热门标签
热门文章
- 1基于docker的prometheus+grafana+altermanager+prometheus-webhook-dingtalk钉钉报警_prometheus-webhook-dingtalk安装
- 2注册安全分析报告:世界工厂网
- 3区块链知识习题测试:公钥和私钥、公有链、元宇宙_比特币钱包的作用不正确的是_公钥和私钥选择题及答案
- 4【Promptulate】一个强大的大语言自动化与应用开发框架,构建更强悍的GPT应用_anythingllm prompt
- 5opencv-python库 cv2.imread() 读取图片
- 6双端口SRAM中读干扰问题_sram read disturb
- 7都是人工智能,ChatGPT-4 vs GPT-3.5 到底有什么区别呢?_chatgpt 4 比 3.5新的功能
- 8软件测试第一次做项目之银行项目【操作细节总结】_软件测试银行项目经验(1)
- 9maven——(重要)手动创建,构建项目_mvn install:install-file
- 10AI Agent智能应用从0到1定制开发(完结)
当前位置: article > 正文
OpenStack Yoga版安装笔记(六)glance练习
作者:知新_RL | 2024-07-15 14:40:24
赞
踩
OpenStack Yoga版安装笔记(六)glance练习
1、glance架构
Glance api处理来自用户端(OpenStackClient等)的请求,如果是读写镜像元数据,则对glance db进行读写操作,因为镜像元数据都保存在glance db里面;如果是存取镜像本身,则对后端存储进行操作,因为镜像保存在后端存储里。同时,用户端、glance servcie都需要到keystone进行身份认证。
需要注意的是,验证后的授权不在keystone这里处理,而是交给被访问的service处理。比如user访问glance service,具体能读写哪些镜像以及镜像元数据,根据该user的role,由glance service进行授权。
2、glance安装过程
首先,在controller node上的MariaDB中创建glance DB,用于存储镜像的元数据;然后,通过OpenStackClient操作之前创建的keystone DB,创建glance user(即“glance” image service的身份凭证),创建命名为glance的image service,并设置Image service api endpoint;最后,安装glance API软件包,并编辑配置文件,配置必要的连接信息,如glance DB(存储镜像元数据)、keystone的认证信息以及后端存储(存储镜像)等。
在本次安装中,glance数据库、keystone数据库、keystone以及glance都部署在控制节点上。实际上,根据需求,这些组件可以分别安装在不同的服务器上。
3、glance练习1
3.1 keystone DB
- root@controller:~# mysql
- Welcome to the MariaDB monitor. Commands end with ; or \g.
- Your MariaDB connection id is 35
- Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
-
- Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
-
- Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
-
- MariaDB [(none)]> SHOW DATABASES;
- +--------------------+
- | Database |
- +--------------------+
- | glance |
- | information_schema |
- | keystone |
- | mysql |
- | performance_schema |
- | sys |
- +--------------------+
- 6 rows in set (0.002 sec)
-
- MariaDB [(none)]> USE keystone;
- Reading table information for completion of table and column names
- You can turn off this feature to get a quicker startup with -A
-
- Database changed
- MariaDB [keystone]> SHOW TABLES;
- (略)
- MariaDB [keystone]> select * from local_user;
- +----+----------------------------------+----------------------------------+-----------+-------------------+----------------+
- | id | user_id | domain_id | name | failed_auth_count | failed_auth_at |
- +----+----------------------------------+----------------------------------+-----------+-------------------+----------------+
- | 1 | 2947c213547147979dce3c8f8b85697f | default | admin | 0 | NULL |
- | 2 | 9382b59561c04dd1abf0a4cb7a8252ec | default | myuser | 0 | NULL |
- | 4 | 981d061282aa43afba72df6ff637f41c | f2a209f9e83040c9a619ca05c41e952b | testuser1 | 0 | NULL |
- | 5 | b7849907a23b4604a3e3940f4034326b | default | glance | 0 | NULL |
- +----+----------------------------------+----------------------------------+-----------+-------------------+----------------+
- 4 rows in set (0.000 sec)
- MariaDB [keystone]> SELECT * FROM service;
- +----------------------------------+----------+---------+------------------------------------------------------+
- | id | type | enabled | extra |
- +----------------------------------+----------+---------+------------------------------------------------------+
- | 75fe01049ec648b69e48d200971bf601 | identity | 1 | {"name": "keystone"} |
- | d6a3dadf92e542289c5ebd37e3553cdd | image | 1 | {"name": "glance", "description": "OpenStack Image"} |
- +----------------------------------+----------+---------+------------------------------------------------------+
- 2 rows in set (0.000 sec)
- MariaDB [keystone]> SELECT * from endpoint;
- +----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
- | id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
- +----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
- | 56d1454571064cb3ad3c749d18fb57e6 | NULL | admin | d6a3dadf92e542289c5ebd37e3553cdd | http://controller:9292 | {} | 1 | RegionOne |
- | a82bd043e133464fa863fba98b400460 | NULL | admin | 75fe01049ec648b69e48d200971bf601 | http://controller:5000/v3/ | {} | 1 | RegionOne |
- | ac109817862344c4854b783d642be412 | NULL | internal | 75fe01049ec648b69e48d200971bf601 | http://controller:5000/v3/ | {} | 1 | RegionOne |
- | ae98462c8f4346f3991d693232a108d3 | NULL | internal | d6a3dadf92e542289c5ebd37e3553cdd | http://controller:9292 | {} | 1 | RegionOne |
- | e047382ce61740bf9dc4219c97eff2f8 | NULL | public | d6a3dadf92e542289c5ebd37e3553cdd | http://controller:9292 | {} | 1 | RegionOne |
- | eaf4ddaab1b74aa59403f9fbf5fc4ac1 | NULL | public | 75fe01049ec648b69e48d200971bf601 | http://controller:5000/v3/ | {} | 1 | RegionOne |
- +----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
- 6 rows in set (0.000 sec)
-
- MariaDB [keystone]>
3.2 glance DB
- MariaDB [(none)]> use glance;
- Reading table information for completion of table and column names
- You can turn off this feature to get a quicker startup with -A
-
- Database changed
- MariaDB [glance]> show tables;
- +----------------------------------+
- | Tables_in_glance |
- +----------------------------------+
- | alembic_version |
- | image_locations |
- | image_members |
- | image_properties |
- | image_tags |
- | images |
- | metadef_namespace_resource_types |
- | metadef_namespaces |
- | metadef_objects |
- | metadef_properties |
- | metadef_resource_types |
- | metadef_tags |
- | task_info |
- | tasks |
- +----------------------------------+
- 14 rows in set (0.000 sec)
-
- MariaDB [glance]> select * from images;
- +--------------------------------------+--------+----------+--------+---------------------+---------------------+------------+---------+-------------+------------------+----------------------------------+----------------------------------+----------+---------+-----------+--------------+------------+-----------+--------------+----------------------------------------------------------------------------------------------------------------------------------+
- | id | name | size | status | created_at | updated_at | deleted_at | deleted | disk_format | container_format | checksum | owner | min_disk | min_ram | protected | virtual_size | visibility | os_hidden | os_hash_algo | os_hash_value |
- +--------------------------------------+--------+----------+--------+---------------------+---------------------+------------+---------+-------------+------------------+----------------------------------+----------------------------------+----------+---------+-----------+--------------+------------+-----------+--------------+----------------------------------------------------------------------------------------------------------------------------------+
- | 429decdd-9230-49c0-b735-70364c226eb5 | cirros | 12716032 | active | 2024-07-06 13:54:01 | 2024-07-06 13:54:02 | NULL | 0 | qcow2 | bare | 443b7623e27ecf03dc9e01ee93f67afe | ee65b6c3961747b988ab8bd1cc19fb93 | 0 | 0 | 0 | 46137344 | public | 0 | sha512 | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |
- +--------------------------------------+--------+----------+--------+---------------------+---------------------+------------+---------+-------------+------------------+----------------------------------+----------------------------------+----------+---------+-----------+--------------+------------+-----------+--------------+----------------------------------------------------------------------------------------------------------------------------------+
- 1 row in set (0.000 sec)
-
- MariaDB [glance]> select * from image_properties;
- Empty set (0.000 sec)
-
- MariaDB [glance]>
3.3 后端存储
本次安装为了简化操作,将镜像上传并存储在托管镜像服务的控制节点上的一个目录中。默认情况下,这个目录是/var/lib/glance/images/。
检查该目录:
- root@controller:~# ls -l /var/lib/glance/images/
- total 12420
- -rw-r----- 1 glance glance 12716032 Jul 6 13:54 429decdd-9230-49c0-b735-70364c226eb5
- root@controller:~#
-
- 文件名和glance DB的select * from images;中的id一致。
3.4 OpenStackClient操作(用户端操作)
用户端可以通过访问glance api,完成对后端存储、glance DB、keystoneDB的信息进行操作。
- ------keystone DB:
-
- ubcode@osclient ~(admin/amdin)$ openstack user list
- +----------------------------------+-----------+
- | ID | Name |
- +----------------------------------+-----------+
- | 2947c213547147979dce3c8f8b85697f | admin |
- | 9382b59561c04dd1abf0a4cb7a8252ec | myuser |
- | 981d061282aa43afba72df6ff637f41c | testuser1 |
- | b7849907a23b4604a3e3940f4034326b | glance |
- +----------------------------------+-----------+
- ubcode@osclient ~(admin/amdin)$ openstack service list
- +----------------------------------+----------+----------+
- | ID | Name | Type |
- +----------------------------------+----------+----------+
- | 75fe01049ec648b69e48d200971bf601 | keystone | identity |
- | d6a3dadf92e542289c5ebd37e3553cdd | glance | image |
- +----------------------------------+----------+----------+
- ubcode@osclient ~(admin/amdin)$ openstack endpoint list
- +----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
- | ID | Region | Service Name | Service Type | Enabled | Interface | URL |
- +----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
- | 56d1454571064cb3ad3c749d18fb57e6 | RegionOne | glance | image | True | admin | http://controller:9292 |
- | a82bd043e133464fa863fba98b400460 | RegionOne | keystone | identity | True | admin | http://controller:5000/v3/ |
- | ac109817862344c4854b783d642be412 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3/ |
- | ae98462c8f4346f3991d693232a108d3 | RegionOne | glance | image | True | internal | http://controller:9292 |
- | e047382ce61740bf9dc4219c97eff2f8 | RegionOne | glance | image | True | public | http://controller:9292 |
- | eaf4ddaab1b74aa59403f9fbf5fc4ac1 | RegionOne | keystone | identity | True | public | http://controller:5000/v3/ |
- +----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
- ubcode@osclient ~(admin/amdin)$
-
- ------glance DB:
-
- ubcode@osclient ~(admin/amdin)$ openstack image list
- +--------------------------------------+--------+--------+
- | ID | Name | Status |
- +--------------------------------------+--------+--------+
- | 429decdd-9230-49c0-b735-70364c226eb5 | cirros | active |
- +--------------------------------------+--------+--------+
- ubcode@osclient ~(admin/amdin)$ openstack image show cirros
- +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
- | Field | Value |
- +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
- | checksum | 443b7623e27ecf03dc9e01ee93f67afe |
- | container_format | bare |
- | created_at | 2024-07-06T13:54:01Z |
- | disk_format | qcow2 |
- | file | /v2/images/429decdd-9230-49c0-b735-70364c226eb5/file |
- | id | 429decdd-9230-49c0-b735-70364c226eb5 |
- | min_disk | 0 |
- | min_ram | 0 |
- | name | cirros |
- | owner | ee65b6c3961747b988ab8bd1cc19fb93 |
- | properties | os_hash_algo='sha512', os_hash_value='6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e2161b5b5186106570c17a9e58b64dd39390617cd5a350f78', os_hidden='False' |
- | protected | False |
- | schema | /v2/schemas/image |
- | size | 12716032 |
- | status | active |
- | tags | |
- | updated_at | 2024-07-06T13:54:02Z |
- | virtual_size | 46137344 |
- | visibility | public |
- +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
4、glance练习2——glanc独立安装
为了方便查看OpenStack各组件之间的交互情况,将glance服务独立安装。
4.1 网络拓扑
4.2 新增一台虚机image1
根据之前的介绍,新增一台虚机(4G内存/2CPU,可根据实际情况调整),用于安装glance。虚机hostname设置为image1,配置ip地址为10.0.20.16/24。
该虚机信息如下:
- ------网络配置:
-
- ubcode@image1:~$ cat /etc/netplan/00-installer-config.yaml
- cat: /etc/netplan/00-installer-config.yaml: Permission denied
- ubcode@image1:~$ sudo cat /etc/netplan/00-installer-config.yaml
- [sudo] password for ubcode:
- # This is the network config written by 'subiquity'
- network:
- ethernets:
- ens32:
- addresses:
- - 10.0.20.16/24
- nameservers:
- addresses:
- - 10.0.20.2
- search: []
- routes:
- - to: default
- via: 10.0.20.2
- version: 2
-
- ------hosts文件:
-
- ubcode@image1:~$ cat /etc/hosts
- 127.0.0.1 localhost
- # 127.0.1.1 image1
-
- # The following lines are desirable for IPv6 capable hosts
- ::1 ip6-localhost ip6-loopback
- fe00::0 ip6-localnet
- ff00::0 ip6-mcastprefix
- ff02::1 ip6-allnodes
- ff02::2 ip6-allrouters
-
-
- 10.0.20.11 controller
- 10.0.20.12 compute1
- 10.0.20.16 image1
-
- ------NTP配置:
-
- ubcode@image1:~$ cat /etc/chrony/chrony.conf
- ...
- # pool ntp.ubuntu.com iburst maxsources 4
- # pool 0.ubuntu.pool.ntp.org iburst maxsources 1
- # pool 1.ubuntu.pool.ntp.org iburst maxsources 1
- # pool 2.ubuntu.pool.ntp.org iburst maxsources 2
-
- server controller iburst
controller(10.0.20.11)虚机和osclient(10.0.20.100)虚机hosts文件增加image1信息:
- root@controller:~# cat /etc/hosts
- 127.0.0.1 localhost
- # 127.0.1.1 os-1
-
- # The following lines are desirable for IPv6 capable hosts
- ::1 ip6-localhost ip6-loopback
- fe00::0 ip6-localnet
- ff00::0 ip6-mcastprefix
- ff02::1 ip6-allnodes
- ff02::2 ip6-allrouters
-
- 10.0.20.11 controller
- 10.0.20.12 compute1
-
- 10.0.20.16 image1 <---新增
4.3 controller node虚机恢复快照
快照转到“keyston安装完成”:
(快照名称后来修改过)
4.4 Install and configure (Ubuntu)
4.4.1 controller node(hostname: controller)
1、创建glance DB
- root@controller:~# mysql
- Welcome to the MariaDB monitor. Commands end with ; or \g.
- Your MariaDB connection id is 31
- Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
-
- Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
-
- Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
-
- MariaDB [(none)]> show databases;
- +--------------------+
- | Database |
- +--------------------+
- | information_schema |
- | keystone |
- | mysql |
- | performance_schema |
- | sys |
- +--------------------+
- 5 rows in set (0.002 sec)
-
- MariaDB [(none)]> CREATE DATABASE glance;
- Query OK, 1 row affected (0.001 sec)
-
- MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
- -> IDENTIFIED BY 'openstack';
- Query OK, 0 rows affected (0.001 sec)
-
- MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
- -> IDENTIFIED BY 'openstack';
- Query OK, 0 rows affected (0.001 sec)
-
- MariaDB [(none)]>
- MariaDB [(none)]> quit
- Bye
- root@controller:~#
4.4.2 OpenStackClient(hostname: osclient)
在OpenStackClient(10.0.20.100),创建glance user、“glance” image service以及endpoint,注意endpoint指向了image node 1 (hostname: image1)。
- ubcode@osclient:~$ . admin-openrc
- ubcode@osclient ~(admin/amdin)$ openstack user create --domain default --password-prompt glance
- User Password:
- Repeat User Password:
- +---------------------+----------------------------------+
- | Field | Value |
- +---------------------+----------------------------------+
- | domain_id | default |
- | enabled | True |
- | id | 2eb252b5fc2743e995141d9529569e2d |
- | name | glance |
- | options | {} |
- | password_expires_at | None |
- +---------------------+----------------------------------+
- ubcode@osclient ~(admin/amdin)$ openstack role add --project service --user glance admin
- ubcode@osclient ~(admin/amdin)$ openstack service create --name glance \
- > --description "OpenStack Image" image
- +-------------+----------------------------------+
- | Field | Value |
- +-------------+----------------------------------+
- | description | OpenStack Image |
- | enabled | True |
- | id | f378aa833518466c9ce2c9ef85e82ace |
- | name | glance |
- | type | image |
- +-------------+----------------------------------+
- ubcode@osclient ~(admin/amdin)$ openstack endpoint create --region RegionOne \
- > image public http://image1:9292
- +--------------+----------------------------------+
- | Field | Value |
- +--------------+----------------------------------+
- | enabled | True |
- | id | c37250b6bd2d471f92427483d31fd5c7 |
- | interface | public |
- | region | RegionOne |
- | region_id | RegionOne |
- | service_id | f378aa833518466c9ce2c9ef85e82ace |
- | service_name | glance |
- | service_type | image |
- | url | http://image1:9292 |
- +--------------+----------------------------------+
- ubcode@osclient ~(admin/amdin)$ openstack endpoint create --region RegionOne \
- > image internal http://image1:9292
- +--------------+----------------------------------+
- | Field | Value |
- +--------------+----------------------------------+
- | enabled | True |
- | id | 7d17e6182d8640a7a6637f4f460a5c08 |
- | interface | internal |
- | region | RegionOne |
- | region_id | RegionOne |
- | service_id | f378aa833518466c9ce2c9ef85e82ace |
- | service_name | glance |
- | service_type | image |
- | url | http://image1:9292 |
- +--------------+----------------------------------+
- ubcode@osclient ~(admin/amdin)$ openstack endpoint create --region RegionOne \
- > image admin http://image1:9292
- +--------------+----------------------------------+
- | Field | Value |
- +--------------+----------------------------------+
- | enabled | True |
- | id | f210d94217e54d2781192170bdf26877 |
- | interface | admin |
- | region | RegionOne |
- | region_id | RegionOne |
- | service_id | f378aa833518466c9ce2c9ef85e82ace |
- | service_name | glance |
- | service_type | image |
- | url | http://image1:9292 |
- +--------------+----------------------------------+
4.4.3 image node 1(hostname: image1)
1、安装glance软件包
ubcode@image1:~$ apt install glance2、配置glance-api.conf
- ubcode@image1:~$ sudo vi /etc/glance/glance-api.conf
-
- [database]
- # connection = sqlite:var/lib/glance/glance.sqlite
- connection = mysql+pymysql://glance:openstack@controller/glance
- backend = sqlalchemy
-
- [keystone_authtoken]
- www_authenticate_uri = http://controller:5000
- auth_url = http://controller:5000
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = Default
- user_domain_name = Default
- project_name = service
- username = glance
- password = openstack
-
- [paste_deploy]
- flavor = keystone
-
- [glance_store]
- stores = file,http
- default_store = file
- filesystem_store_datadir = /var/lib/glance/images/
3、初始化glance数据库,重启glance-api
- ubcode@image1:~$ sudo passwd root
- New password:
- Retype new password:
- passwd: password updated successfully
- ubcode@image1:~$ su
- Password:
- root@image1:/home/ubcode# su -s /bin/sh -c "glance-manage db_sync" glance
- 2024-07-07 08:18:13.472 6118 INFO alembic.runtime.migration [-] Context impl MySQLImpl.
- 2024-07-07 08:18:13.472 6118 INFO alembic.runtime.migration [-] Will assume non-transactional DDL.
- 2024-07-07 08:18:13.482 6118 INFO alembic.runtime.migration [-] Context impl MySQLImpl.
- 2024-07-07 08:18:13.482 6118 INFO alembic.runtime.migration [-] Will assume non-transactional DDL.
- INFO [alembic.runtime.migration] Context impl MySQLImpl.
- INFO [alembic.runtime.migration] Will assume non-transactional DDL.
- INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
- INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
- INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
- INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
- INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
- INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
- INFO [alembic.runtime.migration] Running upgrade queens_expand01 -> rocky_expand01, add os_hidden column to images table
- INFO [alembic.runtime.migration] Running upgrade rocky_expand01 -> rocky_expand02, add os_hash_algo and os_hash_value columns to images table
- INFO [alembic.runtime.migration] Running upgrade rocky_expand02 -> train_expand01, empty expand for symmetry with train_contract01
- INFO [alembic.runtime.migration] Running upgrade train_expand01 -> ussuri_expand01, empty expand for symmetry with ussuri_expand01
- INFO [alembic.runtime.migration] Running upgrade ussuri_expand01 -> wallaby_expand01, add image_id, request_id, user columns to tasks table"
- INFO [alembic.runtime.migration] Context impl MySQLImpl.
- INFO [alembic.runtime.migration] Will assume non-transactional DDL.
- Upgraded database to: wallaby_expand01, current revision(s): wallaby_expand01
- INFO [alembic.runtime.migration] Context impl MySQLImpl.
- INFO [alembic.runtime.migration] Will assume non-transactional DDL.
- INFO [alembic.runtime.migration] Context impl MySQLImpl.
- INFO [alembic.runtime.migration] Will assume non-transactional DDL.
- Database migration is up to date. No migration needed.
- INFO [alembic.runtime.migration] Context impl MySQLImpl.
- INFO [alembic.runtime.migration] Will assume non-transactional DDL.
- INFO [alembic.runtime.migration] Context impl MySQLImpl.
- INFO [alembic.runtime.migration] Will assume non-transactional DDL.
- INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
- INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
- INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
- INFO [alembic.runtime.migration] Running upgrade queens_contract01 -> rocky_contract01
- INFO [alembic.runtime.migration] Running upgrade rocky_contract01 -> rocky_contract02
- INFO [alembic.runtime.migration] Running upgrade rocky_contract02 -> train_contract01
- INFO [alembic.runtime.migration] Running upgrade train_contract01 -> ussuri_contract01
- INFO [alembic.runtime.migration] Running upgrade ussuri_contract01 -> wallaby_contract01
- INFO [alembic.runtime.migration] Context impl MySQLImpl.
- INFO [alembic.runtime.migration] Will assume non-transactional DDL.
- Upgraded database to: wallaby_contract01, current revision(s): wallaby_contract01
- INFO [alembic.runtime.migration] Context impl MySQLImpl.
- INFO [alembic.runtime.migration] Will assume non-transactional DDL.
- Database is synced successfully.
- root@image1:/home/ubcode#
- root@image1:/home/ubcode# service glance-api restart
- ubcode@image1:~$ glance-manage --version
- 24.2.1
4.4.4 image node 1(Verify operation)
- ubcode@image1:~$ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
- ubcode@image1:~$ sudo vi admin-openrc
- ubcode@image1:~$ cat admin-openrc
- export OS_PROJECT_DOMAIN_NAME=Default
- export OS_USER_DOMAIN_NAME=Default
- export OS_PROJECT_NAME=admin
- export OS_USERNAME=admin
- export OS_PASSWORD=openstack
- export OS_AUTH_URL=http://controller:5000/v3
- export OS_IDENTITY_API_VERSION=3
- export OS_IMAGE_API_VERSION=2
- export PS1='\u@\h \W(admin/amdin)\$ '
- ubcode@image1:~$
- ubcode@image1 ~(admin/amdin)$ ls
- admin-openrc cirros-0.4.0-x86_64-disk.img
- ubcode@image1 ~(admin/amdin)$ glance image-create --name "cirros" \
- > --file cirros-0.4.0-x86_64-disk.img \
- > --disk-format qcow2 --container-format bare \
- > --visibility=public
- +------------------+----------------------------------------------------------------------------------+
- | Property | Value |
- +------------------+----------------------------------------------------------------------------------+
- | checksum | 443b7623e27ecf03dc9e01ee93f67afe |
- | container_format | bare |
- | created_at | 2024-07-07T08:26:02Z |
- | disk_format | qcow2 |
- | id | 9f0e6328-3e96-41e1-b282-d577b6749a09 |
- | min_disk | 0 |
- | min_ram | 0 |
- | name | cirros |
- | os_hash_algo | sha512 |
- | os_hash_value | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e |
- | | 2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |
- | os_hidden | False |
- | owner | ee65b6c3961747b988ab8bd1cc19fb93 |
- | protected | False |
- | size | 12716032 |
- | status | active |
- | tags | [] |
- | updated_at | 2024-07-07T08:26:02Z |
- | virtual_size | 46137344 |
- | visibility | public |
- +------------------+----------------------------------------------------------------------------------+
- ubcode@image1 ~(admin/amdin)$ glance image-list
- +--------------------------------------+--------+
- | ID | Name |
- +--------------------------------------+--------+
- | 9f0e6328-3e96-41e1-b282-d577b6749a09 | cirros |
- +--------------------------------------+--------+
- ubcode@image1 ~(admin/amdin)$ openstack image list
- +--------------------------------------+--------+--------+
- | ID | Name | Status |
- +--------------------------------------+--------+--------+
- | 9f0e6328-3e96-41e1-b282-d577b6749a09 | cirros | active |
- +--------------------------------------+--------+--------+
-
- root@image1:/var/lib/glance/images# ls
- 9f0e6328-3e96-41e1-b282-d577b6749a09
4.5 Wireshark抓包
4.5.1 抓包目的
查看OpenStack各组件之间的交互情况。
4.5.2 抓包方式
1、在win11上运行wireshark,抓取VMware Network Adapter VMnet8的流量:
2、在osclient上,执行:openstack image list
- ubcode@osclient:~$ . admin-openrc
- ubcode@osclient ~(admin/amdin)$ openstack image list
- +--------------------------------------+--------+--------+
- | ID | Name | Status |
- +--------------------------------------+--------+--------+
- | 9f0e6328-3e96-41e1-b282-d577b6749a09 | cirros | active |
- +--------------------------------------+--------+--------+
- ubcode@osclient ~(admin/amdin)$
3、停止抓包,进行分析
4.6 Wireshark抓包分析
4.6.1 抓包结果
过滤无关数据包,filter: http or tcp.port -- 11211 or tcp.port ==3306
抓包显示了OpenStackClient、keystone、glance、glance DB之间的交互情况。
- OpenStackClient --> keystone,认证user admin身份,取得user admin的token。
- OpenStackClient --> glance,请求image list
- glance --> MEMCACHE,验证user admin的token
- glance --> keystone,认证uer glance身份,取得user glance的token
- glance --> MEMCACHE,存储admin token
- glance --> Marria DB,MySQL/login,查询glance DB,取得image元数据
- glance --> OpenStackClient,返回查询结果
4.6.2 抓包的流量图
4.6.3 典型数据包
1/ user admin认证
OpenStackClient--->keystone,认证admin user scope to project admin:
- Frame 262: 284 bytes on wire (2272 bits), 284 bytes captured (2272 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: VMware_ff:20:81 (00:0c:29:ff:20:81), Dst: controller (00:0c:29:a8:e0:3c)
- Internet Protocol Version 4, Src: 10.0.20.100 (10.0.20.100), Dst: controller (10.0.20.11)
- Transmission Control Protocol, Src Port: 57938, Dst Port: 5000, Seq: 501, Ack: 534, Len: 218
- [2 Reassembled TCP Segments (501 bytes): #261(283), #262(218)]
- Hypertext Transfer Protocol
- POST /v3/auth/tokens HTTP/1.1\r\n
- Host: controller:5000\r\n
- User-Agent: openstacksdk/0.61.0 keystoneauth1/4.4.0 python-requests/2.25.1 CPython/3.10.12\r\n
- Accept-Encoding: gzip, deflate\r\n
- Accept: application/json\r\n
- Connection: keep-alive\r\n
- Content-Type: application/json\r\n
- Content-Length: 218\r\n
- \r\n
- [Full request URI: http://controller:5000/v3/auth/tokens]
- [HTTP request 2/2]
- [Prev request in frame: 257]
- [Response in frame: 266]
- File Data: 218 bytes
- JavaScript Object Notation: application/json
- JSON raw form:
- {
- "auth": {
- "identity": {
- "methods": [
- "password"
- ],
- "password": {
- "user": {
- "password": "openstack",
- "name": "admin",
- "domain": {
- "name": "Default"
- }
- }
- }
- },
- "scope": {
- "project": {
- "name": "admin",
- "domain": {
- "name": "Default"
- }
- }
- }
- }
- }
- Object
认证成功,取得token(X-Subject-Token)
- Frame 266: 858 bytes on wire (6864 bits), 858 bytes captured (6864 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: controller (00:0c:29:a8:e0:3c), Dst: VMware_ff:20:81 (00:0c:29:ff:20:81)
- Internet Protocol Version 4, Src: controller (10.0.20.11), Dst: 10.0.20.100 (10.0.20.100)
- Transmission Control Protocol, Src Port: 5000, Dst Port: 57938, Seq: 1982, Ack: 719, Len: 792
- [2 Reassembled TCP Segments (2240 bytes): #265(1448), #266(792)]
- Hypertext Transfer Protocol
- HTTP/1.1 201 CREATED\r\n
- Date: Thu, 11 Jul 2024 21:58:26 GMT\r\n
- Server: Apache/2.4.52 (Ubuntu)\r\n
- Content-Length: 1750\r\n
- X-Subject-Token: gAAAAABmkFWFJBbsCv5MsBqeIGj9Fc426FeFSZTyQsjlgM4lC6I6crQcE3x-ygbUSoDUoMzjTh06W5STx4YChIbkhHCe_5OuuKOx8ZAp1pxs9M_yMLD6PtuYK7TDPwlPNfjdHOKWNvrA6BHc3Xg-mjdvnsi_Z2tKdw_A3AQUYN3uAub3zaxK418\r\n
- Vary: X-Auth-Token\r\n
- x-openstack-request-id: req-d1c97182-1225-48de-a8cd-b657907a6d50\r\n
- Keep-Alive: timeout=5, max=99\r\n
- Connection: Keep-Alive\r\n
- Content-Type: application/json\r\n
- \r\n
- [HTTP response 2/2]
- [Time since request: 3.077388000 seconds]
- [Prev request in frame: 257]
- [Prev response in frame: 259]
- [Request in frame: 262]
- [Request URI: http://controller:5000/v3/auth/tokens]
- File Data: 1750 bytes
- JavaScript Object Notation: application/json
- JSON raw form:
- {
- "token": {
- "methods": [
- "password"
- ],
- "user": {
- "domain": {
- "id": "default",
- "name": "Default"
- },
- "id": "2947c213547147979dce3c8f8b85697f",
- "name": "admin",
- "password_expires_at": null
- },
- "audit_ids": [
- "-gVm2yInSBWpjE6RI9Q78A"
- ],
- "expires_at": "2024-07-11T22:58:29.000000Z",
- "issued_at": "2024-07-11T21:58:29.000000Z",
- "project": {
- "domain": {
- "id": "default",
- "name": "Default"
- },
- "id": "ee65b6c3961747b988ab8bd1cc19fb93",
- "name": "admin"
- },
- "is_domain": false,
- "roles": [
- {
- "id": "17552c9a365d4944a50fd8ac271791c6",
- "name": "member"
- },
- {
- "id": "e434c66b7af647158bcaa77686ca6e93",
- "name": "admin"
- },
- {
- "id": "be23525c20c44f05b3ba071455522fcb",
- "name": "reader"
- }
- ],
- "catalog": [
- {
- "endpoints": [
- {
- "id": "7d17e6182d8640a7a6637f4f460a5c08",
- "interface": "internal",
- "region_id": "RegionOne",
- "url": "http://image1:9292",
- "region": "RegionOne"
- },
- {
- "id": "c37250b6bd2d471f92427483d31fd5c7",
- "interface": "public",
- "region_id": "RegionOne",
- "url": "http://image1:9292",
- "region": "RegionOne"
- },
- {
- "id": "f210d94217e54d2781192170bdf26877",
- "interface": "admin",
- "region_id": "RegionOne",
- "url": "http://image1:9292",
- "region": "RegionOne"
- }
- ],
- "id": "f378aa833518466c9ce2c9ef85e82ace",
- "type": "image",
- "name": "glance"
- },
- {
- "endpoints": [
- {
- "id": "a82bd043e133464fa863fba98b400460",
- "interface": "admin",
- "region_id": "RegionOne",
- "url": "http://controller:5000/v3/",
- "region": "RegionOne"
- },
- {
- "id": "ac109817862344c4854b783d642be412",
- "interface": "internal",
- "region_id": "RegionOne",
- "url": "http://controller:5000/v3/",
- "region": "RegionOne"
- },
- {
- "id": "eaf4ddaab1b74aa59403f9fbf5fc4ac1",
- "interface": "public",
- "region_id": "RegionOne",
- "url": "http://controller:5000/v3/",
- "region": "RegionOne"
- }
- ],
- "id": "75fe01049ec648b69e48d200971bf601",
- "type": "identity",
- "name": "keystone"
- }
- ]
- }
- }
- Object
2/ 查询image list
OpenStackClient ---> glance,查询image list,注意携带了之前获得的token(X-Auth-Token):
- Frame 277: 485 bytes on wire (3880 bits), 485 bytes captured (3880 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: VMware_ff:20:81 (00:0c:29:ff:20:81), Dst: image1 (00:0c:29:cc:19:7d)
- Internet Protocol Version 4, Src: 10.0.20.100 (10.0.20.100), Dst: image1 (10.0.20.16)
- Transmission Control Protocol, Src Port: 32788, Dst Port: 9292, Seq: 212, Ack: 1172, Len: 419
- Hypertext Transfer Protocol
- GET /v2/images HTTP/1.1\r\n
- [Expert Info (Chat/Sequence): GET /v2/images HTTP/1.1\r\n]
- Request Method: GET
- Request URI: /v2/images
- Request Version: HTTP/1.1
- Host: image1:9292\r\n
- User-Agent: openstacksdk/0.61.0 keystoneauth1/4.4.0 python-requests/2.25.1 CPython/3.10.12\r\n
- Accept-Encoding: gzip, deflate\r\n
- Accept: application/json\r\n
- Connection: keep-alive\r\n
- X-Auth-Token: gAAAAABmkFWFJBbsCv5MsBqeIGj9Fc426FeFSZTyQsjlgM4lC6I6crQcE3x-ygbUSoDUoMzjTh06W5STx4YChIbkhHCe_5OuuKOx8ZAp1pxs9M_yMLD6PtuYK7TDPwlPNfjdHOKWNvrA6BHc3Xg-mjdvnsi_Z2tKdw_A3AQUYN3uAub3zaxK418\r\n
- \r\n
- [Full request URI: http://image1:9292/v2/images]
- [HTTP request 2/2]
- [Prev request in frame: 273]
- [Response in frame: 362]
3/ MEMCACHE验证token
glance ---> MEMCACHE,验证token:
- Frame 281: 143 bytes on wire (1144 bits), 143 bytes captured (1144 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: image1 (00:0c:29:cc:19:7d), Dst: controller (00:0c:29:a8:e0:3c)
- Internet Protocol Version 4, Src: image1 (10.0.20.16), Dst: controller (10.0.20.11)
- Transmission Control Protocol, Src Port: 59524, Dst Port: 11211, Seq: 1, Ack: 1, Len: 77
- Memcache Protocol
- Command: get
- Key: tokens/773e2dee2fb1030e539ea2f4cbee331eb398d4f8145ca001c733c4b3f63ca862
MEMCACHE---> glance,MEMCACHE回复验证请求:
- Frame 282: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: controller (00:0c:29:a8:e0:3c), Dst: image1 (00:0c:29:cc:19:7d)
- Internet Protocol Version 4, Src: controller (10.0.20.11), Dst: image1 (10.0.20.16)
- Transmission Control Protocol, Src Port: 11211, Dst Port: 59524, Seq: 1, Ack: 78, Len: 0
- Source Port: 11211
- Destination Port: 59524
- [Stream index: 3]
- [Conversation completeness: Incomplete, DATA (15)]
- [TCP Segment Len: 0]
- Sequence Number: 1 (relative sequence number)
- Sequence Number (raw): 981702265
- [Next Sequence Number: 1 (relative sequence number)]
- Acknowledgment Number: 78 (relative ack number)
- Acknowledgment number (raw): 2808812894
- 1000 .... = Header Length: 32 bytes (8)
- Flags: 0x010 (ACK)
- Window: 509
- [Calculated window size: 65152]
- [Window size scaling factor: 128]
- Checksum: 0x13d8 [unverified]
- [Checksum Status: Unverified]
- Urgent Pointer: 0
- Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
- TCP Option - No-Operation (NOP)
- TCP Option - No-Operation (NOP)
- TCP Option - Timestamps: TSval 2111276189, TSecr 3515395769
- [Timestamps]
- [Time since first frame in this TCP stream: 0.000488000 seconds]
- [Time since previous frame in this TCP stream: 0.000127000 seconds]
- [SEQ/ACK analysis]
- [This is an ACK to the segment in frame: 281] <-------回复验证请求
- [The RTT to ACK the segment was: 0.000127000 seconds]
- [iRTT: 0.000232000 seconds]
4/ user glance认证
glance ---> keystone,user glance scope to project service,认证身份:
- Frame 294: 287 bytes on wire (2296 bits), 287 bytes captured (2296 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: image1 (00:0c:29:cc:19:7d), Dst: controller (00:0c:29:a8:e0:3c)
- Internet Protocol Version 4, Src: image1 (10.0.20.16), Dst: controller (10.0.20.11)
- Transmission Control Protocol, Src Port: 35368, Dst Port: 5000, Seq: 559, Ack: 601, Len: 221
- [2 Reassembled TCP Segments (534 bytes): #293(313), #294(221)]
- Hypertext Transfer Protocol
- POST /v3/auth/tokens HTTP/1.1\r\n
- [Expert Info (Chat/Sequence): POST /v3/auth/tokens HTTP/1.1\r\n]
- Request Method: POST
- Request URI: /v3/auth/tokens
- Request Version: HTTP/1.1
- Host: controller:5000\r\n
- User-Agent: glance/24.2.1 keystonemiddleware.auth_token/9.4.0 keystoneauth1/4.4.0 python-requests/2.25.1 CPython/3.10.12\r\n
- Accept-Encoding: gzip, deflate\r\n
- Accept: application/json\r\n
- Connection: keep-alive\r\n
- Content-Type: application/json\r\n
- Content-Length: 221\r\n
- \r\n
- [Full request URI: http://controller:5000/v3/auth/tokens]
- [HTTP request 2/3]
- [Prev request in frame: 288]
- [Response in frame: 304]
- [Next request in frame: 306]
- File Data: 221 bytes
- JavaScript Object Notation: application/json
- JSON raw form:
- {
- "auth": {
- "identity": {
- "methods": [
- "password"
- ],
- "password": {
- "user": {
- "password": "openstack",
- "name": "glance",
- "domain": {
- "name": "Default"
- }
- }
- }
- },
- "scope": {
- "project": {
- "name": "service",
- "domain": {
- "name": "Default"
- }
- }
- }
- }
- }
- Object
keystone ---> glance,认证成功,发放glance的token(X-Subject-Token):
- Frame 304: 861 bytes on wire (6888 bits), 861 bytes captured (6888 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: controller (00:0c:29:a8:e0:3c), Dst: image1 (00:0c:29:cc:19:7d)
- Internet Protocol Version 4, Src: controller (10.0.20.11), Dst: image1 (10.0.20.16)
- Transmission Control Protocol, Src Port: 5000, Dst Port: 35368, Seq: 2049, Ack: 780, Len: 795
- [2 Reassembled TCP Segments (2243 bytes): #303(1448), #304(795)]
- Hypertext Transfer Protocol
- HTTP/1.1 201 CREATED\r\n
- [Expert Info (Chat/Sequence): HTTP/1.1 201 CREATED\r\n]
- Response Version: HTTP/1.1
- Status Code: 201
- [Status Code Description: Created]
- Response Phrase: CREATED
- Date: Thu, 11 Jul 2024 21:58:32 GMT\r\n
- Server: Apache/2.4.52 (Ubuntu)\r\n
- Content-Length: 1753\r\n
- X-Subject-Token: gAAAAABmkFWLEgmaDAIh3GTU4gl2BQm2dgjcP7vCi7j6Z3h3rrjAL_c37havjhwmUxFXoxsZdKDWpzMuxjcL7UGBmoZeRHPxsnYeETpA_qz3OYhhZBV5LZM0gbZey_dCmWCJnI8dWyIXA3Iyd9wLxKX6vIYLYD9TZkTyNUuHsasmVrluTNp9i6s\r\n
- Vary: X-Auth-Token\r\n
- x-openstack-request-id: req-da6fa8c4-ce65-4dbe-b10b-f997d0858666\r\n
- Keep-Alive: timeout=5, max=99\r\n
- Connection: Keep-Alive\r\n
- Content-Type: application/json\r\n
- \r\n
- [HTTP response 2/3]
- [Time since request: 3.104488000 seconds]
- [Prev request in frame: 288]
- [Prev response in frame: 291]
- [Request in frame: 294]
- [Next request in frame: 306]
- [Next response in frame: 309]
- [Request URI: http://controller:5000/v3/auth/tokens]
- File Data: 1753 bytes
- JavaScript Object Notation: application/json
- JSON raw form:
- {
- "token": {
- "methods": [
- "password"
- ],
- "user": {
- "domain": {
- "id": "default",
- "name": "Default"
- },
- "id": "2eb252b5fc2743e995141d9529569e2d",
- "name": "glance",
- "password_expires_at": null
- },
- "audit_ids": [
- "JX1DnLlpRlS_8qqim-V36w"
- ],
- "expires_at": "2024-07-11T22:58:35.000000Z",
- "issued_at": "2024-07-11T21:58:35.000000Z",
- "project": {
- "domain": {
- "id": "default",
- "name": "Default"
- },
- "id": "fe9220b4131041e4b551b42b64a8f9ca",
- "name": "service"
- },
- "is_domain": false,
- "roles": [
- {
- "id": "17552c9a365d4944a50fd8ac271791c6",
- "name": "member"
- },
- {
- "id": "e434c66b7af647158bcaa77686ca6e93",
- "name": "admin"
- },
- {
- "id": "be23525c20c44f05b3ba071455522fcb",
- "name": "reader"
- }
- ],
- "catalog": [
- {
- "endpoints": [
- {
- "id": "7d17e6182d8640a7a6637f4f460a5c08",
- "interface": "internal",
- "region_id": "RegionOne",
- "url": "http://image1:9292",
- "region": "RegionOne"
- },
- {
- "id": "c37250b6bd2d471f92427483d31fd5c7",
- "interface": "public",
- "region_id": "RegionOne",
- "url": "http://image1:9292",
- "region": "RegionOne"
- },
- {
- "id": "f210d94217e54d2781192170bdf26877",
- "interface": "admin",
- "region_id": "RegionOne",
- "url": "http://image1:9292",
- "region": "RegionOne"
- }
- ],
- "id": "f378aa833518466c9ce2c9ef85e82ace",
- "type": "image",
- "name": "glance"
- },
- {
- "endpoints": [
- {
- "id": "a82bd043e133464fa863fba98b400460",
- "interface": "admin",
- "region_id": "RegionOne",
- "url": "http://controller:5000/v3/",
- "region": "RegionOne"
- },
- {
- "id": "ac109817862344c4854b783d642be412",
- "interface": "internal",
- "region_id": "RegionOne",
- "url": "http://controller:5000/v3/",
- "region": "RegionOne"
- },
- {
- "id": "eaf4ddaab1b74aa59403f9fbf5fc4ac1",
- "interface": "public",
- "region_id": "RegionOne",
- "url": "http://controller:5000/v3/",
- "region": "RegionOne"
- }
- ],
- "id": "75fe01049ec648b69e48d200971bf601",
- "type": "identity",
- "name": "keystone"
- }
- ]
- }
- }
- Object
5/ glance验证admin的token
glance ---> keystone,glance认证自己的身份获得token(X-Auth-Token)后,继续验证admin user scope to project admin的token(X-Subject-Token):
- Frame 306: 675 bytes on wire (5400 bits), 675 bytes captured (5400 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: image1 (00:0c:29:cc:19:7d), Dst: controller (00:0c:29:a8:e0:3c)
- Internet Protocol Version 4, Src: image1 (10.0.20.16), Dst: controller (10.0.20.11)
- Transmission Control Protocol, Src Port: 35368, Dst Port: 5000, Seq: 780, Ack: 2844, Len: 609
- Hypertext Transfer Protocol
- GET /v3/auth/tokens HTTP/1.1\r\n
- [Expert Info (Chat/Sequence): GET /v3/auth/tokens HTTP/1.1\r\n]
- Request Method: GET
- Request URI: /v3/auth/tokens
- Request Version: HTTP/1.1
- Host: controller:5000\r\n
- User-Agent: python-keystoneclient\r\n
- Accept-Encoding: gzip, deflate\r\n
- Accept: application/json\r\n
- Connection: keep-alive\r\n
- X-Subject-Token: gAAAAABmkFWFJBbsCv5MsBqeIGj9Fc426FeFSZTyQsjlgM4lC6I6crQcE3x-ygbUSoDUoMzjTh06W5STx4YChIbkhHCe_5OuuKOx8ZAp1pxs9M_yMLD6PtuYK7TDPwlPNfjdHOKWNvrA6BHc3Xg-mjdvnsi_Z2tKdw_A3AQUYN3uAub3zaxK418\r\n
- OpenStack-Identity-Access-Rules: 1\r\n
- X-Auth-Token: gAAAAABmkFWLEgmaDAIh3GTU4gl2BQm2dgjcP7vCi7j6Z3h3rrjAL_c37havjhwmUxFXoxsZdKDWpzMuxjcL7UGBmoZeRHPxsnYeETpA_qz3OYhhZBV5LZM0gbZey_dCmWCJnI8dWyIXA3Iyd9wLxKX6vIYLYD9TZkTyNUuHsasmVrluTNp9i6s\r\n
- \r\n
- [Full request URI: http://controller:5000/v3/auth/tokens]
- [HTTP request 3/3]
- [Prev request in frame: 294]
- [Response in frame: 309]
keystone ---> glance,告知user admin scope to project admin的token没问题,并返回相关的服务目录和endpoint:
- Frame 309: 853 bytes on wire (6824 bits), 853 bytes captured (6824 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: controller (00:0c:29:a8:e0:3c), Dst: image1 (00:0c:29:cc:19:7d)
- Internet Protocol Version 4, Src: controller (10.0.20.11), Dst: image1 (10.0.20.16)
- Transmission Control Protocol, Src Port: 5000, Dst Port: 35368, Seq: 4292, Ack: 1389, Len: 787
- [2 Reassembled TCP Segments (2235 bytes): #308(1448), #309(787)]
- Hypertext Transfer Protocol
- HTTP/1.1 200 OK\r\n
- [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
- Response Version: HTTP/1.1
- Status Code: 200
- [Status Code Description: OK]
- Response Phrase: OK
- Date: Thu, 11 Jul 2024 21:58:35 GMT\r\n
- Server: Apache/2.4.52 (Ubuntu)\r\n
- Content-Length: 1750\r\n
- X-Subject-Token: gAAAAABmkFWFJBbsCv5MsBqeIGj9Fc426FeFSZTyQsjlgM4lC6I6crQcE3x-ygbUSoDUoMzjTh06W5STx4YChIbkhHCe_5OuuKOx8ZAp1pxs9M_yMLD6PtuYK7TDPwlPNfjdHOKWNvrA6BHc3Xg-mjdvnsi_Z2tKdw_A3AQUYN3uAub3zaxK418\r\n
- Vary: X-Auth-Token\r\n
- x-openstack-request-id: req-1e89695f-0ef0-4703-88b5-0396bc0ea1c9\r\n
- Keep-Alive: timeout=5, max=98\r\n
- Connection: Keep-Alive\r\n
- Content-Type: application/json\r\n
- \r\n
- [HTTP response 3/3]
- [Time since request: 2.943232000 seconds]
- [Prev request in frame: 294]
- [Prev response in frame: 304]
- [Request in frame: 306]
- [Request URI: http://controller:5000/v3/auth/tokens]
- File Data: 1750 bytes
- JavaScript Object Notation: application/json
- JSON raw form:
- {
- "token": {
- "methods": [
- "password"
- ],
- "user": {
- "domain": {
- "id": "default",
- "name": "Default"
- },
- "id": "2947c213547147979dce3c8f8b85697f",
- "name": "admin",
- "password_expires_at": null
- },
- "audit_ids": [
- "-gVm2yInSBWpjE6RI9Q78A"
- ],
- "expires_at": "2024-07-11T22:58:29.000000Z",
- "issued_at": "2024-07-11T21:58:29.000000Z",
- "project": {
- "domain": {
- "id": "default",
- "name": "Default"
- },
- "id": "ee65b6c3961747b988ab8bd1cc19fb93",
- "name": "admin"
- },
- "is_domain": false,
- "roles": [
- {
- "id": "17552c9a365d4944a50fd8ac271791c6",
- "name": "member"
- },
- {
- "id": "e434c66b7af647158bcaa77686ca6e93",
- "name": "admin"
- },
- {
- "id": "be23525c20c44f05b3ba071455522fcb",
- "name": "reader"
- }
- ],
- "catalog": [
- {
- "endpoints": [
- {
- "id": "7d17e6182d8640a7a6637f4f460a5c08",
- "interface": "internal",
- "region_id": "RegionOne",
- "url": "http://image1:9292",
- "region": "RegionOne"
- },
- {
- "id": "c37250b6bd2d471f92427483d31fd5c7",
- "interface": "public",
- "region_id": "RegionOne",
- "url": "http://image1:9292",
- "region": "RegionOne"
- },
- {
- "id": "f210d94217e54d2781192170bdf26877",
- "interface": "admin",
- "region_id": "RegionOne",
- "url": "http://image1:9292",
- "region": "RegionOne"
- }
- ],
- "id": "f378aa833518466c9ce2c9ef85e82ace",
- "type": "image",
- "name": "glance"
- },
- {
- "endpoints": [
- {
- "id": "a82bd043e133464fa863fba98b400460",
- "interface": "admin",
- "region_id": "RegionOne",
- "url": "http://controller:5000/v3/",
- "region": "RegionOne"
- },
- {
- "id": "ac109817862344c4854b783d642be412",
- "interface": "internal",
- "region_id": "RegionOne",
- "url": "http://controller:5000/v3/",
- "region": "RegionOne"
- },
- {
- "id": "eaf4ddaab1b74aa59403f9fbf5fc4ac1",
- "interface": "public",
- "region_id": "RegionOne",
- "url": "http://controller:5000/v3/",
- "region": "RegionOne"
- }
- ],
- "id": "75fe01049ec648b69e48d200971bf601",
- "type": "identity",
- "name": "keystone"
- }
- ]
- }
- }
- Object
6/ MEMCACHE储存token
glance ---> MEMCACHE,储存token:
- Frame 312: 677 bytes on wire (5416 bits), 677 bytes captured (5416 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: image1 (00:0c:29:cc:19:7d), Dst: controller (00:0c:29:a8:e0:3c)
- Internet Protocol Version 4, Src: image1 (10.0.20.16), Dst: controller (10.0.20.11)
- Transmission Control Protocol, Src Port: 59524, Dst Port: 11211, Seq: 1526, Ack: 6, Len: 611
- [2 Reassembled TCP Segments (2059 bytes): #311(1448), #312(611)]
- Memcache Protocol
- Command: set
- Key: tokens/773e2dee2fb1030e539ea2f4cbee331eb398d4f8145ca001c733c4b3f63ca862
- Flags: 0
- Expiration: 300
- Value length: 1968
- Value [truncated]: {"token": {"methods": ["password"], "user": {"domain": {"id": "default", "name": "Default"}, "id": "2947c213547147979dce3c8f8b85697f", "name": "admin", "password_expires_at": null}, "audit_ids": ["-gVm2yInSBWpjE6RI9Q78A"
MEMCACHE成功储存:
- Frame 314: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: controller (00:0c:29:a8:e0:3c), Dst: image1 (00:0c:29:cc:19:7d)
- Internet Protocol Version 4, Src: controller (10.0.20.11), Dst: image1 (10.0.20.16)
- Transmission Control Protocol, Src Port: 11211, Dst Port: 59524, Seq: 6, Ack: 2137, Len: 8
- Memcache Protocol
- Response: STORED
7/ glance连接数据库,SQL查询
(只展示login信息,其他SQL查询信息略)
- Frame 321: 212 bytes on wire (1696 bits), 212 bytes captured (1696 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: image1 (00:0c:29:cc:19:7d), Dst: controller (00:0c:29:a8:e0:3c)
- Internet Protocol Version 4, Src: image1 (10.0.20.16), Dst: controller (10.0.20.11)
- Transmission Control Protocol, Src Port: 46382, Dst Port: 3306, Seq: 1, Ack: 111, Len: 146
- MySQL Protocol
- Packet Length: 142
- Packet Number: 1
- Login Request
- Client Capabilities: 0xa20f
- Extended Client Capabilities: 0x003a
- MAX Packet: 16777215
- Charset: utf8 COLLATE utf8_general_ci (33)
- Unused: 0000000000000000000000000000000000000000000000
- Username: glance
- Password: 4d1590709f0fb6fdce405042311a3773f737dd5a
- Schema: glance
- Client Auth Plugin: mysql_native_password
- Connection Attributes
8/ glance将查询结果返回给OpenStackClient:
- Frame 362: 1117 bytes on wire (8936 bits), 1117 bytes captured (8936 bits) on interface \Device\NPF_{3CF2B347-CE40-406F-B67A-13F210B29B37}, id 0
- Ethernet II, Src: image1 (00:0c:29:cc:19:7d), Dst: VMware_ff:20:81 (00:0c:29:ff:20:81)
- Internet Protocol Version 4, Src: image1 (10.0.20.16), Dst: 10.0.20.100 (10.0.20.100)
- Transmission Control Protocol, Src Port: 9292, Dst Port: 32788, Seq: 1172, Ack: 631, Len: 1051
- Hypertext Transfer Protocol
- HTTP/1.1 200 OK\r\n
- [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
- Response Version: HTTP/1.1
- Status Code: 200
- [Status Code Description: OK]
- Response Phrase: OK
- Content-Length: 852\r\n
- Content-Type: application/json\r\n
- X-Openstack-Request-Id: req-3fd463a0-2fae-4d96-b668-ecd6c402861c\r\n
- Date: Thu, 11 Jul 2024 21:58:38 GMT\r\n
- Connection: keep-alive\r\n
- \r\n
- [HTTP response 2/2]
- [Time since request: 8.837414000 seconds]
- [Prev request in frame: 273]
- [Prev response in frame: 275]
- [Request in frame: 277]
- [Request URI: http://image1:9292/v2/images]
- File Data: 852 bytes
- JavaScript Object Notation: application/json
- JSON raw form:
- {
- "images": [
- {
- "name": "cirros",
- "disk_format": "qcow2",
- "container_format": "bare",
- "visibility": "public",
- "size": 12716032,
- "virtual_size": 46137344,
- "status": "active",
- "checksum": "443b7623e27ecf03dc9e01ee93f67afe",
- "protected": false,
- "min_ram": 0,
- "min_disk": 0,
- "owner": "ee65b6c3961747b988ab8bd1cc19fb93",
- "os_hidden": false,
- "os_hash_algo": "sha512",
- "os_hash_value": "6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e2161b5b5186106570c17a9e58b64dd39390617cd5a350f78",
- "id": "9f0e6328-3e96-41e1-b282-d577b6749a09",
- "created_at": "2024-07-07T08:26:02Z",
- "updated_at": "2024-07-07T08:26:02Z",
- "tags": [],
- "self": "/v2/images/9f0e6328-3e96-41e1-b282-d577b6749a09",
- "file": "/v2/images/9f0e6328-3e96-41e1-b282-d577b6749a09/file",
- "schema": "/v2/schemas/image"
- }
- ],
- "first": "/v2/images",
- "schema": "/v2/schemas/images"
- }
- Object
5、关闭虚机,拍摄快照
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/知新_RL/article/detail/829844
推荐阅读
相关标签
