四、部署GLANCE(controller节点)
4.1、安装和配置glance的Image服务
4.1.1、创建glance数据库
mysql -uroot -p
create database glance;
4.1.2、对glance数据库授予适当的访问权限
grant all privileges on glance.* to 'glance'@'localhost' identified by 'glance123';
grant all privileges on glance.* to 'glance'@'%' identified by 'glance123';
4.2、创建用户、修改配置文件
4.2.1、加载admin环境变量
. admin-openrc
4.2.2、创建glance用户
openstack user create --domain default --password-prompt glance
需设置密码。
4.2.3、将glance用户添加到service项目中,并授予对service项目有admin的权限
openstack role add --project service --user glance admin
4.2.4、创建glance服务实体
openstack service create --name glance --description "OpenStack Image" image
验证:
openstack service list
4.2.5、创建镜像API端点
openstack使用三种api端点代表三种服务,admin、internal、public
openstack endpoint create --region RegionOne image public http://controller1:9292
openstack endpoint create --region RegionOne image internal http://controller1:9292
openstack endpoint create --region RegionOne image admin http://controller1:9292
验证:
openstack endpoint list
4.3、安装配置glance
4.3.1、安装glance软件包
yum install openstack-glance -y
4.3.2、配置glance-api.conf文件
Glance-api:接收REST API的请求,然后通过其他模块(glance-registry及image store)来完成诸如镜像的查找、获取、上传、删除等操作,默认监听端口9292。
4.3.2.1、方法一
4.3.2.1.1、备份glance-api.conf文件
cp -a glance-api.conf{,.bak}
4.3.2.1.2、在glance-api.conf文件的[database]部分中,配置数据库访问
vim /etc/glance/glance-api.conf
……
[database]
……
2089 connection = mysql+pymysql://glance:glance123@controller1/glance
4.3.2.1.3、在[keystone_authtoken]和[paste_deploy]部分,配置身份服务访问
4858 [keystone_authtoken]
……
4872 www_authenticate_uri = http://controller1:5000
……
4887 auth_url = http://controller1:5000
……
4933 memcached_servers = controller1:11211
……
5010 service_token_roles_required = true
……
5013 auth_type = password
5014 project_domain_name = Default
5015 user_domain_name = Default
5016 project_name = service
5017 username = glance
5018 password = glance123
……
5493 [paste_deploy]
……
5522 flavor = keystone
4.3.2.1.4、在[glance_store]部分中,配置本地文件系统存储和图像文件的位置
3348 [glance_store]
……
3408 stores = file,http
……
3461 default_store = file
……
3745 filesystem_store_datadir = /var/lib/glance/images
4.3.2.2、方法二
4.3.2.2.1、备份glance-api.conf文件
cp -a glance-api.conf{,.bak}
4.3.2.2.2、将备份文件中的空行和#号开头的行删除掉,并注入到配置文件中
grep -Ev "^$|#" /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
4.3.2.2.3、安装openstack-utils (openstack-config命令)
yum install -y openstack-utils
4.3.2.2.4、传参
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:glance123@controller/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken service_token_roles_required true
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password glance123
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images
4.3.3、配置glance-registry.conf文件
Glance-registry:用于与MariaDB数据库交互,用于存储或获取镜像的元数据(metadata),默认监听端口9191。
4.3.3.1、方法一
4.3.3.1.1、备份glance-registry.conf文件
cp -a glance-registry.conf{,.bak}
4.3.3.1.2、在glance-api.conf文件的[database]部分中,配置数据库访问
vim /etc/glance/glance-registry.conf
……
[database]
……
1055 connection = mysql+pymysql://glance:glance123@controller1/glance
4.3.3.1.3、在[keystone_authtoken]和[paste_deploy]部分,配置身份服务访问
……
1174 www_authenticate_uri = http://controller1:5000
……
1189 auth_url = http://controller1:5000
……
1235 memcached_servers = controller1:11211
……
1307 service_token_roles_required = true
……
1315 auth_type = password
1316 project_domain_name = Default
1317 user_domain_name = Default
1318 project_name = service
1319 username = glance
1320 password = glance123
……
1768 [paste_deploy]
……
1798 flavor = keystone
4.3.3.2、方法二
4.3.3.2.1、备份glance-registry.conf文件
cp -a glance-registry.conf{,.bak}
4.3.3.2.2、将备份文件中的空行和#号开头的行删除掉,并注入到配置文件中
grep -Ev "^$|#" /etc/glance/glance- registry.conf.bak > /etc/glance/glance-registry.conf
4.3.3.2.3、安装openstack-utils (openstack-config命令)
yum install -y openstack-utils
4.3.3.2.4、传参
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:glance123@controller1/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://controller1:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller1:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller1:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken service_token_roles_required true
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password glance123
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
4.3.4、初始化glance数据库
su -s /bin/sh -c "glance-manage db_sync" glance
4.3.5、启动glance服务
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
systemctl enable openstack-glance-registry.service
systemctl start openstack-glance-registry.service
4.3.6、验证服务是否正常启动
systemctl status openstack-glance-api.service
netstat -natp|grep 9292
systemctl status openstack-glance-registry.service
netstat -natp|grep 9191
4.3.7、启动glance服务报错案例
4.3.7.1、ERROR glance OperationalError: (pymysql.err.OperationalError) (1044, u"Access denied for user 'glance'@'%' to database 'glance'") (Background on this error at: http://sqlalche.me/e/e3q8)
报错信息非常多见附件,重要信息如下:
……
2022-12-11 20:35:33.521 41401 ERROR glance raise errorclass(errno, errval)
2022-12-11 20:35:33.521 41401 ERROR glance OperationalError: (pymysql.err.OperationalError) (1044, u"Access denied for user 'glance'@'%' to database 'glance'") (Background on this error at: http://sqlalche.me/e/e3q8)
2022-12-11 20:35:33.521 41401 ERROR glance
2022-12-11 20:35:42.945 41419 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
2022-12-11 20:35:43.980 41432 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
2022-12-11 20:35:44.974 41445 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
2022-12-11 20:35:45.966 41458 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
2022-12-11 20:35:46.964 41471 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
2022-12-11 20:39:01.954 41624 CRITICAL glance [-] Unhandled error: OperationalError: (pymysql.err.OperationalError) (1044, u"Access denied for user 'glance'@'%' to database 'glance'") (Background on this error at: http://sqlalche.me/e/e3q8)
2022-12-11 20:39:01.954 41624 ERROR glance Traceback (most recent call last):
2022-12-11 20:39:01.954 41624 ERROR glance File "/usr/bin/glance-manage", line 10, in
2022-12-11 20:39:01.954 41624 ERROR glance sys.exit(main())
……
2022-12-11 20:55:39.118 42400 ERROR glance OperationalError: (pymysql.err.OperationalError) (1044, u"Access denied for user 'glance'@'%' to database 'glance'") (Background on this error at: http://sqlalche.me/e/e3q8)
原因:grant授权命令写错;并且初始化glance数据库时未及时做验证,导致部署到启动glance服务时出错。
grant all privileges on glnce.* to 'glance'@'localhost' identified by 'glance123';
grant all privileges on glnce.* to 'glance'@'%' identified by 'glance123';
解决方法:重新授权,并重新初始化glance数据库。
grant all privileges on glance.* to 'glance'@'localhost' identified by 'glance123';
grant all privileges on glance.* to 'glance'@'%' identified by 'glance123';
4.3.7.2、WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
api.log报错信息如下:
2022-12-11 21:29:29.155 44159 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
原因:根据官方文档修改glance-api.conf和glance-registry.conf文件中的[keystone_authtoken]部分时,缺少service_token_roles_required 将false改为true的说明指导。并且官方文档中缺少glance-registry.conf文件的全部配置指导。
解决方法:将glance-api.conf和glance-registry.conf文件中[keystone_authtoken]模块的service_token_roles_required = false改为true;然后重新启动glance服务。
4.3.7.3、glance服务起不来,并且api.log中没有日志
原因:glance-api.conf和glance-registry.conf配置错误;glance-api.conf和glance-registry.conf文件中[keystone_authtoken]模块的 auth_url 部分写成auth_uri了。
解决方法:将错误配置auth_uri = http://controller:5000修改为正确配置auth_url = http://controller:5000 并重新启动glance服务。
4.3.8、验证glance服务
. admin-openrc
cd openstack_images/
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img #根据官网知道,wget方式无法直接下载,需从浏览器单独下载,再传到镜像服务器上。
浏览器访问http://download.cirros-cloud.net
上传镜像:
glance image-create --name "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public
查看已上传镜像信息:
glance image-list
glance image-show 55ac0c43-6f7f-4cec-93de-81a646211ca5
openstack image show 55ac0c43-6f7f-4cec-93de-81a646211ca5