OpenStack nodes should be configured as Ceph clients in order to access the Ceph cluster. To do this, install Ceph packages on OpenStack nodes and make sure it can access the Ceph cluster.
In this recipe, we are going to configure OpenStack as a Ceph client, which will be later used to configure cinder, glance, and nova:
ceph-node1
to install Ceph binaries on os-node1
using ceph-deploy
, as we have done earlier in Chapter 1, Ceph – Introduction and Beyond. To do this, we should set up ssh password-less login to os-node1
. The root password is again the same (vagrant
):$ vagrant ssh ceph-node1 $ sudo su - # ping os-node1 -c 1 # ssh-copy-id root@os-node1
os-node1
using ceph-deploy
:# cd /etc/ceph # ceph-deploy install os-node1
ceph.conf
, from ceph-node1
to os-node1
. This configuration file helps clients reach the Ceph monitor and OSD machines. Please note that you can also manually copy the ceph.conf
file to os-node1
if you like:# ceph-deploy config push os-node1
# ceph osd pool create images 128 # ceph osd pool create volumes 128 # ceph osd pool create vms 128
# ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images' # ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
os-node1
and change their ownership:# ceph auth get-or-create client.glance | ssh os-node1 sudo tee /etc/ceph/ceph.client.glance.keyring # ssh os-node1 sudo chown glance:glance /etc/ceph/ceph.client.glance.keyring # ceph auth get-or-create client.cinder | ssh os-node1 sudo tee /etc/ceph/ceph.client.cinder.keyring # ssh os-node1 sudo chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring
libvirt
process requires accessing the Ceph cluster while attaching or detaching a block device from Cinder. We should create a temporary copy of the client.cinder
key that will be needed for the cinder and nova configuration later in this chapter:# ceph auth get-key client.cinder | ssh os-node1 tee /etc/ceph/temp.client.cinder.key
os-node1
using the client.glance
and client.cinder
Ceph users. Log in to os-node1
and run the following commands:$ vagrant ssh openstack-node1 $ sudo su - # cd /etc/ceph # ceph -s --name client.glance --keyring ceph.client.glance.keyring # ceph -s --name client.cinder --keyring ceph.client.cinder.keyring
uuid
, then create, define, and set the secret key to libvirt
and remove temporary keys:uuid
by using the following:# cd /etc/ceph # uuidgen
uuid
number to it:cat > secret.xml <<EOF <secret ephemeral='no' private='no'> <uuid>bb90381e-a4c5-4db7-b410-3154c4af486e</uuid> <usage type='ceph'> <name>client.cinder secret</name> </usage> </secret> EOF
# virsh secret-define --file secret.xml
virsh
and delete temporary files. Deleting the temporary files is optional; it's done just to keep the system clean:# virsh secret-set-value --secret bb90381e-a4c5-4db7-b410-3154c4af486e --base64 $(cat temp.client.cinder.key) && rm temp.client.cinder.key secret.xml # virsh secret-list
52.15.129.90