ceph 007 双向池同步 rgw对象网关配置 s3对象存储
增量导入导出要基于快照
导出的过程当中害怕镜像被修改所以打快照。快照的数据是不会变化的
镜像级别的双向同步
镜像主到备,备到主。一对一 就算是池模式的双向同步,镜像也具有主备关系
双向同步,池模式
[root@clienta ~]# ceph osd pool create rbd
pool 'rbd' created
[root@clienta ~]# rbd pool init rbd
[root@clienta ~]# ceph orch apply rbd-mirror --placement=serverc.lab.example.com
Scheduled rbd-mirror update...
[root@clienta ~]#
[root@serverf ~]# ceph osd pool create rbd
pool 'rbd' created
[root@serverf ~]# rbd pool init rbd
[root@serverf ~]# ceph orch apply rbd-mirror --placement=serverf.lab.example.com
Scheduled rbd-mirror update...
[root@serverf ~]#
一个集群任意一个节点安装rbd-mirror就行了
[root@serverf ~]# rbd mirror pool enable rbd pool
[root@serverf ~]#
[root@clienta ~]# rbd mirror pool enable rbd pool
[root@clienta ~]#
两边开启池模式
[root@clienta ~]# rbd mirror pool peer bootstrap create --site-name prod rbd > /root/prod
[root@clienta ~]# scp /root/prod root@serverf:~
Warning: Permanently added 'serverf,172.25.250.15' (ECDSA) to the list of known hosts.
prod 100% 253 20.1KB/s 00:00
[root@serverf ~]# rbd mirror pool peer bootstrap create --site-name bup rbd > /root/bup
[root@serverf ~]# scp /root/bup root@clienta:~
Warning: Permanently added 'clienta,172.25.250.10' (ECDSA) to the list of known hosts.
bup 100% 253 8.0KB/s 00:00
[root@serverf ~]# rbd mirror pool peer bootstrap import --site-name bup rbd /root/prod
2022-08-15T11:49:25.186-0400 7f2c0ba292c0 -1 auth: unable to find a keyring on /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin,: (2) No such file or directory
2022-08-15T11:49:25.202-0400 7f2c0ba292c0 -1 auth: unable to find a keyring on /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin,: (2) No such file or directory
2022-08-15T11:49:25.202-0400 7f2c0ba292c0 -1 auth: unable to find a keyring on /etc/ceph/..keyring,/etc/ceph/.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin,: (2) No such file or directory
(这个import导入,做一边就可以,也就是可以省一个scp步骤。还是建议在serverf这里做import)
两个集群建立联系,知晓对方信息
[root@clienta ~]# rbd mirror pool info rbd
Mode: pool
Site Name: prod
Peer Sites:
UUID: db75b9df-3aad-4d96-9a18-071274e6ca41
Name: bup
Mirror UUID: 5b2135ab-a90a-490f-9e39-7e2d059740f5
Direction: rx-tx
Client: client.rbd-mirror-peer
[root@clienta ~]#
[root@serverf ~]# rbd mirror pool info rbd
Mode: pool
Site Name: bup
Peer Sites:
UUID: 0d1b536e-6e83-49e4-aa9d-2dc4928607be
Name: prod
Mirror UUID: ca13dd9d-79b6-4614-aa5f-c4c8cb300396
Direction: rx-tx
Client: client.rbd-mirror-peer
[root@serverf ~]#
[root@clienta ~]# rbd mirror pool status
health: WARNING
daemon health: OK
image health: WARNING
images: 0 total
查看两个池状态。
[root@serverf ~]# rbd create image4 --size 1024 --pool rbd --image-feature exclusive-lock,journaling
[root@serverf ~]# rbd info image4
rbd image 'image4':
size 1 GiB in 256 objects
order 22 (4 MiB objects)
snapshot_count: 0
id: ac7a80f965cd
block_name_prefix: rbd_data.ac7a80f965cd
format: 2
features: exclusive-lock, journaling
op_features:
flags:
create_timestamp: Mon Aug 15 12:01:42 2022
access_timestamp: Mon Aug 15 12:01:42 2022
modify_timestamp: Mon Aug 15 12:01:42 2022
journal: ac7a80f965cd
mirroring state: enabled
mirroring mode: journal
mirroring global id: c3cb1983-508e-4d6c-a2a1-87a04c5cae7b
mirroring primary: true
[root@clienta ~]# rbd ls
image1
image2
image4
[root@clienta ~]# rbd info image4
rbd image 'image4':
size 1 GiB in 256 objects
order 22 (4 MiB objects)
snapshot_count: 0
id: fafc8a70d31d
block_name_prefix: rbd_data.fafc8a70d31d
format: 2
features: exclusive-lock, journaling
op_features:
flags:
create_timestamp: Mon Aug 15 12:01:45 2022
access_timestamp: Mon Aug 15 12:01:45 2022
modify_timestamp: Mon Aug 15 12:01:45 2022
journal: fafc8a70d31d
mirroring state: enabled
mirroring mode: journal
mirroring global id: c3cb1983-508e-4d6c-a2a1-87a04c5cae7b
mirroring primary: false
[root@clienta ~]#
在备集群创建镜像,主集群同步
镜像的1对1同步,被同步为false
报错
[root@clienta ~]# rbd mirror pool status
health: WARNING
daemon health: OK
image health: WARNING
images: 8 total
7 unknown
1 replaying
这个错误会让池子变为单向同步,很致命。会报超时。
过程整理
主集群操作
ceph osd pool create rbd
rbd pool init rbd
rbd mirror pool enable rbd pool # 开启池模式同步
ceph orch apply rbd-mirror --placement=serverf.lab.example.com #安装rbd mirror
rbd mirror pool peer bootstrap create --site-name prod rbd > /root/prod
rsycn prod root@serverf:~
备集群操作
ceph osd pool create rbd
rbd pool init rbd
rbd mirror pool enable rbd pool
ceph orch apply rbd-mirror --placement=serverf.lab.example.com #安装rbd mirror
rbd mirror pool peer bootstrap import --site-name bup rbd /root/prod
rbd ls
测试:
在prod和bup集群上各自创建镜像,可以互相同步
rbd create image1 --size 1024 --pool rbd --image-feature exclusive-lock,journaling #创建镜像,开启排他锁和日志功能
主备镜像切换
rbd mirror image demote test1 降级 (备)
rbd mirror image promote test1 升级 (主)
先降级
以前的osd都有xfs文件系统 (filestore)
现在bluestore osd都以逻辑卷的形式作为存储。在裸盘上,未被格式化
对象存储
mon 拥有用户数据,存储池信息,和osd信息。mon与mon之间也会数据同步
mgr 主备部署,可以实现dashboard web服务,可与监控工具对接(收集osd信息,数据统计)
rgw 可以提供web服务,并提供s3 swift接口
rgw对ceph来说为客户端,只要是客户端就要做认证
删除原有rgw
[student@workstation ~]$ lab start object-radosgw
部署rgw
serverc serverd
两个都 8080 端口 (主备)
[root@clienta ~]# radosgw-admin realm list
{
"default_info": "",
"realms": []
}
[root@clienta ~]# radosgw-admin zonegroup list
{
"default_info": "1dd3f8b5-a9f5-4930-a9f0-62cce8d81e9e",
"zonegroups": [
"default"
]
}
[root@clienta ~]# radosgw-admin zone list
{
"default_info": "8b63d584-9ea1-4cf3-8443-a6a15beca943",
"zones": [
"default"
]
}
[root@clienta ~]#
创建一个realm,设置成默认的realm
[root@clienta ~]# radosgw-admin realm create --rgw-realm=myrealm --default
{
"id": "ddfa65f0-ee1e-4233-b88e-2e5f96faa5ec",
"name": "myrealm",
"current_period": "e19e92b1-9b91-4726-8151-a943f6b650fc",
"epoch": 1
}
[root@clienta ~]# radosgw-admin realm list
{
"default_info": "ddfa65f0-ee1e-4233-b88e-2e5f96faa5ec",
"realms": [
"myrealm"
]
}
[root@clienta ~]#
创建zonegroup 指定realm
[root@clienta ~]# radosgw-admin zonegroup create --rgw-realm=myrealm --rgw-zonegroup=myzonegroup --master --default
{
"id": "4bbf15ed-56bb-4bc7-b30e-e70d3b5f2055",
"name": "myzonegroup",
"api_name": "myzonegroup",
"is_master": "true",
"endpoints": [],
"hostnames": [],
"hostnames_s3website": [],
"master_zone": "",
"zones": [],
"placement_targets": [],
"default_placement": "",
"realm_id": "ddfa65f0-ee1e-4233-b88e-2e5f96faa5ec",
"sync_policy": {
"groups": []
}
}
[root@clienta ~]# radosgw-admin realm list
{
"default_info": "ddfa65f0-ee1e-4233-b88e-2e5f96faa5ec",
"realms": [
"myrealm"
]
}
[root@clienta ~]#
id与realm的对应上了
创建zone 指定realm与zonegroup
[root@clienta ~]# radosgw-admin zone create --rgw-realm=myrealm --rgw-zonegroup=myzonegroup --rgw-zone=myzone --master --default
{
"id": "e4a0f422-74de-4c1b-b6f9-1dce56607795",
"name": "myzone",
"domain_root": "myzone.rgw.meta:root",
"control_pool": "myzone.rgw.control",
"gc_pool": "myzone.rgw.log:gc",
"lc_pool": "myzone.rgw.log:lc",
"log_pool": "myzone.rgw.log",
"intent_log_pool": "myzone.rgw.log:intent",
"usage_log_pool": "myzone.rgw.log:usage",
"roles_pool": "myzone.rgw.meta:roles",
"reshard_pool": "myzone.rgw.log:reshard",
"user_keys_pool": "myzone.rgw.meta:users.keys",
"user_email_pool": "myzone.rgw.meta:users.email",
"user_swift_pool": "myzone.rgw.meta:users.swift",
"user_uid_pool": "myzone.rgw.meta:users.uid",
"otp_pool": "myzone.rgw.otp",
"system_key": {
"access_key": "",
"secret_key": ""
},
"placement_pools": [
{
"key": "default-placement",
"val": {
"index_pool": "myzone.rgw.buckets.index",
"storage_classes": {
"STANDARD": {
"data_pool": "myzone.rgw.buckets.data"
}
},
"data_extra_pool": "myzone.rgw.buckets.non-ec",
"index_type": 0
}
}
],
"realm_id": "ddfa65f0-ee1e-4233-b88e-2e5f96faa5ec",
"notif_pool": "myzone.rgw.log:notif"
}
[root@clienta ~]#
提交修改。备集群做同步时,你改了提交了,备集群就知道要同步了
[root@clienta ~]# radosgw-admin period update --rgw-realm=myrealm --commit
结果太长了省略
创建rgw
[root@clienta ~]# ceph orch apply rgw mqy --realm=myrealm --zone=myzone --placement="2 serverc.lab.example.com serverd.lab.example.com" --port=8080
Scheduled rgw.mqy update...
查验
ceph orch ps
rgw.mqy.serverc.xmynyy serverc.lab.example.com running (10s) 1s ago 10s *:8080 16.2.0-117.el8cp 2142b60d7974 c656e4a3f1ba
rgw.mqy.serverd.soqmhn serverd.lab.example.com running (24s) 3s ago 24s *:8080 16.2.0-117.el8cp 2142b60d7974 8e326dbbe1c9
[root@clienta ~]#
[root@clienta ~]# ceph auth ls | grep rgw
installed auth entries:
client.bootstrap-rgw
caps: [mon] allow profile bootstrap-rgw
client.rgw.mqy.serverc.xmynyy
caps: [osd] allow rwx tag rgw *=*
client.rgw.mqy.serverd.soqmhn
caps: [osd] allow rwx tag rgw *=*
[root@clienta ~]#
访问一下
[root@clienta ~]# curl http://serverc.lab.example.com:8080
<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@clienta ~]#
查看服务
[root@clienta ~]#
[root@clienta ~]# ceph orch ls
NAME RUNNING REFRESHED AGE PLACEMENT
alertmanager 1/1 4m ago 10M count:1
crash 4/4 7m ago 10M *
grafana 1/1 4m ago 10M count:1
mgr 4/4 7m ago 10M clienta.lab.example.com;serverc.lab.example.com;serverd.lab.example.com;servere.lab.example.com
mon 4/4 7m ago 10M clienta.lab.example.com;serverc.lab.example.com;serverd.lab.example.com;servere.lab.example.com
node-exporter 4/4 7m ago 10M *
osd.default_drive_group 9/12 7m ago 10M server*
prometheus 1/1 4m ago 10M count:1
rgw.mqy 2/2 4m ago 4m serverc.lab.example.com;serverd.lab.example.com;count:2
删除服务
[root@clienta ~]# ceph orch rm rgw.mqy
Removed service rgw.mqy
2/2都会被删掉
ceph orch ps 查看进程
进程也会没有
再次创建
placement为数量
这个命令可以动态修改
[root@clienta ~]# ceph orch apply rgw mqy --realm=myrealm --zone=myzone --placement="4 serverc.lab.example.com serverd.lab.example.com" --port=8080
查验
[root@clienta ~]# ceph orch ps | tail
osd.4 servere.lab.example.com running (74m) 46s ago 9M - 16.2.0-117.el8cp 2142b60d7974 1b89696479d7
osd.5 serverd.lab.example.com running (74m) 3s ago 9M - 16.2.0-117.el8cp 2142b60d7974 a00346d7b07b
osd.6 servere.lab.example.com running (74m) 46s ago 9M - 16.2.0-117.el8cp 2142b60d7974 ef718e21063d
osd.7 serverd.lab.example.com running (74m) 3s ago 9M - 16.2.0-117.el8cp 2142b60d7974 463646452da7
osd.8 servere.lab.example.com running (74m) 46s ago 9M - 16.2.0-117.el8cp 2142b60d7974 ba2977e9530e
prometheus.serverc serverc.lab.example.com running (74m) 2s ago 10M *:9095 2.22.2 deca4dcb80bb d63e1b8d813e
rgw.mqy.serverc.gddkwr serverc.lab.example.com running (11s) 2s ago 11s *:8081 16.2.0-117.el8cp 2142b60d7974 d550e449cd72
rgw.mqy.serverc.svktdz serverc.lab.example.com running (23s) 2s ago 23s *:8080 16.2.0-117.el8cp 2142b60d7974 f1783a8a3b16
rgw.mqy.serverd.myvikk serverd.lab.example.com running (17s) 3s ago 17s *:8081 16.2.0-117.el8cp 2142b60d7974 6ef750d279e8
rgw.mqy.serverd.vdajmd serverd.lab.example.com running (29s) 3s ago 29s *:8080 16.2.0-117.el8cp 2142b60d7974 dd1959871603
[root@clienta ~]#
查看rgw服务和进程
ceph orch ps 查看进程 daemon
ceph orch ls 查看service
ceph orch rm rgw.mqy
rgw用户管理
创建s3用户,访问rgw
默认就是创建s3
[root@clienta ~]# radosgw-admin user create --uid=user1 --access-key=123 --secret=456 --email=user1@example.com --display-name=user1
{
"user_id": "user1",
"display_name": "user1",
"email": "user1@example.com",
"suspended": 0, # 1就是禁用
"max_buckets": 1000, # 最大bucket
"subusers": [],
"keys": [
{
"user": "user1",
"access_key": "123",
"secret_key": "456"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"default_storage_class": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}
s3 bucket(container) object
对象存储是扁平化的
对用户的操作
查看用户
radosgw-admin user info --uid=user1
修改
[root@clienta ~]# radosgw-admin user modify --uid=user1 --display-name='user1 li' --max_buckets=500
设置过默认值所以不需要指定,特定的区域
[root@clienta ~]# radosgw-admin zonegroup list
{
"default_info": "4bbf15ed-56bb-4bc7-b30e-e70d3b5f2055",
"zonegroups": [
"myzonegroup",
"default"
]
}
创建key
radosgw-admin user create/modify --uid=user1 --access-key=abc --secret=def
删除key
radosgw-admin key rm --uid=user1 --access-key=abc
自动生成key
radosgw-admin key create --uid=user1 --gen-access-key --gen-secret
设置用户配额
基于用户或基于bucket
用户可以创建多个bucket
[root@clienta ~]# radosgw-admin quota set --quota-scope=user --uid=user1 --max-objects=1024 --max-size=1G
[root@clienta ~]# radosgw-admin user info --uid=user1
{
"user_id": "user1",
"display_name": "user1 li",
"email": "user1@example.com",
"suspended": 0,
"max_buckets": 500,
"subusers": [],
"keys": [
{
"user": "user1",
"access_key": "123",
"secret_key": "456"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"default_storage_class": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": 1073741824,
"max_size_kb": 1048576,
"max_objects": 1024
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}
[root@clienta ~]#
设置配额,但未启用
[root@clienta ~]# radosgw-admin quota enable --quota-scope=user --uid=user1
[root@clienta ~]# radosgw-admin quota enable --quota-scope=bucket --uid=user1
启用用户和bucket配额
[root@clienta ~]# radosgw-admin quota set --quota-scope=bucket --uid=user1 --max-objects=1024 --max-size=200M
设置bucket 虽然你用户能有1G的对象大小,但你每个bucket只能存200M(你不能把1G存在一个bucket里)
用户访问rgw
clienta为ceph集群的客户端 (集群管理范围内)
安装
[root@clienta ~]# yum -y install awscli
aws configure --profile=ceph 输入用户ak和sk
[root@clienta ~]# aws --profile=ceph configure
AWS Access Key ID [None]: 123
AWS Secret Access Key [None]: 456
Default region name [None]:
Default output format [None]:
[root@clienta ~]#
[root@clienta ~]# cd .aws/
[root@clienta .aws]# ls
config credentials
[root@clienta .aws]# cat config
[profile ceph]
[root@clienta .aws]# cat credentials
[ceph]
aws_access_key_id = 123
aws_secret_access_key = 456
[root@clienta .aws]#
--profile 也可以不加,指定就是ceph,不指定就为default
[root@clienta .aws]# aws s3 ls --profile=ceph --endpoint=http://serverc:8080
[root@clienta .aws]#
[root@clienta .aws]# aws s3 --profile=ceph --endpoint=http://serverc:8080 mb s3://bucket1
make_bucket: bucket1
[root@clienta .aws]# aws s3 ls --profile=ceph --endpoint=http://serverc:8080
2022-08-16 05:58:31 bucket1
[root@clienta .aws]#
上传对象到bucket
[root@clienta .aws]# aws s3 cp /etc/ceph/ceph.conf s3://bucket1/ceph2 --profile=ceph --endpoint=http://serverc:8080
upload: ../../etc/ceph/ceph.conf to s3://bucket1/ceph2
[root@clienta .aws]# aws s3 ls s3://bucket1 --profile=ceph --endpoint=http://serverc:8080
2022-08-16 06:00:02 177 ceph2
上传一个公共文件(不需要验证秘钥)
[root@clienta .aws]# aws --profile=ceph --endpoint=http://serverc:8080 --acl=public-read-write s3 cp /etc/passwd s3://bucket1/
upload: ../../etc/passwd to s3://bucket1/passwd
[root@clienta .aws]#
第一种访问方式
[root@foundation0 ~]# wget http://serverc:8080/bucket1/passwd
第二种
[root@foundation0 tmp]# wget http://bucket1.serverc:8080/passwd
这种方式得做域名解析
*.serverc 172.25.250.12 泛域名解析
红帽文档有详情
还得开启bucket功能
[student@workstation ~]$ ping aca.serverc
PING aca.serverc (172.25.250.12) 56(84) bytes of data.
64 bytes from serverc.lab.example.com (172.25.250.12): icmp_seq=1 ttl=64 time=6.67 ms
管理员权限命令
[root@clienta .aws]# radosgw-admin bucket rm --bucket=bucket1
2022-08-16T06:17:18.744-0400 7f9f237a8380 -1 ERROR: could not remove non-empty bucket bucket1
配置文件,秘钥是client.rgw才需要的,真正的客户不需要。不要被误导
笔记有点潦草
