OpenStack Zed : Configure Cinder (Storage Node)2022/11/10 |
Install OpenStack Block Storage (Cinder).
This example is based on the environment like follows.
------------+-----------------------------+-----------------------------+------------ | | | eth0|10.0.0.30 eth0|10.0.0.50 eth0|10.0.0.51 +-----------+-----------+ +-----------+-----------+ +-----------+-----------+ | [ dlp.srv.world ] | | [ network.srv.world ] | | [ node01.srv.world ] | | (Control Node) | | (Network Node) | | (Compute Node) | | | | | | | | MariaDB RabbitMQ | | Open vSwitch | | Libvirt | | Memcached Nginx | | Neutron Server | | Nova Compute | | Keystone httpd | | OVN-Northd | | Open vSwitch | | Glance Nova API | | Nginx | | OVN Metadata Agent | | Cinder API | | Cinder Volume | | OVN-Controller | +-----------------------+ +-----------------------+ +-----------------------+ |
[1] | Install Cinder Volume service. |
[root@network ~]# dnf --enablerepo=centos-openstack-zed,epel,crb -y install openstack-cinder targetcli
|
[2] | Configure Cinder Volume. |
[root@network ~]# mv /etc/cinder/cinder.conf /etc/cinder/cinder.conf.org
[root@network ~]#
vi /etc/cinder/cinder.conf # create new [DEFAULT] # define IP address my_ip = 10.0.0.50 rootwrap_config = /etc/cinder/rootwrap.conf api_paste_confg = /etc/cinder/api-paste.ini state_path = /var/lib/cinder auth_strategy = keystone # RabbitMQ connection info transport_url = rabbit://openstack:password@dlp.srv.world enable_v3_api = True # Glance connection info glance_api_servers = https://dlp.srv.world:9292 # MariaDB connection info [database] connection = mysql+pymysql://cinder:password@dlp.srv.world/cinder # Keystone auth info [keystone_authtoken] www_authenticate_uri = https://dlp.srv.world:5000 auth_url = https://dlp.srv.world:5000 memcached_servers = dlp.srv.world:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = servicepassword # if using self-signed certs on httpd Keystone, turn to [true] insecure = false [oslo_concurrency] lock_path = $state_path/tmp chmod 640 /etc/cinder/cinder.conf [root@network ~]# chgrp cinder /etc/cinder/cinder.conf [root@network ~]# systemctl enable --now openstack-cinder-volume |
[3] | If SELinux is enabled, change policy. |
[root@network ~]#
vi iscsiadm.te # create new module iscsiadm 1.0; require { type iscsid_t; type lsmd_plugin_exec_t; type systemd_notify_exec_t; type rsync_exec_t; type thumb_exec_t; type ssh_agent_exec_t; type checkpolicy_exec_t; type crontab_exec_t; type locate_exec_t; type conmon_exec_t; type NetworkManager_exec_t; type dmesg_exec_t; type mount_exec_t; type traceroute_exec_t; type neutron_t; type vlock_exec_t; type fusermount_exec_t; type login_exec_t; type su_exec_t; type cinder_backup_exec_t; type loadkeys_exec_t; type groupadd_exec_t; type systemd_hwdb_exec_t; type mandb_exec_t; type policykit_auth_exec_t; type hostname_exec_t; type passwd_exec_t; type systemd_passwd_agent_exec_t; type dbusd_exec_t; type virtd_exec_t; type cinder_volume_exec_t; type chronyc_exec_t; type systemd_systemctl_exec_t; type journalctl_exec_t; type ping_exec_t; type ssh_exec_t; type plymouth_exec_t; type gpg_exec_t; type devicekit_exec_t; type chfn_exec_t; type cinder_api_exec_t; type gpg_agent_exec_t; type kdumpctl_exec_t; type cinder_scheduler_exec_t; type ssh_keygen_exec_t; type systemd_tmpfiles_exec_t; type rpcbind_exec_t; type rpmdb_exec_t; type keepalived_exec_t; type virt_qemu_ga_exec_t; type container_runtime_exec_t; type lsmd_exec_t; class file getattr; class capability dac_override; } #============= iscsid_t ============== allow iscsid_t self:capability dac_override; #============= neutron_t ============== allow neutron_t cinder_api_exec_t:file getattr; allow neutron_t cinder_backup_exec_t:file getattr; allow neutron_t cinder_scheduler_exec_t:file getattr; allow neutron_t cinder_volume_exec_t:file getattr; allow neutron_t rpcbind_exec_t:file getattr; allow neutron_t virtd_exec_t:file getattr; checkmodule -m -M -o iscsiadm.mod iscsiadm.te [root@network ~]# semodule_package --outfile iscsiadm.pp --module iscsiadm.mod [root@network ~]# semodule -i iscsiadm.pp |
Sponsored Link |
|