centos7.8搭建openstack Rocky版

官方文档

rocky版中的密码说明

数据库密码(未使用变量) 数据库的根密码
ADMIN_PASS 用户密码 admin
CINDER_DBPASS 块存储服务的数据库密码
CINDER_PASS 块存储服务用户密码 cinder
DASH_DBPASS 仪表板的数据库密码
DEMO_PASS 用户密码 demo
GLANCE_DBPASS 镜像服务的数据库密码
GLANCE_PASS 图片服务用户密码 glance
KEYSTONE_DBPASS 身份服务的数据库密码
METADATA_SECRET 元数据代理的秘密
NEUTRON_DBPASS 网络服务的数据库密码
NEUTRON_PASS 网络服务用户密码 neutron
NOVA_DBPASS 计算服务的数据库密码
NOVA_PASS 计算服务用户密码 nova
PLACEMENT_PASS 展示位置服务用户的密码 placement
RABBIT_PASS RabbitMQ用户密码 openstack

实验环境

角色 IP 主机名 默认网关 硬件环境 虚拟化 防火墙 selinux
控制节点 10.0.0.11/24 controller 10.0.0.1 4G内存,50G硬盘 开启 关闭 关闭
计算节点1 10.0.0.31/24 compute1 10.0.0.1 4G内存,50G硬盘 开启 关闭 关闭
存储节点1 10.0.0.41/24 block1 10.0.0.1 2G内存,100G硬盘 开启 关闭 关闭
对象节点1 10.0.0.51/24 object1 10.0.0.1 2G内存,100G硬盘 开启 关闭 关闭
对象节点2 10.0.0.52/24 object2 10.0.0.1 2G内存,100G硬盘 开启 关闭 关闭

把rocky版rpm包做成本地yum源

1.下载包
yum -y install createrepo 

2.制作仓库
createrepo openstack-rocky

3.10.0.0.51安装nginx,因为是采用http方式
yum -y install nginx
systemctl enable nginx && systemctl start nginx

4.编辑nginx配置文件,yum安装的nginx根目录是/usr/share/nginx/html,这里个人习惯选择启用一个虚拟主机,监听88端口
cat > /etc/nginx/conf.d/openstack-rocky.repo.conf <<EOF
server {
    listen 88;
    root /opt;
    location /openstack-rocky {
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
    }
}
EOF

#检测nginx语法是否正确
nginx -t

#重载nginx
nginx -s reload


#以下步骤所有主机操作
5.指定repo文件,把提前准备好的离线包上传到/opt下,目录名称为openstack-rocky
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/* /etc/yum.repos.d/bak
cat >/etc/yum.repos.d/openstack-rocky.repo <<EOF
[base]
name=base
baseurl=file:///mnt
enabled=1
gpgcheck=0

[openstack]
name=openstack
#baseurl=file:///opt/openstack-rocky
baseurl=http://10.0.0.51:88/openstack-rocky
enabled=1
gpgcheck=0
EOF

#挂载光盘并设置光盘开机挂载
mount /dev/sr0 /mnt
echo "/dev/sr0 /mnt iso9660 ro,relatime 0 0" >>/etc/fstab 

6.生成本地缓存
yum makecache

基础环境官方文档

一、基础环境配置

1.1 关闭防火墙和selinux

//禁用防火墙
systemctl stop firewalld && systemctl disable firewalld

//禁用selinux
#临时修改
setenforce 0

#永久修改,重启服务器后生效
sed -i '7s/enforcing/disabled/' /etc/selinux/config

1.2 配置hosts解析

#控制节点和计算节点相同操作
cat >> /etc/hosts << EOF
10.0.0.11 controller
10.0.0.31 compute1
10.0.0.41 block1
10.0.0.51 object1
10.0.0.52 object2
EOF

1.3 配置NTP服务,要保证控制节点和计算节点时间一致

控制节点

1.安装chrony
yum -y install chrony

2.编辑chrony配置文件/etc/chrony.conf
    /删除以下4行,使用阿里云NTP服务器
    server 0.centos.pool.ntp.org iburst
    server 1.centos.pool.ntp.org iburst
    server 2.centos.pool.ntp.org iburst
    server 3.centos.pool.ntp.org iburst
    修改为
    server ntp1.aliyun.com iburst
   /允许连接控制节点的网段,24行增加以下一行
    allow 10.0.0.0/24

#用以下命令修改
sed -i '3,6d' /etc/chrony.conf && sed -i '3cserver ntp1.aliyun.com iburst' \
/etc/chrony.conf && sed -i '23callow 10.0.0.0/24' /etc/chrony.conf

3.启动NTP服务并设置开机自启
systemctl enable chronyd && systemctl start chronyd

4.检查端口,监听udp323端口
$ netstat -nupl|grep chronyd
udp        0      0 127.0.0.1:323           0.0.0.0:*              29356/chronyd       
udp        0      0 0.0.0.0:123             0.0.0.0:*              29356/chronyd       
udp6       0      0 ::1:323                 :::*                   29356/chronyd   

5.验证
$ chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 120.25.115.20                 2   6    37    29    +43us[ -830us] +/-   22ms

计算、存储、对象节点

1.安装chrony
yum -y install chrony

2.编辑chrony配置文件/etc/chrony.conf
    /删除以下4行,指定控制节点为NTP服务器
    server 0.centos.pool.ntp.org iburst
    server 1.centos.pool.ntp.org iburst
    server 2.centos.pool.ntp.org iburst
    server 3.centos.pool.ntp.org iburst
    修改为
    server controller iburst

#用以下命令修改
sed -i '3,6d' /etc/chrony.conf && sed -i '3cserver controller iburst' /etc/chrony.conf    

3.启动NTP服务并设置开机自启
systemctl enable chronyd && systemctl start chronyd

4.检查端口,监听udp323端口
$ netstat -nupl|grep chronyd
udp        0      0 127.0.0.1:323       0.0.0.0:*         1327/chronyd        
udp6       0      0 ::1:323             :::*              1327/chronyd     

5.验证,计算节点显示的是控制节点
$ chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? controller                    3   6   200    50  +1319ms[+1319ms] +/-  14.4s

1.4 下载openstack官方yum源安装openstack客户端

控制节点和计算节点相同操作

yum -y install centos-release-openstack-rocky
yum -y install python-openstackclient

到此,控制节点和计算、存储、对象节点操作完成!!!

二、控制节点环境安装

2.1 安装mariadb数据库

2.1.1 安装包

yum -y install mariadb mariadb-server python2-PyMySQL

2.1.2 编辑配置文件

cat > /etc/my.cnf.d/openstack.cnf <<EOF
[mysqld]
bind-address = 10.0.0.11

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF

2.1.3 启动mariadb并设置开机自启

systemctl enable mariadb && systemctl start mariadb

2.1.4 进行数据库安全设置

$ mysql_secure_installation
Enter current password for root (enter for none):        /没有密码,直接回车
Set root password? [Y/n] n                                        /不设置root密码
Remove anonymous users? [Y/n] y                                /移除匿名用户
Disallow root login remotely? [Y/n] y                          /禁止root远程登陆
Remove test database and access to it? [Y/n] y          /移除test数据库
Reload privilege tables now? [Y/n] y                          /刷新权限表

2.3 安装消息队列rabbitmq

OpenStack 使用 message queue 协调操作和各服务的状态信息。消息队列服务一般运行在控制节点上

rabbitmq会启动2个端口

tcp/5672 rabbitmq服务端口

tcp/25672 多个rabbitmq通信用到的端口

2.3.1 安装包

yum -y install rabbitmq-server

2.3.2 启动rabbitmq并设置为开机自启

systemctl enable rabbitmq-server && systemctl start rabbitmq-server

2.3.3 添加openstack用户

$ rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack" ...
...done.

2.3.4 给openstack用户设置读和写权限 3个.*分别是 可读、可写、可配置

$ rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
...done.

2.3.5 启动rabbitmq一个插件,启动之后会监听tcp/15672,是一个web管理界面,默认用户名和密码都是guest

$ rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
  mochiweb
  webmachine
  rabbitmq_web_dispatch
  amqp_client
  rabbitmq_management_agent
  rabbitmq_management
Plugin configuration has changed. Restart RabbitMQ for changes to take effect.

2.4 安装memcached

认证服务认证缓存使用Memcached缓存令牌。缓存服务memecached运行在控制节点。在生产部署中,我们推荐联合启用防火墙、认证和加密保证它的安全。

memcache监听 tcp/udp 11211端口

2.4.1 安装包

yum -y install memcached python-memcached

2.4.2 修改配置文件

配置服务以使用控制器节点的管理IP地址。这是为了允许其他节点通过管理网络进行访问:

sed -i.bak '/OPTIONS/c OPTIONS="-l 127.0.0.1,::1,controller"' /etc/sysconfig/memcached 

#修改完的配置文件内容如下
cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller"

2.4.3 启动memcached并设置为开机自启

systemctl enable memcached && systemctl start memcached

2.5 安装etcd

OpenStack服务可以使用Etcd(分布式可靠键值存储)来进行分布式键锁定,存储配置,跟踪服务活动性和其他情况。

etcd服务在控制器节点上运行。

etcd服务启动后提供给外部客户端通信的端口是2379,而etcd服务中成员间的通信端口是2380

2.5.1 安装包

yum -y install etcd

2.5.2 编辑配置文件

编辑/etc/etcd/etcd.conf文件,并设置ETCD_INITIAL_CLUSTERETCD_INITIAL_ADVERTISE_PEER_URLSETCD_ADVERTISE_CLIENT_URLSETCD_LISTEN_CLIENT_URLS控制器节点,以使经由管理网络通过其他节点的访问的管理IP地址:

cat > /etc/etcd/etcd.conf <<EOF
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.0.0.11:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.0.0.11:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.0.0.11:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.0.0.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF

2.5.3 启动etcd并设置开机自启

systemctl enable etcd && systemctl restart etcd

到此,控制节点环境安装完成!!!

rocky版认证服务keystone安装配置官方文档

三、控制节点认证服务keystone安装

keystone认证服务功能:认证管理、授权管理、服务目录

认证:用户名和密码

授权:授权管理,例如一些技术网站(掘金、csdn)可以授权微信、QQ登陆

服务目录:相当于通讯录,即要访问openstack的镜像、网络、存储等服务,只需要找到keystone即可,而不需要再单独记住各个服务的访问地址

  • 后续每安装一个服务都需要在keystone上注册

3.1 创建keystone数据库并授权

#用以下命令操作
mysql -e "CREATE DATABASE keystone;"
mysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';"
mysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';"

3.2 安装和配置keystron

  • keystone借助apache访问

  • mod_wsgi是帮助apache连接python程序

  • 监听端口 5000

3.2.1 安装软件包

yum -y install openstack-keystone httpd mod_wsgi openstack-utils.noarch

3.2.2 编辑文件/etc/keystone/keystone.conf 并完成如下操作

[database] 部分,配置数据库访问:
[root@controller ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
在[token]部分,配置Fernet UUID令牌的提供者
[token]
provider = fernet

#用以下命令修改
\cp /etc/keystone/keystone.conf{,.bak}
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider fernet

MD5值
md5sum /etc/keystone/keystone.conf
3fb8c44724c573eb69394a876cf7da56  /etc/keystone/keystone.conf

3.2.3 初始化身份认证服务的数据库

命令的含义是切换到keystone用户,使用的shell是/bin/sh,执行 -c后的命令

su -s /bin/sh -c "keystone-manage db_sync" keystone

#上一步操作为导入表,以下命令执行返回有表即为正确
mysql keystone -e "show tables;"|wc -l
45

3.2.4 初始化Fernet key

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

3.2.5 引导身份服务

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

3.2.6 配置Apache服务器

编辑/etc/httpd/conf/httpd.conf文件,配置ServerName 选项为控制节点

1.96行下入以下一行
ServerName controller

#用以下命令修改
sed -i.bak '96cServerName controller' /etc/httpd/conf/httpd.conf

MD5值
md5sum /etc/httpd/conf/httpd.conf
eaf0e2ae3fea84bac3e5a842f64bdfdb  /etc/httpd/conf/httpd.conf


2.创建一个软连接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

3.2.7 启动apache并设置为开机自启

systemctl enable httpd && systemctl start httpd

3.2.8 配置管理账户

以下为创建管理员账户admin,密码为ADMIN_PASS

export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

3.3 创建域、项目、用户和角色

3.3.1 创建一个域

openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | An Example Domain                |
| enabled     | True                             |
| id          | ab6f853144384043a5dd648c154d0efe |
| name        | example                          |
| tags        | []                               |
+-------------+----------------------------------+

3.3.2 创建一个服务项目

#service,后期用于关联openstack系统用户glance、nova、neutron
openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | f6696bc9511043ae9ec72d1c31a494f3 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

3.3.3 常规(非管理员)任务应使用无特权的项目和用户

例如,本指南创建myproject项目和myuser 用户

1.创建myproject项目
openstack project create --domain default \
--description "Demo Project" myproject
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 5b9ccd294c364cc68747df85f9598c89 |
| is_domain   | False                            |
| name        | myproject                        |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

2.创建myuser用户            //这里交互式和非交互式选择其中一种
#非交互式设置密码
openstack user create --domain default \
--password MYUSER_PASS myuser
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | f7985ae93ad24f7784a5ea3e1f22109a |
| name                | myuser                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

#交互式设置密码
openstack user create --domain default \
--password-prompt myuser

3.创建myrole角色
openstack role create myrole
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 9cb289f07a6d4bd6898dd863d616b164 |
| name      | myrole                           |
+-----------+----------------------------------+

4.将myrole角色添加到myproject项目和myuser用户
openstack role add --project myproject --user myuser myrole

3.3.4 验证

1.取消设置临时 变量OS_AUTH_URL和OS_PASSWORD环境变量
unset OS_AUTH_URL OS_PASSWORD

2.以admin用户身份请求身份验证令牌 密码是ADMIN_PASS
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
Password: 
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2020-05-25T09:12:07+0000                                                                                                                                                                |
| id         | gAAAAABey33Xe4qJjpsA6SSva-ciwawHI6MKrQSn8aP2t1Ja1FOLpBgo31TILIK0hOiC8aP7ql2MrDq6lO-OwwRn91DJGT0KIhfueV-mrEm1zXJfn8a_yL9c01QGi4E5qr6kPatZdsKIN1Q0McDvg5VaCf1S5cj7uB1amz0am2si8YIIpnkYiyU |
| project_id | 108d3fecb61840e3818f694c69c3ec4a                                                                                                                                                        |
| user_id    | a0d3db84d1984a24ac6ba213525fe382                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

3.作为myuser上一节中创建的用户,请请求认证令牌 密码是MYUSER_PASS
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2020-05-25T09:15:01+0000                                                                                                                                                                |
| id         | gAAAAABey36FhKplKdFCDOIszVcq_eGC-W3Eel33l7wS9-dGfEn4G9F19k9fAClAjiZ9hmQ8BdlglHPDDfxqq8uZkDIdlQK8DctC9kipXLfxuRI9J0lB9MTrsfEMiIMRW9J6DFvAQiVUPEuTmL7vRLyRNH7ORHEgS9ly043SNFzMW-ZZQHSiFUI |
| project_id | 5b9ccd294c364cc68747df85f9598c89                                                                                                                                                        |
| user_id    | be0d4d9c8c56450ea9fcc5c85f3b232b                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

3.4 创建OpenStack客户端环境脚本

3.4.1 创建脚本

创建和编辑admin-openrc文件并添加以下内容,这里放在/opt下

cat >/opt/admin-openrc <<EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

创建和编辑demo-openrc文件并添加以下内容

cat >/opt/demo-openrc <<EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=MYUSER_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

3.4.2 使用脚本

1.加载admin-openrc文件以使用身份服务的位置以及admin项目和用户凭据填充环境变量
source /opt/admin-openrc

2.请求身份验证令牌(注意expires中是UTC时间,落后中国8个小时,我国是东八区,使用timedatectl查看时间及时区,默认过期时间1小时)
openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2020-05-25T09:22:49+0000                                                                                                                                                                |
| id         | gAAAAABey4BZ8Fmp0STtrCrdAMyjJ0lXWDavMSRTBHFmJ6aS5cYMhpMhE4wtJlm3dhUFGeCW7_g7BIu5o0f4z0KlmPi6IAya_eOC96ofqFPeYIDJL2O0qlSgzcALavYt6ZqP0thedY_69q-XMd4X9SC9UcptM4Hnn4RO9rWb9c0wymhsrKdXb7g |
| project_id | 108d3fecb61840e3818f694c69c3ec4a                                                                                                                                                        |
| user_id    | a0d3db84d1984a24ac6ba213525fe382                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

到此,控制节点认证服务keystone安装完成!!!


四、控制节点镜像服务glance安装

rocky版镜像服务glance安装配置官方文档

OpenStack镜像服务包括以下组件:

glance-api 接收镜像API的调用,诸如镜像发现、恢复、存储

glance-registry 存储、处理和恢复镜像的元数据(属性),元数据包括项诸如大小和类型

glance服务监听两个端口

glance-api 9292

glance-registry 9191

4.1 创建glance数据库并授权

#用以下命令修改
mysql -e "CREATE DATABASE glance;"
mysql -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';"
mysql -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';"

4.2 获取管理员凭据以获取对仅管理员CLI命令的访问

source /opt/admin-openrc

4.3 创建服务凭据

4.3.1 创建glance用户,密码设置为GLANCE_PASS

//这里交互式创建密码和非交互式选择其中一种
#非交互式设置密码
openstack user create --domain default --password GLANCE_PASS glance
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | ed462c214a1d4cb485cc4dc5211c4dd4 |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

#交互式设置密码
openstack user create --domain default --password-prompt glance

4.3.2 将admin角色添加到glance用户和 service项目

openstack role add --project service --user glance admin

4.3.3 创建glance服务实体

openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | ce5a424428d640c9adec06865d211916 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

4.3.4 创建Image服务API端点

openstack endpoint create --region RegionOne \
image public http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | bed29b8924114eee8b427f7a83f2cd64 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ce5a424428d640c9adec06865d211916 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne \
image internal http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 94f84d946e6f4463af82041caf2877b5 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ce5a424428d640c9adec06865d211916 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne \
image admin http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 16e947838d7948e6a0ec7feb7910b415 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ce5a424428d640c9adec06865d211916 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

删除API端点使用命令openstack endpoint delete <endpoint-id>

使用命令openstack endpoint list查看endpoint-id然后根据id删除

4.4 安装和配置组件

4.4.1 安装软件包

yum -y install openstack-glance

4.4.2 编辑/etc/glance/glance-api.conf文件并完成以下操作

1.在该[database]部分中,配置数据库访问
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

2.[keystone_authtoken][paste_deploy]部分中,配置身份服务访问
[keystone_authtoken]
# ...
www_authenticate_uri  = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS

[paste_deploy]
# ...
flavor = keystone

3.在该[glance_store]部分中,配置本地文件系统存储和图像文件的位置
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/


#用以下命令修改
\cp /etc/glance/glance-api.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.conf  database  connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000     
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/

MD5值
md5sum /etc/glance/glance-api.conf
53b17f4f4eeb358fbf0bac47a7eed6a6  /etc/glance/glance-api.conf

4.4.3 编辑/etc/glance/glance-registry.conf文件并完成以下操作

1.在该[database]部分中,配置数据库访问
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

2.[keystone_authtoken][paste_deploy]部分中,配置身份服务访问
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS

[paste_deploy]
# ...
flavor = keystone


#用以下命令修改
\cp /etc/glance/glance-registry.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

MD5值
md5sum /etc/glance/glance-registry.conf
888d847475b8c7f6e2c790fed853fb61  /etc/glance/glance-registry.conf

4.4.4 同步数据库

注意:忽略此输出中的任何弃用消息

$ su -s /bin/sh -c "glance-manage db_sync" glance
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1352: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
  expire_on_commit=expire_on_commit, _conf=conf)
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> liberty, liberty initial
INFO  [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO  [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO  [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
INFO  [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
INFO  [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
INFO  [alembic.runtime.migration] Running upgrade queens_expand01 -> rocky_expand01, add os_hidden column to images table
INFO  [alembic.runtime.migration] Running upgrade rocky_expand01 -> rocky_expand02, add os_hash_algo and os_hash_value columns to images table
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: rocky_expand02, current revision(s): rocky_expand02
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Database migration is up to date. No migration needed.
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
INFO  [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
INFO  [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO  [alembic.runtime.migration] Running upgrade queens_contract01 -> rocky_contract01
INFO  [alembic.runtime.migration] Running upgrade rocky_contract01 -> rocky_contract02
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: rocky_contract02, current revision(s): rocky_contract02
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.

#有表即为正确
mysql glance -e "show tables;" | wc -l
16

4.4.5 启动glance服务并设置为开机自启(glance-api和glance-registry)

systemctl enable openstack-glance-api openstack-glance-registry
systemctl start openstack-glance-api openstack-glance-registry

4.4.6 验证操作

1.获取管理员凭据以获取对仅管理员CLI命令的访问权限
source /opt/admin-openrc

2.下载源镜像
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img

3.使用QCOW2磁盘格式,裸容器格式和公共可见性将映像上载到映像服务 ,以便所有项目都可以访问它
注意:这一步一定要看执行后输出结果中size大小,如果为0则说明镜像上载有问题
openstack image create "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field            | Value                                                                                                                                                                                      |
+------------------+-----------------------------------------------------