前回に引き続き glance のインストールと設定を行っていきます。
環境
ソフト
- Ubuntu 18.04.1 Server 64bit
- Openstack Rocky
ハード
※コントローラーは仮想マシンでもいけました。
- CPUx2
- MEM 8G
- SSD 30G
- NIC 2 枚
IP 構成
- コントローラー ( vm-nfj-osctrln1 )
- 公開用 ( 外部 ):10.1.55.11/16
- 管理用 ( 内部 ):10.2.55.11/16
- コンピュート ( vm-nfj-oscomp1 )
- 公開用 ( 外部 ):10.1.55.21/16
- 管理用 ( 内部 ):10.2.55.21/16
Glance のインストール
DB 作成
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 33731 Server version: 10.1.37-MariaDB-1~xenial mariadb.org binary distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE glance; Query OK, 1 row affected (0.01 sec)
アクセス権の設定
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DB_PASS'; Query OK, 0 rows affected (0.02 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DB_PASS'; Query OK, 0 rows affected (0.01 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'10.1.0.0/255.255.0.0' IDENTIFIED BY 'GLANCE_DB_PASS'; Query OK, 0 rows affected (0.01 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'10.2.0.0/255.255.0.0' IDENTIFIED BY 'GLANCE_DB_PASS'; Query OK, 0 rows affected (0.01 sec)
glance ユーザの作成
$ . admin-openrc
$ openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 199db56be00f43208c70cbc1354faa42 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
admin 役割を glance ユーザと service プロジェクトに付与する
$ openstack role add --project service --user glance admin
glance サービスエントリの作成
$ openstack service create --name glance --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | 49201e4632ef42ed851b516a969f8b9d | | name | glance | | type | image | +-------------+----------------------------------+
Image サービス API エンドポイントの作成
public, internal admin と作成します。
$ openstack endpoint create --region Tokyo image public http://vm-nfj-osctrln1:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 2252c50b82f34d71990a463e19f0d795 | | interface | public | | region | Tokyo | | region_id | Tokyo | | service_id | 49201e4632ef42ed851b516a969f8b9d | | service_name | glance | | service_type | image | | url | http://vm-nfj-osctrln1:9292 | +--------------+----------------------------------+ $ openstack endpoint create --region Tokyo image internal http://vm-nfj-osctrln1:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 00ebfa10c07843e58464b8a03f843e4d | | interface | internal | | region | Tokyo | | region_id | Tokyo | | service_id | 49201e4632ef42ed851b516a969f8b9d | | service_name | glance | | service_type | image | | url | http://vm-nfj-osctrln1:9292 | +--------------+----------------------------------+ $ openstack endpoint create --region Tokyo image admin http://vm-nfj-osctrln1:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a2377ca0c16643f7818a4bd1cf979d3b | | interface | admin | | region | Tokyo | | region_id | Tokyo | | service_id | 49201e4632ef42ed851b516a969f8b9d | | service_name | glance | | service_type | image | | url | http://vm-nfj-osctrln1:9292 | +--------------+----------------------------------+
glance のインストールと設定
既存のセクションとオプションを修正する必要があります。
パッケージのインストール
$ sudo apt install glance
/etc/glance/glance-api.conf の設定
[database] セクション
1882 [database] 1883 #connection = sqlite:////var/lib/glance/glance.sqlite 1884 connection = mysql+pymysql://glance:[email protected]/glance 1885 backend = sqlalchemy
[keystone_authtoken] セクション
3477 [keystone_authtoken] 3478 3491 #www_authenticate_uri =3492 www_authenticate_uri = http://vm-nfj-osctrln1:5000 3493 3557 #memcached_servers = 3558 memcached_servers = vm-nfj-osctrln1:11211 3559 3665 #auth_type = 3666 auth_type = password 3667 3671 auth_url = http://vm-nfj-osctrln1:5000 3672 project_domain_name = Default 3673 user_domain_name = Default 3674 project_name = service 3675 username = glance 3676 password = GLANCE_PASS
[paste_deploy] セクション
4400 [paste_deploy] 4401 4402 # 4403 # From glance.api 4404 # 4425 #flavor = keystone 4426 flavor = keystone
[glance_store] セクション
ローカルファイルシステムストアとイメージファイルの保存場所を指定します。
2010 [glance_store] 2011 2044 # This option is scheduled for removal in the Stein development 2045 # cycle. 2046 #stores = file,http 2047 stores = file,http 2048 2098 # This option is scheduled for removal in the Stein development 2099 # cycle. 2100 #default_store = file 2101 default_store = file 2102 2434 #filesystem_store_datadir = /var/lib/glance/images 2435 filesystem_store_datadir = /var/lib/glance/images
/etc/glance/glance-registry.conf の設定
Glance Registry Service と API 群は Queens リリース以降は OpenStack standard deprecation policy によって DEPRECATED とされている。
[database] セクション
1128 [database] 1129 #connection = sqlite:////var/lib/glance/glance.sqlite 1130 connection = mysql+pymysql://glance:[email protected]/glance 1131 backend = sqlalchemy 1132
[keystone_authtoken] セクション
1255 [keystone_authtoken] 1256 1257 # 1258 # From keystonemiddleware.auth_token 1259 # 1260 1269 #www_authenticate_uri =1270 www_authenticate_uri = http://vm-nfj-osctrln1:5000 1271 1335 #memcached_servers = 1336 memcached_servers = vm-nfj-osctrln1:11211 1337 1443 #auth_type = 1444 auth_type = password 1445 1449 auth_url = http://vm-nfj-osctrln1:5000 1450 project_domain_name = Default 1451 user_domain_name = Default 1452 project_name = service 1453 username = glance 1454 password = GLANCE_PASS
[paste_deploy] セクション
2155 [paste_deploy] 2156 2157 # 2158 # From glance.registry 2159 # 2160 2180 #flavor = keystone 2181 flavor = keystone
DBテーブル作成、同期
$ sudo su -s /bin/sh -c "glance-manage db_sync" glance /usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py:1352: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade expire_on_commit=expire_on_commit, _conf=conf) 2018-11-14 17:24:45.427 5853 INFO alembic.runtime.migration [-] Context impl MySQLImpl. 2018-11-14 17:24:45.432 5853 INFO alembic.runtime.migration [-] Will assume non-transactional DDL. 2018-11-14 17:24:45.465 5853 INFO alembic.runtime.migration [-] Context impl MySQLImpl. 2018-11-14 17:24:45.466 5853 INFO alembic.runtime.migration [-] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01 INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01 INFO [alembic.runtime.migration] Running upgrade queens_expand01 -> rocky_expand01, add os_hidden column to images table INFO [alembic.runtime.migration] Running upgrade rocky_expand01 -> rocky_expand02, add os_hash_algo and os_hash_value columns to images table INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Upgraded database to: rocky_expand02, current revision(s): rocky_expand02 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Database migration is up to date. No migration needed. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01 INFO [alembic.runtime.migration] Running upgrade queens_contract01 -> rocky_contract01 INFO [alembic.runtime.migration] Running upgrade rocky_contract01 -> rocky_contract02 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Upgraded database to: rocky_contract02, current revision(s): rocky_contract01, rocky_expand02 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Database is synced successfully.
サービス再起動
インストール完了です。
$ sudo service glance-registry restart $ sudo service glance-api restart
動作確認
CirrOS という軽量な Linux イメージを利用して OpenStack に配備できるかを確認します。
admin の認証情報を CLI に読み込んでおきます
$ . admin-openrc
ソースイメージをダウンロードします
$ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
イメージのアップロード
イメージサービスに QCOW2 ディスクフォーマットや bare コンテナフォーマットですべてのプロジェクトから参照可能にします
$ openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | checksum | 443b7623e27ecf03dc9e01ee93f67afe | | container_format | bare | | created_at | 2018-11-15T16:50:25Z | | disk_format | qcow2 | | file | /v2/images/6439791d-542b-41fa-a91c-64eaa552e29e/file | | id | 6439791d-542b-41fa-a91c-64eaa552e29e | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | 3b8ce084c51347f38511d61a9f7cd433 | | properties | os_hash_algo='sha512', os_hash_value='6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e2161b5b5186106570c17a9e58b64dd39390617cd5a350f78', os_hidden='False' | | protected | False | | schema | /v2/schemas/image | | size | 12716032 | | status | active | | tags | | | updated_at | 2018-11-15T16:50:25Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
イメージのアップロードの確認
$ openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 6439791d-542b-41fa-a91c-64eaa552e29e | cirros | active | +--------------------------------------+--------+--------+
トラブルシューティング
問題1:ユーザ作成時に apache2 が落ちる
keystone のパスワード間違えるとこうなります。
$ openstack user create --domain default --password-prompt glance An unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-1977942a-6262-4703-be73-c3e450f9c71b)
/var/log/apache2/error.log
[Wed Nov 14 16:15:31.463536 2018] [mpm_event:notice] [pid 1420:tid 139933288274880] AH00491: caught SIGTERM, shutting down
問題2:イメージがアップロードできない
接続が拒否されておるがな。auth_url が参照できていない。/etc/glance/glance-api.conf の [keystone_authtoken] セクション内に auth_url を記述できていなかった。同設定ファイルの他の箇所に auth_url があったのでそちらに指定していた。/var/log/syslog を確認。
$ openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
Error finding address for http://vm-nfj-osctrln1:9292/v2/schemas/image: HTTPConnectionPool(host='vm-nfj-osctrln1', port=9292): Max retries exceeded with url: /v2/schemas/image (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused',))
/var/log/syslog
Nov 15 15:41:37 vm-nfj-osctrln1 glance-api[15054]: ERROR: Auth plugin requires parameters which were not given: auth_url
Keystone サービスに対する認証失敗。Unauthorizedになっている。/var/log/keystone/keystone-wsgi-public.log を確認。openstack user create –domain default –password-prompt glance で glance ユーザに付与していたパスワードと、/etc/glance/glance-api.conf や /etc/glance/glance-registry.conf に設定していたパスワード文字列に差異があったことが原因。
対策として、`openstack user delete –domain default glance` してから再度 glance ユーザを作成し、`openstack role add –project service –user glance admin` を実行することで解決した。
$ openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public 503 Service Unavailable: The server is currently unavailable. Please try again at a later time.: The Keystone service is temporarily unavailable. (HTTP 503)
/var/log/keystone/keystone-wsgi-public.log
2018-11-15 16:01:37.384 1449 INFO keystone.common.wsgi [req-77bcb2c4-f968-4fb3-9bc3-c2e9fea1ae76 - - - - -] POST http://vm-nfj-osctrln1:5000/v3/auth/tokens 2018-11-15 16:01:38.001 1449 WARNING keystone.common.wsgi [req-77bcb2c4-f968-4fb3-9bc3-c2e9fea1ae76 - - - - -] Authorization failed. The request you have made requires authentication. from 10.2.55.11: Unauthorized: The request you have made requires authentication.
次回は nova
