目录:
1. 命令行概述
2. ntp常用命令
3. rabbitmq常用命令
4. MySQL常用命令
5. keystone常用命令
6. glance常用命令
7. swift常用命令
8. nova常用命令
9. neutron常用命令
10.cinder常用命令
1. 命令行概述
openstack中涉及的项目非常多,其中核心的项目有:keystone,glance,nova,neutron,cinder,swift等,其他额外的项目还包括:ntp,MySQL,rabbitmq等,设计的相关命令非常多,这些命令行工具在排错时候非常有用,能够快速的查阅openstack里面的状态情况。此外,openstack中的项目,也可以通过web界面的方式进行操作,相比于web界面,命令行具有功能强大,快速等功能,还能通过shell,完成批量管理工作。
2. ntp常用命令
2.1 ntp概述
openstack由多个project共同完成服务,是一个大规模的集群,通常包含几个小集群:controller集群,compute集群,cinder集群,swift集群,集群之间通信,时间的准确非常重要,如果时间不同步,可能会导致集群内的服务出现"心跳异常",从而导致服务出现故障,我个人曾经经历过compute节点时间不一致的情况,导致compute节点上的nova服务出现了down的状态,进而影响了kvm上运行的虚拟机。ntp时间不准确,可能影响比较重要的服务有:nova、neutron、cinder和swift。
2.2 ntp常用命令
RHEL7/CentOS7之后的系统,用chonyd服务取代了ntpd服务,相关的配置文件和客户端命令大体相似,客户端的配置文件位于/etc/chrony.conf,可以通过server关键字指定上一级需要同步时间的ntp服务器地址。此外,ntp第一次同步时间时,如果时间跨度很大,不会立即同步,而是采用跳跃的方式进行时间同步的,如果想要快速同步时间,需要将chonyd服务停止,然后使用ntpdate的方式同步,如下:
[root@controller ~]# systemctl status chronyd
chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled)
Active: active (running) since Thu 2015-11-05 15:50:28 CST; 6s ago
Process: 16987 ExecStartPost=/usr/libexec/chrony-helper add-dhclient-servers (code=exited, status=0/SUCCESS)
Process: 16978 ExecStart=/usr/sbin/chronyd -u chrony $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 16980 (chronyd)
CGroup: /system.slice/chronyd.service
└─16980 /usr/sbin/chronyd -u chrony
Nov 05 15:50:27 controller systemd[1]: Starting NTP client/server...
Nov 05 15:50:27 controller chronyd[16980]: chronyd version 1.29.1 starting
Nov 05 15:50:28 controller chronyd[16980]: Linux kernel major=3 minor=10 patch=0
Nov 05 15:50:28 controller chronyd[16980]: hz=100 shift_hz=7 freq_scale=1.00000000 nominal_tick=10000 slew_delta_tick=833 max_tick_bias=1000 shift_pll=2
Nov 05 15:50:28 controller chronyd[16980]: Frequency -1.378 +/- 0.670 ppm read from /var/lib/chrony/drift
Nov 05 15:50:28 controller systemd[1]: Started NTP client/server.
[root@controller ~]# systemctl stop chronyd
[root@controller ~]# ntpdate 10.1.0.136 #强制同步时间
5 Nov 15:50:54 ntpdate[17029]: adjust time server 10.1.0.136 offset 0.000077 sec
[root@controller ~]# hwclock -w #将当前系统时间写入到BIOS
[root@controller ~]# systemctl start chronyd
[root@controller ~]# chronyc sources -v #客户端校验时间的情况
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| / xxxx = adjusted offset,
|| Log2(Polling interval) -. | yyyy = measured offset,
|| \ | zzzz = estimated error.
|| | |
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 10.1.0.136 4 6 1 10 +81us[ +81us] +/- 305ms #发现^?标志,则表示时间已经同步完成!!
2. rabbitmq常用命令
2.1 rabbitmq概述
高级的消息队列MQ作为openstack各个组件之间通讯的枢纽,起着非常重要的作用,rabbitmq作为生产者—消费者的消息队列模型,在分布式的系统中,完成各项组件交互,具有非常重要的意义,在openstack环境下,需要确保rabbitmq具有高可用特性,且保障数据的持久化(机器意外关机,队列中的数据不会丢失),如下是一些参考命令。
2.2 rabbitmq常用命令
#管理命令,包括启动,关闭
stop [<pid_file>]
stop_app
start_app
wait <pid_file>
reset
force_reset
rotate_logs <suffix>
#集群操作,如加入集群,退出集群,跟新集群
join_cluster <clusternode> [--ram]
cluster_status
change_cluster_node_type disc | ram
forget_cluster_node [--offline]
update_cluster_nodes clusternode
sync_queue queue
cancel_sync_queue queue
set_cluster_name name
#rabbitmq用户操作,如增加,删除,修改,改密码
add_user <username> <password>
delete_user <username>
change_password <username> <newpassword>
clear_password <username>
set_user_tags <username> <tag> ...
list_users
#vhost操作,如创建vhost,对vhost授权和回收权限
add_vhost <vhostpath>
delete_vhost <vhostpath>
list_vhosts [<vhostinfoitem> ...]
set_permissions [-p <vhostpath>] <user> <conf> <write> <read>
clear_permissions [-p <vhostpath>] <username>
list_permissions [-p <vhostpath>]
list_user_permissions <username>
#配置策略,在HA的时候需要用到
set_policy [-p <vhostpath>] [--priority <priority>] [--apply-to <apply-to>] <name> <pattern> <definition>
clear_policy [-p <vhostpath>] <name>
list_policies [-p <vhostpath>]
#查看rabbitmq中状态信息,如队列,连接,交换信息
list_queues [-p <vhostpath>] [<queueinfoitem> ...]
list_exchanges [-p <vhostpath>] [<exchangeinfoitem> ...]
list_bindings [-p <vhostpath>] [<bindinginfoitem> ...]
list_connections [<connectioninfoitem> ...]
list_channels [<channelinfoitem> ...]
list_consumers [-p <vhostpath>]
status
说明,具体的操作,如用户,权限等操作例子,可以参考另外一篇blog,连接:http://happylab.blog.51cto.com/1730296/1707749。
4. MySQL常用命令
openstack中所有的状态化数据都保存在database中,针对每一个project都会有一个database存储对应的表,表里面记录了每个服务的一个状态信息,通常在web界面或者是命令行的操作,实际上是对数据库的增,删,改,查,例如:创建一台虚拟机,会把虚拟的状态信息写到nova.instances表中,会在neutron中记录ip地址的分配情况,会在cinder的volume表中记录存储的分配情况。一般情况而言,都是通过api(命令行或者web界面)的方式去调用后端的database,而不是直接修改数据库。但有些场景,比如cinder-volume不能正常工作,nova-compute无法正常工作,会导致api的方式无法执行,此时,数据库提供了对openstack原理的理解,也提供了另外一种方式去操作openstack中的项目。
需要注意的是,通常情况下,不要轻易去修改数据库,如果需要修改,则提前通过mysqldump将整个数据库进行备份(实际的环境中,采用周期性的方式备份,如每天备份一次,或者每隔一个小时备份一次),并且执行select,update,delete时,需要加上where语句严格做限制,防止一些不必要的误操作,而击垮整个云平台。
常用的SQL语句有:
show databases; 查看数据库
use database; 切换至指定的库
show tables; 查看库中的所有表
select * from tables; 查看表中的所有值
update table set item=value condition 修改表中的某个字段
delete from table where condition 删除表中的某个条目
如下的例子:
MariaDB [(none)]> show databases; #查看库
+--------------------+
| Database |
+--------------------+
| information_schema |
| cinder |
| glance |
| keystone |
| mysql |
| neutron |
| nova |
| performance_schema |
| test |
+--------------------+
9 rows in set (0.09 sec)
MariaDB [nova]> use keystone;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [keystone]> show tables; #查看表
+-----------------------+
| Tables_in_keystone |
+-----------------------+
| assignment |
| credential |
| domain |
| endpoint |
| group |
| id_mapping |
| migrate_version |
| policy |
| project |
| region |
| revocation_event |
| role |
| service |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
+-----------------------+
18 rows in set (0.00 sec)
MariaDB [keystone]> select * from user where id='ef22346fb7da47199e44e68c9d3cc85f'\G; #查阅表中条目的内容,使用where限定符合指定条件内容
*************************** 1. row ***************************
id: ef22346fb7da47199e44e68c9d3cc85f
name: cinder
extra: {"email": "cinder@localhost"}
password: $6$rounds=40000$7tnqG1tIIsZKcOin$uRdIYV0CZSOWSaWYHnjkd.nUsm3WAKFavqBp97ps28CXcQ1qdl1aEHRxr2Cqybryr22pmP.nFoSZ0uvsEaz9J/
enabled: 1
domain_id: default
default_project_id: b0cdad40760c4a248031d8989d96584e
1 row in set (0.00 sec)
MariaDB [keystone]> update user set enabled=0 where id='ef22346fb7da47199e44e68c9d3cc85f'\G; #更新某个字段的内容
Query OK, 1 row affected (0.01 sec)
Rows matched: 1 Changed: 1 Warnings: 0
注意事项 :千叮万嘱,对于数据库,只用于理解openstack的体系结构,非常不建议直接对数据库进行操作,以避免一些不必要的错误,影响云平台正常对外提供服务,当然,我个人在实际的生产环境中,经历过非得修改数据库的状况,千万记得,修改之前,对数据库执行全量的备份,以免出现故障时,能够快速恢复服务。
5. keystone常用命令
5.1 keystone概述
keystone主要用于实现openstack中的认证功能,其具有两个主要的功能:1. 认证和授权,为openstack中的用户提供认证和授权功能,涉及user,tenant,role方面的的操作,2. catalog服务,即所有的project需要将自己的url路径以service的形式,注册到keystone中,方便其他project的调用,涉及service和endpoint方面的操作。
5.2 keystone认证和授权
1、用户管理
用户管理涉及到四个子命令:
user-create 创建
user-delete 删除
user-update 修改
user-list 查看
user-get 查看详细信息
例子1 : 创建一个user1的用户
[root@controller ~(keystone_admin)]# keystone user-create --name user1 --pass redhat --email user1@servera.pod0.example.com --enabled true
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | user1@servera.pod0.example.com |
| enabled | True |
| id | d56f52bff9264982a3ab32225f22e32e |
| name | user1 |
| username | user1 |
+----------+----------------------------------+
[root@controller ~(keystone_admin)]# keystone user-list
+----------------------------------+------------+---------+--------------------------------+
| id | name | enabled | email |
+----------------------------------+------------+---------+--------------------------------+
| 00a17d0457ee4841927d404aacb68672 | admin | True | root@localhost |
| 042a22bba96e45a59d5ed591fd2694bd | ceilometer | True | ceilometer@localhost |
| ef22346fb7da47199e44e68c9d3cc85f | cinder | False | cinder@localhost |
| 4c88ec1634a34030bb48abd747b86797 | glance | True | glance@localhost |
| 4f9e33aa706d4168a92a9021c82dbafe | neutron | True | neutron@localhost |
| 3554baf92ed44edea75060011c14b72f | nova | True | nova@localhost |
| 25d8a47b5ec040d3800ca219b86a6467 | swift | True | swift@localhost |
| d56f52bff9264982a3ab32225f22e32e | user1 | True | user1@servera.pod0.example.com |
+----------------------------------+------------+---------+--------------------------------+
[root@controller ~(keystone_admin)]# keystone user-get user1
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | user1@servera.pod0.example.com |
| enabled | True |
| id | d56f52bff9264982a3ab32225f22e32e |
| name | user1 |
| username | user1 |
+----------+----------------------------------+
例子2 :修改user的信息,修改其mail的地址
[root@controller ~(keystone_admin)]# keystone user-update --email user1@pod0.example.com d56f52bff9264982a3ab32225f22e32e #获取id号码
User has been updated.
[root@controller ~(keystone_admin)]# keystone user-get d56f52bff9264982a3ab32225f22e32e
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | user1@pod0.example.com | #内容已经update
| enabled | True |
| id | d56f52bff9264982a3ab32225f22e32e |
| name | user1 |
| username | user1 |
+----------+----------------------------------+
例子3 :删除用户
[root@controller ~(keystone_admin)]# keystone user-delete d56f52bff9264982a3ab32225f22e32e #使用id号的方式删除
[root@controller ~(keystone_admin)]# keystone user-list
+----------------------------------+------------+---------+----------------------+
| id | name | enabled | email |
+----------------------------------+------------+---------+----------------------+
| 00a17d0457ee4841927d404aacb68672 | admin | True | root@localhost |
| 042a22bba96e45a59d5ed591fd2694bd | ceilometer | True | ceilometer@localhost |
| ef22346fb7da47199e44e68c9d3cc85f | cinder | False | cinder@localhost |
| 4c88ec1634a34030bb48abd747b86797 | glance | True | glance@localhost |
| 4f9e33aa706d4168a92a9021c82dbafe | neutron | True | neutron@localhost |
| 3554baf92ed44edea75060011c14b72f | nova | True | nova@localhost |
| 25d8a47b5ec040d3800ca219b86a6467 | swift | True | swift@localhost |
+----------------------------------+------------+---------+----------------------+
2. tenant的操作
tenant即租户,openstack面向的是公有云/私有云环境,一个组织或者一家公司,需要向公有云厂商申请服务,公有云厂商则会为改组织分配资源的配额,如instance数,vcpus资源,mem资源,floatip等资源,tenant里面则包含多个用户,对于openstack来说,最小的单位是tenant,而非用户。
tenant的操作涉及到:
tenant-create 创建
tenant-delete 删除
tenant-update 更新
tenant-list 查看
tenant-get 查看详细信息
例子4 :创建一个tenant
[root@controller ~(keystone_admin)]# keystone tenant-create --name project1 --description "Project for project1" --enabled true+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Project for project1 |
| enabled | True |
| id | d179ac2fd9ea4d9bbe2b40739f84454a |
| name | project1 |
+-------------+----------------------------------+
[root@controller ~(keystone_admin)]# keystone tenant-list
+----------------------------------+----------+---------+
| id | name | enabled |
+----------------------------------+----------+---------+
| 5637fcf7bfe3402084f2cc4ebe4d00e7 | admin | True |
| d179ac2fd9ea4d9bbe2b40739f84454a | project1 | True |
| b0cdad40760c4a248031d8989d96584e | services | True |
+----------------------------------+----------+---------+
[root@controller ~(keystone_admin)]# keystone tenant-get d179ac2fd9ea4d9bbe2b40739f84454a
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Project for project1 |
| enabled | True |
| id | d179ac2fd9ea4d9bbe2b40739f84454a |
| name | project1 |
+-------------+----------------------------------+
ps: tenant的操作和user的操作相类似,如果对具体的命令参数不了解,可以查看帮助,获取帮助的方式为:keystone help tenant-update,具体不赘述!!
3. role的操作
role即权限,openstack默认提供了两个权限:admin(管理员)和_member_(普通权限),相关的权限控制,定义在/etc/project/policy.json中,如nova的权限定义在/etc/nova/policy.json中,role的相关的操作也包括:role-create,role-delete,role-list和role-get。
例子5 :创建一个角色(该角色并没有实际的意义,仅作测试)
[root@controller keystone(keystone_admin)]# keystone role-create --name Member
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 24cec8ec31734060b2f7e343431a300b |
| name | Member |
+----------+----------------------------------+
[root@controller keystone(keystone_admin)]# keystone role-list
+----------------------------------+---------------+
| id | name |
+----------------------------------+---------------+
| 24cec8ec31734060b2f7e343431a300b | Member |
| 850ba016d06849a8b4d275b930bcc140 | ResellerAdmin |
| ef39ce6312cd40be92c7c1baff79abe5 | SwiftOperator |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| a9fe6ed4e7e04cd6bffb7c2ef797417b | admin |
+----------------------------------+---------------+
[root@controller keystone(keystone_admin)]# keystone role-get 24cec8ec31734060b2f7e343431a300b
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 24cec8ec31734060b2f7e343431a300b |
| name | Member |
+----------+----------------------------------+
[root@controller keystone(keystone_admin)]# keystone role-delete 24cec8ec31734060b2f7e343431a300b
4. 授权用户操作
user创建之后,默认没有权限,无法获取openstack中的资源,需要授予user指定的权限,如将其加入到某个tenant里面获取该tenant里面资源的quota,授予user某个role,让其具有某些操作的权限,一般来说,授予的role是_member_。user的授权操作命令有三个:user-role-add,user-role-list,user-role-remove。
例子6 :授予user1用户project1和member,admin的权限,并回收admin权限
[root@controller keystone(keystone_admin)]# keystone user-role-add --user user1 --role _member_ --tenant project1 #授权
[root@controller keystone(keystone_admin)]# keystone user-role-add --user user1 --role admin --tenant project1
[root@controller keystone(keystone_admin)]# keystone user-role-list --user user1 --tenant project1
+----------------------------------+----------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 30258b13fadf416382b923489cd01c89 | d179ac2fd9ea4d9bbe2b40739f84454a |
| a9fe6ed4e7e04cd6bffb7c2ef797417b | admin | 30258b13fadf416382b923489cd01c89 | d179ac2fd9ea4d9bbe2b40739f84454a |
+----------------------------------+----------+----------------------------------+----------------------------------+
[root@controller keystone(keystone_admin)]# keystone user-role-remove --user user1 --tenant project1 --role admin #回收权限之后,将只具有一个权限了
[root@controller keystone(keystone_admin)]# keystone user-role-list --user user1 --tenant project1
+----------------------------------+----------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 30258b13fadf416382b923489cd01c89 | d179ac2fd9ea4d9bbe2b40739f84454a |
+----------------------------------+----------+----------------------------------+----------------------------------+
5.3 keystone catalog服务
keystone其他服务提供编录(catalog)服务,openstack中的所有服务都需要将其url注册到keystone中,方便服务之间的调用,例如:nova需要调用glance获取镜像,nova会向keystone询问glance所在的路径,然后将路径返回给nova,nova根据keystone返回的glance路径,向glance发起请求。整个过程中,keystone充当和信息传递的角色,所有的服务,都需要将其service的type注册到keystone中。catalog服务涉及到两方面的操作:service和endpoint。
1. service的操作
openstack中的服务,都有一个项目名称和代码名称,如nova项目,其代码的名称是compute,代码名称即是type,常见的type包括:identity, compute, network,image, object-store,需要根据情况创建指定的type,service相关的操作有:service-create,service-delete,service-list和service-get。
例子7 :创建一个keystone的service(系统已经存在)
[root@controller keystone(keystone_admin)]# keystone service-create --name keystone1 --type identity --description "Openstack keystone identity Service"
+-------------+-------------------------------------+
| Property | Value |
+-------------+-------------------------------------+
| description | Openstack keystone identity Service |
| enabled | True |
| id | 196a4a00e695407199c9d7e321bacb96 |
| name | keystone1 |
| type | identity |
+-------------+-------------------------------------+
[root@controller keystone(keystone_admin)]# keystone service-list
+----------------------------------+------------+--------------+-------------------------------------+
| id | name | type | description |
+----------------------------------+------------+--------------+-------------------------------------+
| 933699ab05cb423597c72d0f1c4d5769 | ceilometer | metering | Openstack Metering Service |
| 23f2581e184645b3a9624989d4a2e78d | cinder | volume | Cinder Service |
| ab4e26c28613481199f762babfd0071c | cinderv2 | volumev2 | Cinder Service v2 |
| a6217ea4fc1f401c95edb76163970bae | glance | image | Openstack Image Service |
| fdabfe75810447ad9f5c0193e65e1e08 | keystone | identity | OpenStack Identity Service |
| 196a4a00e695407199c9d7e321bacb96 | keystone1 | identity | Openstack keystone identity Service |
| baa382c153b04cec8233a661be2a1976 | neutron | network | Neutron Networking Service |
| d7d28d95d2284da29eedc6a477bcd81e | nova | compute | Openstack Compute Service |
| a8870667eb154f6ea4172753901295d0 | nova_ec2 | ec2 | EC2 Service |
| a2c39640bb23445ea75fd9942880353a | novav3 | computev3 | Openstack Compute Service v3 |
| b34ba74450194636af5bc876877539b5 | swift | object-store | Openstack Object-Store Service |
| 9af2346fcf214746ac23d9dab9929f6f | swift_s3 | s3 | Openstack S3 Service |
+----------------------------------+------------+--------------+-------------------------------------+
[root@controller keystone(keystone_admin)]# keystone service-get 196a4a00e695407199c9d7e321bacb96
+-------------+-------------------------------------+
| Property | Value |
+-------------+-------------------------------------+
| description | Openstack keystone identity Service |
| enabled | True |
| id | 196a4a00e695407199c9d7e321bacb96 |
| name | keystone1 |
| type | identity |
+-------------+-------------------------------------+
2. endpoint的操作
endpoint需要和service关联,即将某个service注册到keystone中,一般而言,服务包含三种url:publicurl、internalurl和adminurl,需要将三个url都分别注册到keystone中,对于keystone来说publicurl和adminurl使用的端口不同,其他基本上是一样的。endpoint的操作有:endpoint-create、endpoint-delete、endpoint-list和endpoint-get。
例子8 :将上述的keystone1的端口注册到keystone中(系统已经存在keystone的url路径)
[root@controller keystone(keystone_admin)]# keystone endpoint-create --service 196a4a00e695407199c9d7e321bacb96 \
> --publicurl http://10.16.4.59:35357 \
> --internalurl http://10.16.4.59:35357 \
> --adminurl http://10.16.4.59:5000
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://10.16.4.59:5000 |
| id | ae53798e92a74382958d048ddf06aa4d |
| internalurl | http://10.16.4.59:35357 |
| publicurl | http://10.16.4.59:35357 |
| region | regionOne |
| service_id | 196a4a00e695407199c9d7e321bacb96 |
+-------------+----------------------------------+
[root@controller keystone(keystone_admin)]# keystone endpoint-delete fff5c3b032be40c68360781bc7de5de2
Endpoint has been deleted.
6. glance常用命令
glance主要为openstack云主机提供操作系统,在整个云环境下,不需要操作系统的安装,系统的安装,只需要从一个镜像启动即可,相关镜像的功能,则有glance来实现,glance有两个服务完成:glance-api和glance-registry,glance-api负责接收用户的请求,glance-registry则负责将用户的请求调度至后端实际存储image的地方,后端image的存储,支持多种方式:如本地文件系统,swift,ceph,glusterfs等分布式的文件系统上,glance的操作包括:
1. image-create 创建
2. image-delete 删除
3. image-update 更改
4. image-list 查看
5. image-show 查看详细信息
例子1 : 如下从网上下载了一个cirros的镜像,然后将改镜像上传至glance中
[root@controller ~(keystone_admin)]# glance image-create --name small --disk-format qcow2 --container-format bare^C
[root@controller ~(keystone_admin)]# file /root/cirros-0.3.3-x86_64-disk.img
/root/cirros-0.3.3-x86_64-disk.img: QEMU QCOW Image (v2), 41126400 bytes
[root@controller ~(keystone_admin)]# glance image-create --name small --disk-format qcow2 --container-format bare --min-disk 10 --min-ram 512 --file /root/cirros-0.3.3-x86_64-disk.img --is-public False --human-readable --progress
[=============================>] 100%
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | 133eae9fb1c98f45894a4e60d8736619 |
| container_format | bare |
| created_at | 2015-11-05T11:07:19 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | ececad95-1193-4520-9a69-b715d45af7ba |
| is_public | False |
| min_disk | 10 |
| min_ram | 512 |
| name | small |
| owner | 5637fcf7bfe3402084f2cc4ebe4d00e7 |
| protected | False |
| size | 12.6MB |
| status | active |
| updated_at | 2015-11-05T11:07:19 |
| virtual_size | None |
+------------------+--------------------------------------+
查看image列表:
[root@controller ~(keystone_admin)]# glance image-list
+--------------------------------------+-------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+-------+-------------+------------------+----------+--------+
| ececad95-1193-4520-9a69-b715d45af7ba | small | qcow2 | bare | 13200896 | active |
+--------------------------------------+-------+-------------+------------------+----------+--------+
查看image详细信息:
[root@controller ~(keystone_admin)]# glance image-show ececad95-1193-4520-9a69-b715d45af7ba
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | 133eae9fb1c98f45894a4e60d8736619 |
| container_format | bare |
| created_at | 2015-11-05T11:07:19 |
| deleted | False |
| disk_format | qcow2 |
| id | ececad95-1193-4520-9a69-b715d45af7ba |
| is_public | False |
| min_disk | 10 |
| min_ram | 512 |
| name | small |
| owner | 5637fcf7bfe3402084f2cc4ebe4d00e7 |
| protected | False |
| size | 13200896 |
| status | active |
| updated_at | 2015-11-05T11:07:19 |
+------------------+--------------------------------------+
修改image的属性:
[root@controller ~(keystone_admin)]# glance image-update --is-public True ececad95-1193-4520-9a69-b715d45af7ba
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | 133eae9fb1c98f45894a4e60d8736619 |
| container_format | bare |
| created_at | 2015-11-05T11:07:19 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | ececad95-1193-4520-9a69-b715d45af7ba |
| is_public | True | #update完毕
| min_disk | 10 |
| min_ram | 512 |
| name | small |
| owner | 5637fcf7bfe3402084f2cc4ebe4d00e7 |
| protected | False |
| size | 13200896 |
| status | active |
| updated_at | 2015-11-05T11:09:32 |
| virtual_size | None |
+------------------+--------------------------------------+
例2 :image可以设置其是否属于私有还是共有的属性,即通过is_public属性设置,如果is_public设置为私有的,则只能在自己所属的tenant下,image可见,可以通过member的方式,将其共享给其他的tenant
[root@controller ~(keystone_admin)]# glance image-show ececad95-1193-4520-9a69-b715d45af7ba
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | 133eae9fb1c98f45894a4e60d8736619 |
| container_format | bare |
| created_at | 2015-11-05T11:07:19 |
| deleted | False |
| disk_format | qcow2 |
| id | ececad95-1193-4520-9a69-b715d45af7ba |
| is_public | False | #属性为私有,只有tenant内部的user可以查看到image
| min_disk | 10 |
| min_ram | 512 |
| name | small |
| owner | 5637fcf7bfe3402084f2cc4ebe4d00e7 |
| protected | False |
| size | 13200896 |
| status | active |
| updated_at | 2015-11-05T11:29:38 |
+------------------+--------------------------------------+
#以user1的身份,查看image的情况,无法显示到admin tenant中的镜像
[root@controller ~(keystone_admin)]# source keystonerc_user1
[root@controller ~(keystone_user1)]# glance image-list
+----+------+-------------+------------------+------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+----+------+-------------+------------------+------+--------+
+----+------+-------------+------------------+------+--------+
#再次登录admin的身份,通过member的方式授予project1查看使用某个镜像的权限
[root@controller ~(keystone_user1)]# source keystonerc_admin
[root@controller ~(keystone_admin)]# glance member-create --can-share ececad95-1193-4520-9a69-b715d45af7ba d179ac2fd9ea4d9bbe2b40739f84454a
[root@controller ~(keystone_admin)]# glance member-list --image-id ececad95-1193-4520-9a69-b715d45af7ba
+--------------------------------------+----------------------------------+-----------+
| Image ID | Member ID | Can Share |
+--------------------------------------+----------------------------------+-----------+
| ececad95-1193-4520-9a69-b715d45af7ba | d179ac2fd9ea4d9bbe2b40739f84454a | True |
#user1再次登录确认是否能看到镜像
[root@controller ~(keystone_admin)]# source keystonerc_user1
[root@controller ~(keystone_user1)]# glance image-list
+--------------------------------------+-------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+-------+-------------+------------------+----------+--------+
| ececad95-1193-4520-9a69-b715d45af7ba | small | qcow2 | bare | 13200896 | active | #成功看到
+--------------------------------------+-------+-------------+------------------+----------+--------+
#admin将image的权限回收
[root@controller ~(keystone_user1)]# source keystonerc_admin
[root@controller ~(keystone_admin)]# glance member-delete ececad95-1193-4520-9a69-b715d45af7ba d179ac2fd9ea4d9bbe2b40739f84454a
运维网声明
1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网 享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com