openstack 集成Ceph

openstack 集成Ceph

创建Openstack-volumes（对应cinder服务）、Openstack-Images（对应glance服务）、Openstack-VMs（对应nova服务）三个pool

# ceph osd pool create Openstack-Volumes 16
pool 'Openstack-Volumes' created
# ceph osd pool create Openstack-Images 16
pool 'Openstack-Images' created
# ceph osd pool create Openstack-VMs 16
pool 'Openstack-VMs' created

查看

# ceph osd lspools
1 .mgr
2 Openstack-Volumes
3 Openstack-Images
4 Openstack-VMs

创建glance，cinder，nova的ceph认证

# ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=Openstack-Images'
[client.glance]
        key = AQD77MNijwowCxAAycjE46fSy7XsK67vhu6+aA== 
# ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rx pool=Openstack-Images,allow rwx pool=Openstack-Volumes,allow rwx pool=Openstack-VMs'
[client.cinder]
        key = AQB57cNioToXFhAAF9dVy1WIey0vfB1qITvMog==
# ceph auth get-or-create client.nova mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rx pool=Openstack-Images,allow rwx pool=Openstack-Volumes,allow rwx pool=Openstack-VMs'
[client.nova]
        key = AQA27sNi35ivNBAAKZk7zOmaYZImm0BwmxLXQw==

生成秘钥文件

# ceph auth  get-or-create client.cinder > /etc/ceph/ceph.client.cinder.keyring
# ceph auth  get-or-create client.glance > /etc/ceph/ceph.client.glance.keyring
# ceph auth  get-or-create client.nova > /etc/ceph/ceph.client.nova.keyring

配置秘钥文件权限

# chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring 
# chown glance:glance /etc/ceph/ceph.client.glance.keyring 
# chown nova:nova /etc/ceph/ceph.client.nova.keyring

拷贝秘钥文件到所有节点

# cd /etc/ceph/
# for i in {1..8}; do scp ceph.client.nova.keyring ceph.client.glance.keyring ceph.client.cinder.keyring node-$i:/etc/ceph/; done

所有ceph节点执行权限配置

# uuidgen
8ed43c3a-5692-4f32-8d4b-5ce37b0c8d28
 
# vim secret.nova.xml 
# cat secret.nova.xml 
<secret ephemeral='no' private='no'>
        <uuid>8ed43c3a-5692-4f32-8d4b-5ce37b0c8d28</uuid>
        <usage type='ceph'>
                <name>client.nova secret</name>
        </usage>
</secret>

所有openstack计算节点执行

# virsh secret-define --file /etc/ceph/secret.nova.xml
Secret 8ed43c3a-5692-4f32-8d4b-5ce37b0c8d28 created
 
# virsh secret-list
UUID                                   Usage
-----------------------------------------------------------------
8ed43c3a-5692-4f32-8d4b-5ce37b0c8d28   ceph client.nova secret
 
# ceph auth get-key client.nova   > /etc/ceph/client.nova.key 
# virsh secret-set-value --secret 8ed43c3a-5692-4f32-8d4b-5ce37b0c8d28   --base64 $(cat /etc/ceph/client.nova.key)

# ceph auth get-key client.cinder > /etc/ceph/client.cinder.key
# virsh secret-set-value --secret efc450cf-3d0c-4bce-951a-46f3df7cb34c --base64 $(cat /etc/ceph/client.cinder.key)

 

检查权限

# ceph auth get client.cinder