目次

28 Ceph ISCSI

CephのRBDを使ってiscsi gwを作成できる。
Multipathでも利用でき冗長性も確保可能。

1.tcmu-runner

RBDバックエンド tcmu-runner

https://1.chacra.ceph.com/r/tcmu-runner/master/9c84f7a4348ac326ac269fbdda507953dba6ec2c/centos/7/flavors/default/x86_64/

# ls -al
-rw-r--r-- 1 root root  41308  9月 25 10:59 libtcmu-1.5.2-1.el7.x86_64.rpm
-rw-r--r-- 1 root root   2244  9月 25 10:59 libtcmu-devel-1.5.2-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 122032  9月 25 10:58 tcmu-runner-1.5.2-1.el7.x86_64.rpm

# rpm -ivh tcmu-runner-* libtcmu-*

tcmu-runner install error

下記のようなエラーでglusterfs-apiを求められるので、入れておく。

yum -y install glusterfs-api
# rpm -ivh tcmu-runner-* libtcmu-*
error: Failed dependencies:
	glusterfs-api is needed by tcmu-runner-1.5.2-1.el7.x86_64
	libgfapi.so.0()(64bit) is needed by tcmu-runner-1.5.2-1.el7.x86_64
	libgfapi.so.0(GFAPI_3.4.0)(64bit) is needed by tcmu-runner-1.5.2-1.el7.x86_64
	libgfapi.so.0(GFAPI_3.5.0)(64bit) is needed by tcmu-runner-1.5.2-1.el7.x86_64

2.repo

# cat << EOM > /etc/yum.repos.d/ceph-iscsi.repo
[ceph-iscsi]
name=ceph-iscsi noarch packages
baseurl=http://download.ceph.com/ceph-iscsi/3/rpm/el7/noarch
enabled=1
gpgcheck=1
gpgkey=https://download.ceph.com/keys/release.asc
type=rpm-md

[ceph-iscsi-source]
name=ceph-iscsi source packages
baseurl=http://download.ceph.com/ceph-iscsi/3/rpm/el7/SRPMS
enabled=0
gpgcheck=1
gpgkey=https://download.ceph.com/keys/release.asc
type=rpm-md
EOM
# yum install ceph-iscsi targetcli

3.kernel4

Kernel4じゃないとrbd-target-apiが起動しないので、kernel4を入れる

エラー

2020-09-25 13:57:26,552 CRITICAL [rbd-target-api:2879:main()] - Secure API requested but the crt/key files missing/incompa
tible?
2020-09-25 13:57:26,552 CRITICAL [rbd-target-api:2881:main()] - Unable to start
→Kernel 4.16
http://choonrpms.choon.net/centos/7/choonrpms-kernel416/x86_64/
yum remove kernel-tools-libs
rpm -ivh kernel-*

4.cpeh-iscsi.conf用意

cat << _EOM_ > /etc/ceph/iscsi-gateway.cfg
[config]
# Name of the Ceph storage cluster. A suitable Ceph configuration file allowing
# access to the Ceph storage cluster from the gateway node is required, if not
# colocated on an OSD node.
cluster_name = ceph

# Place a copy of the ceph cluster's admin keyring in the gateway's /etc/ceph
# drectory and reference the filename here
gateway_keyring = ceph.client.admin.keyring


# API settings.
# The API supports a number of options that allow you to tailor it to your
# local environment. If you want to run the API under https, you will need to
# create cert/key files that are compatible for each iSCSI gateway node, that is
# not locked to a specific node. SSL cert and key files *must* be called
# 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the '/etc/ceph/' directory
# on *each* gateway node. With the SSL files in place, you can use 'api_secure = true'
# to switch to https mode.

# To support the API, the bear minimum settings are:
api_secure = false

# Additional API configuration options are as follows, defaults shown.
api_user = admin
api_password = admin
api_port = 5000
trusted_ip_list = 10.xxx.xxx.xx,10.xxx.xxx.xx

tpg_default_cmdsn_depth = 512
backstore_hw_queue_depth = 512
backstore_queue_depth = 512
_EOM_
/etc/ceph/iscsi-gateway.cfgの反映には、デーモンのリロードが必要
systemctl reload rbd-target-api.service

5.起動

systemctl start rbd-target-api
systemctl start rbd-target-gw

6.gwcli

gwcliでコマンドから設定可能

# gwcli
> /> cd /iscsi-target
> /iscsi-target>  create iqn.2003-01.com.redhat.iscsi-gw:iscsi-igw
> /iscsi-target> cd iqn.2003-01.com.redhat.iscsi-gw:iscsi-igw/gateways
> /iscsi-target...-igw/gateways>  create ceph001 10.xxx.xx.xx
> /iscsi-target...-igw/gateways>  create ceph002 10.xxx.xx.xx
> /iscsi-target...-igw/gateways> cd /disks
> /disks> create pool=rbd image=disk_1 size=90G
> /iscsi-target...at:rh7-client> disk add rbd/disk_1

7.dashboard

Dashboardからも設定可能

ceph dashboard set-iscsi-api-ssl-verification false
ceph dashboard iscsi-gateway-add http://admin:admin@10.xxx.xx.xx:5000
ceph dashboard iscsi-gateway-add http://admin:admin@10.xxx.xx.xx:5000
# ceph dashboard iscsi-gateway-list
{"gateways": {"ceph001": {"service_url": "http://admin:admin@10.xxx.xx.xx:5000"}}}

削除の場合

ceph dashboard iscsi-gateway-rm GATEWAY_NAME