- This article is published by the official account [Developing Pigeon]! Welcome to follow! ! !
- One. OpenStack service topology design
- (1) Control Node Controller
- (Two) network node Network
- (3) Storage node Storage
- (4) Compute node
- two. KeyStone service
- (1) User
- (2) Credentials
- (3) Authentication
- (4) Token
- (5) Project
- (6) Address Endpoint
- (7) Role
- three. Glance service
- (1) Functions of Glance Service
- (2) Glance service component architecture
- 3.store backend
- (3) Operation of Glance
- 1. Create Image
- 2. Delete Image
- (4) Glance log
- (5) OpenStack command line operation
- 1. Before executing the command, you need to set the environment variable
- 2. The commands of each service can be added, deleted, modified and checked
- 3.help to view the usage of the command
This article is published by the official account [Developing Pigeon]! Welcome to follow! ! !
Old Rules-Sister Town House:
One. OpenStack service topology design
OpenStack is a distributed system consisting of several nodes. Different services in OpenStack can be deployed on each node. At the same time, different components of each service can also be deployed on different nodes in a distributed manner.
(1) Control Node Controller
The services running on the Controller node include Keystone, Glance, Horizon, and management-related components in Nova and Neutron.
There are also services that support OpenStack, such as Mysql, RabbitMQ and network time service NTP.
(Two) network node Network
The running service is Neutron, which provides L2 and L3 networks for OpenStack, including virtual machine networks, DHCP, routing, NAT, etc.
(3) Storage node Storage
Provide block storage service Cinder or object storage service Swift.
(4) Compute node
Run Hypervisor (KVM is used by default). This component is used to create and manage virtual machines. At the same time, it also runs the agent agent of Neutron service to provide network support for virtual machines.
two. KeyStone service
User refers to any entity that uses OpenStack. It can be a real user or other system. When a User requests access to OpenStack, Keystone will verify it. In addition to admin and demo, OpenStack also creates corresponding users for nova, cinder, glance, and neutron services, and admin can manage these users.
Credentials are information used by users to prove their identity, which can be account/password, token, etc.
Authentication is the process by which Keystone verifies the user's identity.
Token is a string composed of numbers and letters. After the User successfully authenticates, it is assigned to the User by KeyStone. The Token will serve as the Credential for accessing the service. The service will verify the validity of the Token with Keystone. The default period of the Token is 24H.
Project is used to group and isolate OpenStack resources (computing, storage, and networking). Depending on the object of OpenStack services, a project can be a customer (tenant in the public cloud) or a department.
Note that the ownership of resources belongs to the Project, not the User. Each User (including admin) must be linked to the Project to be able to access the resources of the Project. A User can belong to multiple Projects.
(6) Address Endpoint
Endpoint is a URL that can be accessed on the Internet. Service exposes its own API through Endpoint, and Keystone is responsible for managing and maintaining the Endpoint of each Service.
Security consists of two parts: Authentication and Authentication.
Keystone implements authentication through Role. Different Roles are defined in Keystone. Each Role may have different permissions, and multiple Roles can be assigned to User.
Each Service determines what each Role can do, and controls access to the Role through its own policy.json file.
three. Glance service
(1) Functions of Glance Service
Provide REST API, allowing users to query and obtain Image metadata and Image itself;
Support multiple ways to store Image, including ordinary file system, Swift, Amazon S3;
Execute a snapshot of the instance instance to create a new Image;
(2) Glance service component architecture
The architecture of Glance is as follows:
You can see that Glance is composed of three parts:
The service process running in the background provides Rest API externally, responds to Image query, acquisition and storage calls, it will not really process the request.
If it is an operation related to Image metadata (metadata), glance-api will forward the request to glance-registry, and then interact with the database to retrieve the corresponding data;
If it is an operation related to the access of the Image itself, glance-api will forward the request to the image storage system store backend;
The service process running in the background of the system is responsible for processing and accessing the metadata of the Image, such as the size and type of the Image, which will be stored in the database database. The default is Mysql.
Glance supports multiple types of images. As follows:
The Glance service does not store the Image itself, but in the backend. Glance supports multiple types of backedn, such as the default local file system, Amazon S3, Cinder, Swift, VMware ESX.
Which backend to use is configured in /etc/glance/glance-api.conf.
(3) Operation of Glance
OpenStack provides two interactive interfaces: Web UI (Horizon) and command line CLI. The command line supports more functions, more parameters, faster execution speed, and CLI can be placed in a script for batch processing, and for time-consuming The CLI is more suitable.
1. Create Image
If the Image is set to public, other projects can use the Image; if it is set to Protected, the Image is not allowed to be deleted. It is recommended to use CLI command line operation, and it can also display the status of creation.
glance image-create –name cirrors—file /tmp/xxxx.img –disk-format qcow2 –container-format bare –progress
The last parameter—progress can display the percentage of Image file upload, which is more intuitive.
2. Delete Image
glance image-delete xxxx
The following is the ID of the Image.
(4) Glance log
The method of OpenStack troubleshooting is mainly through logs, and each Service has its own log. There are two Glance logs, glanceapi.log and glanceregistry.log. The glace-api log records the call of the Rest API, and the glance-registry log records the process of the Glance service processing requests and the operation of the database. If you need a more detailed log, you can
/etc/glance/*.confturn on the debug option in.
(5) OpenStack command line operation
1. Before executing the command, you need to set the environment variable
These variables include username, project, password, etc. If they are not set, then the relevant command line parameters must be set each time the command is executed.
2. The commands of each service can be added, deleted, modified and checked
The format is:
CMD <obj>-create [param1][param2]… CMD <obj>-delete [param1][param2]… CMD <obj>-update [param1][param2]… CMD <obj>-list [param1][param2]… CMD <obj>-show [param1][param2]…
If image is managed in glance, then CMD is glance and obj is image;
Netron manages networks and subnets, then CMD is neutron, and obj is net and subnet;
The obj of nova can be omitted, such as the operation for instance:
nova boot , nova delete, nova list, nova show;
3.help to view the usage of the command
The format is:
CMD help [sub-CMD]
For example, glance help image-update can query the usage of image-update.