このページの翻訳:
- 日本語 (ja)
- English (en)
最近の更新
- 02 Apache2で自己認証ssl [中間証明書の整合性確認]
最近の更新
CephのRBDを使ってiscsi gwを作成できる。
Multipathでも利用でき冗長性も確保可能。
RBDバックエンド tcmu-runner
# ls -al -rw-r--r-- 1 root root 41308 9月 25 10:59 libtcmu-1.5.2-1.el7.x86_64.rpm -rw-r--r-- 1 root root 2244 9月 25 10:59 libtcmu-devel-1.5.2-1.el7.x86_64.rpm -rw-r--r-- 1 root root 122032 9月 25 10:58 tcmu-runner-1.5.2-1.el7.x86_64.rpm # rpm -ivh tcmu-runner-* libtcmu-*
下記のようなエラーでglusterfs-apiを求められるので、入れておく。
yum -y install glusterfs-api
# rpm -ivh tcmu-runner-* libtcmu-* error: Failed dependencies: glusterfs-api is needed by tcmu-runner-1.5.2-1.el7.x86_64 libgfapi.so.0()(64bit) is needed by tcmu-runner-1.5.2-1.el7.x86_64 libgfapi.so.0(GFAPI_3.4.0)(64bit) is needed by tcmu-runner-1.5.2-1.el7.x86_64 libgfapi.so.0(GFAPI_3.5.0)(64bit) is needed by tcmu-runner-1.5.2-1.el7.x86_64
# cat << EOM > /etc/yum.repos.d/ceph-iscsi.repo [ceph-iscsi] name=ceph-iscsi noarch packages baseurl=http://download.ceph.com/ceph-iscsi/3/rpm/el7/noarch enabled=1 gpgcheck=1 gpgkey=https://download.ceph.com/keys/release.asc type=rpm-md [ceph-iscsi-source] name=ceph-iscsi source packages baseurl=http://download.ceph.com/ceph-iscsi/3/rpm/el7/SRPMS enabled=0 gpgcheck=1 gpgkey=https://download.ceph.com/keys/release.asc type=rpm-md EOM
# yum install ceph-iscsi targetcli
Kernel4じゃないとrbd-target-apiが起動しないので、kernel4を入れる
エラー
2020-09-25 13:57:26,552 CRITICAL [rbd-target-api:2879:main()] - Secure API requested but the crt/key files missing/incompa tible? 2020-09-25 13:57:26,552 CRITICAL [rbd-target-api:2881:main()] - Unable to start
→Kernel 4.16 http://choonrpms.choon.net/centos/7/choonrpms-kernel416/x86_64/ yum remove kernel-tools-libs rpm -ivh kernel-*
cat << _EOM_ > /etc/ceph/iscsi-gateway.cfg
[config]
# Name of the Ceph storage cluster. A suitable Ceph configuration file allowing
# access to the Ceph storage cluster from the gateway node is required, if not
# colocated on an OSD node.
cluster_name = ceph
# Place a copy of the ceph cluster's admin keyring in the gateway's /etc/ceph
# drectory and reference the filename here
gateway_keyring = ceph.client.admin.keyring
# API settings.
# The API supports a number of options that allow you to tailor it to your
# local environment. If you want to run the API under https, you will need to
# create cert/key files that are compatible for each iSCSI gateway node, that is
# not locked to a specific node. SSL cert and key files *must* be called
# 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the '/etc/ceph/' directory
# on *each* gateway node. With the SSL files in place, you can use 'api_secure = true'
# to switch to https mode.
# To support the API, the bear minimum settings are:
api_secure = false
# Additional API configuration options are as follows, defaults shown.
api_user = admin
api_password = admin
api_port = 5000
trusted_ip_list = 10.xxx.xxx.xx,10.xxx.xxx.xx
tpg_default_cmdsn_depth = 512
backstore_hw_queue_depth = 512
backstore_queue_depth = 512
_EOM_
/etc/ceph/iscsi-gateway.cfgの反映には、デーモンのリロードが必要 systemctl reload rbd-target-api.service
systemctl start rbd-target-api systemctl start rbd-target-gw
gwcliでコマンドから設定可能
# gwcli > /> cd /iscsi-target > /iscsi-target> create iqn.2003-01.com.redhat.iscsi-gw:iscsi-igw > /iscsi-target> cd iqn.2003-01.com.redhat.iscsi-gw:iscsi-igw/gateways > /iscsi-target...-igw/gateways> create ceph001 10.xxx.xx.xx > /iscsi-target...-igw/gateways> create ceph002 10.xxx.xx.xx > /iscsi-target...-igw/gateways> cd /disks > /disks> create pool=rbd image=disk_1 size=90G > /iscsi-target...at:rh7-client> disk add rbd/disk_1
Dashboardからも設定可能
ceph dashboard set-iscsi-api-ssl-verification false ceph dashboard iscsi-gateway-add http://admin:admin@10.xxx.xx.xx:5000 ceph dashboard iscsi-gateway-add http://admin:admin@10.xxx.xx.xx:5000 # ceph dashboard iscsi-gateway-list {"gateways": {"ceph001": {"service_url": "http://admin:admin@10.xxx.xx.xx:5000"}}}