OpenStack+Ceph+热迁移+++四、创建存储池
四、创建存储池
1.创建Cinder,Glance,Nova的存储池(node1节点)
ceph osd pool create volumes 128
ceph osd pool create images 128
ceph osd pool create vms 128
[root@node1 ~]# ceph osd pool create volumes 128
pool 'volumes' created
[root@node1 ~]# ceph osd pool create images 128
pool 'images' created
[root@node1 ~]# ceph osd pool create vms 128
pool 'vms' created
[root@node1 ~]# 2.将ceph.conf的文件传给controller,compute1,compute2,cinder节点
也就是运行着glance-api 、 cinder-volume 、 nova-compute 和 cinder的节点
ssh controller tee /etc/ceph/ceph.conf
ssh cinder tee /etc/ceph/ceph.conf
ssh compute1 tee /etc/ceph/ceph.conf
ssh compute2 tee /etc/ceph/ceph.conf
[root@node1 ~]# ssh controller tee /etc/ceph/ceph.conf 3.安装ceph客户端
在controller(glance-api)节点上安装librbd的Python 绑定
yum install python-rbd
yum install python-rbd在compute1(nova-compute)、compute2(nova-compute)、cinder(cinder-volume)节点上安装 Python 绑定和客户端命令行工具
yum install ceph
yum install ceph4.配置ceph客户端认证
启用cephx认证,为Nova/Cinder和Glance创建新用户
ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images'
ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
[root@node1 ~]# ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rx pool=images'
[client.cinder]
key = AQCVXx1aUZErNRAAeVUTAhLU4r4xaiqDbHqVhw==
[root@node1 ~]# ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
[client.glance]
key = AQCzXx1a7g5BKxAAHECANQ7E6rxTR9S2xzN5bQ==5.把 client.cinder(cinder) 、 client.glance(controller) 的密钥环复制到适当的节点,并更改所有权:
client.glance(controller)
ceph auth get-or-create client.glance | ssh controller tee /etc/ceph/ceph.client.glance.keyring
ssh controller chown glance:glance /etc/ceph/ceph.client.glance.keyring
[root@node1 ~]# ceph auth get-or-create client.glance | ssh controller tee /etc/ceph/ceph.client.glance.keyring
root@controller's password:
[client.glance]
key = AQCzXx1a7g5BKxAAHECANQ7E6rxTR9S2xzN5bQ==
[root@node1 ~]# ssh controller chown glance:glance /etc/ceph/ceph.client.glance.keyring
root@controller's password: clientcinder(cinder)
ceph auth get-or-create client.cinder | ssh cinder tee /etc/ceph/ceph.client.cinder.keyring
ssh cinder chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring
[root@node1 ~]# ceph auth get-or-create client.cinder | ssh cinder tee /etc/ceph/ceph.client.cinder.keyring
root@cinder's password:
[client.cinder]
key = AQCVXx1aUZErNRAAeVUTAhLU4r4xaiqDbHqVhw==
[root@node1 ~]# ssh cinder chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring
root@cinder's password: 6.配置compute1与compute2的密匙环文件
运行nova-compute 的节点,其进程需要密钥环文件:compute1
ceph auth get-or-create client.cinder | ssh compute1 tee /etc/ceph/ceph.client.cinder.keyring
ceph auth get-key client.cinder | ssh compute1 tee client.cinder.key
[root@node1 ceph]# ceph auth get-or-create client.cinder | ssh compute1 tee /etc/ceph/ceph.client.cinder.keyring
root@compute1's password:
[client.cinder]
key = AQCVXx1aUZErNRAAeVUTAhLU4r4xaiqDbHqVhw==
[root@node1 ceph]# ceph auth get-key client.cinder | ssh compute1 tee client.cinder.key
root@compute1's password:
AQCVXx1aUZErNRAAeVUTAhLU4r4xaiqDbHqVhw==compute2
ceph auth get-or-create client.cinder | ssh compute2 tee /etc/ceph/ceph.client.cinder.keyring
ceph auth get-key client.cinder | ssh compute2 tee client.cinder.key
[root@node1 ceph]# ceph auth get-or-create client.cinder | ssh compute2 tee /etc/ceph/ceph.client.cinder.keyring
root@compute2's password:
[client.cinder]
key = AQCVXx1aUZErNRAAeVUTAhLU4r4xaiqDbHqVhw==
[root@node1 ceph]# ceph auth get-key client.cinder | ssh compute2 tee client.cinder.key
root@compute2's password:
AQCVXx1aUZErNRAAeVUTAhLU4r4xaiqDbHqVhw==
任选计算节点1或者2生成一个uuid
[root@compute1 ~]# uuidgen
9d9cbdda-532a-4441-b11d-eb540dec9df9所有计算节点执行执行下面命令
下面那一长串直接复制进去就能执行改为自己的uuid
cat > secret.xml <
9d9cbdda-532a-4441-b11d-eb540dec9df9
client.cinder secret
EOF 在计算节点上把密钥加进libvirt、然后删除临时副本
virsh secret-define --file secret.xml
[root@compute1 ~]# virsh secret-define --file secret.xml
Secret 9d9cbdda-532a-4441-b11d-eb540dec9df9 createdvirsh secret-set-value --secret 9d9cbdda-532a-4441-b11d-eb540dec9df9 --base64 $(cat client.cinder.key) && rm client.cinder.key secret.xml
Secret value set
[root@compute1 ~]# virsh secret-set-value --secret 9d9cbdda-532a-4441-b11d-eb540dec9df9 --base64 $(cat client.cinder.key) && rm client.cinder.key secret.xml
Secret value set
rm: remove regular file ‘client.cinder.key’? y
rm: remove regular file ‘secret.xml’? y