こんにちは。
株式会社クラスアクト インフラストラクチャ事業部の大塚です。
ubuntu22.04上にOpenstackの環境を構築しようと、前回から四苦八苦しています。
Keystoneの構築は以下で行っています。
今回はこの続き、Glance環境を作っていこうと思います。
HW構成
| HW | 値 |
|---|---|
| CPU | 4sockets 4cores |
| Memory | 40GB |
| Disk | 100G |
| NIC1(ens18) | 192.168.2.10 |
| NIC2(ens19) | 192.168.2.11 |
用語
Glanceとは
ざっくりですが、インスタンスを立ち上げる際に使用するイメージファイルを管理するサービスとでも思っておけばいいでしょう。
インスタンスという言葉は、別の言葉で表現するとVM、仮想マシンのことです。仮想マシンを立ち上げる時に.isoファイルを指定してサーバを立ち上げると思いますが、その.isoファイルを管理してくれるサービスというイメージでとりあえず問題ないかと思います。
公式サイトは以下です。
参考にしているサイト・書籍
公式サイトと、個人様のサイトになります。
個人様のサイトだけでも良いのかもですが、NTPやSSLの設定をしていたりと私の環境とはそぐわない部分があり。なので見比べつつ構築をすすめてみてます。
Amazonに売っているOpenstackの下記書籍もお勧めです。少し古いのが難点ですが、、、
構築イメージ
雑で申し訳ないのですが、こんな感じでしょうか・・・汗
openstackコマンドでGlanceサービスの登録とか、エンドポイントの登録とかをしているのですが「こういうことをしないとOpenstackとして連携できないのかな?」みたいなふんわりとした気づきがあり、構築していてよかったと思いました。(あっているか間違っているかは置いておきます。)
devstackやpackstack、juju/maasみたいな自動構築ツールでは勝手に登録されていて、なんとなく使えてしまうので、このあたりのイメージが微妙でした。
多分これにMemcachedとかRabbitMQあたりも絡んでいるんでしょうけど、、、まだ掴めていません。。。
以下のRedhatのサイトでは各コンポーネントのイメージ図があるのでいい感じですね。
config等
構築
MariaDBにデータベース作成
MariaDBにglance用のデータベースを作成します。Keystone構築時にも作成しましたが、それのGlance版とでも思っていれば「うげっ…汗」って感じも減るでしょう。
root@openstack:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 38
Server version: 10.6.12-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> grant all privileges on glance.* to glance@'localhost' identified by 'password';
Query OK, 0 rows affected (0.013 sec)
MariaDB [(none)]> grant all privileges on glance.* to glance@'%' identified by 'password';
Query OK, 0 rows affected (0.005 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| performance_schema |
| sys |
+--------------------+
6 rows in set (0.005 sec)
MariaDB [(none)]> exit
Bye
openstack上にglance用のユーザを作成する
openstack user createコマンドでglance用のユーザを作成していきます。
作成した後にlistで作成されているかを確認しました。
root@openstack:~# openstack user list --domain default
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 51cd60551e99498b84a4f6a483cd8434 | admin |
+----------------------------------+-------+
root@openstack:~# openstack user create --domain default --project test_project --password password glance
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 94f179ab12a24facaf5001a1365700c2 |
| domain_id | default |
| enabled | True |
| id | c9402d9dc24a4defb362b75789c4cc65 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
root@openstack:~# openstack user list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 51cd60551e99498b84a4f6a483cd8434 | admin |
| c9402d9dc24a4defb362b75789c4cc65 | glance |
+----------------------------------+--------+
さらにglnace用のユーザをadmin roleに割り当てます。
root@openstack:~# openstack role list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 1eb64a23ce6749eb887440cf1da59955 | reader |
| 3b3f266def0b4ebe993265e528d4e6ac | admin |
| fd474d9609654576bb2023d491b745cb | member |
+----------------------------------+--------+
root@openstack:~# openstack role add --project test_project --user glance admin
openstack上にglance用のservice/endointを作成する
まず、openstack service createでopenstackにglanceを登録します。
root@openstack:~# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| cfe56ea89eba4f1abd15e1150d0f18dd | keystone | identity |
+----------------------------------+----------+----------+
root@openstack:~# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 40740356b4c642d08b3b2b7f8861285b |
| name | glance |
| type | image |
+-------------+----------------------------------+
root@openstack:~# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 40740356b4c642d08b3b2b7f8861285b | glance | image |
| cfe56ea89eba4f1abd15e1150d0f18dd | keystone | identity |
+----------------------------------+----------+----------+
次に登録したserviceに対するendpoint(≒API?)を登録していきます。
root@openstack:~# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| 868b54ff6ec043c88f23a0568c20660b | RegionOne | keystone | identity | True | admin | http://openstack:5000/v3/ |
| a303d641b4e74a44a1edbcf5daed132b | RegionOne | keystone | identity | True | public | http://openstack:5000/v3/ |
| ebb4d63058664985b0b56013391b51b6 | RegionOne | keystone | identity | True | internal | http://openstack:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
root@openstack:~# openstack endpoint create --region RegionOne image public http://openstack:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 54fa764ce2ab428fa049b84702a67e0c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 40740356b4c642d08b3b2b7f8861285b |
| service_name | glance |
| service_type | image |
| url | http://openstack:9292 |
+--------------+----------------------------------+
root@openstack:~# openstack endpoint create --region RegionOne image internal http://openstack:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c700edfb775f4f728cf923e8705cfe43 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 40740356b4c642d08b3b2b7f8861285b |
| service_name | glance |
| service_type | image |
| url | http://openstack:9292 |
+--------------+----------------------------------+
root@openstack:~# openstack endpoint create --region RegionOne image admin http://openstack:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7ad18e2392cb4260920ce5021aa01d8c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 40740356b4c642d08b3b2b7f8861285b |
| service_name | glance |
| service_type | image |
| url | http://openstack:9292 |
+--------------+----------------------------------+
root@openstack:~# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| 54fa764ce2ab428fa049b84702a67e0c | RegionOne | glance | image | True | public | http://openstack:9292 |
| 7ad18e2392cb4260920ce5021aa01d8c | RegionOne | glance | image | True | admin | http://openstack:9292 |
| 868b54ff6ec043c88f23a0568c20660b | RegionOne | keystone | identity | True | admin | http://openstack:5000/v3/ |
| a303d641b4e74a44a1edbcf5daed132b | RegionOne | keystone | identity | True | public | http://openstack:5000/v3/ |
| c700edfb775f4f728cf923e8705cfe43 | RegionOne | glance | image | True | internal | http://openstack:9292 |
| ebb4d63058664985b0b56013391b51b6 | RegionOne | keystone | identity | True | internal | http://openstack:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
glanceのインストールとconfig編集
glanceをインストールします。
root@openstack:~# apt -y install glance
configを編集していきます。
root@openstack:~# cp -p /etc/glance/glance-api.conf /etc/glance/glance-api.conf.org
root@openstack:~# vi /etc/glance/glance-api.conf
root@openstack:~# diff /etc/glance/glance-api.conf /etc/glance/glance-api.conf.org
639c639
< bind_host = 0.0.0.0
---
> #bind_host = 0.0.0.0
1252,1253c1252
< [DEFAULT]
< transport_url = rabbit://openstack:password@openstack
---
> #transport_url = rabbit://
1748c1747
< connection = mysql+pymysql://glance:password@openstack/glance
---
> connection = sqlite:////var/lib/glance/glance.sqlite
3142,3144d3140
< stores = file,http
< default_store = file
< filesystem_store_datadir = /var/lib/glance/images/
4971,4979d4966
< www_authenticate_uri = http://openstack:5000
< auth_url = http://openstack:5000
< memcached_servers = openstack:11211
< auth_type = password
< project_domain_name = default
< user_domain_name = default
< project_name = test_project
< username = glance
< password = password
5675d5661
< flavor = keystone
また、このタイミングでKeystoneの設定も追加します。
memcache_serversがコメントアウトされているので、それを外してパラメータとして有効化させます。
localhostのままでもシングルノード構成であれば問題ないと思いますが、一応参考にしているサイトに合わせて自分のサーバ名にしています。(当たり前ですが名前解決できるようにしないとだめです)
root@openstack:~# vi /etc/keystone/keystone.conf
root@openstack:~# diff /etc/keystone/keystone.conf /etc/keystone/keystone.conf.org
15c15
< admin_token = 6798b79fdacad4bc4292
---
> #admin_token = <None>
442c442
< memcache_servers = openstack:11211
---
> #memcache_servers = localhost:11211
604c604
< connection = mysql+pymysql://keystone:password@openstack/keystone
---
> connection = sqlite:////var/lib/keystone/keystone.db
2191c2191
< provider = fernet
---
> #provider = fernet
glance-api.confの権限等を変えつつ、データベースと同期します。
同期後、glance-apiサービスを再起動しています。
root@openstack:~# chmod 640 /etc/glance/glance-api.conf
root@openstack:~# chown root:glance /etc/glance/glance-api.conf
root@openstack:~# su -s /bin/bash glance -c "glance-manage db_sync"
2023-09-02 14:05:39.682 21801 INFO alembic.runtime.migration [-] Context impl MySQLImpl.
2023-09-02 14:05:39.682 21801 INFO alembic.runtime.migration [-] Will assume non-transactional DDL.
2023-09-02 14:05:39.693 21801 INFO alembic.runtime.migration [-] Context impl MySQLImpl.
2023-09-02 14:05:39.693 21801 INFO alembic.runtime.migration [-] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
INFO [alembic.runtime.migration] Running upgrade queens_expand01 -> rocky_expand01, add os_hidden column to images table
INFO [alembic.runtime.migration] Running upgrade rocky_expand01 -> rocky_expand02, add os_hash_algo and os_hash_value columns to images table
INFO [alembic.runtime.migration] Running upgrade rocky_expand02 -> train_expand01, empty expand for symmetry with train_contract01
INFO [alembic.runtime.migration] Running upgrade train_expand01 -> ussuri_expand01, empty expand for symmetry with ussuri_expand01
INFO [alembic.runtime.migration] Running upgrade ussuri_expand01 -> wallaby_expand01, add image_id, request_id, user columns to tasks table"
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: wallaby_expand01, current revision(s): wallaby_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database migration is up to date. No migration needed.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO [alembic.runtime.migration] Running upgrade queens_contract01 -> rocky_contract01
INFO [alembic.runtime.migration] Running upgrade rocky_contract01 -> rocky_contract02
INFO [alembic.runtime.migration] Running upgrade rocky_contract02 -> train_contract01
INFO [alembic.runtime.migration] Running upgrade train_contract01 -> ussuri_contract01
INFO [alembic.runtime.migration] Running upgrade ussuri_contract01 -> wallaby_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: wallaby_contract01, current revision(s): wallaby_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.
root@openstack:~# systemctl restart glance-api
root@openstack:~# systemctl enable glance-api
イメージが登録できるかの試験
ubuntu22.04をイメージとして登録してみました。出来ていそうですね。
root@openstack:~# wget http://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img
root@openstack:~# openstack image create "Ubuntu2204" --file ubuntu-22.04-server-cloudimg-amd64.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------------------------------------------------------------------------------------------------+
| container_format | bare |
| created_at | 2023-09-03T04:24:26Z |
| disk_format | qcow2 |
| file | /v2/images/6d351218-33e0-455e-8639-9a2d5abeb1cc/file |
| id | 6d351218-33e0-455e-8639-9a2d5abeb1cc |
| min_disk | 0 |
| min_ram | 0 |
| name | Ubuntu2204 |
| owner | 5ea984608bdf4a338bddfc4e9f14bec7 |
| properties | os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/Ubuntu2204', owner_specified.openstack.sha256='' |
| protected | False |
| schema | /v2/schemas/image |
| status | queued |
| tags | |
| updated_at | 2023-09-03T04:24:26Z |
| visibility | public |
+------------------+------------------------------------------------------------------------------------------------------------------------------------------------+
root@openstack:~# openstack image list
+--------------------------------------+------------+--------+
| ID | Name | Status |
+--------------------------------------+------------+--------+
| 6d351218-33e0-455e-8639-9a2d5abeb1cc | Ubuntu2204 | active |
+--------------------------------------+------------+--------+
MariaDBでも確認してみます。
ubuntu22.04のイメージが格納されていることがわかりますね。
root@openstack:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 54
Server version: 10.6.12-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use glance;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| alembic_version |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| task_info |
| tasks |
+----------------------------------+
14 rows in set (0.001 sec)
MariaDB [glance]> SELECT * FROM images;
+--------------------------------------+------------+-----------+--------+---------------------+---------------------+------------+---------+-------------+------------------+----------------------------------+----------------------------------+----------+---------+-----------+--------------+------------+-----------+--------------+----------------------------------------------------------------------------------------------------------------------------------+
| id | name | size | status | created_at | updated_at | deleted_at | deleted | disk_format | container_format | checksum | owner | min_disk | min_ram | protected | virtual_size | visibility | os_hidden | os_hash_algo | os_hash_value |
+--------------------------------------+------------+-----------+--------+---------------------+---------------------+------------+---------+-------------+------------------+----------------------------------+----------------------------------+----------+---------+-----------+--------------+------------+-----------+--------------+----------------------------------------------------------------------------------------------------------------------------------+
| 6d351218-33e0-455e-8639-9a2d5abeb1cc | Ubuntu2204 | 670302208 | active | 2023-09-03 04:24:26 | 2023-09-03 04:24:30 | NULL | 0 | qcow2 | bare | 567727e2d5f78cc474c422b433360787 | 5ea984608bdf4a338bddfc4e9f14bec7 | 0 | 0 | 0 | 2361393152 | public | 0 | sha512 | 0a46a560e51c4525532edf951c45262b55f7c2f6634bbf929b7d9d5299f58c6890e5fefd326505839973e37a947a78ab7ecc55e30df366c960374bb155b97c26 |
+--------------------------------------+------------+-----------+--------+---------------------+---------------------+------------+---------+-------------+------------------+----------------------------------+----------------------------------+----------+---------+-----------+--------------+------------+-----------+--------------+----------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.001 sec)