External Ceph: keys as variables
Introduce user modifiable variables instead of fixed-names of Ceph keyring files for external Ceph functionality. Change-Id: I1a33b3f9d6eca5babf53b91187461e43aef865ce
This commit is contained in:
parent
7671384919
commit
1f929336e3
@ -1028,6 +1028,14 @@ ceph_mgr_host_type: "INVENTORY"
|
|||||||
ceph_osd_host_type: "IP"
|
ceph_osd_host_type: "IP"
|
||||||
ceph_mds_host_type: "INVENTORY"
|
ceph_mds_host_type: "INVENTORY"
|
||||||
|
|
||||||
|
# External Ceph keyrings
|
||||||
|
ceph_cinder_keyring: "ceph.client.cinder.keyring"
|
||||||
|
ceph_cinder_backup_keyring: "ceph.client.cinder-backup.keyring"
|
||||||
|
ceph_glance_keyring: "ceph.client.glance.keyring"
|
||||||
|
ceph_gnocchi_keyring: "ceph.client.gnocchi.keyring"
|
||||||
|
ceph_manila_keyring: "ceph.client.manila.keyring"
|
||||||
|
ceph_nova_keyring: "{% if enable_ceph | bool %}ceph.client.nova.keyring{% else %}{{ ceph_cinder_keyring }}{% endif %}"
|
||||||
|
|
||||||
#####################
|
#####################
|
||||||
# VMware support
|
# VMware support
|
||||||
######################
|
######################
|
||||||
|
@ -21,12 +21,10 @@
|
|||||||
|
|
||||||
- name: Copy over Ceph keyring files for cinder-volume
|
- name: Copy over Ceph keyring files for cinder-volume
|
||||||
copy:
|
copy:
|
||||||
src: "{{ item }}"
|
src: "{{ node_custom_config }}/cinder/cinder-volume/{{ ceph_cinder_keyring }}"
|
||||||
dest: "{{ node_config_directory }}/cinder-volume/"
|
dest: "{{ node_config_directory }}/cinder-volume/"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
become: true
|
become: true
|
||||||
with_fileglob:
|
|
||||||
- "{{ node_custom_config }}/cinder/cinder-volume/ceph.client*"
|
|
||||||
when:
|
when:
|
||||||
- external_ceph_cephx_enabled | bool
|
- external_ceph_cephx_enabled | bool
|
||||||
- inventory_hostname in groups['cinder-volume']
|
- inventory_hostname in groups['cinder-volume']
|
||||||
@ -36,13 +34,14 @@
|
|||||||
|
|
||||||
- name: Copy over Ceph keyring files for cinder-backup
|
- name: Copy over Ceph keyring files for cinder-backup
|
||||||
copy:
|
copy:
|
||||||
src: "{{ item }}"
|
src: "{{ node_custom_config }}/cinder/{{ item }}"
|
||||||
dest: "{{ node_config_directory }}/cinder-backup/"
|
dest: "{{ node_config_directory }}/cinder-backup/"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
become: true
|
become: true
|
||||||
register: cinder_backup_ceph_keyring
|
register: cinder_backup_ceph_keyring
|
||||||
with_fileglob:
|
with_items:
|
||||||
- "{{ node_custom_config }}/cinder/cinder-backup/ceph.client*"
|
- "cinder-backup/{{ ceph_cinder_keyring }}"
|
||||||
|
- "cinder-backup/{{ ceph_cinder_backup_keyring }}"
|
||||||
when:
|
when:
|
||||||
- external_ceph_cephx_enabled | bool
|
- external_ceph_cephx_enabled | bool
|
||||||
- inventory_hostname in groups['cinder-backup']
|
- inventory_hostname in groups['cinder-backup']
|
||||||
|
@ -14,10 +14,24 @@
|
|||||||
"perm": "0600"
|
"perm": "0600"
|
||||||
}{% endif %}{% if cinder_backend_ceph | bool %},
|
}{% endif %}{% if cinder_backend_ceph | bool %},
|
||||||
{
|
{
|
||||||
"source": "{{ container_config_directory }}/ceph.*",
|
"source": "{{ container_config_directory }}/ceph.conf",
|
||||||
"dest": "/etc/ceph/",
|
"dest": "/etc/ceph/ceph.conf",
|
||||||
"owner": "cinder",
|
"owner": "cinder",
|
||||||
"perm": "0700",
|
"perm": "0600",
|
||||||
|
"optional": {{ (not cinder_backend_ceph | bool) | string | lower }}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/{{ ceph_cinder_keyring }}",
|
||||||
|
"dest": "/etc/ceph/{{ ceph_cinder_keyring }}",
|
||||||
|
"owner": "cinder",
|
||||||
|
"perm": "0600",
|
||||||
|
"optional": {{ (not cinder_backend_ceph | bool) | string | lower }}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/{{ ceph_cinder_backup_keyring }}",
|
||||||
|
"dest": "/etc/ceph/{{ ceph_cinder_backup_keyring }}",
|
||||||
|
"owner": "cinder",
|
||||||
|
"perm": "0600",
|
||||||
"optional": {{ (not cinder_backend_ceph | bool) | string | lower }}
|
"optional": {{ (not cinder_backend_ceph | bool) | string | lower }}
|
||||||
}{% endif %}
|
}{% endif %}
|
||||||
],
|
],
|
||||||
|
@ -8,10 +8,10 @@
|
|||||||
"perm": "0600"
|
"perm": "0600"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": "{{ container_config_directory }}/ceph.*",
|
"source": "{{ container_config_directory }}/{{ ceph_cinder_keyring }}",
|
||||||
"dest": "/etc/ceph/",
|
"dest": "/etc/ceph/{{ ceph_cinder_keyring }}",
|
||||||
"owner": "cinder",
|
"owner": "cinder",
|
||||||
"perm": "0700",
|
"perm": "0600",
|
||||||
"optional": {{ (not cinder_backend_ceph | bool) | string | lower }}
|
"optional": {{ (not cinder_backend_ceph | bool) | string | lower }}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -1,27 +1,29 @@
|
|||||||
---
|
---
|
||||||
- name: Copy over ceph files
|
- name: Copy over ceph.conf for Glance
|
||||||
copy:
|
template:
|
||||||
src: "{{ item }}"
|
src: "{{ node_custom_config }}/glance/ceph.conf"
|
||||||
dest: "{{ node_config_directory }}/glance-api/"
|
dest: "{{ node_config_directory }}/glance-api/ceph.conf"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
become: true
|
become: true
|
||||||
when:
|
when: inventory_hostname in groups['glance-api']
|
||||||
- glance_services['glance-api'].host_in_groups | bool
|
notify:
|
||||||
- glance_services['glance-api'].enabled | bool
|
- Restart glance-api container
|
||||||
with_fileglob:
|
|
||||||
- "{{ node_custom_config }}/glance/ceph*"
|
- name: Copy over ceph Glance keyring
|
||||||
|
copy:
|
||||||
|
src: "{{ node_custom_config }}/glance/{{ ceph_glance_keyring }}"
|
||||||
|
dest: "{{ node_config_directory }}/glance-api/{{ ceph_glance_keyring }}"
|
||||||
|
mode: "0660"
|
||||||
|
become: true
|
||||||
|
when: inventory_hostname in groups['glance-api']
|
||||||
notify:
|
notify:
|
||||||
- Restart glance-api container
|
- Restart glance-api container
|
||||||
|
|
||||||
- name: Ensuring config directory has correct owner and permission
|
- name: Ensuring config directory has correct owner and permission
|
||||||
file:
|
file:
|
||||||
path: "{{ node_config_directory }}/{{ item }}"
|
path: "{{ node_config_directory }}/glance-api"
|
||||||
recurse: yes
|
recurse: yes
|
||||||
owner: "{{ config_owner_user }}"
|
owner: "{{ config_owner_user }}"
|
||||||
group: "{{ config_owner_group }}"
|
group: "{{ config_owner_group }}"
|
||||||
become: true
|
become: true
|
||||||
when:
|
when: inventory_hostname in groups['glance-api']
|
||||||
- glance_services[item].host_in_groups | bool
|
|
||||||
- glance_services[item].enabled | bool
|
|
||||||
with_items:
|
|
||||||
- "glance-api"
|
|
||||||
|
@ -14,10 +14,16 @@
|
|||||||
"perm": "0600"
|
"perm": "0600"
|
||||||
}{% endif %}{% if glance_backend_ceph | bool %},
|
}{% endif %}{% if glance_backend_ceph | bool %},
|
||||||
{
|
{
|
||||||
"source": "{{ container_config_directory }}/ceph.*",
|
"source": "{{ container_config_directory }}/{{ ceph_glance_keyring }}",
|
||||||
"dest": "/etc/ceph/",
|
"dest": "/etc/ceph/{{ ceph_glance_keyring }}",
|
||||||
"owner": "glance",
|
"owner": "glance",
|
||||||
"perm": "0700"
|
"perm": "0600"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/ceph.conf",
|
||||||
|
"dest": "/etc/ceph/ceph.conf",
|
||||||
|
"owner": "glance",
|
||||||
|
"perm": "0600"
|
||||||
}{% endif %}{% if glance_backend_swift | bool %},
|
}{% endif %}{% if glance_backend_swift | bool %},
|
||||||
{
|
{
|
||||||
"source": "{{ container_config_directory }}/glance-swift.conf",
|
"source": "{{ container_config_directory }}/glance-swift.conf",
|
||||||
|
@ -15,8 +15,8 @@
|
|||||||
|
|
||||||
- name: Copy over ceph gnocchi keyring
|
- name: Copy over ceph gnocchi keyring
|
||||||
copy:
|
copy:
|
||||||
src: "{{ node_custom_config }}/gnocchi/ceph.client.gnocchi.keyring"
|
src: "{{ node_custom_config }}/gnocchi/{{ ceph_gnocchi_keyring }}"
|
||||||
dest: "{{ node_config_directory }}/{{ item }}/ceph.client.gnocchi.keyring"
|
dest: "{{ node_config_directory }}/{{ item }}/{{ ceph_gnocchi_keyring }}"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
become: true
|
become: true
|
||||||
when: inventory_hostname in groups[item]
|
when: inventory_hostname in groups[item]
|
||||||
|
@ -28,8 +28,8 @@
|
|||||||
"perm": "0600"
|
"perm": "0600"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source": "{{ container_config_directory }}/ceph.client.gnocchi.keyring",
|
"source": "{{ container_config_directory }}/{{ ceph_gnocchi_keyring }}",
|
||||||
"dest": "/etc/ceph/ceph.client.gnocchi.keyring",
|
"dest": "/etc/ceph/{{ ceph_gnocchi_keyring }}",
|
||||||
"owner": "gnocchi",
|
"owner": "gnocchi",
|
||||||
"perm": "0600"
|
"perm": "0600"
|
||||||
}{% endif %}
|
}{% endif %}
|
||||||
|
@ -12,12 +12,10 @@
|
|||||||
|
|
||||||
- name: Copy over Ceph keyring files for manila
|
- name: Copy over Ceph keyring files for manila
|
||||||
copy:
|
copy:
|
||||||
src: "{{ item }}"
|
src: "{{ node_custom_config }}/manila/{{ ceph_manila_keyring }}"
|
||||||
dest: "{{ node_config_directory }}/manila-share/"
|
dest: "{{ node_config_directory }}/manila-share/{{ ceph_manila_keyring }}"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
become: true
|
become: true
|
||||||
with_fileglob:
|
|
||||||
- "{{ node_custom_config }}/manila/ceph.client*"
|
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['manila-share']
|
- inventory_hostname in groups['manila-share']
|
||||||
notify:
|
notify:
|
||||||
|
@ -8,8 +8,14 @@
|
|||||||
"perm": "0600"
|
"perm": "0600"
|
||||||
}{% if enable_manila_backend_cephfs_native | bool or enable_manila_backend_cephfs_nfs | bool %},
|
}{% if enable_manila_backend_cephfs_native | bool or enable_manila_backend_cephfs_nfs | bool %},
|
||||||
{
|
{
|
||||||
"source": "{{ container_config_directory }}/ceph.*",
|
"source": "{{ container_config_directory }}/ceph.conf",
|
||||||
"dest": "/etc/ceph/",
|
"dest": "/etc/ceph/ceph.conf",
|
||||||
|
"owner": "manila",
|
||||||
|
"perm": "0600"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/{{ ceph_manila_keyring }}",
|
||||||
|
"dest": "/etc/ceph/{{ ceph_manila_keyring }}",
|
||||||
"owner": "manila",
|
"owner": "manila",
|
||||||
"perm": "0600"
|
"perm": "0600"
|
||||||
}{% endif %}{% if manila_policy_file is defined %},
|
}{% endif %}{% if manila_policy_file is defined %},
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
|
|
||||||
- name: Check nova keyring file
|
- name: Check nova keyring file
|
||||||
stat:
|
stat:
|
||||||
path: "{{ node_custom_config }}/nova/ceph.client.nova.keyring"
|
path: "{{ node_custom_config }}/nova/{{ ceph_nova_keyring }}"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
run_once: True
|
run_once: True
|
||||||
register: nova_cephx_keyring_file
|
register: nova_cephx_keyring_file
|
||||||
@ -22,7 +22,7 @@
|
|||||||
|
|
||||||
- name: Check cinder keyring file
|
- name: Check cinder keyring file
|
||||||
stat:
|
stat:
|
||||||
path: "{{ node_custom_config }}/nova/ceph.client.cinder.keyring"
|
path: "{{ node_custom_config }}/nova/{{ ceph_cinder_keyring }}"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
run_once: True
|
run_once: True
|
||||||
register: cinder_cephx_keyring_file
|
register: cinder_cephx_keyring_file
|
||||||
@ -39,7 +39,6 @@
|
|||||||
become: true
|
become: true
|
||||||
with_items:
|
with_items:
|
||||||
- nova-compute
|
- nova-compute
|
||||||
- nova-libvirt
|
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups[nova_cell_compute_group]
|
- inventory_hostname in groups[nova_cell_compute_group]
|
||||||
- nova_backend == "rbd"
|
- nova_backend == "rbd"
|
||||||
|
@ -14,10 +14,16 @@
|
|||||||
"perm": "0600"
|
"perm": "0600"
|
||||||
}{% endif %}{% if nova_backend == "rbd" %},
|
}{% endif %}{% if nova_backend == "rbd" %},
|
||||||
{
|
{
|
||||||
"source": "{{ container_config_directory }}/ceph.*",
|
"source": "{{ container_config_directory }}/{{ ceph_nova_keyring }}",
|
||||||
"dest": "/etc/ceph/",
|
"dest": "/etc/ceph/{{ ceph_nova_keyring }}",
|
||||||
"owner": "nova",
|
"owner": "nova",
|
||||||
"perm": "0700"
|
"perm": "0600"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source": "{{ container_config_directory }}/ceph.conf",
|
||||||
|
"dest": "/etc/ceph/ceph.conf",
|
||||||
|
"owner": "nova",
|
||||||
|
"perm": "0600"
|
||||||
}{% endif %}{% if nova_compute_virt_type == "vmware" and not vmware_vcenter_insecure | bool %},
|
}{% endif %}{% if nova_compute_virt_type == "vmware" and not vmware_vcenter_insecure | bool %},
|
||||||
{
|
{
|
||||||
"source": "{{ container_config_directory }}/vmware_ca",
|
"source": "{{ container_config_directory }}/vmware_ca",
|
||||||
|
@ -64,229 +64,176 @@ Configuring External Ceph
|
|||||||
Glance
|
Glance
|
||||||
------
|
------
|
||||||
|
|
||||||
Configuring Glance for Ceph includes three steps:
|
Configuring Glance for Ceph includes the following steps:
|
||||||
|
|
||||||
#. Configure RBD back end in ``glance-api.conf``
|
#. Configure RBD back end in ``glance-api.conf``
|
||||||
#. Create Ceph configuration file in ``/etc/ceph/ceph.conf``
|
|
||||||
#. Create Ceph keyring file in ``/etc/ceph/ceph.client.<username>.keyring``
|
|
||||||
|
|
||||||
Step 1 is done by using Kolla's INI merge mechanism: Create a file in
|
.. path /etc/kolla/config/glance/glance-api.conf
|
||||||
``/etc/kolla/config/glance/glance-api.conf`` with the following contents:
|
.. code-block:: ini
|
||||||
|
|
||||||
.. code-block:: ini
|
[glance_store]
|
||||||
|
stores = rbd
|
||||||
|
default_store = rbd
|
||||||
|
rbd_store_pool = images
|
||||||
|
rbd_store_user = glance
|
||||||
|
rbd_store_ceph_conf = /etc/ceph/ceph.conf
|
||||||
|
|
||||||
[glance_store]
|
#. Copy Ceph configuration file to ``/etc/kolla/config/glance/ceph.conf``
|
||||||
stores = rbd
|
|
||||||
default_store = rbd
|
|
||||||
rbd_store_pool = images
|
|
||||||
rbd_store_user = glance
|
|
||||||
rbd_store_ceph_conf = /etc/ceph/ceph.conf
|
|
||||||
|
|
||||||
Now put ceph.conf and the keyring file (name depends on the username created in
|
.. path /etc/kolla/config/glance/ceph.conf
|
||||||
Ceph) into the same directory, for example:
|
.. code-block:: ini
|
||||||
|
|
||||||
.. path /etc/kolla/config/glance/ceph.conf
|
[global]
|
||||||
.. code-block:: ini
|
fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3
|
||||||
|
mon_initial_members = ceph-0
|
||||||
|
mon_host = 192.168.0.56
|
||||||
|
auth_cluster_required = cephx
|
||||||
|
auth_service_required = cephx
|
||||||
|
auth_client_required = cephx
|
||||||
|
|
||||||
[global]
|
#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
|
||||||
fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3
|
|
||||||
mon_initial_members = ceph-0
|
|
||||||
mon_host = 192.168.0.56
|
|
||||||
auth_cluster_required = cephx
|
|
||||||
auth_service_required = cephx
|
|
||||||
auth_client_required = cephx
|
|
||||||
|
|
||||||
.. code-block:: console
|
* ``ceph_glance_keyring`` (default: ``ceph.client.glance.keyring``)
|
||||||
|
|
||||||
$ cat /etc/kolla/config/glance/ceph.client.glance.keyring
|
#. Copy Ceph keyring to ``/etc/kolla/config/glance/<ceph_glance_keyring>``
|
||||||
|
|
||||||
[client.glance]
|
|
||||||
key = AQAg5YRXS0qxLRAAXe6a4R1a15AoRx7ft80DhA==
|
|
||||||
|
|
||||||
Kolla will pick up all files named ``ceph.*`` in this directory and copy them
|
|
||||||
to the ``/etc/ceph/`` directory of the container.
|
|
||||||
|
|
||||||
Cinder
|
Cinder
|
||||||
------
|
------
|
||||||
|
|
||||||
Configuring external Ceph for Cinder works very similar to
|
Configuring Cinder for Ceph includes following steps:
|
||||||
Glance.
|
|
||||||
|
|
||||||
Modify ``/etc/kolla/config/cinder/cinder-volume.conf`` file according to
|
#. Configure RBD backend in ``cinder-volume.conf`` and ``cinder-backup.conf``
|
||||||
the following configuration:
|
|
||||||
|
|
||||||
.. code-block:: ini
|
.. path /etc/kolla/config/cinder/cinder-volume.conf
|
||||||
|
.. code-block:: ini
|
||||||
|
|
||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
enabled_backends=rbd-1
|
enabled_backends=rbd-1
|
||||||
|
|
||||||
[rbd-1]
|
[rbd-1]
|
||||||
rbd_ceph_conf=/etc/ceph/ceph.conf
|
rbd_ceph_conf=/etc/ceph/ceph.conf
|
||||||
rbd_user=cinder
|
rbd_user=cinder
|
||||||
backend_host=rbd:volumes
|
backend_host=rbd:volumes
|
||||||
rbd_pool=volumes
|
rbd_pool=volumes
|
||||||
volume_backend_name=rbd-1
|
volume_backend_name=rbd-1
|
||||||
volume_driver=cinder.volume.drivers.rbd.RBDDriver
|
volume_driver=cinder.volume.drivers.rbd.RBDDriver
|
||||||
rbd_secret_uuid = {{ cinder_rbd_secret_uuid }}
|
rbd_secret_uuid = {{ cinder_rbd_secret_uuid }}
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
``cinder_rbd_secret_uuid`` can be found in ``/etc/kolla/passwords.yml`` file.
|
``cinder_rbd_secret_uuid`` can be found in ``/etc/kolla/passwords.yml``.
|
||||||
|
|
||||||
Modify ``/etc/kolla/config/cinder/cinder-backup.conf`` file according to
|
.. path /etc/kolla/config/cinder/cinder-backup.conf
|
||||||
the following configuration:
|
.. code-block:: ini
|
||||||
|
|
||||||
.. code-block:: ini
|
[DEFAULT]
|
||||||
|
backup_ceph_conf=/etc/ceph/ceph.conf
|
||||||
|
backup_ceph_user=cinder-backup
|
||||||
|
backup_ceph_chunk_size = 134217728
|
||||||
|
backup_ceph_pool=backups
|
||||||
|
backup_driver = cinder.backup.drivers.ceph.CephBackupDriver
|
||||||
|
backup_ceph_stripe_unit = 0
|
||||||
|
backup_ceph_stripe_count = 0
|
||||||
|
restore_discard_excess_bytes = true
|
||||||
|
|
||||||
[DEFAULT]
|
For more information about the Cinder backup configuration, see
|
||||||
backup_ceph_conf=/etc/ceph/ceph.conf
|
:cinder-doc:`Ceph backup driver
|
||||||
backup_ceph_user=cinder-backup
|
<configuration/block-storage/backup/ceph-backup-driver.html>`.
|
||||||
backup_ceph_chunk_size = 134217728
|
|
||||||
backup_ceph_pool=backups
|
|
||||||
backup_driver = cinder.backup.drivers.ceph.CephBackupDriver
|
|
||||||
backup_ceph_stripe_unit = 0
|
|
||||||
backup_ceph_stripe_count = 0
|
|
||||||
restore_discard_excess_bytes = true
|
|
||||||
|
|
||||||
For more information about the Cinder backup configuration, see
|
#. Copy Ceph configuration file to ``/etc/kolla/config/cinder/ceph.conf``
|
||||||
:cinder-doc:`Ceph backup driver <configuration/block-storage/backup/ceph-backup-driver.html>`.
|
|
||||||
|
|
||||||
Next, copy the ``ceph.conf`` file into ``/etc/kolla/config/cinder/``:
|
Separate configuration options can be configured for
|
||||||
|
cinder-volume and cinder-backup by adding ceph.conf files to
|
||||||
|
``/etc/kolla/config/cinder/cinder-volume`` and
|
||||||
|
``/etc/kolla/config/cinder/cinder-backup`` respectively. They
|
||||||
|
will be merged with ``/etc/kolla/config/cinder/ceph.conf``.
|
||||||
|
|
||||||
.. code-block:: ini
|
#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
|
||||||
|
* ``ceph_cinder_keyring`` (default: ``ceph.client.cinder.keyring``)
|
||||||
|
* ``ceph_cinder_backup_keyring``
|
||||||
|
(default: ``ceph.client.cinder-backup.keyring``)
|
||||||
|
|
||||||
[global]
|
#. Copy Ceph keyring files to:
|
||||||
fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3
|
* ``/etc/kolla/config/cinder/cinder-volume/<ceph_cinder_keyring>``
|
||||||
mon_initial_members = ceph-0
|
* ``/etc/kolla/config/cinder/cinder-backup/<ceph_cinder_keyring>``
|
||||||
mon_host = 192.168.0.56
|
* ``/etc/kolla/config/cinder/cinder-backup/<ceph_cinder_backup_keyring>``
|
||||||
auth_cluster_required = cephx
|
|
||||||
auth_service_required = cephx
|
|
||||||
auth_client_required = cephx
|
|
||||||
|
|
||||||
Separate configuration options can be configured for
|
|
||||||
cinder-volume and cinder-backup by adding ceph.conf files to
|
|
||||||
``/etc/kolla/config/cinder/cinder-volume`` and
|
|
||||||
``/etc/kolla/config/cinder/cinder-backup`` respectively. They
|
|
||||||
will be merged with ``/etc/kolla/config/cinder/ceph.conf``.
|
|
||||||
|
|
||||||
Ceph keyrings are deployed per service and placed into
|
|
||||||
``cinder-volume`` and ``cinder-backup`` directories, put the keyring files
|
|
||||||
to these directories, for example:
|
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
``cinder-backup`` requires two keyrings for accessing volumes
|
``cinder-backup`` requires two keyrings for accessing volumes
|
||||||
and backup pool.
|
and backup pool.
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ cat /etc/kolla/config/cinder/cinder-backup/ceph.client.cinder.keyring
|
|
||||||
|
|
||||||
[client.cinder]
|
|
||||||
key = AQAg5YRXpChaGRAAlTSCleesthCRmCYrfQVX1w==
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ cat /etc/kolla/config/cinder/cinder-backup/ceph.client.cinder-backup.keyring
|
|
||||||
|
|
||||||
[client.cinder-backup]
|
|
||||||
key = AQC9wNBYrD8MOBAAwUlCdPKxWZlhkrWIDE1J/w==
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ cat /etc/kolla/config/cinder/cinder-volume/ceph.client.cinder.keyring
|
|
||||||
|
|
||||||
[client.cinder]
|
|
||||||
key = AQAg5YRXpChaGRAAlTSCleesthCRmCYrfQVX1w==
|
|
||||||
|
|
||||||
It is important that the files are named ``ceph.client*``.
|
|
||||||
|
|
||||||
Nova
|
Nova
|
||||||
----
|
----
|
||||||
|
|
||||||
Put ceph.conf, nova client keyring file and cinder client keyring file into
|
Configuring Nova for Ceph includes following steps:
|
||||||
``/etc/kolla/config/nova``:
|
|
||||||
|
|
||||||
.. warning::
|
#. Copy Ceph configuration file to ``/etc/kolla/config/nova/ceph.conf``
|
||||||
|
#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
|
||||||
|
|
||||||
If you are using ceph-ansible - please copy ceph.client.cinder.keyring
|
* ``ceph_cinder_keyring`` (default: ``ceph.client.cinder.keyring``)
|
||||||
as /etc/kolla/config/nova/ceph.client.nova.keyring
|
* ``ceph_nova_keyring`` (by default it's the same as ceph_cinder_keyring)
|
||||||
|
|
||||||
.. code-block:: console
|
#. Copy Ceph keyring file(s) to:
|
||||||
|
|
||||||
$ ls /etc/kolla/config/nova
|
* ``/etc/kolla/config/nova/<ceph_cinder_keyring>``
|
||||||
ceph.client.cinder.keyring ceph.client.nova.keyring ceph.conf
|
* ``/etc/kolla/config/nova/<ceph_nova_keyring>`` (if your Ceph deployment
|
||||||
|
created one)
|
||||||
|
|
||||||
Configure nova-compute to use Ceph as the ephemeral back end by creating
|
.. warning::
|
||||||
``/etc/kolla/config/nova/nova-compute.conf`` and adding the following
|
|
||||||
configurations:
|
|
||||||
|
|
||||||
.. code-block:: ini
|
If you are using ceph-ansible or another deployment tool that doesn't
|
||||||
|
create separate key for Nova just copy the Cinder key.
|
||||||
|
|
||||||
[libvirt]
|
#. Configure nova-compute to use Ceph as the ephemeral back end by creating
|
||||||
images_rbd_pool=vms
|
``/etc/kolla/config/nova/nova-compute.conf`` and adding the following
|
||||||
images_type=rbd
|
configurations:
|
||||||
images_rbd_ceph_conf=/etc/ceph/ceph.conf
|
|
||||||
rbd_user=nova
|
|
||||||
|
|
||||||
.. note::
|
.. code-block:: ini
|
||||||
|
|
||||||
``rbd_user`` might vary depending on your environment.
|
[libvirt]
|
||||||
|
images_rbd_pool=vms
|
||||||
|
images_type=rbd
|
||||||
|
images_rbd_ceph_conf=/etc/ceph/ceph.conf
|
||||||
|
|
||||||
Gnocchi
|
Gnocchi
|
||||||
-------
|
-------
|
||||||
|
|
||||||
Modify ``/etc/kolla/config/gnocchi.conf`` file according to
|
Configuring Gnocchi for Ceph includes following steps:
|
||||||
the following configuration:
|
|
||||||
|
|
||||||
.. code-block:: ini
|
#. Copy Ceph configuration file to ``/etc/kolla/config/gnocchi/ceph.conf``
|
||||||
|
#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
|
||||||
|
|
||||||
[storage]
|
* ``ceph_gnocchi_keyring``
|
||||||
driver = ceph
|
(default: ``ceph.client.gnocchi.keyring``)
|
||||||
ceph_username = gnocchi
|
|
||||||
ceph_keyring = /etc/ceph/ceph.client.gnocchi.keyring
|
|
||||||
ceph_conffile = /etc/ceph/ceph.conf
|
|
||||||
|
|
||||||
Put ceph.conf and gnocchi client keyring file in
|
#. Copy Ceph keyring to ``/etc/kolla/config/gnocchi/<ceph_gnocchi_keyring>``
|
||||||
``/etc/kolla/config/gnocchi``:
|
#. Modify ``/etc/kolla/config/gnocchi.conf`` file according to the following
|
||||||
|
configuration:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: ini
|
||||||
|
|
||||||
$ ls /etc/kolla/config/gnocchi
|
[storage]
|
||||||
ceph.client.gnocchi.keyring ceph.conf gnocchi.conf
|
driver = ceph
|
||||||
|
ceph_username = gnocchi
|
||||||
|
ceph_keyring = /etc/ceph/ceph.client.gnocchi.keyring
|
||||||
|
ceph_conffile = /etc/ceph/ceph.conf
|
||||||
|
|
||||||
Manila
|
Manila
|
||||||
------
|
------
|
||||||
|
|
||||||
Configuring Manila for Ceph includes four steps:
|
Configuring Manila for Ceph includes following steps:
|
||||||
|
|
||||||
#. Configure CephFS backend, setting ``enable_manila_backend_cephfs_native``
|
#. Configure CephFS backend by setting ``enable_manila_backend_cephfs_native``
|
||||||
#. Create Ceph configuration file in ``/etc/ceph/ceph.conf``
|
to ``true``
|
||||||
#. Create Ceph keyring file in ``/etc/ceph/ceph.client.<username>.keyring``
|
#. Configure Ceph authentication details in ``/etc/kolla/globals.yml``:
|
||||||
|
|
||||||
|
* ``ceph_manila_keyring`` (default: ``ceph.client.manila.keyring``)
|
||||||
|
|
||||||
|
#. Copy Ceph configuration file to ``/etc/kolla/config/manila/ceph.conf``
|
||||||
|
#. Copy Ceph keyring to ``/etc/kolla/config/manila/<ceph_manila_keyring>``
|
||||||
#. Setup Manila in the usual way
|
#. Setup Manila in the usual way
|
||||||
|
|
||||||
Step 1 is done by using setting ``enable_manila_backend_cephfs_native=true``
|
|
||||||
|
|
||||||
Now put ceph.conf and the keyring file (name depends on the username created
|
|
||||||
in Ceph) into the same directory, for example:
|
|
||||||
|
|
||||||
.. path /etc/kolla/config/manila/ceph.conf
|
|
||||||
.. code-block:: ini
|
|
||||||
|
|
||||||
[global]
|
|
||||||
fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3
|
|
||||||
mon_host = 192.168.0.56
|
|
||||||
auth_cluster_required = cephx
|
|
||||||
auth_service_required = cephx
|
|
||||||
auth_client_required = cephx
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ cat /etc/kolla/config/manila/ceph.client.manila.keyring
|
|
||||||
|
|
||||||
[client.manila]
|
|
||||||
key = AQAg5YRXS0qxLRAAXe6a4R1a15AoRx7ft80DhA==
|
|
||||||
|
|
||||||
For more details on the rest of the Manila setup, such as creating the share
|
For more details on the rest of the Manila setup, such as creating the share
|
||||||
type ``default_share_type``, please see :doc:`Manila in Kolla <manila-guide>`.
|
type ``default_share_type``, please see :doc:`Manila in Kolla <manila-guide>`.
|
||||||
|
|
||||||
|
13
releasenotes/notes/ceph-keys-vars-6857d19d291c401d.yaml
Normal file
13
releasenotes/notes/ceph-keys-vars-6857d19d291c401d.yaml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Introduce user modifiable variables instead of fixed names for Ceph
|
||||||
|
keyring files used by external Ceph functionality.
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
For cinder (cinder-volume and cinder-backup), glance-api and manila
|
||||||
|
keyrings behavior has changed and kolla-ansible deployment will not copy
|
||||||
|
those keys using wildcards (ceph.*), instead will use newly introduced
|
||||||
|
variables. Your environment may render unusable after an upgrade if your
|
||||||
|
keys in /etc/kolla/config do not match default values for introduced
|
||||||
|
variables.
|
Loading…
Reference in New Issue
Block a user