浏览此站
联系我们相册切换到窄版 Language

 找回密码
 注册
易陆发现论坛»论坛 云计算开源区 ceph分布式存储 Openstack对接两套Ceph
返回列表 发新帖
查看: 4458|回复: 1

Openstack对接两套Ceph

[复制链接]
admin

1

主题

0

回帖

12

积分

管理员

积分
12
QQ
发表于 2020-11-28 19:52:37 | 显示全部楼层 |阅读模式
环境说明/ u7 T9 _$ K& S( ^. t" j
openpstack-Pike对接cephRBD单集群,配置简单,可参考openstack官网或者ceph官网;
. P8 l. t# P2 j9 h1.Openstack官网参考配置:0 F# e+ f- A' b% k; _9 c) H9 I$ S
https://docs.openstack.org/cinder/train/configuration/block-storage/drivers/ceph-rbd-volume-driver.html7 K4 D/ W- M( g  A+ ~
2.Ceph官网参考配置:# I" p8 R- q! _' k9 o
https://docs.ceph.com/docs/master/install/install-ceph-deploy// o, L' E6 ^9 J1 n
由于物理环境和业务需求变更,当前配置云计算环境要求一套openstack对接后台两套不同版本的cephRBD存储集群;
) H# U7 V9 {" |此处以现有以下正常运行环境展开配置;
- i/ n/ Q+ o: B- p9 K8 l1)openstack-Pike- ^2 Z/ D1 R  b- L9 c
2)Ceph Luminous 12.2.53 C0 p; v" M# G8 J& j8 S
3)Ceph Nautilus 14.2.7* M/ m+ N$ L" N3 b
其中,openstack对接ceph Luminous配置完成,且正常运行。现在此套openstack+ceph环境基础上,新增一套ceph Nautilus存储集群,使openstack能够同时调用两套存储资源。
+ \5 C$ T# U/ b- C

配置步骤, ^6 k+ {9 U& E- N
1.拷贝配置文件( Y) T0 [9 ^5 R; p
#拷贝配置文件、cinder账户key到openstack的cinder节点
3 C# z9 K+ ]1 E+ A! S2 E/etc/ceph/ceph2.conf1 G4 i& [  C9 _" e) X; c/ w2 g
/etc/ceph/ceph.client.cinder2.keyring
- x* d/ o1 G& u4 N#此处使用cinder账户,仅拷贝cinder2账户的key即可

2.创建存储池
7 |3 ]! K' I( T# [) y. x#OSD添加完成后,创建存储池,指定存储池pg/pgp数,配置其对应功能模式% v$ O/ \; h% R2 b* B0 Z
ceph osd pool create volumes 512 512
3 n  a3 {# v- I& L0 }ceph osd pool create backups 128 128
/ I. C' P) e6 Mceph osd pool create vms 512 512
) ^; \# J4 j2 n) ?" g/ j* v/ k- ^) N3 oceph osd pool create images 128 128

ceph osd pool application enable volumes rbd+ H' U' @# o" H6 _
ceph osd pool application enable backups rbd
, e6 u$ E+ m  h: eceph osd pool application enable vms rbd 5 q+ ^; V8 h; P' ^
ceph osd pool application enable images rbd

3.创建集群访问账户, G  B7 @. h- `  Y8 a7 m/ M
ceph auth get-or-create client.cinder2 mon ‘allow r‘ osd ‘allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images‘5 C) M; }5 \2 k4 J9 ?
ceph auth get-or-create client.cinder2-backup mon ‘allow r‘ osd ‘allow class-read object_prefix rbd_children, allow rwx pool=backups‘
! H) w( d' C. q* O! u* T/ bceph auth get-or-create client.glance mon ‘allow r‘ osd ‘allow class-read object_prefix rbd_children, allow rwx pool=images‘

4.查看进程信息
" n: S9 d) z' ?& V  s6 `#查看当前openstack的cinder组件服务进程
5 [( T# b- v7 E2 C2 q; P' zsource /root/keystonerc.admin% S! W9 N9 b0 d8 I2 V+ O; s+ u: w* b
cinder service-list

5.修改配置文件+ K9 X: \2 G3 o/ F6 ]) Z2 X5 F5 l
#修改cinder配置文件2 x8 ~) s) Z3 H, s1 |. H+ G
[DEFAULT]9 I# ?7 f7 u( B2 W/ ^3 m
enabled_backends = ceph1,ceph2

[ceph1]
% X6 ?% l( F  ^- w9 evolume_driver = cinder.volume.drivers.rbd.RBDDriver: l! \5 G8 N, T1 q" [/ i: m
volume_backend_name = ceph10 Q- K# ?. C  ~+ M' l
rbd_pool = volumes14 K: ?" A! v# l4 E  H& ~$ r
rbd_ceph_conf = /etc/ceph1/ceph1.conf
2 H; }; A1 A# z/ K' m; Z) E3 nrbd_flatten_volume_from_snapshot = false" k1 n1 ^, [' i/ E+ j
rbd_max_clone_depth = 5
1 ]9 ?1 T1 c0 T9 l( W, Y: Prados_connect_timeout = -1! {1 X+ p& [3 o" y8 M
glance_api_version = 2! g. \8 _1 x8 c9 z
rbd_user = cinder1' \1 m: f3 _) H
rbd_secret_uuid = **

[ceph2]
2 S1 n4 M* G/ m8 f/ rvolume_driver = cinder.volume.drivers.rbd.RBDDriver( B4 Y! P& e+ Y& H! B2 R+ `6 R
volume_backend_name = ceph25 r% ~) D8 }* H& a2 F& h' ~& I- I" U8 ~
rbd_pool = volumes2
6 z$ J% j8 ~9 h9 R4 q. [+ Q! D) irbd_ceph_conf = /etc/ceph/ceph2/ceph2.conf5 M# F( H, Z; q" @; y7 w- ~" e  g
rbd_flatten_volume_from_snapshot = false+ f) q( r0 V2 Y1 O6 @) h
rbd_max_clone_depth = 5" ^- B% m; L4 ?1 f8 s4 v9 }
rados_connect_timeout = -1
# x, o1 R' e  ]& d  Wglance_api_version = 2
+ y3 [* K9 q3 P; b: i* `& Hrbd_user = cinder2
- R* i' m% I: N0 B8 b" Jrbd_secret_uuid = **

6.重启服务$ w1 b! K: z( [  ?6 U5 S
#重启cinder-volume服务
- v7 a. e) G+ k' k  @service openstack-cinder-volume restart Redirecting to /bin/systemctl restart openstack-cinder-volume.service9 C( e  M0 d5 z4 C, C, D! Z
service openstack-cinder-scheduler restart Redirecting to /bin/systemctl restart openstack-cinder-scheduler.service

7.查看进程* Q% b3 D1 ^0 N  `2 S( j# {
cinder service-list

8.创建卷测试  a- B; L& o$ b& x
#卷类型绑定, i- G' {/ H% M6 s) u9 F( X
cinder type-create ceph1* b0 n) n+ U( q% b, r% g6 l. P
cinder type-key ceph1 set volume_backend_name=ceph1, ^( U  L: `& }) f  K/ U" W; \# T3 K
cinder type-create ceph2
  n  x3 D8 ^, q# B8 ^# S, i* m* ycinder type-key ceph2 set volume_backend_name=ceph2

9.查看绑定结果
, C' ]2 L" a% v4 G) M8 Zcinder create --volume-type ceph1 --display_name {volume-name}{volume-size}" K$ T* S5 A) L0 i% C! `9 q# `
cinder create --volume-type ceph2 --display_name {volume-name}{volume-size}

配置libvirt; E, r' b! C$ M" [: `
1.将第二套ceph的密钥添加到nova-compute节点的libvirt7 w7 Z& ]& z& P& F5 W: z" V
#为了使VM可以访问到第二套cephRBD云盘,需要在nova-compute节点上将第二套ceph的cinder用户的密钥添加到libvirt4 m+ X) }* J+ w! w6 e7 ]
ceph -c /etc/ceph2/ceph2/ceph2.conf -k /etc/ceph2/ceph.client.cinder2.keyring auth get-key client.cinder2 |tee client.cinder2.key

#绑定之前cinder.conf中第二个ceph集群的uuid
! w$ J0 O8 T( e5 E# Qcat > secret2.xml <<EOF0 Q7 Q7 E. q3 ?" w: u* k" ]1 ]( n
<secret ephemeral=‘no‘ private=‘no‘>
4 C5 {' ^3 W) B; m* M# k<uuid>***</uuid>" R1 W2 _$ _( w0 Y5 \0 C' N( X
<usage type=‘ceph‘>- W& _6 M" ?7 ~- f
<name>client.cinder2 secret</name>( h, A# }" J; Z, a
</usage>$ q' s* ?' l1 J' ], t
</secret>
0 T2 @* L2 Q( s: R/ g' }6 p2 }, O4 _#以上整段拷贝执行即可,替换uuid值

sudo virsh secret-define --file secret2.xml

sudo virsh secret-set-value --secret ***** --base64 $(cat client.cinder2.key) rm client.cinder2.key secret2.xml
; s5 ~8 X2 q$ h#删除提示信息,输入Y即可

2.验证配置是否生效* A. l, S4 L) A& i8 _# Q* S
#通过之前创建的两个类型的云盘挂载到openstack的VM验证配置# }, r  B7 v( f' m  S
nova volume-attach {instance-id}{volume1-id}6 ?3 i) u7 ?" w0 [
nova volume-attach {instance-id}{volume2-id}

参考资料:! v! Q8 [+ R1 ?* d
《ceph设计原理与实现》---谢型果. ~  J' y5 p3 Z% E5 x* V
红帽官网
+ A  _. U4 U2 thttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html/ceph_block_device_to_openstack_guide/installing_and_configuring_ceph_clients
3 Z( {$ E2 ~, s8 n  h# ?ceph官网
' {5 W5 i0 f% }6 k4 T" _, D" ]https://docs.ceph.com/docs/master/install/install-ceph-deploy/

7 w; a& E& S- D: _9 a  M4 ^/ [
回复

举报

admin

1

主题

0

回帖

12

积分

管理员

积分
12
QQ
 楼主| 发表于 2020-11-28 20:44:58 | 显示全部楼层
The nova-compute, cinder-backup and on the cinder-volume node require both the Python bindings and the client command line tools:
; n) I0 g' ~9 B0 j% ~# {0 \$ Y( [0 E" p1 h$ Z% u
# yum install python-rbd5 C$ E9 j8 k; e, T
# yum install ceph-common
  t5 ?% ?& u6 U+ V# `6 @" SThe glance-api node requires the Python bindings for librbd:
7 y! T+ s! P: f" k: w0 K- Z+ a/ r, t7 @) D* q/ g4 a, i  [
# yum install python-rbd
& u- E9 H9 a) i7 p; ?2.1. Copying Ceph Configuration File to OpenStack Nodes
6 v8 n- _4 |. Z+ B9 @The nodes running glance-api, cinder-volume, nova-compute and cinder-backup act as Ceph clients. Each requires the Ceph configuration file. Copy the Ceph configuration file from the monitor node to the OSP nodes.* g! k2 \3 e: H( K3 ?6 z) ~

$ ~4 w- o  x5 p# w, P# scp /etc/ceph/ceph.conf osp:/etc/ceph" f  X, d8 Y( k" T) O0 E. A
2.2. Setting Up Ceph Client Authentication
4 Y" v. c+ y9 {0 o  {From a Ceph monitor node, create new users for Cinder, Cinder Backup and Glance.# \$ c& [# F% o; D. I

9 b0 z' e$ ^- O# ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images'
3 _- l9 ~3 f$ D3 Y- l" h- C( n) z) Q4 C* u
# ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=backups'
! `- Z0 Z. u+ P- j% p
# j2 D' t5 y* Z& b0 y2 k3 O6 Y# ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'7 G2 Q, ~. ?) f. f& \% q" X2 S
Add the keyrings for client.cinder, client.cinder-backup and client.glance to the appropriate nodes and change their ownership:
) E4 A7 x+ ^* c7 j- V0 Y1 X; Z% }
; ?8 X& h' F. N0 r# ceph auth get-or-create client.cinder | ssh {your-volume-server} sudo tee /etc/ceph/ceph.client.cinder.keyring/ J+ [' Q6 c* D7 W4 s+ ~# D
# ssh {your-cinder-volume-server} chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring: Z$ Z+ I  F' K5 n# d

4 a; J% u4 i' j& n6 c' N# ceph auth get-or-create client.cinder-backup | ssh {your-cinder-backup-server} tee /etc/ceph/ceph.client.cinder-backup.keyring& k) o# `) r* e8 `/ h
# ssh {your-cinder-backup-server} chown cinder:cinder /etc/ceph/ceph.client.cinder-backup.keyring
5 N& T2 R# \8 Z8 O0 E
9 [( E" O3 T7 n7 S0 y  h5 a% u# ceph auth get-or-create client.glance | ssh {your-glance-api-server} sudo tee /etc/ceph/ceph.client.glance.keyring
: N* Q  U  f  n! E# ssh {your-glance-api-server} chown glance:glance /etc/ceph/ceph.client.glance.keyring
$ l+ U& O$ W, B7 DNodes running nova-compute need the keyring file for the nova-compute process:
' V( r9 v+ e0 U: Q8 y% W  r" N; P/ \  X+ Z) N
# ceph auth get-or-create client.cinder | ssh {your-nova-compute-server} tee /etc/ceph/ceph.client.cinder.keyring
  Z" P) n& x1 t7 i9 U! C, X4 ^Nodes running nova-compute also need to store the secret key of the client.cinder user in libvirt. The libvirt process needs it to access the cluster while attaching a block device from Cinder. Create a temporary copy of the secret key on the nodes running nova-compute:
1 O1 F8 C7 j) x) ^# M; [! A+ W, W) d1 e; G# N4 c8 P, H
# ceph auth get-key client.cinder | ssh {your-compute-node} tee client.cinder.key4 u2 M$ m. x& B: N& i
If the storage cluster contains Ceph Block Device images that use the exclusive-lock feature, ensure that all Ceph Block Device users have permissions to blacklist clients:
' E3 T& H  K$ v: @: S& t/ e8 l0 }2 H1 |! E, [  z" g: U; x
# ceph auth caps client.{ID} mon 'allow r, allow command "osd blacklist"' osd '{existing-OSD-user-capabilities}'
# W! H/ H4 V8 a1 vReturn to the compute node.
$ e2 K  Y) s4 D/ c, Z% R( E2 l7 D& t4 y! j! K( `
# ssh {your-compute-node}0 s4 W+ ^9 w. t+ g7 m
Generate a UUID for the secret, and save the UUID of the secret for configuring nova-compute later.# \8 u& K& P, ?0 ^7 C; g( C

$ I: B* `1 g  \# V- s# uuidgen > uuid-secret.txt
% N! v0 }2 T9 hNOTE
0 l" y; ?: f7 w6 W) c6 m) i, hYou don’t necessarily need the UUID on all the compute nodes. However from a platform consistency perspective, it’s better to keep the same UUID.
, B. R% }2 ^1 T$ s' ~4 f) A: s% Y& n& a- G+ M# ?& ]+ p
Then, on the compute nodes, add the secret key to libvirt and remove the temporary copy of the key:
" |0 `4 T: d+ p  l; c" @5 |9 @( r$ W, a; n! `
cat > secret.xml <<EOF
9 Y: {3 B0 O' W/ f" E- {5 s$ N) l<secret ephemeral='no' private='no'>
( P3 H: q1 N  n" {# N! @7 z  <uuid>`cat uuid-secret.txt`</uuid>
0 g+ H$ t" o; v3 V: H1 x5 {5 G  <usage type='ceph'>
* N. L& x! G$ k% i" R. a    <name>client.cinder secret</name>
# p7 S0 \2 l, P5 T  </usage>. \4 ^  j6 x. D9 L8 M# ^
</secret>" }, ?4 B7 t/ ^; j5 u: B% F9 E% \
EOF
; Z% ^4 e) f! }# virsh secret-define --file secret.xml) [& {7 _' R1 q1 E! k
# virsh secret-set-value --secret $(cat uuid-secret.txt) --base64 $(cat client.cinder.key) && rm client.cinder.key secret.xml
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

返回首页|Archiver|手机版|小黑屋|易陆发现技术论坛 ( 蜀ICP备2026014127号-1 )

GMT+8, 2026-6-12 01:02 , Processed in 0.014397 second(s), 23 queries .

Powered by Discuz! X5.0

© 2001-2026 Discuz! Team.

快速回复 返回顶部 返回列表