Openstack对接两套Ceph

admin · 发表于 2020-11-28 19:52:37

环境说明
openpstack-Pike对接cephRBD单集群，配置简单，可参考openstack官网或者ceph官网；
1.Openstack官网参考配置：
https://docs.openstack.org/cinder/train/configuration/block-storage/drivers/ceph-rbd-volume-driver.html
2.Ceph官网参考配置：
https://docs.ceph.com/docs/master/install/install-ceph-deploy/
由于物理环境和业务需求变更，当前配置云计算环境要求一套openstack对接后台两套不同版本的cephRBD存储集群；
此处以现有以下正常运行环境展开配置；
1）openstack-Pike
2）Ceph Luminous 12.2.5
3）Ceph Nautilus 14.2.7
其中，openstack对接ceph Luminous配置完成，且正常运行。现在此套openstack+ceph环境基础上，新增一套ceph Nautilus存储集群，使openstack能够同时调用两套存储资源。

配置步骤
; R/ u! I/ x4 u# c! p ]1.拷贝配置文件/ L4 h' N+ i U; u h
#拷贝配置文件、cinder账户key到openstack的cinder节点7 l7 `# S$ K5 l
/etc/ceph/ceph2.conf* V1 W2 w6 i. s" g# `6 g
/etc/ceph/ceph.client.cinder2.keyring5 M4 z0 e% ^4 L/ v2 d: g8 Q
#此处使用cinder账户，仅拷贝cinder2账户的key即可

2.创建存储池
- D$ c( P3 f1 q! A#OSD添加完成后，创建存储池，指定存储池pg/pgp数，配置其对应功能模式
* l5 w7 q# ]3 t1 d3 F- Fceph osd pool create volumes 512 512
, T4 t( F' ~2 B5 i4 Rceph osd pool create backups 128 128, \7 I$ d& H+ z0 E; A: X) j
ceph osd pool create vms 512 512
: Y( J! t. \. w3 \ceph osd pool create images 128 128

ceph osd pool application enable volumes rbd) n& D5 Q( s7 }3 ]: T, n
ceph osd pool application enable backups rbd
! x1 a; V' X0 w/ c' uceph osd pool application enable vms rbd 7 Y: ^# L V$ A- I! g% j
ceph osd pool application enable images rbd

3.创建集群访问账户) q- W& b0 G5 V( `* V$ B: P
ceph auth get-or-create client.cinder2 mon ‘allow r‘ osd ‘allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images‘
$ H! A4 f" o$ o. a$ Nceph auth get-or-create client.cinder2-backup mon ‘allow r‘ osd ‘allow class-read object_prefix rbd_children, allow rwx pool=backups‘! r/ P* [) T; L; V8 l2 n1 S
ceph auth get-or-create client.glance mon ‘allow r‘ osd ‘allow class-read object_prefix rbd_children, allow rwx pool=images‘

4.查看进程信息$ ]' @$ E2 k4 e6 k
#查看当前openstack的cinder组件服务进程! {" a/ d/ m$ j. V6 ?% } ~! ~
source /root/keystonerc.admin
9 Q8 Q& O( m' } mcinder service-list

5.修改配置文件9 I5 s* `4 K% j% A1 X* [
#修改cinder配置文件
* u& [# I; e8 _9 g[DEFAULT]1 w: _: P F# F+ @
enabled_backends = ceph1,ceph2

[ceph1]
: \# x$ F+ m- h+ L- z7 p. Rvolume_driver = cinder.volume.drivers.rbd.RBDDriver
C; G0 i# P( a4 ?. ~1 b& M4 kvolume_backend_name = ceph15 `* N- X& m( c- I1 C" ^) T
rbd_pool = volumes14 P1 s/ ]' O4 v* L9 a" C0 U5 j
rbd_ceph_conf = /etc/ceph1/ceph1.conf
% Y) D2 F* k3 g/ O7 V2 Lrbd_flatten_volume_from_snapshot = false
0 h7 E" p. F' Yrbd_max_clone_depth = 5
' V' s8 d; b1 F I) l" Irados_connect_timeout = -1, o5 P' [: k, N4 I: y/ H
glance_api_version = 2
1 ?# [' w0 W- O8 s# Brbd_user = cinder1, N" y( P# ~$ z: L
rbd_secret_uuid = **

[ceph2], v& t( K, `4 a/ t% a1 Y c2 D0 i
volume_driver = cinder.volume.drivers.rbd.RBDDriver
; h' i6 B' S+ i3 z( ?! V7 svolume_backend_name = ceph2
2 G4 f) a9 s! Qrbd_pool = volumes2) \2 ], S8 P# F! O: F+ d- w# k2 b& L
rbd_ceph_conf = /etc/ceph/ceph2/ceph2.conf
# Q# N# p* m$ R9 D! ^rbd_flatten_volume_from_snapshot = false
! Z8 S( N5 z( U, Srbd_max_clone_depth = 5
; r4 o8 y9 s7 H* l/ {rados_connect_timeout = -1
7 b* G" h5 x" w4 {( cglance_api_version = 2
3 U0 N9 T- N2 q' W, ~; {8 n8 S2 crbd_user = cinder2
% k4 [5 l& ]& ~5 B" j: e1 c) Brbd_secret_uuid = **

6.重启服务
( W( k- W% S+ Y2 `9 B( y8 ]6 x( V; T#重启cinder-volume服务
* W. g, t( i2 D+ i( lservice openstack-cinder-volume restart Redirecting to /bin/systemctl restart openstack-cinder-volume.service
4 A) q" o& G3 }6 R9 @service openstack-cinder-scheduler restart Redirecting to /bin/systemctl restart openstack-cinder-scheduler.service

7.查看进程& h8 a2 o( U7 H7 Z1 O t$ s
cinder service-list

8.创建卷测试# m$ O9 h+ P8 K+ P
#卷类型绑定
6 f" O/ R7 }$ q& {3 ^cinder type-create ceph1
. M" e2 Y' ^/ m1 I8 A( Gcinder type-key ceph1 set volume_backend_name=ceph13 J9 Z. C0 B5 @7 p+ M
cinder type-create ceph2
! _3 U7 @* H( |: b! ~cinder type-key ceph2 set volume_backend_name=ceph2

9.查看绑定结果
9 N2 R* i% y! h( c' ycinder create --volume-type ceph1 --display_name {volume-name}{volume-size}
" d' Z1 W# h d2 j. _% L0 T0 w1 Kcinder create --volume-type ceph2 --display_name {volume-name}{volume-size}

配置libvirt; @! c$ W* ]7 G! {' N
1.将第二套ceph的密钥添加到nova-compute节点的libvirt
9 e* u, \- V# s; L& R2 D- L#为了使VM可以访问到第二套cephRBD云盘，需要在nova-compute节点上将第二套ceph的cinder用户的密钥添加到libvirt9 D5 u$ L0 V- R/ l/ V
ceph -c /etc/ceph2/ceph2/ceph2.conf -k /etc/ceph2/ceph.client.cinder2.keyring auth get-key client.cinder2 |tee client.cinder2.key

#绑定之前cinder.conf中第二个ceph集群的uuid
+ v2 v, e# R5 E/ Mcat > secret2.xml <<EOF0 F' i" V4 K. c& r- F" Z- z: T
<secret ephemeral=‘no‘ private=‘no‘>
8 {8 K' C) {. O<uuid>***</uuid>
! Y% `1 y3 `# \0 @: a g5 T<usage type=‘ceph‘>0 y9 `$ [/ R" d4 ]& M5 v1 G( |
<name>client.cinder2 secret</name>
/ P' ~: }$ O* k) V/ }# y, u1 G</usage>( A l! _, A0 O4 v) O
</secret>
/ ~* f; x% g( z1 ?0 @. K#以上整段拷贝执行即可，替换uuid值

sudo virsh secret-define --file secret2.xml

sudo virsh secret-set-value --secret ***** --base64 $(cat client.cinder2.key) rm client.cinder2.key secret2.xml4 `+ y& s! V# Q, I1 w7 Y3 m
#删除提示信息，输入Y即可

2.验证配置是否生效: M5 N$ V% n9 \! p, z( \# g) y+ m
#通过之前创建的两个类型的云盘挂载到openstack的VM验证配置
' Z; g! k0 a% Bnova volume-attach {instance-id}{volume1-id}
; P- ?4 t' s9 D9 `nova volume-attach {instance-id}{volume2-id}

参考资料：
n0 J. h% \( U( }6 `《ceph设计原理与实现》---谢型果! a$ A$ v+ k5 [( o' R8 S, r
红帽官网
) F7 [6 n* K' A$ }https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html/ceph_block_device_to_openstack_guide/installing_and_configuring_ceph_clients
6 O( V( y' m; |% i4 a( zceph官网+ g3 j$ T- }# A9 s7 C7 y
https://docs.ceph.com/docs/master/install/install-ceph-deploy/

admin · 发表于 2020-11-28 20:44:58

The nova-compute, cinder-backup and on the cinder-volume node require both the Python bindings and the client command line tools:

# yum install python-rbd
# yum install ceph-common
The glance-api node requires the Python bindings for librbd:

# yum install python-rbd
2.1. Copying Ceph Configuration File to OpenStack Nodes
The nodes running glance-api, cinder-volume, nova-compute and cinder-backup act as Ceph clients. Each requires the Ceph configuration file. Copy the Ceph configuration file from the monitor node to the OSP nodes.

# scp /etc/ceph/ceph.conf osp:/etc/ceph
2.2. Setting Up Ceph Client Authentication
From a Ceph monitor node, create new users for Cinder, Cinder Backup and Glance.

# ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images'

# ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=backups'

# ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
Add the keyrings for client.cinder, client.cinder-backup and client.glance to the appropriate nodes and change their ownership:

# ceph auth get-or-create client.cinder | ssh {your-volume-server} sudo tee /etc/ceph/ceph.client.cinder.keyring
# ssh {your-cinder-volume-server} chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring

# ceph auth get-or-create client.cinder-backup | ssh {your-cinder-backup-server} tee /etc/ceph/ceph.client.cinder-backup.keyring
# ssh {your-cinder-backup-server} chown cinder:cinder /etc/ceph/ceph.client.cinder-backup.keyring

# ceph auth get-or-create client.glance | ssh {your-glance-api-server} sudo tee /etc/ceph/ceph.client.glance.keyring
# ssh {your-glance-api-server} chown glance:glance /etc/ceph/ceph.client.glance.keyring
Nodes running nova-compute need the keyring file for the nova-compute process:

# ceph auth get-or-create client.cinder | ssh {your-nova-compute-server} tee /etc/ceph/ceph.client.cinder.keyring
Nodes running nova-compute also need to store the secret key of the client.cinder user in libvirt. The libvirt process needs it to access the cluster while attaching a block device from Cinder. Create a temporary copy of the secret key on the nodes running nova-compute:

# ceph auth get-key client.cinder | ssh {your-compute-node} tee client.cinder.key
If the storage cluster contains Ceph Block Device images that use the exclusive-lock feature, ensure that all Ceph Block Device users have permissions to blacklist clients:

# ceph auth caps client.{ID} mon 'allow r, allow command "osd blacklist"' osd '{existing-OSD-user-capabilities}'
Return to the compute node.

# ssh {your-compute-node}
Generate a UUID for the secret, and save the UUID of the secret for configuring nova-compute later.

# uuidgen > uuid-secret.txt
NOTE
You don’t necessarily need the UUID on all the compute nodes. However from a platform consistency perspective, it’s better to keep the same UUID.

Then, on the compute nodes, add the secret key to libvirt and remove the temporary copy of the key:

cat > secret.xml <<EOF
<secret ephemeral='no' private='no'>
  <uuid>`cat uuid-secret.txt`</uuid>
  <usage type='ceph'>
<name>client.cinder secret</name>
  </usage>
</secret>
EOF
# virsh secret-define --file secret.xml
# virsh secret-set-value --secret $(cat uuid-secret.txt) --base64 $(cat client.cinder.key) && rm client.cinder.key secret.xml

		自动登录	找回密码
密码			注册

Openstack对接两套Ceph

浏览过的版块