|
As a storage administrator, you must install and configure Ceph before the Red Hat OpenStack Platform can use the Ceph block devices. 2.1. Prerequisites
& x& }! u$ c) g1 d7 W
9 {+ p5 G) v, M: `3 o
2 \1 O% F1 B0 |4 _5 `# N3 v4 T- A new or existing Red Hat Ceph Storage cluster.
+ C( A' v3 B2 ^5 W" o* O
M( J$ x4 x# L) u1 M2 ~
2.2. Creating Ceph pools for Openstack
. O, T$ L. ]# {0 \( V) w4 k& S% X6 _1 l" _
+ h5 ?$ C5 x8 R8 k- b
Creating Ceph pools for use with OpenStack. By default, Ceph block devices use the rbdpool, but you can use any available pool. Prerequisites - A running Red Hat Ceph Storage cluster.+ M( d6 @1 u2 R! H( k* G. x
6 i5 K' ]1 [& a, n2 [Procedure 2 q2 \# b5 T/ x0 V% p" S
[root@mon ~]# ceph osd pool create images 128[root@mon ~]# ceph osd pool create vms 128( @5 {) K; \8 s) l. ]( F
% M0 v A" |5 b& _2 H% E
1 p1 n( L4 ^3 I; Z0 U" \8 P! iIn the above example, 128 is the number of placement groups. IMPORTANT
8 w7 Q/ _7 j7 ~, J- G& Z S4 j# S8 j0 O% z: N* x K8 {4 `
Red Hat recommends using the Ceph Placement Group’s per Pool Calculator to calculate a suitable number of placement groups for the pools. ) \7 l1 t0 C/ Z
1 p' R# L( z+ I8 c4 y
Additional Resources - See the Pools chapter in the Storage Strategies guide for more details on creating pools.
' E ^% ]4 S6 A7 Q) b3 F$ f% a
2 o8 x. W6 J" z4 [3 e. a4 X9 s; e* e9 g
2.3. Installing the Ceph client on Openstack
: G1 K' u# Q; U# ^* Q: N3 V* s/ `( S) G0 Z, x
( s! J+ W) J+ U. h, w! K8 p5 d" q# D
Install the Ceph client packages on the Red Hat OpenStack Platform to access the Ceph storage cluster. Prerequisites - A running Red Hat Ceph Storage cluster.
- Access to the Ceph software repository.
- Root-level access to the OpenStack Nova, Cinder, Cinder Backup and Glance nodes.% F: A3 y3 N% b4 G
* J4 m! A7 Z5 M7 h
Procedure [root@nova ~]# yum install ceph-common7 w. I: z+ A6 [) [# O2 }2 x
, Q+ n" T( R( R2 \2.4. Copying the Ceph configuration file to Openstack
* I6 y9 C9 D. R: R4 Q0 a l
6 M! v4 T7 n* U1 r/ V
! k& B9 }- ]7 D- `Copying the Ceph configuration file to the nova-compute, cinder-backup, cinder-volume, and glance-api nodes. Prerequisites - A running Red Hat Ceph Storage cluster.
- Access to the Ceph software repository.
- Root-level access to the OpenStack Nova, Cinder, and Glance nodes.6 p; C1 ^7 m; A. V# h; o
- \ B1 F a( j. g6 H. Y
Procedure - p1 O" M# d$ ]% Z3 |9 W7 D4 {
2.5. Configuring Ceph client authentication
1 f5 u7 j/ J& U- n0 f; a$ o8 s& A8 \: t+ g
' u: i5 N9 N! h- c3 i: l/ Y- R
Configure authentication for the Ceph client to access the Red Hat OpenStack Platform. Prerequisites - Root-level access to the Ceph Monitor node.
- A running Red Hat Ceph Storage cluster., I6 e; K6 U( B- m3 m
4 i {. r# a; z2 z
Procedure
. t( S" ?+ l& f [root@mon ~]# ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=backups'$ ?* g- \% {7 M7 }! p" q
[root@mon ~]# ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
( N/ Q; U1 H; `% e [root@mon ~]# ssh CINDER_VOLUME_NODE chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring/ A/ H( l" c3 q( |8 |
[root@mon ~]# ceph auth get-or-create client.cinder-backup | ssh CINDER_BACKUP_NODE tee /etc/ceph/ceph.client.cinder-backup.keyring
& c+ V# J' @( T/ S0 D2 F [root@mon ~]# ssh CINDER_BACKUP_NODE chown cinder:cinder /etc/ceph/ceph.client.cinder-backup.keyring
' a9 r2 ^, ^# N2 E& N; k [root@mon ~]# ceph auth get-or-create client.glance | ssh GLANCE_API_NODE sudo tee /etc/ceph/ceph.client.glance.keyring2 I) H! a( u2 d2 W, c* J
[root@mon ~]# ssh GLANCE_API_NODE chown glance:glance /etc/ceph/ceph.client.glance.keyring J" J* @! Y9 n2 U
OpenStack Nova nodes need the keyring file for the nova-compute process: [root@mon ~]# ceph auth get-or-create client.cinder | ssh NOVA_NODE tee /etc/ceph/ceph.client.cinder.keyringThe OpenStack Nova nodes also need to store the secret key of the client.cinderuser in libvirt. The libvirt process needs the secret key to access the cluster while attaching a block device from Cinder. Create a temporary copy of the secret key on the OpenStack Nova nodes: [root@mon ~]# ceph auth get-key client.cinder | ssh NOVA_NODE tee client.cinder.keyIf the storage cluster contains Ceph block device images that use the exclusive-lockfeature, ensure that all Ceph block device users have permissions to blacklist clients: [root@mon ~]# ceph auth caps client.ID mon 'allow r, allow command "osd blacklist"' osd 'EXISTING_OSD_USER_CAPS'Return to the OpenStack Nova node: [root@mon ~]# ssh NOVA_NODEGenerate a UUID for the secret, and save the UUID of the secret for configuring nova-compute later: [root@nova ~]# uuidgen > uuid-secret.txtNOTE
- ~+ \" Z3 }, w% tYou do not necessarily need the UUID on all the Nova compute nodes. However, from a platform consistency perspective, it’s better to keep the same UUID. On the OpenStack Nova nodes, add the secret key to libvirt and remove the temporary copy of the key: cat > secret.xml <<EOF<secret ephemeral='no' private='no'> <uuid>`cat uuid-secret.txt`</uuid> <usage type='ceph'> <name>client.cinder secret</name> </usage></secret>EOFSet and define the secret for libvirt: [root@nova ~]# virsh secret-define --file secret.xml[root@nova ~]# virsh secret-set-value --secret $(cat uuid-secret.txt) --base64 $(cat client.cinder.key) && rm client.cinder.key secret.xml
5 X! `" g7 N" L) O
& k# V- {) ^! a" u4 aAdditional Resources $ p' ~) B% a: v9 V8 H, W
|
发表于 2020-11-27 15:58:44