|
|
一、Image(glance)组件简介
1、glance简介
glance用于在OpenStack中注册、发现及获取VM映像文件
RESTful的API
查询VM映像的元数据及通过HTTP请求获取映像
让python程序员通过客户端类在python代码中完成类似的所有任务
VM映像文件存储于何处?
普通的文件系统、对象存储系统(swift)、S3(亚马逊云存储)存储,以及HTTP服务上(仅作为获取映像文件之用,而不能写于此中创建映像文件)等,
2、glance的组件介绍
glance-api
glance的API服务接口,负责接收对Image Service API中映像文件的查看、下载及存储请求;
glance-registry
存储、处理及获取映像文件的元数据,例如映像文件的大小及类型等;
database
存储映像文件元数据;
映像文件存储仓库
支持多种类型的映像文件存储机制,包括使用普通的文件系统、对象存储、RADOS块设备、HTTP以及Amazon的S3等;
3、安装glance
[root@Node1 ~]# yum install openstack-glance python-glanceclient -y
[root@Node1 ~]# rpm -ql openstack-glance
/etc/glance
/etc/glance/glance-api.conf #主配置文件
/etc/glance/glance-cache.conf
/etc/glance/glance-registry.conf
/etc/glance/glance-scrubber.conf
/etc/glance/policy.json
/etc/glance/schema-image.json
/etc/logrotate.d/openstack-glance
/etc/rc.d/init.d/openstack-glance-api
/etc/rc.d/init.d/openstack-glance-registry
/etc/rc.d/init.d/openstack-glance-scrubber
/usr/bin/glance-api
/usr/bin/glance-cache-cleaner
/usr/bin/glance-cache-manage
/usr/bin/glance-cache-prefetcher
/usr/bin/glance-cache-pruner
/usr/bin/glance-control
/usr/bin/glance-manage
/usr/bin/glance-registry
/usr/bin/glance-replicator
/usr/bin/glance-scrubber
/usr/share/doc/openstack-glance-2014.1.5
/usr/share/doc/openstack-keystone-2014.1.5/LICENSE
/usr/share/doc/openstack-keystone-2014.1.5/README.rst
/usr/share/keystone
/usr/share/keystone/daemon_notify.sh
/usr/share/keystone/keystone-dist-paste.ini
/usr/share/keystone/keystone-dist.conf
/usr/share/keystone/keystone.wsgi
/usr/share/keystone/openstack-keystone.upstart
/usr/share/keystone/sample_data.sh
/usr/share/keystone/wsgi-keystone.conf
/usr/share/man/man1/keystone-all.1.gz
/usr/share/man/man1/keystone-manage.1.gz
/var/lib/keystone
/var/log/keystone
/var/run/keystone
4、创建glance库并授权
mysql> create database glance character set utf8
-> ;
Query OK, 1 row affected (0.00 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| glance |
| keystone |
| mysql |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql>
mysql> use glance;
Database changed
mysql> show tables;
Empty set (0.00 sec)
mysql> grant all on glance.* to 'glance'@'%' identified by 'glance';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all on glance.* to 'glance'@'localhost' identified by 'glance';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec) 同步数据库:
[root@Node1 ~]# su -s /bin/sh -c "glance-manage db_sync" glance
mysql> use glance;
Database changed
mysql> show tables;
+------------------+
| Tables_in_glance |
+------------------+
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| migrate_version |
| task_info |
| tasks |
+------------------+
8 rows in set (0.00 sec)
mysql>
5、在keystone中添加glance用户
[root@Node1 ~]# keystone user-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------+
| 2156077a9bc644d597f07719fc67ea56 | admin | True | |
| a3ebced215de4892b9370b4d37eaf9bd | demo | True | |
+----------------------------------+-------+---------+-------+
[root@Node1 ~]# keystone user-create --name=glance --pass=glance
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | efb4d421cf634ed8957b377b2bdd635c |
| name | glance |
| username | glance |
+----------+----------------------------------+
[root@Node1 ~]# keystone user-role-add --user=glance --tenant=service --role=admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
6、修改配置文件
[root@Node1 glance]# vi glance-api.conf
[keystone_authtoken]
auth_host=192.168.10.1
auth_port=35357
auth_protocol=http
auth_url=http://192.168.10.1:5000 #新添加的行
admin_tenant_name=service
admin_user=glance
admin_password=glance
[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
#config_file=/usr/share/glance/glance-api-dist-paste.ini
# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-api-keystone], you would configure the flavor below
# as 'keystone'.
#flavor=
flavor=keystone #使用keystone认证[root@Node1 glance]# vi glance-registry.conf #修改项一样的
[keystone_authtoken]
#auth_host=127.0.0.1
#auth_port=35357
#auth_protocol=http
#admin_tenant_name=%SERVICE_TENANT_NAME%
#admin_user=%SERVICE_USER%
#admin_password=%SERVICE_PASSWORD%
auth_host=192.168.10.1
auth_port=35357
auth_protocol=http
auth_url=http://192.168.10.1:5000
admin_tenant_name=service
admin_user=glance
admin_password=glance
[paste_deploy]
# Name of the paste configuration file that defines the available pipelines
#config_file=/usr/share/glance/glance-registry-dist-paste.ini
# Partial name of a pipeline in your paste configuration file with the
# service name removed. For example, if your paste section name is
# [pipeline:glance-registry-keystone], you would configure the flavor below
# as 'keystone'.
#flavor=
flavor=keystone 在keystone中添加glance的service endpoint:
[root@Node1 ~]# keystone service-create --name=glance --type=image \
> --description="OpenStack Image Service"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | OpenStack Image Service |
| enabled | True |
| id | c31cb85d7ccd4d3ebb759f890656d078 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@Node1 ~]# keystone endpoint-create \
> --service-id=$(keystone service-list | awk '/ image / {print $2}') \
> --publicurl=http://controller:9292 \
> --internalurl=http://controller:9292 \
> --adminurl=http://controller:9292
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://controller:9292 |
| id | c12fa9618e4f4ed29c4ea6d0b7ac6650 |
| internalurl | http://controller:9292 |
| publicurl | http://controller:9292 |
| region | regionOne |
| service_id | d60703148eb04b8a8813e3f0f46ca7a5 |
+-------------+----------------------------------+ 启动glance服务:
[root@Node1 ~]# service openstack-glance-api start
Starting openstack-glance-api: [ OK ]
[root@Node1 ~]# service openstack-glance-registry start
Starting openstack-glance-registry: [ OK ]
[root@Node1 ~]# chkconfig openstack-glance-api on
[root@Node1 ~]# chkconfig openstack-glance-registry on
二、glance客户端使用
[root@Node1 ~]# glance --help
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
usage: glance [--version] [-d] [-v] [--get-schema] [-k]
[--cert-file CERT_FILE] [--key-file KEY_FILE]
[--os-cacert <ca-certificate-file>] [--ca-file OS_CACERT]
[--timeout TIMEOUT] [--no-ssl-compression] [-f] [--dry-run]
[--ssl] [-H ADDRESS] [-p PORT] [--os-username OS_USERNAME]
[-I OS_USERNAME] [--os-password OS_PASSWORD] [-K OS_PASSWORD]
[--os-tenant-id OS_TENANT_ID] [--os-tenant-name OS_TENANT_NAME]
[-T OS_TENANT_NAME] [--os-auth-url OS_AUTH_URL] [-N OS_AUTH_URL]
[--os-region-name OS_REGION_NAME] [-R OS_REGION_NAME]
[--os-auth-token OS_AUTH_TOKEN] [-A OS_AUTH_TOKEN]
[--os-image-url OS_IMAGE_URL] [-U OS_IMAGE_URL]
[--os-image-api-version OS_IMAGE_API_VERSION]
[--os-service-type OS_SERVICE_TYPE]
[--os-endpoint-type OS_ENDPOINT_TYPE] [-S OS_AUTH_STRATEGY]
<subcommand> ...
Command-line interface to the OpenStack Images API.
Positional arguments:
<subcommand>
add DEPRECATED! Use image-create instead.
clear DEPRECATED!
delete DEPRECATED! Use image-delete instead.
details DEPRECATED! Use image-list instead.
image-create Create a new image.
image-delete Delete specified image(s).
image-download Download a specific image.
image-list List images you can access.
image-members DEPRECATED! Use member-list instead.
image-show Describe a specific image.
image-update Update a specific image.
index DEPRECATED! Use image-list instead.
member-add DEPRECATED! Use member-create instead.
member-create Share a specific image with a tenant.
member-delete Remove a shared image from a tenant.
member-images DEPRECATED! Use member-list instead.
member-list Describe sharing permissions by image or tenant.
members-replace DEPRECATED!
show DEPRECATED! Use image-show instead.
update DEPRECATED! Use image-update instead.
help Display help about this program or one of its
subcommands.
Optional arguments:
--version show program's version number and exit
-d, --debug Defaults to env[GLANCECLIENT_DEBUG]
-v, --verbose Print more verbose output
--get-schema Force retrieving the schema used to generate portions
of the help text rather than using a cached copy.
Ignored with api version 1
-k, --insecure Explicitly allow glanceclient to perform "insecure
SSL" (https) requests. The server's certificate will
not be verified against any certificate authorities.
This option should be used with caution.
--cert-file CERT_FILE
Path of certificate file to use in SSL connection.
This file can optionally be prepended with the private
key.
--key-file KEY_FILE Path of client key to use in SSL connection. This
option is not necessary if your key is prepended to
your cert file.
--os-cacert <ca-certificate-file>
Path of CA TLS certificate(s) used to verify the
remote server's certificate. Without this option
glance looks for the default system CA certificates.
--ca-file OS_CACERT DEPRECATED! Use --os-cacert.
--timeout TIMEOUT Number of seconds to wait for a response
--no-ssl-compression Disable SSL compression when using https.
-f, --force Prevent select actions from requesting user
confirmation.
--dry-run DEPRECATED! Only used for deprecated legacy commands.
--ssl DEPRECATED! Send a fully-formed endpoint using --os-
image-url instead.
-H ADDRESS, --host ADDRESS
DEPRECATED! Send a fully-formed endpoint using --os-
image-url instead.
-p PORT, --port PORT DEPRECATED! Send a fully-formed endpoint using --os-
image-url instead.
--os-username OS_USERNAME
Defaults to env[OS_USERNAME]
-I OS_USERNAME DEPRECATED! Use --os-username.
--os-password OS_PASSWORD
Defaults to env[OS_PASSWORD]
-K OS_PASSWORD DEPRECATED! Use --os-password.
--os-tenant-id OS_TENANT_ID
Defaults to env[OS_TENANT_ID]
--os-tenant-name OS_TENANT_NAME
Defaults to env[OS_TENANT_NAME]
-T OS_TENANT_NAME DEPRECATED! Use --os-tenant-name.
--os-auth-url OS_AUTH_URL
Defaults to env[OS_AUTH_URL]
-N OS_AUTH_URL DEPRECATED! Use --os-auth-url.
--os-region-name OS_REGION_NAME
Defaults to env[OS_REGION_NAME]
-R OS_REGION_NAME DEPRECATED! Use --os-region-name.
--os-auth-token OS_AUTH_TOKEN
Defaults to env[OS_AUTH_TOKEN]
-A OS_AUTH_TOKEN, --auth_token OS_AUTH_TOKEN
DEPRECATED! Use --os-auth-token.
--os-image-url OS_IMAGE_URL
Defaults to env[OS_IMAGE_URL]
-U OS_IMAGE_URL, --url OS_IMAGE_URL
DEPRECATED! Use --os-image-url.
--os-image-api-version OS_IMAGE_API_VERSION
Defaults to env[OS_IMAGE_API_VERSION] or 1
--os-service-type OS_SERVICE_TYPE
Defaults to env[OS_SERVICE_TYPE]
--os-endpoint-type OS_ENDPOINT_TYPE
Defaults to env[OS_ENDPOINT_TYPE]
-S OS_AUTH_STRATEGY, --os_auth_strategy OS_AUTH_STRATEGY
DEPRECATED! This option is completely ignored.
See "glance help COMMAND" for help on a specific command.
1、磁盘映像文件如何获取
自己制作:
Oz(KVM),
VMBuilder(KVM,XEN),
VeeWee(KVM,)
获取别人制作的模版
CirrOS
Ubuntu
Fedors
OpenSUSE
Rackspace:云映像文件生成器
OpenStack中的磁盘映像文件要满足以下要求:
(1)支持由OpenStack获取其元数据信息
(2)支持对映像文件的大小进行调整
2、上传镜像文件
[root@Node1 ~]# glance help image-create
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
usage: glance image-create [--id <IMAGE_ID>] [--name <NAME>] [--store <STORE>]
[--disk-format <DISK_FORMAT>]
[--container-format <CONTAINER_FORMAT>]
[--owner <TENANT_ID>] [--size <SIZE>]
[--min-disk <DISK_GB>] [--min-ram <DISK_RAM>]
[--location <IMAGE_URL>] [--file <FILE>]
[--checksum <CHECKSUM>] [--copy-from <IMAGE_URL>]
[--is-public {True,False}]
[--is-protected {True,False}]
[--property <key=value>] [--human-readable]
[--progress]
Create a new image.
Optional arguments:
--id <IMAGE_ID> ID of image to reserve.
--name <NAME> Name of image.
--store <STORE> Store to upload image to.
--disk-format <DISK_FORMAT> #磁盘映像文件的格式
Disk format of image. Acceptable formats: ami, ari,
aki, vhd, vmdk, raw, qcow2, vdi, and iso.
--container-format <CONTAINER_FORMAT> #容器的格式
Container format of image. Acceptable formats: ami,
ari, aki, bare, and ovf.
--owner <TENANT_ID> Tenant who should own image.
--size <SIZE> Size of image data (in bytes). Only used with '--
location' and '--copy_from'.
--min-disk <DISK_GB> Minimum size of disk needed to boot image (in
gigabytes).
--min-ram <DISK_RAM> Minimum amount of ram needed to boot image (in
megabytes).
--location <IMAGE_URL>
URL where the data for this image already resides. For
example, if the image data is stored in swift, you
could specify
'swift://account:key@example.com/container/obj'.
--file <FILE> Local file that contains disk image to be uploaded
during creation. Alternatively, images can be passed
to the client via stdin.
--checksum <CHECKSUM>
Hash of image data used Glance can use for
verification. Provide a md5 checksum here.
--copy-from <IMAGE_URL>
Similar to '--location' in usage, but this indicates
that the Glance server should immediately copy the
data and store it in its configured image store.
--is-public {True,False}
Make image accessible to the public.
--is-protected {True,False}
Prevent image from being deleted.
--property <key=value>
Arbitrary property to associate with image. May be
used multiple times.
--human-readable Print image size in a human-friendly format.
--progress Show upload progress bar.[root@Node1 ~]# qemu-img info cirros-0.3.4-x86_64-disk.img
image: cirros-0.3.4-x86_64-disk.img
file format: qcow2
virtual size: 39M (41126400 bytes)
disk size: 13M
cluster_size: 65536
[root@Node1 ~]# glance image-create --name=cirros-0.3.4.img --disk-format=qcow2 --container-format=bare --is-public=true < /root/cirros-0.3.4-x86_64-disk.img
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2016-08-22T04:31:56 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | a3ae2a3d-832f-42bb-907f-f508c12de5d9 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros-0.3.4.img |
| owner | 63607fac42c94ecbb2490eb01b357586 |
| protected | False |
| size | 13287936 |
| status | active |
| updated_at | 2016-08-22T04:31:56 |
| virtual_size | None |
+------------------+--------------------------------------+
[root@Node1 ~]# glance image-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+--------------------------------------+------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+------------------+-------------+------------------+----------+--------+
| a3ae2a3d-832f-42bb-907f-f508c12de5d9 | cirros-0.3.4.img | qcow2 | bare | 13287936 | active |
+--------------------------------------+------------------+-------------+------------------+----------+--------+
[root@Node1 ~]# ls /var/lib/glance/images/
a3ae2a3d-832f-42bb-907f-f508c12de5d9
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-6-1 07:52:18
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡