How to Authenticate Ceph Using Libvirtd Secrets

Problem

While creating new instance in host where the authentication using libvirtd secrets for Ceph is not configured, throwing below traceback error in the logs:

Nova log
Copy

Environment

  • Platform9 Managed OpenStack - v5.8 and Higher.
  • Rocky Linux 9.1 and higher.

Procedure

The recommended steps to configure the libvirtd secret are listed below:

Setup Ceph Client Authentication

1. Create a new user for Cinder and Glance. Execute the following commands on the ceph-deploy admin node.

Hypervisor
Copy

2. Add the keyrings for client.cinder and client.glance to the respective nodes and change their ownership as shown below.

Hypervisor
Copy

3. Nodes running nova-compute(Compute node) need the keyring file for the nova-compute process. Add the keyring file as shown below.

Hypervisor
Copy

4. Add the secret key to libvirt and remove the temporary copy of the key on the compute node as shown below:

Hypervisor
Copy

The output will be a key similar to 457eb676-33da-42ec-9a8c-9293d545c337

Compute Host
Copy

Configure OpenStack to use CEPH

1. Configuring Glance

In order to use CEPH block device(RBD) by default, configure Glance as shown below. Edit/modify the entries as shown below in /etc/glance/glance-api.conf under the [DEFAULT] section on the controller node.

Compute Host
Copy

To avoid images getting cached under /var/lib/glance/image-cache/, add the following entries under the [paste_deploy] section in /etc/glance/glance-api.conf.

Compute Host
Copy

2. Configuring Cinder

OpenStack requires a driver to interact with Ceph block device RBD and also the pool name for the block device. On the cinder node, edit /etc/cinder/cinder.conf by adding the following entries under the [DEFAULT] section.

Compute Host
Copy
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard