1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
|
=================================
Using libvirt with Ceph RBD
=================================
.. index:: Ceph Block Device; livirt
The ``libvirt`` library creates a virtual machine abstraction layer between
hypervisor interfaces and the software applications that use them. With
``libvirt``, developers and system administrators can focus on a common
management framework, common API, and common shell interface (i.e., ``virsh``)
to many different hypervisors, including:
- QEMU/KVM
- XEN
- LXC
- VirtualBox
- etc.
Ceph block devices support QEMU/KVM. You can use Ceph block devices with
software that interfaces with ``libvirt``. The following stack diagram
illustrates how ``libvirt`` and QEMU use Ceph block devices via ``librbd``.
.. ditaa::
+---------------------------------------------------+
| libvirt |
+------------------------+--------------------------+
|
| configures
v
+---------------------------------------------------+
| QEMU |
+---------------------------------------------------+
| librbd |
+---------------------------------------------------+
| librados |
+------------------------+-+------------------------+
| OSDs | | Monitors |
+------------------------+ +------------------------+
The most common ``libvirt`` use case involves providing Ceph block devices to
cloud solutions like OpenStack or CloudStack. The cloud solution uses
``libvirt`` to interact with QEMU/KVM, and QEMU/KVM interacts with Ceph block
devices via ``librbd``. See `Block Devices and OpenStack`_ and `Block Devices
and CloudStack`_ for details. See `Installation`_ for installation details.
You can also use Ceph block devices with ``libvirt``, ``virsh`` and the
``libvirt`` API. See `libvirt Virtualization API`_ for details.
To create VMs that use Ceph block devices, use the procedures in the following
sections. In the exemplary embodiment, we have used ``libvirt-pool`` for the pool
name, ``client.libvirt`` for the user name, and ``new-libvirt-image`` for the
image name. You may use any value you like, but ensure you replace those values
when executing commands in the subsequent procedures.
Configuring Ceph
================
To configure Ceph for use with ``libvirt``, perform the following steps:
#. `Create a pool`_. The following example uses the
pool name ``libvirt-pool``.::
ceph osd pool create libvirt-pool
Verify the pool exists. ::
ceph osd lspools
#. Use the ``rbd`` tool to initialize the pool for use by RBD::
rbd pool init <pool-name>
#. `Create a Ceph User`_ (or use ``client.admin`` for version 0.9.7 and
earlier). The following example uses the Ceph user name ``client.libvirt``
and references ``libvirt-pool``. ::
ceph auth get-or-create client.libvirt mon 'profile rbd' osd 'profile rbd pool=libvirt-pool'
Verify the name exists. ::
ceph auth ls
**NOTE**: ``libvirt`` will access Ceph using the ID ``libvirt``,
not the Ceph name ``client.libvirt``. See `User Management - User`_ and
`User Management - CLI`_ for a detailed explanation of the difference
between ID and name.
#. Use QEMU to `create an image`_ in your RBD pool.
The following example uses the image name ``new-libvirt-image``
and references ``libvirt-pool``. ::
qemu-img create -f rbd rbd:libvirt-pool/new-libvirt-image 2G
Verify the image exists. ::
rbd -p libvirt-pool ls
**NOTE:** You can also use `rbd create`_ to create an image, but we
recommend ensuring that QEMU is working properly.
.. tip:: Optionally, if you wish to enable debug logs and the admin socket for
this client, you can add the following section to ``/etc/ceph/ceph.conf``::
[client.libvirt]
log file = /var/log/ceph/qemu-guest-$pid.log
admin socket = /var/run/ceph/$cluster-$type.$id.$pid.$cctid.asok
The ``client.libvirt`` section name should match the cephx user you created
above.
If SELinux or AppArmor is enabled, note that this could prevent the client
process (qemu via libvirt) from doing some operations, such as writing logs
or operate the images or admin socket to the destination locations (``/var/
log/ceph`` or ``/var/run/ceph``). Additionally, make sure that the libvirt
and qemu users have appropriate access to the specified directory.
Preparing the VM Manager
========================
You may use ``libvirt`` without a VM manager, but you may find it simpler to
create your first domain with ``virt-manager``.
#. Install a virtual machine manager. See `KVM/VirtManager`_ for details. ::
sudo apt-get install virt-manager
#. Download an OS image (if necessary).
#. Launch the virtual machine manager. ::
sudo virt-manager
Creating a VM
=============
To create a VM with ``virt-manager``, perform the following steps:
#. Press the **Create New Virtual Machine** button.
#. Name the new virtual machine domain. In the exemplary embodiment, we
use the name ``libvirt-virtual-machine``. You may use any name you wish,
but ensure you replace ``libvirt-virtual-machine`` with the name you
choose in subsequent commandline and configuration examples. ::
libvirt-virtual-machine
#. Import the image. ::
/path/to/image/recent-linux.img
**NOTE:** Import a recent image. Some older images may not rescan for
virtual devices properly.
#. Configure and start the VM.
#. You may use ``virsh list`` to verify the VM domain exists. ::
sudo virsh list
#. Login to the VM (root/root)
#. Stop the VM before configuring it for use with Ceph.
Configuring the VM
==================
When configuring the VM for use with Ceph, it is important to use ``virsh``
where appropriate. Additionally, ``virsh`` commands often require root
privileges (i.e., ``sudo``) and will not return appropriate results or notify
you that root privileges are required. For a reference of ``virsh``
commands, refer to `Virsh Command Reference`_.
#. Open the configuration file with ``virsh edit``. ::
sudo virsh edit {vm-domain-name}
Under ``<devices>`` there should be a ``<disk>`` entry. ::
<devices>
<emulator>/usr/bin/kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/path/to/image/recent-linux.img'/>
<target dev='vda' bus='virtio'/>
<address type='drive' controller='0' bus='0' unit='0'/>
</disk>
Replace ``/path/to/image/recent-linux.img`` with the path to the OS image.
The minimum kernel for using the faster ``virtio`` bus is 2.6.25. See
`Virtio`_ for details.
**IMPORTANT:** Use ``sudo virsh edit`` instead of a text editor. If you edit
the configuration file under ``/etc/libvirt/qemu`` with a text editor,
``libvirt`` may not recognize the change. If there is a discrepancy between
the contents of the XML file under ``/etc/libvirt/qemu`` and the result of
``sudo virsh dumpxml {vm-domain-name}``, then your VM may not work
properly.
#. Add the Ceph RBD image you created as a ``<disk>`` entry. ::
<disk type='network' device='disk'>
<source protocol='rbd' name='libvirt-pool/new-libvirt-image'>
<host name='{monitor-host}' port='6789'/>
</source>
<target dev='vdb' bus='virtio'/>
</disk>
Replace ``{monitor-host}`` with the name of your host, and replace the
pool and/or image name as necessary. You may add multiple ``<host>``
entries for your Ceph monitors. The ``dev`` attribute is the logical
device name that will appear under the ``/dev`` directory of your
VM. The optional ``bus`` attribute indicates the type of disk device to
emulate. The valid settings are driver specific (e.g., "ide", "scsi",
"virtio", "xen", "usb" or "sata").
See `Disks`_ for details of the ``<disk>`` element, and its child elements
and attributes.
#. Save the file.
#. If your Ceph Storage Cluster has `Ceph Authentication`_ enabled (it does by
default), you must generate a secret. ::
cat > secret.xml <<EOF
<secret ephemeral='no' private='no'>
<usage type='ceph'>
<name>client.libvirt secret</name>
</usage>
</secret>
EOF
#. Define the secret. ::
sudo virsh secret-define --file secret.xml
{uuid of secret}
#. Get the ``client.libvirt`` key and save the key string to a file. ::
ceph auth get-key client.libvirt | sudo tee client.libvirt.key
#. Set the UUID of the secret. ::
sudo virsh secret-set-value --secret {uuid of secret} --base64 $(cat client.libvirt.key) && rm client.libvirt.key secret.xml
You must also set the secret manually by adding the following ``<auth>``
entry to the ``<disk>`` element you entered earlier (replacing the
``uuid`` value with the result from the command line example above). ::
sudo virsh edit {vm-domain-name}
Then, add ``<auth></auth>`` element to the domain configuration file::
...
</source>
<auth username='libvirt'>
<secret type='ceph' uuid='{uuid of secret}'/>
</auth>
<target ...
**NOTE:** The exemplary ID is ``libvirt``, not the Ceph name
``client.libvirt`` as generated at step 2 of `Configuring Ceph`_. Ensure
you use the ID component of the Ceph name you generated. If for some reason
you need to regenerate the secret, you will have to execute
``sudo virsh secret-undefine {uuid}`` before executing
``sudo virsh secret-set-value`` again.
Summary
=======
Once you have configured the VM for use with Ceph, you can start the VM.
To verify that the VM and Ceph are communicating, you may perform the
following procedures.
#. Check to see if Ceph is running::
ceph health
#. Check to see if the VM is running. ::
sudo virsh list
#. Check to see if the VM is communicating with Ceph. Replace
``{vm-domain-name}`` with the name of your VM domain::
sudo virsh qemu-monitor-command --hmp {vm-domain-name} 'info block'
#. Check to see if the device from ``<target dev='vdb' bus='virtio'/>`` exists::
virsh domblklist {vm-domain-name} --details
If everything looks okay, you may begin using the Ceph block device
within your VM.
.. _Installation: ../../install
.. _libvirt Virtualization API: http://www.libvirt.org
.. _Block Devices and OpenStack: ../rbd-openstack
.. _Block Devices and CloudStack: ../rbd-cloudstack
.. _Create a pool: ../../rados/operations/pools#create-a-pool
.. _Create a Ceph User: ../../rados/operations/user-management#add-a-user
.. _create an image: ../qemu-rbd#creating-images-with-qemu
.. _Virsh Command Reference: http://www.libvirt.org/virshcmdref.html
.. _KVM/VirtManager: https://help.ubuntu.com/community/KVM/VirtManager
.. _Ceph Authentication: ../../rados/configuration/auth-config-ref
.. _Disks: http://www.libvirt.org/formatdomain.html#elementsDisks
.. _rbd create: ../rados-rbd-cmds#creating-a-block-device-image
.. _User Management - User: ../../rados/operations/user-management#user
.. _User Management - CLI: ../../rados/operations/user-management#command-line-usage
.. _Virtio: http://www.linux-kvm.org/page/Virtio
|