标签:访问 loss conf creat ati poi stack 客户端 bpa
简介
OpenStack镜像服务包括以下组件:
glance-api
接收镜像API的调用,诸如镜像发现、恢复、存储。
glance-registry
存储、处理和恢复镜像的元数据,元数据包括项诸如大小和类型。
数据库
存放镜像元数据,用户是可以依据个人喜好选择数据库的,多数的部署使用MySQL或SQLite。
镜像文件的存储仓库
元数据定义服务
通用的API,是用于为厂商,管理员,服务,以及用户自定义元数据。这种元数据可用于不同的资源,例如镜像,工件,卷,配额以及集合。一个定义包括了新属性的键,描述,约束以及可以与之关联的资源的类型。
先决条件
安装和配置镜像服务之前,你必须创建创建一个数据库、服务凭证和API端点。
完成下面的步骤以创建数据库:
用数据库连接客户端以 root 用户连接到数据库服务器:
$ mysql -u rgalera -p galera -h 192.168.16.10
创建 glance 数据库:
MariaDB [(none)]> CREATE DATABASE glance;
对``glance``数据库授予恰当的权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘localhost‘ \
IDENTIFIED BY ‘GLANCE_DBPASS‘;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘%‘ \
IDENTIFIED BY ‘GLANCE_DBPASS‘;
Flush privileges;
用一个合适的密码替换 GLANCE_DBPASS。
退出数据库客户端。
凭证来获取只有管理员能执行的命令的访问权限:
$ . admin-openrc
要创建服务证书,完成这些步骤:
$ openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3f4e777c4062483ab8d9edd7dff829df |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ openstack role add --project service --user glance admin
$ openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| name | glance |
| type | image |
+-------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 340be3625e9b4239a6415d034e98aace |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a6e4b153c2ae4c919eccfdbb7dceb5d2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0c37ed58103f4300a84ff125a539032d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
所有控制节点上安装
# yum install openstack-glance
编辑文件 /etc/glance/glance-api.conf 并完成如下动作:
在 [database] 部分,配置数据库访问:
[root@controller1 ~]# vim /etc/glance/glance-api.conf
…
Bind_host = 192.168.16.11 # 监听ip地址,为了避免和vip冲突。
registry_host = 192.168.16.10 # vip地址
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
将``GLANCE_DBPASS`` 替换为你为镜像服务选择的密码。
在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问:
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers =controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
# ...
flavor = keystone
将 GLANCE_PASS 替换为你为认证服务中你为 glance 用户选择的密码。
注解
在 [keystone_authtoken] 中注释或者删除其他选项。
在 [glance_store] 部分,配置本地文件系统存储和镜像文件位置:
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
编辑文件 ``/etc/glance/glance-registry.conf``并完成如下动作:
在 [database] 部分,配置数据库访问:
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller1/glance
将``GLANCE_DBPASS`` 替换为你为镜像服务选择的密码。
在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问:
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers =controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
# ...
flavor = keystone
将 GLANCE_PASS 替换为你为认证服务中你为 glance 用户选择的密码。
将修改后的配置文件拷贝到其他controller节点
[root@controller1 ~]# cd /etc/glance/
[root@controller1 glance]# scp glance-api.conf glance-registry.conf controller2:/etc/glance/
[root@controller1 glance]# scp glance-api.conf glance-registry.conf controller3:/etc/glance/
注意修改监听地址
其中一台控制节点上操作即可
su -s /bin/sh -c "glance-manage db_sync" glance
所有控制节点上执行操作
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service | grep running
将glance-api和glance-registry服务写入haproxy文件
listen glance_api_cluster
bind 192.168.16.10:9292
balance source
option tcpka
option httpchk
option tcplog
server controller1 192.168.16.11:9292 check inter 2000 rise 2 fall 5
server controller2 192.168.16.12:9292 check inter 2000 rise 2 fall 5
server controller3 192.168.16.13:9292 check inter 2000 rise 2 fall 5
listen glance_registry_cluster
bind 192.168.16.10:9191
balance source
option tcpka
option tcplog
server controller1 192.168.16.11:9191 check inter 2000 rise 2 fall 5
server controller2 192.168.16.12:9191 check inter 2000 rise 2 fall 5
server controller3 192.168.16.13:9191 check inter 2000 rise 2 fall 5
同步到其他controller节点,并重启haproxy服务
Systemctl restart haproxy
. admin-openrc
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它:
$ openstack image create "cirros" \
--file cirros-0.3.5-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 133eae9fb1c98f45894a4e60d8736619 |
| container_format | bare |
| created_at | 2015-03-26T16:52:10Z |
| disk_format | qcow2 |
| file | /v2/images/cc5c6982-4910-471e-b864-1098015901b5/file |
| id | cc5c6982-4910-471e-b864-1098015901b5 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | ae7a98326b9c455588edd2656d723b9d |
| protected | False |
| schema | /v2/schemas/image |
| size | 13200896 |
| status | active |
| tags | |
| updated_at | 2015-03-26T16:52:10Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
For information about the openstack image create parameters, see Create or update an image (glance) in the OpenStackUser Guide.
For information about disk and container formats for images, see Disk and container formats for images in the OpenStackVirtual Machine Image Guide.
$ openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | active |
+--------------------------------------+--------+--------+
标签:访问 loss conf creat ati poi stack 客户端 bpa
原文地址:https://www.cnblogs.com/hanjingzheng/p/9082250.html