Article Directory
Introduction to Glance Image Service
What is mirroring, mirroring is a collection of resources, similar to a compressed package
His project name in OpenStack is Glance. In the early version of OpenStack, Glance only had the function of managing images, and it also had the function of image storage. Now, Glance has developed into a multi-functional collection of image upload, retrieval, management and storage. OpenStack core services
Glance mirroring service
Mirroring service
Ambient image service is used to manage images, allowing users to discover, obtain, and save images.
Glance provides the image service in OpenStack. Its main functions are as follows:
query and obtain image metadata and the image itself 1.
Register and upload virtual machine images, including image creation, upload, download and management.
Maintain image information, including Metadata and the mirror itself.
●Support multiple ways to store images, including ordinary file systems, Swift Amazon S3, etc.
●Execute the create snapshot command on the virtual machine instance to create a new image, or back up the state of the virtual machine.
1. Upload to recognition
2. Recognize that it can be used
3. Save image
For the above three processes, introduce the management operations that glance can perform
Mirror format
Disk format of virtual machine image file
raw: unstructured disk format
vhd: this format is commonly used in VMware, Xen, VirtualBox and other hypervisors
vhdx: an enhanced version of the vhd format, which supports larger disk sizes.
vmdk: -a more common virtual machine disk format
vdi : Disk format supported by VirtualBox hypervisor and QEMU emulator
iso: File format used for CD-ROM data content
ploop: Supported by Vituozzo, disk format used to run 0S containers
qcow2: Supported by QEMU simulation , Can be dynamically expanded, and support Copy on Write disk format
aki: Amazon kernel format
ari stored in Glance; Amazon virtual memory disk (Ramdisk) format
stored in Glance ami: Amazon stored in Glance Machine format
Image file container format
bare: image without container or metadata "envelope"
ovf: open virtualization format
ova: open virtualization device format
stored in Glance aki: Amazon kernel format
stored in Glance ari: Amazon virtual memory stored in Glance Ramdisk format
Docker: Dockerd tar archive of the container file system stored in Glance
If you are not sure which container format to choose, it is safe to simply specify the container format as bare
Mirror state
The image is composed of metadata and the image itself
Mirror status 1
| queued | This is an initial state mirror file has just been created, only its metadata in the Glance database, the mirror data has not been uploaded to the database |
|---|---|
| saving | It is a transitional state of the original mirrored data being uploaded to the database, indicating that the mirroring is being uploaded |
| uploading | Indicates that the import data submission call has been made, and PUTfile is not allowed to be called in this state (PUT/file will be executed in the saving state, which is another way to upload) |
| importing | Indicates that the import call has been completed, but the image is not ready to be used |
Mirror status 2
| active | Indicates that when the mirror data is successfully uploaded, it becomes a mirror available in Glance |
| deactivated | Means that any non-administrator user has no right to access the mirror data, and it is forbidden to download the mirror, and also prohibit the mirror export and mirror clone operations. |
| killed | Indicates that an error occurred during the image upload process, and the image is not readable |
| deleted | The image will be automatically deleted in the near future. The image can no longer be used, but Glance still retains the relevant information and original data of the image. |
| pending_ delete | Similar to deleted, Glance has not cleared the image data, but the image in this state cannot be restored |
access permission
●Public (public) can be used by all projects
●Private (private): only used by the project where the mirror owner is located
●Shared (shared) a non-shared mirror can be shared with other projects, which is achieved through the project
Member, (member-*) operation to achieve
●Protected (protected): This kind of mirror cannot be deleted
Glance workflow
OpenStack operations require authentication (AuthN) and authorization (AuthZ) by Keystone, and Glance is no exception. Glance is a C/S architecture that provides a REST API through which users can perform various operations of mirroring. Glance Domain Controller is a main middleware, equivalent to a scheduler, and its role is to distribute the operations of Glance internal services to the following functional layers
Process analysis
Registry Layer: Is an optional layer that controls the secure interaction between Glance Domain Controller and GlanceDB by using a separate service.
Glance DB: It is the core library used by the Glance service, which is shared by all components that rely on the database in Glance. (This library stores some metadata information, not a mirrored database)
Glance Store: Used to organize and process the interaction between Glance and various storage backends. It provides a unified interface to access the backend storage. All mirror file operations are performed by calling the Glance Store library. It is responsible for communicating with the external storage or The interaction of the local file storage system.
OpenStack-Glance component deployment
One, create a database instance and database user
[root@ct ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
Two, create users, modify configuration files
Create OpenStack Glance user
#Before creating a user, you need to execute the administrator environment variable script (here it has been defined in ~/.bashrc)
openstack user create --domain default --password GLANCE_PASS glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://ct:9292
openstack endpoint create --region RegionOne image internal http://ct:9292
openstack endpoint create --region RegionOne image admin http://ct:9292
Install the openstack-glance package
[root@ct ~]# yum -y install openstack-glance
Modify the glance configuration file, glance has two configuration files
/etc/glance/glance-api.conf
/etc/glance/glance-registry.conf
[root@ct ~]# cp -a /etc/glance/glance-api.conf{,.bak}
[root@ct ~]# grep -Ev '^$|#' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
Add glance-api.conf configuration to
pass parameters
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@ct/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://ct:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://ct:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
[root@ct glance]# cat glance-api.con
Modify the glance-registry.conf configuration file
#Backup, filter comment information
cp -a /etc/glance/glance-registry.conf{,.bak}
grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
#Modify configuration file parameters
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@ct/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://ct:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://ct:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
#Modify parameters (configuration is the same as glance-api.conf)
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@t/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://ct:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://ct:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
[root@ct glance]# cat glance-registry.conf
Initialize the glance database
su -s /bin/sh -c "glance-manage db_sync" glance
Open the glance service (after opening here, the directory /var/lib/glance/image will be generated to store the image)
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
Check the port (you can also use lsof -i:9292)
netstat -natp | grep 9292
Give the openstack-glance-api.service service the writable permission to the storage device (-h: value to the file modification of the symbolic link/soft link)
chown -hR glance:glance /var/lib/glance/
Import image
Upload the cirros image to the control node first
cd /opt
rz cirros-0.3.5-x86_64-disk.img
Finally check whether the creation is successful
[root@ct ~]# openstack image create --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public cirros
Two ways to view the mirror
[root@ct ~]# openstack image list
to sum up
- The glance api is a service process running in the background of the system. Provide REST API to the outside to respond to
image query, acquisition and storage calls. glance-api will not actually process the request. - If it is an operation related to image metadata (metadata), glance-api will
forward the request to glance-registry; - If it is an operation related to the access of the image itself, glance-api will forward the request to the
store backend of the image.
#View glance-api process#
ps -ef | grep glance-api
Because the creation of virtual machines on OpenStack requires mirroring support, so deploy first
1. Deployment ideas:
1. Create database, authorization
2. Create openstack user, authorization, management
3. Modify configuration files (glance-api.conf, glance-registry.conf)
4. Initialize database, upload instance mirror