Openstack glance 설치하기

mysql에 glance 데이터베이스만들기

mysql에 접속 mysql -u root -p glance DB 만들기 CREATE DATABASE glance; glance 접속용 계정 만들기 GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \   IDENTIFIED BY 'GLANCE_DBPASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \   IDENTIFIED BY 'GLANCE_DBPASS';

admin CLI용 셀 환경설정. admin-openrc.sh는 keystone 설치할때 만들었던걸 사용한다.

source admin-openrc.sh

keystone에 glance 사용자 생성(비번은 glance_passwd로 했음)

openstack user create --domain default --password-prompt glance

glance user에게 admin role 추가

openstack role add --project service --user glance admin

glance 서비스 생성

openstack service create --name glance \

  --description "OpenStack Image service" image

이미지 서비스의 API endpoint 생성

openstack endpoint create --region RegionOne   image public http://controller:9292

openstack endpoint create --region RegionOne   image internal http://controller:9292

openstack endpoint create --region RegionOne   image admin http://controller:9292

glance 패키지 설치

apt-get install glance python-glanceclient

glance 설정파일 편집

vi /etc/glance/glance-api.conf

[DEFAULT] verbose = True default_store = file bind_host = 0.0.0.0 bind_port = 9292 log_file = /var/log/glance/api.log backlog = 4096 workers = 1 registry_host = 0.0.0.0 registry_port = 9191 registry_client_protocol = http notification_driver = noop rabbit_host = localhost rabbit_port = 5672 rabbit_use_ssl = false rabbit_userid = guest rabbit_password = guest rabbit_virtual_host = / rabbit_notification_exchange = glance rabbit_notification_topic = notifications rabbit_durable_queues = False qpid_notification_exchange = glance qpid_notification_topic = notifications qpid_hostname = localhost qpid_port = 5672 qpid_username = qpid_password = qpid_sasl_mechanisms = qpid_reconnect_timeout = 0 qpid_reconnect_limit = 0 qpid_reconnect_interval_min = 0 qpid_reconnect_interval_max = 0 qpid_reconnect_interval = 0 qpid_heartbeat = 5 qpid_protocol = tcp qpid_tcp_nodelay = True filesystem_store_datadir = /var/lib/glance/images/ swift_store_auth_version = 2 swift_store_auth_address = 127.0.0.1:5000/v2.0/ swift_store_user = jdoe:jdoe swift_store_key = a86850deb2742ec3cb41518e26aa2d89 swift_store_container = glance swift_store_create_container_on_put = False swift_store_large_object_size = 5120 swift_store_large_object_chunk_size = 200 swift_enable_snet = False s3_store_host = 127.0.0.1:8080/v1.0/ s3_store_access_key = <20-char AWS access key> s3_store_secret_key = <40-char AWS secret key> s3_store_bucket = <lowercased 20-char aws access key>glance s3_store_create_bucket_on_put = False sheepdog_store_address = localhost sheepdog_store_port = 7000 sheepdog_store_chunk_size = 64 delayed_delete = False scrub_time = 43200 scrubber_datadir = /var/lib/glance/scrubber image_cache_dir = /var/lib/glance/image-cache/ [database] backend = sqlalchemy connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = glance_passwd [paste_deploy] flavor = keystone [store_type_location_strategy]

vi /etc/glance/glance-api-paste.ini

# Use this pipeline for no auth or image caching - DEFAULT [pipeline:glance-api] pipeline = versionnegotiation unauthenticated-context rootapp # Use this pipeline for image caching and no auth [pipeline:glance-api-caching] pipeline = versionnegotiation unauthenticated-context cache rootapp # Use this pipeline for caching w/ management interface but no auth [pipeline:glance-api-cachemanagement] pipeline = versionnegotiation unauthenticated-context cache cachemanage rootapp # Use this pipeline for keystone auth [pipeline:glance-api-keystone] pipeline = versionnegotiation authtoken context rootapp # Use this pipeline for keystone auth with image caching [pipeline:glance-api-keystone+caching] pipeline = versionnegotiation authtoken context cache rootapp # Use this pipeline for keystone auth with caching and cache management [pipeline:glance-api-keystone+cachemanagement] pipeline = versionnegotiation authtoken context cache cachemanage rootapp # Use this pipeline for authZ only. This means that the registry will treat a # user as authenticated without making requests to keystone to reauthenticate # the user. [pipeline:glance-api-trusted-auth] pipeline = versionnegotiation context rootapp # Use this pipeline for authZ only. This means that the registry will treat a # user as authenticated without making requests to keystone to reauthenticate # the user and uses cache management [pipeline:glance-api-trusted-auth+cachemanagement] pipeline = versionnegotiation context cache cachemanage rootapp [composite:rootapp] paste.composite_factory = glance.api:root_app_factory /: apiversions /v1: apiv1app /v2: apiv2app [app:apiversions] paste.app_factory = glance.api.versions:create_resource [app:apiv1app] paste.app_factory = glance.api.v1.router:API.factory [app:apiv2app] paste.app_factory = glance.api.v2.router:API.factory [filter:versionnegotiation] paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory [filter:cache] paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory [filter:cachemanage] paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory [filter:context] paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory [filter:unauthenticated-context] paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory [filter:authtoken] #paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory paste.filter_factory = keystonemiddleware.auth_token:filter_factory identity_uri = http://controller:35357 admin_user=admin delay_auth_decision = true [filter:gzip] paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory

vi /etc/glance/glance-registry.conf

[DEFAULT] notification_driver = noop verbose = True bind_host = 0.0.0.0 bind_port = 9191 log_file = /var/log/glance/registry.log # Backlog requests when creating socket backlog = 4096 api_limit_max = 1000 limit_param_default = 25 [database] backend = sqlalchemy connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = glance_passwd [paste_deploy] flavor = keystone

glance용 mysql 테이블 생성하기

su -s /bin/sh -c "glance-manage db_sync" glance

위 명령어 에러나면 아래처럼 mysql에 접속해서 migrate_version 테이블의 인코딩을 변경해주면 된다.

mysql -u root -p

alter table migrate_version convert to character set utf8 collate utf8_unicode_ci;

keystoneclient가 아니라 keystonemiddleware가 필요하다.

pip install keystonemiddleware

glance 서비스 재시작

service glance-registry restart

service glance-api restart

glance 기본 사용하기

glance 클라이언트에서 사용할 API 버전을 기본 설정파일에 추가.

echo "export OS_IMAGE_API_VERSION=2"  | tee -a admin-openrc.sh demo-openrc.sh

source admin-openrc.sh

소스 이미지 다운로드

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

이미지 업로드

glance image-create --name "cirros" \

  --file cirros-0.3.4-x86_64-disk.img \

  --disk-format qcow2 --container-format bare \

  --visibility public --progress

이미지 올라갔는지 확인

glance image-list

참고

http://docs.openstack.org/liberty/install-guide-ubuntu/glance.html

http://docs.openstack.org/liberty/install-guide-ubuntu/glance-install.html

http://docs.openstack.org/liberty/install-guide-ubuntu/glance-verify.html

http://docs.openstack.org/developer/glance/authentication.html