kolla-ansible/doc/source/reference/storage/external-ceph-guide.rst
Jason Anderson cd99ebe55c Update docs to say that external Ceph required
There is no longer support for provisioning Ceph in Kolla Ansible, so we
should no longer say that it's only sometimes necessary to create the
cluster/pools/keyrings externally.

Change-Id: Ia3026cfeebfb8258b79490f9facc341c928845f9
2020-02-20 16:39:28 +00:00

6.0 KiB

External Ceph

Kolla Ansible does not provide support for provisioning and configuring a Ceph cluster directly. Instead, administrators should use a tool dedicated to this purpose, such as:

The desired pool(s) and keyrings should then be created via the Ceph CLI or similar.

Requirements

  • An existing installation of Ceph
  • Existing Ceph storage pools
  • Existing credentials in Ceph for OpenStack services to connect to Ceph (Glance, Cinder, Nova, Gnocchi, Manila)

Refer to http://docs.ceph.com/docs/master/rbd/rbd-openstack/ for details on creating the pool and keyrings with appropriate permissions for each service.

Enabling External Ceph

To activate external Ceph integration you need to enable Ceph backend. This can be done individually per service in /etc/kolla/globals.yml:

glance_backend_ceph: "yes"
cinder_backend_ceph: "yes"
nova_backend_ceph: "yes"
gnocchi_backend_storage: "ceph"
enable_manila_backend_cephfs_native: "yes"

Edit the Inventory File

When using external Ceph, there may be no nodes defined in the storage group. This will cause Cinder and related services relying on this group to fail. In this case, operator should add some nodes to the storage group, all the nodes where cinder-volume and cinder-backup will run:

[storage]
compute01

Configuring External Ceph

Glance

Configuring Glance for Ceph includes the following steps:

  1. Configure Ceph authentication details in /etc/kolla/globals.yml:

    • ceph_glance_keyring (default: ceph.client.glance.keyring)
    • ceph_glance_user (default: glance)
    • ceph_glance_pool_name (default: images)
  2. Copy Ceph configuration file to /etc/kolla/config/glance/ceph.conf

    [global]
    fsid = 1d89fec3-325a-4963-a950-c4afedd37fe3
    mon_initial_members = ceph-0
    mon_host = 192.168.0.56
    auth_cluster_required = cephx
    auth_service_required = cephx
    auth_client_required = cephx
  3. Copy Ceph keyring to /etc/kolla/config/glance/<ceph_glance_keyring>

Cinder

Configuring Cinder for Ceph includes following steps:

  1. Configure Ceph authentication details in /etc/kolla/globals.yml:

    • ceph_cinder_keyring (default: ceph.client.cinder.keyring)
    • ceph_cinder_user (default: cinder)
    • ceph_cinder_pool_name (default: volumes)
    • ceph_cinder_backup_keyring (default: ceph.client.cinder-backup.keyring)
    • ceph_cinder_backup_user (default: cinder-backup)
    • ceph_cinder_backup_pool_name (default: backups)
  2. Copy Ceph configuration file to /etc/kolla/config/cinder/ceph.conf

    Separate configuration options can be configured for cinder-volume and cinder-backup by adding ceph.conf files to /etc/kolla/config/cinder/cinder-volume and /etc/kolla/config/cinder/cinder-backup respectively. They will be merged with /etc/kolla/config/cinder/ceph.conf.

  3. Copy Ceph keyring files to:

    • /etc/kolla/config/cinder/cinder-volume/<ceph_cinder_keyring>
    • /etc/kolla/config/cinder/cinder-backup/<ceph_cinder_keyring>
    • /etc/kolla/config/cinder/cinder-backup/<ceph_cinder_backup_keyring>

Note

cinder-backup requires two keyrings for accessing volumes and backup pool.

Nova

Configuring Nova for Ceph includes following steps:

  1. Configure Ceph authentication details in /etc/kolla/globals.yml:

    • ceph_cinder_keyring (default: ceph.client.cinder.keyring)
    • ceph_nova_keyring (by default it's the same as ceph_cinder_keyring)
    • ceph_nova_user (default: nova)
    • ceph_nova_pool_name (default: vms)
  2. Copy Ceph configuration file to /etc/kolla/config/nova/ceph.conf

  3. Copy Ceph keyring file(s) to:

    • /etc/kolla/config/nova/<ceph_cinder_keyring>
    • /etc/kolla/config/nova/<ceph_nova_keyring> (if your Ceph deployment created one)

    Warning

    If you are using ceph-ansible or another deployment tool that doesn't create separate key for Nova just copy the Cinder key and configure ceph_nova_user to the same value as ceph_cinder_user.

Gnocchi

Configuring Gnocchi for Ceph includes following steps:

  1. Configure Ceph authentication details in /etc/kolla/globals.yml:
    • ceph_gnocchi_keyring (default: ceph.client.gnocchi.keyring)
    • ceph_gnocchi_user (default: gnocchi)
    • ceph_gnocchi_pool_name (default: gnocchi)
  2. Copy Ceph configuration file to /etc/kolla/config/gnocchi/ceph.conf
  3. Copy Ceph keyring to /etc/kolla/config/gnocchi/<ceph_gnocchi_keyring>

Manila

Configuring Manila for Ceph includes following steps:

  1. Configure CephFS backend by setting enable_manila_backend_cephfs_native to true

  2. Configure Ceph authentication details in /etc/kolla/globals.yml:

    • ceph_manila_keyring (default: ceph.client.manila.keyring)
    • ceph_manila_user (default: manila)

    Note

    Required Ceph identity caps for manila user are documented in CephFS Native driver <admin/cephfs_driver.html#authorizing-the-driver-to-communicate-with-ceph>.

  3. Copy Ceph configuration file to /etc/kolla/config/manila/ceph.conf

  4. Copy Ceph keyring to /etc/kolla/config/manila/<ceph_manila_keyring>

  5. Setup Manila in the usual way

For more details on the rest of the Manila setup, such as creating the share type default_share_type, please see Manila in Kolla <manila-guide>.

For more details on the CephFS Native driver, please see CephFS Native driver <admin/cephfs_driver.html>.