OpenStack nodes should be configured as Ceph clients in order to access the Ceph cluster. To do this, install Ceph packages on OpenStack nodes and make sure it can access the Ceph cluster.
In this recipe, we are going to configure OpenStack as a Ceph client, which will be later used to configure cinder, glance, and nova:
- We will use
ceph-node1to install Ceph binaries onos-node1usingceph-deploy, as we have done earlier in Chapter 1, Ceph – Introduction and Beyond. To do this, we should set up ssh password-less login toos-node1. The root password is again the same (vagrant):$ vagrant ssh ceph-node1 $ sudo su - # ping os-node1 -c 1 # ssh-copy-id root@os-node1
- Next, we will install Ceph packages to
os-node1usingceph-deploy:# cd /etc/ceph # ceph-deploy install os-node1
- Push the Ceph configuration file,
ceph.conf, fromceph-node1toos-node1. This configuration file helps clients reach the Ceph monitor and OSD machines. Please note that you can also manually copy theceph.conffile toos-node1if you like:# ceph-deploy config push os-node1
- Create Ceph pools for cinder, glance, and nova. You may use any available pool, but it's recommended that you create separate pools for OpenStack components:
# ceph osd pool create images 128 # ceph osd pool create volumes 128 # ceph osd pool create vms 128
- Set up client authentication by creating a new user for cinder and glance:
# ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images' # ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
- Add the keyrings to
os-node1and change their ownership:# ceph auth get-or-create client.glance | ssh os-node1 sudo tee /etc/ceph/ceph.client.glance.keyring # ssh os-node1 sudo chown glance:glance /etc/ceph/ceph.client.glance.keyring # ceph auth get-or-create client.cinder | ssh os-node1 sudo tee /etc/ceph/ceph.client.cinder.keyring # ssh os-node1 sudo chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring
- The
libvirtprocess requires accessing the Ceph cluster while attaching or detaching a block device from Cinder. We should create a temporary copy of theclient.cinderkey that will be needed for the cinder and nova configuration later in this chapter:# ceph auth get-key client.cinder | ssh os-node1 tee /etc/ceph/temp.client.cinder.key - At this point, you can test the previous configuration by accessing the Ceph cluster from
os-node1using theclient.glanceandclient.cinderCeph users. Log in toos-node1and run the following commands:$ vagrant ssh openstack-node1 $ sudo su - # cd /etc/ceph # ceph -s --name client.glance --keyring ceph.client.glance.keyring # ceph -s --name client.cinder --keyring ceph.client.cinder.keyring
- Finally, generate
uuid, then create, define, and set the secret key tolibvirtand remove temporary keys:- Generate a
uuidby using the following:# cd /etc/ceph # uuidgen
- Create a secret file and set this
uuidnumber to it:cat > secret.xml <<EOF <secret ephemeral='no' private='no'> <uuid>bb90381e-a4c5-4db7-b410-3154c4af486e</uuid> <usage type='ceph'> <name>client.cinder secret</name> </usage> </secret> EOF - Define the secret and keep the generated secret value safe. We will require this secret value in the next steps:
# virsh secret-define --file secret.xml
- Set the secret value that was generated in the last step to
virshand delete temporary files. Deleting the temporary files is optional; it's done just to keep the system clean:# virsh secret-set-value --secret bb90381e-a4c5-4db7-b410-3154c4af486e --base64 $(cat temp.client.cinder.key) && rm temp.client.cinder.key secret.xml # virsh secret-list
- Generate a
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.