2、ceph安装部署

一、硬件

monitor:16c 16g  200g
mgr:16c 16g  200g,如果启用对象存储RGW,配置翻倍
osd:16c 16g  ssd 万兆网卡

二、ceph存储部署

部署环境
主机名 os 配置 public网络 cluster网络 role
node1 Ubuntu 22.04.1 2c2g 192.168.42.140 172.16.1.1 mon,mgr,radosgw,osd,/dev/nvme0n1
node2 Ubuntu 22.04.1 2c2g 192.168.42.141 172.16.1.2 osd,mds,/dev/nvme0n1
node3 Ubuntu 22.04.1 2c2g 192.168.42.142 172.16.1.3 osd,/dev/nvme0n1,/dev/nvme0n2

 1、环境准备

配置网络
更改源
设置允许root用户登录
配置主机名解析
root@node1:~# vim /etc/hosts
# 添加
192.168.42.140    node1
192.168.42.141    node2
192.168.42.142    node3
配置时钟同步
echo "*/30 * * * * root /usr/sbin/ntpdate time1.aliyun.com" >> /etc/crontab
配置免密登录
root@node1:~# ssh-keygen
root@node1:~$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
root@node1:~$ vi ~/.ssh/config
添加:
Host *
StrictHostKeyChecking no
# 修改文件权限
root@node1:~$ chmod 600  ~/.ssh/config
# 将密钥复制到其他主机的root用户目录下
root@node1:~$ scp -r /root/.ssh node1:/root/
root@node1:~$ scp -r /root/.ssh node2:/root/
# 测试
root@node1:~$ ssh node1
root@node1:~$ ssh node2
root@node1:~$ ssh node3
内核参数优化
root@node1:~$ vi /etc/sysctl.conf
添加:
fs.file-max = 10000000000
fs.nr_open = 1000000000
 
root@node1:~$ vi /etc/security/limits.conf
添加:
* soft nproc 102400
* hard nproc 104800
* soft nofile 102400
* hard nofile 104800
root soft nproc 102400
root hard nproc 104800
root soft nofile 102400
root hard nofile 104800
# 将这两个修改过的文件拷贝到其他节点
root@node1:~$ scp /etc/sysctl.conf node1:/etc/
root@node1:~$ scp /etc/sysctl.conf node2:/etc/
root@node1:~$ scp /etc/security/limits.conf node1:/etc/security/
root@node1:~$ scp /etc/security/limits.conf node2:/etc/security/
# 在三台虚拟机上分别执行以下命令,让内核参数生效,并重启
root@node1:~$ sysctl -p
root@node1:~$ reboot

2、ceph软件安装 (三台主机均需执行,各节点需保证ceph版本一致)

root@node1:~# wget -q -O- 'https://download.ceph.com/keys/release.asc' | sudo apt-key add -
root@node1:~# echo deb https://download.ceph.com/debian-pacific/ $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/ceph.list
root@node1:~# vi /etc/apt/sources.list.d/ceph.list
deb https://mirrors.tuna.tsinghua.edu.cn/ceph/debian-pacific/ focal main
root@node1:~# cp /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d
root@node1:~# apt update
root@node1:~# apt -y install ceph
root@node1:~# ceph -v
ceph version 17.2.6 (d7ff0d10654d2280e08f1ab989c7cdf3064446a5) quincy (stable)

3、创建并配置mon

# 给集群生成一个唯一 ID
root@node1:~# uuidgen  
0f342ec2-6119-4261-b65a-0833732b12cb
创建配置文件
root@node1:~# vi /etc/ceph/ceph.conf
[global]
fsid = 0f342ec2-6119-4261-b65a-0833732b12cb
mon_initial_members = node1
mon host = 192.168.42.140
public network = 192.168.42.0/24
cluster network = 172.16.1.0/24
auth cluster required = cephx
auth service required = cephx
auth client required = cephx
osd journal size = 1024
osd pool default size = 3
osd pool default min size = 2
osd pool default pg num = 16
osd pool default pgp num = 16
osd crush chooseleaf type = 1
# 为集群生成一个 mon 密钥环
root@node1:~# ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'
creating /tmp/ceph.mon.keyring
# 为集群生成一个 mgr 密钥环
root@node1:~# ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'
# 为集群生成一个bootstrap-osd密钥环
root@node1:~# ceph-authtool --create-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring --gen-key -n client.bootstrap-osd --cap mon 'profile bootstrap-osd' --cap mgr 'allow r'
# 将生成的密钥环导入
root@node1:~# ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring
root@node1:~# ceph-authtool /tmp/ceph.mon.keyring --import-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring
#修改权限
root@node1:~# sudo chown ceph:ceph /tmp/ceph.mon.keyring
# 生成监视图,保存到/tmp/monmap
root@node1:~# monmaptool --create --add node1 192.168.42.140 --fsid 0f342ec2-6119-4261-b65a-0833732b12cb /tmp/monmap
#创建节点mon目录
root@node1:~# sudo -u ceph mkdir /var/lib/ceph/mon/ceph-node1
# 初始化
root@node1:~# sudo -u ceph ceph-mon --mkfs -i node1 --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring
# 启动服务并查看状态
root@node1:~# sudo systemctl start ceph-mon@node1    
root@node1:~# sudo systemctl enable ceph-mon@node1
root@node1:~# sudo systemctl status ceph-mon@node1
#查看集群状态
root@node1:~# ceph -s
root@node1:~# ceph health detail
消除告警:
root@node1:~# ceph config set mon auth_allow_insecure_global_id_reclaim false  #禁用不安全模式
root@node1:~# ceph mon enable-msgr2

4、ceph-mon高可用,节点数应为奇数(1,3,5,7...)

ceph-mon@node2:
#修改配置文件,把新的mon加进去,只写node1的话,node1 down了之后ceph命令就执行不了。
root@node1:~# vim /etc/ceph/ceph.conf
mon_initial_members = node1,node2,node3
mon host = 192.168.42.140,192.168.42.141,192.168.42.142
root@node1:~# scp /etc/ceph/ceph.conf node2:/etc/ceph/
root@node2:~# sudo -u ceph mkdir /var/lib/ceph/mon/ceph-node2
#在临时目录获取监视器密钥环
root@node2:~# ceph auth get mon. -o /tmp/ceph.mon.keyring
#获取监视器运行图
root@node2:~# ceph mon getmap -o /tmp/ceph.mon.map
got monmap epoch 2
root@node2:~#  chown ceph.ceph /tmp/ceph.mon.keyring
#初始化mon
root@node2:~# sudo -u ceph ceph-mon --mkfs -i node2 --monmap /tmp/ceph.mon.map --keyring /tmp/ceph.mon.keyring
# 启动服务,它会自动加入集群
root@node2:~# systemctl start ceph-mon@node2
root@node2:~# systemctl enable ceph-mon@node2
root@node2:~# systemctl status ceph-mon@node2
 
ceph-mon@node3:
root@node1:~# scp /etc/ceph/ceph.conf node2:/etc/ceph/
root@node1:~# scp /etc/ceph/ceph.client.admin.keyring node3:/etc/ceph/
root@node3:~# ceph auth get mon. -o /tmp/ceph.mon.keyring
root@node3:~# ceph mon getmap -o /tmp/ceph.mon.map
got monmap epoch 3
root@node3:~# chown ceph.ceph /tmp/ceph.mon.keyring
root@node3:~# sudo -u ceph ceph-mon --mkfs -i node3 --monmap /tmp/ceph.mon.map --keyring /tmp/ceph.mon.keyring
root@node3:~# systemctl enable ceph-mon@node3
root@node3:~# systemctl start ceph-mon@node3
root@node3:~#  systemctl status ceph-mon@node3

 
测试高可用
root@node1:~# systemctl stop ceph-mon@node1

4、添加mgr

root@node1:~# ceph auth get-or-create mgr.node1 mon 'allow profile mgr' osd 'allow *' mds 'allow *'  
[mgr.node1]
        key = AQC4TYBlJROvDBAAxPV1uK8dEilotSub/whl5Q==
# 创建 mgr 节点目录
root@node1:~# sudo -u ceph mkdir /var/lib/ceph/mgr/ceph-node1/
# 将 mgr 节点密钥环输出到 mgr 节点目录下
root@node1:~# ceph auth get mgr.node1 -o /var/lib/ceph/mgr/ceph-node1/keyring
# 启动服务
root@node1:~# systemctl start ceph-mgr@node1
root@node1:~# systemctl enable ceph-mgr@node1
root@node1:~# systemctl status ceph-mgr@node1
# 查看集群验证
root@node1:~# ceph -s

5、添加osd

# 密钥环从初始 mon 节点拷贝到其他节点相同目录下
root@node1:~# scp  /var/lib/ceph/bootstrap-osd/ceph.keyring node2:/var/lib/ceph/bootstrap-osd/
root@node1:~# scp  /var/lib/ceph/bootstrap-osd/ceph.keyring node3:/var/lib/ceph/bootstrap-osd/
 
root@node1:~# scp /etc/ceph/ceph.conf  node2:/etc/ceph/
root@node1:~# scp /etc/ceph/ceph.conf  node3:/etc/ceph/
# 在node1添加osd
root@node1:~# ceph-volume lvm create --data /dev/nvme0n1
root@node1:~# systemctl status ceph-osd@0  # 无需手动启动
# 在node2添加osd
root@node2:~# ceph-volume lvm create --data /dev/nvme0n1
root@node2:~# systemctl status ceph-osd@1
# 在node3添加osd
root@node3:~# ceph-volume lvm create --data /dev/nvme0n1
root@node3:~# systemctl status ceph-osd@2
# 查看主机和osd的对应关系
root@node1:~# ceph osd tree
# 查看mypool这个pool的pg分布
root@node1:~# ceph pg ls-by-pool mypool
root@node1:~# ceph pg ls-by-pool mypool | awk '{print $1,$2,$15}'
在实际应用中,ceph 主要用来提供块存储,目前已基本安装就绪。

6、启用dashboard(可选)

root@node1:~# apt install ceph-mgr-dashboard
root@node1:~# ceph mgr module enable dashboard
root@node1:~# ceph mgr module ls | grep board
# 自创建安装证书或关闭ssl( ceph config set mgr mgr/dashboard/ssl false)
root@node0:~$ ceph dashboard create-self-signed-cert
root@node0:~$ openssl req -new -nodes -x509 -subj "/O=IT/CN=ceph-mgr-dashboard" -days 3650 -keyout dashboard.key -out dashboard.crt -extensions v3_ca
root@node0:~$ ceph dashboard set-ssl-certificate -i dashboard.crt
root@node0:~$ ceph dashboard set-ssl-certificate-key -i dashboard.key
 
root@node1:~# ceph config set mgr mgr/dashboard/server_addr 192.168.42.140
root@node1:~# ceph config set mgr mgr/dashboard/server_port 80
root@node1:~# ceph config set mgr mgr/dashboard/ssl_server_port 8443
#设置密码和查看配置
root@node1:~# echo '123456' >>  /root/cephpasswd
root@node1:~# ceph dashboard ac-user-create admin -i /root/cephpasswd administrator
root@node1:~# ceph config dump
重启mgr服务
root@node1:~# systemctl restart ceph-mgr@node1
#查看ceph-mgr dashboard监听端口
root@node1:/var/log/ceph# ceph mgr services
{
    "dashboard": "https://192.168.42.140:8443/"
}

7、块存储

#创建rbd pool,名字为myrbd,pg为16个
root@node1:~# ceph osd pool create myrbd 16
pool 'myrbd' created
root@node1:~# ceph osd lspools
1 .mgr
2 myrbd
#对存储池初始化
root@node1:~# rbd pool init myrbd
:rbd存储池不能直接用于块设备,需要实现创建image,并把image文件作为块设备使用,rbd命令可用于创建、查看及删除块设备相应的image,以及克隆image,创建快照,将镜像回滚到快照,查看快照等管理操作。
#创建一块1G的磁盘disk01,指定磁盘特性layering,不指定默认的所有的特性需要高版本内核支持。
root@node1:~# rbd create disk01 --pool myrbd --size 1G --image-feature layering
root@node1:~# rbd ls myrbd
disk01
root@node1:~# rbd --pool myrbd --image disk01 info  
客户机挂载使用。
root@node2:~# apt -y install ceph-common  版本一致
#从部署服务器同步认证文件。这样客户机就相当于用admin权限在访问集群,生产不建议。
root@node1:~# scp /etc/ceph/ceph.conf node2:/etc/ceph/
root@node1:~# scp /etc/ceph/ceph.client.admin.keyring node2:/etc/ceph/
# 映射到客户机本地,并查看映射情况
root@node2:~# rbd --pool myrbd map disk01   #需设置开机自启动
/dev/rbd0
root@node2:~# rbd showmapped
id  pool   namespace  image   snap  device   
0   myrbd             disk01  -     /dev/rbd0
#挂载使用
root@node2:~# fdisk -l
root@node2:~# mkfs.xfs /dev/rbd0
root@node2:~# mkdir /data02
root@node2:~# mount /dev/rbd0 /data02  #需设置开机自启动
 
#删掉image
root@node2:~# umount /data02
# 断开映射 
root@node2:~# rbd --pool myrbd unmap disk01
root@node2:~# rbd showmapped
# 删除image
root@node2:~# rbd --pool myrbd remove disk01
root@node2:~# rbd ls myrbd

为rbd使用创建单独授权

# 创建用户client.rbd01
root@node1:~# ceph auth get-or-create client.rbd01
# 授予权限给用户
root@node1:~# ceph auth caps client.rbd01 mon 'allow r' osd 'allow rwx pool=myrbd'
# 获取该用户的权限列表并导出该文件
root@node1:~# ceph auth get client.rbd01 -o /etc/ceph/client.rbd01.keyring
客户机使用:
root@node3:~# apt -y install ceph-common  版本一致
root@node1:~# scp /etc/ceph/client.rbd01.keyring  node3:/etc/ceph/
root@node1:~# scp /etc/ceph/ceph.conf node3:/etc/ceph/
root@node3:~# vi /etc/ceph/ceph.conf 
[global]
fsid = 0f342ec2-6119-4261-b65a-0833732b12cb
mon_initial_members = node1
mon host = 192.168.42.140
public network = 192.168.42.0/24
cluster network = 172.16.1.0/24
auth cluster required = cephx
auth service required = cephx
auth client required = cephx
osd journal size = 1024
osd pool default size = 3
osd pool default min size = 2
osd pool default pg num = 16
osd pool default pgp num = 16
osd crush chooseleaf type = 1
 
[client.rbd01]
keyring=/etc/ceph/client.rbd01.keyring
验证使用:
root@node3:~# ceph -s --id rbd01
root@node3:~# ceph osd lspools  --id rbd01
1 .mgr
2 myrbd
root@node3:~# rbd create disk01 --pool myrbd --size 1G --image-feature layering --id rbd01
root@node3:~# rbd ls pool --pool myrbd --id rbd01     
disk01
root@node3:~# rbd --pool myrbd map disk01 --id rbd01  
root@node3:~# ll /dev/rbd0
brw-rw---- 1 root disk 252, 0 Dec 19 11:27 /dev/rbd0

接下来创建文件系统,挂载使用即可。

8、对象存储

在集群中添加对象存储服务(radosgw):
root@node1:~# apt install radosgw -y
root@node1:~# vi /etc/ceph/ceph.conf  
# 添加配置:默认端口7480
[client.rgw.node1]
host = node1
rgw frontends = "beast port=7480"  
rgw dns name = node1
# 将密钥环输出至rgw-node1
root@node1:~# sudo -u ceph mkdir -p /var/lib/ceph/radosgw/ceph-rgw.node1
root@node1:~# ceph auth get-or-create client.rgw.node1 osd 'allow rwx' mon 'allow rw' -o /var/lib/ceph/radosgw/ceph-rgw.node1/keyring
#启动rgw,会 自 动 生 成 .rgw.root 与 default.rgw.log 与 default.rgw.control 与 default.rgw.meta 与default.rgw.buckets.index 默认存储池,类型均为 rgw。
root@node1:~# systemctl enable --now ceph-radosgw@rgw.node1
报错:
处理方式:
root@node1:~# vi /etc/ceph/ceph.conf
添加/修改: [global]
osd pool default pg num = 16
osd pool default pgp num = 16
mon_max_pg_per_osd = 1000
root@node1:~# systemctl restart ceph-mon@node1 
root@node1:~# systemctl status ceph-radosgw@rgw.node1
未解决
实际解决的方案:
# 手动创建rgw需要的pool
# ceph osd pool create .rgw.root 16 16
# ceph osd pool create default.rgw.control 16 16
# ceph osd pool create default.rgw.meta 16 16
# ceph osd pool create default.rgw.log 16 16
# ceph osd pool create default.rgw.buckets.index 16 16
# ceph osd pool create default.rgw.buckets.data 16 16
# ceph osd pool create default.rgw.buckets.non-ec 16 16
设置存储池类型为rgw
# ceph osd pool application enable .rgw.root rgw
# ceph osd pool application enable default.rgw.control rgw
# ceph osd pool application enable default.rgw.meta rgw
# ceph osd pool application enable default.rgw.log rgw
# ceph osd pool application enable default.rgw.buckets.index rgw
# ceph osd pool application enable default.rgw.buckets.data rgw
# ceph osd pool application enable default.rgw.buckets.non-ec rgw
 #重新启动rgw
root@node1:~# systemctl restart ceph-radosgw@rgw.node1
root@node1:~# systemctl enable ceph-radosgw@rgw.node1
root@node1:~# systemctl status ceph-radosgw@rgw.node1
# 在RGW节点添加一个对象存储网关的管理员账户
root@node1:~#  radosgw-admin user create --uid="admin" --display-name="admin user" --system
# 查询用户信息
root@node1:~# radosgw-admin user list
root@node1:~# radosgw-admin user info --uid=admin
# 分别将上面admin账户信息中的access_key和secret_key复制粘贴到rgw_access_key、rgw_secret_key文件中
# 将radosgw集成到dashboard
root@node1:~/ceph# ceph dashboard set-rgw-api-ssl-verify false
root@node1:~/ceph# ceph dashboard set-rgw-api-access-key -i rgw_access_key
root@node1:~/ceph# ceph dashboard set-rgw-api-secret-key -i rgw_secret_key
访问dashboard,https://192.168.42.140:8443/ ,可在上面创建用户和bucket等
 

9、文件存储

#在集群中添加ceph MDS服务
root@node2:~# apt install -y ceph-mds
#创建目录,秘钥,导出mds秘钥
root@node2:~#  sudo -u ceph mkdir -p /var/lib/ceph/mds/ceph-node2
root@node2:~# ceph auth get-or-create mds.node2 osd "allow rwx" mds "allow" mon "allow profile mds"
root@node2:~# ceph auth get mds.node2 -o /var/lib/ceph/mds/ceph-node2/keyring
#启动服务
root@node2:~# systemctl start ceph-mds@node2
root@node2:~# systemctl enable ceph-mds@node2
root@node2:~# systemctl status ceph-mds@node2
root@node1:~# ceph mds stat
1 up:standby
# 创建cephfs所需要的的metadata和data存储池
root@node1:~# ceph osd pool create cephfs_data 16
root@node1:~# ceph osd pool create cephfs_metadata 16
root@node1:~# ceph fs new cephfs cephfs_metadata cephfs_data  #cephfs是name
root@node1:~# ceph fs ls
name: cephfs, metadata pool: cephfs_metadata, data pools: [cephfs_data ]
root@node1:~# ceph mds stat
root@node1:~# ceph fs status cephfs  #查看name为cephfs的状态
客户端挂载使用cephfs,需要指定mon节点的6789端口。
root@node3:~# apt install ceph-common -y
拷贝mon节点的ceph.conf、和管理员秘钥到客户端(实际应单独创建用户和秘钥)
root@node3:~# scp 192.168.42.140:/etc/ceph/ceph.client.admin.keyring /etc/ceph/keyring
root@node3:~# mount -t ceph 192.168.42.140:6789:/ /mnt -o name=admin
 
单独创建用户和秘钥挂载:
root@node1:~# ceph fs authorize cephfs client.cephfs01 / rw  
[client.cephfs01]
        key = AQDLq4FlgiIVCxAAdb0JifnQNqRH5e5R4ZeT+g==
root@node1:~# ceph auth get-or-create client.cephfs01 -o /etc/ceph/client.cephfs.keyring
将client.cephfs.keyring文件拷贝到客户端并重命名为/etc/ceph/keyring
root@node1:~# scp /etc/ceph/client.cephfs.keyring node3:/etc/ceph/keyring
root@node3:~# mount -t ceph 192.168.42.140:6789:/ /mnt -o name=cephfs01
posted @ 2024-01-08 23:13  _幸会  阅读(208)  评论(0编辑  收藏  举报