{"id":19554,"date":"2023-12-12T15:38:14","date_gmt":"2023-12-12T12:38:14","guid":{"rendered":"https:\/\/kifarunix.com\/?p=19554"},"modified":"2024-04-05T20:00:12","modified_gmt":"2024-04-05T17:00:12","slug":"part-2-integrate-openstack-with-ceph-storage-cluster","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/part-2-integrate-openstack-with-ceph-storage-cluster\/","title":{"rendered":"Part 2: Integrate OpenStack with Ceph Storage Cluster"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1049\" height=\"589\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/12\/openstack-n-ceph.png\" alt=\"integrate openstack with ceph storage cluster\" class=\"wp-image-19570\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/12\/openstack-n-ceph.png?v=1702384460 1049w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/12\/openstack-n-ceph-768x431.png?v=1702384460 768w\" sizes=\"(max-width: 1049px) 100vw, 1049px\" \/><\/figure><\/div>\n\n\n<p>This is the part 2 of our tutorial on how to integrate OpenStack with Ceph Storage cluster.  In cloud computing, OpenStack and Ceph stand as two prominent pillars, each offering distinct yet complementary capabilities. While OpenStack provides a comprehensive cloud computing platform, Ceph delivers distributed and scalable storage services.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/part-1-integrate-openstack-with-ceph-storage-cluster\/\" target=\"_blank\" rel=\"noreferrer noopener\">Part 1: Integrating OpenStack with Ceph Storage Cluster<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/part-3-integrate-openstack-with-ceph-storage-cluster\/\" target=\"_blank\" rel=\"noreferrer noopener\">Part 3: Integrate OpenStack with Ceph Storage Cluster<\/a><\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#prepare-nodes-for-open-stack-deployment-and-integration-with-ceph\">Prepare Nodes for OpenStack Deployment and Integration with Ceph<\/a><ul><li><a href=\"#configure-networking-on-the-open-stack-nodes\">Configure Networking on the OpenStack Nodes<\/a><\/li><li><a href=\"#install-required-packages-on-the-kolla-ansible-deployment-node\">Install Required Packages on the Kolla-Ansible Deployment Node<\/a><\/li><li><a href=\"#create-kolla-ansible-deployment-user-account-on-open-stack-nodes\">Create Kolla-Ansible Deployment User Account on OpenStack Nodes<\/a><\/li><li><a href=\"#create-a-virtual-environment-for-kolla-ansible-deployment\">Create a Virtual Environment for Kolla-Ansible Deployment<\/a><\/li><li><a href=\"#install-ansible-on-deployment-node\">Install Ansible on Deployment Node<\/a><\/li><li><a href=\"#install-kolla-ansible-on-the-deployment-node\">Install Kolla-Ansible on the Deployment Node<\/a><\/li><li><a href=\"#configure-kolla-ansible-for-multinode-open-stack-deployment\">Configure Kolla-ansible for Multinode OpenStack Deployment<\/a><\/li><li><a href=\"#create-ceph-configuration-directories-on-open-stack\">Create Ceph Configuration Directories on OpenStack<\/a><\/li><li><a href=\"#copy-ceph-configurations-to-open-stack-client-directories\">Copy Ceph Configurations to OpenStack Client Directories<\/a><\/li><li><a href=\"#create-ceph-credentials-for-open-stack-clients\">Create Ceph Credentials for OpenStack Clients<\/a><\/li><li><a href=\"#copy-ceph-credentials-to-open-stack-clients\">Copy Ceph Credentials to OpenStack Clients<\/a><\/li><li><a href=\"#enable-open-stack-services-cephx-authentication\">Enable OpenStack Services Cephx Authentication<\/a><\/li><li><a href=\"#configure-open-stack-glance-client-for-ceph\">Configure OpenStack Glance Client for Ceph<\/a><\/li><li><a href=\"#install-ceph-rbd-secret-key-on-compute-nodes\">Install Ceph RBD Secret Key on Compute Nodes<\/a><\/li><li><a href=\"#configure-open-stack-cinder-for-ceph\">Configure OpenStack Cinder for Ceph<\/a><\/li><li><a href=\"#define-kolla-ansible-global-deployment-options\">Define Kolla-Ansible Global Deployment Options<\/a><\/li><li><a href=\"#update-kolla-ansible-open-stack-nodes-inventory-file\">Update Kolla-Ansible OpenStack Nodes Inventory File<\/a><\/li><li><a href=\"#generate-kolla-ansible-passwords\">Generate Kolla-Ansible Passwords<\/a><\/li><li><a href=\"#configure-open-stack-nova-for-ceph\">Configure OpenStack Nova for Ceph<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"prepare-nodes-for-open-stack-deployment-and-integration-with-ceph\">Prepare Nodes for OpenStack Deployment and Integration with Ceph<\/h3>\n\n\n\n<p>Note that, we are deploying OpenStack using Kolla-ansible.<\/p>\n\n\n\n<p>In our previous guides we discussed how to deploy multinode OpenStack as well how to expand OpenStack deployment by adding more controller nodes.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/deploy-multinode-openstack-using-kolla-ansible\/\" target=\"_blank\" rel=\"noreferrer noopener\">Deploy Multinode OpenStack using Kolla-Ansible<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/add-controller-nodes-into-existing-openstack-cluster-using-kolla-ansible\/\" target=\"_blank\" rel=\"noreferrer noopener\">Add Controller Nodes into Existing OpenStack Cluster using Kolla-Ansible<\/a><\/p>\n\n\n\n<p>We will pivot on these tutorials and just make a few changes to integrate our fresh OpenStack installation with Ceph storage cluster.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>Note<\/strong>: in our previous guide, we were using an LVM disk and NFS share provided by our storage node (storage01) for OpenStack Cinder volume and backup, and for the Glance images respectively.<\/p>\n\n\n\n<p>To integrate OpenStack with Ceph, we will eliminate the need for storage node (storage01) since we already have a running Ceph cluster.<\/p>\n\n\n\n<p>Thus, follow the OpenStack installation guide above accordingly and only make changes where necessary as outlined below.<\/p>\n<\/blockquote>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-networking-on-the-open-stack-nodes\">Configure Networking on the OpenStack Nodes<\/h4>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/deploy-multinode-openstack-using-kolla-ansible\/#network-configurations-on-the-nodes\" target=\"_blank\" rel=\"noreferrer noopener\">Network Configurations on the Nodes<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-required-packages-on-the-kolla-ansible-deployment-node\">Install Required Packages on the Kolla-Ansible Deployment Node<\/h4>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/deploy-multinode-openstack-using-kolla-ansible\/#install-required-packages-on-deployment-node\" target=\"_blank\" rel=\"noreferrer noopener\">Install Required Packages on Deployment Node<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-kolla-ansible-deployment-user-account-on-open-stack-nodes\">Create Kolla-Ansible Deployment User Account on OpenStack Nodes<\/h4>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/deploy-multinode-openstack-using-kolla-ansible\/#create-kolla-ansible-deployment-user-account\" target=\"_blank\" rel=\"noreferrer noopener\">Create Kolla-Ansible Deployment User Account on OpenStack Nodes<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-a-virtual-environment-for-kolla-ansible-deployment\">Create a Virtual Environment for Kolla-Ansible Deployment<\/h4>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/deploy-multinode-openstack-using-kolla-ansible\/#create-a-virtual-environment-for-deploying-kolla-ansible\" target=\"_blank\" rel=\"noreferrer noopener\">Create a Virtual Environment for Deploying Kolla-ansible<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-ansible-on-deployment-node\">Install Ansible on Deployment Node<\/h4>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/deploy-multinode-openstack-using-kolla-ansible\/#install-ansible-on-ubuntu-22-04\" target=\"_blank\" rel=\"noreferrer noopener\">Install Ansible on Deployment Node<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-kolla-ansible-on-the-deployment-node\">Install Kolla-Ansible on the Deployment Node<\/h4>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/deploy-multinode-openstack-using-kolla-ansible\/#install-kolla-ansible-on-ubuntu-22-04\" target=\"_blank\" rel=\"noreferrer noopener\">Install Kolla-ansible on Deployment Node<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-kolla-ansible-for-multinode-open-stack-deployment\">Configure Kolla-ansible for Multinode OpenStack Deployment<\/h4>\n\n\n\n<p>Create Kolla configuration directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo mkdir \/etc\/kolla<\/code><\/pre>\n\n\n\n<p>Update the ownership of the Kolla config directory to the user with which you activated Koll-ansible deployment virtual environment as<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo chown $USER:$USER \/etc\/kolla<\/code><\/pre>\n\n\n\n<p>Copy the main Kolla configuration file,&nbsp;<code><strong>globals.yml<\/strong><\/code>&nbsp;and the OpenStack services passwords file,&nbsp;<code><strong>passwords.yml<\/strong><\/code>&nbsp;into the Kolla configuration directory above from the&nbsp;<strong>virtual environment<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp $HOME\/kolla-ansible\/share\/kolla-ansible\/etc_examples\/kolla\/* \/etc\/kolla\/<\/code><\/pre>\n\n\n\n<p>Confirm;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ls \/etc\/kolla<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>globals.yml  passwords.yml<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-ceph-configuration-directories-on-open-stack\">Create Ceph Configuration Directories on OpenStack<\/h4>\n\n\n\n<p>You need to create a directory to store OpenStack Ceph client configurations. OpenStack ceph clients in this context are the OpenStack nodes running&nbsp;<code>glance_api<\/code>,&nbsp;<code>cinder_volume<\/code>,&nbsp;<code>nova_compute<\/code>&nbsp;and&nbsp;<code>cinder_backup<\/code>.<\/p>\n\n\n\n<p>Since we are using our controller node as our Kolla-ansible deployment node, we will create configuration directories for Glance, Nova and Cinder volume\/backup to store Ceph configurations as follows.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kifarunix@controller01:~$ <strong>mkdir -p \/etc\/kolla\/config\/{glance,cinder\/cinder-volume,cinder\/cinder-backup,nova}<\/strong><\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"copy-ceph-configurations-to-open-stack-client-directories\">Copy Ceph Configurations to OpenStack Client Directories<\/h4>\n\n\n\n<p>Copy the Ceph configuration file, <strong><code>ceph.conf<\/code><\/strong> from the Ceph admin node to each of the OpenStack services directories created above.<\/p>\n\n\n\n<p>192.168.200.200 is my controller01 node.<\/p>\n\n\n\n<p>Glance:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh kifarunix@192.168.200.200 tee \/etc\/kolla\/config\/glance\/ceph.conf &lt; \/etc\/ceph\/ceph.conf<\/code><\/pre>\n\n\n\n<p>Cinder Volume and Backup<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh kifarunix@192.168.200.200 tee \/etc\/kolla\/config\/cinder\/cinder-volume\/ceph.conf &lt; \/etc\/ceph\/ceph.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh kifarunix@192.168.200.200 tee \/etc\/kolla\/config\/cinder\/cinder-backup\/ceph.conf &lt; \/etc\/ceph\/ceph.conf<\/code><\/pre>\n\n\n\n<p>Nova<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh kifarunix@192.168.200.200 tee \/etc\/kolla\/config\/nova\/ceph.conf &lt; \/etc\/ceph\/ceph.conf<\/code><\/pre>\n\n\n\n<p>Login to your Kolla-ansible deployment node and confirm the above;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kifarunix@controller01:~$ <strong>cat \/etc\/kolla\/config\/glance\/ceph.conf<\/strong><\/code><\/pre>\n\n\n\n<pre class=\"scroll-sz\"><code># minimal ceph.conf for 1e266088-9480-11ee-a7e1-738d8527cddc\n[global]\nfsid = 1e266088-9480-11ee-a7e1-738d8527cddc\nmon_host = [v2:192.168.200.108:3300\/0,v1:192.168.200.108:6789\/0] [v2:192.168.200.109:3300\/0,v1:192.168.200.109:6789\/0] [v2:192.168.200.110:3300\/0,v1:192.168.200.110:6789\/0]\n<\/code><\/pre>\n\n\n\n<p>Confirm for cinder-backup and cinder-volume as well.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-ceph-credentials-for-open-stack-clients\">Create Ceph Credentials for OpenStack Clients<\/h4>\n\n\n\n<p>As already mentioned, our OpenStack Ceph client in this context is our OpenStack glance\/cinder services.<\/p>\n\n\n\n<p>Any client that is accessing Ceph cluster needs to authenticate itself on Ceph in order to read, write or manage specific object data in the cluster. To achieve this, Ceph uses CephX protocol. CephX authorizes users\/clients and daemons to perform specific actions within a Ceph cluster. It enforces access control rules that determine which users and daemons are allowed to read, write, or manage data, as well as perform other administrative tasks.<\/p>\n\n\n\n<p>Cephx authorization is primarily based on the concept of capabilities (commonly abbreviated as <strong><code>caps<\/code><\/strong>). caps are used to describe the permissions granted to an authenticated user to exercise the functionality of the monitors, OSDs, and metadata servers. They can also restrict access to data within a pool, a namespace within a pool, or a set of pools based on their application tags which are permissions granted to users and daemons to perform specific operations.<\/p>\n\n\n\n<p>The Cephx authentication is enabled by default. It uses shared secret keys for authentication, meaning both the client and Ceph Monitors have a copy of the client\u2019s secret key.<\/p>\n\n\n\n<p>There are two common naming conventions for Ceph keyring files:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>User keyrings:<\/strong> For user keyrings, the file name typically follows the format <code class=\"\">ceph.client.username.keyring<\/code>, where <code class=\"\">username<\/code> is the name of the Ceph user. For example, the keyring file for the <code class=\"\">client.admin<\/code> user would be named <code class=\"\">ceph.client.admin.keyring<\/code>.<\/li>\n\n\n\n<li><strong>Daemon keyrings:<\/strong> For daemon keyrings, the file name typically follows the format <code class=\"\">ceph.service.keyring<\/code>, where <code class=\"\">service<\/code> is the name of the Ceph daemon. For example, the keyring file for the <code class=\"\">ceph-osd<\/code> daemon would be named <code class=\"\">ceph.osd.keyring<\/code>.<\/li>\n<\/ol>\n\n\n\n<p>When you deploy Ceph using tools such as cephadm, you will see a keyring file for the admin user, <strong><code>ceph.client.admin.keyring<\/code><\/strong> is created under <code><strong>\/etc\/ceph\/<\/strong><\/code> directory. Authentication keys and capabilities for Ceph users and daemons are stored in a keyring file.<\/p>\n\n\n\n<p>For example, if you run the&nbsp;<code>ceph health<\/code>&nbsp;command without specifying a user name or keyring, Ceph interprets the command like this:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ceph -n client.admin --keyring=\/etc\/ceph\/ceph.client.admin.keyring health<\/code><\/pre>\n\n\n\n<p>You can list Ceph authentication state (all users in the cluster) using the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth ls<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>osd.0\n\tkey: AQDH7HBlXtGxChAA7ToLWEBb+E5rMXy2AHFR7Q==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nosd.1\n\tkey: AQDL7HBl4rD5FBAAYn5E8aT3dX4Evj84IpgSYA==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nosd.2\n\tkey: AQDL7HBlEbhUHRAA10a3R6MI+gZkhwOO\/b\/bWA==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nosd.3\n\tkey: AQDM7HBlT7NaBRAApBwCaAA7KP7kIL9Sa3UlDQ==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nosd.4\n\tkey: AQDU7HBlc6ZBCBAAfc+X7ud86ED+reyxJQ\/4hw==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nosd.5\n\tkey: AQDU7HBlMj2PORAA7XMnB0E9vMLzM\/vhdYlUew==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nclient.admin\n\tkey: AQB06nBlLRqaARAAd6foD4m7LCacr35VkwbB8A==\n\tcaps: [mds] allow *\n\tcaps: [mgr] allow *\n\tcaps: [mon] allow *\n\tcaps: [osd] allow *\nclient.bootstrap-mds\n\tkey: AQB26nBlveK\/KxAAALdKzVeoRpTIPMWdZG+0ZA==\n\tcaps: [mon] allow profile bootstrap-mds\nclient.bootstrap-mgr\n\tkey: AQB26nBliOi\/KxAAoOBnL\/3ZDlemCJb1EW\/txA==\n\tcaps: [mon] allow profile bootstrap-mgr\nclient.bootstrap-osd\n\tkey: AQB26nBlWu2\/KxAAbxUUdBFxuldf0GjHR1lBIw==\n\tcaps: [mon] allow profile bootstrap-osd\nclient.bootstrap-rbd\n\tkey: AQB26nBlJfK\/KxAA76mYZYJmpj0tN6s0K2eOLw==\n\tcaps: [mon] allow profile bootstrap-rbd\nclient.bootstrap-rbd-mirror\n\tkey: AQB26nBl9fa\/KxAA3mG63hMRfdeAH0rj+Y4JRg==\n\tcaps: [mon] allow profile bootstrap-rbd-mirror\nclient.bootstrap-rgw\n\tkey: AQB26nBl5\/y\/KxAAOtN2KnJgCh9HkiSSZB6c9g==\n\tcaps: [mon] allow profile bootstrap-rgw\nclient.ceph-exporter.ceph-mon-osd01\n\tkey: AQCo6nBlJXysAxAAFzvIyRTjJZFePGxt6SECyg==\n\tcaps: [mgr] allow r\n\tcaps: [mon] allow r\n\tcaps: [osd] allow r\nclient.ceph-exporter.osd02\n\tkey: AQBC7HBlKtjvBRAA1gN4CDBJT2YCMRW7k9F3HQ==\n\tcaps: [mgr] allow r\n\tcaps: [mon] allow r\n\tcaps: [osd] allow r\nclient.ceph-exporter.osd03\n\tkey: AQBn7HBlqpWgNxAACz49\/HzFw9iPAu+pm78ncg==\n\tcaps: [mgr] allow r\n\tcaps: [mon] allow r\n\tcaps: [osd] allow r\nclient.crash.ceph-mon-osd01\n\tkey: AQCp6nBlqjT6MhAAlimlctchb6CwhgTFX7wBvA==\n\tcaps: [mgr] profile crash\n\tcaps: [mon] profile crash\nclient.crash.osd02\n\tkey: AQBE7HBlXe9vDBAADWjCfeElTOMpG5\/9Qs\/jMw==\n\tcaps: [mgr] profile crash\n\tcaps: [mon] profile crash\nclient.crash.osd03\n\tkey: AQBp7HBl5UGWJhAAEVAsSTGn4LzpnDTxes06LA==\n\tcaps: [mgr] profile crash\n\tcaps: [mon] profile crash\nmgr.ceph-mon-osd01.nubjcu\n\tkey: AQB06nBlQXVMFRAALNjTMBTZi5cL4bDYLpHxCg==\n\tcaps: [mds] allow *\n\tcaps: [mon] profile mgr\n\tcaps: [osd] allow *\nmgr.osd02.zfvugc\n\tkey: AQBG7HBlGKgVHRAAo1MRpjTN8k9vQeuk4oMcyA==\n\tcaps: [mds] allow *\n\tcaps: [mon] profile mgr\n\tcaps: [osd] allow *\n<\/code><\/pre>\n\n\n\n<p>You can get a specific user keys and capabilities as well. For example, to check for admin user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth get client.admin<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>[client.admin]\n\tkey = AQB06nBlLRqaARAAd6foD4m7LCacr35VkwbB8A==\n\tcaps mds = \"allow *\"\n\tcaps mgr = \"allow *\"\n\tcaps mon = \"allow *\"\n\tcaps osd = \"allow *\"\n<\/code><\/pre>\n\n\n\n<p>Without further ado, create OpenStack Glance\/Cinder Ceph credentials;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=&lt;pool&gt;' mgr 'profile rbd pool=&lt;pool&gt;'<\/code><\/pre>\n\n\n\n<p>Replace the <strong><code>&lt;pool&gt;<\/code><\/strong> with your pool name. e.g;<\/p>\n\n\n\n<p>Glance Ceph credentials:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=glance-images'<\/code><\/pre>\n\n\n\n<p>Cinder volume and backup credentials;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=cinder-volume, allow rx pool=glance-images'<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=cinder-backup'<\/code><\/pre>\n\n\n\n<p>The keys will be printed to standard output as well.<\/p>\n\n\n\n<p>So, what do the commands do exactly?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>ceph<\/code>: The command-line interface for interacting with the Ceph storage cluster.<\/li>\n\n\n\n<li><code>auth<\/code>: The <code>auth<\/code> subsystem in Ceph is responsible for managing authentication and authorization.<\/li>\n\n\n\n<li><code>get-or-create<\/code>: This part of the command is telling Ceph to either retrieve existing authentication information for the specified client (&#8220;client.glance&#8221;) or create it if it doesn&#8217;t exist.<\/li>\n\n\n\n<li><code>client.glance<\/code>: This is the name of the Ceph client for which the authentication information is being created or retrieved. In this case, it&#8217;s named &#8220;glance.&#8221;<\/li>\n\n\n\n<li><code>mon 'allow r'<\/code>: Specifies the permissions for the Monitors (mon) in the Ceph cluster. It grants read-only (&#8216;allow r&#8217;) permissions to the monitors.<\/li>\n\n\n\n<li><code>osd 'allow class-read object_prefix rbd_children, allow rwx pool=glance-images'<\/code>: Specifies the permissions for the Object Storage Daemons (OSD) in the Ceph cluster. It grants the following permissions:\n<ul class=\"wp-block-list\">\n<li><code>allow class-read object_prefix rbd_children<\/code>: Allows the client to read the class and list the child objects under the &#8220;rbd&#8221; namespace.<\/li>\n\n\n\n<li><code>allow rwx pool=glance-images<\/code>: Grants read, write, and execute permissions for the &#8220;glance-images&#8221; pool.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>You can check the details using;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth ls<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>osd.0\n\tkey: AQDH7HBlXtGxChAA7ToLWEBb+E5rMXy2AHFR7Q==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nosd.1\n\tkey: AQDL7HBl4rD5FBAAYn5E8aT3dX4Evj84IpgSYA==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nosd.2\n\tkey: AQDL7HBlEbhUHRAA10a3R6MI+gZkhwOO\/b\/bWA==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nosd.3\n\tkey: AQDM7HBlT7NaBRAApBwCaAA7KP7kIL9Sa3UlDQ==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nosd.4\n\tkey: AQDU7HBlc6ZBCBAAfc+X7ud86ED+reyxJQ\/4hw==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nosd.5\n\tkey: AQDU7HBlMj2PORAA7XMnB0E9vMLzM\/vhdYlUew==\n\tcaps: [mgr] allow profile osd\n\tcaps: [mon] allow profile osd\n\tcaps: [osd] allow *\nclient.admin\n\tkey: AQB06nBlLRqaARAAd6foD4m7LCacr35VkwbB8A==\n\tcaps: [mds] allow *\n\tcaps: [mgr] allow *\n\tcaps: [mon] allow *\n\tcaps: [osd] allow *\nclient.bootstrap-mds\n\tkey: AQB26nBlveK\/KxAAALdKzVeoRpTIPMWdZG+0ZA==\n\tcaps: [mon] allow profile bootstrap-mds\nclient.bootstrap-mgr\n\tkey: AQB26nBliOi\/KxAAoOBnL\/3ZDlemCJb1EW\/txA==\n\tcaps: [mon] allow profile bootstrap-mgr\nclient.bootstrap-osd\n\tkey: AQB26nBlWu2\/KxAAbxUUdBFxuldf0GjHR1lBIw==\n\tcaps: [mon] allow profile bootstrap-osd\nclient.bootstrap-rbd\n\tkey: AQB26nBlJfK\/KxAA76mYZYJmpj0tN6s0K2eOLw==\n\tcaps: [mon] allow profile bootstrap-rbd\nclient.bootstrap-rbd-mirror\n\tkey: AQB26nBl9fa\/KxAA3mG63hMRfdeAH0rj+Y4JRg==\n\tcaps: [mon] allow profile bootstrap-rbd-mirror\nclient.bootstrap-rgw\n\tkey: AQB26nBl5\/y\/KxAAOtN2KnJgCh9HkiSSZB6c9g==\n\tcaps: [mon] allow profile bootstrap-rgw\nclient.ceph-exporter.ceph-mon-osd01\n\tkey: AQCo6nBlJXysAxAAFzvIyRTjJZFePGxt6SECyg==\n\tcaps: [mgr] allow r\n\tcaps: [mon] allow r\n\tcaps: [osd] allow r\nclient.ceph-exporter.osd02\n\tkey: AQBC7HBlKtjvBRAA1gN4CDBJT2YCMRW7k9F3HQ==\n\tcaps: [mgr] allow r\n\tcaps: [mon] allow r\n\tcaps: [osd] allow r\nclient.ceph-exporter.osd03\n\tkey: AQBn7HBlqpWgNxAACz49\/HzFw9iPAu+pm78ncg==\n\tcaps: [mgr] allow r\n\tcaps: [mon] allow r\n\tcaps: [osd] allow r\n<strong>client.cinder\n\tkey: AQCgp3JlbaE2GBAAiG1Tpcjm\/DyTXmYClvxTYQ==\n\tcaps: [mon] allow r\n\tcaps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=cinder-volume, allow rx pool=glance-images<\/strong>\n<strong>client.cinder-backup\n\tkey: AQCgp3JliNIvLhAA7rgiP5zxA0wFIYCqFjoHvg==\n\tcaps: [mon] allow r\n\tcaps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=cinder-backup<\/strong>\nclient.crash.ceph-mon-osd01\n\tkey: AQCp6nBlqjT6MhAAlimlctchb6CwhgTFX7wBvA==\n\tcaps: [mgr] profile crash\n\tcaps: [mon] profile crash\nclient.crash.osd02\n\tkey: AQBE7HBlXe9vDBAADWjCfeElTOMpG5\/9Qs\/jMw==\n\tcaps: [mgr] profile crash\n\tcaps: [mon] profile crash\nclient.crash.osd03\n\tkey: AQBp7HBl5UGWJhAAEVAsSTGn4LzpnDTxes06LA==\n\tcaps: [mgr] profile crash\n\tcaps: [mon] profile crash\n<strong>client.glance\n\tkey: AQChp3JlGbZvBxAA6nI65tVe3Yi+jJCUP86FwQ==\n\tcaps: [mon] allow r\n\tcaps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=glance-images<\/strong>\nmgr.ceph-mon-osd01.nubjcu\n\tkey: AQB06nBlQXVMFRAALNjTMBTZi5cL4bDYLpHxCg==\n\tcaps: [mds] allow *\n\tcaps: [mon] profile mgr\n\tcaps: [osd] allow *\nmgr.osd02.zfvugc\n\tkey: AQBG7HBlGKgVHRAAo1MRpjTN8k9vQeuk4oMcyA==\n\tcaps: [mds] allow *\n\tcaps: [mon] profile mgr\n\tcaps: [osd] allow *\n<\/code><\/pre>\n\n\n\n<p>If you want to print the key only;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth print-key TYPE.ID<\/code><\/pre>\n\n\n\n<p>Where <code>TYPE<\/code>&nbsp;is either&nbsp;<code>client<\/code>,&nbsp;<code>osd<\/code>,&nbsp;<code>mon<\/code>, or&nbsp;<code>mds<\/code>, and&nbsp;<code>ID<\/code>&nbsp;is the user name or the ID of the daemon.<\/p>\n\n\n\n<p>You can also use the command, <strong><code>ceph auth get &lt;username&gt;<\/code><\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth get client.glance<\/code><\/pre>\n\n\n\n<p>If for some reasons you want to delete a user and associated caps, use &nbsp;the command <code>ceph&nbsp;auth&nbsp;del<\/code> TYPE.ID.<\/p>\n\n\n\n<p>For example to delete client.cinder;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth del client.cinder<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"copy-ceph-credentials-to-open-stack-clients\">Copy Ceph Credentials to OpenStack Clients<\/h4>\n\n\n\n<p>Once you have the credentials for the OpenStack services generated, copy them <strong>from<\/strong> the Ceph admin node to the client.<\/p>\n\n\n\n<p><strong>Be sure to remove the leading tabs on the configuration files.<\/strong><\/p>\n\n\n\n<p>In our case, we have already created the Ceph configuration files directory on our Kolla-ansible control node, which is controller01. So copying the OpenStack client\/service keys to the node itself is as easy as running the commands below.<\/p>\n\n\n\n<p>Glance:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth get-or-create client.glance | ssh kifarunix@192.168.200.200 tee \/etc\/kolla\/config\/glance\/ceph.client.glance.keyring<\/code><\/pre>\n\n\n\n<p>Cinder Volume and Backup:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth get-or-create client.cinder | ssh kifarunix@192.168.200.200 tee \/etc\/kolla\/config\/cinder\/cinder-volume\/ceph.client.cinder.keyring<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth get-or-create client.cinder-backup | ssh kifarunix@192.168.200.200 tee \/etc\/kolla\/config\/cinder\/cinder-backup\/ceph.client.cinder-backup.keyring<\/code><\/pre>\n\n\n\n<p><code>cinder-backup<\/code>&nbsp;requires two keyrings for accessing volumes and backup pool. Hence, copy the cinder-volume keyring into cinder-backup configuration directory.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth get-or-create client.cinder | ssh kifarunix@192.168.200.200 tee \/etc\/kolla\/config\/cinder\/cinder-backup\/ceph.client.cinder.keyring<\/code><\/pre>\n\n\n\n<p>Nova:<\/p>\n\n\n\n<p>If you will be booting OpenStack instances using volumes that are stored or needs to be stored on Ceph, then Nova must be configured to access Cinder volume pool on Ceph.<\/p>\n\n\n\n<p>Thus, copy both the Glance and Cinder volume keyrings to Nova configuration directory.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth get-or-create client.glance | ssh kifarunix@192.168.200.200 tee \/etc\/kolla\/config\/nova\/ceph.client.glance.keyring<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ceph auth get-or-create client.cinder | ssh kifarunix@192.168.200.200 tee \/etc\/kolla\/config\/nova\/ceph.client.cinder.keyring<\/code><\/pre>\n\n\n\n<p>Confirm on the client;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kifarunix@controller01:~$ cat \/etc\/kolla\/config\/glance\/ceph.client.glance.keyring<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;client.glance]\nkey = AQChp3JlGbZvBxAA6nI65tVe3Yi+jJCUP86FwQ==<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/kolla\/config\/cinder\/cinder-volume\/ceph.client.cinder.keyring<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;client.cinder]\nkey = AQCgp3JlbaE2GBAAiG1Tpcjm\/DyTXmYClvxTYQ==<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/kolla\/config\/cinder\/cinder-backup\/ceph.client.cinder-backup.keyring<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;client.cinder-backup]\nkey = AQCgp3JliNIvLhAA7rgiP5zxA0wFIYCqFjoHvg==<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/kolla\/config\/nova\/ceph.client.cinder.keyring \/etc\/kolla\/config\/nova\/ceph.client.glance.keyring<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;client.cinder]\nkey = AQCgp3JlbaE2GBAAiG1Tpcjm\/DyTXmYClvxTYQ==\n&#91;client.glance]\nkey = AQChp3JlGbZvBxAA6nI65tVe3Yi+jJCUP86FwQ==<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"enable-open-stack-services-cephx-authentication\">Enable OpenStack Services Cephx Authentication<\/h4>\n\n\n\n<p>Next, update the Ceph OpenStack services configuration files to enable Cephx authentication.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kifarunix@controller01:~$ <strong>cat \/etc\/kolla\/config\/glance\/ceph.conf<\/strong><\/code><\/pre>\n\n\n\n<pre class=\"scroll-sz\"><code># minimal ceph.conf for 1e266088-9480-11ee-a7e1-738d8527cddc\n[global]\nfsid = 1e266088-9480-11ee-a7e1-738d8527cddc\nmon_host = [v2:192.168.200.108:3300\/0,v1:192.168.200.108:6789\/0] [v2:192.168.200.109:3300\/0,v1:192.168.200.109:6789\/0] [v2:192.168.200.110:3300\/0,v1:192.168.200.110:6789\/0]\n<\/code><\/pre>\n\n\n\n<p>So, you need to update the configuration file to define the path to the keyring. The keyring will be installed under <strong><code>\/etc\/ceph\/ceph.client.glance.keyring<\/code><\/strong>.<\/p>\n\n\n\n<p>Similarly, enable Cephx authentication by adding the lines;<\/p>\n\n\n\n<pre class=\"scroll-sz\"><code>auth_cluster_required = cephx\nauth_service_required = cephx\nauth_client_required = cephx\n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Note that the Ceph generated configuration files have leading tabs. These tabs break Kolla Ansible\u2019s ini parser. Be sure to remove the leading tabs from your&nbsp;<code>ceph.conf<\/code>&nbsp;files when copying them in the following sections.<\/p>\n<\/blockquote>\n\n\n\n<p>See our updated config for Glance (<strong>leading tabs removed<\/strong>);<\/p>\n\n\n\n<p>Glance:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kifarunix@controller01:~$ <strong>cat \/etc\/kolla\/config\/glance\/ceph.conf<\/strong><\/code><\/pre>\n\n\n\n<pre class=\"scroll-sz\"><code># minimal ceph.conf for 1e266088-9480-11ee-a7e1-738d8527cddc\n[global]\nfsid = 1e266088-9480-11ee-a7e1-738d8527cddc\nmon_host = [v2:192.168.200.108:3300\/0,v1:192.168.200.108:6789\/0] [v2:192.168.200.109:3300\/0,v1:192.168.200.109:6789\/0] [v2:192.168.200.110:3300\/0,v1:192.168.200.110:6789\/0]\n<strong>auth_cluster_required = cephx\nauth_service_required = cephx\nauth_client_required = cephx\n[client.glance]\nkeyring = \/etc\/ceph\/ceph.client.glance.keyring<\/strong>\n<\/code><\/pre>\n\n\n\n<p>Cinder Volume:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kifarunix@controller01:~$ <strong>cat \/etc\/kolla\/config\/cinder\/cinder-volume\/ceph.conf<\/strong><\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code># minimal ceph.conf for 1e266088-9480-11ee-a7e1-738d8527cddc\n[global]\nfsid = 1e266088-9480-11ee-a7e1-738d8527cddc\nmon_host = [v2:192.168.200.108:3300\/0,v1:192.168.200.108:6789\/0] [v2:192.168.200.109:3300\/0,v1:192.168.200.109:6789\/0] [v2:192.168.200.110:3300\/0,v1:192.168.200.110:6789\/0]\nauth_cluster_required = cephx\nauth_service_required = cephx\nauth_client_required = cephx\n<\/code><\/pre>\n\n\n\n<p>Cinder Backup:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kifarunix@controller01:~$ <strong>cat \/etc\/kolla\/config\/cinder\/cinder-backup\/ceph.conf<\/strong><\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code># minimal ceph.conf for 1e266088-9480-11ee-a7e1-738d8527cddc\n[global]\nfsid = 1e266088-9480-11ee-a7e1-738d8527cddc\nmon_host = [v2:192.168.200.108:3300\/0,v1:192.168.200.108:6789\/0] [v2:192.168.200.109:3300\/0,v1:192.168.200.109:6789\/0] [v2:192.168.200.110:3300\/0,v1:192.168.200.110:6789\/0]\nauth_cluster_required = cephx\nauth_service_required = cephx\nauth_client_required = cephx\n<\/code><\/pre>\n\n\n\n<p>Nova:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/kolla\/config\/nova\/ceph.conf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code># minimal ceph.conf for 1e266088-9480-11ee-a7e1-738d8527cddc\n[global]\nfsid = 1e266088-9480-11ee-a7e1-738d8527cddc\nmon_host = [v2:192.168.200.108:3300\/0,v1:192.168.200.108:6789\/0] [v2:192.168.200.109:3300\/0,v1:192.168.200.109:6789\/0] [v2:192.168.200.110:3300\/0,v1:192.168.200.110:6789\/0]\nauth_cluster_required = cephx\nauth_service_required = cephx\nauth_client_required = cephx\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-open-stack-glance-client-for-ceph\">Configure OpenStack Glance Client for Ceph<\/h4>\n\n\n\n<p>Create OpenStack Glance API configuration file to update some default values.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/etc\/kolla\/config\/glance\/glance-api.conf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>[DEFAULT]\nshow_image_direct_url = True\ndebug = True\n\n[glance_store]\nstores = rbd\ndefault_store = rbd\nrbd_store_pool = glance-images\nrbd_store_user = glance\nrbd_store_chunk_size = 8\nrbd_store_ceph_conf = \/etc\/ceph\/ceph.conf\n<\/code><\/pre>\n\n\n\n<p>Save and exit the file.<\/p>\n\n\n\n<p>Read more about this on <a href=\"https:\/\/docs.openstack.org\/glance\/latest\/configuration\/glance_api.html\" target=\"_blank\" rel=\"noreferrer noopener\">Glance API configuration file<\/a> options.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-ceph-rbd-secret-key-on-compute-nodes\">Install Ceph RBD Secret Key on Compute Nodes<\/h4>\n\n\n\n<p>Ceph Block Device images can be attached to OpenStack instances through&nbsp;<code>libvirt<\/code>, (<strong>nova_libvirt<\/strong> container in the case of Kolla-Ansible deployment). As a result, libvirt process requires some secret key to access Ceph cluster to attach to a block device. The secret can be used to establish a secure communication channel between Cinder and the RBD storage backend.<\/p>\n\n\n\n<p>The RBD secret key installation is handled automatically when using Kolla-ansible for deployment.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-open-stack-cinder-for-ceph\">Configure OpenStack Cinder for Ceph<\/h4>\n\n\n\n<p>You need to configure OpenStack cinder to interact with Ceph block storage. Pool name for the cinder volume block devices is required.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vim \/etc\/kolla\/config\/cinder\/cinder-volume.conf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>[DEFAULT]\nenabled_backends = ceph\nglance_api_version = 2\n\n[ceph]\nrbd_user = cinder\nrbd_secret_uuid = {{ cinder_rbd_secret_uuid }}\nvolume_driver = cinder.volume.drivers.rbd.RBDDriver\nrbd_pool = cinder-volume\nrbd_ceph_conf = \/etc\/ceph\/ceph.conf\nrbd_flatten_volume_from_snapshot = false\nrbd_max_clone_depth = 5\nrbd_store_chunk_size = 4\nrados_connect_timeout = -1\n<\/code><\/pre>\n\n\n\n<p>The secret uuid will be obtained from Kolla-ansible passwords that we will generate at a later step.<\/p>\n\n\n\n<p>Read more on <a href=\"https:\/\/docs.openstack.org\/cinder\/latest\/configuration\/block-storage\/samples\/cinder.conf.html\" target=\"_blank\" rel=\"noreferrer noopener\">cinder.conf<\/a>.<\/p>\n\n\n\n<p>Similarly, configure Cinder backup as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vim \/etc\/kolla\/config\/cinder\/cinder-backup.conf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>[DEFAULT]\nbackup_ceph_conf=\/etc\/ceph\/ceph.conf\nbackup_ceph_user=cinder-backup\nbackup_ceph_chunk_size = 134217728\nbackup_ceph_pool=cinder-backup\nbackup_driver = cinder.backup.drivers.ceph.CephBackupDriver\nbackup_ceph_stripe_unit = 0\nbackup_ceph_stripe_count = 0\nrestore_discard_excess_bytes = true\n<\/code><\/pre>\n\n\n\n<p>Save and exit the file.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"define-kolla-ansible-global-deployment-options\">Define Kolla-Ansible Global Deployment Options<\/h4>\n\n\n\n<p>In a Kolla-Ansible deployment, the <code>globals.yml<\/code> file is a key configuration file used to define global settings and parameters for the deployment. It contains variables that influence the behavior of Kolla-Ansible and its deployment of OpenStack services as Docker containers.<\/p>\n\n\n\n<p>By default, this is how to the <strong><code>globals.yml<\/code><\/strong> configuration looks like;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/kolla\/globals.yml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>---\n# You can use this file to override _any_ variable throughout Kolla.\n# Additional options can be found in the\n# 'kolla-ansible\/ansible\/group_vars\/all.yml' file. Default value of all the\n# commented parameters are shown here, To override the default value uncomment\n# the parameter and change its value.\n\n###################\n# Ansible options\n###################\n\n# This variable is used as the \"filter\" argument for the setup module.  For\n# instance, if one wants to remove\/ignore all Neutron interface facts:\n# kolla_ansible_setup_filter: \"ansible_[!qt]*\"\n# By default, we do not provide a filter.\n#kolla_ansible_setup_filter: \"{{ omit }}\"\n\n# This variable is used as the \"gather_subset\" argument for the setup module.\n# For instance, if one wants to avoid collecting facts via facter:\n# kolla_ansible_setup_gather_subset: \"all,!facter\"\n# By default, we do not provide a gather subset.\n#kolla_ansible_setup_gather_subset: \"{{ omit }}\"\n\n# Dummy variable to allow Ansible to accept this file.\nworkaround_ansible_issue_8743: yes\n\n# This variable is used as \"any_errors_fatal\" setting for the setup (gather\n# facts) plays.\n# This is useful for weeding out failing hosts early to avoid late failures\n# due to missing facts (especially cross-host).\n# Do note this still supports host fact caching and it will not affect\n# scenarios with all facts cached (as there is no task to fail).\n#kolla_ansible_setup_any_errors_fatal: false\n\n###############\n# Kolla options\n###############\n# Valid options are [ COPY_ONCE, COPY_ALWAYS ]\n#config_strategy: \"COPY_ALWAYS\"\n\n# Valid options are ['centos', 'debian', 'rocky', 'ubuntu']\n#kolla_base_distro: \"rocky\"\n\n# Do not override this unless you know what you are doing.\n#openstack_release: \"2023.1\"\n\n# Docker image tag used by default.\n#openstack_tag: \"{{ openstack_release ~ openstack_tag_suffix }}\"\n\n# Suffix applied to openstack_release to generate openstack_tag.\n#openstack_tag_suffix: \"\"\n\n# Location of configuration overrides\n#node_custom_config: \"{{ node_config }}\/config\"\n\n# This should be a VIP, an unused IP on your network that will float between\n# the hosts running keepalived for high-availability. If you want to run an\n# All-In-One without haproxy and keepalived, you can set enable_haproxy to no\n# in \"OpenStack options\" section, and set this value to the IP of your\n# 'network_interface' as set in the Networking section below.\n#kolla_internal_vip_address: \"10.10.10.254\"\n\n# This is the DNS name that maps to the kolla_internal_vip_address VIP. By\n# default it is the same as kolla_internal_vip_address.\n#kolla_internal_fqdn: \"{{ kolla_internal_vip_address }}\"\n\n# This should be a VIP, an unused IP on your network that will float between\n# the hosts running keepalived for high-availability. It defaults to the\n# kolla_internal_vip_address, allowing internal and external communication to\n# share the same address.  Specify a kolla_external_vip_address to separate\n# internal and external requests between two VIPs.\n#kolla_external_vip_address: \"{{ kolla_internal_vip_address }}\"\n\n# The Public address used to communicate with OpenStack as set in the public_url\n# for the endpoints that will be created. This DNS name should map to\n# kolla_external_vip_address.\n#kolla_external_fqdn: \"{{ kolla_external_vip_address }}\"\n\n# Optionally change the path to sysctl.conf modified by Kolla Ansible plays.\n#kolla_sysctl_conf_path: \/etc\/sysctl.conf\n\n################\n# Container engine\n################\n\n# Valid options are [ docker ]\n# kolla_container_engine: docker\n\n################\n# Docker options\n################\n\n# Custom docker registry settings:\n#docker_registry:\n# Please read the docs carefully before applying docker_registry_insecure.\n#docker_registry_insecure: \"no\"\n#docker_registry_username:\n# docker_registry_password is set in the passwords.yml file.\n\n# Namespace of images:\n#docker_namespace: \"kolla\"\n\n# Docker client timeout in seconds.\n#docker_client_timeout: 120\n\n#docker_configure_for_zun: \"no\"\n#containerd_configure_for_zun: \"no\"\n#containerd_grpc_gid: 42463\n\n###################\n# Messaging options\n###################\n# Whether to enable TLS for oslo.messaging communication with RabbitMQ.\n#om_enable_rabbitmq_tls: \"{{ rabbitmq_enable_tls | bool }}\"\n# CA certificate bundle in containers using oslo.messaging with RabbitMQ TLS.\n#om_rabbitmq_cacert: \"{{ rabbitmq_cacert }}\"\n\n##############################\n# Neutron - Networking Options\n##############################\n# This interface is what all your api services will be bound to by default.\n# Additionally, all vxlan\/tunnel and storage network traffic will go over this\n# interface by default. This interface must contain an IP address.\n# It is possible for hosts to have non-matching names of interfaces - these can\n# be set in an inventory file per host or per group or stored separately, see\n#     http:\/\/docs.ansible.com\/ansible\/intro_inventory.html\n# Yet another way to workaround the naming problem is to create a bond for the\n# interface on all hosts and give the bond name here. Similar strategy can be\n# followed for other types of interfaces.\n#network_interface: \"eth0\"\n\n# These can be adjusted for even more customization. The default is the same as\n# the 'network_interface'. These interfaces must contain an IP address.\n#kolla_external_vip_interface: \"{{ network_interface }}\"\n#api_interface: \"{{ network_interface }}\"\n#swift_storage_interface: \"{{ network_interface }}\"\n#swift_replication_interface: \"{{ swift_storage_interface }}\"\n#tunnel_interface: \"{{ network_interface }}\"\n#dns_interface: \"{{ network_interface }}\"\n#octavia_network_interface: \"{{ api_interface }}\"\n\n# Configure the address family (AF) per network.\n# Valid options are [ ipv4, ipv6 ]\n#network_address_family: \"ipv4\"\n#api_address_family: \"{{ network_address_family }}\"\n#storage_address_family: \"{{ network_address_family }}\"\n#swift_storage_address_family: \"{{ storage_address_family }}\"\n#swift_replication_address_family: \"{{ swift_storage_address_family }}\"\n#migration_address_family: \"{{ api_address_family }}\"\n#tunnel_address_family: \"{{ network_address_family }}\"\n#octavia_network_address_family: \"{{ api_address_family }}\"\n#bifrost_network_address_family: \"{{ network_address_family }}\"\n#dns_address_family: \"{{ network_address_family }}\"\n\n# This is the raw interface given to neutron as its external network port. Even\n# though an IP address can exist on this interface, it will be unusable in most\n# configurations. It is recommended this interface not be configured with any IP\n# addresses for that reason.\n#neutron_external_interface: \"eth1\"\n\n# Valid options are [ openvswitch, ovn, linuxbridge, vmware_nsxv, vmware_nsxv3, vmware_nsxp, vmware_dvs ]\n# if vmware_nsxv3 or vmware_nsxp is selected, enable_openvswitch MUST be set to \"no\" (default is yes)\n# Do note linuxbridge is *EXPERIMENTAL* in Neutron since Zed and it requires extra tweaks to config to be usable.\n# For details, see: https:\/\/docs.openstack.org\/neutron\/latest\/admin\/config-experimental-framework.html\n#neutron_plugin_agent: \"openvswitch\"\n\n# Valid options are [ internal, infoblox ]\n#neutron_ipam_driver: \"internal\"\n\n# Configure Neutron upgrade option, currently Kolla support\n# two upgrade ways for Neutron: legacy_upgrade and rolling_upgrade\n# The variable \"neutron_enable_rolling_upgrade: yes\" is meaning rolling_upgrade\n# were enabled and opposite\n# Neutron rolling upgrade were enable by default\n#neutron_enable_rolling_upgrade: \"yes\"\n\n# Configure neutron logging framework to log ingress\/egress connections to instances\n# for security groups rules. More information can be found here:\n# https:\/\/docs.openstack.org\/neutron\/latest\/admin\/config-logging.html\n#enable_neutron_packet_logging: \"no\"\n\n####################\n# keepalived options\n####################\n# Arbitrary unique number from 0..255\n# This should be changed from the default in the event of a multi-region deployment\n# where the VIPs of different regions reside on a common subnet.\n#keepalived_virtual_router_id: \"51\"\n\n###################\n# Dimension options\n###################\n# This is to provide an extra option to deploy containers with Resource constraints.\n# We call it dimensions here.\n# The dimensions for each container are defined by a mapping, where each dimension value should be a\n# string.\n# Reference_Docs\n# https:\/\/docs.docker.com\/config\/containers\/resource_constraints\/\n# eg:\n# <container_name>_dimensions:\n#    blkio_weight:\n#    cpu_period:\n#    cpu_quota:\n#    cpu_shares:\n#    cpuset_cpus:\n#    cpuset_mems:\n#    mem_limit:\n#    mem_reservation:\n#    memswap_limit:\n#    kernel_memory:\n#    ulimits:\n\n#####################\n# Healthcheck options\n#####################\n#enable_container_healthchecks: \"yes\"\n# Healthcheck options for Docker containers\n# interval\/timeout\/start_period are in seconds\n#default_container_healthcheck_interval: 30\n#default_container_healthcheck_timeout: 30\n#default_container_healthcheck_retries: 3\n#default_container_healthcheck_start_period: 5\n\n##################\n# Firewall options\n##################\n# Configures firewalld on both ubuntu and centos systems\n# for enabled services.\n# firewalld should be installed beforehand.\n# disable_firewall: \"true\"\n# enable_external_api_firewalld: \"false\"\n# external_api_firewalld_zone: \"public\"\n\n#############\n# TLS options\n#############\n# To provide encryption and authentication on the kolla_external_vip_interface,\n# TLS can be enabled.  When TLS is enabled, certificates must be provided to\n# allow clients to perform authentication.\n#kolla_enable_tls_internal: \"no\"\n#kolla_enable_tls_external: \"{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}\"\n#kolla_certificates_dir: \"{{ node_config }}\/certificates\"\n#kolla_external_fqdn_cert: \"{{ kolla_certificates_dir }}\/haproxy.pem\"\n#kolla_internal_fqdn_cert: \"{{ kolla_certificates_dir }}\/haproxy-internal.pem\"\n#kolla_admin_openrc_cacert: \"\"\n#kolla_copy_ca_into_containers: \"no\"\n#haproxy_backend_cacert: \"{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.trust.crt' }}\"\n#haproxy_backend_cacert_dir: \"\/etc\/ssl\/certs\"\n\n##################\n# Backend options\n##################\n#kolla_httpd_keep_alive: \"60\"\n#kolla_httpd_timeout: \"60\"\n\n#####################\n# Backend TLS options\n#####################\n#kolla_enable_tls_backend: \"no\"\n#kolla_verify_tls_backend: \"yes\"\n#kolla_tls_backend_cert: \"{{ kolla_certificates_dir }}\/backend-cert.pem\"\n#kolla_tls_backend_key: \"{{ kolla_certificates_dir }}\/backend-key.pem\"\n\n#####################\n# ACME client options\n#####################\n# A list of haproxy backend server directives pointing to addresses used by the\n# ACME client to complete http-01 challenge.\n# Please read the docs for more details.\n#acme_client_servers: []\n\n################\n# Region options\n################\n# Use this option to change the name of this region.\n#openstack_region_name: \"RegionOne\"\n\n# Use this option to define a list of region names - only needs to be configured\n# in a multi-region deployment, and then only in the *first* region.\n#multiple_regions_names: [\"{{ openstack_region_name }}\"]\n\n###################\n# OpenStack options\n###################\n# Use these options to set the various log levels across all OpenStack projects\n# Valid options are [ True, False ]\n#openstack_logging_debug: \"False\"\n\n# Enable core OpenStack services. This includes:\n# glance, keystone, neutron, nova, heat, and horizon.\n#enable_openstack_core: \"yes\"\n\n# These roles are required for Kolla to be operation, however a savvy deployer\n# could disable some of these required roles and run their own services.\n#enable_glance: \"{{ enable_openstack_core | bool }}\"\n#enable_hacluster: \"no\"\n#enable_haproxy: \"yes\"\n#enable_keepalived: \"{{ enable_haproxy | bool }}\"\n#enable_keystone: \"{{ enable_openstack_core | bool }}\"\n#enable_mariadb: \"yes\"\n#enable_memcached: \"yes\"\n#enable_neutron: \"{{ enable_openstack_core | bool }}\"\n#enable_nova: \"{{ enable_openstack_core | bool }}\"\n#enable_rabbitmq: \"{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}\"\n#enable_outward_rabbitmq: \"{{ enable_murano | bool }}\"\n\n# OpenStack services can be enabled or disabled with these options\n#enable_aodh: \"no\"\n#enable_barbican: \"no\"\n#enable_blazar: \"no\"\n#enable_ceilometer: \"no\"\n#enable_ceilometer_ipmi: \"no\"\n#enable_cells: \"no\"\n#enable_central_logging: \"no\"\n#enable_ceph_rgw: \"no\"\n#enable_ceph_rgw_loadbalancer: \"{{ enable_ceph_rgw | bool }}\"\n#enable_cinder: \"no\"\n#enable_cinder_backup: \"yes\"\n#enable_cinder_backend_hnas_nfs: \"no\"\n#enable_cinder_backend_iscsi: \"{{ enable_cinder_backend_lvm | bool }}\"\n#enable_cinder_backend_lvm: \"no\"\n#enable_cinder_backend_nfs: \"no\"\n#enable_cinder_backend_quobyte: \"no\"\n#enable_cinder_backend_pure_iscsi: \"no\"\n#enable_cinder_backend_pure_fc: \"no\"\n#enable_cinder_backend_pure_roce: \"no\"\n#enable_cloudkitty: \"no\"\n#enable_collectd: \"no\"\n#enable_cyborg: \"no\"\n#enable_designate: \"no\"\n#enable_destroy_images: \"no\"\n#enable_etcd: \"no\"\n#enable_fluentd: \"yes\"\n#enable_freezer: \"no\"\n#enable_gnocchi: \"no\"\n#enable_gnocchi_statsd: \"no\"\n#enable_grafana: \"no\"\n#enable_grafana_external: \"{{ enable_grafana | bool }}\"\n#enable_heat: \"{{ enable_openstack_core | bool }}\"\n#enable_horizon: \"{{ enable_openstack_core | bool }}\"\n#enable_horizon_blazar: \"{{ enable_blazar | bool }}\"\n#enable_horizon_cloudkitty: \"{{ enable_cloudkitty | bool }}\"\n#enable_horizon_designate: \"{{ enable_designate | bool }}\"\n#enable_horizon_freezer: \"{{ enable_freezer | bool }}\"\n#enable_horizon_heat: \"{{ enable_heat | bool }}\"\n#enable_horizon_ironic: \"{{ enable_ironic | bool }}\"\n#enable_horizon_magnum: \"{{ enable_magnum | bool }}\"\n#enable_horizon_manila: \"{{ enable_manila | bool }}\"\n#enable_horizon_masakari: \"{{ enable_masakari | bool }}\"\n#enable_horizon_mistral: \"{{ enable_mistral | bool }}\"\n#enable_horizon_murano: \"{{ enable_murano | bool }}\"\n#enable_horizon_neutron_vpnaas: \"{{ enable_neutron_vpnaas | bool }}\"\n#enable_horizon_octavia: \"{{ enable_octavia | bool }}\"\n#enable_horizon_sahara: \"{{ enable_sahara | bool }}\"\n#enable_horizon_senlin: \"{{ enable_senlin | bool }}\"\n#enable_horizon_solum: \"{{ enable_solum | bool }}\"\n#enable_horizon_tacker: \"{{ enable_tacker | bool }}\"\n#enable_horizon_trove: \"{{ enable_trove | bool }}\"\n#enable_horizon_vitrage: \"{{ enable_vitrage | bool }}\"\n#enable_horizon_watcher: \"{{ enable_watcher | bool }}\"\n#enable_horizon_zun: \"{{ enable_zun | bool }}\"\n#enable_influxdb: \"{{ enable_cloudkitty | bool and cloudkitty_storage_backend == 'influxdb' }}\"\n#enable_ironic: \"no\"\n#enable_ironic_neutron_agent: \"{{ enable_neutron | bool and enable_ironic | bool }}\"\n#enable_iscsid: \"{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}\"\n#enable_kuryr: \"no\"\n#enable_magnum: \"no\"\n#enable_manila: \"no\"\n#enable_manila_backend_generic: \"no\"\n#enable_manila_backend_hnas: \"no\"\n#enable_manila_backend_cephfs_native: \"no\"\n#enable_manila_backend_cephfs_nfs: \"no\"\n#enable_manila_backend_glusterfs_nfs: \"no\"\n#enable_mariabackup: \"no\"\n#enable_masakari: \"no\"\n#enable_mistral: \"no\"\n#enable_multipathd: \"no\"\n#enable_murano: \"no\"\n#enable_neutron_vpnaas: \"no\"\n#enable_neutron_sriov: \"no\"\n#enable_neutron_dvr: \"no\"\n#enable_neutron_qos: \"no\"\n#enable_neutron_agent_ha: \"no\"\n#enable_neutron_bgp_dragent: \"no\"\n#enable_neutron_provider_networks: \"no\"\n#enable_neutron_segments: \"no\"\n#enable_neutron_sfc: \"no\"\n#enable_neutron_trunk: \"no\"\n#enable_neutron_metering: \"no\"\n#enable_neutron_infoblox_ipam_agent: \"no\"\n#enable_neutron_port_forwarding: \"no\"\n#enable_nova_serialconsole_proxy: \"no\"\n#enable_nova_ssh: \"yes\"\n#enable_octavia: \"no\"\n#enable_octavia_driver_agent: \"{{ enable_octavia | bool and neutron_plugin_agent == 'ovn' }}\"\n#enable_opensearch: \"{{ enable_central_logging | bool or enable_osprofiler | bool or (enable_cloudkitty | bool and cloudkitty_storage_backend == 'elasticsearch') }}\"\n#enable_opensearch_dashboards: \"{{ enable_opensearch | bool }}\"\n#enable_opensearch_dashboards_external: \"{{ enable_opensearch_dashboards | bool }}\"\n#enable_openvswitch: \"{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}\"\n#enable_ovn: \"{{ enable_neutron | bool and neutron_plugin_agent == 'ovn' }}\"\n#enable_ovs_dpdk: \"no\"\n#enable_osprofiler: \"no\"\n#enable_placement: \"{{ enable_nova | bool or enable_zun | bool }}\"\n#enable_prometheus: \"no\"\n#enable_proxysql: \"no\"\n#enable_redis: \"no\"\n#enable_sahara: \"no\"\n#enable_senlin: \"no\"\n#enable_skyline: \"no\"\n#enable_solum: \"no\"\n#enable_swift: \"no\"\n#enable_swift_s3api: \"no\"\n#enable_tacker: \"no\"\n#enable_telegraf: \"no\"\n#enable_trove: \"no\"\n#enable_trove_singletenant: \"no\"\n#enable_venus: \"no\"\n#enable_vitrage: \"no\"\n#enable_watcher: \"no\"\n#enable_zun: \"no\"\n\n##################\n# RabbitMQ options\n##################\n# Options passed to RabbitMQ server startup script via the\n# RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS environment var.\n# See Kolla Ansible docs RabbitMQ section for details.\n# These are appended to args already provided by Kolla Ansible\n# to configure IPv6 in RabbitMQ server.\n# More details can be found in the RabbitMQ docs:\n# https:\/\/www.rabbitmq.com\/runtime.html#scheduling\n# https:\/\/www.rabbitmq.com\/runtime.html#busy-waiting\n# The default tells RabbitMQ to always use two cores (+S 2:2),\n# and not to busy wait (+sbwt none +sbwtdcpu none +sbwtdio none):\n#rabbitmq_server_additional_erl_args: \"+S 2:2 +sbwt none +sbwtdcpu none +sbwtdio none\"\n# Whether to enable TLS encryption for RabbitMQ client-server communication.\n#rabbitmq_enable_tls: \"no\"\n# CA certificate bundle in RabbitMQ container.\n#rabbitmq_cacert: \"\/etc\/ssl\/certs\/{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.trust.crt' }}\"\n\n#################\n# MariaDB options\n#################\n# List of additional WSREP options\n#mariadb_wsrep_extra_provider_options: []\n\n#######################\n# External Ceph options\n#######################\n# External Ceph - cephx auth enabled (this is the standard nowadays, defaults to yes)\n#external_ceph_cephx_enabled: \"yes\"\n\n# Glance\n#ceph_glance_keyring: \"ceph.client.glance.keyring\"\n#ceph_glance_user: \"glance\"\n#ceph_glance_pool_name: \"images\"\n# Cinder\n#ceph_cinder_keyring: \"ceph.client.cinder.keyring\"\n#ceph_cinder_user: \"cinder\"\n#ceph_cinder_pool_name: \"volumes\"\n#ceph_cinder_backup_keyring: \"ceph.client.cinder-backup.keyring\"\n#ceph_cinder_backup_user: \"cinder-backup\"\n#ceph_cinder_backup_pool_name: \"backups\"\n# Nova\n#ceph_nova_keyring: \"{{ ceph_cinder_keyring }}\"\n#ceph_nova_user: \"nova\"\n#ceph_nova_pool_name: \"vms\"\n# Gnocchi\n#ceph_gnocchi_keyring: \"ceph.client.gnocchi.keyring\"\n#ceph_gnocchi_user: \"gnocchi\"\n#ceph_gnocchi_pool_name: \"gnocchi\"\n# Manila\n#ceph_manila_keyring: \"ceph.client.manila.keyring\"\n#ceph_manila_user: \"manila\"\n\n#############################\n# Keystone - Identity Options\n#############################\n\n#keystone_admin_user: \"admin\"\n\n#keystone_admin_project: \"admin\"\n\n# Interval to rotate fernet keys by (in seconds). Must be an interval of\n# 60(1 min), 120(2 min), 180(3 min), 240(4 min), 300(5 min), 360(6 min),\n# 600(10 min), 720(12 min), 900(15 min), 1200(20 min), 1800(30 min),\n# 3600(1 hour), 7200(2 hour), 10800(3 hour), 14400(4 hour), 21600(6 hour),\n# 28800(8 hour), 43200(12 hour), 86400(1 day), 604800(1 week).\n#fernet_token_expiry: 86400\n\n\n########################\n# Glance - Image Options\n########################\n# Configure image backend.\n#glance_backend_ceph: \"no\"\n#glance_backend_file: \"yes\"\n#glance_backend_swift: \"no\"\n#glance_backend_vmware: \"no\"\n#enable_glance_image_cache: \"no\"\n#glance_enable_property_protection: \"no\"\n#glance_enable_interoperable_image_import: \"no\"\n# Configure glance upgrade option.\n# Due to this feature being experimental in glance,\n# the default value is \"no\".\n#glance_enable_rolling_upgrade: \"no\"\n\n####################\n# Osprofiler options\n####################\n# valid values: [\"elasticsearch\", \"redis\"]\n#osprofiler_backend: \"elasticsearch\"\n\n##################\n# Barbican options\n##################\n# Valid options are [ simple_crypto, p11_crypto ]\n#barbican_crypto_plugin: \"simple_crypto\"\n#barbican_library_path: \"\/usr\/lib\/libCryptoki2_64.so\"\n\n#################\n# Gnocchi options\n#################\n# Valid options are [ file, ceph, swift ]\n#gnocchi_backend_storage: \"{% if enable_swift | bool %}swift{% else %}file{% endif %}\"\n\n# Valid options are [redis, '']\n#gnocchi_incoming_storage: \"{{ 'redis' if enable_redis | bool else '' }}\"\n\n################################\n# Cinder - Block Storage Options\n################################\n# Enable \/ disable Cinder backends\n#cinder_backend_ceph: \"no\"\n#cinder_backend_vmwarevc_vmdk: \"no\"\n#cinder_backend_vmware_vstorage_object: \"no\"\n#cinder_volume_group: \"cinder-volumes\"\n# Valid options are [ '', redis, etcd ]\n#cinder_coordination_backend: \"{{ 'redis' if enable_redis|bool else 'etcd' if enable_etcd|bool else '' }}\"\n\n# Valid options are [ nfs, swift, ceph ]\n#cinder_backup_driver: \"ceph\"\n#cinder_backup_share: \"\"\n#cinder_backup_mount_options_nfs: \"\"\n\n#######################\n# Cloudkitty options\n#######################\n# Valid option is gnocchi\n#cloudkitty_collector_backend: \"gnocchi\"\n# Valid options are 'sqlalchemy' or 'influxdb'. The default value is\n# 'influxdb', which matches the default in Cloudkitty since the Stein release.\n# When the backend is \"influxdb\", we also enable Influxdb.\n# Also, when using 'influxdb' as the backend, we trigger the configuration\/use\n# of Cloudkitty storage backend version 2.\n#cloudkitty_storage_backend: \"influxdb\"\n\n###################\n# Designate options\n###################\n# Valid options are [ bind9 ]\n#designate_backend: \"bind9\"\n#designate_ns_record:\n#  - \"ns1.example.org\"\n# Valid options are [ '', redis ]\n#designate_coordination_backend: \"{{ 'redis' if enable_redis|bool else '' }}\"\n\n########################\n# Nova - Compute Options\n########################\n#nova_backend_ceph: \"no\"\n\n# Valid options are [ qemu, kvm, vmware ]\n#nova_compute_virt_type: \"kvm\"\n\n# The number of fake driver per compute node\n#num_nova_fake_per_node: 5\n\n# The flag \"nova_safety_upgrade\" need to be consider when\n# \"nova_enable_rolling_upgrade\" is enabled. The \"nova_safety_upgrade\"\n# controls whether the nova services are all stopped before rolling\n# upgrade to the new version, for the safety and availability.\n# If \"nova_safety_upgrade\" is \"yes\", that will stop all nova services (except\n# nova-compute) for no failed API operations before upgrade to the\n# new version. And opposite.\n#nova_safety_upgrade: \"no\"\n\n# Valid options are [ none, novnc, spice ]\n#nova_console: \"novnc\"\n\n##############################\n# Neutron - networking options\n##############################\n# Enable distributed floating ip for OVN deployments\n#neutron_ovn_distributed_fip: \"no\"\n\n# Enable DHCP agent(s) to use with OVN\n#neutron_ovn_dhcp_agent: \"no\"\n\n#############################\n# Horizon - Dashboard Options\n#############################\n#horizon_backend_database: \"{{ enable_murano | bool }}\"\n\n#############################\n# Ironic options\n#############################\n# dnsmasq bind interface for Ironic Inspector, by default is network_interface\n#ironic_dnsmasq_interface: \"{{ network_interface }}\"\n# The following value must be set when enabling ironic, the value format is a\n# list of ranges - at least one must be configured, for example:\n# - range: 192.168.0.10,192.168.0.100\n# See Kolla Ansible docs on Ironic for details.\n#ironic_dnsmasq_dhcp_ranges:\n# PXE bootloader file for Ironic Inspector, relative to \/var\/lib\/ironic\/tftpboot.\n#ironic_dnsmasq_boot_file: \"pxelinux.0\"\n\n# Configure ironic upgrade option, due to currently kolla support\n# two upgrade ways for ironic: legacy_upgrade and rolling_upgrade\n# The variable \"ironic_enable_rolling_upgrade: yes\" is meaning rolling_upgrade\n# were enabled and opposite\n# Rolling upgrade were enable by default\n#ironic_enable_rolling_upgrade: \"yes\"\n\n# List of extra kernel parameters passed to the kernel used during inspection\n#ironic_inspector_kernel_cmdline_extras: []\n\n# Valid options are [ '', redis, etcd ]\n#ironic_coordination_backend: \"{{ 'redis' if enable_redis|bool else 'etcd' if enable_etcd|bool else '' }}\"\n\n######################################\n# Manila - Shared File Systems Options\n######################################\n# HNAS backend configuration\n#hnas_ip:\n#hnas_user:\n#hnas_password:\n#hnas_evs_id:\n#hnas_evs_ip:\n#hnas_file_system_name:\n\n# CephFS backend configuration.\n# External Ceph FS name.\n# By default this is empty to allow Manila to auto-find the first FS available.\n#manila_cephfs_filesystem_name:\n\n# Gluster backend configuration\n# The option of glusterfs share layout can be directory or volume\n# The default option of share layout is 'volume'\n#manila_glusterfs_share_layout:\n# The default option of nfs server type is 'Gluster'\n#manila_glusterfs_nfs_server_type:\n\n# Volume layout Options (required)\n# If the glusterfs server requires remote ssh, then you need to fill\n# in 'manila_glusterfs_servers', ssh user 'manila_glusterfs_ssh_user', and ssh password\n# 'manila_glusterfs_ssh_password'.\n# 'manila_glusterfs_servers' value List of GlusterFS servers which provide volumes,\n# the format is for example:\n#   - 10.0.1.1\n#   - 10.0.1.2\n#manila_glusterfs_servers:\n#manila_glusterfs_ssh_user:\n#manila_glusterfs_ssh_password:\n# Used to filter GlusterFS volumes for share creation.\n# Examples: manila-share-volume-\\\\d+$, manila-share-volume-#{size}G-\\\\d+$;\n#manila_glusterfs_volume_pattern:\n\n# Directory layout Options\n# If the glusterfs server is on the local node of the manila share,\n# it\u2019s of the format <glustervolserver>:\/<glustervolid>\n# If the glusterfs server is on a remote node,\n# it\u2019s of the format <username>@<glustervolserver>:\/<glustervolid> ,\n# and define 'manila_glusterfs_ssh_password'\n#manila_glusterfs_target:\n#manila_glusterfs_mount_point_base:\n\n################################\n# Swift - Object Storage Options\n################################\n# Swift expects block devices to be available for storage. Two types of storage\n# are supported: 1 - storage device with a special partition name and filesystem\n# label, 2 - unpartitioned disk  with a filesystem. The label of this filesystem\n# is used to detect the disk which Swift will be using.\n\n# Swift support two matching modes, valid options are [ prefix, strict ]\n#swift_devices_match_mode: \"strict\"\n\n# This parameter defines matching pattern: if \"strict\" mode was selected,\n# for swift_devices_match_mode then swift_device_name should specify the name of\n# the special swift partition for example: \"KOLLA_SWIFT_DATA\", if \"prefix\" mode was\n# selected then swift_devices_name should specify a pattern which would match to\n# filesystems' labels prepared for swift.\n#swift_devices_name: \"KOLLA_SWIFT_DATA\"\n\n# Configure swift upgrade option, due to currently kolla support\n# two upgrade ways for swift: legacy_upgrade and rolling_upgrade\n# The variable \"swift_enable_rolling_upgrade: yes\" is meaning rolling_upgrade\n# were enabled and opposite\n# Rolling upgrade were enable by default\n#swift_enable_rolling_upgrade: \"yes\"\n\n###################################\n# VMware - OpenStack VMware support\n###################################\n#vmware_vcenter_host_ip:\n#vmware_vcenter_host_username:\n#vmware_vcenter_host_password:\n#vmware_datastore_name:\n#vmware_vcenter_name:\n#vmware_vcenter_cluster_name:\n\n############\n# Prometheus\n############\n#enable_prometheus_server: \"{{ enable_prometheus | bool }}\"\n#enable_prometheus_haproxy_exporter: \"{{ enable_haproxy | bool }}\"\n#enable_prometheus_mysqld_exporter: \"{{ enable_mariadb | bool }}\"\n#enable_prometheus_node_exporter: \"{{ enable_prometheus | bool }}\"\n#enable_prometheus_cadvisor: \"{{ enable_prometheus | bool }}\"\n#enable_prometheus_fluentd_integration: \"{{ enable_prometheus | bool and enable fluentd | bool }}\"\n#enable_prometheus_memcached: \"{{ enable_prometheus | bool }}\"\n#enable_prometheus_alertmanager: \"{{ enable_prometheus | bool }}\"\n#enable_prometheus_alertmanager_external: \"{{ enable_prometheus_alertmanager | bool }}\"\n#enable_prometheus_ceph_mgr_exporter: \"no\"\n#enable_prometheus_openstack_exporter: \"{{ enable_prometheus | bool }}\"\n#enable_prometheus_elasticsearch_exporter: \"{{ enable_prometheus | bool and enable_elasticsearch | bool }}\"\n#enable_prometheus_blackbox_exporter: \"{{ enable_prometheus | bool }}\"\n#enable_prometheus_libvirt_exporter: \"{{ enable_prometheus | bool and enable_nova | bool and nova_compute_virt_type in ['kvm', 'qemu'] }}\"\n#enable_prometheus_etcd_integration: \"{{ enable_prometheus | bool and enable_etcd | bool }}\"\n#enable_prometheus_msteams: \"no\"\n\n# The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager).\n# prometheus_external_labels:\n#   <labelname>: <labelvalue>\n# By default, prometheus_external_labels is empty\n#prometheus_external_labels:\n\n# List of extra parameters passed to prometheus. You can add as many to the list.\n#prometheus_cmdline_extras:\n\n# List of extra parameters passed to cAdvisor. By default system cgroups\n# and container labels are not exposed to reduce time series cardinality.\n#prometheus_cadvisor_cmdline_extras: \"--docker_only --store_container_labels=false --disable_metrics=percpu,referenced_memory,cpu_topology,resctrl,udp,advtcp,sched,hugetlb,memory_numa,tcp,process\"\n\n# Extra parameters passed to Prometheus exporters.\n#prometheus_blackbox_exporter_cmdline_extras:\n#prometheus_elasticsearch_exporter_cmdline_extras:\n#prometheus_haproxy_exporter_cmdline_extras:\n#prometheus_memcached_exporter_cmdline_extras:\n#prometheus_mysqld_exporter_cmdline_extras:\n#prometheus_node_exporter_cmdline_extras:\n#prometheus_openstack_exporter_cmdline_extras:\n\n# Example of setting endpoints for prometheus ceph mgr exporter.\n# You should add all ceph mgr's in your external ceph deployment.\n#prometheus_ceph_mgr_exporter_endpoints:\n#  - host1:port1\n#  - host2:port2\n\n#########\n# Freezer\n#########\n# Freezer can utilize two different database backends, elasticsearch or mariadb.\n# Elasticsearch is preferred, however it is not compatible with the version deployed\n# by kolla-ansible. You must first setup an external elasticsearch with 2.3.0.\n# By default, kolla-ansible deployed mariadb is the used database backend.\n#freezer_database_backend: \"mariadb\"\n\n##########\n# Telegraf\n##########\n# Configure telegraf to use the docker daemon itself as an input for\n# telemetry data.\n#telegraf_enable_docker_input: \"no\"\n\n##########################################\n# Octavia - openstack loadbalancer Options\n##########################################\n# Whether to run Kolla Ansible's automatic configuration for Octavia.\n# NOTE: if you upgrade from Ussuri, you must set `octavia_auto_configure` to `no`\n# and keep your other Octavia config like before.\n#octavia_auto_configure: yes\n\n# Octavia amphora flavor.\n# See os_nova_flavor for details. Supported parameters:\n# - flavorid (optional)\n# - is_public (optional)\n# - name\n# - vcpus\n# - ram\n# - disk\n# - ephemeral (optional)\n# - swap (optional)\n# - extra_specs (optional)\n#octavia_amp_flavor:\n#  name: \"amphora\"\n#  is_public: no\n#  vcpus: 1\n#  ram: 1024\n#  disk: 5\n\n# Octavia security groups. lb-mgmt-sec-grp is for amphorae.\n#octavia_amp_security_groups:\n#    mgmt-sec-grp:\n#      name: \"lb-mgmt-sec-grp\"\n#      rules:\n#        - protocol: icmp\n#        - protocol: tcp\n#          src_port: 22\n#          dst_port: 22\n#        - protocol: tcp\n#          src_port: \"{{ octavia_amp_listen_port }}\"\n#          dst_port: \"{{ octavia_amp_listen_port }}\"\n\n# Octavia management network.\n# See os_network and os_subnet for details. Supported parameters:\n# - external (optional)\n# - mtu (optional)\n# - name\n# - provider_network_type (optional)\n# - provider_physical_network (optional)\n# - provider_segmentation_id (optional)\n# - shared (optional)\n# - subnet\n# The subnet parameter has the following supported parameters:\n# - allocation_pool_start (optional)\n# - allocation_pool_end (optional)\n# - cidr\n# - enable_dhcp (optional)\n# - gateway_ip (optional)\n# - name\n# - no_gateway_ip (optional)\n# - ip_version (optional)\n# - ipv6_address_mode (optional)\n# - ipv6_ra_mode (optional)\n#octavia_amp_network:\n#  name: lb-mgmt-net\n#  shared: false\n#  subnet:\n#    name: lb-mgmt-subnet\n#    cidr: \"{{ octavia_amp_network_cidr }}\"\n#    no_gateway_ip: yes\n#    enable_dhcp: yes\n\n# Octavia management network subnet CIDR.\n#octavia_amp_network_cidr: 10.1.0.0\/24\n\n#octavia_amp_image_tag: \"amphora\"\n\n# Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ]\n#octavia_loadbalancer_topology: \"SINGLE\"\n\n# The following variables are ignored as along as `octavia_auto_configure` is set to `yes`.\n#octavia_amp_image_owner_id:\n#octavia_amp_boot_network_list:\n#octavia_amp_secgroup_list:\n#octavia_amp_flavor_id:\n\n####################\n# Corosync options\n####################\n\n# this is UDP port\n#hacluster_corosync_port: 5405\n<\/code><\/pre>\n\n\n\n<p>To deploy multinode OpenStack and integrate with Ceph storage cluster, we will define our Kolla-ansible global deployment options as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/etc\/kolla\/globals.yml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>---\nworkaround_ansible_issue_8743: yes\nconfig_strategy: \"COPY_ALWAYS\"\nkolla_base_distro: \"ubuntu\"\nopenstack_release: \"2023.1\"\nkolla_internal_vip_address: \"192.168.200.254\"\nkolla_container_engine: docker\ndocker_configure_for_zun: \"yes\"\ncontainerd_configure_for_zun: \"yes\"\ndocker_apt_package_pin: \"5:20.*\"\nnetwork_address_family: \"ipv4\"\nneutron_plugin_agent: \"openvswitch\"\nenable_openstack_core: \"yes\"\nenable_glance: \"{{ enable_openstack_core | bool }}\"\nenable_haproxy: \"yes\"\nenable_keepalived: \"{{ enable_haproxy | bool }}\"\nenable_keystone: \"{{ enable_openstack_core | bool }}\"\nenable_mariadb: \"yes\"\nenable_memcached: \"yes\"\nenable_neutron: \"{{ enable_openstack_core | bool }}\"\nenable_nova: \"{{ enable_openstack_core | bool }}\"\nenable_rabbitmq: \"{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}\"\nenable_aodh: \"yes\"\nenable_ceilometer: \"yes\"\nenable_cinder: \"yes\"\nenable_cinder_backup: \"yes\"\nenable_etcd: \"yes\"\nenable_gnocchi: \"yes\"\nenable_gnocchi_statsd: \"yes\"\nenable_grafana: \"yes\"\nenable_heat: \"{{ enable_openstack_core | bool }}\"\nenable_horizon: \"{{ enable_openstack_core | bool }}\"\nenable_horizon_heat: \"{{ enable_heat | bool }}\"\nenable_horizon_zun: \"{{ enable_zun | bool }}\"\nenable_kuryr: \"yes\"\nenable_prometheus: \"yes\"\nenable_zun: \"yes\"\nexternal_ceph_cephx_enabled: \"yes\"\nceph_glance_keyring: \"ceph.client.glance.keyring\"\nceph_glance_user: \"glance\"\nceph_glance_pool_name: \"glance-images\"\nceph_cinder_keyring: \"ceph.client.cinder.keyring\"\nceph_cinder_user: \"cinder\"\nceph_cinder_pool_name: \"cinder-volume\"\nceph_cinder_backup_keyring: \"ceph.client.cinder-backup.keyring\"\nceph_cinder_backup_user: \"cinder-backup\"\nceph_cinder_backup_pool_name: \"cinder-backup\"\nglance_backend_ceph: \"yes\"\ncinder_backend_ceph: \"yes\"\n<\/code><\/pre>\n\n\n\n<p>We have enabled Ceph Glance and Cinder backends using the options:<\/p>\n\n\n\n<p>Glance:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>glance_backend_ceph<\/code>: &#8220;yes&#8221;<\/li>\n\n\n\n<li><code>ceph_glance_keyring<\/code>&nbsp;(default:&nbsp;<code>client.glance.keyring<\/code>)<\/li>\n\n\n\n<li><code>ceph_glance_user<\/code>&nbsp;(default:&nbsp;<code>glance<\/code>)<\/li>\n\n\n\n<li><code>ceph_glance_pool_name<\/code>&nbsp;(default:&nbsp;<code>images<\/code>)<\/li>\n<\/ul>\n\n\n\n<p>Cinder:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>ceph_cinder_keyring<\/code>&nbsp;(default:&nbsp;<code>client.cinder.keyring<\/code>)<\/li>\n\n\n\n<li><code>ceph_cinder_user<\/code>&nbsp;(default:&nbsp;<code>cinder<\/code>)<\/li>\n\n\n\n<li><code>ceph_cinder_pool_name<\/code>&nbsp;(default:&nbsp;<code>volumes<\/code>)<\/li>\n\n\n\n<li><code>ceph_cinder_backup_keyring<\/code>&nbsp;(default:&nbsp;<code>client.cinder-backup.keyring<\/code>)<\/li>\n\n\n\n<li><code>ceph_cinder_backup_user<\/code>&nbsp;(default:&nbsp;<code>cinder-backup<\/code>)<\/li>\n\n\n\n<li><code>ceph_cinder_backup_pool_name<\/code>&nbsp;(default:&nbsp;<code>backups<\/code>)<\/li>\n<\/ul>\n\n\n\n<p>Save and exit the globals configuration file. Update it to suit your environment setup.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"update-kolla-ansible-open-stack-nodes-inventory-file\">Update Kolla-Ansible OpenStack Nodes Inventory File<\/h4>\n\n\n\n<p>Next, open the Kolla ansible inventory configuration file and update it accordingly nodes. For storage nodes, we will set it to both compute nodes and controller nodes. The backend will be set to Ceph as defined in the global configuration file.<\/p>\n\n\n\n<p>See out multinode inventory below, for our OpenStack deployment with Ceph integration.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat multinode | grep -vE \"^#\"<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>[control]\ncontroller01 ansible_connection=local neutron_external_interface=vethext\ncontroller[02:03] neutron_external_interface=vethext\n\n[network]\ncontroller01 ansible_connection=local neutron_external_interface=vethext network_interface=br0\ncontroller[02:03] neutron_external_interface=vethext network_interface=br0\n\n[compute]\ncompute[01:02] neutron_external_interface=enp7s0 network_interface=enp1s0\n\n[monitoring]\ncontroller01 ansible_connection=local neutron_external_interface=vethext\ncontroller[02:03] neutron_external_interface=vethext\n\n[storage]\ncontroller01 ansible_connection=local neutron_external_interface=vethext network_interface=br0\ncontroller[02:03] neutron_external_interface=vethext network_interface=br0\ncompute[01:02] neutron_external_interface=enp7s0 network_interface=enp1s0\n\n[deployment]\ncontroller01       ansible_connection=local\n\n[baremetal:children]\ncontrol\nnetwork\ncompute\nstorage\nmonitoring\n\n[tls-backend:children]\ncontrol\n\n[common:children]\ncontrol\nnetwork\ncompute\nstorage\nmonitoring\n\n[collectd:children]\ncompute\n\n[grafana:children]\nmonitoring\n\n[etcd:children]\ncontrol\n\n[influxdb:children]\nmonitoring\n\n[prometheus:children]\nmonitoring\n\n[kafka:children]\ncontrol\n\n[telegraf:children]\ncompute\ncontrol\nmonitoring\nnetwork\nstorage\n\n[hacluster:children]\ncontrol\n\n[hacluster-remote:children]\ncompute\n\n[loadbalancer:children]\nnetwork\n\n[mariadb:children]\ncontrol\n\n[rabbitmq:children]\ncontrol\n\n[outward-rabbitmq:children]\ncontrol\n\n[monasca-agent:children]\ncompute\ncontrol\nmonitoring\nnetwork\nstorage\n\n[monasca:children]\nmonitoring\n\n[storm:children]\nmonitoring\n\n[keystone:children]\ncontrol\n\n[glance:children]\ncontrol\n\n[nova:children]\ncontrol\n\n[neutron:children]\nnetwork\n\n[openvswitch:children]\nnetwork\ncompute\nmanila-share\n\n[cinder:children]\ncontrol\n\n[cloudkitty:children]\ncontrol\n\n[freezer:children]\ncontrol\n\n[memcached:children]\ncontrol\n\n[horizon:children]\ncontrol\n\n[swift:children]\ncontrol\n\n[barbican:children]\ncontrol\n\n[heat:children]\ncontrol\n\n[murano:children]\ncontrol\n\n[solum:children]\ncontrol\n\n[ironic:children]\ncontrol\n\n[magnum:children]\ncontrol\n\n[sahara:children]\ncontrol\n\n[mistral:children]\ncontrol\n\n[manila:children]\ncontrol\n\n[ceilometer:children]\ncontrol\n\n[aodh:children]\ncontrol\n\n[cyborg:children]\ncontrol\ncompute\n\n[gnocchi:children]\ncontrol\n\n[tacker:children]\ncontrol\n\n[trove:children]\ncontrol\n\n[senlin:children]\ncontrol\n\n[vitrage:children]\ncontrol\n\n[watcher:children]\ncontrol\n\n[octavia:children]\ncontrol\n\n[designate:children]\ncontrol\n\n[placement:children]\ncontrol\n\n[bifrost:children]\ndeployment\n\n[zookeeper:children]\ncontrol\n\n[zun:children]\ncontrol\n\n[skyline:children]\ncontrol\n\n[redis:children]\ncontrol\n\n[blazar:children]\ncontrol\n\n[venus:children]\nmonitoring\n\n\n[cron:children]\ncommon\n\n[fluentd:children]\ncommon\n\n[kolla-logs:children]\ncommon\n\n[kolla-toolbox:children]\ncommon\n\n[opensearch:children]\ncontrol\n\n[opensearch-dashboards:children]\nopensearch\n\n[glance-api:children]\nglance\n\n[nova-api:children]\nnova\n\n[nova-conductor:children]\nnova\n\n[nova-super-conductor:children]\nnova\n\n[nova-novncproxy:children]\nnova\n\n[nova-scheduler:children]\nnova\n\n[nova-spicehtml5proxy:children]\nnova\n\n[nova-compute-ironic:children]\nnova\n\n[nova-serialproxy:children]\nnova\n\n[neutron-server:children]\ncontrol\n\n[neutron-dhcp-agent:children]\nneutron\n\n[neutron-l3-agent:children]\nneutron\n\n[neutron-metadata-agent:children]\nneutron\n\n[neutron-ovn-metadata-agent:children]\ncompute\nnetwork\n\n[neutron-bgp-dragent:children]\nneutron\n\n[neutron-infoblox-ipam-agent:children]\nneutron\n\n[neutron-metering-agent:children]\nneutron\n\n[ironic-neutron-agent:children]\nneutron\n\n[neutron-ovn-agent:children]\ncompute\nnetwork\n\n[cinder-api:children]\ncinder\n\n[cinder-backup:children]\nstorage\n\n[cinder-scheduler:children]\ncinder\n\n[cinder-volume:children]\nstorage\n\n[cloudkitty-api:children]\ncloudkitty\n\n[cloudkitty-processor:children]\ncloudkitty\n\n[freezer-api:children]\nfreezer\n\n[freezer-scheduler:children]\nfreezer\n\n[iscsid:children]\ncompute\nstorage\nironic\n\n[tgtd:children]\nstorage\n\n[manila-api:children]\nmanila\n\n[manila-scheduler:children]\nmanila\n\n[manila-share:children]\nnetwork\n\n[manila-data:children]\nmanila\n\n[swift-proxy-server:children]\nswift\n\n[swift-account-server:children]\nstorage\n\n[swift-container-server:children]\nstorage\n\n[swift-object-server:children]\nstorage\n\n[barbican-api:children]\nbarbican\n\n[barbican-keystone-listener:children]\nbarbican\n\n[barbican-worker:children]\nbarbican\n\n[heat-api:children]\nheat\n\n[heat-api-cfn:children]\nheat\n\n[heat-engine:children]\nheat\n\n[murano-api:children]\nmurano\n\n[murano-engine:children]\nmurano\n\n[monasca-agent-collector:children]\nmonasca-agent\n\n[monasca-agent-forwarder:children]\nmonasca-agent\n\n[monasca-agent-statsd:children]\nmonasca-agent\n\n[monasca-api:children]\nmonasca\n\n[monasca-log-persister:children]\nmonasca\n\n[monasca-log-metrics:children]\nmonasca\n\n[monasca-thresh:children]\nmonasca\n\n[monasca-notification:children]\nmonasca\n\n[monasca-persister:children]\nmonasca\n\n[storm-worker:children]\nstorm\n\n[storm-nimbus:children]\nstorm\n\n[ironic-api:children]\nironic\n\n[ironic-conductor:children]\nironic\n\n[ironic-inspector:children]\nironic\n\n[ironic-tftp:children]\nironic\n\n[ironic-http:children]\nironic\n\n[magnum-api:children]\nmagnum\n\n[magnum-conductor:children]\nmagnum\n\n[sahara-api:children]\nsahara\n\n[sahara-engine:children]\nsahara\n\n[solum-api:children]\nsolum\n\n[solum-worker:children]\nsolum\n\n[solum-deployer:children]\nsolum\n\n[solum-conductor:children]\nsolum\n\n[solum-application-deployment:children]\nsolum\n\n[solum-image-builder:children]\nsolum\n\n[mistral-api:children]\nmistral\n\n[mistral-executor:children]\nmistral\n\n[mistral-engine:children]\nmistral\n\n[mistral-event-engine:children]\nmistral\n\n[ceilometer-central:children]\nceilometer\n\n[ceilometer-notification:children]\nceilometer\n\n[ceilometer-compute:children]\ncompute\n\n[ceilometer-ipmi:children]\ncompute\n\n[aodh-api:children]\naodh\n\n[aodh-evaluator:children]\naodh\n\n[aodh-listener:children]\naodh\n\n[aodh-notifier:children]\naodh\n\n[cyborg-api:children]\ncyborg\n\n[cyborg-agent:children]\ncompute\n\n[cyborg-conductor:children]\ncyborg\n\n[gnocchi-api:children]\ngnocchi\n\n[gnocchi-statsd:children]\ngnocchi\n\n[gnocchi-metricd:children]\ngnocchi\n\n[trove-api:children]\ntrove\n\n[trove-conductor:children]\ntrove\n\n[trove-taskmanager:children]\ntrove\n\n[multipathd:children]\ncompute\nstorage\n\n[watcher-api:children]\nwatcher\n\n[watcher-engine:children]\nwatcher\n\n[watcher-applier:children]\nwatcher\n\n[senlin-api:children]\nsenlin\n\n[senlin-conductor:children]\nsenlin\n\n[senlin-engine:children]\nsenlin\n\n[senlin-health-manager:children]\nsenlin\n\n[octavia-api:children]\noctavia\n\n[octavia-driver-agent:children]\noctavia\n\n[octavia-health-manager:children]\noctavia\n\n[octavia-housekeeping:children]\noctavia\n\n[octavia-worker:children]\noctavia\n\n[designate-api:children]\ndesignate\n\n[designate-central:children]\ndesignate\n\n[designate-producer:children]\ndesignate\n\n[designate-mdns:children]\nnetwork\n\n[designate-worker:children]\ndesignate\n\n[designate-sink:children]\ndesignate\n\n[designate-backend-bind9:children]\ndesignate\n\n[placement-api:children]\nplacement\n\n[zun-api:children]\nzun\n\n[zun-wsproxy:children]\nzun\n\n[zun-compute:children]\ncompute\n\n[zun-cni-daemon:children]\ncompute\n\n[skyline-apiserver:children]\nskyline\n\n[skyline-console:children]\nskyline\n\n[tacker-server:children]\ntacker\n\n[tacker-conductor:children]\ntacker\n\n[vitrage-api:children]\nvitrage\n\n[vitrage-notifier:children]\nvitrage\n\n[vitrage-graph:children]\nvitrage\n\n[vitrage-ml:children]\nvitrage\n\n[vitrage-persistor:children]\nvitrage\n\n[blazar-api:children]\nblazar\n\n[blazar-manager:children]\nblazar\n\n[prometheus-node-exporter:children]\nmonitoring\ncontrol\ncompute\nnetwork\nstorage\n\n[prometheus-mysqld-exporter:children]\nmariadb\n\n[prometheus-haproxy-exporter:children]\nloadbalancer\n\n[prometheus-memcached-exporter:children]\nmemcached\n\n[prometheus-cadvisor:children]\nmonitoring\ncontrol\ncompute\nnetwork\nstorage\n\n[prometheus-alertmanager:children]\nmonitoring\n\n[prometheus-openstack-exporter:children]\nmonitoring\n\n[prometheus-elasticsearch-exporter:children]\nopensearch\n\n[prometheus-blackbox-exporter:children]\nmonitoring\n\n[prometheus-libvirt-exporter:children]\ncompute\n\n[prometheus-msteams:children]\nprometheus-alertmanager\n\n[masakari-api:children]\ncontrol\n\n[masakari-engine:children]\ncontrol\n\n[masakari-hostmonitor:children]\ncontrol\n\n[masakari-instancemonitor:children]\ncompute\n\n[ovn-controller:children]\novn-controller-compute\novn-controller-network\n\n[ovn-controller-compute:children]\ncompute\n\n[ovn-controller-network:children]\nnetwork\n\n[ovn-database:children]\ncontrol\n\n[ovn-northd:children]\novn-database\n\n[ovn-nb-db:children]\novn-database\n\n[ovn-sb-db:children]\novn-database\n\n[venus-api:children]\nvenus\n\n[venus-manager:children]\nvenus\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-kolla-ansible-passwords\">Generate Kolla-Ansible Passwords<\/h4>\n\n\n\n<p>Kolla&nbsp;<code><strong>passwords.yml<\/strong><\/code>&nbsp;configuration file stores various OpenStack services passwords. You can automatically generate the password using the Kolla-ansible&nbsp;<code>kolla-genpwd<\/code>&nbsp;in your virtual environment.<\/p>\n\n\n\n<p>Ensure that your virtual environment is activated;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>source $HOME\/kolla-ansible\/bin\/activate<\/code><\/pre>\n\n\n\n<p>Next, generate the passwords;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kolla-genpwd<\/code><\/pre>\n\n\n\n<p>All generated passwords will be populated to&nbsp;<code><strong>\/etc\/kolla\/passwords.yml<\/strong><\/code>&nbsp;file.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-open-stack-nova-for-ceph\">Configure OpenStack Nova for Ceph<\/h4>\n\n\n\n<p>Similarly, Nova libvirt needs the secret key associated with the Ceph client to authenticate and access Cinder volumes stored in the Ceph cluster.<\/p>\n\n\n\n<p>Extract Cinder secret key from the passwords file.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>grep cinder_rbd_secret \/etc\/kolla\/passwords.yml<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cinder_rbd_secret_uuid: 4fce4d52-a2c0-467a-b7b7-949a0bf614c1<\/code><\/pre>\n\n\n\n<p>Thus, define this key on Nova configuration file as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/etc\/kolla\/config\/nova\/nova-compute.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;libvirt]\nrbd_secret_uuid = 4fce4d52-a2c0-467a-b7b7-949a0bf614c1<\/code><\/pre>\n\n\n\n<p>Save and exit the file.<\/p>\n\n\n\n<p>Proceed to part 3 and final part of this series of how to integrating OpenStack with Ceph storage cluster.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/part-3-integrate-openstack-with-ceph-storage-cluster\/\" target=\"_blank\" rel=\"noreferrer noopener\">Part 3: Integrating OpenStack with Ceph Storage Cluster<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is the part 2 of our tutorial on how to integrate OpenStack with Ceph Storage cluster. In cloud computing, OpenStack and Ceph stand as<\/p>\n","protected":false},"author":10,"featured_media":19570,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,1338,1885,1886,39],"tags":[7335,7334],"class_list":["post-19554","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-ceph","category-cloud-compute","category-openstack","category-storage","tag-configure-openstack-to-use-ceph","tag-integrate-openstack-with-ceph","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/19554"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=19554"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/19554\/revisions"}],"predecessor-version":[{"id":22068,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/19554\/revisions\/22068"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/19570"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=19554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=19554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=19554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}