The notes are learned according to the old boy Video + official documents and recorded. If there are mistakes and omissions, those in a good mood can point out them.
Video address: https://www.bilibili.com/video/BV1LJ411Y7og?p=12
Mirror service (GRACE)
The mirroring service (GRACE) allows users to discover, register and obtain virtual machine images. It provides a REST API that allows you to query the metadata of the virtual machine image and obtain an existing image. You can store virtual machine images in various locations, from simple file systems to object storage systems - such as OpenStack object storage, and use them through the image service.
- OpenStack image service includes the following components:
- glance-api
Receive calls to the image API, such as image discovery, recovery, and storage. - glance-registry
Stores, processes, and restores mirrored metadata, including items such as size and type. Contains some properties to modify the mirror.
PS: Grace registry is a private internal service for OpenStack Image service. Do not expose the service to users
Creative library, authorization
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
-> IDENTIFIED BY 'pjkUV4tb4KTG6etayHNL';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
-> IDENTIFIED BY 'pjkUV4tb4KTG6etayHNL';
Query OK, 0 rows affected (0.00 sec)
Check whether the account login is successful
[root@controller01 ~]# mysql -uglance -ppjkUV4tb4KTG6etayHNL Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 12 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | glance | | information_schema | +--------------------+ 2 rows in set (0.01 sec) MariaDB [(none)]> Ctrl-C -- exit! Aborted
Creating services and registering API s on keystone
Create the grace user and add the admin role to the grace user and service project
- -prompt creates a password for the interaction
- You can also directly -- password without writing prompt 4kcjG3eeAutWlMbBR2gu
[root@controller01 ~]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 8cba1e7341c14ab993124909c705919a | | enabled | True | | id | aeead746b25d4d54a39abd97d9a9e815 | | name | glance | +-----------+----------------------------------+
[root@controller01 ~]# openstack role add --project service --user glance admin
Create a grace entity
[root@controller01 ~]# openstack service create --name glance \ > --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | 0c0c1aac97f24588b553e3147a94fdac | | name | glance | | type | image | +-------------+----------------------------------+
Create an API endpoint for the mirror service
[root@controller01 ~]# openstack endpoint create --region RegionOne \ > image public http://controller01:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | c43489adf7d044d5a00160419724ab6c | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 0c0c1aac97f24588b553e3147a94fdac | | service_name | glance | | service_type | image | | url | http://controller01:9292 | +--------------+----------------------------------+ [root@controller01 ~]# openstack endpoint create --region RegionOne \ > image internal http://controller01:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 30f5364d2dcf4cc4be67c80810c673a4 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 0c0c1aac97f24588b553e3147a94fdac | | service_name | glance | | service_type | image | | url | http://controller01:9292 | +--------------+----------------------------------+ [root@controller01 ~]# openstack endpoint create --region RegionOne \ > image admin http://controller01:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | ac52d68aad6944fe857a5f9fbb8021de | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 0c0c1aac97f24588b553e3147a94fdac | | service_name | glance | | service_type | image | | url | http://controller01:9292 | +--------------+----------------------------------+
Install grace
yum install openstack-glance -y
Modify configuration
glance-api
The official content is as follows:
You need to modify one of the three modules
In the [database] section, configure database access:
[database] ... connection = mysql+pymysql://glance:pjkUV4tb4KTG6etayHNL@controller01/glance
Note that the password is the password of the user created in the database
controller01 is the host resolution defined at the beginning of basic setting
In the [keystone_authtoken] and [paste_deploy] sections, configure authentication service access:
[keystone_authtoken] ... auth_uri = http://controller01:5000 auth_url = http://controller01:35357 memcached_servers = controller01:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 4kcjG3eeAutWlMbBR2gu #Note that the password is the password of the user created in keystone [paste_deploy] ... flavor = keystone
Comment: comment or delete other options in [keystone_authtoken].
In the [grace_store] section, configure the local file system storage and mirror file locations:
[glance_store] ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
glance-registry
In the [database] section, configure database access:
[database] ... connection = mysql+pymysql://glance:pjkUV4tb4KTG6etayHNL@controller01/glance
Will grace_ Replace dbpass with the password you selected for the mirroring service.
In the [keystone_authtoken] and [paste_deploy] sections, configure authentication service access:
[keystone_authtoken] ... auth_uri = http://controller01:5000 auth_url = http://controller01:35357 memcached_servers = controller01:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 4kcjG3eeAutWlMbBR2gu #Note that the password is the password of the user created in keystone [paste_deploy] ... flavor = keystone
Synchronize database
*In the official document, it is stated for synchronizing the grace database: ignore any information in the output that is not recommended.
[root@controller01 glance]# su -s /bin/sh -c "glance-manage db_sync" glance Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future. /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade expire_on_commit=expire_on_commit, _conf=conf) /usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.') result = self._query(query)
[root@controller01 glance]# mysql -uroot -phl044sdvwTT1LZ7Oa4wp glance -e "show tables;" +----------------------------------+ | Tables_in_glance | +----------------------------------+ | artifact_blob_locations | | artifact_blobs | | artifact_dependencies | | artifact_properties | | artifact_tags | | artifacts | | image_locations | | image_members | | image_properties | | image_tags | | images | | metadef_namespace_resource_types | | metadef_namespaces | | metadef_objects | | metadef_properties | | metadef_resource_types | | metadef_tags | | migrate_version | | task_info | | tasks | +----------------------------------+
- Verify that the tables are created in the grace database. Indicates that the command was run successfully.
Start service
[root@controller01 glance]# systemctl enable openstack-glance-api.service \ > openstack-glance-registry.service Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service. [root@controller01 glance]# systemctl start openstack-glance-api.service \ > openstack-glance-registry.service
verification
If the service is started successfully, it will listen to tcp 9292 and 9191; Since port 9292 was filled in when registering services on keystone, we focus on port 9292 here.
As a result, I made a mistake here..
The error contents are as follows:
[root@controller01 glance]# systemctl status openstack-glance-api.service openstack-glance-registry.service
● openstack-glance-api.service - OpenStack Image Service (code-named Glance) API server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Wed 2021-10-20 10:50:44 CST; 7s ago
Process: 3767 ExecStart=/usr/bin/glance-api (code=exited, status=1/FAILURE)
Main PID: 3767 (code=exited, status=1/FAILURE)
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service: main process exited, code=exited, status=1/FAILURE
Oct 20 10:50:44 controller01 systemd[1]: Unit openstack-glance-api.service entered failed state.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service failed.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service holdoff time over, scheduling restart.
Oct 20 10:50:44 controller01 systemd[1]: Stopped OpenStack Image Service (code-named Glance) API server.
Oct 20 10:50:44 controller01 systemd[1]: start request repeated too quickly for openstack-glance-api.service
Oct 20 10:50:44 controller01 systemd[1]: Failed to start OpenStack Image Service (code-named Glance) API server.
Oct 20 10:50:44 controller01 systemd[1]: Unit openstack-glance-api.service entered failed state.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-api.service failed.
● openstack-glance-registry.service - OpenStack Image Service (code-named Glance) Registry server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-registry.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Wed 2021-10-20 10:50:44 CST; 7s ago
Process: 3757 ExecStart=/usr/bin/glance-registry (code=exited, status=1/FAILURE)
Main PID: 3757 (code=exited, status=1/FAILURE)
Oct 20 10:50:43 controller01 systemd[1]: openstack-glance-registry.service: main process exited, code=exited, status=1/FAILURE
Oct 20 10:50:43 controller01 systemd[1]: Unit openstack-glance-registry.service entered failed state.
Oct 20 10:50:43 controller01 systemd[1]: openstack-glance-registry.service failed.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-registry.service holdoff time over, scheduling restart.
Oct 20 10:50:44 controller01 systemd[1]: Stopped OpenStack Image Service (code-named Glance) Registry server.
Oct 20 10:50:44 controller01 systemd[1]: start request repeated too quickly for openstack-glance-registry.service
Oct 20 10:50:44 controller01 systemd[1]: Failed to start OpenStack Image Service (code-named Glance) Registry server.
Oct 20 10:50:44 controller01 systemd[1]: Unit openstack-glance-registry.service entered failed state.
Oct 20 10:50:44 controller01 systemd[1]: openstack-glance-registry.service failed.
2021-10-20 10:52:11.184 4043 CRITICAL glance [-] MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url
2021-10-20 10:52:11.184 4043 ERROR glance Traceback (most recent call last):
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/bin/glance-api", line 10, in <module>
2021-10-20 10:52:11.184 4043 ERROR glance sys.exit(main())
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/glance/cmd/api.py", line 91, in main
2021-10-20 10:52:11.184 4043 ERROR glance server.start(config.load_paste_app('glance-api'), default_port=9292)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/glance/common/config.py", line 259, in load_paste_app
2021-10-20 10:52:11.184 4043 ERROR glance app = deploy.loadapp("config:%s" % conf_file, name=app_name)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 247, in loadapp
2021-10-20 10:52:11.184 4043 ERROR glance return loadobj(APP, uri, name=name, **kw)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 272, in loadobj
2021-10-20 10:52:11.184 4043 ERROR glance return context.create()
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 710, in create
2021-10-20 10:52:11.184 4043 ERROR glance return self.object_type.invoke(self)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 207, in invoke
2021-10-20 10:52:11.184 4043 ERROR glance app = filter(app)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 1100, in auth_filter
2021-10-20 10:52:11.184 4043 ERROR glance return AuthProtocol(app, conf)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 682, in __init__
2021-10-20 10:52:11.184 4043 ERROR glance self._identity_server = self._create_identity_server()
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 1050, in _create_identity_server
2021-10-20 10:52:11.184 4043 ERROR glance auth_plugin = self._get_auth_plugin()
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 995, in _get_auth_plugin
2021-10-20 10:52:11.184 4043 ERROR glance return plugin_loader.load_from_options_getter(getter)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystoneauth1/loading/base.py", line 148, in load_from_options_getter
2021-10-20 10:52:11.184 4043 ERROR glance return self.load_from_options(**kwargs)
2021-10-20 10:52:11.184 4043 ERROR glance File "/usr/lib/python2.7/site-packages/keystoneauth1/loading/base.py", line 123, in load_from_options
2021-10-20 10:52:11.184 4043 ERROR glance raise exceptions.MissingRequiredOptions(missing_required)
2021-10-20 10:52:11.184 4043 ERROR glance MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url #This paragraph indicates the lack of auth_url parameter
2021-10-20 11:01:05.525 4356 ERROR glance_store._drivers.filesystem [-] Permission to write in /var/lib/glance/images/ denied
2021-10-20 11:01:05.525 4356 ERROR glance_store._drivers.filesystem None
2021-10-20 11:01:05.525 4356 ERROR glance_store._drivers.filesystem
- Startup failed. When you go back to check, you also find that there is a missing uri configuration, but the addition is still unsuccessful. After a thorough investigation, it was finally found that two configurations were used when changing the configuration file, both of which were auth_uri, one configured as auth_uri one is auth_url
Try uploading an image
[root@controller01 ~]# ls admin-openrc anaconda-ks.cfg cirros-0.3.4-x86_64-disk.img [root@controller01 ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public 503 Service Unavailable: The server is currently unavailable. Please try again at a later time. (HTTP 503)
view log
2021-10-20 11:24:19.535 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:24:19.582 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:24:19.583 4576 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data
2021-10-20 11:24:19.584 4576 INFO eventlet.wsgi.server [-] 192.168.137.11 - - [20/Oct/2021 11:24:19] "GET /v2/images HTTP/1.1" 503 370 1.831359
2021-10-20 11:37:41.115 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:37:41.159 4576 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2021-10-20 11:37:41.159 4576 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data
2021-10-20 11:37:41.160 4576 INFO eventlet.wsgi.server [-] 192.168.137.11 - - [20/Oct/2021 11:37:41] "GET /v2/schemas/image HTTP/1.1" 503 370 0.087925
#The prompt token was rejected by the server.
#Check the configuration file again.. The token of grace in keystone module is filled incorrectly. I didn't fill it out completely
#Change the configuration again. After the change, restart the configuration to take effect. This needs attention
Then it succeeded.
[root@controller01 ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2021-10-20T03:38:11Z | | disk_format | qcow2 | | file | /v2/images/2b98fc6c-82bd-4f1d-8747-903421664583/file | | id | 2b98fc6c-82bd-4f1d-8747-903421664583 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | cfb654cc503f4da8aaed7fde4a01c1f7 | | protected | False | | schema | /v2/schemas/image | | size | 13287936 | | status | active | | tags | | | updated_at | 2021-10-20T03:38:12Z | | virtual_size | None | | visibility | public | +------------------+------------------------------------------------------+
The files in the directory are also displayed. Indicates that the upload was successful,
[root@controller01 ~]# ll /var/lib/glance/images/ total 12980 -rw-r----- 1 glance glance 13287936 Oct 20 11:38 2b98fc6c-82bd-4f1d-8747-903421664583
#Check the MD5 value and confirm that the content has not been changed after the file is uploaded
[root@controller01 ~]# md5sum cirros-0.3.4-x86_64-disk.img ee1eca47dc88f4879d8a229cc70a07c6 cirros-0.3.4-x86_64-disk.img [root@controller01 ~]# md5sum /var/lib/glance/images/2b98fc6c-82bd-4f1d-8747-903421664583 ee1eca47dc88f4879d8a229cc70a07c6 /var/lib/glance/images/2b98fc6c-82bd-4f1d-8747-903421664583