Cinder provides an infrastructure for managing volumes in OpenStack.
Originally, this project was the Nova component called nova-volume
and starting from the Folsom OpenStack release it has become an independent
project.
This file provides the sample configurations for different use cases:
Pillar sample of a basic Cinder configuration:
The pillar structure defines
cinder-apiandcinder-schedulerinside thecontrollerrole andcinder-volumeinside the tovolumerole.cinder: controller: enabled: true version: juno cinder_uid: 304 cinder_gid: 304 nas_secure_file_permissions: false nas_secure_file_operations: false cinder_internal_tenant_user_id: f46924c112a14c80ab0a24a613d95eef cinder_internal_tenant_project_id: b7455b8974bb4064ad247c8f375eae6c default_volume_type: 7k2SaS enable_force_upload: true availability_zone_fallback: True database: engine: mysql host: 127.0.0.1 port: 3306 name: cinder user: cinder password: pwd identity: engine: keystone host: 127.0.0.1 port: 35357 tenant: service user: cinder password: pwd message_queue: engine: rabbitmq host: 127.0.0.1 port: 5672 user: openstack password: pwd virtual_host: '/openstack' backend: 7k2_SAS: engine: storwize type_name: slow-disks host: 192.168.0.1 port: 22 user: username password: pass connection: FC/iSCSI multihost: true multipath: true pool: SAS7K2 audit: enabled: false osapi_max_limit: 500 barbican: enabled: true cinder: volume: enabled: true version: juno cinder_uid: 304 cinder_gid: 304 nas_secure_file_permissions: false nas_secure_file_operations: false cinder_internal_tenant_user_id: f46924c112a14c80ab0a24a613d95eef cinder_internal_tenant_project_id: b7455b8974bb4064ad247c8f375eae6c default_volume_type: 7k2SaS enable_force_upload: true my_ip: 192.168.0.254 database: engine: mysql host: 127.0.0.1 port: 3306 name: cinder user: cinder password: pwd identity: engine: keystone host: 127.0.0.1 port: 35357 tenant: service user: cinder password: pwd message_queue: engine: rabbitmq host: 127.0.0.1 port: 5672 user: openstack password: pwd virtual_host: '/openstack' backend: 7k2_SAS: engine: storwize type_name: 7k2 SAS disk host: 192.168.0.1 port: 22 user: username password: pass connection: FC/iSCSI multihost: true multipath: true pool: SAS7K2 audit: enabled: false barbican: enabled: true
Volume vmware related options:
cinder:
volume:
backend:
vmware:
engine: vmware
host_username: vmware
host_password: vmware
cluster_names: vmware_cluster01,vmware_cluster02The CORS parameters enablement:
cinder: controller: cors: allowed_origin: https:localhost.local,http:localhost.local expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token allow_methods: GET,PUT,POST,DELETE,PATCH allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token allow_credentials: True max_age: 86400
The client-side RabbitMQ HA setup for the controller:
cinder: controller: .... message_queue: engine: rabbitmq members: - host: 10.0.16.1 - host: 10.0.16.2 - host: 10.0.16.3 user: openstack password: pwd virtual_host: '/openstack' ....
The client-side RabbitMQ HA setup for the volume component
cinder: volume: .... message_queue: engine: rabbitmq members: - host: 10.0.16.1 - host: 10.0.16.2 - host: 10.0.16.3 user: openstack password: pwd virtual_host: '/openstack' ....
Configuring TLS communications.
Note
By default, system-wide installed CA certs are used. Therefore, the
cacert_fileandcacertparameters are optional.RabbitMQ TLS:
cinder: controller, volume: message_queue: port: 5671 ssl: enabled: True (optional) cacert: cert body if the cacert_file does not exists (optional) cacert_file: /etc/openstack/rabbitmq-ca.pem (optional) version: TLSv1_2
MySQL TLS:
cinder: controller: database: ssl: enabled: True (optional) cacert: cert body if the cacert_file does not exists (optional) cacert_file: /etc/openstack/mysql-ca.pem
Openstack HTTPS API:
cinder: controller, volume: identity: protocol: https (optional) cacert_file: /etc/openstack/proxy.pem glance: protocol: https (optional) cacert_file: /etc/openstack/proxy.pem
Cinder setup with zeroing deleted volumes:
cinder: controller: enabled: true wipe_method: zero ...
Cinder setup with shreding deleted volumes:
cinder: controller: enabled: true wipe_method: shred ...
Configuration of
policy.jsonfile:cinder: controller: .... policy: 'volume:delete': 'rule:admin_or_owner' # Add key without value to remove line from policy.json 'volume:extend':
Default Cinder backend
lvm_typesetup:cinder: volume: enabled: true backend: # Type of LVM volumes to deploy; (default, thin, or auto). Auto defaults to thin if thin is supported. lvm_type: auto
Default Cinder setup with iSCSI target:
cinder: controller: enabled: true version: mitaka default_volume_type: lvmdriver-1 database: engine: mysql host: 127.0.0.1 port: 3306 name: cinder user: cinder password: pwd identity: engine: keystone host: 127.0.0.1 port: 35357 tenant: service user: cinder password: pwd message_queue: engine: rabbitmq host: 127.0.0.1 port: 5672 user: openstack password: pwd virtual_host: '/openstack' backend: lvmdriver-1: engine: lvm type_name: lvmdriver-1 volume_group: cinder-volume
Cinder setup for IBM Storwize:
cinder: volume: enabled: true backend: 7k2_SAS: engine: storwize type_name: 7k2 SAS disk host: 192.168.0.1 port: 22 user: username password: pass connection: FC/iSCSI multihost: true multipath: true pool: SAS7K2 10k_SAS: engine: storwize type_name: 10k SAS disk host: 192.168.0.1 port: 22 user: username password: pass connection: FC/iSCSI multihost: true multipath: true pool: SAS10K 15k_SAS: engine: storwize type_name: 15k SAS host: 192.168.0.1 port: 22 user: username password: pass connection: FC/iSCSI multihost: true multipath: true pool: SAS15K
Cinder setup with NFS:
cinder: controller: enabled: true default_volume_type: nfs-driver backend: nfs-driver: engine: nfs type_name: nfs-driver volume_group: cinder-volume path: /var/lib/cinder/nfs devices: - 172.16.10.110:/var/nfs/cinder options: rw,sync
Cinder setup with NetApp:
cinder: controller: backend: netapp: engine: netapp type_name: netapp user: openstack vserver: vm1 server_hostname: 172.18.2.3 password: password storage_protocol: nfs transport_type: https lun_space_reservation: enabled use_multipath_for_image_xfer: True nas_secure_file_operations: false nas_secure_file_permissions: false devices: - 172.18.1.2:/vol_1 - 172.18.1.2:/vol_2 - 172.18.1.2:/vol_3 - 172.18.1.2:/vol_4 linux: system: package: nfs-common: version: latest
Cinder setup with Hitachi VPS:
cinder: controller: enabled: true backend: hus100_backend: type_name: HUS100 backend: hus100_backend engine: hitachi_vsp connection: FC
Cinder setup with Hitachi VPS with defined
ldevrange:cinder: controller: enabled: true backend: hus100_backend: type_name: HUS100 backend: hus100_backend engine: hitachi_vsp connection: FC ldev_range: 0-1000
Cinder setup with Ceph:
cinder: controller: enabled: true backend: ceph_backend: type_name: standard-iops backend: ceph_backend pool: volumes engine: ceph user: cinder secret_uuid: da74ccb7-aa59-1721-a172-0006b1aa4e3e client_cinder_key: AQDOavlU6BsSJhAAnpFR906mvdgdfRqLHwu0Uw== report_discard_supported: True
Cinder setup with HP3par:
cinder: controller: enabled: true backend: hp3par_backend: type_name: hp3par backend: hp3par_backend user: hp3paruser password: something url: http://10.10.10.10/api/v1 cpg: OpenStackCPG host: 10.10.10.10 login: hp3paradmin sanpassword: something debug: True snapcpg: OpenStackSNAPCPG
Cinder setup with Fujitsu Eternus:
cinder: volume: enabled: true backend: 10kThinPro: type_name: 10kThinPro engine: fujitsu pool: 10kThinPro host: 192.168.0.1 port: 5988 user: username password: pass connection: FC/iSCSI name: 10kThinPro 10k_SAS: type_name: 10k_SAS pool: SAS10K engine: fujitsu host: 192.168.0.1 port: 5988 user: username password: pass connection: FC/iSCSI name: 10k_SAS
Cinder setup with IBM GPFS filesystem:
cinder: volume: enabled: true backend: GPFS-GOLD: type_name: GPFS-GOLD engine: gpfs mount_point: '/mnt/gpfs-openstack/cinder/gold' GPFS-SILVER: type_name: GPFS-SILVER engine: gpfs mount_point: '/mnt/gpfs-openstack/cinder/silver'
Cinder setup with HP LeftHand:
cinder: volume: enabled: true backend: HP-LeftHand: type_name: normal-storage engine: hp_lefthand api_url: 'https://10.10.10.10:8081/lhos' username: user password: password clustername: cluster1 iscsi_chap_enabled: false
Extra parameters for HP LeftHand:
cinder type-key normal-storage set hplh:data_pl=r-10-2 hplh:provisioning=fullCinder setup with Solidfire:
cinder: volume: enabled: true backend: solidfire: type_name: normal-storage engine: solidfire san_ip: 10.10.10.10 san_login: user san_password: password clustername: cluster1 sf_emulate_512: false sf_api_port: 14443 host: ctl01 #for compatibility with old versions sf_account_prefix: PREFIX
Cinder setup with Block Device driver:
cinder: volume: enabled: true backend: bdd: engine: bdd enabled: true type_name: bdd devices: - sdb - sdc - sdd
Enable cinder-backup service for ceph
cinder: controller: enabled: true version: mitaka backup: engine: ceph ceph_conf: "/etc/ceph/ceph.conf" ceph_pool: backup ceph_stripe_count: 0 ceph_stripe_unit: 0 ceph_user: cinder ceph_chunk_size: 134217728 restore_discard_excess_bytes: false volume: enabled: true version: mitaka backup: engine: ceph ceph_conf: "/etc/ceph/ceph.conf" ceph_pool: backup ceph_stripe_count: 0 ceph_stripe_unit: 0 ceph_user: cinder ceph_chunk_size: 134217728 restore_discard_excess_bytes: false
Auditing filter (CADF) enablement:
cinder: controller: audit: enabled: true .... filter_factory: 'keystonemiddleware.audit:filter_factory' map_file: '/etc/pycadf/cinder_api_audit_map.conf' .... volume: audit: enabled: true .... filter_factory: 'keystonemiddleware.audit:filter_factory' map_file: '/etc/pycadf/cinder_api_audit_map.conf'
Cinder setup with custom availability zones:
cinder: controller: default_availability_zone: my-default-zone storage_availability_zone: my-custom-zone-name cinder: volume: default_availability_zone: my-default-zone storage_availability_zone: my-custom-zone-name
The
default_availability_zoneis used when a volume has been created, without specifying a zone in thecreaterequest as this zone must exist in your configuration.The
storage_availability_zoneis an actual zone where the node belongs to and must be specified per each node.Cinder setup with custom non-admin volume query filters:
cinder: controller: query_volume_filters: - name - status - metadata - availability_zone - bootable
public_endpointandosapi_volume_base_url:public_endpoint- Used for configuring versions endpoint
osapi_volume_base_URL- Used to present Cinder URL to users
These parameters can be useful when running Cinder under load balancer in SSL.
cinder: controller: public_endpoint_address: https://${_param:cluster_domain}:8776
Client role definition:
cinder: client: enabled: true identity: host: 127.0.0.1 port: 35357 project: service user: cinder password: pwd protocol: http endpoint_type: internalURL region_name: RegionOne backend: ceph: type_name: standard-iops engine: ceph key: conn_speed: fibre-10G
Barbican integration enablement:
cinder: controller: barbican: enabled: true
Keystone API version specification (v3 is default):
cinder: controller: identity: api_version: v2.0
Enhanced logging with logging.conf
By default logging.conf is disabled.
You can enable per-binary logging.conf by setting the following
parameters:
openstack_log_appender- Set to
trueto enablelog_config_appendfor all OpenStack services
openstack_fluentd_handler_enabled- Set to
trueto enable FluentHandler for all Openstack services
openstack_ossyslog_handler_enabled- Set to
trueto enable OSSysLogHandler for all Openstack services
Only WatchedFileHandler, OSSysLogHandler, and FluentHandler are available.
To configure this functionality with pillar:
cinder:
controller:
logging:
log_appender: true
log_handlers:
watchedfile:
enabled: true
fluentd:
enabled: true
ossyslog:
enabled: true
volume:
logging:
log_appender: true
log_handlers:
watchedfile:
enabled: true
fluentd:
enabled: true
ossyslog:
enabled: trueDocumentation and bugs
- http://salt-formulas.readthedocs.io/
- Learn how to install and update salt-formulas
- https://github.com/salt-formulas/salt-formula-cinder/issues
- In the unfortunate event that bugs are discovered, report the issue to the appropriate issue tracker. Use the Github issue tracker for a specific salt formula
- https://launchpad.net/salt-formulas
- For feature requests, bug reports, or blueprints affecting the entire ecosystem, use the Launchpad salt-formulas project
- https://launchpad.net/~salt-formulas-users
- Join the salt-formulas-users team and subscribe to mailing list if required
- https://github.com/salt-formulas/salt-formula-cinder
- Develop the salt-formulas projects in the master branch and then submit pull requests against a specific formula
- #salt-formulas @ irc.freenode.net
- Use this IRC channel in case of any questions or feedback which is always welcome