Openstack配置手册-Glance配置

# 添加glance账户，并定义其隶属于service租户，密码为servicepassword
[root@node1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword glance
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 1be75e85ec9445ab9ff7dd7ec2f02b71 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | c7d9e5856499477586c5aab82c62e986 |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

# 授权glance账户为admin角色
[root@node1 ~(keystone)]# openstack role add --project service --user glance admin

# 创建glance服务
[root@node1 ~(keystone)]# openstack service create --name glance --description "OpenStack Image service" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image service          |
| enabled     | True                             |
| id          | fe9ae19600fc4de79de82c715dcfab22 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

# 创建glance endpoint的public、internal、admin信息
[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne image public http://192.168.10.11:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 2ddd331268e74eab8ca62b556a32a541 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fe9ae19600fc4de79de82c715dcfab22 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.11:9292        |
+--------------+----------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne image internal http://192.168.10.11:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 23f975faf3d74834be02804c66288c03 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fe9ae19600fc4de79de82c715dcfab22 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.11:9292        |
+--------------+----------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne image admin http://192.168.10.11:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | a52f2a9125bb401faefcb79ac725f0d4 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fe9ae19600fc4de79de82c715dcfab22 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.11:9292        |
+--------------+----------------------------------+

[root@node1 ~(keystone)]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 19
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on glance.* to glance@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on glance.* to glance@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

1) 安装Glance
[root@node1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-glance -y

2) 配置Glance
(1) 配置Glance API
[root@node1 ~(keystone)]# mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
[root@node1 ~(keystone)]# vim /etc/glance/glance-api.conf
[DEFAULT]
bind_host = 0.0.0.0

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

[database]
connection = mysql+pymysql://glance:password@192.168.10.11/glance

# 定义连接keystone的信息
[keystone_authtoken]
www_authenticate_uri = http://192.168.10.11:5000
auth_url = http://192.168.10.11:5000
memcached_servers = 192.168.10.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = servicepassword

[paste_deploy]
flavor = keystone

(2) 配置Glance Registry
[root@node1 ~(keystone)]# mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
[root@node1 ~(keystone)]# vim /etc/glance/glance-registry.conf
[DEFAULT]
bind_host = 0.0.0.0

[database]
connection = mysql+pymysql://glance:password@192.168.10.11/glance

[keystone_authtoken]
www_authenticate_uri = http://192.168.10.11:5000
auth_url = http://192.168.10.11:5000
memcached_servers = 192.168.10.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = servicepassword

[paste_deploy]
flavor = keystone

[root@node1 ~(keystone)]# chmod 640 /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
[root@node1 ~(keystone)]# chown root:glance /etc/glance/glance-api.conf /etc/glance/glance-registry.conf

[root@node1 ~(keystone)]# su -s /bin/bash glance -c "glance-manage db_sync"
......
......
Database is synced successfully.

[root@node1 ~(keystone)]# systemctl enable --now openstack-glance-api openstack-glance-registry

3) SELinxu及防火墙设定
[root@node1 ~(keystone)]# setsebool -P glance_api_can_network on

[root@node1 ~(keystone)]# firewall-cmd --add-port={9191/tcp,9292/tcp} --permanent
success
[root@node1 ~(keystone)]# firewall-cmd --reload
success

1) 安装KVM并设置桥接
[root@node1 ~(keystone)]# yum install qemu-kvm libvirt virt-install bridge-utils -y
[root@node1 ~(keystone)]# lsmod | grep kvm
kvm_intel             188644  0 
kvm                   621480  1 kvm_intel
irqbypass              13503  1 kvm
[root@node1 ~(keystone)]# systemctl enable --now libvirtd

2) 安装实例
[root@node1 ~(keystone)]# qemu-img create -f qcow2 /var/lib/libvirt/images/c7.img 5G

[root@node1 ~(keystone)]# virt-install \
--name c77 \
--ram 2048 \
--disk path=/var/lib/libvirt/images/c7.img,format=qcow2 \
--vcpus 2 \
--os-type linux \
--os-variant rhel7 \
--graphics none \
--console pty,target_type=serial \
--location 'ftp://csrv.1000cc.net/pub/CentOS/7/os/x86_64' \
--extra-args 'console=ttyS0,115200n8 serial'

3) 配置实例
(1) 删除实例中网卡配置文件中的HWADDR及UUID字段信息
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

(2) 安装cloud init并启动这个服务,这个服务在启动之后将会自动添加一个centos的普通账户
[root@localhost ~]# yum install cloud-init -y
# 不要启动cloud-init
[root@localhost ~]# systemctl enable cloud-init

[root@localhost ~]# poweroff

[root@node1 ~(keystone)]# openstack image create "c77" \
--file /var/lib/libvirt/images/c7.img \
--disk-format qcow2 \
--container-format bare \
--public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | f702e0dc1111aca67e04a934afe33d56                     |
| container_format | bare                                                 |
| created_at       | 2020-02-05T14:03:44Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/d2cf4454-09a0-43fa-83b4-aaa9df0f5919/file |
| id               | d2cf4454-09a0-43fa-83b4-aaa9df0f5919                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | c77                                                  |
| owner            | 6f83afcc475b440bb9816ea20ba26c5f                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 1705508864                                           |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2020-02-05T14:03:57Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+

[root@node1 ~(keystone)]# openstack image list
+--------------------------------------+------+--------+
| ID                                   | Name | Status |
+--------------------------------------+------+--------+
| d2cf4454-09a0-43fa-83b4-aaa9df0f5919 | c77  | active |
+--------------------------------------+------+--------+

1) 完成HandBook-ceph单元-第1阶段内容-----Glance节点作为Ceph客户端
# 本例子为:node5--admin节点/node6/node7/node8四台主机

2) 创建MDS----于node5节点操作
[snow@node5 ~]$ ceph-deploy mds create node6

3) 将node6上的ceph.client.admin.keyring赋权----于node6节点操作
[snow@node6 ~]$ sudo chmod 644 /etc/ceph/ceph.client.admin.keyring

4) 创建并验证pool----于node6节点操作
[snow@node6 ~]$ ceph osd pool create glance 128

# 查看池空间的使用情况----于node6节点操作
[snow@node6 ~]$ rados df

# 查看池里有什么内容----于node6节点操作
[snow@node6 ~]$ rados -p glance ls

5) ceph客户端配置---于Glance节点操作
[snow@node5 ~]$ ceph-deploy install \
--release nautilus \
--repo-url http://mirrors.ustc.edu.cn/ceph/rpm-nautilus/el7/ \
--nogpgcheck srv1

[snow@node5 ~]$ ceph-deploy admin node1

# 确认ceph.client.admin.keyring存在
[root@node1 ~(keystone)]# ls /etc/ceph/
ceph.client.admin.keyring  ceph.conf  rbdmap  tmpbid7QE

# 允许glance能够访问ceph.client.admin.keyring
[root@node1 ~(keystone)]# setfacl -m u:glance:r-- /etc/ceph/ceph.client.admin.keyring

# 确认ceph pools可以访问
[root@node1 ~(keystone)]# rados lspools
glance

6) 配置Glance服务，使用ceph作为后端存储---于Glance节点操作
[root@node1 ~(keystone)]# vim /etc/glance/glance-api.conf
......
......

# 注释[glance_store]区段的下面(5-7行)的内容,并添加如下内容
[glance_store]
#stores = file,http
#default_store = file
#filesystem_store_datadir = /var/lib/glance/images/
default_store = rbd
stores = rbd
rbd_store_pool = glance
rbd_store_user = admin
rbd_store_ceph_conf = /etc/ceph/ceph.conf
rbd_store_chunk_size = 8

[root@node1 ~(keystone)]# systemctl restart openstack-glance-api openstack-glance-registry

7) 测试---于Glance节点操作
(1) 准备好一个镜像文件

(2) 测试
[root@node1 ~(keystone)]# openstack image create "c82" \
--file ./cloud-centos8.img \
--disk-format qcow2 \
--container-format bare \
--public

(3) 查看并确认
[root@node1 ~(keystone)]# openstack image list
+--------------------------------------+------+--------+
| ID                                   | Name | Status |
+--------------------------------------+------+--------+
| cf3fb321-27a5-4f72-a0fb-b553fe5ded34 | c78  | active |
| 7b84d7b1-186f-4eca-b74a-95f7d8fba020 | c82  | active |
+--------------------------------------+------+--------+

[root@node1 ~(keystone)]# rados -p glance ls  | grep id
rbd_id.7b84d7b1-186f-4eca-b74a-95f7d8fba020

[root@node1 ~(keystone)]# rados df
......
......
total_objects    756
total_used       21 GiB
total_avail      75 GiB
total_space      96 GiB