openstack/openstack-ansible-ceph_client
Code Issues Proposed changes
openstack-ansible-ceph_client/doc/source/configure-ceph.rst
Dmitriy Rabotyagov 6bb5f7dcdb Add backwards compatibility of ceph_components format 
With [1] we have broken compatibility of potentially provided extra components
config without any notice.

In order to handle this now we fix backwards compatibility along with
adding a deprecation note on the format of ``client``.

[1] https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/882827

Closes-Bug: #2047783
Change-Id: I89b67f0f0545d799194d8486a6bb25227279af84
2024-01-02 15:59:34 +00:00

5.9 KiB
Raw Blame History

Configuring the Ceph client (optional)

Ceph is a massively scalable, open source, distributed storage system.

These links provide details on how to use Ceph with OpenStack:

Note

Configuring Ceph storage servers is outside the scope of this documentation.

Authentication

We recommend the cephx authentication method in the Ceph config reference. OpenStack-Ansible enables cephx by default for the Ceph client. You can choose to override this setting by using the cephx Ansible variable:

cephx: False

Deploy Ceph on a trusted network if disabling cephx.

Configuration file overrides

OpenStack-Ansible provides the ceph_conf_file variable. This allows you to specify configuration file options to override the default Ceph configuration:

ceph_conf_file: |
  [global]
  fsid = 4037aa5f-abde-4378-9470-f73dbd6ceaba
  mon_initial_members = mon1.example.local,mon2.example.local,mon3.example.local
  mon_host = 172.29.244.151,172.29.244.152,172.29.244.153
  auth_cluster_required = cephx
  auth_service_required = cephx
  auth_client_required = cephx

The use of the ceph_conf_file variable is optional. By default, OpenStack-Ansible obtains a copy of ceph.conf from one of your Ceph monitors. This transfer of ceph.conf requires the OpenStack-Ansible deployment host public key to be deployed to all of the Ceph monitors. More details are available here: Deploying SSH Keys.

The following minimal example configuration sets nova and glance to use ceph pools: ephemeral-vms and images respectively. The example uses cephx authentication, and requires existing glance and cinder accounts for images and ephemeral-vms pools.

glance_default_store: rbd
nova_libvirt_images_rbd_pool: ephemeral-vms

For a complete example how to provide the necessary configuration for a Ceph backend without necessary access to Ceph monitors via SSH please see configuration-from-files.

Extra client configuration files

Deployers can specify extra Ceph configuration files to support multiple Ceph cluster backends via the ceph_extra_confs variable.

ceph_extra_confs:
-  src: "/opt/rdb-1.conf"
   dest: "/etc/ceph/rdb-1.conf"
-  src: "/opt/rdb-2.conf"
   dest: "/etc/ceph/rdb-2.conf"

These config file sources must be present on the deployment host.

Alternatively, deployers can specify more options in ceph_extra_confs to deploy keyrings, ceph.conf files, and configure libvirt secrets.

ceph_extra_confs:
-  src: "/etc/openstack_deploy/ceph2.conf"
   dest: "/etc/ceph/ceph2.conf"
   mon_host: 192.168.1.2
   client_name: cinder2
   keyring_src: /etc/openstack_deploy/ceph2.client.cinder2.keyring
   keyring_dest: /etc/ceph/ceph2.client.cinder2.keyring
   secret_uuid: '{{ cinder_ceph_client_uuid2 }}'
-  src: "/etc/openstack_deploy/ceph3.conf"
   dest: "/etc/ceph/ceph3.conf"
   mon_host: 192.168.1.3
   client_name: cinder3
   keyring_src: /etc/openstack_deploy/ceph3.client.cinder3.keyring
   keyring_dest: /etc/ceph/ceph3.client.cinder3.keyring
   secret_uuid: '{{ cinder_ceph_client_uuid3 }}'

The primary aim of this feature is to deploy multiple ceph clusters as cinder backends and enable nova/libvirt to mount block volumes from those backends. These settings do not override the normal deployment of ceph client and associated setup tasks.

Deploying multiple ceph clusters as cinder backends requires the following adjustments to each backend in cinder_backends

rbd_ceph_conf: /etc/ceph/ceph2.conf
rbd_pool: cinder_volumes_2
rbd_user: cinder2
rbd_secret_uuid: '{{ cinder_ceph_client_uuid2 }}'
volume_backend_name: volumes2

The dictionary keys rbd_ceph_conf, rbd_user, and rbd_secret_uuid must be unique for each ceph cluster to used as a cinder_backend.

Monitors

The Ceph Monitor maintains a master copy of the cluster map. OpenStack-Ansible provides the ceph_mons variable and expects a list of IP addresses for the Ceph Monitor servers in the deployment:

ceph_mons:
    - 172.29.244.151
    - 172.29.244.152
    - 172.29.244.153

Configure os_gnocchi with ceph_client

If the os_gnocchi role is going to utilize the ceph_client role, the following configurations need to be added to the user variable file:

ceph_extra_components:
  - component: gnocchi_api
    package: "{{ python_ceph_packages }}"
    client:
      - name: '{{ gnocchi_ceph_client }}'
    service: '{{ ceph_gnocchi_service_names }}'