一、nova与ceph结合
1、ceph中创建存储池pool
[root@controller_10_1_2_230 ~]# ceph osd pool create vms 128 #创建一个pools,名字为vms,128个pg
pool 'vms' created
[root@controller_10_1_2_230 ~]# ceph osd lspools #查看pools创建的情况
0 rbd,1 p_w_picpaths,2 vms,
[root@controller_10_1_2_230 ~]# ceph osd pool stats
pool rbd id 0
nothing is going on
pool p_w_picpaths id 1
nothing is going on
pool vms id 2
nothing is going on
2、nova-compute节点安装和配置客户端
[root@compute1_10_1_2_232 ~]# yum install python-rbd ceph -y #安装客户端包
[root@controller_10_1_2_230 ~]# scp /etc/ceph/ceph.conf [email protected]:/etc/ceph/ceph.conf #拷贝ceph配置文件
3、配置ceph认证,让nova用户能够访问vms池、p_w_picpaths池
[root@controller_10_1_2_230 ~]# ceph auth get-or-create client.nova mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=vms, allow rwx pool=p_w_picpaths'
[client.nova]
key = AQBLXqpWB8HsChAA6hGUBT5JNrFGD116uy+nmg==
#查看ceph的认证信息
[root@controller_10_1_2_230 ~]# ceph auth list
installed auth entries:
osd.0
key: AQDsx6lWYGehDxAAGwcYP9jDvH2Zaa8JlGwj1Q==
caps: [mon] allow profile osd
caps: [osd] allow *
osd.1
key: AQD1x6lWQCYBERAAjIKO1LVpj8FvVefDvNQZSA==
caps: [mon] allow profile osd
caps: [osd] allow *
client.admin
key: AQCexqlWQL6OGBAA2v5LsYEB5VgLyq/K2huY3A==
caps: [mds] allow
caps: [mon] allow *
caps: [osd] allow *
client.bootstrap-mds
key: AQCexqlWUMNRMRAAZEp/UlhQuaixMcNy5d5pPw==
caps: [mon] allow profile bootstrap-mds
client.bootstrap-osd
key: AQCexqlWQFfpJBAAfPCx4sTLNztBESyFKys9LQ==
caps: [mon] allow profile bootstrap-osd
client.bootstrap-rgw
key: AQAR7alWok0SGhAAFtOo0PFsZuVzczMvJox1Wg==
caps: [mon] allow profile bootstrap-rgw
client.glance
key: AQAl76lWHMySHxAANTfXv3JQ70GCEBOZI5abcQ==
caps: [mon] allow r
caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=p_w_picpaths
client.nova
key: AQBLXqpWB8HsChAA6hGUBT5JNrFGD116uy+nmg==
caps: [mon] allow r
caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=vms, allow rwx pool=p_w_picpaths #添加了nova用户的认证信息
4、将ceph认证的key拷贝至计算节点
a、查看client.nova的key
[root@controller_10_1_2_230 ~]# ceph auth get-or-create client.nova
[client.nova]
key = AQBLXqpWB8HsChAA6hGUBT5JNrFGD116uy+nmg==
b、将key拷贝至远端
[root@controller_10_1_2_230 ~]# scp ceph.client.nova.kering [email protected]:/etc/ceph/
ceph.client.nova.kering
c、生成nova临时的key
[root@controller_10_1_2_230 ~]# ceph auth get-key client.nova | ssh [email protected] tee client.nova.key
5、计算节点的libvirt使用ceph的key
a、生成uuid号
[root@compute1_10_1_2_232 ~]# uuidgen
0d154ad2-ec21-4200-952f-7551503da8a1
b、生成加密文件
vim secret.xml
c、加载加密文件
[root@compute1_10_1_2_232 ~]# virsh secret-define --file secret.xml
Secret 0d154ad2-ec21-4200-952f-7551503da8a1 created
d、配置libvirt加密,使用client.nova.key
[root@compute1_10_1_2_232 ~]# virsh secret-set-value --secret 0d154ad2-ec21-4200-952f-7551503da8a1 --base64 $(cat /root/client.nova.key)
Secret value set
e、查看libvirt定义的key
[root@compute1_10_1_2_232 ~]# virsh secret-list
UUID Usage
-----------------------------------------------------------
0d154ad2-ec21-4200-952f-7551503da8a1 Unused