一、nova与ceph结合


1、ceph中创建存储池pool


[root@controller_10_1_2_230 ~]# ceph osd pool create vms 128    #创建一个pools,名字为vms,128个pg

pool 'vms' created


[root@controller_10_1_2_230 ~]# ceph osd lspools                #查看pools创建的情况

0 rbd,1 p_w_picpaths,2 vms,

[root@controller_10_1_2_230 ~]# ceph osd pool stats

pool rbd id 0

  nothing is going on


pool p_w_picpaths id 1

  nothing is going on


pool vms id 2

  nothing is going on

2、nova-compute节点安装和配置客户端


[root@compute1_10_1_2_232 ~]# yum install python-rbd ceph -y     #安装客户端包

[root@controller_10_1_2_230 ~]# scp  /etc/ceph/ceph.conf  [email protected]:/etc/ceph/ceph.conf #拷贝ceph配置文件

3、配置ceph认证,让nova用户能够访问vms池、p_w_picpaths池


[root@controller_10_1_2_230 ~]# ceph auth get-or-create client.nova mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=vms, allow rwx pool=p_w_picpaths'                       

[client.nova]

        key = AQBLXqpWB8HsChAA6hGUBT5JNrFGD116uy+nmg==

      

#查看ceph的认证信息

[root@controller_10_1_2_230 ~]# ceph auth list

installed auth entries:


osd.0

        key: AQDsx6lWYGehDxAAGwcYP9jDvH2Zaa8JlGwj1Q==

        caps: [mon] allow profile osd

        caps: [osd] allow *

osd.1

        key: AQD1x6lWQCYBERAAjIKO1LVpj8FvVefDvNQZSA==

        caps: [mon] allow profile osd

        caps: [osd] allow *

client.admin

        key: AQCexqlWQL6OGBAA2v5LsYEB5VgLyq/K2huY3A==

        caps: [mds] allow

        caps: [mon] allow *

        caps: [osd] allow *

client.bootstrap-mds

        key: AQCexqlWUMNRMRAAZEp/UlhQuaixMcNy5d5pPw==

        caps: [mon] allow profile bootstrap-mds

client.bootstrap-osd

        key: AQCexqlWQFfpJBAAfPCx4sTLNztBESyFKys9LQ==

        caps: [mon] allow profile bootstrap-osd

client.bootstrap-rgw

        key: AQAR7alWok0SGhAAFtOo0PFsZuVzczMvJox1Wg==

        caps: [mon] allow profile bootstrap-rgw

client.glance

        key: AQAl76lWHMySHxAANTfXv3JQ70GCEBOZI5abcQ==

        caps: [mon] allow r

        caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=p_w_picpaths

client.nova

        key: AQBLXqpWB8HsChAA6hGUBT5JNrFGD116uy+nmg==

        caps: [mon] allow r

        caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=vms, allow rwx pool=p_w_picpaths    #添加了nova用户的认证信息

4、将ceph认证的key拷贝至计算节点


a、查看client.nova的key

[root@controller_10_1_2_230 ~]# ceph  auth get-or-create client.nova

[client.nova]

        key = AQBLXqpWB8HsChAA6hGUBT5JNrFGD116uy+nmg==


b、将key拷贝至远端

[root@controller_10_1_2_230 ~]# scp  ceph.client.nova.kering  [email protected]:/etc/ceph/

ceph.client.nova.kering  


c、生成nova临时的key


[root@controller_10_1_2_230 ~]# ceph auth get-key client.nova | ssh [email protected] tee client.nova.key

5、计算节点的libvirt使用ceph的key


a、生成uuid号

[root@compute1_10_1_2_232 ~]# uuidgen 

0d154ad2-ec21-4200-952f-7551503da8a1


b、生成加密文件

vim secret.xml


        0d154ad2-ec21-4200-952f-7551503da8a1

       

                client.cinder secret

       


c、加载加密文件

[root@compute1_10_1_2_232 ~]# virsh secret-define --file secret.xml 

Secret 0d154ad2-ec21-4200-952f-7551503da8a1 created


d、配置libvirt加密,使用client.nova.key

[root@compute1_10_1_2_232 ~]# virsh secret-set-value --secret 0d154ad2-ec21-4200-952f-7551503da8a1 --base64 $(cat /root/client.nova.key) 

Secret value set


e、查看libvirt定义的key

[root@compute1_10_1_2_232 ~]# virsh secret-list

UUID                                 Usage

-----------------------------------------------------------

0d154ad2-ec21-4200-952f-7551503da8a1 Unused