OpenStack Ussuri : Cinder
OpenStack Ussuri : Cinder
----------------------- ----------------------- -----------------------
| [ Controller Node ] | | [ Compute Node ] | | [ Network Node ] |
| | | Libvirt | | Open vSwitch |
| MariaDB RabbitMQ | | Nova compute | | L2 Agent |
| Memcached Keystone | | Open vSwitch | | L3 Agent |
| httpd Cinder API | | L2 Agent | | metadata agent |
| Nova-API Compute | | Cinder-LVM | -----------------------
| L2 agent L3 agent | | NFS |
| metadata agent | -----------------------
| Neutron Server |
----------------------- OpenStack Ussuri : Cinder
- Cinder는 OpenStack에서 전체적인 볼륨, 디스크를 관리하는 서비스입니다.
- Cinder 서비스는 다른 Storage Node들과 함께 사용하도록 NFS 서버 또한 구축하여 백업 서비스를 활성하할 수 있게 구성핟록 하겠습니다.
- Cinder에 대한 자세한 설명은 Cinder를 참조해주세요.
Cinder service 및 User 생성
$ controller ~(keystone)> openstack user create --domain default --project service --password qwer1234 cinder
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 7c10c02365be496fb47f12bfd40fe4a7 |
| domain_id | default |
| enabled | True |
| id | 1f9dbcbb529a45c28b5bb8b035ea277a |
| name | cinder |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ controller ~(keystone)> openstack role add --project service --user cinder admin
$ controller ~(keystone)> openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 225ceadb699d4e79adf30769cd872fef |
| name | cinderv3 |
| type | volumev3 |
+-------------+----------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 6bf917232caa43eab3b83959fb19cb45 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 225ceadb699d4e79adf30769cd872fef |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(tenant_id)s |
+--------------+-----------------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | c5987fc3d9eb4fb79a2e8cf73a274936 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 225ceadb699d4e79adf30769cd872fef |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(tenant_id)s |
+--------------+-----------------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | eff2398584944c0fa7575d1991d725fe |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 225ceadb699d4e79adf30769cd872fef |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(tenant_id)s |
+--------------+-----------------------------------------+
# Cinder의 Endpoint를 생성합니다.
Cinder 유저의 DB를 생성합니다.
$ controller> mysql -u root -p
$ MariaDB> create database cinder;
$ MariaDB> grant all privileges on cinder.* to cinder@'localhost' identified by 'qwer1234';
$ MariaDB> grant all privileges on cinder.* to cinder@'%' identified by 'qwer1234';
$ MariaDB> flush privileges;
$ MariaDB> exit;
Cinder 설치
$ controller> dnf --enablerepo=centos-openstack-ussuri,powertools,epel -y install openstack-cinder
# cinder 및 관련 모듈을 설치합니다.
$ controller> vi /etc/cinder/cinder.conf
[DEFAULT]
my_ip = controller
log_dir = /var/log/cinder
state_path = /var/lib/cinder
auth_strategy = keystone
transport_url = rabbit://openstack:qwer1234@controller
enable_v3_api = True
[database]
connection = mysql+pymysql://cinder:qwer1234@controller/cinder
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = qwer1234
[oslo_concurrency]
lock_path = $state_path/tmp
$ controller> su -s /bin/bash cinder -c "cinder-manage db sync"
$ controller> systemctl enable --now openstack-cinder-api openstack-cinder-scheduler
# cinder DB를 임포트 시키고, 서비스를 등록합니다.
$ controller> echo "export OS_VOLUME_API_VERSION=3" >> ~/admin_key
$ controller> source ~/admin_key
# key파일을 수정합니다.
$ controller> firewall-cmd --add-port=8776/tcp --permanent
$ controller> firewall-cmd --reload
# 방화벽을 설정합니다.
Cinder compute node 설치
$ compute> dnf --enablerepo=centos-openstack-ussuri,powertools,epel -y install openstack-cinder targetcli
# cinder 및 관련 모듈을 설치합니다.
$ compute> fdisk ...
# LVM의 타입으로 파티션을 추가합니다.
# cinder 이름으로 vg를 생성합니다.
$ controller> scp /etc/cinder/cinder.conf compute:/etc/cinder/cinder.conf
$ compute> vi /etc/cinder/cinder.conf
[default]
my_ip = compute
...
...
glance_api_servers = http://controller:9292
enabled_backends = lvm
[lvm]
target_helper = lioadm
target_protocol = iscsi
target_ip_address = compute
volume_group = cinder
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volumes_dir = $state_path/volumes
$ compute> vi /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
$ compute> systemctl restart openstack-nova-compute
$ compute> systemctl enable --now openstack-cinder-volume
$ compute> vi iscsiadm.te
module iscsiadm 1.0;
require {
type iscsid_t;
class capability dac_override;
}
#============= iscsid_t ==============
allow iscsid_t self:capability dac_override;
$ compute> checkmodule -m -M -o iscsiadm.mod iscsiadm.te
$ compute> semodule_package --outfile iscsiadm.pp --module iscsiadm.mod
$ compute> semodule -i iscsiadm.pp
$ compute> firewall-cmd --add-service=iscsi-target --permanent
$ compute> firewall-cmd --reload
# SELinux 및 방화벽을 설정합니다.
확인
$ controller ~/(keystone)> openstack volume service list
+------------------+-------------+------+---------+-------+----------------------------+
| Binary | Host | Zone | Status | State | Updated At |
+------------------+-------------+------+---------+-------+----------------------------+
| cinder-scheduler | controller | nova | enabled | up | 2020-08-07T01:29:22.000000 |
| cinder-volume | compute@lvm | nova | enabled | up | 2020-08-07T01:29:22.000000 |
+------------------+-------------+------+---------+-------+----------------------------+
$ controller ~/(keystone)> openstack volume create --size 1 test
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2020-08-07T01:46:06.000000 |
| description | None |
| encrypted | False |
| id | aa07bf85-424d-478c-ae52-648ddc588465 |
| migration_status | None |
| multiattach | False |
| name | test |
| properties | |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | __DEFAULT__ |
| updated_at | None |
| user_id | 57ce8f772e374a7c9282f2674fda1ba7 |
+---------------------+--------------------------------------+
$ controller ~/(keystone)> openstack volume list
+--------------------------------------+------+-----------+------+-------------+
| ID | Name | Status | Size | Attached to |
+--------------------------------------+------+-----------+------+-------------+
| aa07bf85-424d-478c-ae52-648ddc588465 | test | available | 1 | |
+--------------------------------------+------+-----------+------+-------------+
오류가 있어 수정 중입니다 !
Cinder 백업 서비스 구성
$ compute> dnf --enablerepo=centos-openstack-ussuri,powertools,epel -y install nfs-utils
# nfs-utils을 설치합니다.
$ compute> vi /etc/exports
/nfs 10.10.10.0/24(rw,no_root_squash)
# ro: 마운트 된 볼륨의 데이터를 읽기만 가능
# rw: 마운트 된 볼륨에 쓰기 또한 가능
# no_root_squash: 루트 자격을 가진 사용자만 쓰기 가능
# noaccess: 디렉터리 접근 불가
$ compute> systemctl enable --now rpcbind nfs-server
# NFC-server 서비스를 등록 및 시작합니다.
$ vi /etc/cinder/cinder.conf
[default]
...
...
enabled_backends = lvm,nfs
[nfs]
volume_driver = cinder.volume.drivers.nfs.NfsDriver
volume_backend_name = NFS
nfs_shares_config = /etc/cinder/nfs_shares
nfs_mount_point_base = $state_path/mnt_nfs
# cinder.conf 파일의 nfs를 추가합니다.
$ compute> vi /etc/cinder/nfs_shares
compute:/nfs
# 공유될 디렉토리를 지정합니다.
$ compute> chmod 640 /etc/cinder/nfs_shares
$ compute> chgrp cinder /etc/cinder/nfs_shares
$ compute> systemctl restart openstack-cinder-volume
$ compute> chown -R cinder. /var/lib/cinder/mnt_nfs
# cinder nfs 파일의 권한을 변경하고 cinder 서비스를 재시작합니다.
$ compute> firewall-cmd --add-service=nfs --permanent
$ compute> firewall-cmd --reload
# 방화벽을 설정합니다.
$ compute> vi iscsiadm.te
module iscsiadm 1.0;
require {
type iscsid_t;
class capability dac_override;
}
#============= iscsid_t ==============
allow iscsid_t self:capability dac_override;
$ compute> checkmodule -m -M -o iscsiadm.mod iscsiadm.te
$ compute> semodule_package --outfile iscsiadm.pp --module iscsiadm.mod
$ compute> semodule -i iscsiadm.pp
$ compute> systemctl restart openstack-nova-compute
# SELinux를 설정하고 compute 서비스를 재시작합니다.
Cinder 백업 서비스 구성
$ compute> vi /etc/cinder/cinder.conf
[default]
...
...
backup_driver = cinder.backup.drivers.nfs.NFSBackupDriver
backup_mount_point_base = $state_path/backup_nfs
backup_share = compute:/var/lib/cinder-backup
# ciner 백업 서비스를 활성화하기 이해 cinder.conf 파일의 설정을 추가합니다.
$ compute> systemctl enable --now openstack-cinder-backup
$ compute> chown -R cinder. /var/lib/cinder/backup_nfs
$ cinder backup 서비스를 활성화합니다.
확인
$ controller ~(keystone)> openstack volume service list
+------------------+-------------+------+---------+-------+----------------------------+
| Binary | Host | Zone | Status | State | Updated At |
+------------------+-------------+------+---------+-------+----------------------------+
| cinder-scheduler | controller | nova | enabled | up | 2020-08-12T04:31:53.000000 |
| cinder-volume | compute@lvm | nova | enabled | up | 2020-08-12T04:31:46.000000 |
| cinder-volume | compute@nfs | nova | enabled | up | 2020-08-12T04:31:46.000000 |
+------------------+-------------+------+---------+-------+----------------------------+
$ controller ~(keystone)>
$ controller ~(keystone)>
$ controller ~(keystone)>
$ controller ~(keystone)>
<div style="text-align: center; margin-top: 1em;">
RSS Feed
</div>마지막 수정일자