四、部署GLANCE（controller节点）

4.1、安装和配置glance的Image服务

4.1.1、创建glance数据库

mysql -uroot -p

create database glance;

4.1.2、对glance数据库授予适当的访问权限

grant all privileges on glance.* to 'glance'@'localhost' identified by 'glance123';

grant all privileges on glance.* to 'glance'@'%' identified by 'glance123';

4.2、创建用户、修改配置文件

4.2.1、加载admin环境变量

. admin-openrc

4.2.2、创建glance用户

openstack user create --domain default --password-prompt glance

需设置密码。

4.2.3、将glance用户添加到service项目中，并授予对service项目有admin的权限

openstack role add --project service --user glance admin

4.2.4、创建glance服务实体

openstack service create --name glance --description "OpenStack Image" image

验证：

openstack service list

4.2.5、创建镜像API端点

openstack使用三种api端点代表三种服务，admin、internal、public

openstack endpoint create --region RegionOne image public http://controller1:9292

openstack endpoint create --region RegionOne image internal http://controller1:9292

openstack endpoint create --region RegionOne image admin http://controller1:9292

验证：

openstack endpoint list

4.3、安装配置glance

4.3.1、安装glance软件包

yum install openstack-glance -y

4.3.2、配置glance-api.conf文件

Glance-api：接收REST API的请求，然后通过其他模块（glance-registry及image store）来完成诸如镜像的查找、获取、上传、删除等操作，默认监听端口9292。

4.3.2.1、方法一

4.3.2.1.1、备份glance-api.conf文件

cp -a glance-api.conf{,.bak}

4.3.2.1.2、在glance-api.conf文件的[database]部分中，配置数据库访问

vim /etc/glance/glance-api.conf

……

[database]

……

2089 connection = mysql+pymysql://glance:glance123@controller1/glance

4.3.2.1.3、在[keystone_authtoken]和[paste_deploy]部分，配置身份服务访问

4858 [keystone_authtoken]

……

4872 www_authenticate_uri = http://controller1:5000

……

4887 auth_url = http://controller1:5000

……

4933 memcached_servers = controller1:11211

……

5010 service_token_roles_required = true

……

5013 auth_type = password

5014 project_domain_name = Default

5015 user_domain_name = Default

5016 project_name = service

5017 username = glance

5018 password = glance123

……

5493 [paste_deploy]

……

5522 flavor = keystone

4.3.2.1.4、在[glance_store]部分中，配置本地文件系统存储和图像文件的位置

3348 [glance_store]

……

3408 stores = file,http

……

3461 default_store = file

……

3745 filesystem_store_datadir = /var/lib/glance/images

4.3.2.2、方法二

4.3.2.2.1、备份glance-api.conf文件

cp -a glance-api.conf{,.bak}

4.3.2.2.2、将备份文件中的空行和#号开头的行删除掉，并注入到配置文件中

grep -Ev "^$|#" /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf

4.3.2.2.3、安装openstack-utils (openstack-config命令)

yum install -y openstack-utils

4.3.2.2.4、传参

openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:glance123@controller/glance

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken service_token_roles_required true

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password glance123

openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone

openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http

openstack-config --set /etc/glance/glance-api.conf glance_store default_store file

openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images

4.3.3、配置glance-registry.conf文件

Glance-registry：用于与MariaDB数据库交互，用于存储或获取镜像的元数据（metadata），默认监听端口9191。

4.3.3.1、方法一

4.3.3.1.1、备份glance-registry.conf文件

cp -a glance-registry.conf{,.bak}

4.3.3.1.2、在glance-api.conf文件的[database]部分中，配置数据库访问

vim /etc/glance/glance-registry.conf

……

[database]

……

1055 connection = mysql+pymysql://glance:glance123@controller1/glance

4.3.3.1.3、在[keystone_authtoken]和[paste_deploy]部分，配置身份服务访问

……

1174 www_authenticate_uri = http://controller1:5000

……

1189 auth_url = http://controller1:5000

……

1235 memcached_servers = controller1:11211

……

1307 service_token_roles_required = true

……

1315 auth_type = password

1316 project_domain_name = Default

1317 user_domain_name = Default

1318 project_name = service

1319 username = glance

1320 password = glance123

……

1768 [paste_deploy]

……

1798 flavor = keystone

4.3.3.2、方法二

4.3.3.2.1、备份glance-registry.conf文件

cp -a glance-registry.conf{,.bak}

4.3.3.2.2、将备份文件中的空行和#号开头的行删除掉，并注入到配置文件中

grep -Ev "^$|#" /etc/glance/glance- registry.conf.bak > /etc/glance/glance-registry.conf

4.3.3.2.3、安装openstack-utils (openstack-config命令)

yum install -y openstack-utils

4.3.3.2.4、传参

openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:glance123@controller1/glance

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://controller1:5000

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller1:5000

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller1:11211

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken service_token_roles_required true

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password glance123

openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

4.3.4、初始化glance数据库

su -s /bin/sh -c "glance-manage db_sync" glance

4.3.5、启动glance服务

systemctl enable openstack-glance-api.service

systemctl start openstack-glance-api.service

systemctl enable openstack-glance-registry.service

systemctl start openstack-glance-registry.service

4.3.6、验证服务是否正常启动

systemctl status openstack-glance-api.service

netstat -natp|grep 9292

systemctl status openstack-glance-registry.service

netstat -natp|grep 9191

4.3.7、启动glance服务报错案例

4.3.7.1、ERROR glance OperationalError: (pymysql.err.OperationalError) (1044, u"Access denied for user 'glance'@'%' to database 'glance'") (Background on this error at: http://sqlalche.me/e/e3q8)

报错信息非常多见附件，重要信息如下：

……

2022-12-11 20:35:33.521 41401 ERROR glance raise errorclass(errno, errval)

2022-12-11 20:35:33.521 41401 ERROR glance OperationalError: (pymysql.err.OperationalError) (1044, u"Access denied for user 'glance'@'%' to database 'glance'") (Background on this error at: http://sqlalche.me/e/e3q8)

2022-12-11 20:35:33.521 41401 ERROR glance

2022-12-11 20:35:42.945 41419 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.

2022-12-11 20:35:43.980 41432 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.

2022-12-11 20:35:44.974 41445 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.

2022-12-11 20:35:45.966 41458 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.

2022-12-11 20:35:46.964 41471 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.

2022-12-11 20:39:01.954 41624 CRITICAL glance [-] Unhandled error: OperationalError: (pymysql.err.OperationalError) (1044, u"Access denied for user 'glance'@'%' to database 'glance'") (Background on this error at: http://sqlalche.me/e/e3q8)

2022-12-11 20:39:01.954 41624 ERROR glance Traceback (most recent call last):

2022-12-11 20:39:01.954 41624 ERROR glance File "/usr/bin/glance-manage", line 10, in

2022-12-11 20:39:01.954 41624 ERROR glance sys.exit(main())

……

2022-12-11 20:55:39.118 42400 ERROR glance OperationalError: (pymysql.err.OperationalError) (1044, u"Access denied for user 'glance'@'%' to database 'glance'") (Background on this error at: http://sqlalche.me/e/e3q8)

原因：grant授权命令写错；并且初始化glance数据库时未及时做验证，导致部署到启动glance服务时出错。

grant all privileges on glnce.* to 'glance'@'localhost' identified by 'glance123';

grant all privileges on glnce.* to 'glance'@'%' identified by 'glance123';

解决方法：重新授权，并重新初始化glance数据库。

grant all privileges on glance.* to 'glance'@'localhost' identified by 'glance123';

grant all privileges on glance.* to 'glance'@'%' identified by 'glance123';

4.3.7.2、WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.

api.log报错信息如下：

2022-12-11 21:29:29.155 44159 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.

原因：根据官方文档修改glance-api.conf和glance-registry.conf文件中的[keystone_authtoken]部分时，缺少service_token_roles_required 将false改为true的说明指导。并且官方文档中缺少glance-registry.conf文件的全部配置指导。

解决方法：将glance-api.conf和glance-registry.conf文件中[keystone_authtoken]模块的service_token_roles_required = false改为true；然后重新启动glance服务。

4.3.7.3、glance服务起不来，并且api.log中没有日志

原因：glance-api.conf和glance-registry.conf配置错误；glance-api.conf和glance-registry.conf文件中[keystone_authtoken]模块的 auth_url 部分写成auth_uri了。

解决方法：将错误配置auth_uri = http://controller:5000修改为正确配置auth_url = http://controller:5000 并重新启动glance服务。

4.3.8、验证glance服务

. admin-openrc

cd openstack_images/

wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img #根据官网知道，wget方式无法直接下载，需从浏览器单独下载，再传到镜像服务器上。

浏览器访问http://download.cirros-cloud.net

上传镜像：

glance image-create --name "cirros" \

--file cirros-0.4.0-x86_64-disk.img \

--disk-format qcow2 --container-format bare \

--visibility public

查看已上传镜像信息：

glance image-list

glance image-show 55ac0c43-6f7f-4cec-93de-81a646211ca5

openstack image show 55ac0c43-6f7f-4cec-93de-81a646211ca5