Contenu connexe Similaire à glance replicator Similaire à glance replicator (20) glance replicator1. Advent Calendar 2012 JP
openstack
Open source software to build public and private clouds.
glance-replicator
glance-replicator
2012.12.23 @irix_jp
1
2. glance-replicator
● folsom から glance に組み込まれたコマンドツー
ル
● 二つの glance サーバ間で image のレプリケー
ションができる。
● レプリケーションだけでなく、イメージのインポート・
エクスポートも可能
2
3. 動作イメージ
images
glance-replicator
glance-api glance-registry glance-api glance-registry
DB DB
images images
data store keystone data store keystone
3
4. コマンド (stable/folsom)
$ glance-replicator –h
Usage: glance-replicator <command> [options] [args]
Commands:
help <command> Output help for one of the commands below
compare What is missing from the slave glance?
dump Dump the contents of a glance instance to local disk.
livecopy Load the contents of one glance instance into another.
load Load the contents of a local directory into glance.
size Determine the size of a glance instance if dumped to disk.
4
5. TIPS
● 認証にはテナント・ユーザ・パスワードではな
く、 keystone が発行した TOKEN を使う
● TOKEN を取得するスクリプト
– get_token.sh
#!/bin/bash
HOST_IP=$1
ADMIN_TENANT=$2
ADMIN_USER=$3
ADMIN_PASSWORD=$4
TOKEN=`curl -s -d "{"auth":{"passwordCredentials":
{"username": "$ADMIN_USER", "password": "$ADMIN_PASSWORD"}, "tenan
tName": "$ADMIN_TENANT"}}" -H "Content-type: application/json" http://
$HOST_IP:5000/v2.0/tokens | python -c "import sys; import json; tok =
json.loads(sys.stdin.read()); print tok['access']['token']['id'];"`
echo $TOKEN
5
6. テスト環境
● 二つの独立した OpenStack 環境を構築
● devstack での All in One 環境( localrc は次項)
192.168.128.100 192.168.128.200
Ubuntu12.04 Ubuntu12.04
Folsom/stable Folsom/stable
Devstack Devstack
(all in one) (all in one)
6
7. localrc
HOST_IP=192.168.128.100 HOST_IP=192.168.128.200
ADMIN_PASSWORD=openstack ADMIN_PASSWORD=openstack
MYSQL_PASSWORD=$ADMIN_PASSWORD MYSQL_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD SERVICE_PASSWORD=$ADMIN_PASSWORD
SERVICE_TOKEN=admintoken SERVICE_TOKEN=admintoken
disable_service n-net disable_service n-net
disable_service n-obj disable_service n-obj
enable_service q-svc enable_service q-svc
enable_service q-agt enable_service q-agt
enable_service q-dhcp enable_service q-dhcp
enable_service q-l3 enable_service q-l3
ENABLE_TENANT_TUNNELS=True ENABLE_TENANT_TUNNELS=True
FIXED_RANGE=172.24.17.0/24 FIXED_RANGE=172.24.17.0/24
NETWORK_GATEWAY=172.24.17.254 NETWORK_GATEWAY=172.24.17.254
FLOATING_RANGE=10.0.0.0/24 FLOATING_RANGE=10.0.0.0/24
NOVA_BRANCH=stable/folsom NOVA_BRANCH=stable/folsom
GLANCE_BRANCH=stable/folsom GLANCE_BRANCH=stable/folsom
KEYSTONE_BRANCH=stable/folsom KEYSTONE_BRANCH=stable/folsom
HORIZON_BRANCH=stable/folsom HORIZON_BRANCH=stable/folsom
CINDER_BRANCH=stable/folsom CINDER_BRANCH=stable/folsom
QUANTUM_BRANCH=stable/folsom QUANTUM_BRANCH=stable/folsom
7
8. 初期状態の glance
● 192.168.128.100
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
● 192.168.128.200
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list
→ 空
8
9. compare
● 100 → 200
$ glance-replicator -v compare 192.168.128.100:9292 192.168.128.200:9292
-M `./get_token.sh 192.168.128.100 admin admin openstack`
-S `./get_token.sh 192.168.128.200 admin admin openstack`
de150d8d-eb33-45f9-88a6-142228b902ba: entirely missing from the destination
0db62cb0-d592-4a24-8fdf-45a44a6f9298: entirely missing from the destination
bcaf789e-df5e-4862-b77b-d6cc8e63d33b: entirely missing from the destination
● 200 → 100
$ glance-replicator -v compare 192.168.128.200:9292 192.168.128.100:9292
-M `./get_token.sh 192.168.128.200 admin admin openstack`
-S `./get_token.sh 192.168.128.100 admin admin openstack`
→ 空
9
10. livecopy
● 100 → 200
$ glance-replicator -v livecopy 192.168.128.100:9292 192.168.128.200:9292 -M `./get_token.sh
192.168.128.100 demo demo openstack` -S `./get_token.sh 192.168.128.200 demo demo openstack`
Considering de150d8d-eb33-45f9-88a6-142228b902ba
de150d8d-eb33-45f9-88a6-142228b902ba is being synced
Considering 0db62cb0-d592-4a24-8fdf-45a44a6f9298
0db62cb0-d592-4a24-8fdf-45a44a6f9298 is being synced
Considering bcaf789e-df5e-4862-b77b-d6cc8e63d33b
bcaf789e-df5e-4862-b77b-d6cc8e63d33b is being synced
● 200 → 100
$ glance-replicator -v compare 192.168.128.200:9292 192.168.128.100:9292
-M `./get_token.sh 192.168.128.200 admin admin openstack`
-S `./get_token.sh 192.168.128.100 admin admin openstack`
→ 空
10
11. コピー後の状態1
● 192.168.128.100
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
● 192.168.128.200
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
11
12. コピー後の状態 2
192.168.128.100
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name
192.168.128.200
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name
admin --os-username admin --os-password openstack image-show admin --os-username admin --os-password openstack image-show
de150d8d-eb33-45f9-88a6-142228b902ba de150d8d-eb33-45f9-88a6-142228b902ba
+-----------------------+--------------------------------------+ +-----------------------+--------------------------------------+
| Property | Value | | Property | Value |
+-----------------------+--------------------------------------+ +-----------------------+--------------------------------------+
| Property 'kernel_id' | bcaf789e-df5e-4862-b77b-d6cc8e63d33b | | Property 'kernel_id' | bcaf789e-df5e-4862-b77b-d6cc8e63d33b |
| Property 'ramdisk_id' | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | | Property 'ramdisk_id' | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 |
| checksum | 2f81976cae15c16ef0010c51e3a6c163 | | checksum | 2f81976cae15c16ef0010c51e3a6c163 |
| container_format | ami | | container_format | ami |
| created_at | 2012-12-22T03:00:42 | | created_at | 2012-12-22T16:46:30 |
| deleted | False | | deleted | False |
| disk_format | ami | | disk_format | ami |
| id | de150d8d-eb33-45f9-88a6-142228b902ba | | id | de150d8d-eb33-45f9-88a6-142228b902ba |
| is_public | True | | is_public | True |
| min_disk | 0 | | min_disk | 0 |
| min_ram | 0 | | min_ram | 0 |
| name | cirros-0.3.0-x86_64-uec | | name | cirros-0.3.0-x86_64-uec |
| owner | a458e9fbf0394622a1aa627550d20daa | | owner | a458e9fbf0394622a1aa627550d20daa |
| protected | False | | protected | False |
| size | 25165824 | | size | 25165824 |
| status | active | | status | active |
| updated_at | 2012-12-22T03:00:43 | | updated_at | 2012-12-22T16:46:31 |
+-----------------------+--------------------------------------+ +-----------------------+--------------------------------------+
● owner(tenant_id) までコピーされている点に注意
● 今回は別の keystone を使っているが、
is_public=true なので image-list に出ているだけ。
12
13. is_public=false だと・・・
● 100 側、 demo ユーザで追加
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active |
| 0d075151-3925-4b85-8f77-d908f1df70be | snap1 | ami | ami | 25165824 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
● Admin(100) → Admin(200) でコピー
● コピーはされるが、誰も参照できない ( コピーされた ID
が 200 側の keystone に存在しないため。
MYSQL> use glance; select id,name,is_public,owner from images;
+--------------------------------------+---------------------------------+-----------+----------------------------------+
| id | name | is_public | owner |
+--------------------------------------+---------------------------------+-----------+----------------------------------+
| 0d075151-3925-4b85-8f77-d908f1df70be | snap1 | 0 | 936ef2486d3749bbb51bfedbc69e9d28 |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | 1 | a458e9fbf0394622a1aa627550d20daa |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | 1 | a458e9fbf0394622a1aa627550d20daa |
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | 1 | a458e9fbf0394622a1aa627550d20daa |
+--------------------------------------+---------------------------------+-----------+----------------------------------+
13
14. ユーザ権限でのコピーだと
● 100 側
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active |
| 0d075151-3925-4b85-8f77-d908f1df70be | snap1 | ami | ami | 25165824 | active |
| 3532fd21-6bf8-440c-9bcb-9ea7df30ce8a | snap2 | ami | ami | 25165824 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
$ glance-replicator -v livecopy 192.168.128.100:9292 192.168.128.200:9292
-M `./get_token.sh 192.168.128.100 demo demo openstack` -S `./get_token.sh 192.168.128.200 demo demo openstack`
● 200 側
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active |
| 3532fd21-6bf8-440c-9bcb-9ea7df30ce8a | snap2 | ami | ami | 25165824 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
snap1 のコピーは、既に同じ ID のイメージが登録されている(参照不可)ため失敗します。
14
15. まとめ
● keystone を共有しているか、していないかで
livecopy の使い方が変わる。
● している場合: admin でコピーすれば終わり
● していない場合:ユーザ権限でコピーする
– ユーザ権限でコピーすると、 is_public=true のものが、 ID が
変わってコピーされてしまう。
● --no-replica-public 等のオプションが欲しい。
– 冬休みに時間があったらパッチ書く(キリッ
● dump/load でいったんファイルに落として操作す
ればどっちでもおk。
15