7.OpenStack管理(一)
OpenStack认证管理-Keystone摘要 本文介绍了OpenStack身份认证服务Keystone的核心概念和管理方法。Keystone中的关键概念包括域(Domain)、用户(User)、用户组(Group)、项目(Project)、角色(Role)等身份认证要素。文章详细演示了域(Domain)的创建、查看和删除操作命令,并指导如何配置多域登录支持。同时展示了用户(User)列表查询等
·
OpenStack管理
OpenStack认证管理-Keystone
Keystone基本概念
| 术语 | 说明 |
|---|---|
| Domain | 域,Keystone中一个虚拟概念,一个域是一组User,Group或Project的容器 |
| User | 用户,是可以通过Keystone访问OpenStack服务的个人、系统或某个服务 |
| Group | 用户组,是一组User的容器,可以向Group中添加用户,并直接给Group分配角色 |
| Project | 项目,是各个服务中一些可以访问的资源集合,项目只需在某个域下唯一即可 |
| Role | 角色,具有一组定义的用户权限和特权以执行一组特定操作,角色不同,被赋予的权限不同 |
| Service | 服务,一种OpenStack服务,服务会对外暴露一个或多个端点,用户可以通过这些端点访问资源并执行操作 |
| Endpoint | 端点,是指一个可以用来访问某个具体服务的网络地址 |
| Token | 令牌,是允许访问特定资源的凭证 |
| Credential | 凭证,确认用户身份的数据,如用户的用户名和密码 |
域 domain
查看domain
[root@controller ~]# source keystonerc_admin
[root@controller ~(keystone_admin)]# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| c4eb37ed8e444db2acf73739f2d7058f | heat | True | |
| default | Default | True | The default domain |
+----------------------------------+---------+---------+--------------------+
创建domain
[root@controller ~(keystone_admin)]# openstack domain create domain-test
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 949d85c6af2d42549ea0b04261a8e558 |
| name | domain-test |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
# 验证
[root@controller ~(keystone_admin)]# openstack domain list
+----------------------------------+-------------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+-------------+---------+--------------------+
| 949d85c6af2d42549ea0b04261a8e558 | domain-test | True | |
| c4eb37ed8e444db2acf73739f2d7058f | heat | True | |
| default | Default | True | The default domain |
+----------------------------------+-------------+---------+--------------------+
删除domain
# 设置domain 禁用
[root@controller ~(keystone_admin)]# openstack domain set --disable domain-test
[root@controller ~(keystone_admin)]# openstack domain delete domain-test
[root@controller ~(keystone_admin)]# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| c4eb37ed8e444db2acf73739f2d7058f | heat | True | |
| default | Default | True | The default domain |
+----------------------------------+---------+---------+--------------------+
开启多域登陆界面
[root@controller ~(keystone_admin)]# cd /etc/openstack-dashboard/
[root@controller openstack-dashboard(keystone_admin)]# ls
cinder_policy.json local_settings nova_policy.d
glance_policy.json local_settings.d nova_policy.json
keystone_policy.json neutron_policy.json
[root@controller openstack-dashboard(keystone_admin)]# vim local_settings
# 修改配置文件83行 如下,开启keystone支持多域
#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
[root@controller openstack-dashboard(keystone_admin)]# systemctl restart httpd
测试多域登陆界面效果:
用户 user
列出所有用户
[root@controller ~(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| d1a0ae2a6ae4467fbe7d4f3f2948c490 | admin |
| 9017b520336543068009b8233e94aea3 | heat_admin |
| 89b206457692472ab22f491f77bc364d | glance |
| 4155180a93c64ab48cb60331e03d233a | cinder |
| c965179f4e01476eaf307b647b1e6833 | nova |
| 27e0030e1e38482a8114df07cc24b839 | placement |
| 560341addde04c1a865649c1f06fe712 | neutron |
| 4ed7f8c367fa4fcf983c964f417d37b6 | swift |
| e5343a06c7d24cfa9b6a8eb7da4b4c79 | heat |
| cf6be60c1d4542aa907841ccb41eb149 | heat-cfn |
| 57e08255b8424a81aff8a3e2042ea90c | gnocchi |
| 0c495008f0ae4181854c3baaa89a275f | ceilometer |
| 1121a2d9ee27433e92f76781e4ffff5f | aodh |
| 1dba4573e3e549a2adeaee0eb97f46c3 | user1 |
+----------------------------------+------------+
创建新用户:user1
# 创建用户user1密码HUAWEI
[root@controller ~(keystone_admin)]# openstack user create --password HUAWEI user1
# 验证
[root@controller ~(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| d1a0ae2a6ae4467fbe7d4f3f2948c490 | admin |
| 9017b520336543068009b8233e94aea3 | heat_admin |
| 89b206457692472ab22f491f77bc364d | glance |
| 4155180a93c64ab48cb60331e03d233a | cinder |
| c965179f4e01476eaf307b647b1e6833 | nova |
| 27e0030e1e38482a8114df07cc24b839 | placement |
| 560341addde04c1a865649c1f06fe712 | neutron |
| 4ed7f8c367fa4fcf983c964f417d37b6 | swift |
| e5343a06c7d24cfa9b6a8eb7da4b4c79 | heat |
| cf6be60c1d4542aa907841ccb41eb149 | heat-cfn |
| 57e08255b8424a81aff8a3e2042ea90c | gnocchi |
| 0c495008f0ae4181854c3baaa89a275f | ceilometer |
| 1121a2d9ee27433e92f76781e4ffff5f | aodh |
| 1dba4573e3e549a2adeaee0eb97f46c3 | user1 |
+----------------------------------+------------+
# 查看user1用户详细信息
[root@controller ~(keystone_admin)]# openstack user show user1
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 6538330d9ce04926ba60cbdfd32fc1a4 |
| domain_id | default |
| enabled | True |
| id | 1dba4573e3e549a2adeaee0eb97f46c3 |
| name | user1 |
| options | {'lock_password': False} |
| password_expires_at | None |
+---------------------+----------------------------------+
组 group
创建group1,并将user1加入group1
# 创建组group1
[root@controller ~(keystone_admin)]# openstack group create group1
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| id | e955c62e2e9e48218c47cbd57c996348 |
| name | group1 |
+-------------+----------------------------------+
# 查看group1组的详细信息
[root@controller ~(keystone_admin)]# openstack group show group1
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| id | e955c62e2e9e48218c47cbd57c996348 |
| name | group1 |
+-------------+----------------------------------+
# 列出所有组
[root@controller ~(keystone_admin)]# openstack group list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| e955c62e2e9e48218c47cbd57c996348 | group1 |
+----------------------------------+--------+
# 将user1加入group1
[root@controller ~(keystone_admin)]# openstack group add user group1 user1
# 查看user1是否隶属于group1
[root@controller ~(keystone_admin)]# openstack group contains user group1 user1
user1 in group group1
角色 role
查看角色role
[root@controller ~(keystone_admin)]# openstack role list
+----------------------------------+------------------+
| ID | Name |
+----------------------------------+------------------+
| 23af44ab27224e5da00ff8d248858899 | _member_ |
| 2ec82f8fa09344718963cbfc1182bae5 | heat_stack_owner |
| 402c2a267e49491aa7c3e824a000ff54 | SwiftOperator |
| 7895328276fc4b1289180f30bd94ca5b | ResellerAdmin |
| bfde67644d054ad686a35f7f7332e248 | heat_stack_user |
| e0e123b4642f4537a61bc7a746414cfe | member |
| ea2ee3451a554249908610a0642e6e38 | reader |
| ee67413dd21c4d8b81710a50ebaf1ff5 | admin |
+----------------------------------+------------------+
给group1赋予角色admin
[root@controller ~(keystone_admin)]# openstack role add --project admin --group group1 admin
# 验证group1角色
[root@controller ~(keystone_admin)]# openstack role assignment list --names --group group1
+-------+------+----------------+---------------+--------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+-------+------+----------------+---------------+--------+--------+-----------+
| admin | | group1@Default | admin@Default | | | False |
+-------+------+----------------+---------------+--------+--------+-----------+
项目 project
创建ProjectA
# 创建项目ProjectA
[root@controller ~(keystone_admin)]# openstack project create ProjectA
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| enabled | True |
| id | bc87c6dd4106450aab94ac023f6a8836 |
| is_domain | False |
| name | ProjectA |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
# 将ProjectA分配给用户user1
[root@controller ~(keystone_admin)]# openstack user set --project ProjectA user1
# 给项目ProjectA里的用户user1赋予角色admin
[root@controller ~(keystone_admin)]# openstack role add --user user1 --project ProjectA admin
思考:同样的方式
创建一个项目ProjectB,分配给用户user2,角色admin
创建一个用户user3,在项目ProjectA中的角色为member
# 创建一个项目ProjectB,分配给用户user2,角色admin
修改ProjectA的配额
# 将ProjectA配额设置为实例3,vcpu 5,内存5000MB
[root@controller ~(keystone_admin)]# openstack quota set --instances 3 --cores 5 --ram 5000 ProjectA
验证,使用user1登陆,切换到ProjectA
服务 service
查看OpenStack的服务
[root@controller ~(keystone_admin)]# openstack service list
+----------------------------------+------------+----------------+
| ID | Name | Type |
+----------------------------------+------------+----------------+
| 0c5ff19a6a864da396d953b59590426c | heat | orchestration |
| 1cae26e01e434ff4ae620cc1929d6e41 | cinderv2 | volumev2 |
| 2773a522dca34943a4b0fe7fe605feab | gnocchi | metric |
| 45a05fc964734fde92c2236c0e8ae167 | placement | placement |
| 4d4626a7283941b084d99415873cb821 | cinderv3 | volumev3 |
| 584a2e1cfae5474ba9d28c2c37dc63df | aodh | alarming |
| 67cfa27ca3824e1493cdb53461e9549d | nova | compute |
| 834174494a2c453385c93ef4437fa152 | keystone | identity |
| ac8ce7d0cd924134a0364870fc6dcb48 | swift | object-store |
| c1c2d30f8b15473d952f5aaa1f2a4b07 | glance | image |
| cbffff6349e148ab88f008830a882328 | ceilometer | metering |
| ef89150201f4465c9dde8c7f5a3314f1 | neutron | network |
| efcfe80e0d7c4e63bfe81c9825ad0058 | heat-cfn | cloudformation |
+----------------------------------+------------+----------------+
端点 endpoint
查看OpenStack endpoint
[root@controller ~(keystone_admin)]# openstack service list
查看catalog
[root@controller ~(keystone_admin)]# openstack catalog list
理解Keystone核心概念
作为 OpenStack 的基础支持服务,Keystone 做下面这几件事情:
- 管理用户及其权限
- 维护 OpenStack Services 的 Endpoint
- Authentication(认证)和 Authorization(鉴权)
学习 Keystone,得理解下面这些概念:
User
指代任何使用OpenStack的实体,可以是真正的用户,其他系统或者服务
Credentials
Credentials是User用来证明自己身份的信息,可以是:
- 用户名/密码
- Token
- API Key
- 其他高级方式
Authentication
Authentication是Keystone 验证User身份的过程
Token
Token 是由数字和字母组成的字符串,User 成功 Authentication 后 Keystone 生成 Token 并分配给 User
Token的有效期默认是24小时
Project
project用于将OpenStack的资源(计算,存储,网络)进行分组和隔离
根据 OpenStack 服务的对象不同,Project 可以是一个客户(公有云,也叫租户)、部门或者项目组 (私有云)
注意:
- 资源的所有权是属于 Project 的,而不是 User。
- 在 OpenStack 的界面和文档中,Tenant / Project / Account 这几个术语是通用的,但长期看会倾 向使用 Project
- 每个 User(包括 admin)必须挂在 Project 里才能访问该 Project 的资源。 一个User可以属于多 个 Project
- admin 相当于 root 用户,具有最高权限
Service
OpenStack 的 Service 包括 Compute (Nova)、Block Storage (Cinder)、Object Storage (Swift)、 Image Service (Glance) 、Networking Service (Neutron) 等
每个 Service 都会提供若干个 Endpoint,User 通过 Endpoint 访问资源和执行操作
Endpoint
Endpoint 是一个网络上可访问的地址,通常是一个 URL
Service 通过 Endpoint 暴露自己的 API
Role
安全包含两部分:Authentication(认证)和 Authorization(鉴权)
Authentication 解决的是“你是谁?”的问题
Authorization 解决的是“你能干什么?”的问题
OpenStack镜像管理-glance
公有云(华为云)镜像概念
1. 镜像基本概念
镜像(Image) 是一个包含了软件配置(如操作系统、应用程序等)的模板,用于创建云服务器实例。
2. 镜像的主要特性
- 预配置环境:包含完整的操作系统和预装软件
- 快速部署:基于镜像可快速创建多个相同配置的云服务器
- 标准化:确保环境一致性,便于运维管理
- 版本管理:支持镜像的创建、更新、删除等生命周期管理
3. 华为云镜像分类
-
公共镜像
- 由华为云官方提供
- 包含正版操作系统(Windows、Linux等)
- 经过安全性测试和优化
- 定期更新补丁
-
私有镜像
- 用户自定义创建的镜像
- 基于云服务器实例创建
- 包含用户特定的应用环境
- 支持跨区域复制
-
共享镜像
- 其他用户共享的私有镜像
- 需要在同一区域内
- 接受方需确认使用
-
市场镜像
- 第三方提供商提供的镜像
- 包含特定行业解决方案
- 经过华为云认证
4. 镜像格式支持
- RAW:原始磁盘镜像格式
- QCOW2:QEMU模拟器支持格式(推荐)
- VHD:虚拟硬盘格式
- VMDK:VMware虚拟磁盘格式
- ISO:光盘镜像格式
最主要的作用:节约时间
glance在OpenStack中的作用
glance架构
Glance 是 OpenStack 的镜像服务组件,负责虚拟机的镜像发现、注册和交付
镜像、实例和规格的关系:
用户可以从同一个镜像启动任意数量的实例
每个启动的实例都是基于镜像的一个副本,实例上的任何修改都不会影响到镜像
启动实例时,必须指定一个规格,实例按照规格使用资源
上传镜像实验
实验上传两个镜像:
cirros-0.5.2-x86_64-disk.img
TinyCore-12.0.iso
直接先将这2个文件,拖放到controller节点的/root目录。观察两个文件磁盘格式
[root@controller ~]# ls
TinyCore-12.0.iso answers.txt.bak keystonerc_user1
anaconda-ks.cfg cirros-0.5.2-x86_64-disk.img
answers.txt keystonerc_admin
[root@controller ~]# qemu-img info cirros-0.5.2-x86_64-disk.img
image: cirros-0.5.2-x86_64-disk.img
file format: qcow2
virtual size: 112 MiB (117440512 bytes)
disk size: 15.5 MiB
cluster_size: 65536
Format specific information:
compat: 1.1
compression type: zlib
lazy refcounts: false
refcount bits: 16
corrupt: false
extended l2: false
[root@controller ~]# qemu-img info TinyCore-12.0.iso
image: TinyCore-12.0.iso
file format: raw
virtual size: 20 MiB (20971520 bytes)
disk size: 20 MiB
在web界面上传镜像
点击镜像
在命令行中查找
[root@controller ~]# find / -name 0fbd7698-9f03-420c-b941-9903c11af5a3
find: '/proc/157278': No such file or directory
find: '/proc/157300': No such file or directory
/var/lib/glance/images/0fbd7698-9f03-420c-b941-9903c11af5a3
去数据库中查看现象
[root@controller ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14921
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| aodh |
| cinder |
| glance |
| gnocchi |
| heat |
| information_schema |
| keystone |
| mysql |
| neutron |
| nova |
| nova_api |
| nova_cell0 |
| performance_schema |
| placement |
| test |
+--------------------+
15 rows in set (0.001 sec)
MariaDB [(none)]> use glance;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| alembic_version |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
15 rows in set (0.000 sec)
MariaDB [glance]> select id,value from image_locations;
+----+--------------------------------------------------------------------+
| id | value |
+----+--------------------------------------------------------------------+
| 1 | file:///var/lib/glance/images/0fbd7698-9f03-420c-b941-9903c11af5a3 |
| 2 | file:///var/lib/glance/images/7e3eb0af-ddab-4d2f-8084-cf2acef0dc60 |
+----+--------------------------------------------------------------------+
2 rows in set (0.000 sec)
使用swift作为glance后端存储
[root@controller ~]# grep -Ev '^#' /etc/glance/glance-api.conf | grep -Ev '^$'
[DEFAULT]
bind_host=0.0.0.0
bind_port=9292
workers=2
image_cache_dir=/var/lib/glance/image-cache
debug=False
log_file=/var/log/glance/api.log
log_dir=/var/log/glance
transport_url=rabbit://guest:guest@192.168.108.10:5672/
[cinder]
[cors]
[database]
connection=mysql+pymysql://glance:huawei@192.168.108.10/glance
[file]
[glance.store.http.store]
[glance.store.rbd.store]
[glance.store.s3.store]
[glance.store.swift.store]
[glance.store.vmware_datastore.store]
[glance_store]
stores=file,http,swift
default_store=file
filesystem_store_datadir=/var/lib/glance/images/
[image_format]
[keystone_authtoken]
www_authenticate_uri=http://192.168.108.10:5000/v3
auth_type=password
auth_url=http://192.168.108.10:5000
username=glance
password=huawei
user_domain_name=Default
project_name=services
project_domain_name=Default
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
driver=messagingv2
topics=notifications
[oslo_messaging_rabbit]
ssl=False
default_notification_exchange=glance
[oslo_middleware]
[oslo_policy]
policy_file=/etc/glance/policy.json
[paste_deploy]
flavor=keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
[wsgi]
# 查看swift密码方式
[root@controller ~]# vim answers.txt
1137 CONFIG_SWIFT_HASH=... ... 这个密码修改到上面的配置文件
[root@controller ~]# vim /etc/glance/glance-api.conf
4408 swift_store_key = ... ...
3111 default_store=swift
3982 swift_store_region = RegionOne
4090 swift_store_container = gqdglance
4118 swift_store_large_object_size = 5120
4160 swift_store_create_container_on_put = true
4182 swift_store_multi_tenant = true
4230 swift_store_admin_tenants = services
4391 swift_store_auth_address = http://192.168.108.10:5000/v3
4399 swift_store_user = swift
# 重启glance进程
[root@controller ~]# systemctl restart openstack-glance*
web界面上传镜像,测试效果
数据库中观察现象
[root@controller ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 23399
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use glance
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [glance]> select id,value from image_locations;
+----+---------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id | value |
+----+---------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 1 | file:///var/lib/glance/images/0fbd7698-9f03-420c-b941-9903c11af5a3 |
| 2 | file:///var/lib/glance/images/7e3eb0af-ddab-4d2f-8084-cf2acef0dc60 |
| 3 | swift+http://192.168.108.10:8080/v1/AUTH_6538330d9ce04926ba60cbdfd32fc1a4/gqdglance_1beb226f-d266-4a13-9f63-e2f4d49daa27/1beb226f-d266-4a13-9f63-e2f4d49daa27 |
+----+---------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.001 sec)
命令行上传大文件镜像-带进度条
web界面上传文件没有进度条,只会转圈
命令行上传大文件
[root@controller ~]# source keystonerc_admin
[root@controller ~(keystone_admin)]# glance image-create --name image_cen
tos --file CentOS-7-x86_64-Minimal-1810.iso --disk-format raw --container bare --progress
建议:OpenStack 上传大文件使用命令行,web界面可能上传失败
glance镜像管理实验
通过OpenStack Dashboard和OpenStack CLI两种方式进行镜像的下载、创建、注册、 共享以及镜像格式转换等基本操作
实验目的
- 了解下载镜像的方法
- 熟悉OpenStack Dashboard 和OpenStack CLI 创建、注册以及修改镜像方法
- 熟悉OpenStack Dashboard和OpenStack CLI共享镜像、转换镜像格式以及导出和删除镜像的 方法
实验流程
OpenStack Dashboard 操作
1.下载镜像
cirros 镜像是一个比较小(12 M左右)的Linux镜像,镜像格式为QCOW2,下载后可直接注册使用。以 下将以cirros 镜像为例进行介绍,其他镜像获取方法参考如下链接:https://docs.openstack.org/image-guide/obtain-images.html
2.创建并注册镜像
3.修改镜像
OpenStack Cli 操作
1.下载镜像
[root@controller ~]# source keystonerc_admin
# 上传镜像cirros-0.5.2-x86_64-disk.img
[root@controller ~(keystone_admin)]# ls
anaconda-ks.cfg cirros-0.5.2-x86_64-disk.img keystonerc_admin
answers.txt keystonerc_User_cli_01
answers.txt.bak keystonerc_User_cli_02
[root@controller ~(keystone_admin)]# qemu-img info cirros-0.5.2-x86_64-disk.img
image: cirros-0.5.2-x86_64-disk.img
file format: qcow2
virtual size: 112 MiB (117440512 bytes)
disk size: 15.5 MiB
cluster_size: 65536
Format specific information:
compat: 1.1
compression type: zlib
lazy refcounts: false
refcount bits: 16
corrupt: false
extended l2: false
2.创建并注册镜像
[root@controller ~(keystone_admin)]# openstack image create --disk-format qcow2 --container-format bare --min-disk 1 --min-ram 128 --private --file ./cirros-0.5.2-x86_64-disk.img Img_cli
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+
| container_format | bare |
| created_at | 2025-10-28T02:13:11Z |
| disk_format | qcow2 |
| file | /v2/images/fc5531bc-f4c5-4442-a0a8-dacc610026bd/file |
| id | fc5531bc-f4c5-4442-a0a8-dacc610026bd |
| min_disk | 1 |
| min_ram | 128 |
| name | Img_cli |
| owner | 6538330d9ce04926ba60cbdfd32fc1a4 |
| properties | os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/Img_cli', owner_specified.openstack.sha256='' |
| protected | False |
| schema | /v2/schemas/image |
| status | queued |
| tags | |
| updated_at | 2025-10-28T02:13:11Z |
| visibility | private |
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+
# 查看镜像列表
[root@controller ~(keystone_admin)]# openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| fc5531bc-f4c5-4442-a0a8-dacc610026bd | Img_cli | active |
| efec5f1d-ee48-43ee-bdfc-dc1ee2c0a590 | Img_web | active |
+--------------------------------------+---------+--------+
3.修改镜像
[root@controller ~(keystone_admin)]# source keystonerc_admin
# 将镜像“Img_cli”设置为“public”
[root@controller ~(keystone_admin)]# openstack image set --public Img_cli
[root@controller ~(keystone_admin)]# openstack image show Img_cli
导入用户“User_cli_01”的环境变量,查看镜像列表中是否会显示镜像 “Img_cli”
[root@controller ~(keystone_admin)]# source keystonerc_User_cli_01
[root@controller ~(keystone_User_cli_01)]# openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| fc5531bc-f4c5-4442-a0a8-dacc610026bd | Img_cli | active |
| efec5f1d-ee48-43ee-bdfc-dc1ee2c0a590 | Img_web | active |
+--------------------------------------+---------+--------+
4.共享镜像
[root@controller ~(keystone_User_cli_01)]# source keystonerc_admin
# 将镜像设置为“shared”
[root@controller ~(keystone_admin)]# openstack image set --shared Img_cli
[root@controller ~(keystone_admin)]# source keystonerc_User_cli_01
[root@controller ~(keystone_User_cli_01)]# openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| efec5f1d-ee48-43ee-bdfc-dc1ee2c0a590 | Img_web | active |
+--------------------------------------+---------+--------+
# 导入用户admin的环境变量,并查看镜像列表和项目列表
[root@controller ~(keystone_User_cli_01)]# source keystonerc_admin
[root@controller ~(keystone_admin)]# openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| fc5531bc-f4c5-4442-a0a8-dacc610026bd | Img_cli | active |
| efec5f1d-ee48-43ee-bdfc-dc1ee2c0a590 | Img_web | active |
+--------------------------------------+---------+--------+
[root@controller ~(keystone_admin)]# openstack project list
+----------------------------------+-------------+
| ID | Name |
+----------------------------------+-------------+
| 170a2a62b1f044909d8f287cca4b9040 | Project_cli |
| 48ed70898bd64fe5a0ab8429d04527d3 | services |
| 6538330d9ce04926ba60cbdfd32fc1a4 | admin |
| d1bed3db026e45b39ab37fa4eb725d9a | Project_web |
+----------------------------------+-------------+
# 记录镜像“Img_cli”和项目“Project_cli”的ID
[root@controller ~(keystone_admin)]# openstack image add project fc5531bc-f4c5-4442-a0a8-dacc610026bd 170a2a62b1f044909d8f287cca4b9040
+------------+--------------------------------------+
| Field | Value |
+------------+--------------------------------------+
| created_at | 2025-10-28T02:59:39Z |
| image_id | fc5531bc-f4c5-4442-a0a8-dacc610026bd |
| member_id | 170a2a62b1f044909d8f287cca4b9040 |
| schema | /v2/schemas/member |
| status | pending |
| updated_at | 2025-10-28T02:59:39Z |
+------------+--------------------------------------+
# 执行完后,查看状态为“pending”
[root@controller ~(keystone_admin)]# source keystonerc_User_cli_01
[root@controller ~(keystone_User_cli_01)]# openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| efec5f1d-ee48-43ee-bdfc-dc1ee2c0a590 | Img_web | active |
+--------------------------------------+---------+--------+
# 若状态为“pending”,用户还是无法查看共享的镜像
# 记录Img_cli的id
# 更新状态为“accept”,接收共享镜像
[root@controller ~(keystone_User_cli_01)]# openstack image set --accept fc5531bc-f4c5-4442-a0a8-dacc610026bd
[root@controller ~(keystone_User_cli_01)]# openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| fc5531bc-f4c5-4442-a0a8-dacc610026bd | Img_cli | active |
| efec5f1d-ee48-43ee-bdfc-dc1ee2c0a590 | Img_web | active |
+--------------------------------------+---------+--------+
5.转换镜像格式
上传环境文件
[root@controller ~(keystone_User_cli_01)]# source keystonerc_admin
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]# ls
anaconda-ks.cfg cirros-0.5.2-x86_64-disk.img
answers.txt keystonerc_User_cli_01
answers.txt.bak keystonerc_User_cli_02
bionic-server-cloudimg-amd64.vmdk keystonerc_admin
[root@controller ~(keystone_admin)]# qemu-img info bionic-server-cloudimg-amd64.vmdk
image: bionic-server-cloudimg-amd64.vmdk
file format: vmdk
virtual size: 10 GiB (10737418240 bytes)
disk size: 370 MiB
cluster_size: 65536
Format specific information:
cid: 2119925927
parent cid: 4294967295
create type: streamOptimized
extents:
[0]:
compressed: true
virtual size: 10737418240
filename: bionic-server-cloudimg-amd64.vmdk
cluster size: 65536
format:
将镜像从VMDK格式转换为QCOW2格式
[root@controller ~(keystone_admin)]# qemu-img convert -f vmdk -O qcow2 -c -p bionic-server-cloudimg-amd64.vmdk bionic-server-cloudimg-amd64.qcow2
-f:指定输入磁盘镜像格式
-O:指定输出格式
-c:目标只能被压缩成QCOW2格式
-p:显示转换进度
[root@controller ~(keystone_admin)]# qemu-img info bionic-server-cloudimg-amd64.qcow2
image: bionic-server-cloudimg-amd64.qcow2
file format: qcow2
virtual size: 10 GiB (10737418240 bytes)
disk size: 387 MiB
cluster_size: 65536
Format specific information:
compat: 1.1
compression type: zlib
lazy refcounts: false
refcount bits: 16
corrupt: false
extended l2: false
创建镜像“Ubuntu_cli”,镜像格式为“QCOW2”,镜像状态为 “public”
[root@controller ~(keystone_admin)]# openstack image create --disk-format qcow2 --container-format bare --min-disk 1 --min-ram 128 --public --file ./bionic-server-cloudimg-amd64.qcow2 Ubuntu_cli
6.导出镜像
[root@controller ~(keystone_admin)]# openstack image list
+--------------------------------------+------------+--------+
| ID | Name | Status |
+--------------------------------------+------------+--------+
| fc5531bc-f4c5-4442-a0a8-dacc610026bd | Img_cli | active |
| efec5f1d-ee48-43ee-bdfc-dc1ee2c0a590 | Img_web | active |
| 083fb830-7d06-4296-a907-0fba621c58a0 | Ubuntu_cli | active |
+--------------------------------------+------------+--------+
# 保存镜像“Ubuntu_cli”到本地
[root@controller ~(keystone_admin)]# openstack image save --file Ubuntu.qcow2 Ubuntu_cli
7.删除镜像
[root@controller ~(keystone_admin)]# openstack image delete Ubuntu_cli
# 验证
[root@controller ~(keystone_admin)]# openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| fc5531bc-f4c5-4442-a0a8-dacc610026bd | Img_cli | active |
| efec5f1d-ee48-43ee-bdfc-dc1ee2c0a590 | Img_web | active |
+--------------------------------------+---------+--------+
有“AI”的1024 = 2048,欢迎大家加入2048 AI社区
更多推荐
14
0- 0
已为社区贡献5条内容
所有评论(0)