本文由Ceph中国社区-Thomas独家投稿《Openstack liberty Glance上传镜像源码分析》
在Openstack中创建云主机,首先得有镜像,而Glance模块提供镜像服务功能,包括:镜像的发现、检索及存储等,主要包括:glance-api和glance-registery两个服务,分别负责镜像的存储和元数据管理。下面基于源码,分析下镜像的上传过程。
##上传镜像 先通过glance CLI上传镜像,来直观的了解下镜像上传的过程:
|
1 |
<span class="hljs-comment" style="color:#999988;font-style:italic;">#</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">glance</span> <span class="hljs-literal">-</span><span class="hljs-literal">-</span><span class="hljs-comment" style="color:#999988;font-style:italic;">debug</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">image</span><span class="hljs-literal">-</span><span class="hljs-comment" style="color:#999988;font-style:italic;">create</span> <span class="hljs-literal">-</span><span class="hljs-literal">-</span><span class="hljs-comment" style="color:#999988;font-style:italic;">file</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">centos</span><span class="hljs-literal">-</span><span class="hljs-comment" style="color:#999988;font-style:italic;">7</span><span class="hljs-string" style="color:#DD1144;">.</span><span class="hljs-comment" style="color:#999988;font-style:italic;">0</span><span class="hljs-literal">-</span><span class="hljs-comment" style="color:#999988;font-style:italic;">x64</span><span class="hljs-literal">-</span><span class="hljs-comment" style="color:#999988;font-style:italic;">20g</span><span class="hljs-string" style="color:#DD1144;">.</span><span class="hljs-comment" style="color:#999988;font-style:italic;">qcow2</span> <span class="hljs-literal">-</span><span class="hljs-literal">-</span><span class="hljs-comment" style="color:#999988;font-style:italic;">disk</span><span class="hljs-literal">-</span><span class="hljs-comment" style="color:#999988;font-style:italic;">format</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">raw</span> <span class="hljs-literal">-</span><span class="hljs-literal">-</span><span class="hljs-comment" style="color:#999988;font-style:italic;">container</span><span class="hljs-literal">-</span><span class="hljs-comment" style="color:#999988;font-style:italic;">format</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">bare</span> <span class="hljs-literal">-</span><span class="hljs-literal">-</span><span class="hljs-comment" style="color:#999988;font-style:italic;">visibility</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">public</span> |
通过在命令行中开启–debug,我们可以发现,上传镜像过程中glance CLI会发送如下三个不同的请求:
那这三个请求分别干了什么事呢? 下面我们来一一分解。
##获取镜像属性定义 通过glance/api/v2/router.py.API中定义的路由映射,我们知道上述的第一个请求由glance/api/v2/schemas.py.Controller.image方法处理,如下:
|
1 2 3 4 5 6 |
<span class="hljs-comment" style="color:#999988;font-style:italic;">#路由映射,代码节选</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#完整的函数实现,请参考glance/api/v2/router.py.API.__init__</span> <span class="hljs-function"><span class="hljs-keyword" style="font-weight:700;">def</span> <span class="hljs-title" style="color:#990000;font-weight:700;">__init__</span><span class="hljs-params">(self, mapper)</span>:</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#从/etc/glance/schema-image.json文件加载用户定义属性</span> custom_image_properties = images.load_custom_properties() <span class="hljs-comment" style="color:#999988;font-style:italic;">#创建glance/api/v2/schemas.py.Controller实例</span> schemas_resource = schemas.create_resource(custom_image_properties) <span class="hljs-comment" style="color:#999988;font-style:italic;">#定义路由映射:</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#curl -X GET /schemas/image -> shemas_resource.image</span> mapper.connect(<span class="hljs-string" style="color:#DD1144;">'/schemas/image'</span>, controller=schemas_resource, action=<span class="hljs-string" style="color:#DD1144;">'image'</span>, conditions={<span class="hljs-string" style="color:#DD1144;">'method'</span>: [<span class="hljs-string" style="color:#DD1144;">'GET'</span>]}) <span class="hljs-comment" style="color:#999988;font-style:italic;">#glance/api/v2/schemas.py.Controller.image</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#返回一个镜像属性字典,结构如下:</span> [ <span class="hljs-string" style="color:#DD1144;">'name'</span>: image, <span class="hljs-string" style="color:#DD1144;">'properties'</span>:xxx <span class="hljs-string" style="color:#DD1144;">'additionalProperties'</span>:xxx <span class="hljs-string" style="color:#DD1144;">'definitions'</span>:xxx <span class="hljs-string" style="color:#DD1144;">'required'</span>:xxx <span class="hljs-string" style="color:#DD1144;">'links'</span>:xxx ] <span class="hljs-comment" style="color:#999988;font-style:italic;">#字典值请看下面的分析过程</span> <span class="hljs-function"><span class="hljs-keyword" style="font-weight:700;">def</span> <span class="hljs-title" style="color:#990000;font-weight:700;">image</span><span class="hljs-params">(self, req)</span>:</span> <span class="hljs-keyword" style="font-weight:700;">return</span> self.image_schema.raw() |
self.image_schema在glance/api/v2/schemas.py.Controller.__init__方法中初始化:
|
1 |
<span class="hljs-function"><span class="hljs-keyword" style="font-weight:700;">def</span> <span class="hljs-title" style="color:#990000;font-weight:700;">__init__</span><span class="hljs-params">(self, custom_image_properties=None)</span>:</span> self.image_schema = images.get_schema(custom_image_properties) |
它进一步调用glance/api/v2/images.py.ImagesController.get_schema方法:
|
1 2 3 4 5 6 7 8 9 10 |
<span class="hljs-function"><span class="hljs-keyword" style="font-weight:700;">def</span> <span class="hljs-title" style="color:#990000;font-weight:700;">get_schema</span><span class="hljs-params">(custom_properties=None)</span>:</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#镜像的基本属性(是一个字典):id,name,status等的定义及描述,</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#通过glance CLI上传镜像成功后,这些字段信息会显示在shell界面上</span> properties = get_base_properties() <span class="hljs-string" style="color:#DD1144;">"""一个包含3个元素的字典列表,像是名字映射约束 [ {'rel': 'self', 'href': '{self}'}, {'rel': 'enclosure', 'href': '{file}'}, {'rel': 'describedby', 'href': '{schema}'}, ] """</span> links = _get_base_links() <span class="hljs-comment" style="color:#999988;font-style:italic;">#根据配置/etc/glance/glance-api.conf决定是生成</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#PermissiveSchema(默认)还是Schema,区别是PermissiveSchema</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#多设置了links参数</span> <span class="hljs-keyword" style="font-weight:700;">if</span> CONF.allow_additional_image_properties: schema = glance.schema.PermissiveSchema(<span class="hljs-string" style="color:#DD1144;">'image'</span>, properties, links) <span class="hljs-keyword" style="font-weight:700;">else</span>: schema = glance.schema.Schema(<span class="hljs-string" style="color:#DD1144;">'image'</span>, properties) <span class="hljs-comment" style="color:#999988;font-style:italic;">#合并用户自定义属性</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#属性合并很简单:先得到两个属性集的交集,然后判断交集的值是否冲突</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#如果值冲突,则抛异常,否则就合并数据集</span> <span class="hljs-keyword" style="font-weight:700;">if</span> custom_properties: <span class="hljs-keyword" style="font-weight:700;">for</span> property_value <span class="hljs-keyword" style="font-weight:700;">in</span> custom_properties.values(): property_value[<span class="hljs-string" style="color:#DD1144;">'is_base'</span>] = <span class="hljs-keyword" style="font-weight:700;">False</span> schema.merge_properties(custom_properties) <span class="hljs-keyword" style="font-weight:700;">return</span> schema |
最后来看看raw方法,实现很简单:调用父类的Schema返回镜像属性字典,同时更新additionalProperties属性,然后将属性字典返回给调用者
|
1 2 3 4 5 6 |
<span class="hljs-comment" style="color:#999988;font-style:italic;">#glance/schema.py.PermissiveSchema</span> <span class="hljs-function"><span class="hljs-keyword" style="font-weight:700;">def</span> <span class="hljs-title" style="color:#990000;font-weight:700;">raw</span><span class="hljs-params">(self)</span>:</span> raw = super(PermissiveSchema, self).raw() raw[<span class="hljs-string" style="color:#DD1144;">'additionalProperties'</span>] = {<span class="hljs-string" style="color:#DD1144;">'type'</span>: <span class="hljs-string" style="color:#DD1144;">'string'</span>} <span class="hljs-keyword" style="font-weight:700;">return</span> raw <span class="hljs-comment" style="color:#999988;font-style:italic;">#glance/schema.py.Schema</span> <span class="hljs-function"><span class="hljs-keyword" style="font-weight:700;">def</span> <span class="hljs-title" style="color:#990000;font-weight:700;">raw</span><span class="hljs-params">(self)</span>:</span> raw = { <span class="hljs-string" style="color:#DD1144;">'name'</span>: self.name, <span class="hljs-string" style="color:#DD1144;">'properties'</span>: self.properties, <span class="hljs-string" style="color:#DD1144;">'additionalProperties'</span>: <span class="hljs-keyword" style="font-weight:700;">False</span>, } <span class="hljs-keyword" style="font-weight:700;">if</span> self.definitions: raw[<span class="hljs-string" style="color:#DD1144;">'definitions'</span>] = self.definitions <span class="hljs-keyword" style="font-weight:700;">if</span> self.required: raw[<span class="hljs-string" style="color:#DD1144;">'required'</span>] = self.required <span class="hljs-keyword" style="font-weight:700;">if</span> self.links: raw[<span class="hljs-string" style="color:#DD1144;">'links'</span>] = self.links <span class="hljs-keyword" style="font-weight:700;">return</span> raw |
小结:第一个请求获取了镜像所支持的属性字典定义,下面就该根据这些信息来验证用户输入参数了。
##更新数据库 下面来分析第二个请求的处理过程,根据上述的–debug日志和路由映射,我们知道该请求由glance/api/v2/images.py.ImagesController.create方法处理:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
<span class="hljs-decorator">@utils.mutating</span> <span class="hljs-function"><span class="hljs-keyword" style="font-weight:700;">def</span> <span class="hljs-title" style="color:#990000;font-weight:700;">create</span><span class="hljs-params">(self, req, image, extra_properties, tags)</span>:</span> <span class="hljs-string" style="color:#DD1144;">"""函数实现比较简洁,调用`gateway`的方法分别创建`image_factory` 和`image_repo`,后面的try{ }except代码块中,分别调用两个对象的 `new_image`方法进行一系列的校验以及`add`方法添加数据库条目,最后返 `image`对象给调用者;`gateway`在`ImagesController.__init__`方 法中初始化,是一个`glance/gateway.py.Gateway`实例,其他对象的 实例化也简单明了,在这里不再表述。根据我们前述的glance CLI命令, 输入的参数值如下: req:是一个Request对象,包含该次请求的请求信息 image: 是一个字典,包含该次请求的属性,如下: { 'container_format': u'bare', 'disk_format': u'raw', 'visibility': u'public' } extra_properties: 扩展属性字典,这里为空 tags:标签,这里为空 """</span> image_factory = self.gateway.get_image_factory(req.context) image_repo = self.gateway.get_repo(req.context) <span class="hljs-comment" style="color:#999988;font-style:italic;">#这里省略了,try{ }except异常处理</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#实现用户认证,策略检查,参数检查等,具体请看下面的分析</span> image = image_factory.new_image(extra_properties=extra_properties, tags=tags, **image) <span class="hljs-comment" style="color:#999988;font-style:italic;">#进一步实现相关的检查,发送消息通知并记录数据</span> image_repo.add(image) <span class="hljs-keyword" style="font-weight:700;">return</span> image |
接着来看看get_image_factory方法:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
<span class="hljs-function"><span class="hljs-keyword" style="font-weight:700;">def</span> <span class="hljs-title" style="color:#990000;font-weight:700;">get_image_factory</span><span class="hljs-params">(self, context)</span>:</span> <span class="hljs-string" style="color:#DD1144;">"""根据下面的代码实现,可以发现各对象间建立了一个调用链条: 返回最外层的对象给调用者,调用时逐级调用内部的方法完成相关的操作, 到达最里层对象后,又顺着调用链逐级返回。其实,后面的`get_repo`方法 也是采用相似的实现,下面的分析中不再赘述。另外`self.store_api`, `self.store_utils`,`self.db_api`等在`__init__`方法中实例化 过程很直接,这里就不再分析了。 """</span> image_factory = glance.domain.ImageFactory() store_image_factory = glance.location.ImageFactoryProxy( image_factory, context, self.store_api, self.store_utils) quota_image_factory = glance.quota.ImageFactoryProxy( store_image_factory, context, self.db_api, self.store_utils) policy_image_factory = policy.ImageFactoryProxy( quota_image_factory, context, self.policy) notifier_image_factory = glance.notifier.ImageFactoryProxy( policy_image_factory, context, self.notifier) <span class="hljs-comment" style="color:#999988;font-style:italic;">#用户可以通过`/etc/glance/glance-api.conf中的</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#property_protection_file`选项配置属性策略,默认为disabled</span> <span class="hljs-keyword" style="font-weight:700;">if</span> property_utils.is_property_protection_enabled(): property_rules = property_utils.PropertyRules(self.policy) pif = property_protections.ProtectedImageFactoryProxy( notifier_image_factory, context, property_rules) authorized_image_factory = authorization.ImageFactoryProxy( pif, context) <span class="hljs-keyword" style="font-weight:700;">else</span>: authorized_image_factory = authorization.ImageFactoryProxy( notifier_image_factory, context) <span class="hljs-keyword" style="font-weight:700;">return</span> authorized_image_factory |
根据上面的分析,我画了下面的类图: 
可以看到*ImageFactoryProxy类都继承自glance/domain/proxy.py.ImageFactory,通过类名也可以猜出它的功能:镜像工厂,那就是用来创建封装镜像对象的;各个子类也分别实现:权限检查、消息通知、策略检查、配额检查等。
另外各个*ImageFactoryProxy类都依赖于*ImageProxy类。而各*ImageProxy类都继承自glance/domain/proxy.py.Image,该类描述的是镜像的属性信息,包括:name,image_id, status等。各*ImageProxy类是对Image的扩展。
各个类的关系搞清楚下了,下面来看看new_image的实现:
|
1 2 |
<span class="hljs-comment" style="color:#999988;font-style:italic;">#最外层的image_factory = #glance/api/authorization.py.ImageFactoryProxy, </span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#作为调用入口</span> image = image_factory.new_image(extra_properties=extra_properties, tags=tags, <span class="hljs-keyword" style="font-weight:700;">*</span><span class="hljs-keyword" style="font-weight:700;">*</span>image) |
为更直观的展现new_image的调用链,请看下面的序列图:
序列图中省略了各个ImageFactoryProxy.new_image方法中的其他处理过程。
可以看到new_image调用从最左边的 glance/api/authorization.py/ImageFactoryProxy一直到最深处(右数第三)的glance/domain/__init__.py/ImageFactory,它返回一个domain/__init__.py.Image对象,然后开始逐层往回 (location.py/ImageFactoryProxy到authorization.py/ImageFactoryProxy)调用glance/domain/proxy.py/Helper.proxy方法,最后的结果是:返回一个经过各个*ImageProxy层层封装的Image对象,如所示(从里到外):
|
1 |
<span class="hljs-escape">`_</span>_init__.py/Image<span class="hljs-escape">` </span><- <span class="hljs-escape">`l</span>ocation.py/ImagePorxy<span class="hljs-escape">` </span><- ...... <- <span class="hljs-escape">`a</span>uthoriaztion.py/ImageProxy` |
看到上面Image的封装过程,有没有觉得很像TCP/IP协议栈的封包过程呢!有封包,就一定会有解包,下面一起来看看:
|
1 2 3 4 |
<span class="hljs-hexcolor" style="color:teal;">#add</span>方法就是用来解包和封包的,由上面的类图<span class="hljs-number" style="color:teal;">2</span>,我们知道: <span class="hljs-id" style="color:#990000;font-weight:700;">#image_repo</span> = authorization.py/<span class="hljs-id" style="color:#990000;font-weight:700;">#ImageRepoProxy</span>, #输入参数image = authorization.py/ImageProxy image_repo.<span class="hljs-function"><span class="hljs-title" style="color:#990000;font-weight:700;">add</span><span class="hljs-params">(image)</span></span> |
看图说话(类图见上面的图2):
咋一看,该序列图和上面的很像吧!这就对了。可以看到add调用从最左边的glance/api/authorization.py/ImageRepoProxy一直到最深处(右数二)的glance/db/__init__.py/ImageRepo,首先调用unproxy完成解包,然后记录数据库条目(这个时候可以在Dashboard上看到状态为’已排队’),接着开始逐层往回(location.py/ImageRepoProxy到authorization.py/ImageRepoProxy)调用glance/domain/proxy.py/Helper.proxy方法,和前述ImageFactoryProxy类一样,各ImageRepoProxy类也依次完成 :权限检查、属性配额检查、策略检查以及信息通知等,最后也是返回一个经过各个*ImageProxy层层封装的Image对象,以供后续使用。
小结:经过上面的分析,我们知道上传镜像过程中的第二个请求,主要完成权限检查,配额检查,策略检查,发布通知以及记录数据库等操作。下面来看看镜像文件的上传过程。
##上传镜像文件
根据前述glance CLI的debug日志及路由映射,我们可以很容易找到上传镜像文件的入口:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
<span class="hljs-comment" style="color:#999988;font-style:italic;">#glance/api/v2/image_data.py/ImageDataController.upload</span> <span class="hljs-decorator">@utils.mutating</span> <span class="hljs-function"><span class="hljs-keyword" style="font-weight:700;">def</span> <span class="hljs-title" style="color:#990000;font-weight:700;">upload</span><span class="hljs-params">(self, req, image_id, data, size)</span>:</span> <span class="hljs-string" style="color:#DD1144;">""" req:是一个Request对象,包含该次请求的详细信息 image_id:在第二个请求过程中生成的镜像id, u'079ed99f-e5f6-49b1-86b4-695b56e26bd9' data: 一个Input对象,用来控制后面的镜像文件数据块上传 size:镜像大小,由于命令行中没有指定,这里为None 和前面一样self.gateway在__init__方法中实例化,指向glance/ gateway.py/Gateway。get_repo方法返回和前述类图2相同的对象 """</span> image_repo = self.gateway.get_repo(req.context) image = <span class="hljs-keyword" style="font-weight:700;">None</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#省略try{ }except异常处理</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#get方法与前述的add方法类似,首先从数据库取出image_id指向的条目,</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#封装成`domain/__init__.py/Image`对象,然后经过层层封装返回</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#`authorization/ImageProxy`对象</span> image = image_repo.get(image_id) <span class="hljs-comment" style="color:#999988;font-style:italic;">#更新镜像状态为saving - ‘保存中’</span> image.status = <span class="hljs-string" style="color:#DD1144;">'saving'</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#省略try{ }except异常处理 </span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#save方法与上面的get方法一样,逐层调用`ImageRepoProxy`完成相关的</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#检查,通知,最后更新数据库条目状态(这个时候可以在Dashboard上看</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#到状态为'保存中')</span> image_repo.save(image) <span class="hljs-comment" style="color:#999988;font-style:italic;">#和上面的save方法相似的处理方式,逐层调用`ImageProxy`的set_data</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#,在该过程中会检查用户配额,发送通知,最后根据glance-api.conf文件</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#中配置存储后端上传镜像文件(通过add方法)到指定地方存储</span> image.set_data(data, size) <span class="hljs-comment" style="color:#999988;font-style:italic;">#镜像上传成功后(在`location.py/set_data方法中上传文件成功后,</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#修改状态为active),更新数据库状态为active(这个时候可以在</span> <span class="hljs-comment" style="color:#999988;font-style:italic;">#Dashboard上看到状态为'运行中'),最终的信息是这样的:</span> <span class="hljs-string" style="color:#DD1144;">""" { 'status': 'active', 'name': None, 'checksum': 'd41d8cd98f00b204e9800998ecf8427e', 'created_at': datetime.datetime(2016, 6, 1, 2, 4, 32), 'disk_format': u'raw', 'locations': [{'url': 'rbd://1ee20ded-caae-419d-9fe3- 5919f129cf55/images/079ed99f-e5f6-49b1-86b4- 695b56e26bd9/snap', 'status': 'active', 'metadata': {}}], 'properties': {}, 'owner': u'25520b29dce346d38bc4b055c5ffbfcb', 'protected': False, 'min_ram': 0, 'container_format': u'bare', 'min_disk': 0, 'is_public': True, 'virtual_size': None, 'id': u'079ed99f-e5f6-49b1-86b4-695b56e26bd9', 'size': 0} """</span> image_repo.save(image, from_state=<span class="hljs-string" style="color:#DD1144;">'saving'</span>) |
函数说明请查阅上面的注解,save方法与add方法的处理过程很类似,读者可以根据前面add的序列图做进一步分析;下面只给出set_data的序列图:
至此,上传镜像的过程就分析完了。希望对大家有用。今天是六一,在这里祝大家节日快乐!