centos7+openstack (3) glance配置

Submitted by Lizhe on Tue, 07/11/2017 - 09:39

端口:

api 9292

registry 9191

修改/etc/glance/glance-api.conf

[DEFAULT] 
verbose=True 
notification_driver = noop #galnce 不需要消息队列

数据库用mysql

[database] 
connection=mysql://glance:glance@192.168.1.151/glance 

镜像存储位置

[glance_store] 
default_store=file 
filesystem_store_datadir=/var/lib/glance/images/ 

权限相关

[keystone_authtoken] 
auth_uri = http://192.168.1.151:5000 
auth_url = http://192.168.1.151:35357 
auth_plugin = password 
project_domain_id = default 
user_domain_id = default 
project_name = service 
username = glance 
password = glance 
[paste_deploy] 
flavor=keystone 

完整的内容看起来是这样的, 好好比对一下

cat /etc/glance/glance-api.conf|grep -v "^#"|grep -v "^$"
[DEFAULT] 
verbose=True 
notification_driver = noop #galnce 不需要消息队列
[database] 
connection=mysql://glance:glance@192.168.1.151/glance 
[glance_store] 
default_store=file 
filesystem_store_datadir=/var/lib/glance/images/ 
[image_format] 
[keystone_authtoken] 
auth_uri = http://192.168.1.151:5000 
auth_url = http://192.168.1.151:35357 
auth_plugin = password 
project_domain_id = default 
user_domain_id = default 
project_name = service 
username = glance 
password = glance 
[matchmaker_redis] 
[matchmaker_ring] 
[oslo_concurrency] 
[oslo_messaging_amqp] 
[oslo_messaging_qpid] 
[oslo_messaging_rabbit] 
[oslo_policy] 
[paste_deploy] 
flavor=keystone 
[store_type_location_strategy] 
[task] 
[taskflow_executor]

修改/etc/glance/glance-registry.conf

cat /etc/glance/glance-registry.conf|grep -v "^#"|grep -v "^$"

[DEFAULT]
verbose=True
[database]
connection=mysql://glance:glance@192.168.1.151/glance
[glance_store]
[keystone_authtoken]
auth_uri = http://192.168.1.151:5000 
auth_url = http://192.168.1.151:35357 
auth_plugin = password 
project_domain_id = default 
user_domain_id = default 
project_name = service 
username = glance 
password = glance
[matchmaker_redis]
[matchmaker_ring]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor=keystone

创建数据库表,同步数据库

su -s /bin/sh -c "glance-manage db_sync" glance


mysql -h 192.168.1.151 -uglance -p (密码是glance)  测试一下能否登录,如果能登陆顺便查看数据库表是否都已经成功创建

153

创建admin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default 
export OS_USER_DOMAIN_ID=default 
export OS_PROJECT_NAME=admin 
export OS_TENANT_NAME=admin 
export OS_USERNAME=admin 
export OS_PASSWORD=admin 
export OS_AUTH_URL=http://192.168.1.151:35357/v3 
export OS_IDENTITY_API_VERSION=3

顺便把demo-openrc.sh也建了

export OS_PROJECT_DOMAIN_ID=default 
export OS_USER_DOMAIN_ID=default 
export OS_PROJECT_NAME=demo 
export OS_TENANT_NAME=demo 
export OS_USERNAME=demo 
export OS_PASSWORD=demo 
export OS_AUTH_URL=http://192.168.1.151:5000/v3 
export OS_IDENTITY_API_VERSION=3

创建关于 glance 的keystone 用户

source admin-openrc.sh
openstack user create --domain default --password=glance glance
openstack role add --project service --user glance admin

154

启动 glance

systemctl enable openstack-glance-api
systemctl enable openstack-glance-registry
systemctl start openstack-glance-api
systemctl start openstack-glance-registry

 

这里我遇到两个错误, 

                                        Jul 10 23:51:16 centos_admin systemd[1]: Failed to start OpenStack Image Service (code-named Glance) API server.
                                        -- Subject: Unit openstack-glance-api.service has failed
                                        -- Defined-By: systemd
                                        -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
                                        -- 
                                        -- Unit openstack-glance-api.service has failed.
                                        -- 
                                        -- The result is failed.
                                        Jul 10 23:51:16 centos_admin systemd[1]: Unit openstack-glance-api.service entered failed state.
                                        Jul 10 23:51:16 centos_admin systemd[1]: openstack-glance-api.service failed.
                                        Jul 10 23:51:16 centos_admin setroubleshoot[4401]: SELinux is preventing /usr/bin/python2.7 from getattr access on the file /usr/bin/rpm. For complete SE
                                        Jul 10 23:51:16 centos_admin python[4401]: SELinux is preventing /usr/bin/python2.7 from getattr access on the file /usr/bin/rpm.
                                                                                   
                                                                                   *****  Plugin catchall (100. confidence) suggests   **************************
                                                                                   
                                                                                   If you believe that python2.7 should be allowed getattr access on the rpm file by default.
                                                                                   Then you should report this as a bug.
                                                                                   You can generate a local policy module to allow this access.
                                                                                   Do
                                                                                   allow this access for now by executing:
                                                                                   # ausearch -c 'glance-api' --raw | audit2allow -M my-glanceapi
                                                                                   # semodule -i my-glanceapi.pp
                                                                                   
                                        Jul 10 23:51:16 centos_admin systemd[1]: openstack-glance-api.service holdoff time over, scheduling restart.
                                        Jul 10 23:51:16 centos_admin systemd[1]: start request repeated too quickly for openstack-glance-api.service
                                        Jul 10 23:51:16 centos_admin systemd[1]: Failed to start OpenStack Image Service (code-named Glance) API server.
                                        -- Subject: Unit openstack-glance-api.service has failed
                                        -- Defined-By: systemd
                                        -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
                                        -- 
                                        -- Unit openstack-glance-api.service has failed.
                                        -- 
                                        -- The result is failed.
                                        Jul 10 23:51:16 centos_admin systemd[1]: Unit openstack-glance-api.service entered failed state.
                                        Jul 10 23:51:16 centos_admin systemd[1]: openstack-glance-api.service failed.

SELinux权限问题

修改SELinux添加权限
ausearch -c 'glance-api' --raw | audit2allow -M my-glanceapi
semodule -i my-glanceapi.pp

当然简单粗暴直接关闭SELinux也行
临时关闭SELinux
setenforce 0

临时打开SELinux
setenforce 1

开机关闭SELinux
编辑/etc/selinux/config文件,将SELINUX的值设置为disabled

查看SELinux状态
执行getenforce命令

然后我又得到一个错误

155

                            [root@centos_admin ~]# journalctl -xe
                            Jul 11 00:10:56 centos_admin glance-api[5584]: logging.setup(CONF, 'glance')
                            Jul 11 00:10:56 centos_admin glance-api[5584]: File "/usr/lib/python2.7/site-packages/oslo_log/log.py", line 246, in setup
                            Jul 11 00:10:56 centos_admin glance-api[5584]: _setup_logging_from_conf(conf, product_name, version)
                            Jul 11 00:10:56 centos_admin glance-api[5584]: File "/usr/lib/python2.7/site-packages/oslo_log/log.py", line 314, in _setup_logging_from_conf
                            Jul 11 00:10:56 centos_admin glance-api[5584]: filelog = logging.handlers.WatchedFileHandler(logpath)
                            Jul 11 00:10:56 centos_admin glance-api[5584]: File "/usr/lib64/python2.7/logging/handlers.py", line 392, in __init__
                            Jul 11 00:10:56 centos_admin glance-api[5584]: logging.FileHandler.__init__(self, filename, mode, encoding, delay)
                            Jul 11 00:10:56 centos_admin glance-api[5584]: File "/usr/lib64/python2.7/logging/__init__.py", line 902, in __init__
                            Jul 11 00:10:56 centos_admin glance-api[5584]: StreamHandler.__init__(self, self._open())
                            Jul 11 00:10:56 centos_admin glance-api[5584]: File "/usr/lib64/python2.7/logging/__init__.py", line 925, in _open
                            Jul 11 00:10:56 centos_admin glance-api[5584]: stream = open(self.baseFilename, self.mode)
                            Jul 11 00:10:56 centos_admin glance-api[5584]: IOError: [Errno 13] Permission denied: '/var/log/glance/api.log'
                            Jul 11 00:10:56 centos_admin systemd[1]: openstack-glance-api.service: main process exited, code=exited, status=1/FAILURE
                            Jul 11 00:10:56 centos_admin systemd[1]: Failed to start OpenStack Image Service (code-named Glance) API server.
                            -- Subject: Unit openstack-glance-api.service has failed
                            -- Defined-By: systemd
                            -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
                            -- 
                            -- Unit openstack-glance-api.service has failed.
                            -- 
                            -- The result is failed.
                            Jul 11 00:10:56 centos_admin systemd[1]: Unit openstack-glance-api.service entered failed state.
                            Jul 11 00:10:56 centos_admin systemd[1]: openstack-glance-api.service failed.
                            Jul 11 00:10:56 centos_admin systemd[1]: openstack-glance-api.service holdoff time over, scheduling restart.
                            Jul 11 00:10:56 centos_admin systemd[1]: start request repeated too quickly for openstack-glance-api.service
                            Jul 11 00:10:56 centos_admin systemd[1]: Failed to start OpenStack Image Service (code-named Glance) API server.
                            -- Subject: Unit openstack-glance-api.service has failed
                            -- Defined-By: systemd
                            -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
                            -- 
                            -- Unit openstack-glance-api.service has failed.
                            -- 
                            -- The result is failed.
                            Jul 11 00:10:56 centos_admin systemd[1]: Unit openstack-glance-api.service entered failed state.
                            Jul 11 00:10:56 centos_admin systemd[1]: openstack-glance-api.service failed.

明显是文件权限错误

chown -R glance:glance /var/log/glance/api.log

然后正常启动了

 

检查一下
 

[root@centos_admin httpd]# netstat -lnutp |grep 9191 #registry
tcp        0      0 0.0.0.0:9191            0.0.0.0:*               LISTEN      5070/python2        
[root@centos_admin httpd]# netstat -lnutp |grep 9292 #api
tcp        0      0 0.0.0.0:9292            0.0.0.0:*               LISTEN      5863/python2 

156

在keystone 上注册 glance

source admin-openrc.sh
openstack service create --name glance --description "OpenStack Image service" image

openstack endpoint create --region RegionOne image public http://192.168.1.151:9292
openstack endpoint create --region RegionOne image internal http://192.168.1.151:9292
openstack endpoint create --region RegionOne image admin http://192.168.1.151:9292

 

如果glance用户在keystone上注册成功的话可以使用project name ( service ) 和 username (glance) 得到keystone生成的token

openstack --os-auth-url http://192.168.1.151:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name service --os-username glance --os-auth-type password token issue

出现The request you have made requires authentication. (HTTP 401) (Request-ID: req-26ea4d51-01a2-4e42-9633-cceed993f479) 错误的话是因为当前上下文中存在环境变量

重新启动一个bash避开这些变量, 就可以看到token了

 

添加 glance 环境变量并测试

echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh

glance image-list

157

下个qcow2格式的centos7

wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2

159

160

压入镜像

glance image-create --name "CentOS-7-x86_64" --file CentOS-7-x86_64-GenericCloud.qcow2 --disk-format qcow2 --container-format bare --visibility public --progress

glance image-list

161