共计 9795 个字符,预计需要花费 25 分钟才能阅读完成。
这篇文章主要介绍了 oVirt 虚拟化平台如何对接 cinder-ceph,具有一定借鉴价值,感兴趣的朋友可以参考下,希望大家阅读完这篇文章之后大有收获,下面让丸趣 TV 小编带着大家一起了解一下。
说明:
1. cinder 配置按照 openstack 官方文档配置。
2. 将 cinder-api cinder-scheduler cinder-volumes 服务部署在一台节点。
3. oVirt 调用 cinder 是要注意 keystone 版本以及细节。
###############################openstack 基本环境 ############################
1. 安装 openstack 包
1.1 启用 OpenStack 库
# yum install centos-release-openstack-mitaka
1.2 升级包
# yum upgrade
1.3 安装 OpenStack 客户端
# yum install python-openstackclient
# yum install openstack-selinux
2. 安装 mariadb
2.1 安装软件包
# yum install mariadb mariadb-server python2-PyMySQL
2.2 修改配置
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.0.230
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
# systemctl enable mariadb.service
# systemctl start mariadb.service
2.3 设置 root 密码
# mysql_secure_installation
3. 消息队列
3.1 安装包
# yum install rabbitmq-server
3.2 启动消息队列服务并将其配置为随系统启动
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
3.3 添加 openstack 用户
# rabbitmqctl add_user openstack pass1234
# rabbitmqctl set_permissions openstack .* .* .*
4. 安装 memcached
4.1 安装包
# yum install memcached python-memcached
(可能需要其他依赖 libevent)
4.2 设置开机启动
# systemctl enable memcached.service
# systemctl start memcached.service
#################### 以上部分为 openstack 基本环境要求 #######################
####################openstack 认证服务环境 ################################
1. 安装与配置
1.1 创建 keystone 数据库
# mysql -u root -p
# CREATE DATABASE keystone;
1.2 数据库授权
# GRANT ALL PRIVILEGES ON keystone.* TO keystone @ localhost \
IDENTIFIED BY KEYSTONE_DBPASS
GRANT ALL PRIVILEGES ON keystone.* TO keystone @ % \
IDENTIFIED BY KEYSTONE_DBPASS
1.3 生成一个随机值在初始的配置中作为管理员的令牌
# openssl rand -hex 10
1cc14ab18f01e6e33a2a
1.4 安装 keystone 相关包
# yum install openstack-keystone httpd mod_wsgi
1.5 修改 keystone 配置
vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 1cc14ab18f01e6e33a2a
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet
1.6 初始化身份认证服务的数据库
# su -s /bin/sh -c keystone-manage db_sync keystone
1.7 初始化 Fernet keys
# keystone-manage fernet_setup –keystone-user keystone –keystone-group keystone
1.8 配置 Apache HTTP 服务器
# vim /etc/httpd/conf/httpd.conf
ServerName controller
1.9 创建 wsgi-keystone.conf
# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
VirtualHost *:5000
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat %{cu}t %M
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Directory /usr/bin
Require all granted
/Directory
/VirtualHost
VirtualHost *:35357
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat %{cu}t %M
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Directory /usr/bin
Require all granted
/Directory
/VirtualHost
1.10 关闭 selinux
# setenforce 0
1.11 配置 hosts
# vim /etc/hosts
192.168.0.230 controller
1.11 启动 apache 服务
# systemctl enable httpd.service
# systemctl start httpd.service
2 创建服务实体和 API 端点
2.1 配置环境变量
# export OS_TOKEN=1cc14ab18f01e6e33a2a
# export OS_URL=http://controller:35357/v3
# export OS_IDENTITY_API_VERSION=3
2.2 创建服务实体和 API 端点
2.2.1 创建服务实体和身份认证服务:
# openstack service create \
–name keystone –description OpenStack Identity identity
2.2.2 创建认证服务的 API 端点
# openstack endpoint create –region RegionOne \
identity public http://controller:5000/v3
# openstack endpoint create –region RegionOne \
identity internal http://controller:5000/v3
# openstack endpoint create –region RegionOne \
identity admin http://controller:35357/v3
3 创建域、项目、用户和角色
3.1 创建域 “default“:
# openstack domain create –description Default Domain default
3.2 创建管理的项目、用户和角色
# openstack project create –domain default \
–description Admin Project admin
# openstack user create –domain default \
–password-prompt admin
# openstack role create admin
# openstack role add –project admin –user admin admin
4. 验证操作
4.1 因为安全性的原因,关闭临时认证令牌机制:
编辑 /etc/keystone/keystone-paste.ini 文件,从 “[pipeline:public_api]“,[pipeline:admin_api]“ 和 “[pipeline:api_v3]“ 部分删除 “admin_token_auth。
重置 “OS_TOKEN“ 和 “OS_URL“ 环境变量:
# unset OS_TOKEN OS_URL
作为 admin 用户,请求认证令牌:
# openstack –os-auth-url http://controller:35357/v3 \
–os-project-domain-name default –os-user-domain-name default \
–os-project-name admin –os-username admin token issue
5 创建 OpenStack 客户端环境脚本
# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
验证:
# . admin-openrc
# openstack token issue
################################openstack 块存储服务配置 #####################
1 openstack 块存储服务配置
1.1 创建 cinder 数据库
# mysql -u root -p
CREATE DATABASE cinder;
1.2 数据库授权
# GRANT ALL PRIVILEGES ON cinder.* TO cinder @ localhost \
IDENTIFIED BY CINDER_DBPASS
GRANT ALL PRIVILEGES ON cinder.* TO cinder @ % \
IDENTIFIED BY CINDER_DBPASS
1.3 获得 admin 凭证来获取只有管理员能执行的命令的访问权限
# . admin-openrc
要创建服务证书,完成这些步骤
1.4 创建 cinder 用户
# openstack user create –domain default –password-prompt cinder
# openstack role add –project admin –user cinder admin
1.5 创建 cinder 和 cinderv2 服务实体:
# openstack service create –name cinder \
–description OpenStack Block Storage volume
# openstack service create –name cinderv2 \
–description OpenStack Block Storage volumev2
1.6 创建块存储 api 入口
# openstack endpoint create –region RegionOne \
volume public http://controller:8776/v1/%\(tenant_id\)s
# openstack endpoint create –region RegionOne \
volume internal http://controller:8776/v1/%\(tenant_id\)s
# openstack endpoint create –region RegionOne \
volume admin http://controller:8776/v1/%\(tenant_id\)s
# openstack endpoint create –region RegionOne \
volumev2 public http://controller:8776/v2/%\(tenant_id\)s
# openstack endpoint create –region RegionOne \
volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
# openstack endpoint create –region RegionOne \
volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
1.7 cinder 安装并配置组件
1.7.1 安装包
# yum install openstack-cinder
1.7.2 设置 cinder.conf
# vim /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 10.0.0.11
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = admin
username = cinder
password = CINDER_PASS
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
说明:将 CINDER_PASS 替换为你在认证服务中为 cinder 用户选择的密码。
在 [DEFAULT 部分,配置 “my_ip“ 来使用控制节点的管理接口的 IP 地址。
1.7.3 初始化块设备服务的数据库
# su -s /bin/sh -c cinder-manage db sync cinder
1.7.4 启动 cinder 服务
# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
1.7.8 配置 hosts
# vim /etc/hosts
192.168.0.230 controller
#################### 配置 ceph 存储后端 #################################
1.1 创建 pools
# ceph osd pool create volumes 128
# ceph osd pool create images 128
# ceph osd pool create backups 128
# ceph osd pool create vms 128
1.2 安装 ceph 包
# yum install ceph-common
~~~~~ 如果此节点没有 ceph 配置,需拷贝 ceph.conf~~~~~~~~~~
1.3 创建 cephx 用户
# ceph auth get-or-create client.cinder mon allow r osd allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images
1.4 创建本地配置
# ceph auth get-or-create client.cinder | sudo tee /etc/ceph/ceph.client.cinder.keyring
# ceph auth get-key client.cinder | tee client.cinder.key
1.5 创建 secret-key(计算节点 ovirt 需要)
# uuidgen
457eb676-33da-42ec-9a8c-9293d545c337
# cat secret.xml EOF
secret ephemeral= no private= no
uuid 457eb676-33da-42ec-9a8c-9293d545c337 /uuid
usage type= ceph
name client.cinder secret /name
/usage
/secret
EOF
# sudo virsh secret-define –file secret.xml
Secret 457eb676-33da-42ec-9a8c-9293d545c337 created
#sudo virsh secret-set-value –secret 457eb676-33da-42ec-9a8c-9293d545c337 –base64 $(cat client.cinder.key) rm client.cinder.key secret.xml
1.6 修改 cinder.conf
# vi /etc/cinder/cinder.conf
[DEFAULT]
enabled_backends = ceph
[ceph]
volume_driver = cinder.volume.drivers.rbd.RBDDriver
volume_backend_name = ceph
rbd_pool = volumes
rbd_ceph_conf = /etc/ceph/ceph.conf
rbd_flatten_volume_from_snapshot = false
rbd_max_clone_depth = 5
rbd_store_chunk_size = 4
rados_connect_timeout = -1
glance_api_version = 2
rbd_user = cinder
rbd_secret_uuid = 457eb676-33da-42ec-9a8c-9293d545c337
# 1.7 启动 cinder-volume 服务
# systemctl enable openstack-cinder-volume.service target.service
# systemctl start openstack-cinder-volume.service target.service
######################################### 对接 Ovirt 虚拟平台 ##################
1.1 ovirt-engin 认证方式是 keystone v2
# openstack domain list
+———————————-+———+———+—————-+
| ID | Name | Enabled | Description |
+———————————-+———+———+—————-+
| 0899c04522f94791afd9f3a73bc45bcd | default | True | Default Domain |
+———————————-+———+———+—————-+
# vim /etc/keystone/keystone.conf
[identity]
default_domain_id = 0899c04522f94791afd9f3a73bc45bcd
# su -s /bin/sh -c keystone-manage –config-file /etc/keystone/keystone.conf db_sync keystone
# systemctl restart httpd
1.2 cinder 创建新的存储类型
# cinder type-create ceph
# cinder type-key ceph set volume_backend_name=ceph
1.3 cinder 默认卷个数修改
cinder quota-defaults default
cinder quota-usage default
cinder quota-update –volumes 100 –snapshots 100 –gigabytes 5000 default
cinder quota-class-update –volumes 100 –snapshots 100 –gigabytes 5000 default
#############################################################################
curl -i http://controller:35357/v2.0/tokens -X POST -H Content-Type: application/json -H Accept: application/json -H User-Agent: python-cinderclient -d {auth : { tenantName : admin , passwordCredentials : { username : admin , password : pass1234}}}
感谢你能够认真阅读完这篇文章,希望丸趣 TV 小编分享的“oVirt 虚拟化平台如何对接 cinder-ceph”这篇文章对大家有帮助,同时也希望大家多多支持丸趣 TV,关注丸趣 TV 行业资讯频道,更多相关知识等着你来学习!
![Frank#smith[Kfyzeiuqujbpygze,2,5]](https://cravatar.cn/avatar/ebd2642d86a4b40100d29dc76ec89b0d?s=96&d=monsterid&r=r)