![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
Image Service
目錄
- 安裝
- Create a glance user
- Configure the Image Service
- Register the Image Service with the Identity service
- Startup Service
- 測試
- Download Testing template
- 注冊 Image
- 詳細設定
- Create Template Steps
- Template Scripts
有關的 package
- glance-api - Accepts Image API calls for image discovery, retrieval, and storage.
- glance-registry - Stores, processes, and retrieves metadata about images.
- Database - Stores image metadata.
- Storage repository - for image files.(normal file systems, Object Storage, RADOS block devices, HTTP, and Amazon S3)
# 安裝
# install package
yum install openstack-glance python-glanceclient
# Mysql
mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
mysql> flush privileges;
mysql> exit
# 設定 DB
# The Image Service stores information about images in a database
openstack-config --set /etc/glance/glance-api.conf database \
connection mysql://glance:GLANCE_DBPASS@controller_pri/glance
openstack-config --set /etc/glance/glance-registry.conf database \
connection mysql://glance:GLANCE_DBPASS@controller_pri/glance
# 建立 Tables
su -s /bin/sh -c "glance-manage db_sync" glance
# 設定 message broker
openstack-config --set /etc/glance/glance-api.conf DEFAULT rpc_backend qpid
openstack-config --set /etc/glance/glance-api.conf DEFAULT qpid_hostname controller_pri
# Create a glance user (that the Image Service can use to authenticate with the Identity service.)
keystone user-create --name=glance --pass=GLANCE_PASS [email protected]
+----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | [email protected] | | enabled | True | | id | c5703cd8b0af4040b9655d55071f9dd0 | | name | glance | | username | glance | +----------+----------------------------------+
keystone user-role-add --user=glance --tenant=service --role=admin
# Configure the Image Service (use the Identity Service for authentication.)
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
auth_uri http://controller_pri:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
auth_host controller_pri
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
auth_port 35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
auth_protocol http
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
admin_password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy \
flavor keystone
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
auth_uri http://controller_pri:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
auth_host controller_pri
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
auth_port 35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
auth_protocol http
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \
admin_password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy \
flavor keystone
# Register the Image Service with the Identity service (so that other OpenStack services can locate it.)
keystone service-create --name=glance --type=image --description="OpenStack Image Service"
+-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | OpenStack Image Service | | enabled | True | | id | c83768c6a3c94df98333e9e9267be8bc | | name | glance | | type | image | +-------------+----------------------------------+
keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ image / {print $2}') \
--publicurl=http://controller_pub:9292 \
--internalurl=http://controller_pri:9292 \
--adminurl=http://controller_pri:9292
+-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://controller_pri:9292 | | id | 45fcb4b84a444cbd9e386f9ea28b55df | | internalurl | http://controller_pri:9292 | | publicurl | http://controller_pub:9292 | | region | regionOne | | service_id | c83768c6a3c94df98333e9e9267be8bc | +-------------+----------------------------------+
# Startup Service
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on
測試
glance image-list
Download Testing template
Tiny OS
Homepage: http://cirros-cloud.net
login as 'cirros' user. default password: 'cubswin:)'. use 'sudo' for root.
P.S.
No tcpdump, iptables ...
# 下載 pre-build image
- Redhat: https://openstack.redhat.com/Image_resources
- Fedora: http://cloud.fedoraproject.org/
- Ubuntu: https://cloud-images.ubuntu.com/
- Centos: http://cloud.centos.org/centos/
- M$2012: http://www.cloudbase.it/ws2012r2/
- rackspace: https://github.com/rcbops/oz-image-build
注冊 Image
# 建立 tmp 的位置
mkdir /home/images
cd /home/images
wget https://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-...
# 注冊
Usage:
glance image-create --name=IMAGELABEL --disk-format=FILEFORMAT \
--container-format=CONTAINERFORMAT --is-public=ACCESSVALUE --progress < IMAGEFILE
i.e.
file precise-server-cloudimg-i386-disk1.img
precise-server-cloudimg-i386-disk1.img: Qemu Image, Format: Qcow , Version: 2
執行
glance image-create --name=precise-server-cloudimg-i386 --disk-format=qcow2 \
--container-format=ovf --is-public=true --progress < precise-server-cloudimg-i386-disk1.img
[======> ] 20%
幾分鐘後
+------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | e964f250260f25eb7378358cf1e70fb2 | | container_format | ovf | | created_at | 2014-09-30T03:55:26 | | deleted | False | | deleted_at | None | | disk_format | qcow2 | | id | dff9056a-81d8-4a21-97ae-f8b6eb20302b | | is_public | True | | min_disk | 0 | | min_ram | 0 | | name | precise-server-cloudimg-i386 | | owner | 0e61ba054af84f6f99e52766b6ff441f | | protected | False | | size | 238223872 | | status | active | | updated_at | 2014-09-30T03:55:57 | | virtual_size | None | +------------------+--------------------------------------+
# IMAGELABEL - Arbitrary label.
# FILEFORMAT - qcow2, raw, vhd, vmdk, vdi, iso, aki, ari, and ami ... <-- "file" command
# CONTAINERFORMAT - bare, ovf, aki, ari and ami <-- not actually used by any of the OpenStack services
# ACCESSVALUE - true -> All users can view and use the image.
其他 cmd
glance --version
0.12.0
glance help
Positional arguments:
<subcommand>
image-create Create a new image.
image-delete Delete specified image(s).
image-download Download a specific image.
image-list List images you can access.
image-show Describe a specific image.
image-update Update a specific image.
member-create Share a specific image with a tenant.
member-delete Remove a shared image from a tenant.
member-list Describe sharing permissions by image or tenant.image-list
+--------------------------------------+------------------------------+-------------+------------------+------------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+------------------------------+-------------+------------------+------------+--------+ | e140c442-026c-4f51-ac5b-ea52e615a3d9 | CentOS-6-x86_64 | qcow2 | ovf | 357227520 | active | | 136bdbd1-cc44-46f7-8bc0-17572c2eab18 | centos-6.5-i386 | qcow2 | ovf | 1940979712 | active | | 567a6515-0354-4a3c-959c-e704396bbf46 | CentOS-7-x86_64 | qcow2 | ovf | 418688512 | active | | 34b53e41-4ef7-4d79-b421-ae9aeba00b88 | cirros | qcow2 | bare | 13147648 | active | | b656540c-32d4-4f54-ab8c-682eae50688b | precise-server-cloudimg-i386 | qcow2 | bare | 238092800 | active | +--------------------------------------+------------------------------+-------------+------------------+------------+--------+
member-list --image-id or --tenant-id
glance member-list --image-id b656540c-32d4-4f54-ab8c-682eae50688b
+----------+-----------+-----------+ | Image ID | Member ID | Can Share | +----------+-----------+-----------+ +----------+-----------+-----------+
詳細設定
glance-registry.conf
[DEFAULT] bind_host=0.0.0.0 bind_port=9191 log_file=/var/log/glance/registry.log use_syslog=False #enable_v1_registry=True #enable_v2_registry=True [database] .......... [keystone_authtoken] ..........
glance-api.conf
[DEFAULT] rpc_backend = qpid qpid_hostname = controller_pri default_store=file # Maximum image size (in bytes) that may be uploaded # Default 1 TB image_size_cap=1099511627776 allow_anonymous_access=False enable_v2_api=True # ============ Filesystem Store Options ======================== filesystem_store_datadir=/var/lib/glance/images/
policy.json
{
"context_is_admin": "role:admin",
"default": "",
"add_image": "",
"delete_image": "",
"get_image": "",
"get_images": "",
"modify_image": "",
"publicize_image": "",
"copy_from": "",
"download_image": "",
"upload_image": "",
"delete_image_location": "",
"get_image_location": "",
"set_image_location": "",
"add_member": "",
"delete_member": "",
"get_member": "",
"get_members": "",
"modify_member": "",
"manage_image_cache": "role:admin",
"get_task": "",
"get_tasks": "",
"add_task": "",
"modify_task": ""
}schema-image.json
{
"kernel_id": {
"type": "string",
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
"description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
},
"ramdisk_id": {
"type": "string",
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
"description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
},
"instance_uuid": {
"type": "string",
"description": "ID of instance used to create this image."
},
"architecture": {
"description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-i...,
"type": "string"
},
"os_distro": {
"description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-i...,
"type": "string"
},
"os_version": {
"description": "Operating system version as specified by the distributor",
"type": "string"
}
}
Create Template Steps
- Disk partitions and resize root partition on boot (cloud-init)
- No hard-coded MAC address information
- SSH server running
- Disable firewall
- Access instance using ssh public key (cloud-init)
- Process user data and other metadata (cloud-init)
DOC
https://cloudinit.readthedocs.org/en/latest/
http://docs.openstack.org/image-guide/content/ch_openstack_images.html
http://docs.openstack.org/image-guide/content/centos-image.html
Example:
Template Scripts ( 不想用 cloud-init )
rc.local
cat >> /etc/rc.d/rc.local <<EOF
if [ ! -d /root/.ssh ]; then mkdir -p /root/.ssh chmod 700 /root/.ssh fi # Fetch public key using HTTP ATTEMPTS=30 FAILED=0 while [ ! -f /root/.ssh/authorized_keys ]; do curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/metadata-key 2>/dev/null if [ $? -eq 0 ]; then cat /tmp/metadata-key >> /root/.ssh/authorized_keys chmod 0600 /root/.ssh/authorized_keys restorecon /root/.ssh/authorized_keys rm -f /tmp/metadata-key echo "Successfully retrieved public key from instance metadata" echo "*****************" echo "AUTHORIZED KEYS" echo "*****************" cat /root/.ssh/authorized_keys echo "*****************" curl -f http://169.254.169.254/latest/meta-data/hostname > /tmp/metadata-hostname 2>/dev/null if [ $? -eq 0 ]; then TEMP_HOST=$(cat /tmp/metadata-hostname) sed -i "s/^HOSTNAME=.*$/HOSTNAME=$TEMP_HOST/g" /etc/sysconfig/network /bin/hostname $TEMP_HOST echo "Successfully retrieved hostname from instance metadata" echo "*****************" echo "HOSTNAME CONFIG" echo "*****************" cat /etc/sysconfig/network echo "*****************" else echo "Failed to retrieve hostname from instance metadata. This is a soft error so we'll continue" fi rm -f /tmp/metadata-hostname else FAILED=$(($FAILED + 1)) if [ $FAILED -ge $ATTEMPTS ]; then echo "Failed to retrieve public key from instance metadata after $FAILED attempts, quitting" break fi echo "Could not retrieve public key from instance metadata (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds..." sleep 5 fi done EOF
<2>
# set a random pass on first boot if [ -f /root/firstrun ]; then dd if=/dev/urandom count=50|md5sum|passwd --stdin root passwd -l root rm /root/firstrun fi if [ ! -d /root/.ssh ]; then mkdir -m 0700 -p /root/.ssh restorecon /root/.ssh fi # Get the root ssh key setup ReTry=0 while [ ! -f /root/.ssh/authorized_keys ] && [ $ReTry -lt 10 ]; do sleep 2 curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /root/.ssh/pubkey if [ 0 -eq 0 ]; then mv /root/.ssh/pubkey /root/.ssh/authorized_keys fi ReTry=$[Retry+1] done chmod 600 /root/.ssh/authorized_keys && restorecon /root/.ssh/authorized_keys # Added by Nova to ensure injected ssh keys have the right context restorecon -RF root/.ssh 2>/dev/null || :
restorecon - restore file(s) default SELinux security contexts.
- -R -r change files and directories file labels recursively
- -F Force reset of context to match file_context for customizable files, and the default file context, changing the user, role, range portion as well as the type.
Template - Centos
Centos
<1> 正常安裝 centos 先 (LVM FS)
<2> Start Image 之後的安裝及設定
#A 設定 /etc/resolv.conf
nameserver 8.8.8.8 nameserver 8.8.4.4
#B To enable the hypervisor to reboot or shutdown an instance
yum install acpid
chkconfig acpid on
#C 安裝 EPEL repo & cloud-init:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
yum install cloud-init <-- fetch metadata
# fetch the public key
/etc/cloud/cloud.cfg
user: admin
* default login: cloud-user
# Disable the zeroconf route
echo "NOZEROCONF=yes" >> /etc/sysconfig/network
# Configure console
/boot/grub/menu.lst
default=0
timeout=5
serial --unit=0 --speed=115200
terminal --timeout=10 console serial
# Edit the kernel line to add the console entries
kernel ... console=tty0 console=ttyS0,115200n8# 設定 interface 及 remove MAC address
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/udev/rules.d/70-persistent-net.rules
#D update and cleanup
yum update
rpm -qa | grep kernel
yum remove kernel
yum clean all
history -c
==============
clean up tools.
virt-sysprep -d centos-6.4
Template - Debian
目錄
- openstack-debian-images
- 更新及安裝工具
- 幫 vm 設定好 shutdown
- 設定 cloud-init
- 設定 console
- 設定 Interface
- 設定工具
- 修改 rsyslog
- 設定 mingetty
- Clean Up
openstack-debian-images
# default login: admin
/etc/apt/sources.list
deb http://ftp.de.debian.org/debian wheezy-backports main
apt-get update
apt-get install openstack-debian-images
獲得:
/usr/sbin/build-openstack-debian-image
Usage:
build-openstack-debian-image --release|-r <jessie|wheezy> [ OPTIONS ]
contains
- Cloud-init
- initramfs-growroot
i.e.
build-openstack-debian-image -r wheezy
人手設定:
更新及安裝工具
apt-get update
apt-get install sudo curl wget rsync screen cloud-init cloud-utils cloud-initramfs-growroot
幫 vm 設定好 shutdown
apt-get install acpid
apt-get install grub2
設定 cloud-init
/etc/cloud/cloud.cfg
# default_user: debian
設定 console
修改 /etc/default/grub
把
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
改成
GRUB_CMDLINE_LINUX_DEFAULT="quiet console=tty0 console=ttyS0,115200n8"
update-grub
查看
/boot/grub/grub.cfg
### BEGIN /etc/grub.d/10_linux ###
menuentry 'Debian GNU/Linux, with Linux 3.2.0-4-amd64' --class debian --class gnu-linux --class gnu --class os {
load_video
insmod gzio
insmod part_msdos
insmod ext2
set root='(hd0,msdos1)'
search --no-floppy --fs-uuid --set=root c0b0a1bf-1fe4-4b00-a5ab-b8b56e25b557
echo 'Loading Linux 3.2.0-4-amd64 ...'
linux /boot/vmlinuz-3.2.0-4-amd64 root=UUID=c0b0a1bf-1fe4-4b00-a5ab-b8b56e25b557 ro quiet console=tty0 console=ttyS0,115200n8
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-3.2.0-4-amd64
}設定 Interface
/etc/network/interfaces
auto eth0 iface eth0 inet dhcp
設定工具
update-alternatives --config editor
修改 rsyslog
/etc/rsyslog.conf
設定 mingetty
apt-get install mingetty
設定 /etc/inittab 把
#1:2345:respawn:/sbin/getty --noclear 38400 tty1
改成
#1:2345:respawn:/sbin/mingetty tty1
Clean Up
apt-get autoremove
apt-get autoclean
rm -rf /tmp/*
echo '' > /var/log/wtmp
echo '' > /var/log/btmp
rm -f /etc/ssh/*key*
history -c
