1. 创建存储池

[root@ceph1 ~]# ceph osd pool create libvirt-pool 128 128

查看刚刚创建的存储池:

[root@ceph1 ~]# ceph osd lspools

0 rbd,1 .rgw.root,2 default.rgw.control,3 default.rgw.meta,4 default.rgw.log,5 default.rgw.buckets.index,6 default.rgw.buckets.data,7 default.rgw.buckets.non-ec,8 libvirt-pool,

2. 创建ceph用户client.libvirt,权限限制到存储池libvirt-pool

[root@ceph1 ~]# ceph auth get-or-create client.libvirt mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=libvirt-pool'

验证:

[root@ceph1 ~]# ceph auth list

...

client.libvirt

key: AQBblU1b9FECCRAA4tW8qaBYtxTsDlaNJybZSQ==

caps: [mon] allow r

    caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=libvirt-pool

   ...

3. 把虚拟机镜像文件centos6864.qcow2.img导入存储池libvirt-pool中

[root@ceph1 ~]# qemu-img convert -f qcow2 -O raw centos6864.qcow2.img rbd:libvirt-pool/centos6864.qcow2.img

验证:

[root@ceph1 ~]# rbd -p libvirt-pool ls

centos6864.qcow2.img

4. 在libvirt中配置ceph认证需要的密钥

  • 定义密钥
[root@localhost ~]# cat > secret.xml <<EOF

<secret ephemeral='no' private='no'>

    <usage type='ceph'>

        <name>client.libvirt secret</name>

    </usage>

</secret>

virsh secret-define --file secret.xml

  • 获取密钥uuid
[root@localhost ~]# virsh secret-list

        UUID                                  Usage

--------------------------------------------------------------------------------

 fdcb5967-d3e5-4618-98f5-5919a723e414  ceph client.libvirt secret
  • 设置密钥的值
virsh secret-set-value --secret fdcb5967-d3e5-4618-98f5-5919a723e414 --base64 AQBblU1b9FECCRAA4tW8qaBYtxTsDlaNJybZSQ==

其中“AQBblU1b9FECCRAA4tW8qaBYtxTsDlaNJybZSQ==”是从上面ceph auth list的client.libvirt的key字段中得到的

5. 修改虚拟机xml文件的disk部分

[root@localhost ~]# virsh edit test
<disk type='network' device='disk'>

      <driver name='qemu'/>

      <auth username='libvirt'>

        <secret type='ceph' uuid='fdcb5967-d3e5-4618-98f5-5919a723e414'/>

      </auth>

      <source protocol='rbd' name='libvirt-pool/centos6864.qcow2.img'>

        <host name='192.168.1.15' port='6789'/>

        <host name='192.168.1.16' port='6789'/>

        <host name='192.168.1.17' port='6789'/>

      </source>

      <target dev='vda' bus='virtio'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>

</disk>
     ...

其中secret的uuid就是上面创建密钥的uuid;host配置的是ceph monitor的ip和端口,有几个monitor就写几个。

6. 开启虚拟机

[root@localhost ~]# virsh start test