Embed Size (px)
Citation preview
1
glance-replicator2012.12.23 @irix_jp
openstackOpen source software to build public and private clouds.
glance-replicator
Advent Calendar 2012 JP
2
glance-replicator
● folsom から glance に組み込まれたコマンドツール
● 二つの glance サーバ間で image のレプリケーションができる。
● レプリケーションだけでなく、イメージのインポート・エクスポートも可能
3
動作イメージ
glance-api
DB
glance-replicator
glance-registry
data store keystone
images
glance-api
DB
glance-registry
data store keystone
images
images
4
コマンド (stable/folsom)
$ glance-replicator –h
Usage: glance-replicator <command> [options] [args]
Commands:
help <command> Output help for one of the commands below
compare What is missing from the slave glance? dump Dump the contents of a glance instance to local disk. livecopy Load the contents of one glance instance into another. load Load the contents of a local directory into glance. size Determine the size of a glance instance if dumped to disk.
5
TIPS
● 認証にはテナント・ユーザ・パスワードではなく、 keystone が発行した TOKEN を使う● TOKEN を取得するスクリプト
– get_token.sh
#!/bin/bash
HOST_IP=$1ADMIN_TENANT=$2ADMIN_USER=$3ADMIN_PASSWORD=$4TOKEN=`curl -s -d "{\"auth\":{\"passwordCredentials\": {\"username\": \"$ADMIN_USER\", \"password\": \"$ADMIN_PASSWORD\"}, \"tenantName\": \"$ADMIN_TENANT\"}}" -H "Content-type: application/json" http://$HOST_IP:5000/v2.0/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"`echo $TOKEN
6
テスト環境
● 二つの独立した OpenStack 環境を構築● devstack での All in One 環境( localrc は次項)
Ubuntu12.04
Folsom/stableDevstack
(all in one)
Ubuntu12.04
Folsom/stableDevstack
(all in one)
192.168.128.100 192.168.128.200
7
localrcHOST_IP=192.168.128.100
ADMIN_PASSWORD=openstackMYSQL_PASSWORD=$ADMIN_PASSWORDRABBIT_PASSWORD=$ADMIN_PASSWORDSERVICE_PASSWORD=$ADMIN_PASSWORDSERVICE_TOKEN=admintoken
disable_service n-netdisable_service n-objenable_service q-svcenable_service q-agtenable_service q-dhcpenable_service q-l3
ENABLE_TENANT_TUNNELS=True
FIXED_RANGE=172.24.17.0/24NETWORK_GATEWAY=172.24.17.254FLOATING_RANGE=10.0.0.0/24
NOVA_BRANCH=stable/folsomGLANCE_BRANCH=stable/folsomKEYSTONE_BRANCH=stable/folsomHORIZON_BRANCH=stable/folsomCINDER_BRANCH=stable/folsomQUANTUM_BRANCH=stable/folsom
HOST_IP=192.168.128.200
ADMIN_PASSWORD=openstackMYSQL_PASSWORD=$ADMIN_PASSWORDRABBIT_PASSWORD=$ADMIN_PASSWORDSERVICE_PASSWORD=$ADMIN_PASSWORDSERVICE_TOKEN=admintoken
disable_service n-netdisable_service n-objenable_service q-svcenable_service q-agtenable_service q-dhcpenable_service q-l3
ENABLE_TENANT_TUNNELS=True
FIXED_RANGE=172.24.17.0/24NETWORK_GATEWAY=172.24.17.254FLOATING_RANGE=10.0.0.0/24
NOVA_BRANCH=stable/folsomGLANCE_BRANCH=stable/folsomKEYSTONE_BRANCH=stable/folsomHORIZON_BRANCH=stable/folsomCINDER_BRANCH=stable/folsomQUANTUM_BRANCH=stable/folsom
8
初期状態の glance
● 192.168.128.100
● 192.168.128.200
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| ID | Name | Disk Format | Container Format | Size | Status |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active || bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active || 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list
→ 空
9
compare
● 100 → 200
● 200 → 100
$ glance-replicator -v compare 192.168.128.100:9292 192.168.128.200:9292 \ -M `./get_token.sh 192.168.128.100 admin admin openstack` \ -S `./get_token.sh 192.168.128.200 admin admin openstack`
de150d8d-eb33-45f9-88a6-142228b902ba: entirely missing from the destination0db62cb0-d592-4a24-8fdf-45a44a6f9298: entirely missing from the destinationbcaf789e-df5e-4862-b77b-d6cc8e63d33b: entirely missing from the destination
$ glance-replicator -v compare 192.168.128.200:9292 192.168.128.100:9292 \ -M `./get_token.sh 192.168.128.200 admin admin openstack` \ -S `./get_token.sh 192.168.128.100 admin admin openstack`
→ 空
10
livecopy
● 100 → 200
● 200 → 100
$ glance-replicator -v livecopy 192.168.128.100:9292 192.168.128.200:9292 -M `./get_token.sh 192.168.128.100 demo demo openstack` -S `./get_token.sh 192.168.128.200 demo demo openstack`Considering de150d8d-eb33-45f9-88a6-142228b902bade150d8d-eb33-45f9-88a6-142228b902ba is being syncedConsidering 0db62cb0-d592-4a24-8fdf-45a44a6f92980db62cb0-d592-4a24-8fdf-45a44a6f9298 is being syncedConsidering bcaf789e-df5e-4862-b77b-d6cc8e63d33bbcaf789e-df5e-4862-b77b-d6cc8e63d33b is being synced
$ glance-replicator -v compare 192.168.128.200:9292 192.168.128.100:9292 \ -M `./get_token.sh 192.168.128.200 admin admin openstack` \ -S `./get_token.sh 192.168.128.100 admin admin openstack`
→ 空
11
コピー後の状態1
● 192.168.128.100
● 192.168.128.200
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| ID | Name | Disk Format | Container Format | Size | Status |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active || bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active || 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| ID | Name | Disk Format | Container Format | Size | Status |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active || bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active || 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
12
コピー後の状態 2
192.168.128.100 192.168.128.200
● owner(tenant_id) までコピーされている点に注意● 今回は別の keystone を使っているが、
is_public=true なので image-list に出ているだけ。
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-show de150d8d-eb33-45f9-88a6-142228b902ba
+-----------------------+--------------------------------------+| Property | Value |+-----------------------+--------------------------------------+| Property 'kernel_id' | bcaf789e-df5e-4862-b77b-d6cc8e63d33b || Property 'ramdisk_id' | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 || checksum | 2f81976cae15c16ef0010c51e3a6c163 || container_format | ami || created_at | 2012-12-22T03:00:42 || deleted | False || disk_format | ami || id | de150d8d-eb33-45f9-88a6-142228b902ba || is_public | True || min_disk | 0 || min_ram | 0 || name | cirros-0.3.0-x86_64-uec || owner | a458e9fbf0394622a1aa627550d20daa || protected | False || size | 25165824 || status | active || updated_at | 2012-12-22T03:00:43 |+-----------------------+--------------------------------------+
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-show de150d8d-eb33-45f9-88a6-142228b902ba
+-----------------------+--------------------------------------+| Property | Value |+-----------------------+--------------------------------------+| Property 'kernel_id' | bcaf789e-df5e-4862-b77b-d6cc8e63d33b || Property 'ramdisk_id' | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 || checksum | 2f81976cae15c16ef0010c51e3a6c163 || container_format | ami || created_at | 2012-12-22T16:46:30 || deleted | False || disk_format | ami || id | de150d8d-eb33-45f9-88a6-142228b902ba || is_public | True || min_disk | 0 || min_ram | 0 || name | cirros-0.3.0-x86_64-uec || owner | a458e9fbf0394622a1aa627550d20daa || protected | False || size | 25165824 || status | active || updated_at | 2012-12-22T16:46:31 |+-----------------------+--------------------------------------+
13
is_public=false だと・・・
● 100 側、 demo ユーザで追加
● Admin(100) → Admin(200) でコピー● コピーはされるが、誰も参照できない ( コピーされた ID
が 200 側の keystone に存在しないため。
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| ID | Name | Disk Format | Container Format | Size | Status |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active || bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active || 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active || 0d075151-3925-4b85-8f77-d908f1df70be | snap1 | ami | ami | 25165824 | active |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
MYSQL> use glance; select id,name,is_public,owner from images;
+--------------------------------------+---------------------------------+-----------+----------------------------------+| id | name | is_public | owner |+--------------------------------------+---------------------------------+-----------+----------------------------------+| 0d075151-3925-4b85-8f77-d908f1df70be | snap1 | 0 | 936ef2486d3749bbb51bfedbc69e9d28 || 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | 1 | a458e9fbf0394622a1aa627550d20daa || bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | 1 | a458e9fbf0394622a1aa627550d20daa || de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | 1 | a458e9fbf0394622a1aa627550d20daa |+--------------------------------------+---------------------------------+-----------+----------------------------------+
14
ユーザ権限でのコピーだと
● 100 側
● 200 側
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| ID | Name | Disk Format | Container Format | Size | Status |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active || bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active || 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active || 0d075151-3925-4b85-8f77-d908f1df70be | snap1 | ami | ami | 25165824 | active || 3532fd21-6bf8-440c-9bcb-9ea7df30ce8a | snap2 | ami | ami | 25165824 | active |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| ID | Name | Disk Format | Container Format | Size | Status |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active || bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active || 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active || 3532fd21-6bf8-440c-9bcb-9ea7df30ce8a | snap2 | ami | ami | 25165824 | active |+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
snap1 のコピーは、既に同じ ID のイメージが登録されている(参照不可)ため失敗します。
$ glance-replicator -v livecopy 192.168.128.100:9292 192.168.128.200:9292 \ -M `./get_token.sh 192.168.128.100 demo demo openstack` -S `./get_token.sh 192.168.128.200 demo demo openstack`
15
まとめ
● keystone を共有しているか、していないかでlivecopy の使い方が変わる。● している場合: admin でコピーすれば終わり● していない場合:ユーザ権限でコピーする
– ユーザ権限でコピーすると、 is_public=true のものが、 ID が変わってコピーされてしまう。
● --no-replica-public 等のオプションが欲しい。– 冬休みに時間があったらパッチ書く(キリッ
● dump/load でいったんファイルに落として操作すればどっちでもおk。
