Advent Calendar 2012 JP




       openstack
 Open source software to build public and private clouds.



glance-replicator
                     glance-replicator
                    2012.12.23 @irix_jp


                                                            1
glance-replicator

●   folsom から glance に組み込まれたコマンドツー
    ル

●   二つの glance サーバ間で image のレプリケー
    ションができる。

●   レプリケーションだけでなく、イメージのインポート・
    エクスポートも可能


                                    2
動作イメージ

                                                                  images

                            glance-replicator




   glance-api    glance-registry                glance-api    glance-registry




                DB                                           DB
images                                     images

   data store        keystone                   data store        keystone



                                                                                3
コマンド (stable/folsom)

$ glance-replicator –h

Usage: glance-replicator <command> [options] [args]

Commands:

   help <command>   Output help for one of the commands below

   compare          What is missing from the slave glance?
   dump             Dump the contents of a glance instance to local disk.
   livecopy         Load the contents of one glance instance into another.
   load             Load the contents of a local directory into glance.
   size             Determine the size of a glance instance if dumped to disk.




                                                                                 4
TIPS

●   認証にはテナント・ユーザ・パスワードではな
    く、 keystone が発行した TOKEN を使う
    ●   TOKEN を取得するスクリプト
        –   get_token.sh

            #!/bin/bash

            HOST_IP=$1
            ADMIN_TENANT=$2
            ADMIN_USER=$3
            ADMIN_PASSWORD=$4
            TOKEN=`curl -s -d "{"auth":{"passwordCredentials":
            {"username": "$ADMIN_USER", "password": "$ADMIN_PASSWORD"}, "tenan
            tName": "$ADMIN_TENANT"}}" -H "Content-type: application/json" http://
            $HOST_IP:5000/v2.0/tokens | python -c "import sys; import json; tok =
            json.loads(sys.stdin.read()); print tok['access']['token']['id'];"`
            echo $TOKEN


                                                                                      5
テスト環境

●   二つの独立した OpenStack 環境を構築
●   devstack での All in One 環境( localrc は次項)



             192.168.128.100          192.168.128.200

       Ubuntu12.04             Ubuntu12.04

      Folsom/stable            Folsom/stable
        Devstack                 Devstack
       (all in one)             (all in one)




                                                        6
localrc
HOST_IP=192.168.128.100            HOST_IP=192.168.128.200

ADMIN_PASSWORD=openstack           ADMIN_PASSWORD=openstack
MYSQL_PASSWORD=$ADMIN_PASSWORD     MYSQL_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD    RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD   SERVICE_PASSWORD=$ADMIN_PASSWORD
SERVICE_TOKEN=admintoken           SERVICE_TOKEN=admintoken

disable_service n-net              disable_service n-net
disable_service n-obj              disable_service n-obj
enable_service q-svc               enable_service q-svc
enable_service q-agt               enable_service q-agt
enable_service q-dhcp              enable_service q-dhcp
enable_service q-l3                enable_service q-l3

ENABLE_TENANT_TUNNELS=True         ENABLE_TENANT_TUNNELS=True

FIXED_RANGE=172.24.17.0/24         FIXED_RANGE=172.24.17.0/24
NETWORK_GATEWAY=172.24.17.254      NETWORK_GATEWAY=172.24.17.254
FLOATING_RANGE=10.0.0.0/24         FLOATING_RANGE=10.0.0.0/24

NOVA_BRANCH=stable/folsom          NOVA_BRANCH=stable/folsom
GLANCE_BRANCH=stable/folsom        GLANCE_BRANCH=stable/folsom
KEYSTONE_BRANCH=stable/folsom      KEYSTONE_BRANCH=stable/folsom
HORIZON_BRANCH=stable/folsom       HORIZON_BRANCH=stable/folsom
CINDER_BRANCH=stable/folsom        CINDER_BRANCH=stable/folsom
QUANTUM_BRANCH=stable/folsom       QUANTUM_BRANCH=stable/folsom



                                                                      7
初期状態の glance

   ●    192.168.128.100
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list

+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID                                   | Name                            | Disk Format | Container Format | Size     | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec         | ami         | ami              | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki          | aki              | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari         | ari              | 2254249 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+




   ●    192.168.128.200
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list

→ 空




                                                                                                                                  8
compare

   ●   100 → 200
$ glance-replicator -v compare 192.168.128.100:9292 192.168.128.200:9292 
        -M `./get_token.sh 192.168.128.100 admin admin openstack` 
        -S `./get_token.sh 192.168.128.200 admin admin openstack`

de150d8d-eb33-45f9-88a6-142228b902ba: entirely missing from the destination
0db62cb0-d592-4a24-8fdf-45a44a6f9298: entirely missing from the destination
bcaf789e-df5e-4862-b77b-d6cc8e63d33b: entirely missing from the destination



   ●   200 → 100
$ glance-replicator -v compare 192.168.128.200:9292 192.168.128.100:9292 
        -M `./get_token.sh 192.168.128.200 admin admin openstack` 
        -S `./get_token.sh 192.168.128.100 admin admin openstack`

→ 空




                                                                              9
livecopy

   ●   100 → 200
$ glance-replicator -v livecopy 192.168.128.100:9292 192.168.128.200:9292 -M `./get_token.sh
192.168.128.100 demo demo openstack` -S `./get_token.sh 192.168.128.200 demo demo openstack`
Considering de150d8d-eb33-45f9-88a6-142228b902ba
de150d8d-eb33-45f9-88a6-142228b902ba is being synced
Considering 0db62cb0-d592-4a24-8fdf-45a44a6f9298
0db62cb0-d592-4a24-8fdf-45a44a6f9298 is being synced
Considering bcaf789e-df5e-4862-b77b-d6cc8e63d33b
bcaf789e-df5e-4862-b77b-d6cc8e63d33b is being synced


   ●   200 → 100
$ glance-replicator -v compare 192.168.128.200:9292 192.168.128.100:9292 
        -M `./get_token.sh 192.168.128.200 admin admin openstack` 
        -S `./get_token.sh 192.168.128.100 admin admin openstack`

→ 空




                                                                                               10
コピー後の状態1

   ●    192.168.128.100
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list

+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID                                   | Name                            | Disk Format | Container Format | Size     | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec         | ami         | ami              | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki          | aki              | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari         | ari              | 2254249 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+




   ●    192.168.128.200
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID                                   | Name                            | Disk Format | Container Format | Size     | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec         | ami         | ami              | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki          | aki              | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari         | ari              | 2254249 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+




                                                                                                                                  11
コピー後の状態 2

         192.168.128.100
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name
                                                                        192.168.128.200
                                                                     $ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name
admin --os-username admin --os-password openstack image-show         admin --os-username admin --os-password openstack image-show
de150d8d-eb33-45f9-88a6-142228b902ba                                 de150d8d-eb33-45f9-88a6-142228b902ba

+-----------------------+--------------------------------------+     +-----------------------+--------------------------------------+
| Property              | Value                                |     | Property              | Value                                |
+-----------------------+--------------------------------------+     +-----------------------+--------------------------------------+
| Property 'kernel_id' | bcaf789e-df5e-4862-b77b-d6cc8e63d33b |      | Property 'kernel_id' | bcaf789e-df5e-4862-b77b-d6cc8e63d33b |
| Property 'ramdisk_id' | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 |     | Property 'ramdisk_id' | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 |
| checksum              | 2f81976cae15c16ef0010c51e3a6c163     |     | checksum              | 2f81976cae15c16ef0010c51e3a6c163     |
| container_format      | ami                                  |     | container_format      | ami                                  |
| created_at            | 2012-12-22T03:00:42                  |     | created_at            | 2012-12-22T16:46:30                  |
| deleted               | False                                |     | deleted               | False                                |
| disk_format           | ami                                  |     | disk_format           | ami                                  |
| id                    | de150d8d-eb33-45f9-88a6-142228b902ba |     | id                    | de150d8d-eb33-45f9-88a6-142228b902ba |
| is_public             | True                                 |     | is_public             | True                                 |
| min_disk              | 0                                    |     | min_disk              | 0                                    |
| min_ram               | 0                                    |     | min_ram               | 0                                    |
| name                  | cirros-0.3.0-x86_64-uec              |     | name                  | cirros-0.3.0-x86_64-uec              |
| owner                 | a458e9fbf0394622a1aa627550d20daa     |     | owner                 | a458e9fbf0394622a1aa627550d20daa     |
| protected             | False                                |     | protected             | False                                |
| size                  | 25165824                             |     | size                  | 25165824                             |
| status                | active                               |     | status                | active                               |
| updated_at            | 2012-12-22T03:00:43                  |     | updated_at            | 2012-12-22T16:46:31                  |
+-----------------------+--------------------------------------+     +-----------------------+--------------------------------------+

    ●    owner(tenant_id) までコピーされている点に注意
          ●     今回は別の keystone を使っているが、
                is_public=true なので image-list に出ているだけ。
                                                                                                                                        12
is_public=false だと・・・

   ●    100 側、 demo ユーザで追加
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list

+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID                                   | Name                            | Disk Format | Container Format | Size     | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec         | ami         | ami              | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki          | aki              | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari         | ari              | 2254249 | active |
| 0d075151-3925-4b85-8f77-d908f1df70be | snap1                           | ami         | ami              | 25165824 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+



   ●    Admin(100) → Admin(200) でコピー
          ●   コピーはされるが、誰も参照できない ( コピーされた ID
              が 200 側の keystone に存在しないため。
MYSQL> use glance; select id,name,is_public,owner from images;

+--------------------------------------+---------------------------------+-----------+----------------------------------+
| id                                   | name                            | is_public | owner                            |
+--------------------------------------+---------------------------------+-----------+----------------------------------+
| 0d075151-3925-4b85-8f77-d908f1df70be | snap1                           |         0 | 936ef2486d3749bbb51bfedbc69e9d28 |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk |         1 | a458e9fbf0394622a1aa627550d20daa |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel |          1 | a458e9fbf0394622a1aa627550d20daa |
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec         |         1 | a458e9fbf0394622a1aa627550d20daa |
+--------------------------------------+---------------------------------+-----------+----------------------------------+
                                                                                                                                  13
ユーザ権限でのコピーだと

   ●    100 側
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID                                   | Name                            | Disk Format | Container Format | Size     | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec         | ami         | ami              | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki          | aki              | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari         | ari              | 2254249 | active |
| 0d075151-3925-4b85-8f77-d908f1df70be | snap1                           | ami         | ami              | 25165824 | active |
| 3532fd21-6bf8-440c-9bcb-9ea7df30ce8a | snap2                           | ami         | ami              | 25165824 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+

$ glance-replicator -v livecopy 192.168.128.100:9292 192.168.128.200:9292 
        -M `./get_token.sh 192.168.128.100 demo demo openstack` -S `./get_token.sh 192.168.128.200 demo demo openstack`




   ●    200 側
$ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID                                   | Name                            | Disk Format | Container Format | Size     | Status |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+
| de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec         | ami         | ami              | 25165824 | active |
| bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki          | aki              | 4731440 | active |
| 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari         | ari              | 2254249 | active |
| 3532fd21-6bf8-440c-9bcb-9ea7df30ce8a | snap2                           | ami         | ami              | 25165824 | active |
+--------------------------------------+---------------------------------+-------------+------------------+----------+--------+

snap1 のコピーは、既に同じ ID のイメージが登録されている(参照不可)ため失敗します。

                                                                                                                                  14
まとめ

●   keystone を共有しているか、していないかで
    livecopy の使い方が変わる。
    ●   している場合: admin でコピーすれば終わり
    ●   していない場合:ユーザ権限でコピーする
        –   ユーザ権限でコピーすると、 is_public=true のものが、 ID が
            変わってコピーされてしまう。
             ●   --no-replica-public 等のオプションが欲しい。
                   – 冬休みに時間があったらパッチ書く(キリッ


●   dump/load でいったんファイルに落として操作す
    ればどっちでもおk。

                                                    15

glance replicator

  • 1.
    Advent Calendar 2012JP openstack Open source software to build public and private clouds. glance-replicator glance-replicator 2012.12.23 @irix_jp 1
  • 2.
    glance-replicator ● folsom から glance に組み込まれたコマンドツー ル ● 二つの glance サーバ間で image のレプリケー ションができる。 ● レプリケーションだけでなく、イメージのインポート・ エクスポートも可能 2
  • 3.
    動作イメージ images glance-replicator glance-api glance-registry glance-api glance-registry DB DB images images data store keystone data store keystone 3
  • 4.
    コマンド (stable/folsom) $ glance-replicator–h Usage: glance-replicator <command> [options] [args] Commands: help <command> Output help for one of the commands below compare What is missing from the slave glance? dump Dump the contents of a glance instance to local disk. livecopy Load the contents of one glance instance into another. load Load the contents of a local directory into glance. size Determine the size of a glance instance if dumped to disk. 4
  • 5.
    TIPS ● 認証にはテナント・ユーザ・パスワードではな く、 keystone が発行した TOKEN を使う ● TOKEN を取得するスクリプト – get_token.sh #!/bin/bash HOST_IP=$1 ADMIN_TENANT=$2 ADMIN_USER=$3 ADMIN_PASSWORD=$4 TOKEN=`curl -s -d "{"auth":{"passwordCredentials": {"username": "$ADMIN_USER", "password": "$ADMIN_PASSWORD"}, "tenan tName": "$ADMIN_TENANT"}}" -H "Content-type: application/json" http:// $HOST_IP:5000/v2.0/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"` echo $TOKEN 5
  • 6.
    テスト環境 ● 二つの独立した OpenStack 環境を構築 ● devstack での All in One 環境( localrc は次項) 192.168.128.100 192.168.128.200 Ubuntu12.04 Ubuntu12.04 Folsom/stable Folsom/stable Devstack Devstack (all in one) (all in one) 6
  • 7.
    localrc HOST_IP=192.168.128.100 HOST_IP=192.168.128.200 ADMIN_PASSWORD=openstack ADMIN_PASSWORD=openstack MYSQL_PASSWORD=$ADMIN_PASSWORD MYSQL_PASSWORD=$ADMIN_PASSWORD RABBIT_PASSWORD=$ADMIN_PASSWORD RABBIT_PASSWORD=$ADMIN_PASSWORD SERVICE_PASSWORD=$ADMIN_PASSWORD SERVICE_PASSWORD=$ADMIN_PASSWORD SERVICE_TOKEN=admintoken SERVICE_TOKEN=admintoken disable_service n-net disable_service n-net disable_service n-obj disable_service n-obj enable_service q-svc enable_service q-svc enable_service q-agt enable_service q-agt enable_service q-dhcp enable_service q-dhcp enable_service q-l3 enable_service q-l3 ENABLE_TENANT_TUNNELS=True ENABLE_TENANT_TUNNELS=True FIXED_RANGE=172.24.17.0/24 FIXED_RANGE=172.24.17.0/24 NETWORK_GATEWAY=172.24.17.254 NETWORK_GATEWAY=172.24.17.254 FLOATING_RANGE=10.0.0.0/24 FLOATING_RANGE=10.0.0.0/24 NOVA_BRANCH=stable/folsom NOVA_BRANCH=stable/folsom GLANCE_BRANCH=stable/folsom GLANCE_BRANCH=stable/folsom KEYSTONE_BRANCH=stable/folsom KEYSTONE_BRANCH=stable/folsom HORIZON_BRANCH=stable/folsom HORIZON_BRANCH=stable/folsom CINDER_BRANCH=stable/folsom CINDER_BRANCH=stable/folsom QUANTUM_BRANCH=stable/folsom QUANTUM_BRANCH=stable/folsom 7
  • 8.
    初期状態の glance ● 192.168.128.100 $ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active | | bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active | | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ ● 192.168.128.200 $ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list → 空 8
  • 9.
    compare ● 100 → 200 $ glance-replicator -v compare 192.168.128.100:9292 192.168.128.200:9292 -M `./get_token.sh 192.168.128.100 admin admin openstack` -S `./get_token.sh 192.168.128.200 admin admin openstack` de150d8d-eb33-45f9-88a6-142228b902ba: entirely missing from the destination 0db62cb0-d592-4a24-8fdf-45a44a6f9298: entirely missing from the destination bcaf789e-df5e-4862-b77b-d6cc8e63d33b: entirely missing from the destination ● 200 → 100 $ glance-replicator -v compare 192.168.128.200:9292 192.168.128.100:9292 -M `./get_token.sh 192.168.128.200 admin admin openstack` -S `./get_token.sh 192.168.128.100 admin admin openstack` → 空 9
  • 10.
    livecopy ● 100 → 200 $ glance-replicator -v livecopy 192.168.128.100:9292 192.168.128.200:9292 -M `./get_token.sh 192.168.128.100 demo demo openstack` -S `./get_token.sh 192.168.128.200 demo demo openstack` Considering de150d8d-eb33-45f9-88a6-142228b902ba de150d8d-eb33-45f9-88a6-142228b902ba is being synced Considering 0db62cb0-d592-4a24-8fdf-45a44a6f9298 0db62cb0-d592-4a24-8fdf-45a44a6f9298 is being synced Considering bcaf789e-df5e-4862-b77b-d6cc8e63d33b bcaf789e-df5e-4862-b77b-d6cc8e63d33b is being synced ● 200 → 100 $ glance-replicator -v compare 192.168.128.200:9292 192.168.128.100:9292 -M `./get_token.sh 192.168.128.200 admin admin openstack` -S `./get_token.sh 192.168.128.100 admin admin openstack` → 空 10
  • 11.
    コピー後の状態1 ● 192.168.128.100 $ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active | | bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active | | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ ● 192.168.128.200 $ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-list +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active | | bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active | | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ 11
  • 12.
    コピー後の状態 2 192.168.128.100 $ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name 192.168.128.200 $ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name admin --os-username admin --os-password openstack image-show admin --os-username admin --os-password openstack image-show de150d8d-eb33-45f9-88a6-142228b902ba de150d8d-eb33-45f9-88a6-142228b902ba +-----------------------+--------------------------------------+ +-----------------------+--------------------------------------+ | Property | Value | | Property | Value | +-----------------------+--------------------------------------+ +-----------------------+--------------------------------------+ | Property 'kernel_id' | bcaf789e-df5e-4862-b77b-d6cc8e63d33b | | Property 'kernel_id' | bcaf789e-df5e-4862-b77b-d6cc8e63d33b | | Property 'ramdisk_id' | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | | Property 'ramdisk_id' | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | | checksum | 2f81976cae15c16ef0010c51e3a6c163 | | checksum | 2f81976cae15c16ef0010c51e3a6c163 | | container_format | ami | | container_format | ami | | created_at | 2012-12-22T03:00:42 | | created_at | 2012-12-22T16:46:30 | | deleted | False | | deleted | False | | disk_format | ami | | disk_format | ami | | id | de150d8d-eb33-45f9-88a6-142228b902ba | | id | de150d8d-eb33-45f9-88a6-142228b902ba | | is_public | True | | is_public | True | | min_disk | 0 | | min_disk | 0 | | min_ram | 0 | | min_ram | 0 | | name | cirros-0.3.0-x86_64-uec | | name | cirros-0.3.0-x86_64-uec | | owner | a458e9fbf0394622a1aa627550d20daa | | owner | a458e9fbf0394622a1aa627550d20daa | | protected | False | | protected | False | | size | 25165824 | | size | 25165824 | | status | active | | status | active | | updated_at | 2012-12-22T03:00:43 | | updated_at | 2012-12-22T16:46:31 | +-----------------------+--------------------------------------+ +-----------------------+--------------------------------------+ ● owner(tenant_id) までコピーされている点に注意 ● 今回は別の keystone を使っているが、 is_public=true なので image-list に出ているだけ。 12
  • 13.
    is_public=false だと・・・ ● 100 側、 demo ユーザで追加 $ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active | | bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active | | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active | | 0d075151-3925-4b85-8f77-d908f1df70be | snap1 | ami | ami | 25165824 | active | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ ● Admin(100) → Admin(200) でコピー ● コピーはされるが、誰も参照できない ( コピーされた ID が 200 側の keystone に存在しないため。 MYSQL> use glance; select id,name,is_public,owner from images; +--------------------------------------+---------------------------------+-----------+----------------------------------+ | id | name | is_public | owner | +--------------------------------------+---------------------------------+-----------+----------------------------------+ | 0d075151-3925-4b85-8f77-d908f1df70be | snap1 | 0 | 936ef2486d3749bbb51bfedbc69e9d28 | | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | 1 | a458e9fbf0394622a1aa627550d20daa | | bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | 1 | a458e9fbf0394622a1aa627550d20daa | | de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | 1 | a458e9fbf0394622a1aa627550d20daa | +--------------------------------------+---------------------------------+-----------+----------------------------------+ 13
  • 14.
    ユーザ権限でのコピーだと ● 100 側 $ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active | | bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active | | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active | | 0d075151-3925-4b85-8f77-d908f1df70be | snap1 | ami | ami | 25165824 | active | | 3532fd21-6bf8-440c-9bcb-9ea7df30ce8a | snap2 | ami | ami | 25165824 | active | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ $ glance-replicator -v livecopy 192.168.128.100:9292 192.168.128.200:9292 -M `./get_token.sh 192.168.128.100 demo demo openstack` -S `./get_token.sh 192.168.128.200 demo demo openstack` ● 200 側 $ glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name demo --os-username demo --os-password openstack image-list +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ | de150d8d-eb33-45f9-88a6-142228b902ba | cirros-0.3.0-x86_64-uec | ami | ami | 25165824 | active | | bcaf789e-df5e-4862-b77b-d6cc8e63d33b | cirros-0.3.0-x86_64-uec-kernel | aki | aki | 4731440 | active | | 0db62cb0-d592-4a24-8fdf-45a44a6f9298 | cirros-0.3.0-x86_64-uec-ramdisk | ari | ari | 2254249 | active | | 3532fd21-6bf8-440c-9bcb-9ea7df30ce8a | snap2 | ami | ami | 25165824 | active | +--------------------------------------+---------------------------------+-------------+------------------+----------+--------+ snap1 のコピーは、既に同じ ID のイメージが登録されている(参照不可)ため失敗します。 14
  • 15.
    まとめ ● keystone を共有しているか、していないかで livecopy の使い方が変わる。 ● している場合: admin でコピーすれば終わり ● していない場合:ユーザ権限でコピーする – ユーザ権限でコピーすると、 is_public=true のものが、 ID が 変わってコピーされてしまう。 ● --no-replica-public 等のオプションが欲しい。 – 冬休みに時間があったらパッチ書く(キリッ ● dump/load でいったんファイルに落として操作す ればどっちでもおk。 15