Questo contenuto non è disponibile nella lingua selezionata.

Chapter 3. Configuring OpenStack Compute storage


This chapter describes the architecture for the back-end storage of images in OpenStack Compute (nova), and provides basic configuration options.

3.1. Architecture overview

In Red Hat OpenStack Platform, the OpenStack Compute service uses the KVM hypervisor to execute compute workloads. The libvirt driver handles all interactions with KVM, and enables the creation of virtual machines.

Two types of libvirt storage must be considered for Compute:

  • Base image, which is a cached and formatted copy of the Image service image.
  • Instance disk, which is created using the libvirt base and is the back end for the virtual machine instance. Instance disk data can be stored either in Compute’s ephemeral storage (using the libvirt base) or in persistent storage (for example, using Block Storage).

Creation of Virtual Machines

The steps that Compute takes to create a virtual machine instance are:

  1. Cache the Image service’s backing image as the libvirt base.
  2. Convert the base image to the raw format (if configured).
  3. Resize the base image to match the VM’s flavor specifications.
  4. Use the base image to create the libvirt instance disk.

In the diagram above, the #1 instance disk uses ephemeral storage; the #2 disk uses a block-storage volume.

Ephemeral storage is an empty, unformatted, additional disk available to an instance. This storage value is defined by the instance flavor. The value provided by the user must be less than or equal to the ephemeral value defined for the flavor. The default value is 0, meaning no ephemeral storage is created.

The ephemeral disk appears in the same way as a plugged-in hard drive or thumb drive. It is available as a block device which you can check using the lsblk command. You can format it, mount it, and use it however you normally would a block device. There is no way to preserve or reference that disk beyond the instance it is attached to.

Block storage volume is persistant storage available to an instance regardless of the state of the running instance.

3.2. Configuration

You can configure performance tuning and security for your virtual disks by customizing the Compute (nova) configuration files. Compute is configured in custom environment files and Heat templates using the parameters detailed in the Compute (nova) Parameters section in the Overcloud Parameters guide. This configuration is generated and stored in the /var/lib/config-data/puppet-generated/<nova_container>/etc/nova/nova.conf file, as detailed in the following table.

Expand
Table 3.1. Compute Image Parameters
SectionParameterDescriptionDefault

[DEFAULT]

force_raw_images

Whether to convert a non-raw cached base image to be raw (boolean). If a non-raw image is converted to raw, Compute:

  • Disallows backing files (which might be a security issue).
  • Removes existing compression (to avoid CPU bottlenecks).

Converting the base to raw uses more space for any image that could have been used directly by the hypervisor (for example, a qcow2 image). If you have a system with slower I/O or less available space, you might want to specify false, trading the higher CPU requirements of compression for that of minimized input bandwidth.

Raw base images are always used with libvirt_images_type=lvm.

true

[DEFAULT]

use_cow_images

Whether to use CoW (Copy on Write) images for libvirt instance disks (boolean):

  • false - The raw format is used. Without CoW, more space is used for common parts of the disk image
  • true - The cqow2 format is used. With CoW, depending on the backing store and host caching, there may be better concurrency achieved by having each VM operate on its own copy.

true

[DEFAULT]

preallocate_images

Preallocation mode for libvirt instance disks. Value can be:

  • none - No storage is provisioned at instance start.
  • space - Storage is fully allocated at instance start (using fallocate), which can help with both space guarantees and I/O performance.

Even when not using CoW instance disks, the copy each VM gets is sparse and so the VM may fail unexpectedly at run time with ENOSPC. By running fallocate(1) on the instance disk images, Compute immediately and efficiently allocates the space for them in the file system (if supported). Run time performance should also be improved because the file system does not have to dynamically allocate blocks at run time (reducing CPU overhead and more importantly file fragmentation).

none

[DEFAULT]

resize_fs_using_block_device

Whether to enable direct resizing of the base image by accessing the image over a block device (boolean). This is only necessary for images with older versions of cloud-init (that cannot resize themselves).

Because this parameter enables the direct mounting of images which might otherwise be disabled for security reasons, it is not enabled by default.

false

[DEFAULT]

default_ephemeral_format

The default format that is used for a new ephemeral volume. Value can be: ext2, ext3, or ext4. The ext4 format provides much faster initialization times than ext3 for new, large disks. You can also override per instance using the guest_format configuration option.

ext4

[DEFAULT]

image_cache_manager_interval

Number of seconds to wait between runs of the image cache manager, which impacts base caching on libvirt compute nodes. This period is used in the auto removal of unused cached images (see remove_unused_base_images and remove_unused_original_minimum_age_seconds).

2400

[DEFAULT]

remove_unused_base_images

Whether to enable the automatic removal of unused base images (checked every image_cache_manager_interval seconds). Images are defined as unused if they have not been accessed in remove_unused_original_minimum_age_seconds seconds.

true

[DEFAULT]

remove_unused_original_minimum_age_seconds

How old an unused base image must be before being removed from the libvirt cache (see remove_unused_base_images).

86400

[libvirt]

images_type

Image type to use for libvirt instance disks (deprecates use_cow_images). Value can be: raw, qcow2, lvm, rbd, or default. If default is specified, the value used for the use_cow_images parameter is used.

default

As an administrator, if you want to prevent user request token timeouts when attaching or detaching volumes, you must enable service tokens on all overcloud nodes that run the Compute (nova) service or the Block Storage (cinder) service.

Procedure

  1. Create an environment file to configure the service tokens, such as service_tokens.yaml.
  2. Add the following configuration parameters to the service token environment file:

    parameter_defaults:
      ComputeExtraConfig:
        nova::config::nova_config:
          service_user/send_service_user_token:
            value: true
          service_user/username:
            value: nova
          service_user/auth_strategy:
            value: keystone
          service_user/auth_type:
            value: password
          service_user/password:
            value: "%{hiera('nova::placement::password')}"
          service_user/auth_url:
            value: "%{hiera('nova::placement::auth_url')}"
          service_user/user_domain_name:
            value: "Default"
          service_user/project_name:
            value: "%{hiera('nova::placement::project_name')}"
          service_user/project_default_name:
            value: "Default"
    
      ControllerExtraConfig:
        nova::config::nova_config:
          keystone_authtoken/service_token_roles_required:
            value: true
          keystone_authtoken/service_token_roles:
            value: admin
          service_user/send_service_user_token:
            value: true
          service_user/username:
            value: nova
          service_user/auth_strategy:
            value: keystone
          service_user/auth_type:
            value: password
          service_user/password:
            value: "%{hiera('nova::keystone::authtoken::password')}"
          service_user/auth_url:
            value: "%{hiera('nova::keystone::authtoken::auth_url')}"
          service_user/user_domain_name:
            value: "%{hiera('nova::keystone::authtoken::user_domain_name')}"
          service_user/project_name:
            value: "%{hiera('nova::keystone::authtoken::project_name')}"
          service_user/project_domain_name:
            value: "%{hiera('nova::keystone::authtoken::project_domain_name')}"
    
        cinder::config::cinder_config:
          keystone_authtoken/service_token_roles_required:
            value: true
          keystone_authtoken/service_token_roles:
            value: admin
          service_user/send_service_user_token:
            value: true
          service_user/username:
            value: cinder
          service_user/auth_strategy:
            value: keystone
          service_user/auth_type:
            value: password
          service_user/password:
            value: "%{hiera('cinder::keystone::authtoken::password')}"
          service_user/auth_url:
            value: "%{hiera('cinder::keystone::authtoken::auth_url')}"
          service_user/user_domain_name:
            value: "%{hiera('cinder::keystone::authtoken::user_domain_name')}"
          service_user/project_name:
            value: "%{hiera('cinder::keystone::authtoken::project_name')}"
          service_user/project_domain_name:
            value: "%{hiera('cinder::keystone::authtoken::project_domain_name')}"
    
      BlockStorageExtraConfig:
        cinder::config::cinder_config:
          keystone_authtoken/service_token_roles_required:
            value: true
          keystone_authtoken/service_token_roles:
            value: admin
          service_user/send_service_user_token:
            value: true
          service_user/username:
            value: cinder
          service_user/auth_strategy:
            value: keystone
          service_user/auth_type:
            value: password
          service_user/password:
            value: "%{hiera('cinder::keystone::authtoken::password')}"
          service_user/auth_url:
            value: "%{hiera('cinder::keystone::authtoken::auth_url')}"
          service_user/user_domain_name:
            value: "%{hiera('cinder::keystone::authtoken::user_domain_name')}"
          service_user/project_name:
            value: "%{hiera('cinder::keystone::authtoken::project_name')}"
          service_user/project_domain_name:
            value: "%{hiera('cinder::keystone::authtoken::project_domain_name')}"
    Copy to Clipboard Toggle word wrap
  3. Add the service token environment file to the stack with your other environment files and deploy the overcloud:

    (undercloud)$ openstack overcloud deploy --templates \
     -e [your environment files] \
     -e /home/stack/templates/service_tokens.yaml \
    Copy to Clipboard Toggle word wrap
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat