Ceph + OpenStack :: Part-2

syndicated

Configuring OpenStack

Two parts of openstack integrates with Ceph’s block devices:

  • Images: OpenStack Glance manages images for VMs.
  • Volumes: Volumes are block devices. OpenStack uses volumes to boot VMs, or to attach volumes to running VMs. OpenStack manages volumes using Cinder services.
    • Create pools for volumes and images:

ceph osd pool create volumes 128
ceph osd pool create images 128

  • Configure OpenStack Ceph Client - The nodes running glance-api and cinder-volume act as Ceph clients. Each requires the ceph.conf file:

[root@ceph-mon1 ceph]# scp ceph.conf openstack:/etc/ceph

  • Installing ceph client packages on openstack node
    • First install Python bindings for librbd

yum install python-ceph

    • Install ceph

[root@ceph-mon1 ceph]# ceph-deploy install openstack

  • Setup Ceph Client Authentication for both pools along with keyrings
    • Create a new user for Nova/Cinder and Glance.

ceph auth get-or-create client.volumes mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rx pool=images'
ceph auth get-or-create client.images mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'

    • Add these keyrings to glance-api and cinder-volume nodes.

ceph auth get-or-create client.images | ssh openstack tee /etc/ceph/ceph.client.images.keyring
ssh openstack chown glance:glance /etc/ceph/ceph.client.images.keyring
ceph auth get-or-create client.volumes | ssh openstack tee /etc/ceph/ceph.client.volumes.keyring
ssh openstack chown cinder:cinder /etc/ceph/ceph.client.volumes.keyring

    • Hosts running nova-compute do not need the keyring. Instead, they store the secret key in libvirt. To create libvirt secret key you will need key from client.volumes.key

ceph auth get-key client.volumes | ssh openstack tee client.volumes.key

    • on the compute nodes, add the secret key to libvirt create a secret.xml file

cat > secret.xml < <EOF


client.volumes secret

EOF

    • Generate secret from created secret.xml file , make a note of uuid of secret output

# virsh secret-define --file secret.xml

    • Set libvirt secret using above key

# virsh secret-set-value --secret {uuid of secret} --base64 $(cat client.volumes.key) && rm client.volumes.key secret.xml

  • Configure OpenStack-Glance to use CEPH
    • Glance can use multiple back ends to store images. To use Ceph block devices by default, edit /etc/glance/glance-api.conf and add:

default_store=rbd
rbd_store_user=images
rbd_store_pool=images

    • If want to enable copy-on-write cloning of images into volumes, also add:

show_image_direct_url=True

  • Configure OpenStack - Cinder to use CEPH
    • OpenStack requires a driver to interact with Ceph block devices. You must specify the pool name for the block device. On your OpenStack node, edit/etc/cinder/cinder.conf by adding:

volume_driver=cinder.volume.drivers.rbd.RBDDriver
rbd_pool=volumes
glance_api_version=2

  • If you’re using cephx authentication also configure the user and uuid of the secret you added to libvirt earlier:

rbd_user=volumes
rbd_secret_uuid={uuid of secret}

  • Restart Openstack

service glance-api restart
service nova-compute restart
service cinder-volume restart

  • Once OpenStack is up and running, you should be able to create a volume with OpenStack on a Ceph block device.
  • NOTE : Make sure /etc/ceph/ceph.conf file have sufficient rights to be ready by cinder and glance users.

Please Follow Ceph + OpenStack :: Part-3 for next step in installation