|
As a storage administrator, you must install and configure Ceph before the Red Hat OpenStack Platform can use the Ceph block devices. 2.1. Prerequisites% v( M- x# Y5 J/ p- L
" J- ?8 b: a2 Y+ i
8 h) l# x1 N/ y m8 b2 ^' J4 w
- A new or existing Red Hat Ceph Storage cluster.4 L# _# j% T$ k( i: t: p
N0 y, f$ l2 c5 |5 z* K
2.2. Creating Ceph pools for Openstack
" _. N3 C. O& A/ ?& }5 Z
3 P) E9 N+ T! n- J/ ?! v7 Y( o% M Z6 F: g: |: Y
Creating Ceph pools for use with OpenStack. By default, Ceph block devices use the rbdpool, but you can use any available pool. Prerequisites - A running Red Hat Ceph Storage cluster.
, m8 W6 X$ G, X! w! J/ ?
. W, F* o1 N1 k% D" x; c) fProcedure 6 I9 R8 d2 J1 u1 Z0 w8 z; p/ h! o! O0 Z2 z
[root@mon ~]# ceph osd pool create images 128[root@mon ~]# ceph osd pool create vms 128) z' x) m2 c; V* W
9 U8 R g+ L9 k4 T' R: ^6 D3 c6 V: E
% n' _# V2 b( y$ K2 XIn the above example, 128 is the number of placement groups. IMPORTANT
' ^0 @5 |1 F2 E$ U) l- s, W/ t* K3 F/ O- b2 c: q2 d8 }3 L% {5 J
Red Hat recommends using the Ceph Placement Group’s per Pool Calculator to calculate a suitable number of placement groups for the pools. 1 |% |: O q3 a) O
2 q `8 h/ B* V: Y
Additional Resources - See the Pools chapter in the Storage Strategies guide for more details on creating pools.: b- D7 t* E4 ^! y8 c
9 }2 ?( D/ p6 l# A, Y" X
2.3. Installing the Ceph client on Openstack
# y1 K) P4 R# y- H
% D$ ?+ V# C; S! O
- }0 ^& i$ c6 M. d( PInstall the Ceph client packages on the Red Hat OpenStack Platform to access the Ceph storage cluster. Prerequisites - A running Red Hat Ceph Storage cluster.
- Access to the Ceph software repository.
- Root-level access to the OpenStack Nova, Cinder, Cinder Backup and Glance nodes.
1 B8 [ T% _4 [& j' h
: _, [# k( _$ o, GProcedure [root@nova ~]# yum install ceph-common+ x1 ^& ^: S/ ?8 j$ [# K: Q
$ {3 @- E: t3 E. k/ i; f2.4. Copying the Ceph configuration file to Openstack
% \5 `0 G0 K# B- {; k
- T9 e4 N/ v: U2 T: ~* I' P
0 f$ Q; \. o5 @* mCopying the Ceph configuration file to the nova-compute, cinder-backup, cinder-volume, and glance-api nodes. Prerequisites - A running Red Hat Ceph Storage cluster.
- Access to the Ceph software repository.
- Root-level access to the OpenStack Nova, Cinder, and Glance nodes.6 E1 r: R/ M7 ~ S( }$ E5 _0 ]
6 O# g% R9 h( P1 P4 R% a JProcedure ( |7 u& W2 c' ?1 a
2.5. Configuring Ceph client authentication6 O* D2 F$ f. P2 T3 j
, A- A3 N1 t8 L; t) a$ i, _
5 }8 |/ p2 j6 J5 b. i) C F& G: p+ w& yConfigure authentication for the Ceph client to access the Red Hat OpenStack Platform. Prerequisites - Root-level access to the Ceph Monitor node.
- A running Red Hat Ceph Storage cluster.+ G& O/ P: q8 O" g, S
7 }1 B; U+ g: \) ?) h
Procedure
0 e6 }! `9 T* Q: k9 a8 X3 ` [root@mon ~]# ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=backups'7 P! T2 i" ]1 K6 h+ L+ B5 ?8 ?0 D
[root@mon ~]# ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
I4 M9 l' a) E, G( a8 H [root@mon ~]# ssh CINDER_VOLUME_NODE chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring+ q" o1 c) G. ^
[root@mon ~]# ceph auth get-or-create client.cinder-backup | ssh CINDER_BACKUP_NODE tee /etc/ceph/ceph.client.cinder-backup.keyring8 p0 K* A8 V) p( o V c" l+ t
[root@mon ~]# ssh CINDER_BACKUP_NODE chown cinder:cinder /etc/ceph/ceph.client.cinder-backup.keyring0 j" C9 e+ y% i
[root@mon ~]# ceph auth get-or-create client.glance | ssh GLANCE_API_NODE sudo tee /etc/ceph/ceph.client.glance.keyring( {' I7 {! }" x; g
[root@mon ~]# ssh GLANCE_API_NODE chown glance:glance /etc/ceph/ceph.client.glance.keyring- H! C: J6 x$ h2 h, K* x2 Z1 {
OpenStack Nova nodes need the keyring file for the nova-compute process: [root@mon ~]# ceph auth get-or-create client.cinder | ssh NOVA_NODE tee /etc/ceph/ceph.client.cinder.keyringThe OpenStack Nova nodes also need to store the secret key of the client.cinderuser in libvirt. The libvirt process needs the secret key to access the cluster while attaching a block device from Cinder. Create a temporary copy of the secret key on the OpenStack Nova nodes: [root@mon ~]# ceph auth get-key client.cinder | ssh NOVA_NODE tee client.cinder.keyIf the storage cluster contains Ceph block device images that use the exclusive-lockfeature, ensure that all Ceph block device users have permissions to blacklist clients: [root@mon ~]# ceph auth caps client.ID mon 'allow r, allow command "osd blacklist"' osd 'EXISTING_OSD_USER_CAPS'Return to the OpenStack Nova node: [root@mon ~]# ssh NOVA_NODEGenerate a UUID for the secret, and save the UUID of the secret for configuring nova-compute later: [root@nova ~]# uuidgen > uuid-secret.txtNOTE
( Z+ `$ g! o( {, ?4 z9 ?You do not necessarily need the UUID on all the Nova compute nodes. However, from a platform consistency perspective, it’s better to keep the same UUID. On the OpenStack Nova nodes, add the secret key to libvirt and remove the temporary copy of the key: cat > secret.xml <<EOF<secret ephemeral='no' private='no'> <uuid>`cat uuid-secret.txt`</uuid> <usage type='ceph'> <name>client.cinder secret</name> </usage></secret>EOFSet and define the secret for libvirt: [root@nova ~]# virsh secret-define --file secret.xml[root@nova ~]# virsh secret-set-value --secret $(cat uuid-secret.txt) --base64 $(cat client.cinder.key) && rm client.cinder.key secret.xml
$ V' E' d6 B6 O' c& B
0 L5 e* h' z2 B/ G; C9 HAdditional Resources
* e" N0 U$ E! b! O! o" C+ e |
发表于 2020-11-27 15:58:44