openstack 集成Ceph
openstack 集成Ceph
创建Openstack-volumes(对应cinder服务)、Openstack-Images(对应glance服务)、Openstack-VMs(对应nova服务)三个pool
# ceph osd pool create Openstack-Volumes 16 pool 'Openstack-Volumes' created # ceph osd pool create Openstack-Images 16 pool 'Openstack-Images' created # ceph osd pool create Openstack-VMs 16 pool 'Openstack-VMs' created
查看
# ceph osd lspools 1 .mgr 2 Openstack-Volumes 3 Openstack-Images 4 Openstack-VMs
创建glance,cinder,nova的ceph认证
# ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=Openstack-Images' [client.glance] key = AQD77MNijwowCxAAycjE46fSy7XsK67vhu6+aA== # ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rx pool=Openstack-Images,allow rwx pool=Openstack-Volumes,allow rwx pool=Openstack-VMs' [client.cinder] key = AQB57cNioToXFhAAF9dVy1WIey0vfB1qITvMog== # ceph auth get-or-create client.nova mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rx pool=Openstack-Images,allow rwx pool=Openstack-Volumes,allow rwx pool=Openstack-VMs' [client.nova] key = AQA27sNi35ivNBAAKZk7zOmaYZImm0BwmxLXQw==
生成秘钥文件
# ceph auth get-or-create client.cinder > /etc/ceph/ceph.client.cinder.keyring # ceph auth get-or-create client.glance > /etc/ceph/ceph.client.glance.keyring # ceph auth get-or-create client.nova > /etc/ceph/ceph.client.nova.keyring
配置秘钥文件权限
# chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring # chown glance:glance /etc/ceph/ceph.client.glance.keyring # chown nova:nova /etc/ceph/ceph.client.nova.keyring
拷贝秘钥文件到所有节点
# cd /etc/ceph/ # for i in {1..8}; do scp ceph.client.nova.keyring ceph.client.glance.keyring ceph.client.cinder.keyring node-$i:/etc/ceph/; done
所有ceph节点执行权限配置
# uuidgen 8ed43c3a-5692-4f32-8d4b-5ce37b0c8d28 # vim secret.nova.xml # cat secret.nova.xml <secret ephemeral='no' private='no'> <uuid>8ed43c3a-5692-4f32-8d4b-5ce37b0c8d28</uuid> <usage type='ceph'> <name>client.nova secret</name> </usage> </secret>
所有openstack计算节点执行
# virsh secret-define --file /etc/ceph/secret.nova.xml Secret 8ed43c3a-5692-4f32-8d4b-5ce37b0c8d28 created # virsh secret-list UUID Usage ----------------------------------------------------------------- 8ed43c3a-5692-4f32-8d4b-5ce37b0c8d28 ceph client.nova secret # ceph auth get-key client.nova > /etc/ceph/client.nova.key # virsh secret-set-value --secret 8ed43c3a-5692-4f32-8d4b-5ce37b0c8d28 --base64 $(cat /etc/ceph/client.nova.key) # ceph auth get-key client.cinder > /etc/ceph/client.cinder.key # virsh secret-set-value --secret efc450cf-3d0c-4bce-951a-46f3df7cb34c --base64 $(cat /etc/ceph/client.cinder.key)
检查权限
# ceph auth get client.cinder