1. Introduction to glance
Glance is the module responsible for image management in the Openstack project. Its functions include the search, registration and retrieval of virtual machine images. Glance provides Restful API to query the metadata of virtual machine images and obtain images. Glance can save images to a variety of backend storage, such as simple file storage or object storage.
2.What is Image and why should we use Image?
In a traditional IT environment, you install a system or install from scratch from the installation CD. These two methods have the following problems:
1. If there are too many systems to be installed, the efficiency will be very low.
2. Long time and heavy workload
3. After installation, manual configuration is required, such as installing other software, setting IP, etc.
4. The backup and recovery system is inflexible
Image solution:
Image is a template that contains the basic operating system and other software. For example, a company needs to configure an office system for each employee, which generally requires a Win7 system plus office software. OpenStack does this:
1. First manually install such a virtual machine
2. Then execute a snapshot on the virtual machine to get an image.
3. When a new employee needs an office environment, just start one or more instances (virtual machines) of the image immediately.
. In this process, step 1 is similar to the traditional method, requiring manual operation and a certain amount of time, but steps 2 and 3 are very fast, fully automated, and generally take seconds.
3. Glance architecture diagram:
glance-api
glance-api is a service process running in the background of the system. Provides REST API to the outside world to respond to image query, acquisition and storage calls. glance-api doesn't actually handle the request. If the operation is related to image metadata (metadata), glance-api will forward the request to glance-registry; if the operation is related to access to the image itself, glance-api will forward the request to the store backend of the image.
glance-registry
glance-registry is a service process running in the background of the system. Responsible for processing and accessing image metadata, such as image size and type.
Store backend
Glance itself does not store images. The real image is stored in backend. Glance supports a variety of backends, including: 1. A directory on a local file system (this is the default configuration) 2. GridFS 3. Ceph RBD 4. Amazon S3 5. Sheepdog and so on.
glance DB module
stores mirrored metadata , and you can choose MySQL, mariaDB, SQLite and other databases. The metadata of the image is stored in the database through glance-registry. The image itself (chunk data) is stored in various back-end storage systems through glance's storage driver.
4.Glance supported image formats:
5. Mirror access rights
public: can be used by all projects
private: only used by the project where the image owner is located
shared: A non-public image that can be shared with other projects through project member (member-*) operations
projected (protected): this image cannot be deleted
6. Use CLI to create an image:
How to upload an image:
openstack image create "cirros" --file cirros-0.3.3-x86_64-disk.img.img --disk-format
qcow2 --container-format bare --public
7. Glance workflow:
The first is the security authentication process for the client: Openstack operations require identity authentication and authorization through keystone, and glance is no exception. If the authorization is successful, the glance service will be requested. After the glance service receives the external request, it will go to keystone for authentication. Whether this request has been authorized, the request will be sent to the backend for processing only after the authentication is passed.
The glance domain controller is the middleware of API and back-end functional modules, which is equivalent to a scheduler. Its function is to distribute external services to the various functional layers below for processing.
Sub-functional modules of the scheduler:
auth authorization: control the access rights of the image;
notifier message notification: add image change information and errors To the message queue
Policy rule definition: Define the access permissions for mirror operations, defined in policy.json
Quota limit: Limit the size of the uploaded mirror
location positioning: interact with the backend storage through glance store, specify the image storage location, and check whether the URL of the location is correct
DB database: convert the image into the corresponding format to Stored in the database and convert information read from the database into operable mirror objects.