笔记为根据老男孩视频+官方文档学习,并记录,如有错漏,心情好的可以指出一下。
视频地址:https://www.bilibili.com/video/BV1LJ411Y7og?p=12
镜像服务(glance)
镜像服务 (glance) 允许用户发现、注册和获取虚拟机镜像。它提供了一个 REST API,允许您查询虚拟机镜像的 metadata 并获取一个现存的镜像。您可以将虚拟机镜像存储到各种位置,从简单的文件系统到对象存储系统—-例如 OpenStack 对象存储, 并通过镜像服务使用。
OpenStack镜像服务包括以下组件:
glance-api
接收镜像API的调用,诸如镜像发现、恢复、存储。glance-registry
存储、处理和恢复镜像的元数据,元数据包括项诸如大小和类型。包含修改镜像的一些属性。
PS:glance-registry是私有内部服务,用于服务OpenStack Image服务。不要向用户暴露该服务
创库,授权
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
-> IDENTIFIED BY 'pjkUV4tb4KTG6etayHNL';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
-> IDENTIFIED BY 'pjkUV4tb4KTG6etayHNL';
Query OK, 0 rows affected (0.00 sec)
顺手验证一下账户登陆是否成功
[root@controller01 ~]# mysql -uglance -ppjkUV4tb4KTG6etayHNL
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
+--------------------+
2 rows in set (0.01 sec)
MariaDB [(none)]> Ctrl-C -- exit!
Aborted
在keystone上创建服务和注册API
创建 glance 用户并添加 admin 角色到 glance 用户和 service 项目上
- -prompt为交互的创建密码
- 也可以不写prompt,直接--password 4kcjG3eeAutWlMbBR2gu
[root@controller01 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 8cba1e7341c14ab993124909c705919a |
| enabled | True |
| id | aeead746b25d4d54a39abd97d9a9e815 |
| name | glance |
+-----------+----------------------------------+
[root@controller01 ~]# openstack role add --project service --user glance admin
创建glance实体
[root@controller01 ~]# openstack service create --name glance \
> --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 0c0c1aac97f24588b553e3147a94fdac |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建镜像服务的 API 端点
[root@controller01 ~]# openstack endpoint create --region RegionOne \
> image public http://controller01:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c43489adf7d044d5a00160419724ab6c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0c0c1aac97f24588b553e3147a94fdac |
| service_name | glance |
| service_type | image |
| url | http://controller01:9292 |
+--------------+----------------------------------+
[root@controller01 ~]# openstack endpoint create --region RegionOne \
> image internal http://controller01:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 30f5364d2dcf4cc4be67c80810c673a4 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0c0c1aac97f24588b553e3147a94fdac |
| service_name | glance |
| service_type | image |
| url | http://controller01:9292 |
+--------------+----------------------------------+
[root@controller01 ~]# openstack endpoint create --region RegionOne \
> image admin http://controller01:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ac52d68aad6944fe857a5f9fbb8021de |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0c0c1aac97f24588b553e3147a94fdac |
| service_name | glance |
| service_type | image |
| url | http://controller01:9292 |
+--------------+----------------------------------+
安装glance
yum install openstack-glance -y
修改配置
glance-api
官方的内容如下:
需要修改三个模块中的
在 [database] 部分,配置数据库访问:
[database]
...
connection = mysql+pymysql://glance:pjkUV4tb4KTG6etayHNL@controller01/glance
这里需要注意,密码是在数据库中创建用户的密码
controller01为一开始基础设置时,就定义好的主机解析
在 [keystone_authtoken]和[paste_deploy]部分,配置认证服务访问:
[keystone_authtoken]
...
auth_uri = http://controller01:5000
auth_url = http://controller01:35357
memcached_servers = controller01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 4kcjG3eeAutWlMbBR2gu
#这里需要注意,密码是在keystone中创建用户的密码
[paste_deploy]
...
flavor = keystone
注解:在 [keystone_authtoken] 中注释或者删除其他选项。
在 [glance_store]部分,配置本地文件系统存储和镜像文件位置:
[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
glance-registry
在 [database] 部分,配置数据库访问:
[database]
...
connection = mysql+pymysql://glance:pjkUV4tb4KTG6etayHNL@controller01/glance
将GLANCE_DBPASS 替换为你为镜像服务选择的密码。
在 [keystone_authtoken]和 [paste_deploy]部分,配置认证服务访问:
[keystone_authtoken]
...
auth_uri = http://controller01:5000
auth_url = http://controller01:35357
memcached_servers = controller01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 4kcjG3eeAutWlMbBR2gu
#这里需要注意,密码是在keystone中创建用户的密码
[paste_deploy]
...
flavor = keystone
同步数据库
*官方文档中,针对同步glance数据库做了声明:忽略输出中任何不推荐使用的信息。
[root@controller01 glance]# su -s /bin/sh -c "glance-manage db_sync" glance
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
[root@controller01 glance]# mysql -uroot -phl044sdvwTT1LZ7Oa4wp glance -e "show tables;"
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| artifact_blob_locations |
| artifact_blobs |
| artifact_dependencies |
| artifact_properties |
| artifact_tags |
| artifacts |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
- 验证,glance数据库中,表都创建了。表示命令运行成功。
启动服务
[root@controller01 glance]# systemctl enable openstack-glance-api.service \
> openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller01 glance]# systemctl start openstack-glance-api.service \
> openstack-glance-registry.service
验证
服务启动成功,会监听tcp的9292和9191;因为之前在keystone上注册服务的时候,填写的是9292端口,所以这里重点关注9292端口。
结果我这里报错了。。
报错内容如下:
[root@controller01 glance]# systemctl status openstack-glance-api.service openstack-glance-registry.service
● openstack-glance-api.service - OpenStack Image Service (code-named Glance) API server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Wed 2021-10-20 10:50:44 CST; 7s ago
Process: 3767 ExecStart=/usr/bin/glance-api (code=exited, status=1/FAILURE)
Main PID: 3767 (code=exited, status=1/FAILURE)
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service: main process exited, code=exited, status=1/FAILURE
Oct 20 10:50:44 controller01 systemd[1]: Unit openstack-glance-api.service entered failed state.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service failed.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service holdoff time over, scheduling restart.
Oct 20 10:50:44 controller01 systemd[1]: Stopped OpenStack Image Service (code-named Glance) API server.
Oct 20 10:50:44 controller01 systemd[1]: start request repeated too quickly for openstack-glance-api.service
Oct 20 10:50:44 controller01 systemd[1]: Failed to start OpenStack Image Service (code-named Glance) API server.
Oct 20 10:50:44 controller01 systemd[1]: Unit openstack-glance-api.service entered failed state.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service failed.
● openstack-glance-registry.service - OpenStack Image Service (code-named Glance) Registry server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-registry.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Wed 2021-10-20 10:50:44 CST; 7s ago
Process: 3757 ExecStart=/usr/bin/glance-registry (code=exited, status=1/FAILURE)
Main PID: 3757 (code=exited, status=1/FAILURE)
Oct 20 10:50:43 controller01 systemd[1]: openstack-glance-registry.service: main process exited, code=exited, status=1/FAILURE
Oct 20 10:50:43 controller01 systemd[1]: Unit openstack-glance-registry.service entered failed state.
Oct 20 10:50:43 controller01 systemd[1]: openstack-glance-registry.service failed.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-registry.service holdoff time over, scheduling restart.
Oct 20 10:50:44 controller01 systemd[1]: Stopped OpenStack Image Service (code-named Glance) Registry server.
Oct 20 10:50:44 controller01 systemd[1]: start request repeated too quickly for openstack-glance-registry.service
Oct 20 10:50:44 controller01 systemd[1]: Failed to start OpenStack Image Service (code-named Glance) Registry server.
Oct 20 10:50:44 controller01 systemd[1]: Unit openstack-glance-registry.service entered failed state.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-registry.service failed.
2021-10-20 10:52:11.184 4043 CRITICAL glance [-] MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url
2021-10-20 10:52:11.184 4043 ERROR glance Traceback (most recent call last):
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/bin/glance-api", line 10, in <module>
2021-10-20 10:52:11.184 4043 ERROR glance sys.exit(main())
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/glance/cmd/api.py", line 91, in main
2021-10-20 10:52:11.184 4043 ERROR glance server.start(config.load_paste_app('glance-api'), default_port=9292)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/glance/common/config.py", line 259, in load_paste_app
2021-10-20 10:52:11.184 4043 ERROR glance app = deploy.loadapp("config:%s" % conf_file, name=app_name)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 247, in loadapp
2021-10-20 10:52:11.184 4043 ERROR glance return loadobj(APP, uri, name=name, **kw)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 272, in loadobj
2021-10-20 10:52:11.184 4043 ERROR glance return context.create()
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 710, in create
2021-10-20 10:52:11.184 4043 ERROR glance return self.object_type.invoke(self)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 207, in invoke
2021-10-20 10:52:11.184 4043 ERROR glance app = filter(app)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 1100, in auth_filter
2021-10-20 10:52:11.184 4043 ERROR glance return AuthProtocol(app, conf)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 682, in __init__
2021-10-20 10:52:11.184 4043 ERROR glance self._identity_server = self._create_identity_server()
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 1050, in _create_identity_server
2021-10-20 10:52:11.184 4043 ERROR glance auth_plugin = self._get_auth_plugin()
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 995, in _get_auth_plugin
2021-10-20 10:52:11.184 4043 ERROR glance return plugin_loader.load_from_options_getter(getter)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystoneauth1/loading/base.py", line 148, in load_from_options_getter
2021-10-20 10:52:11.184 4043 ERROR glance return self.load_from_options(**kwargs)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystoneauth1/loading/base.py", line 123, in load_from_options
2021-10-20 10:52:11.184 4043 ERROR glance raise exceptions.MissingRequiredOptions(missing_required)
2021-10-20 10:52:11.184 4043 ERROR glance MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url #这段提示了缺少auth_url参数
2021-10-20 11:01:05.525 4356 ERROR glance_store._drivers.filesystem [-] Permission to write in /var/lib/glance/images/ denied
2021-10-20 11:01:05.525 4356 ERROR glance_store._drivers.filesystem None
2021-10-20 11:01:05.525 4356 ERROR glance_store._drivers.filesystem
- 启动失败了。返回去检查的时候,也发现少了条uri的配置,但是加了还是启动不成功。结果一顿查,最终才发现,在改配置文件时,使用的使用了两个配置都是
auth_uri,一个配置为auth_uri一个是auth_url
尝试上传一个镜像
[root@controller01 ~]# ls
admin-openrc anaconda-ks.cfg cirros-0.3.4-x86_64-disk.img
[root@controller01 ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
503 Service Unavailable: The server is currently unavailable. Please try again at a later time. (HTTP 503)
查看日志
2021-10-20 11:24:19.535 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:24:19.582 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:24:19.583 4576 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data
2021-10-20 11:24:19.584 4576 INFO eventlet.wsgi.server [-] 192.168.137.11 - - [20/Oct/2021 11:24:19] "GET /v2/images HTTP/1.1" 503 370 1.831359
2021-10-20 11:37:41.115 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:37:41.159 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:37:41.159 4576 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data
2021-10-20 11:37:41.160 4576 INFO eventlet.wsgi.server [-] 192.168.137.11 - - [20/Oct/2021 11:37:41] "GET /v2/schemas/image HTTP/1.1" 503 370 0.087925
#提示令牌被服务器拒绝了。
#再次检查配置文件,原来。。keystone模块glance的token填错。没填完整
#再次更改配置,更改后,要重启配置才能生效,这个需要注意
然后就成功了。
[root@controller01 ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2021-10-20T03:38:11Z |
| disk_format | qcow2 |
| file | /v2/images/2b98fc6c-82bd-4f1d-8747-903421664583/file |
| id | 2b98fc6c-82bd-4f1d-8747-903421664583 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | cfb654cc503f4da8aaed7fde4a01c1f7 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2021-10-20T03:38:12Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
目录下的文件也显示了。表示上传成功,
[root@controller01 ~]# ll /var/lib/glance/images/
total 12980
-rw-r----- 1 glance glance 13287936 Oct 20 11:38 2b98fc6c-82bd-4f1d-8747-903421664583
#检验一下MD5值,可以确认,文件上传以后,也没有改变内容
[root@controller01 ~]# md5sum cirros-0.3.4-x86_64-disk.img
ee1eca47dc88f4879d8a229cc70a07c6 cirros-0.3.4-x86_64-disk.img
[root@controller01 ~]# md5sum /var/lib/glance/images/2b98fc6c-82bd-4f1d-8747-903421664583
ee1eca47dc88f4879d8a229cc70a07c6 /var/lib/glance/images/2b98fc6c-82bd-4f1d-8747-903421664583