标签:
Openstack组件部署 — Overview和前期环境准备
Openstack组建部署 — Environment of Controller Node
Openstack组件部署 — Keystone功能介绍与认证实现流程
Openstack组件部署 — Keystone Install & Create service entity and API endpoints
Openstack组件部署 — keystone(domain, projects, users, and roles)
官档:The Image service (glance) enables users to discover, register, and retrieve virtual machine images. It offers a REST API that enables you to query virtual machine image metadata and retrieve an actual image. You can store virtual machine images made available through the Image service in a variety of locations, from simple file systems to object-storage systems like OpenStack Object Storage.
粗译:Image service (glance)使用户能够发现、注册、检索虚拟机镜像。它提供了一个REST API让你能够查询虚拟机镜像的元数据和检索一个实际的镜像。无论是一个简单的file systems还是一个OpenStack Object Storage,你都可以通过Image service在各种不同的位置上存储一个虚拟机镜像。
Important:
For simplicity, this guide describes configuring the Image service to use the file back end, which uploads and stores in a directory on the controller node hosting the Image service. By default, this directory is /var/lib/glance/images/.
Before you proceed, ensure that the controller node has at least several gigabytes of space available in this directory.
重要提示:为了简单起见,该指南记录了使用Controller Node中的目录来上传和存储镜像文件。默认的,这个目录是/var/lib/glance/images/
。
在开始之前,确定Controller Node上的镜像存储目录还有几个G的空间。
官档:The OpenStack Image service is central to Infrastructure-as-a-Service (IaaS) as shown in Conceptual architecture. It accepts API requests for disk or server images, and metadata definitions from end users or OpenStack Compute components. It also supports the storage of disk or server images on various repository types, including OpenStack Object Storage.
A number of periodic processes run on the OpenStack Image service to support caching. Replication services ensure consistency and availability through the cluster. Other periodic processes include auditors, updaters, and reapers.
粗译:Openstack Image service是IaaS中非常重要的组件。它能够为磁盘或者服务器镜像接受来自于User或者Openstack Compute service的API请求和元数据定义。它也支持磁盘存储、服务器镜像、OpenStack Object Storage等何种存储方式。OpenStack Image service还运行着一些周期性的进程来支持缓存。而且同步服务(Replication services)还能确保集群中的镜像的一致性和可用性。其他的周期性进程还包括auditors, updaters, and reapers。
glance-api:提供了Image service的发现、检索、存储功能的API调用。
glance-registry:用于存储、处理、检索Image元数据。这些元数据包含了镜像的size和type等信息。需要注意的是,注册(glance-registry)是OpenStack Image service私有的内部服务,这意味着不能向User公开该服务。
Database:用于存储Image的元数据,支持大多数Database种类,常使用MySQL或SQLite来实现。
Storage repository for image files(镜像文件的存储仓库):支持多种存储类型,包括file systems、Object Storage、RADOS block devices、HTTP、Amazon S3等类型。但有些存储类型只支持只读访问。
Metadata definition service(元数据定义服务):是一个统一的vendors API,管理员、服务、用户可以定义他们所拥有的自定义元数据(custom metadata)。这个自定义的元数据可以使用不同的资源类型,如:images、artifacts、volumes、flavors、aggregates。定义包含了new property’s key、description、constraints和相关的资源类型。
在Controller Node上安装并配置OpenStack Image service
Before you install and configure the Image service, you must create a database, service credentials, and API endpoints.
在安装个配置Image service之前,你必须创建一个Database,service credentials,API endpoints。
Use the database access client to connect to the database server as the root
以数据库管理员root的身份登录数据库
mysql -u root -pfanguiju
Create the glance database
创建glance数据库
CREATE DATABASE glance;
Grant proper access to the glance database
创建数据库用户glance,并授予其对glance数据库的管理权限
GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘localhost‘ IDENTIFIED BY ‘fanguiju‘;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘%‘ IDENTIFIED BY ‘fanguiju‘;
Exit the database access client.
创建服务凭证
Source the admin credentials to gain access to admin-only CLI commands
[root@controller ~]# . admin-openrc
Create the glance user
创建glance用户
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 011fbf8c04f1479ab1a4e49b019b22d1 |
| enabled | True |
| id | 81712fe752e942fab0750288fb6bb103 |
| name | glance |
+-----------+----------------------------------+
Add the admin role to the glance user and service project
添加Project service和User glance到Role admin中
openstack role add --project service --user glance admin
Create the glance service entity
创建glance服务实体,将Image service加入到服务目录。
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | d15d7716542f4c0ca128796b33a76eed |
| name | glance |
| type | image |
+-------------+----------------------------------+
Create the Image service API endpoints
为OpenStack Image service创建认证服务端点
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller.jmilk.com:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 357e08b29f7f4a56a05877cf760b79f4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d15d7716542f4c0ca128796b33a76eed |
| service_name | glance |
| service_type | image |
| url | http://controller.jmilk.com:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller.jmilk.com:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c46bab42157942f0a77562bdfb73a25f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d15d7716542f4c0ca128796b33a76eed |
| service_name | glance |
| service_type | image |
| url | http://controller.jmilk.com:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller.jmilk.com:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e71b8c296f4442ccab8966ca6ec99da8 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d15d7716542f4c0ca128796b33a76eed |
| service_name | glance |
| service_type | image |
| url | http://controller.jmilk.com:9292 |
+--------------+----------------------------------+
yum install openstack-glance -y
In the [database] section, configure database access
配置Image service的数据库连接
vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:fanguiju@controller.jmilk.fan/glance
配置详细日志报告
[DEFAULT]
verbose = True
In the [keystone_authtoken] and [paste_deploy] sections, configure Identity service access
配置Identity service访问
注意:在[keystone_authtoken]
节点中,注释或删除其他别的选项。
[keystone_authtoken]
auth_uri = http://controller.jmilk.com:5000
auth_url = http://controller.jmilk.com:35357
memcached_servers = controller.jmilk.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = fanguiju
[paste_deploy]
flavor = keystone
In the [glance_store] section, configure the local file system store and location of image files
配置本地文件系统存储和镜像文件的存放路径
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
总览
[root@controller ~]# cat /etc/glance/glance-api.conf | grep -v ^# | grep -v ^$
[DEFAULT]
verbose = True
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://glance:fanguiju@controller.jmilk.fan/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://controller.jmilk.com:5000
auth_url = http://controller.jmilk.com:35357
memcached_servers = controller.jmilk.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = fanguiju
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
In the [database] section, configure database access
vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:fanguiju@controller.jmilk.com/glance
In the [keystone_authtoken] and [paste_deploy] sections, configure Identity service access
注意:在[keystone_authtoken]
节点中,注释或删除其他别的选项。
[keystone_authtoken]
auth_uri = http://controller.jmilk.com:5000
auth_url = http://controller.jmilk.com:35357
memcached_servers = controller.jmilk.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = fanguiju
[paste_deploy]
flavor = keystone
总览
[root@controller ~]# cat /etc/glance/glance-registry.conf | grep -v ^# | grep -v ^$
[DEFAULT]
[database]
connection = mysql+pymysql://glance:fanguiju@controller.jmilk.com/glance
[glance_store]
[keystone_authtoken]
auth_uri = http://controller.jmilk.com:5000
auth_url = http://controller.jmilk.com:35357
memcached_servers = controller.jmilk.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = fanguiju
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
su -s /bin/sh -c "glance-manage db_sync" glance
Note:
Ignore any deprecation messages in this output.
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
Openstack组建部署 — Glance Install
标签:
原文地址:http://blog.csdn.net/jmilk/article/details/51724360