このページの翻訳:
- 日本語 (ja)
- English (en)
最近の更新
- 02 Apache2で自己認証ssl [中間証明書の整合性確認]
最近の更新
CephのRBDを使ってiscsi gwを作成できる。
Multipathでも利用でき冗長性も確保可能。
RBDバックエンド tcmu-runner
# ls -al -rw-r--r-- 1 root root 41308 9月 25 10:59 libtcmu-1.5.2-1.el7.x86_64.rpm -rw-r--r-- 1 root root 2244 9月 25 10:59 libtcmu-devel-1.5.2-1.el7.x86_64.rpm -rw-r--r-- 1 root root 122032 9月 25 10:58 tcmu-runner-1.5.2-1.el7.x86_64.rpm # rpm -ivh tcmu-runner-* libtcmu-*
下記のようなエラーでglusterfs-apiを求められるので、入れておく。
yum -y install glusterfs-api
# rpm -ivh tcmu-runner-* libtcmu-* error: Failed dependencies: glusterfs-api is needed by tcmu-runner-1.5.2-1.el7.x86_64 libgfapi.so.0()(64bit) is needed by tcmu-runner-1.5.2-1.el7.x86_64 libgfapi.so.0(GFAPI_3.4.0)(64bit) is needed by tcmu-runner-1.5.2-1.el7.x86_64 libgfapi.so.0(GFAPI_3.5.0)(64bit) is needed by tcmu-runner-1.5.2-1.el7.x86_64
# cat << EOM > /etc/yum.repos.d/ceph-iscsi.repo [ceph-iscsi] name=ceph-iscsi noarch packages baseurl=http://download.ceph.com/ceph-iscsi/3/rpm/el7/noarch enabled=1 gpgcheck=1 gpgkey=https://download.ceph.com/keys/release.asc type=rpm-md [ceph-iscsi-source] name=ceph-iscsi source packages baseurl=http://download.ceph.com/ceph-iscsi/3/rpm/el7/SRPMS enabled=0 gpgcheck=1 gpgkey=https://download.ceph.com/keys/release.asc type=rpm-md EOM
# yum install ceph-iscsi targetcli
Kernel4じゃないとrbd-target-apiが起動しないので、kernel4を入れる
エラー
2020-09-25 13:57:26,552 CRITICAL [rbd-target-api:2879:main()] - Secure API requested but the crt/key files missing/incompa tible? 2020-09-25 13:57:26,552 CRITICAL [rbd-target-api:2881:main()] - Unable to start
→Kernel 4.16 http://choonrpms.choon.net/centos/7/choonrpms-kernel416/x86_64/ yum remove kernel-tools-libs rpm -ivh kernel-*
cat << _EOM_ > /etc/ceph/iscsi-gateway.cfg [config] # Name of the Ceph storage cluster. A suitable Ceph configuration file allowing # access to the Ceph storage cluster from the gateway node is required, if not # colocated on an OSD node. cluster_name = ceph # Place a copy of the ceph cluster's admin keyring in the gateway's /etc/ceph # drectory and reference the filename here gateway_keyring = ceph.client.admin.keyring # API settings. # The API supports a number of options that allow you to tailor it to your # local environment. If you want to run the API under https, you will need to # create cert/key files that are compatible for each iSCSI gateway node, that is # not locked to a specific node. SSL cert and key files *must* be called # 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the '/etc/ceph/' directory # on *each* gateway node. With the SSL files in place, you can use 'api_secure = true' # to switch to https mode. # To support the API, the bear minimum settings are: api_secure = false # Additional API configuration options are as follows, defaults shown. api_user = admin api_password = admin api_port = 5000 trusted_ip_list = 10.xxx.xxx.xx,10.xxx.xxx.xx tpg_default_cmdsn_depth = 512 backstore_hw_queue_depth = 512 backstore_queue_depth = 512 _EOM_
/etc/ceph/iscsi-gateway.cfgの反映には、デーモンのリロードが必要 systemctl reload rbd-target-api.service
systemctl start rbd-target-api systemctl start rbd-target-gw
gwcliでコマンドから設定可能
# gwcli > /> cd /iscsi-target > /iscsi-target> create iqn.2003-01.com.redhat.iscsi-gw:iscsi-igw > /iscsi-target> cd iqn.2003-01.com.redhat.iscsi-gw:iscsi-igw/gateways > /iscsi-target...-igw/gateways> create ceph001 10.xxx.xx.xx > /iscsi-target...-igw/gateways> create ceph002 10.xxx.xx.xx > /iscsi-target...-igw/gateways> cd /disks > /disks> create pool=rbd image=disk_1 size=90G > /iscsi-target...at:rh7-client> disk add rbd/disk_1
Dashboardからも設定可能
ceph dashboard set-iscsi-api-ssl-verification false ceph dashboard iscsi-gateway-add http://admin:admin@10.xxx.xx.xx:5000 ceph dashboard iscsi-gateway-add http://admin:admin@10.xxx.xx.xx:5000 # ceph dashboard iscsi-gateway-list {"gateways": {"ceph001": {"service_url": "http://admin:admin@10.xxx.xx.xx:5000"}}}