|
As a storage administrator, you must install and configure Ceph before the Red Hat OpenStack Platform can use the Ceph block devices. 2.1. Prerequisites1 m4 h( N8 k' M5 O. I4 J& w
8 |# |/ X& G4 }. {, B$ ~
/ o, w8 |" q0 l- A new or existing Red Hat Ceph Storage cluster.) f# u" O$ b! n0 X' U, a6 H- o O* X4 ?
+ j% @3 S4 M: A( r2 h2.2. Creating Ceph pools for Openstack; m, B. v* {# o* V
& E, C: F- s/ O3 u8 |! [9 _# Y; c
9 H2 j" c' \& x9 c+ ^1 {Creating Ceph pools for use with OpenStack. By default, Ceph block devices use the rbdpool, but you can use any available pool. Prerequisites - A running Red Hat Ceph Storage cluster.
5 N+ ^8 k. d" T5 Z$ s
1 g5 T' O2 |$ k% _, z V
Procedure Q$ a8 a/ E0 p( l- j7 J
[root@mon ~]# ceph osd pool create images 128[root@mon ~]# ceph osd pool create vms 128
; v$ Y; ]$ H9 v. p" R* j
. x6 \# G' n% ]0 p1 G6 e4 r: M% _- @7 Z$ t$ y
In the above example, 128 is the number of placement groups. IMPORTANT
" u, Q: F) e: \+ S+ X/ S7 l0 Q0 q9 Z# |: o
Red Hat recommends using the Ceph Placement Group’s per Pool Calculator to calculate a suitable number of placement groups for the pools.
3 O3 Y$ w1 ^2 F2 C0 m
+ _6 L/ L5 g, Z0 l0 ~Additional Resources - See the Pools chapter in the Storage Strategies guide for more details on creating pools.
* w* i: v' x. ~1 }# L; s
5 |: H6 L, u* L; `* m: c2.3. Installing the Ceph client on Openstack U/ ]- G9 }* _/ o- r( e
1 N+ T3 ]. J; |5 j( x0 J& B
, l1 v/ X7 P5 Y. A
Install the Ceph client packages on the Red Hat OpenStack Platform to access the Ceph storage cluster. Prerequisites - A running Red Hat Ceph Storage cluster.
- Access to the Ceph software repository.
- Root-level access to the OpenStack Nova, Cinder, Cinder Backup and Glance nodes.
* l' B0 _& b( T% L- T
; R1 o7 p2 O; a
Procedure [root@nova ~]# yum install ceph-common" Q1 i" b8 ~# o: V
, w; J- n- G+ i
2.4. Copying the Ceph configuration file to Openstack5 A4 }0 h/ @+ L8 m# L
5 |1 i' z3 u" N2 u' K6 c
5 Q3 \2 ^& u" u8 a2 W/ } o
Copying the Ceph configuration file to the nova-compute, cinder-backup, cinder-volume, and glance-api nodes. Prerequisites - A running Red Hat Ceph Storage cluster.
- Access to the Ceph software repository.
- Root-level access to the OpenStack Nova, Cinder, and Glance nodes.
) I4 o% R% r; c9 S' P
- }2 s' b$ h9 |2 P8 K/ [* Z
Procedure 4 w! ~6 p8 E& G0 r3 I
2.5. Configuring Ceph client authentication
7 v6 _1 u+ ^3 q* P- i8 a- [( ^" W# b5 X* H# S- D2 l
, l; C: Y& J0 S) J" R$ ^Configure authentication for the Ceph client to access the Red Hat OpenStack Platform. Prerequisites - Root-level access to the Ceph Monitor node.
- A running Red Hat Ceph Storage cluster.+ g, S) X9 o% a) e7 R
2 P7 D) t4 W) h' w' W* J
Procedure ! b6 z* F6 Z6 _
[root@mon ~]# ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=backups'& x( i' T, ?: s2 S
[root@mon ~]# ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
$ n S& _5 h" {% } [root@mon ~]# ssh CINDER_VOLUME_NODE chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring
, c7 i1 R- p' z' }6 @& [ ? [root@mon ~]# ceph auth get-or-create client.cinder-backup | ssh CINDER_BACKUP_NODE tee /etc/ceph/ceph.client.cinder-backup.keyring x3 V- |, g9 C2 e
[root@mon ~]# ssh CINDER_BACKUP_NODE chown cinder:cinder /etc/ceph/ceph.client.cinder-backup.keyring9 X: [- m# ?% @# E& e
[root@mon ~]# ceph auth get-or-create client.glance | ssh GLANCE_API_NODE sudo tee /etc/ceph/ceph.client.glance.keyring
8 Q0 B% z1 g) @5 N L" c) E [root@mon ~]# ssh GLANCE_API_NODE chown glance:glance /etc/ceph/ceph.client.glance.keyring
( K1 E, ^, M2 |' `- O+ i& COpenStack Nova nodes need the keyring file for the nova-compute process: [root@mon ~]# ceph auth get-or-create client.cinder | ssh NOVA_NODE tee /etc/ceph/ceph.client.cinder.keyringThe OpenStack Nova nodes also need to store the secret key of the client.cinderuser in libvirt. The libvirt process needs the secret key to access the cluster while attaching a block device from Cinder. Create a temporary copy of the secret key on the OpenStack Nova nodes: [root@mon ~]# ceph auth get-key client.cinder | ssh NOVA_NODE tee client.cinder.keyIf the storage cluster contains Ceph block device images that use the exclusive-lockfeature, ensure that all Ceph block device users have permissions to blacklist clients: [root@mon ~]# ceph auth caps client.ID mon 'allow r, allow command "osd blacklist"' osd 'EXISTING_OSD_USER_CAPS'Return to the OpenStack Nova node: [root@mon ~]# ssh NOVA_NODEGenerate a UUID for the secret, and save the UUID of the secret for configuring nova-compute later: [root@nova ~]# uuidgen > uuid-secret.txtNOTE8 F9 U, o. h2 R
You do not necessarily need the UUID on all the Nova compute nodes. However, from a platform consistency perspective, it’s better to keep the same UUID. On the OpenStack Nova nodes, add the secret key to libvirt and remove the temporary copy of the key: cat > secret.xml <<EOF<secret ephemeral='no' private='no'> <uuid>`cat uuid-secret.txt`</uuid> <usage type='ceph'> <name>client.cinder secret</name> </usage></secret>EOFSet and define the secret for libvirt: [root@nova ~]# virsh secret-define --file secret.xml[root@nova ~]# virsh secret-set-value --secret $(cat uuid-secret.txt) --base64 $(cat client.cinder.key) && rm client.cinder.key secret.xml8 f& x+ v! k' Z2 d4 U p: R1 M* [1 _
7 |2 z5 J, F" b1 {
Additional Resources
8 D' I4 p) V( v! w: A2 ? |
发表于 2020-11-27 15:58:44