2021-08-27 第二天: ceph的進階使用
阿新 • • 發佈:2021-08-29
一:CephX 認證機制
Ceph 使用 cephx 協議對客戶端進行身份認證,cephx 用於對 ceph 儲存的資料進行認證訪問和授權,用於對訪問 ceph 的請求進行認證和授權檢測,與 mon 通訊的請求都要經過 ceph 認證通過,但是也可以在 mon 節點關閉 cephx認證,但是關閉認證之後任何訪問都將被允許,因此無法保證資料的安全性。 1.1授權流程 每個 mon 節點都可以對客戶端進行身份認證並分發祕鑰,因此多個 mon 節點就不存在單點故障和認證效能瓶頸。 mon 節點會返回用於身份認證的資料結構,其中包含獲取 ceph 服務時用到的 session key,session key 通 過 客 戶 端 祕 鑰 進 行 加 密 , 祕 鑰 是 在 客 戶 端 提 前 配 置 好 的 ,/etc/ceph/ceph.client.admin.keyring 1.2訪問流程#node節點 test@ceph-node1:~$ cat /etc/ceph/ceph.client.admin.keyring [client.admin] key = AQD55h9h5ICUJBAAfk/2gBzkwU+G8bfqY023Yg== caps mds = "allow *" caps mgr = "allow *" caps mon = "allow *" caps osd = "allow *"
1.4ceph 授權和使能
ceph 基於使能/能力(Capabilities,簡稱 caps )來描述使用者可針對 MON/OSD 或 MDS 使用的授權範圍或級別。能力一覽表: r:向用戶授予讀取許可權。訪問監視器(mon)以檢索 CRUSH 執行圖時需具有此能力。 w:向用戶授予針對物件的寫入許可權。 x:授予使用者呼叫類方法(包括讀取和寫入)的能力,以及在監視器中執行auth 操作的能力。*:授予使用者對特定守護程序/儲存池的讀取、寫入和執行許可權,以及執行管理命令的能力 class-read:授予使用者呼叫類讀取方法的能力,屬於是 x 能力的子集。 class-write:授予使用者呼叫類寫入方法的能力,屬於是 x 能力的子集。
MON 能力:
包括 r/w/x 和 allow profile cap(ceph 的執行圖)例如: mon 'allow rwx' mon 'allow profile osdOSD 能力:
包括 r、w、x、class-read、class-write(類讀取))和 profile osd(類寫入),另外 OSD 能力還允 許進行儲存池和名稱空間設定。MDS 能力:
只需要 allow 或空都表示允許。 mds 'allow
1.5 列出指定使用者
#deploy節點
test@ceph-deploy:~/ceph-cluster$ ceph auth ls #列出所以使用者
test@ceph-deploy:~/ceph-cluster$ ceph auth get osd.10 [osd.10] key = AQDNBilhkPDRKRAABW8mMaGrYMwYHVVVjtOU0g== caps mgr = "allow profile osd" caps mon = "allow profile osd" caps osd = "allow *" exported keyring for osd.10 test@ceph-deploy:~/ceph-cluster$ ceph auth get osd #write keyring file with requested key test@ceph-deploy:~/ceph-cluster$ ceph auth get osd.10 [osd.10] key = AQDNBilhkPDRKRAABW8mMaGrYMwYHVVVjtOU0g== caps mgr = "allow profile osd" caps mon = "allow profile osd" caps osd = "allow *" exported keyring for osd.10 test@ceph-deploy:~/ceph-cluster$ ceph auth get client.admin [client.admin] key = AQD55h9h5ICUJBAAfk/2gBzkwU+G8bfqY023Yg== caps mds = "allow *" caps mgr = "allow *" caps mon = "allow *" caps osd = "allow *" exported keyring for client.admin
1.6 ceph使用者管理
使用者管理功能可讓 Ceph 叢集管理員能夠直接在 Ceph 叢集中建立、更新和刪除使用者。在 Ceph 叢集中建立或刪除使用者時,可能需要將金鑰分發到客戶端,以便將金鑰新增到金鑰環檔案中/etc/ceph/ceph.client.admin.keyring,此檔案中可以包含一個或者多個使用者認證資訊,凡是擁有此檔案的節點,將具備訪問 ceph 的許可權,而且可以使用其中任何一個賬戶的許可權 1.61列出使用者#deploy節點 test@ceph-deploy:~/ceph-cluster$ ceph auth ls mds.ceph-mgr1 key: AQA5UyhhXsY/MBAAgv/L+/cKMPx4fy+V2Cm+vg== caps: [mds] allow caps: [mon] allow profile mds caps: [osd] allow rwx osd.0 key: AQAswSBh2jDUERAA+jfMZKocn+OjdFYZf7lrbg== caps: [mgr] allow profile osd caps: [mon] allow profile osd caps: [osd] allow * osd.1 key: AQBjwSBhhYroNRAAO5+aqRxoaYGiMnI8FZegZw== caps: [mgr] allow profile osd caps: [mon] allow profile osd caps: [osd] allow * osd.10 key: AQDNBilhkPDRKRAABW8mMaGrYMwYHVVVjtOU0g== caps: [mgr] allow profile osd caps: [mon] allow profile osd caps: [osd] allow * osd.11 key: AQDfBilhKPzvGBAAVx7+GDBZlXkdRdLQM/qypw== caps: [mgr] allow profile osd caps: [mon] allow profile osd caps: [osd] allow *1.62 使用者管理 新增一個使用者會建立使用者名稱、金鑰,以及包含在命令中用於建立該使用者的所有能力,使用者可使用其金鑰向Ceph儲存叢集進行身份驗證。使用者的能力授予該使用者在 Cephmonitor (mon)、Ceph OSD (osd) 或Ceph 元資料伺服器 (mds) 上進行讀取、寫入或執行的能力 1.62.1新增使用者 新增使用者的規範方法:它會建立使用者、生成金鑰,並新增所有指定的能力
#deploy節點 test@ceph-deploy:~/ceph-cluster$ ceph auth -h auth add <entity> [<caps>...] #新增認證 key test@ceph-deploy:~/ceph-cluster$ ceph auth add client.tom mon 'allow r' osd 'allow rwx pool=mypool' 0added key for client.tom #驗證key test@ceph-deploy:~/ceph-cluster$ ceph auth get client.tom [client.tom] key = AQBvVipheB/5DhAAaABVJGZbBlneBJUNoWfowg== caps mon = "allow r" caps osd = "allow rwx pool=mypool" exported keyring for client.tom
1.62.2ceph auth get-or-create
ceph auth get-or-create 此命令是建立使用者較為常見的方式之一,它會返回包含使用者名稱和金鑰的金鑰文,如果該使用者已存在,此命令只以金鑰檔案格式返回使用者名稱和金鑰,還可以使用 -o 指定檔名選項將輸出儲存到某個檔案#建立使用者 test@ceph-deploy:~/ceph-cluster$ ceph auth get-or-create client.test mon 'allow r' osd 'allow rwx pool=mypool' [client.test] key = AQAYVyphyzZdGxAAYZlScsmbAf3mK9zyuaod6g== #驗證使用者 test@ceph-deploy:~/ceph-cluster$ ceph auth get client.test [client.test] key = AQAYVyphyzZdGxAAYZlScsmbAf3mK9zyuaod6g== caps mon = "allow r" caps osd = "allow rwx pool=mypool" exported keyring for client.test #再次建立使用者 test@ceph-deploy:~/ceph-cluster$ ceph auth get-or-create client.test mon 'allow r' osd 'allow rwx pool=mypool' [client.test] key = AQAYVyphyzZdGxAAYZlScsmbAf3mK9zyuaod6g==
1.62.3ceph auth get-or-create-key
此命令是建立使用者並僅返回使用者金鑰,對於只需要金鑰的客戶端(例如 libvirt),此命令非常有用。如果該使用者已存在,此命令只返回金鑰。您可以使用 -o 檔名選項將輸出儲存到某個檔案。 建立客戶端使用者時,可以建立不具有能力的使用者。不具有能力的使用者可以進行身份驗證,但不能執行其他操作,此類客戶端無法從監視器檢索叢集地圖,但是,如果希望稍後再新增能力,可以使用 ceph auth caps 命令建立一個不具有能力的使用者。 典型的使用者至少對 Ceph monitor 具有讀取功能,並對 Ceph OSD 具有讀取和寫入功能。此外,使用者的 OSD 許可權通常限制為只能訪問特定的儲存池#使用者有 key 就顯示沒有就建立 test@ceph-deploy:~/ceph-cluster$ ceph auth get-or-create-key client.test mon 'allow r' osd 'allow rwx pool=mypool' AQAYVyphyzZdGxAAYZlScsmbAf3mK9zyuaod6g==
1.62.4ceph auth print-key
#獲取單個指定使用者的key test@ceph-deploy:~/ceph-cluster$ ceph auth print-key client.test AQAYVyphyzZdGxAAYZlScsmbAf3mK9zyuaod6g==test
1.62.5修改使用者能力
使用 ceph auth caps 命令可以指定使用者以及更改該使用者的能力,設定新能力會完全覆蓋當前的能力,因此要加上之前的使用者已經擁有的能和新的能力,如果看當前能力,可以執行 cephauth get USERTYPE.USERID#檢視使用者當前許可權 test@ceph-deploy:~/ceph-cluster$ ceph auth get client.test [client.test] key = AQAYVyphyzZdGxAAYZlScsmbAf3mK9zyuaod6g== caps mon = "allow r" caps osd = "allow rwx pool=mypool" exported keyring for client.test #修改許可權 test@ceph-deploy:~/ceph-cluster$ ceph auth caps client.test mon 'allow r' osd 'allow rw pool=mypool' updated caps for client.test #驗證許可權 test@ceph-deploy:~/ceph-cluster$ ceph auth get client.test [client.test] key = AQAYVyphyzZdGxAAYZlScsmbAf3mK9zyuaod6g== caps mon = "allow r" caps osd = "allow rw pool=mypool" exported keyring for client.test1.62.6刪除使用者 要刪除使用者使用 ceph auth del TYPE.ID,其中 TYPE 是 client、osd、mon 或 mds 之一,ID 是使用者名稱或守護程序的 ID
test@ceph-deploy:~/ceph-cluster$ ceph auth del client.tom updated
1.7 祕鑰環管理
ceph 的祕鑰環是一個儲存了 secrets、keys、certificates 並且能夠讓客戶端通認證訪問 ceph的 keyring file(集合檔案),一個 keyring file 可以儲存一個或者多個認證資訊,每一個 key 都有一個實體名稱加許可權,型別為:{client、mon、mds、osd}.name
1.71通過祕鑰環檔案備份與恢復使用者
使用 ceph auth add 等命令新增的使用者還需要額外使用 ceph-authtool 命令為其建立使用者祕鑰環檔案建立 keyring 檔案命令格式:
ceph-authtool --create-keyring FILE
1.71.1匯出使用者認證資訊至 keyring 檔案
將使用者資訊匯出至 keyring 檔案,對使用者資訊進行備份。#deploy節點 #建立使用者 test@ceph-deploy:~/ceph-cluster$ ceph auth get-or-create client.user1 mon 'allow r' osd 'allow * pool=mypool' [client.user1] key = AQB6WiphsylPERAALnVZ0wMPapQ0lb3ehDdrVA== #驗證使用者 test@ceph-deploy:~/ceph-cluster$ ceph auth get client.user1 [client.user1] key = AQB6WiphsylPERAALnVZ0wMPapQ0lb3ehDdrVA== caps mon = "allow r" caps osd = "allow * pool=mypool" exported keyring for client.user1 #建立keyring 檔案 test@ceph-deploy:~/ceph-cluster$ ceph-authtool --create-keyring ceph.client.user1.keyring creating ceph.client.user1.keyring #驗證 keyring 檔案 test@ceph-deploy:~/ceph-cluster$ cat ceph.client.user1.keyring test@ceph-deploy:~/ceph-cluster$ file ceph.client.user1.keyring ceph.client.user1.keyring: empty #空檔案 #匯出 keyring 至指定檔案 test@ceph-deploy:~/ceph-cluster$ ceph auth get client.user1 -o ceph.client.user1.keyring exported keyring for client.user1 #驗證指定使用者的 keyring 檔案 test@ceph-deploy:~/ceph-cluster$ cat ceph.client.user1.keyring [client.user1] key = AQB6WiphsylPERAALnVZ0wMPapQ0lb3ehDdrVA== caps mon = "allow r" caps osd = "allow * pool=mypool"
1.71.2從 keyring 檔案恢復使用者認證資訊
可以使用 ceph auth import -i 指定 keyring 檔案並匯入到 ceph,起到使用者備份和恢復的作用#驗證使用者 test@ceph-deploy:~/ceph-cluster$ cat ceph.client.user1.keyring [client.user1] key = AQB6WiphsylPERAALnVZ0wMPapQ0lb3ehDdrVA== caps mon = "allow r" caps osd = "allow * pool=mypool" #模擬誤刪使用者 test@ceph-deploy:~/ceph-cluster$ ceph auth del client.user1 updated #驗證使用者 test@ceph-deploy:~/ceph-cluster$ ceph auth get client.user1 Error ENOENT: failed to find client.user1 in keyring #匯入使用者 keyring test@ceph-deploy:~/ceph-cluster$ ceph auth import -i ceph.client.user1.keyring imported keyring #驗證使用者 test@ceph-deploy:~/ceph-cluster$ ceph auth get client.user1 [client.user1] key = AQB6WiphsylPERAALnVZ0wMPapQ0lb3ehDdrVA== caps mon = "allow r" caps osd = "allow * pool=mypool" exported keyring for client.user1
1.72祕鑰環檔案多使用者
一個 keyring 檔案中可以包含多個不同使用者的認證檔案 1.72.1將多使用者匯出至祕鑰環#建立空的keyring 檔案 test@ceph-deploy:~/ceph-cluster$ ceph-authtool --create-keyring ceph.client.user.keyring creating ceph.client.user.keyring #把指定的 admin 使用者的 keyring 檔案內容匯入到 user 使用者的 keyring 檔案 test@ceph-deploy:~/ceph-cluster$ ceph-authtool ./ceph.client.user.keyring --import-keyring ./ceph.client.admin.keyring importing contents of ./ceph.client.admin.keyring into ./ceph.client.user.keyring #驗證 keyring 檔案 test@ceph-deploy:~/ceph-cluster$ ceph-authtool -l ./ceph.client.user.keyring [client.admin] key = AQD55h9h5ICUJBAAfk/2gBzkwU+G8bfqY023Yg== caps mds = "allow *" caps mgr = "allow *" caps mon = "allow *" caps osd = "allow *" #再匯入一個其他使用者的 keyring test@ceph-deploy:~/ceph-cluster$ ceph-authtool ./ceph.client.user.keyring --import-keyring ./ceph.client.user1.keyring importing contents of ./ceph.client.user1.keyring into ./ceph.client.user.keyring #驗證 keyring 檔案是否包含多個使用者的認證資訊 test@ceph-deploy:~/ceph-cluster$ ceph-authtool -l ./ceph.client.user.keyring [client.admin] key = AQD55h9h5ICUJBAAfk/2gBzkwU+G8bfqY023Yg== caps mds = "allow *" caps mgr = "allow *" caps mon = "allow *" caps osd = "allow *" [client.user1] key = AQB6WiphsylPERAALnVZ0wMPapQ0lb3ehDdrVA== caps mon = "allow r" caps osd = "allow * pool=mypool"二:Ceph RBD 使用 2.1 RBD簡介 Ceph 可以同時提供物件儲存 RADOSGW、塊儲存 RBD、檔案系統儲存 Ceph FS,RBD 即 RADOSBlock Device 的簡稱,RBD 塊儲存是常用的儲存型別之一,RBD 塊裝置類似磁碟可以被掛載,RBD 塊裝置具有快照、多副本、克隆和一致性等特性,資料以條帶化的方式儲存在 Ceph 叢集的多個 OSD 中。 2.2建立儲存池
#deploy節點 #建立儲存池 test@ceph-deploy:~/ceph-cluster$ ceph osd pool create rbd-data1 32 32 pool 'rbd-data1' created #驗證儲存池 test@ceph-deploy:~/ceph-cluster$ ceph osd pool ls device_health_metrics mypool myrbd1 .rgw.root default.rgw.log default.rgw.control default.rgw.meta cephfs-metadata cephfs-data rbd-data1 #在儲存池啟用 rbd test@ceph-deploy:~/ceph-cluster$ ceph osd pool application enable -h osd pool application enable <pool> <app> [--yes-i-really-mean-it] test@ceph-deploy:~/ceph-cluster$ ceph osd pool application enable rbd-data1 rbd enabled application 'rbd' on pool 'rbd-data1' #初始化RBD test@ceph-deploy:~/ceph-cluster$ rbd pool init -p rbd-data1
2.3建立 img 映象
rbd 儲存池並不能直接用於塊裝置,而是需要事先在其中按需建立映像(image),並把映像檔案作為塊裝置使用。rbd 命令可用於建立、檢視及刪除塊裝置相在的映像(image),以及克隆映像、建立快照、將映像回滾到快照和檢視快照等管理操作。
2.31建立映象#deploy節點 #建立2個映象 test@ceph-deploy:~/ceph-cluster$ rbd create data-img1 --size 3G --pool rbd-data1 --image-format 2 --image-feature layering test@ceph-deploy:~/ceph-cluster$ rbd create data-img2 --size 5G --pool rbd-data1 --image-format 2 --image-feature layering #驗證映象 test@ceph-deploy:~/ceph-cluster$ rbd ls --pool rbd-data1 data-img1 data-img2 #檢視映象資訊 test@ceph-deploy:~/ceph-cluster$ rbd ls --pool rbd-data1 -l NAME SIZE PARENT FMT PROT LOCK data-img1 3 GiB 2 data-img2 5 GiB 2
2.32檢視映象詳細資訊
#deploy節點 #檢視data-img2的詳細資訊 test@ceph-deploy:~/ceph-cluster$ rbd --image data-img2 --pool rbd-data1 info rbd image 'data-img2': size 5 GiB in 1280 objects order 22 (4 MiB objects) snapshot_count: 0 id: 12468e5b9a04b block_name_prefix: rbd_data.12468e5b9a04b format: 2 features: layering op_features: flags: create_timestamp: Sun Aug 29 00:08:51 2021 access_timestamp: Sun Aug 29 00:08:51 2021 modify_timestamp: Sun Aug 29 00:08:51 2021 #檢視data-img1的詳細資訊 test@ceph-deploy:~/ceph-cluster$ rbd --image data-img1 --pool rbd-data1 info rbd image 'data-img1': size 3 GiB in 768 objects order 22 (4 MiB objects) snapshot_count: 0 id: 1245f7ae95595 block_name_prefix: rbd_data.1245f7ae95595 format: 2 features: layering op_features: flags: create_timestamp: Sun Aug 29 00:08:41 2021 access_timestamp: Sun Aug 29 00:08:41 2021 modify_timestamp: Sun Aug 29 00:08:41 2021
2.33以 json 格式顯示映象資訊
#deploy節點 test@ceph-deploy:~/ceph-cluster$ rbd ls --pool rbd-data1 -l --format json --pretty-format [ { "image": "data-img1", "id": "1245f7ae95595", "size": 3221225472, "format": 2 }, { "image": "data-img2", "id": "12468e5b9a04b", "size": 5368709120, "format": 2 } ]2.34映象特性的啟用
#deploy節點 test@ceph-deploy:~/ceph-cluster$ rbd feature enable exclusive-lock --pool rbd-data1 --image data-img1 test@ceph-deploy:~/ceph-cluster$ rbd feature enable object-map --pool rbd-data1 --image data-img1 test@ceph-deploy:~/ceph-cluster$ rbd feature enable fast-diff --pool rbd-data1 --image data-img1 #驗證映象特性 test@ceph-deploy:~/ceph-cluster$ rbd --image data-img1 --pool rbd-data1 info rbd image 'data-img1': size 3 GiB in 768 objects order 22 (4 MiB objects) snapshot_count: 0 id: 1245f7ae95595 block_name_prefix: rbd_data.1245f7ae95595 format: 2 features: layering, exclusive-lock, object-map, fast-diff op_features: flags: object map invalid, fast diff invalid create_timestamp: Sun Aug 29 00:08:41 2021 access_timestamp: Sun Aug 29 00:08:41 2021 modify_timestamp: Sun Aug 29 00:08:41 20212.35映象特性的禁用
#deploy節點 test@ceph-deploy:~/ceph-cluster$ rbd feature disable fast-diff --pool rbd-data1 --image data-img1 test@ceph-deploy:~/ceph-cluster$ rbd --image data-img1 --pool rbd-data1 info rbd image 'data-img1': size 3 GiB in 768 objects order 22 (4 MiB objects) snapshot_count: 0 id: 1245f7ae95595 block_name_prefix: rbd_data.1245f7ae95595 format: 2 features: layering, exclusive-lock #少了一個fast-diff 特性 op_features: flags: create_timestamp: Sun Aug 29 00:08:41 2021 access_timestamp: Sun Aug 29 00:08:41 2021 modify_timestamp: Sun Aug 29 00:08:41 2021
2.4配置客戶端使用 RBD
在 ubuntu 客戶端掛載 RBD,並分別使用 admin 及普通使用者掛載 RBD 並驗證使用 2.41 客戶端配置源wget -q -O- 'https://download.ceph.com/keys/release.asc' | sudo apt-key add - cat > /etc/apt/sources.list <<EOF # 預設註釋了原始碼映象以提高 apt update 速度,如有需要可自行取消註釋 deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse EOF sudo echo "deb https://mirrors.tuna.tsinghua.edu.cn/ceph/debian-pacific bionic main" >> /etc/apt/sources.list apt update
2.42客戶端安裝 ceph-common
#client節點 root@ubuntu:~# apt install ceph-common
2.43客戶端使用 admin 賬戶掛載並使用 RBD
從部署伺服器同步認證檔案#deploy節點
test@ceph-deploy:~/ceph-cluster$ scp ceph.conf ceph.client.admin.keyring [email protected]:/etc/ceph/
2.43.1 客戶端對映映象
#client節點 root@ubuntu:~# rbd -p rbd-data1 map data-img1 /dev/rbd0 root@ubuntu:~# rbd -p rbd-data1 map data-img2 /dev/rbd1
2.43.2 客戶端驗證映象
#client節點 root@ubuntu:~# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 20G 0 disk └─sda1 8:1 0 20G 0 part / sr0 11:0 1 1024M 0 rom rbd0 252:0 0 3G 0 disk rbd1 252:16 0 5G 0 disk
2.43.3客戶端格式化磁碟並掛載使用
#client節點 #客戶端格式化 rbd root@ubuntu:~# mkfs.xfs /dev/rbd0 meta-data=/dev/rbd0 isize=512 agcount=9, agsize=97280 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=1, sparse=0, rmapbt=0, reflink=0 data = bsize=4096 blocks=786432, imaxpct=25 = sunit=1024 swidth=1024 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal log bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=8 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 root@ubuntu:~# mkfs.xfs /dev/rbd1 meta-data=/dev/rbd1 isize=512 agcount=9, agsize=162816 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=1, sparse=0, rmapbt=0, reflink=0 data = bsize=4096 blocks=1310720, imaxpct=25 = sunit=1024 swidth=1024 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal log bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=8 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 #掛載 root@ubuntu:~# mkdir /data /data1 -p root@ubuntu:~# mount /dev/rbd0 /data root@ubuntu:~# mount /dev/rbd1 /data1 root@ubuntu:~# df -TH Filesystem Type Size Used Avail Use% Mounted on udev devtmpfs 1.1G 0 1.1G 0% /dev tmpfs tmpfs 207M 7.0M 200M 4% /run /dev/sda1 ext4 22G 3.0G 17G 15% / tmpfs tmpfs 1.1G 0 1.1G 0% /dev/shm tmpfs tmpfs 5.3M 0 5.3M 0% /run/lock tmpfs tmpfs 1.1G 0 1.1G 0% /sys/fs/cgroup tmpfs tmpfs 207M 0 207M 0% /run/user/1000 /dev/rbd0 xfs 3.3G 38M 3.2G 2% /data /dev/rbd1 xfs 5.4G 41M 5.4G 1% /data1
2.43.4客戶端驗證寫入資料
#client節點 root@ubuntu:~# sudo cp /var/log/syslog /data root@ubuntu:~# sudo cp /var/log/syslog /data1 root@ubuntu:~# df -h Filesystem Size Used Avail Use% Mounted on udev 964M 0 964M 0% /dev tmpfs 198M 6.7M 191M 4% /run /dev/sda1 20G 2.8G 16G 15% / tmpfs 986M 0 986M 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 986M 0 986M 0% /sys/fs/cgroup tmpfs 198M 0 198M 0% /run/user/1000 /dev/rbd0 3.0G 38M 3.0G 2% /data /dev/rbd1 5.0G 40M 5.0G 1% /data1
2.43.5驗證 rbd 資料
#client節點 root@ubuntu:~# ll /data total 1160 drwxr-xr-x 2 root root 20 Aug 28 09:42 ./ drwxr-xr-x 24 root root 4096 Aug 28 09:38 ../ -rw-r----- 1 root root 1181490 Aug 28 09:42 syslog root@ubuntu:~# ll /data1 total 1160 drwxr-xr-x 2 root root 20 Aug 28 09:43 ./ drwxr-xr-x 24 root root 4096 Aug 28 09:38 ../ -rw-r----- 1 root root 1181490 Aug 28 09:43 syslog
2.43.6檢視儲存池空間
#deploy節點 test@ceph-deploy:~/ceph-cluster$ ceph df --- RAW STORAGE --- CLASS SIZE AVAIL USED RAW USED %RAW USED hdd 240 GiB 239 GiB 861 MiB 861 MiB 0.35 TOTAL 240 GiB 239 GiB 861 MiB 861 MiB 0.35 --- POOLS --- POOL ID PGS STORED OBJECTS USED %USED MAX AVAIL device_health_metrics 1 1 0 B 0 0 B 0 76 GiB mypool 2 32 0 B 0 0 B 0 76 GiB myrbd1 3 64 12 MiB 18 35 MiB 0.02 76 GiB .rgw.root 4 32 1.3 KiB 4 48 KiB 0 76 GiB default.rgw.log 5 32 3.6 KiB 209 408 KiB 0 76 GiB default.rgw.control 6 32 0 B 8 0 B 0 76 GiB default.rgw.meta 7 8 0 B 0 0 B 0 76 GiB cephfs-metadata 8 32 56 KiB 22 254 KiB 0 76 GiB cephfs-data 9 64 121 MiB 31 363 MiB 0.16 76 GiB rbd-data1 10 32 23 MiB 32 69 MiB 0.03 76 GiB
2.44客戶端使用普通賬戶掛載並使用 RBD
測試客戶端使用普通賬戶掛載並使用 RBD 2.44.1建立普通賬戶並授權 (資源有限,使用了之前的虛擬機器,可以新建一臺client來做實驗)#deploy節點 #建立普通賬戶 test@ceph-deploy:~/ceph-cluster$ ceph auth add client.shijie mon 'allow r' osd 'allow rwx pool=rbd-data1' added key for client.shijie #驗證使用者資訊 test@ceph-deploy:~/ceph-cluster$ ceph auth get client.shijie [client.shijie] key = AQCAaCphzIAHMxAAddWTSYWGP6+lQuJV2OW/mQ== caps mon = "allow r" caps osd = "allow rwx pool=rbd-data1" exported keyring for client.shijie #建立 keyring 檔案 test@ceph-deploy:~/ceph-cluster$ ceph-authtool --create-keyring ceph.client.shijie.keyring creating ceph.client.shijie.keyring #匯出使用者 keyring test@ceph-deploy:~/ceph-cluster$ ceph auth get client.shijie -o ceph.client.shijie.keyring exported keyring for client.shijie2.44.2安裝 ceph 客戶端
#ceph-client root@ceph-client:~# wget -q -O- 'https://mirrors.tuna.tsinghua.edu.cn/ceph/keys/release.asc' | sudo apt-key add - root@ceph-client:~# vim /etc/apt/sources.list root@ceph-client:~# apt install ceph-common
2.44.3同步普通使用者認證檔案
#deploy節點 test@ceph-deploy:~/ceph-cluster$ scp ceph.conf ceph.client.admin.keyring [email protected]:/etc/ceph/
2.44.4在客戶端驗證許可權
#ceph-client root@ceph-client:~# ll /etc/ceph/ total 20 drwxr-xr-x 2 root root 4096 Aug 28 09:56 ./ drwxr-xr-x 81 root root 4096 Aug 28 09:51 ../ -rw-r--r-- 1 root root 125 Aug 28 09:47 ceph.client.shijie.keyring -rw-r--r-- 1 root root 261 Aug 20 10:11 ceph.conf -rw-r--r-- 1 root root 92 Jun 7 07:39 rbdmap #預設使用 admin 賬戶 root@ceph-client:~# # ceph --user shijie -s
2.44.5對映 rbd
#ceph-client節點 #對映 rbd root@ceph-client:~# rbd --user shijie -p rbd-data1 map data-img2 /dev/rbd2 #驗證rbd root@ceph-client:~# fdisk -l /dev/rbd0 Disk /dev/rbd0: 3 GiB, 3221225472 bytes, 6291456 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 4194304 bytes / 4194304 bytes
2.44.6格式化並使用 rbd 映象
#ceph-client節點 root@ceph-client:~# mkfs.ext4 /dev/rbd2 mke2fs 1.44.1 (24-Mar-2018) /dev/rbd2 contains a xfs file system Proceed anyway? (y,N) y Discarding device blocks: done Creating filesystem with 1310720 4k blocks and 327680 inodes Filesystem UUID: fb498e3f-e8cb-40dd-b10d-1e91e0bfbbed Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736 Allocating group tables: done Writing inode tables: done Creating journal (16384 blocks): done Writing superblocks and filesystem accounting information: done root@ceph-client:~# mkdir /data2 root@ceph-client:~# mount /dev/rbd2 /data2/ root@ceph-client:~# # cp /var/log/messages /data2/ root@ceph-client:~# ll /data2 total 24 drwxr-xr-x 3 root root 4096 Aug 28 10:00 ./ drwxr-xr-x 25 root root 4096 Aug 28 10:01 ../ drwx------ 2 root root 16384 Aug 28 10:00 lost+found/ root@ceph-client:~# df -TH Filesystem Type Size Used Avail Use% Mounted on udev devtmpfs 1.1G 0 1.1G 0% /dev tmpfs tmpfs 207M 7.0M 200M 4% /run /dev/sda1 ext4 22G 3.0G 17G 15% / tmpfs tmpfs 1.1G 0 1.1G 0% /dev/shm tmpfs tmpfs 5.3M 0 5.3M 0% /run/lock tmpfs tmpfs 1.1G 0 1.1G 0% /sys/fs/cgroup /dev/rbd0 xfs 3.3G 39M 3.2G 2% /data /dev/rbd1 xfs 5.4G 42M 5.4G 1% /data1 tmpfs tmpfs 207M 0 207M 0% /run/user/1000 /dev/rbd2 ext4 5.3G 21M 5.0G 1% /data2 #deploy節點 #管理端驗證映象狀態 test@ceph-deploy:~/ceph-cluster$ rbd ls -p rbd-data1 -l NAME SIZE PARENT FMT PROT LOCK data-img1 3 GiB 2 excl data-img2 5 GiB 2
2.44.7驗證 ceph 核心模組
掛載 rbd 之後系統核心會自動載入 libceph.ko 模組#client節點 root@ceph-client:~# lsmod|grep ceph libceph 315392 1 rbd libcrc32c 16384 2 xfs,libceph root@ceph-client:~# modinfo libceph filename: /lib/modules/4.15.0-112-generic/kernel/net/ceph/libceph.ko license: GPL description: Ceph core library author: Patience Warnick <[email protected]> author: Yehuda Sadeh <[email protected]> author: Sage Weil <[email protected]> srcversion: 899059C79545E4ADF47A464 depends: libcrc32c retpoline: Y intree: Y name: libceph vermagic: 4.15.0-112-generic SMP mod_unload signat: PKCS#7 signer: sig_key: sig_hashalgo: md4
2.44.8rbd 映象空間拉伸
#deploy節點 #當前 rbd 映象空間大小 test@ceph-deploy:~/ceph-cluster$ rbd ls -p rbd-data1 -l NAME SIZE PARENT FMT PROT LOCK data-img1 3 GiB 2 excl data-img2 5 GiB 2 #拉伸 rbd 映象空間 test@ceph-deploy:~/ceph-cluster$ rbd resize --pool rbd-data1 --image data-img2 --size 8G Resizing image: 100% complete...done. test@ceph-deploy:~/ceph-cluster$ rbd resize --pool rbd-data1 --image data-img1 --size 6G Resizing image: 100% complete...done. #驗證rgb資訊 test@ceph-deploy:~/ceph-cluster$ rbd ls -p rbd-data1 -l NAME SIZE PARENT FMT PROT LOCK data-img1 6 GiB 2 data-img2 8 GiB 2
2.44.9客戶端驗證映象空間
#client節點 root@ceph-client:~# fdisk -l /dev/rbd2 Disk /dev/rbd2: 8 GiB, 8589934592 bytes, 16777216 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 4194304 bytes / 4194304 bytes
2.44.10開機自動掛載
#client節點 root@ceph-client:~# cat /etc/fstab rbd --user shijie -p rbd-data1 map data-img2 mount /dev/rbd2 /data2/ root@ceph-client:~# chmod a+x /etc/fstab root@ceph-client:~# reboot #檢視對映 root@ceph-client:~# rbd showmapped id pool image snap device 0 rbd-data1 data-img2 - /dev/rbd2
2.44.11解除安裝 rbd 映象
#client節點
root@ceph-client:~# umount /data2
root@ceph-client:~# umount /data2 rbd --user shijie -p rbd-data1 unmap data-img2
2.44.12刪除 rbd 映象
刪除儲存池 rbd -data1 中的 data-img1 映象#deploy節點 test@ceph-deploy:~/ceph-cluster$ rbd rm --pool rbd-data1 --image data-img1 Removing image: 100% complete...done.
2.44.13rbd 映象回收站機制
刪除的映象資料無法恢復,但是還有另外一種方法可以先把映象移動到回收站,後期確認刪除的時候再從回收站刪除即可。#deploy節點 #檢視映象狀態 test@ceph-deploy:~/ceph-cluster$ rbd status --pool rbd-data1 --image data-img2 #將進行移動到回收站 test@ceph-deploy:~/ceph-cluster$ rbd trash move --pool rbd-data1 --image data-img2 #查看回收站的映象 test@ceph-deploy:~/ceph-cluster$ rbd trash list --pool rbd-data1 12468e5b9a04b data-img2 #從回收站刪除映象 如果映象不再使用,可以直接使用 trash remove 將其從回收站刪除 #還原映象 test@ceph-deploy:~/ceph-cluster$ rbd trash restore --pool rbd-data1 --image data-img2 --image-id 12468e5b9a04b #驗證映象 test@ceph-deploy:~/ceph-cluster$ rbd ls --pool rbd-data1 -l NAME SIZE PARENT FMT PROT LOCK data-img2 8 GiB 2
2.5映象快照
2.51 客戶端當前資料#client節點 root@ceph-client:~# ll /data2 total 24 drwxr-xr-x 3 root root 4096 Aug 28 10:00 ./ drwxr-xr-x 25 root root 4096 Aug 28 10:01 ../ drwx------ 2 root root 16384 Aug 28 10:00 lost+found/2.52建立並驗證快照
#deploy節點 #建立快照 test@ceph-deploy:~/ceph-cluster$ rbd snap create --pool rbd-data1 --image data-img2 --snap img2-snap-12468e5b9a04b Creating snap: 100% complete...done. #驗證快照 test@ceph-deploy:~/ceph-cluster$ rbd snap list --pool rbd-data1 --image data-img2 SNAPID NAME SIZE PROTECTED TIMESTAMP 4 img2-snap-12468e5b9a04b 8 GiB Sun Aug 29 01:41:32 2021
2.53刪除資料並還原快照
#客戶端刪除資料 root@ceph-client:~# rm -rf /data2/lost+found #驗證資料 root@ceph-client:~# ll /data2 total 8 drwxr-xr-x 2 root root 4096 Aug 28 10:01 ./ drwxr-xr-x 25 root root 4096 Aug 28 10:01 ../ #解除安裝 rbd root@ceph-client:~# umount /data2 root@ceph-client:~# rbd unmap /dev/rbd2 #回滾快照 #deploy節點 test@ceph-deploy:~/ceph-cluster$ rbd snap rollback --pool rbd-data1 --image data-img2 --snap img2-snap-12468e5b9a04b
2.54客戶端驗證資料
#client節點 #客戶端對映 rbd root@ceph-client:~# rbd --user shijie -p rbd-data1 map data-img2 #客戶端掛載 rbd root@ceph-client:~# mount /dev/rbd0 /data/ #客戶端驗證資料 root@ceph-client:~# ll /data/
2.55刪除快照
#deploy節點 test@ceph-deploy:~/ceph-cluster$ rbd snap remove --pool rbd-data1 --image data-img2 --snap img2-snap-12468e5b9a04b Removing snap: 100% complete...done. #驗證快照是否刪除 test@ceph-deploy:~/ceph-cluster$ rbd snap list --pool rbd-data1 --image data-img2
2.56 快照數量限制
#deploy節點 #設定與修改快照數量限制 test@ceph-deploy:~/ceph-cluster$ rbd snap limit set --pool rbd-data1 --image data-img2 --limit 30 #清除快照數量限制 test@ceph-deploy:~/ceph-cluster$ rbd snap limit clear --pool rbd-data1 --image data-img2
3 CephFS 使用
ceph FS 即 ceph filesystem,可以實現檔案系統共享功能,客戶端通過 ceph 協議掛載並使用 3.1部署 MDS 服務#mgr節點 test@ceph-mgr1:~$ apt-cache madison ceph-mds ceph-mds | 16.2.5-1bionic | https://mirrors.tuna.tsinghua.edu.cn/ceph/debian-pacific bionic/main amd64 Packages ceph-mds | 12.2.13-0ubuntu0.18.04.8 | https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-updates/universe amd64 Packages ceph-mds | 12.2.13-0ubuntu0.18.04.4 | https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-security/universe amd64 Packages ceph-mds | 12.2.4-0ubuntu1 | https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic/universe amd64 Packages test@ceph-mgr1:~$ sudo apt install ceph-mds3.2建立 CephFS metadata 和 data 儲存池 使用 CephFS 之前需要事先於叢集中建立一個檔案系統,併為其分別指定元資料和資料相關的儲存池
#deploy節點 test@ceph-deploy:~$ ceph osd pool create cephfs-metadata 32 32 test@ceph-deploy:~$ ceph osd pool create cephfs-data 64 64 test@ceph-deploy:~$ ceph -s cluster: id: 635d9577-7341-4085-90ff-cb584029a1ea health: HEALTH_OK services: mon: 3 daemons, quorum ceph-mon1,ceph-mon2,ceph-mon3 (age 7m) mgr: ceph-mgr2(active, since 6m), standbys: ceph-mgr1 mds: 1/1 daemons up osd: 12 osds: 12 up (since 6m), 12 in (since 39h) rgw: 1 daemon active (1 hosts, 1 zones) data: volumes: 1/1 healthy pools: 10 pools, 329 pgs objects: 328 objects, 213 MiB usage: 894 MiB used, 239 GiB / 240 GiB avail pgs: 329 active+clean
3.3建立 cephFS 並驗證
#deploy節點 test@ceph-deploy:~$ ceph fs new mycephfs cephfs-metadata cephfs-data test@ceph-deploy:~$ ceph fs ls name: mycephfs, metadata pool: cephfs-metadata, data pools: [cephfs-data ] test@ceph-deploy:~$ ceph fs status mycephfs mycephfs - 0 clients ======== RANK STATE MDS ACTIVITY DNS INOS DIRS CAPS 0 active ceph-mgr1 Reqs: 0 /s 12 15 12 0 POOL TYPE USED AVAIL cephfs-metadata metadata 247k 75.5G cephfs-data data 362M 75.5G MDS version: ceph version 16.2.5 (0883bdea7337b95e4b611c768c0279868462204a) pacific (stable)
3.4驗證 cepfFS 服務狀態
#deploy節點 test@ceph-deploy:~$ ceph mds stat mycephfs:1 {0=ceph-mgr1=up:active}
3.5建立客戶端賬戶
#deploy節點 #建立使用者 test@ceph-deploy:~/ceph-cluster$ ceph auth add client.yanyan mon 'allow r' mds 'allow rw' osd 'allow rwx pool=cephfs-data' added key for client.yanyan #驗證賬戶 test@ceph-deploy:~/ceph-cluster$ ceph auth get client.yanyan [client.yanyan] key = AQAhMCth/3d/HxAA7sMakmCr5tOFj8l2vmmaRA== caps mds = "allow rw" caps mon = "allow r" caps osd = "allow rwx pool=cephfs-data" exported keyring for client.yanyan #建立keyring 檔案 test@ceph-deploy:~/ceph-cluster$ ceph auth get client.yanyan -o ceph.client.yanyan.keyring exported keyring for client.yanyan #建立 key 檔案 test@ceph-deploy:~/ceph-cluster$ ceph auth print-key client.yanyan > yanyan.key #驗證使用者的 keyring 檔案 test@ceph-deploy:~/ceph-cluster$ cat ceph.client.yanyan.keyring [client.yanyan] key = AQAhMCth/3d/HxAA7sMakmCr5tOFj8l2vmmaRA== caps mds = "allow rw" caps mon = "allow r" caps osd = "allow rwx pool=cephfs-data"
3.6安裝 ceph 客戶端
#client節點 root@ceph-client:/etc/ceph# apt install ceph-common -y
3.7同步客戶端認證檔案
#deploy節點 test@ceph-deploy:~/ceph-cluster$ scp ceph.conf ceph.client.yanyan.keyring yanyan.key [email protected]:/etc/ceph/
3.8客戶端驗證許可權
#client節點 root@ceph-client2:/etc/ceph# ceph --user yanyan -s cluster: id: 635d9577-7341-4085-90ff-cb584029a1ea health: HEALTH_OK services: mon: 3 daemons, quorum ceph-mon1,ceph-mon2,ceph-mon3 (age 55m) mgr: ceph-mgr2(active, since 54m), standbys: ceph-mgr1 mds: 1/1 daemons up osd: 12 osds: 12 up (since 54m), 12 in (since 39h) rgw: 1 daemon active (1 hosts, 1 zones) data: volumes: 1/1 healthy pools: 10 pools, 329 pgs objects: 328 objects, 213 MiB usage: 895 MiB used, 239 GiB / 240 GiB avail pgs: 329 active+clean
3.9核心空間掛載 ceph-fs
客戶端掛載有兩種方式,一是核心空間一是使用者空間,核心空間掛載需要核心支援 ceph 模組,使用者空間掛載需要安裝 ceph-fuse 3.91客戶端通過 key 檔案掛載#deploy節點 root@ceph-client2:~# mount -t ceph 10.0.0.101:6789,10.0.0.102:6789,10.0.0.103:6789:/ /data -o name=yanyan,secretfile=/etc/ceph/yanyan.key root@ceph-client2:~# df -h Filesystem Size Used Avail Use% Mounted on udev 964M 0 964M 0% /dev tmpfs 198M 6.6M 191M 4% /run /dev/sda1 20G 2.8G 16G 16% / tmpfs 986M 0 986M 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 986M 0 986M 0% /sys/fs/cgroup tmpfs 198M 0 198M 0% /run/user/1000 10.0.0.101:6789,10.0.0.102:6789,10.0.0.103:6789:/ 76G 120M 76G 1% /data #驗證寫入資料 root@ceph-client2:~# cp /var/log/syslog /data/ root@ceph-client2:~# dd if=/dev/zero of=/data/testfile bs=1M count=100 100+0 records in 100+0 records out 104857600 bytes (105 MB, 100 MiB) copied, 0.0415206 s, 2.5 GB/s
3.92客戶端通過 key 掛載
#client節點 root@ceph-client2:~# tail /etc/ceph/yanyan.key AQAhMCth/3d/HxAA7sMakmCr5tOFj8l2vmmaRA== root@ceph-client2:~# umount /data/ root@ceph-client2:~# mount -t ceph 10.0.0.101:6789,10.0.0.102:6789,10.0.0.103:6789:/ /data -o name=yanyan,secret=AQAhMCth/3d/HxAA7sMakmCr5tOFj8l2vmmaRA== root@ceph-client2:~# df -h Filesystem Size Used Avail Use% Mounted on udev 964M 0 964M 0% /dev tmpfs 198M 6.6M 191M 4% /run /dev/sda1 20G 2.8G 16G 16% / tmpfs 986M 0 986M 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 986M 0 986M 0% /sys/fs/cgroup tmpfs 198M 0 198M 0% /run/user/1000 10.0.0.101:6789,10.0.0.102:6789,10.0.0.103:6789:/ 76G 220M 76G 1% /data #測試寫入資料 root@ceph-client2:~# cp /var/log/syslog /data/ #檢視掛載點狀態 root@ceph-client2:~# stat -f /data/ File: "/data/" ID: 2f5ea2f36fe16833 Namelen: 255 Type: ceph Block size: 4194304 Fundamental block size: 4194304 Blocks: Total: 19319 Free: 19264 Available: 19264 Inodes: Total: 56 Free: -1
3.93開機掛載
#client節點 root@ceph-client2:~# cat /etc/fstab 10.0.0.101:6789,10.0.0.102:6789,10.0.0.103:6789:/ /data ceph defaults,name=yanyan,secretfile=/etc/ceph/yanyan.key,_netdev 0 0 root@ceph-client2:~# mount -a3.94客戶端模組 客戶端核心載入 ceph.ko 模組掛載 cephfs 檔案系統
#client節點 root@ceph-client2:~# lsmod|grep ceph ceph 376832 1 libceph 315392 1 ceph libcrc32c 16384 1 libceph fscache 65536 1 ceph root@ceph-client2:~# madinfo ceph
3.10ceph mds 高可用
Ceph mds(etadata service)作為 ceph 的訪問入口,需要實現高效能及資料備份,假設啟動 4個 MDS 程序,設定 2 個 Rank。這時候有 2 個 MDS 程序會分配給兩個 Rank,還剩下 2 個 MDS程序分別作為另外個的備份。 3.10.1當前 mds 伺服器狀態#deploy節點 test@ceph-deploy:~/ceph-cluster$ ceph mds stat mycephfs:1 {0=ceph-mgr1=up:active}
3.10.2新增 MDS 伺服器
將 ceph-mgr2 和 ceph-mon2 和 ceph-mon3 作為 mds 服務角色新增至 ceph 叢集,最後實兩主兩備的 mds 高可用和高效能結構。#mds 伺服器安裝 ceph-mds 服務 test@ceph-mgr2:~$ sudo apt install ceph-mds -y test@ceph-mon2:~$ sudo apt install ceph-mds -y test@ceph-mon3:~$ sudo apt install ceph-mds -y #新增 mds 伺服器 test@ceph-deploy:~/ceph-cluster$ ceph-deploy mds create ceph-mgr2 test@ceph-deploy:~/ceph-cluster$ ceph-deploy mds create ceph-mon2 test@ceph-deploy:~/ceph-cluster$ ceph-deploy mds create ceph-mon3 #驗證 mds 伺服器當前狀態: test@ceph-deploy:~/ceph-cluster$ ceph mds stat mycephfs:1 {0=ceph-mgr1=up:active} 3 up:standby
3.10.3驗證 ceph 叢集當前狀態
當前處於啟用狀態的 mds 伺服器有一臺,處於備份狀態的 mds 伺服器有三臺#deploy節點 test@ceph-deploy:~/ceph-cluster$ ceph fs status mycephfs - 1 clients ======== RANK STATE MDS ACTIVITY DNS INOS DIRS CAPS 0 active ceph-mgr1 Reqs: 0 /s 13 16 12 2 POOL TYPE USED AVAIL cephfs-metadata metadata 379k 75.2G cephfs-data data 663M 75.2G STANDBY MDS ceph-mon2 ceph-mgr2 ceph-mon3 MDS version: ceph version 16.2.5 (0883bdea7337b95e4b611c768c0279868462204a) pacific (stable)
3.10.4當前的檔案系統狀態
#deploy節點 test@ceph-deploy:~/ceph-cluster$ ceph fs get mycephfs Filesystem 'mycephfs' (1) fs_name mycephfs epoch 37 flags 12 created 2021-08-27T11:06:31.193582+0800 modified 2021-08-29T14:48:37.814878+0800 tableserver 0 root 0 session_timeout 60 session_autoclose 300 max_file_size 1099511627776 required_client_features {} last_failure 0 last_failure_osd_epoch 551 compat compat={},rocompat={},incompat={1=base v0.20,2=client writeable ranges,3=default file layouts on dirs,4=dir inode in separate object,5=mds uses versioned encoding,6=dirfrag is stored in omap,8=no anchor table,9=file layout v2,10=snaprealm v2} max_mds 1 in 0 up {0=84172} failed damaged stopped data_pools [9] metadata_pool 8 inline_data disabled balancer standby_count_wanted 1 [mds.ceph-mgr1{0:84172} state up:active seq 7 addr [v2:10.0.0.104:6800/3031657167,v1:10.0.0.104:6801/3031657167]]
3.10.5設定處於啟用狀態 mds 的數量
目前有四個 mds 伺服器,但是有一個主三個備,可以優化一下部署架構,設定為為兩主兩備#deploy節點 test@ceph-deploy:~/ceph-cluster$ ceph fs set mycephfs max_mds 2#設定同時活躍的主 mds 最大值為 2 test@ceph-deploy:~/ceph-cluster$ ceph fs status mycephfs - 1 clients ======== RANK STATE MDS ACTIVITY DNS INOS DIRS CAPS 0 active ceph-mgr1 Reqs: 0 /s 13 16 12 2 1 active ceph-mon3 Reqs: 0 /s 10 13 11 0 POOL TYPE USED AVAIL cephfs-metadata metadata 451k 75.2G cephfs-data data 663M 75.2G STANDBY MDS ceph-mon2 ceph-mgr2 MDS version: ceph version 16.2.5 (0883bdea7337b95e4b611c768c0279868462204a) pacific (stable)
3.10.6MDS 高可用優化
目前的狀態是 ceph-mgr1 和 ceph-mon2 分別是 active 狀態,ceph-mon3 和 ceph-mgr2 分別處於 standby 狀態,現在可以將 ceph-mgr2 設定為 ceph-mgr1 的 standby,將 ceph-mon3 設定為 ceph-mon2 的 standby,以實現每個主都有一個固定備份角色的結構,#deploy節點 test@ceph-deploy:~/ceph-cluster$ cat ceph.conf [global] fsid = 635d9577-7341-4085-90ff-cb584029a1ea public_network = 10.0.0.0/24 cluster_network = 192.168.133.0/24 mon_initial_members = ceph-mon1 mon_host = 10.0.0.101 auth_cluster_required = cephx auth_service_required = cephx auth_client_required = cephx mon clock drift allowed = 2 mon clock drift warn backoff = 30 [mds.ceph-mgr2] #mds_standby_for_fscid = mycephfs mds_standby_for_name = ceph-mgr1 mds_standby_replay = true [mds.ceph-mon3] mds_standby_for_name = ceph-mon2 mds_standby_replay = true
3.10.7分發配置檔案並重啟 mds 服務
#deploy節點 #分發配置檔案保證各 mds 服務重啟有效 test@ceph-deploy:~/ceph-cluster$ ceph-deploy --overwrite-conf config push ceph-mon3 test@ceph-deploy:~/ceph-cluster$ ceph-deploy --overwrite-conf config push ceph-mon2 test@ceph-deploy:~/ceph-cluster$ ceph-deploy --overwrite-conf config push ceph-mgr1 test@ceph-deploy:~/ceph-cluster$ ceph-deploy --overwrite-conf config push ceph-mgr2 test@ceph-mon2:~$ sudo systemctl restart ceph-mds@ceph-mon2.service test@ceph-mon3:~$ sudo systemctl restart ceph-mds@ceph-mon3.service test@ceph-mgr1:~$ sudo systemctl restart ceph-mds@ceph-mgr1.service test@ceph-mgr2:~$ sudo systemctl restart [email protected]
3.10.8ceph 叢集 mds 高可用狀態
#deploy節點 test@ceph-deploy:~/ceph-cluster$ ceph fs status mycephfs - 1 clients ======== RANK STATE MDS ACTIVITY DNS INOS DIRS CAPS 0 active ceph-mgr2 Reqs: 0 /s 13 16 12 1 1 active ceph-mon2 Reqs: 0 /s 10 13 11 0 POOL TYPE USED AVAIL cephfs-metadata metadata 451k 75.2G cephfs-data data 663M 75.2G STANDBY MDS ceph-mon3 ceph-mgr1 MDS version: ceph version 16.2.5 (0883bdea7337b95e4b611c768c0279868462204a) pacific (stable) #檢視 active 和 standby 對應關係 test@ceph-deploy:~/ceph-cluster$ ceph fs get mycephfs Filesystem 'mycephfs' (1) fs_name mycephfs epoch 67 flags 12 created 2021-08-27T11:06:31.193582+0800 modified 2021-08-29T16:34:16.305266+0800 tableserver 0 root 0 session_timeout 60 session_autoclose 300 max_file_size 1099511627776 required_client_features {} last_failure 0 last_failure_osd_epoch 557 compat compat={},rocompat={},incompat={1=base v0.20,2=client writeable ranges,3=default file layouts on dirs,4=dir inode in separate object,5=mds uses versioned encoding,6=dirfrag is stored in omap,8=no anchor table,9=file layout v2,10=snaprealm v2} max_mds 2 in 0,1 up {0=84753,1=84331} failed damaged stopped data_pools [9] metadata_pool 8 inline_data disabled balancer standby_count_wanted 1 [mds.ceph-mgr2{0:84753} state up:active seq 7 addr [v2:10.0.0.105:6802/2338760756,v1:10.0.0.105:6803/2338760756]] [mds.ceph-mon2{1:84331} state up:active seq 14 addr [v2:10.0.0.102:6800/3841027813,v1:10.0.0.102:6801/3841027813]]
3.11通過 ganesha 將 cephfs 匯出為 NFS
通過 ganesha 將 cephfs 通過 NFS 協議共享使用 3.11.1服務端配置#mgr1節點 test@ceph-mgr1:~$ sudo apt install nfs-ganesha-ceph test@ceph-mgr1:~$ cd /etc/ganesha/ test@ceph-mgr1:/etc/ganesha$ cat /etc/ganesha/ganesha.conf NFS_CORE_PARAM { #disable NLM Enable_NLM = false; # disable RQUOTA (not suported on CephFS) Enable_RQUOTA = false; # NFS protocol Protocols = 4; } EXPORT_DEFAULTS { # default access mode Access_Type = RW; } EXPORT { # uniq ID Export_Id = 1; # mount path of CephFS Path = "/"; FSAL { name = CEPH; # hostname or IP address of this Node hostname="10.0.0.104"; } # setting for root Squash Squash="No_root_squash"; # NFSv4 Pseudo path Pseudo="/test"; # allowed security options SecType = "sys"; } LOG { # default log level Default_Log_Level = WARN; } test@ceph-mgr1:/etc/ganesha$ sudo systemctl restart nfs-ganesha