openstack
/
kolla-ansible
Code Issues Proposed changes
kolla-ansible/doc/source/reference/storage/external-ceph-guide.rst

6.1 KiB
Raw Blame History

External Ceph

Sometimes it is necessary to connect OpenStack services to an existing Ceph cluster instead of deploying it with Kolla. This can be achieved with only a few configuration steps in Kolla.

Requirements

  • An existing installation of Ceph
  • Existing Ceph storage pools
  • Existing credentials in Ceph for OpenStack services to connect to Ceph (Glance, Cinder, Nova, Gnocchi, Manila)

Refer to http://docs.ceph.com/docs/master/rbd/rbd-openstack/ for details on creating the pool and keyrings with appropriate permissions for each service.

Enabling External Ceph

Using external Ceph with Kolla means not to deploy Ceph via Kolla. Therefore, disable Ceph deployment in /etc/kolla/globals.yml

enable_ceph: "no"

There are flags indicating individual services to use ceph or not which default to the value of enable_ceph. Those flags now need to be activated in order to activate external Ceph integration. This can be done individually per service in /etc/kolla/globals.yml:

glance_backend_ceph: "yes"
cinder_backend_ceph: "yes"
nova_backend_ceph: "yes"
gnocchi_backend_storage: "ceph"
enable_manila_backend_cephfs_native: "yes"

The combination of enable_ceph: "no" and <service>_backend_ceph: "yes" triggers the activation of external ceph mechanism in Kolla.

Edit the Inventory File

When using external Ceph, there may be no nodes defined in the storage group. This will cause Cinder and related services relying on this group to fail. In this case, operator should add some nodes to the storage group, all the nodes where cinder-volume and cinder-backup will run:

[storage]
compute01

Configuring External Ceph

Glance

Configuring Glance for Ceph includes the following steps:

  1. Configure Ceph authentication details in /etc/kolla/globals.yml:

    • ceph_glance_keyring (default: ceph.client.glance.keyring)
    • ceph_glance_user (default: glance)
    • ceph_glance_pool_name (default: images)

  2. Copy Ceph configuration file to /etc/kolla/config/glance/ceph.conf

    [global]
fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3
mon_initial_members = ceph-0
mon_host = 192.168.0.56
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx

  3. Copy Ceph keyring to /etc/kolla/config/glance/<ceph_glance_keyring>

Cinder

Configuring Cinder for Ceph includes following steps:

  1. Configure Ceph authentication details in /etc/kolla/globals.yml:

    • ceph_cinder_keyring (default: ceph.client.cinder.keyring)
    • ceph_cinder_user (default: cinder)
    • ceph_cinder_pool_name (default: volumes)
    • ceph_cinder_backup_keyring (default: ceph.client.cinder-backup.keyring)
    • ceph_cinder_backup_user (default: cinder-backup)
    • ceph_cinder_backup_pool_name (default: backups)

  2. Copy Ceph configuration file to /etc/kolla/config/cinder/ceph.conf

    Separate configuration options can be configured for cinder-volume and cinder-backup by adding ceph.conf files to /etc/kolla/config/cinder/cinder-volume and /etc/kolla/config/cinder/cinder-backup respectively. They will be merged with /etc/kolla/config/cinder/ceph.conf.

  3. Copy Ceph keyring files to:

    • /etc/kolla/config/cinder/cinder-volume/<ceph_cinder_keyring>
    • /etc/kolla/config/cinder/cinder-backup/<ceph_cinder_keyring>
    • /etc/kolla/config/cinder/cinder-backup/<ceph_cinder_backup_keyring>

Note

cinder-backup requires two keyrings for accessing volumes and backup pool.

Nova

Configuring Nova for Ceph includes following steps:

  1. Configure Ceph authentication details in /etc/kolla/globals.yml:

    • ceph_cinder_keyring (default: ceph.client.cinder.keyring)
    • ceph_nova_keyring (by default it's the same as ceph_cinder_keyring)
    • ceph_nova_user (default: nova)
    • ceph_nova_pool_name (default: vms)

  2. Copy Ceph configuration file to /etc/kolla/config/nova/ceph.conf

  3. Copy Ceph keyring file(s) to:

    • /etc/kolla/config/nova/<ceph_cinder_keyring>
    • /etc/kolla/config/nova/<ceph_nova_keyring> (if your Ceph deployment created one)

    Warning

    If you are using ceph-ansible or another deployment tool that doesn't create separate key for Nova just copy the Cinder key and configure ceph_nova_user to the same value as ceph_cinder_user.

Gnocchi

Configuring Gnocchi for Ceph includes following steps:

  1. Configure Ceph authentication details in /etc/kolla/globals.yml:
    • ceph_gnocchi_keyring (default: ceph.client.gnocchi.keyring)
    • ceph_gnocchi_user (default: gnocchi)
    • ceph_gnocchi_pool_name (default: gnocchi)
  2. Copy Ceph configuration file to /etc/kolla/config/gnocchi/ceph.conf
  3. Copy Ceph keyring to /etc/kolla/config/gnocchi/<ceph_gnocchi_keyring>

Manila

Configuring Manila for Ceph includes following steps:

  1. Configure CephFS backend by setting enable_manila_backend_cephfs_native to true

  2. Configure Ceph authentication details in /etc/kolla/globals.yml:

    • ceph_manila_keyring (default: ceph.client.manila.keyring)
    • ceph_manila_user (default: manila)

    Note

    Required Ceph identity caps for manila user are documented in CephFS Native driver <admin/cephfs_driver.html#authorizing-the-driver-to-communicate-with-ceph>.

  3. Copy Ceph configuration file to /etc/kolla/config/manila/ceph.conf

  4. Copy Ceph keyring to /etc/kolla/config/manila/<ceph_manila_keyring>

  5. Setup Manila in the usual way

For more details on the rest of the Manila setup, such as creating the share type default_share_type, please see Manila in Kolla <manila-guide>.

For more details on the CephFS Native driver, please see CephFS Native driver <admin/cephfs_driver.html>.