nova与ceph的结合
一、nova与ceph结合1、ceph中创建存储池pool
# ceph osd pool create vms 128 #创建一个pools,名字为vms,128个pg
pool 'vms' created
# ceph osd lspools #查看pools创建的情况
0 rbd,1 images,2 vms,
# ceph osd pool stats
pool rbd id 0
nothing is going on
pool images id 1
nothing is going on
pool vms id 2
nothing is going on
2、nova-compute节点安装和配置客户端
# yum install python-rbd ceph -y #安装客户端包
# scp/etc/ceph/ceph.confroot@10.1.2.232:/etc/ceph/ceph.conf #拷贝ceph配置文件
3、配置ceph认证,让nova用户能够访问vms池、images池
# ceph auth get-or-create client.nova mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=vms, allow rwx pool=images'
key = AQBLXqpWB8HsChAA6hGUBT5JNrFGD116uy+nmg==
#查看ceph的认证信息
# ceph auth list
installed auth entries:
osd.0
key: AQDsx6lWYGehDxAAGwcYP9jDvH2Zaa8JlGwj1Q==
caps: allow profile osd
caps: allow *
osd.1
key: AQD1x6lWQCYBERAAjIKO1LVpj8FvVefDvNQZSA==
caps: allow profile osd
caps: allow *
client.admin
key: AQCexqlWQL6OGBAA2v5LsYEB5VgLyq/K2huY3A==
caps: allow
caps: allow *
caps: allow *
client.bootstrap-mds
key: AQCexqlWUMNRMRAAZEp/UlhQuaixMcNy5d5pPw==
caps: allow profile bootstrap-mds
client.bootstrap-osd
key: AQCexqlWQFfpJBAAfPCx4sTLNztBESyFKys9LQ==
caps: allow profile bootstrap-osd
client.bootstrap-rgw
key: AQAR7alWok0SGhAAFtOo0PFsZuVzczMvJox1Wg==
caps: allow profile bootstrap-rgw
client.glance
key: AQAl76lWHMySHxAANTfXv3JQ70GCEBOZI5abcQ==
caps: allow r
caps: allow class-read object_prefix rbd_children, allow rwx pool=images
client.nova
key: AQBLXqpWB8HsChAA6hGUBT5JNrFGD116uy+nmg==
caps: allow r
caps: allow class-read object_prefix rbd_children, allow rwx pool=vms, allow rwx pool=images #添加了nova用户的认证信息
4、将ceph认证的key拷贝至计算节点
a、查看client.nova的key
# cephauth get-or-create client.nova
key = AQBLXqpWB8HsChAA6hGUBT5JNrFGD116uy+nmg==
b、将key拷贝至远端
# scpceph.client.nova.keringroot@10.1.2.232:/etc/ceph/
ceph.client.nova.kering
c、生成nova临时的key
# ceph auth get-key client.nova | ssh root@10.1.2.232 tee client.nova.key
5、计算节点的libvirt使用ceph的key
a、生成uuid号
# uuidgen
0d154ad2-ec21-4200-952f-7551503da8a1
b、生成加密文件
vim secret.xml
0d154ad2-ec21-4200-952f-7551503da8a1
client.cinder secret
c、加载加密文件
# virsh secret-define --file secret.xml
Secret 0d154ad2-ec21-4200-952f-7551503da8a1 created
d、配置libvirt加密,使用client.nova.key
# virsh secret-set-value --secret 0d154ad2-ec21-4200-952f-7551503da8a1 --base64 $(cat /root/client.nova.key)
Secret value set
e、查看libvirt定义的key
# virsh secret-list
UUID Usage
-----------------------------------------------------------
0d154ad2-ec21-4200-952f-7551503da8a1 Unused
页:
[1]