7. Glance インストール手順

イメージ管理担当 Glance インストール手順を記載します。

7.1. Github からコードを取得する

Github から stable/diablo のコードを取得します。

$ cd /usr/local/src
$ sudo git clone https://github.com/openstack/glance.git -b stable/diablo
$ cd glance
$ git branch
* stable/diablo

7.2. Glance インストール

glance/tools/pip-requires には Glance と依存関係があるものが列挙されれています。

Glance 本体のインストール前にこれらをインストールします。(Ubuntu パッケージでインストールしても OK)

この時、なぜか swift をインストールしようとしてしまうためこれを削除した上でパッケージのインストールを行します。

$ sudo sed -i -e 's/^swift/#swift/' /usr/local/src/glance/tools/pip-requires
$ sudo -i
# pip install -r /usr/local/src/glance/tools/pip-requires
(こけたらバージョンのせいかも)

全てのパッケージがインストールされたことを確認し、Glance のインストールを行います。

# cd /usr/local/src/glance
# python setup.py build
# python setup.py install --record installfile.txt

7.3. 環境設定

7.3.1. 各種ディレクトリの作成とユーザ等環境の設定

Glance 用のユーザと必要(そうな)ディレクトリを作成します。

# mkdir -p /etc/glance /var/lib/glance/{image-cache,images} /var/log/glance
# useradd -r -d /var/lib/glance -s /bin/bash glance
(本番環境構築時は -r だけではなく UID, GID を指定した方が良い)

7.3.2. 起動スクリプトの作成

# cd /etc/init.d
# ln -s /lib/init/upstart-job glance-api
# ln -s /lib/init/upstart-job glance-registry
# cat << _EOF_ > /etc/init/glance-api.conf
description "Glance API server"
author "Soren Hansen <soren@linux2go.dk>"

start on (local-filesystems and net-device-up IFACE!=lo)
stop on runlevel [016]

respawn

exec su -c "glance-api" glance
_EOF_
# cat << _EOF_ > /etc/init/glance-registry.conf
description "Glance registry server"
author "Soren Hansen <soren@linux2go.dk>"

start on (local-filesystems and net-device-up IFACE!=lo)
stop on runlevel [016]

respawn

exec su -c "glance-registry" glance
_EOF_

7.3.3. logrotate 設定

ローテート期間や所有者などは別途調整の上、設定を行います。

# cat << _EOF_ > /etc/logrotate.d/glance
/var/log/glance/*.log {
    daily
    missingok
}
_EOF_

# exit

7.3.4. 設定ファイルのコピー

KeyStone 連携が必要ない場合は以下ファイルのコピーだけで OK です。

$ sudo cp -p /usr/local/src/glance/etc/glance-* /etc/glance/
$ sudo chown -R glance:glance /etc/glance /var/lib/glance /var/log/glance

KeyStone 連携する場合は以下のファイルもコピーする必要があります。(コピーの順番に注意)

$ sudo cp /usr/local/src/keystone/examples/paste/glance-* /etc/glance
$ sudo chown -R glance:glance /etc/glance

7.4. /etc/glance/glance-api.conf の修正

サンプル設定ファイルを修正します。KeyStone 連携を行う場合の設定を記載します。

7.4.1. デフォルトの設定ファイル(2012/02/02)

[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = True

# Show debugging output in logs (sets DEBUG log level output)
debug = False

# Which backend store should Glance use by default is not specified
# in a request to add a new image to Glance? Default: 'file'
# Available choices are 'file', 'swift', and 's3'
default_store = file

# Address to bind the API server
bind_host = 0.0.0.0

# Port the bind the API server to
bind_port = 9292

# Address to find the registry server
registry_host = 0.0.0.0

# Port the registry server is listening on
registry_port = 9191

# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
log_file = /var/log/glance/api.log

# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
use_syslog = False

# ============ Notification System Options =====================

# Notifications can be sent when images are create, updated or deleted.
# There are three methods of sending notifications, logging (via the
# log_file directive), rabbit (via a rabbitmq queue) or noop (no
# notifications sent, the default)
notifier_strategy = noop

# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
rabbit_host = localhost
rabbit_port = 5672
rabbit_use_ssl = false
rabbit_userid = guest
rabbit_password = guest
rabbit_virtual_host = /
rabbit_notification_topic = glance_notifications

# ============ Filesystem Store Options ========================

# Directory that the Filesystem backend store
# writes image data to
filesystem_store_datadir = /var/lib/glance/images/

# ============ Swift Store Options =============================

# Address where the Swift authentication service lives
swift_store_auth_address = 127.0.0.1:8080/v1.0/

# User to authenticate against the Swift authentication service
swift_store_user = jdoe

# Auth key for the user authenticating against the
# Swift authentication service
swift_store_key = a86850deb2742ec3cb41518e26aa2d89

# Container within the account that the account should use
# for storing images in Swift
swift_store_container = glance

# Do we create the container if it does not exist?
swift_store_create_container_on_put = False

# What size, in MB, should Glance start chunking image files
# and do a large object manifest in Swift? By default, this is
# the maximum object size in Swift, which is 5GB
swift_store_large_object_size = 5120

# When doing a large object manifest, what size, in MB, should
# Glance write chunks to Swift? This amount of data is written
# to a temporary disk buffer during the process of chunking
# the image file, and the default is 200MB
swift_store_large_object_chunk_size = 200

# Whether to use ServiceNET to communicate with the Swift storage servers.
# (If you aren't RACKSPACE, leave this False!)
#
# To use ServiceNET for authentication, prefix hostname of
# `swift_store_auth_address` with 'snet-'.
# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
swift_enable_snet = False

# ============ S3 Store Options =============================

# Address where the S3 authentication service lives
# Valid schemes are 'http://' and 'https://'
# If no scheme specified,  default to 'http://'
s3_store_host = 127.0.0.1:8080/v1.0/

# User to authenticate against the S3 authentication service
s3_store_access_key = <20-char AWS access key>

# Auth key for the user authenticating against the
# S3 authentication service
s3_store_secret_key = <40-char AWS secret key>

# Container within the account that the account should use
# for storing images in S3. Note that S3 has a flat namespace,
# so you need a unique bucket name for your glance images. An
# easy way to do this is append your AWS access key to "glance".
# S3 buckets in AWS *must* be lowercased, so remember to lowercase
# your AWS access key if you use it in your bucket name below!
s3_store_bucket = <lowercased 20-char aws access key>glance

# Do we create the bucket if it does not exist?
s3_store_create_bucket_on_put = False

# ============ Image Cache Options ========================

image_cache_enabled = False

# Directory that the Image Cache writes data to
# Make sure this is also set in glance-pruner.conf
image_cache_datadir = /var/lib/glance/image-cache/

# Number of seconds after which we should consider an incomplete image to be
# stalled and eligible for reaping
image_cache_stall_timeout = 86400

# ============ Delayed Delete Options =============================

# Turn on/off delayed delete
delayed_delete = False

[pipeline:glance-api]
pipeline = versionnegotiation context apiv1app
# NOTE: use the following pipeline for keystone
# pipeline = versionnegotiation authtoken auth-context apiv1app

# To enable Image Cache Management API replace pipeline with below:
# pipeline = versionnegotiation context imagecache apiv1app
# NOTE: use the following pipeline for keystone auth (with caching)
# pipeline = versionnegotiation authtoken auth-context imagecache apiv1app

[pipeline:versions]
pipeline = versionsapp

[app:versionsapp]
paste.app_factory = glance.api.versions:app_factory

[app:apiv1app]
paste.app_factory = glance.api.v1:app_factory

[filter:versionnegotiation]
paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory

[filter:imagecache]
paste.filter_factory = glance.api.middleware.image_cache:filter_factory

[filter:context]
paste.filter_factory = glance.common.context:filter_factory

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_token = 999888777666

[filter:auth-context]
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory

7.4.2. 変更箇所とちょっとした解説?

パラメータ 解説 今回設定する値
verbose ログを出力設定 False
debug デバッグログ出力設定 False
default_store 何なのかよくわかりまてん。 sqlite
bind_host APIサーバーをバインドするアドレス 192.168.0.2
registry_host レジストリサーバのアドレス 192.168.0.2
use_syslog ログ出力に Syslog を利用する False (ファシリティの指定はできないみたい)
rabbit_host RabbitMQ サーバのアドレス 192.168.0.2
rabbit_port RabbitMQ サーバのポート 5672
rabbit_use_ssl RabbitMQ サーバで SSL を利用するか false
rabbit_userid RabbitMQ サーバを使用するユーザ glance
rabbit_password RabbitMQ サーバユーザパスワード y7u8i9YUI
rabbit_virtual_host RabbitMQ サーババーチャルホスト /glance
swift_* Swift 関連 使わないので設定しない
service_host KeyStone のIPアドレスを指定 192.168.0.2
service_port KeyStone のサービスポートを指定 5000
auth_host KeyStone のIPアドレスを指定 192.168.0.2
auth_port KeyStone の管理ポートを指定 35357
auth_uri 認証の際にアクセスする URL を指定 http://192.168.0.2:5000/
admin_token アクセス用 Token Key を指定 999888777666

7.5. /etc/glance/glance-registry.conf の修正

サンプル設定ファイルを修正します。KeyStone 連携を行う場合の設定を記載します。

7.5.1. デフォルトの設定ファイル(2012/02/02)

[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = True

# Show debugging output in logs (sets DEBUG log level output)
debug = False

# Address to bind the registry server
bind_host = 0.0.0.0

# Port the bind the registry server to
bind_port = 9191

# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
log_file = /var/log/glance/registry.log

# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
use_syslog = False

# SQLAlchemy connection string for the reference implementation
# registry server. Any valid SQLAlchemy connection string is fine.
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
sql_connection = sqlite:///glance.sqlite

# Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
#
# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
# idle connections. This can result in 'MySQL Gone Away' exceptions. If you
# notice this, you can lower this value to ensure that SQLAlchemy reconnects
# before MySQL can drop the connection.
sql_idle_timeout = 3600

# Limit the api to return `param_limit_max` items in a call to a container. If
# a larger `limit` query param is provided, it will be reduced to this value.
api_limit_max = 1000

# If a `limit` query param is not provided in an api request, it will
# default to `limit_param_default`
limit_param_default = 25

[pipeline:glance-registry]
pipeline = authtoken keystone_shim context registryapp

[app:registryapp]
paste.app_factory = glance.registry.server:app_factory

[filter:context]
context_class = glance.registry.context.RequestContext
paste.filter_factory = glance.common.context:filter_factory

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_token = 999888777666

[filter:keystone_shim]
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory

7.5.2. 変更箇所とちょっとした解説?

パラメータ 解説 今回設定する値
verbose ログを出力設定 False
debug デバッグログ出力設定 False
bind_host APIサーバーをバインドするアドレス 192.168.0.2
use_syslog ログ出力に Syslog を利用する False (ファシリティの指定はできないみたい)
sql_connection データベース 接続文字列 mysql://glance:y7u8i9YUI@localhost/glance
service_host KeyStone のIPアドレスを指定 192.168.0.2
service_port KeyStone のサービスポートを指定 5000
auth_host KeyStone のIPアドレスを指定 192.168.0.2
auth_port KeyStone の管理ポートを指定 35357
auth_uri 認証の際にアクセスする URL を指定 http://192.168.0.2:5000/
admin_token アクセス用 Token Key を指定 999888777666

7.6. サービス起動

設定後、サービスを起動します。サービス起動と同時に DB が作成されます。

$ sudo /etc/init.d/glance-api start
$ sudo /etc/init.d/glance-registry start

7.7. 確認

はいごめんなさい。もっと詳しく書きます。

$ glance -A 999888777666 -H 192.168.0.2 details
$ glance -A 999888777666 -H 192.168.0.2 index