恢复、存储。
  2. glance-registry
    存储、处理和恢复镜像的元数据,元数据包括项诸如大小和类型。包含修改镜像的一些属性。

PS:glance-registry是私有内部服务,用于服务OpenStack Image服务。不要向用户暴露该服务

创库,授权

MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
    ->   IDENTIFIED BY 'pjkUV4tb4KTG6etayHNL';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
    ->   IDENTIFIED BY 'pjkUV4tb4KTG6etayHNL';
Query OK, 0 rows affected (0.00 sec)

顺手验证一下账户登陆是否成功

[root@controller01 ~]# mysql -uglance -ppjkUV4tb4KTG6etayHNL
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| glance             |
| information_schema |
+--------------------+
2 rows in set (0.01 sec)
MariaDB [(none)]> Ctrl-C -- exit!
Aborted

在keystone上创建服务和注册API

创建 glance 用户并添加 admin 角色到 glance 用户和 service 项目上

  • -prompt为交互的创建密码
  • 也可以不写prompt,直接--password 4kcjG3eeAutWlMbBR2gu
[root@controller01 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 8cba1e7341c14ab993124909c705919a |
| enabled   | True                             |
| id        | aeead746b25d4d54a39abd97d9a9e815 |
| name      | glance                           |
+-----------+----------------------------------+
[root@controller01 ~]# openstack role add --project service --user glance admin

创建glance实体

[root@controller01 ~]# openstack service create --name glance \
>   --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 0c0c1aac97f24588b553e3147a94fdac |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

创建镜像服务的 API 端点

[root@controller01 ~]# openstack endpoint create --region RegionOne \
>   image public http://controller01:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | c43489adf7d044d5a00160419724ab6c |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0c0c1aac97f24588b553e3147a94fdac |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller01:9292         |
+--------------+----------------------------------+
[root@controller01 ~]# openstack endpoint create --region RegionOne \
>   image internal http://controller01:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 30f5364d2dcf4cc4be67c80810c673a4 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0c0c1aac97f24588b553e3147a94fdac |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller01:9292         |
+--------------+----------------------------------+
[root@controller01 ~]# openstack endpoint create --region RegionOne \
>   image admin http://controller01:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | ac52d68aad6944fe857a5f9fbb8021de |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0c0c1aac97f24588b553e3147a94fdac |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller01:9292         |
+--------------+----------------------------------+

安装glance

yum install openstack-glance -y

修改配置

glance-api

官方的内容如下:
需要修改三个模块中的
在 [database] 部分,配置数据库访问:

[database]
...
connection = mysql+pymysql://glance:pjkUV4tb4KTG6etayHNL@controller01/glance

这里需要注意,密码是在数据库中创建用户的密码
controller01为一开始基础设置时,就定义好的主机解析

[keystone_authtoken][paste_deploy]部分,配置认证服务访问:

[keystone_authtoken]
...
auth_uri = http://controller01:5000
auth_url = http://controller01:35357
memcached_servers = controller01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 4kcjG3eeAutWlMbBR2gu
#这里需要注意,密码是在keystone中创建用户的密码


[paste_deploy]
...
flavor = keystone

注解:在 [keystone_authtoken] 中注释或者删除其他选项。

[glance_store]部分,配置本地文件系统存储和镜像文件位置:

[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

glance-registry

在 [database] 部分,配置数据库访问:

[database]
...
connection = mysql+pymysql://glance:pjkUV4tb4KTG6etayHNL@controller01/glance

GLANCE_DBPASS 替换为你为镜像服务选择的密码。

[keystone_authtoken][paste_deploy]部分,配置认证服务访问:

[keystone_authtoken]
...
auth_uri = http://controller01:5000
auth_url = http://controller01:35357
memcached_servers = controller01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 4kcjG3eeAutWlMbBR2gu
#这里需要注意,密码是在keystone中创建用户的密码

[paste_deploy]
...
flavor = keystone

同步数据库

*官方文档中,针对同步glance数据库做了声明:忽略输出中任何不推荐使用的信息。

[root@controller01 glance]# su -s /bin/sh -c "glance-manage db_sync" glance
Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
  expire_on_commit=expire_on_commit, _conf=conf)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
[root@controller01 glance]# mysql -uroot -phl044sdvwTT1LZ7Oa4wp glance -e "show tables;"
+----------------------------------+
| Tables_in_glance                 |
+----------------------------------+
| artifact_blob_locations          |
| artifact_blobs                   |
| artifact_dependencies            |
| artifact_properties              |
| artifact_tags                    |
| artifacts                        |
| image_locations                  |
| image_members                    |
| image_properties                 |
| image_tags                       |
| images                           |
| metadef_namespace_resource_types |
| metadef_namespaces               |
| metadef_objects                  |
| metadef_properties               |
| metadef_resource_types           |
| metadef_tags                     |
| migrate_version                  |
| task_info                        |
| tasks                            |
+----------------------------------+
  • 验证,glance数据库中,表都创建了。表示命令运行成功。

启动服务

[root@controller01 glance]# systemctl enable openstack-glance-api.service \
>   openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller01 glance]# systemctl start openstack-glance-api.service \
>   openstack-glance-registry.service

验证

服务启动成功,会监听tcp的9292和9191;因为之前在keystone上注册服务的时候,填写的是9292端口,所以这里重点关注9292端口。

结果我这里报错了。。
报错内容如下:

[root@controller01 glance]# systemctl status openstack-glance-api.service   openstack-glance-registry.service
● openstack-glance-api.service - OpenStack Image Service (code-named Glance) API server
   Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service; enabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Wed 2021-10-20 10:50:44 CST; 7s ago
  Process: 3767 ExecStart=/usr/bin/glance-api (code=exited, status=1/FAILURE)
Main PID: 3767 (code=exited, status=1/FAILURE)


Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service: main process exited, code=exited, status=1/FAILURE
Oct 20 10:50:44 controller01 systemd[1]: Unit openstack-glance-api.service entered failed state.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service failed.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service holdoff time over, scheduling restart.
Oct 20 10:50:44 controller01 systemd[1]: Stopped OpenStack Image Service (code-named Glance) API server.
Oct 20 10:50:44 controller01 systemd[1]: start request repeated too quickly for openstack-glance-api.service
Oct 20 10:50:44 controller01 systemd[1]: Failed to start OpenStack Image Service (code-named Glance) API server.
Oct 20 10:50:44 controller01 systemd[1]: Unit openstack-glance-api.service entered failed state.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service failed.


● openstack-glance-registry.service - OpenStack Image Service (code-named Glance) Registry server
   Loaded: loaded (/usr/lib/systemd/system/openstack-glance-registry.service; enabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Wed 2021-10-20 10:50:44 CST; 7s ago
  Process: 3757 ExecStart=/usr/bin/glance-registry (code=exited, status=1/FAILURE)
Main PID: 3757 (code=exited, status=1/FAILURE)


Oct 20 10:50:43 controller01 systemd[1]: openstack-glance-registry.service: main process exited, code=exited, status=1/FAILURE
Oct 20 10:50:43 controller01 systemd[1]: Unit openstack-glance-registry.service entered failed state.
Oct 20 10:50:43 controller01 systemd[1]: openstack-glance-registry.service failed.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-registry.service holdoff time over, scheduling restart.
Oct 20 10:50:44 controller01 systemd[1]: Stopped OpenStack Image Service (code-named Glance) Registry server.
Oct 20 10:50:44 controller01 systemd[1]: start request repeated too quickly for openstack-glance-registry.service
Oct 20 10:50:44 controller01 systemd[1]: Failed to start OpenStack Image Service (code-named Glance) Registry server.
Oct 20 10:50:44 controller01 systemd[1]: Unit openstack-glance-registry.service entered failed state.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-registry.service failed.
2021-10-20 10:52:11.184 4043 CRITICAL glance [-] MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url
2021-10-20 10:52:11.184 4043 ERROR glance Traceback (most recent call last):
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/bin/glance-api", line 10, in <module>
2021-10-20 10:52:11.184 4043 ERROR glance     sys.exit(main())
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/glance/cmd/api.py", line 91, in main
2021-10-20 10:52:11.184 4043 ERROR glance     server.start(config.load_paste_app('glance-api'), default_port=9292)
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/glance/common/config.py", line 259, in load_paste_app
2021-10-20 10:52:11.184 4043 ERROR glance     app = deploy.loadapp("config:%s" % conf_file, name=app_name)
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 247, in loadapp
2021-10-20 10:52:11.184 4043 ERROR glance     return loadobj(APP, uri, name=name, **kw)
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 272, in loadobj
2021-10-20 10:52:11.184 4043 ERROR glance     return context.create()
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 710, in create
2021-10-20 10:52:11.184 4043 ERROR glance     return self.object_type.invoke(self)
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 207, in invoke
2021-10-20 10:52:11.184 4043 ERROR glance     app = filter(app)
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 1100, in auth_filter
2021-10-20 10:52:11.184 4043 ERROR glance     return AuthProtocol(app, conf)
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 682, in __init__
2021-10-20 10:52:11.184 4043 ERROR glance     self._identity_server = self._create_identity_server()
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 1050, in _create_identity_server
2021-10-20 10:52:11.184 4043 ERROR glance     auth_plugin = self._get_auth_plugin()
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 995, in _get_auth_plugin
2021-10-20 10:52:11.184 4043 ERROR glance     return plugin_loader.load_from_options_getter(getter)
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/keystoneauth1/loading/base.py", line 148, in load_from_options_getter
2021-10-20 10:52:11.184 4043 ERROR glance     return self.load_from_options(**kwargs)
2021-10-20 10:52:11.184 4043 ERROR glance   File "/usr/lib/python2.7/site-packages/keystoneauth1/loading/base.py", line 123, in load_from_options
2021-10-20 10:52:11.184 4043 ERROR glance     raise exceptions.MissingRequiredOptions(missing_required)
2021-10-20 10:52:11.184 4043 ERROR glance MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url    #这段提示了缺少auth_url参数
2021-10-20 11:01:05.525 4356 ERROR glance_store._drivers.filesystem [-] Permission to write in /var/lib/glance/images/ denied
2021-10-20 11:01:05.525 4356 ERROR glance_store._drivers.filesystem None
2021-10-20 11:01:05.525 4356 ERROR glance_store._drivers.filesystem
  • 启动失败了。返回去检查的时候,也发现少了条uri的配置,但是加了还是启动不成功。结果一顿查,最终才发现,在改配置文件时,使用的使用了两个配置都是auth_uri,一个配置为auth_uri一个是auth_url

尝试上传一个镜像

[root@controller01 ~]# ls
admin-openrc  anaconda-ks.cfg  cirros-0.3.4-x86_64-disk.img

[root@controller01 ~]# openstack image create "cirros"   --file cirros-0.3.4-x86_64-disk.img  --disk-format qcow2 --container-format bare   --public
503 Service Unavailable: The server is currently unavailable. Please try again at a later time. (HTTP 503)

查看日志

2021-10-20 11:24:19.535 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:24:19.582 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:24:19.583 4576 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data
2021-10-20 11:24:19.584 4576 INFO eventlet.wsgi.server [-] 192.168.137.11 - - [20/Oct/2021 11:24:19] "GET /v2/images HTTP/1.1" 503 370 1.831359
2021-10-20 11:37:41.115 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:37:41.159 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:37:41.159 4576 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data
2021-10-20 11:37:41.160 4576 INFO eventlet.wsgi.server [-] 192.168.137.11 - - [20/Oct/2021 11:37:41] "GET /v2/schemas/image HTTP/1.1" 503 370 0.087925
#提示令牌被服务器拒绝了。
#再次检查配置文件,原来。。keystone模块glance的token填错。没填完整
#再次更改配置,更改后,要重启配置才能生效,这个需要注意

然后就成功了。

[root@controller01 ~]# openstack image create "cirros"   --file cirros-0.3.4-x86_64-disk.img  --disk-format qcow2 --container-format bare   --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6                     |
| container_format | bare                                                 |
| created_at       | 2021-10-20T03:38:11Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/2b98fc6c-82bd-4f1d-8747-903421664583/file |
| id               | 2b98fc6c-82bd-4f1d-8747-903421664583                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros                                               |
| owner            | cfb654cc503f4da8aaed7fde4a01c1f7                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13287936                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2021-10-20T03:38:12Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+

目录下的文件也显示了。表示上传成功,

[root@controller01 ~]# ll /var/lib/glance/images/
total 12980
-rw-r----- 1 glance glance 13287936 Oct 20 11:38 2b98fc6c-82bd-4f1d-8747-903421664583

#检验一下MD5值,可以确认,文件上传以后,也没有改变内容

[root@controller01 ~]# md5sum cirros-0.3.4-x86_64-disk.img
ee1eca47dc88f4879d8a229cc70a07c6  cirros-0.3.4-x86_64-disk.img
[root@controller01 ~]# md5sum /var/lib/glance/images/2b98fc6c-82bd-4f1d-8747-903421664583
ee1eca47dc88f4879d8a229cc70a07c6  /var/lib/glance/images/2b98fc6c-82bd-4f1d-8747-903421664583
上一篇:OpenStack KeyStone


下一篇:会了他还怕不了解架构