2017-07-06 17:32:53 +00:00
|
|
|
|
==========================================
|
|
|
|
|
Configuring the iSCSI Target using Ansible
|
|
|
|
|
==========================================
|
|
|
|
|
|
|
|
|
|
The Ceph iSCSI gateway is the iSCSI target node and also a Ceph client
|
|
|
|
|
node. The Ceph iSCSI gateway can be a standalone node or be colocated on
|
|
|
|
|
a Ceph Object Store Disk (OSD) node. Completing the following steps will
|
|
|
|
|
install, and configure the Ceph iSCSI gateway for basic operation.
|
|
|
|
|
|
|
|
|
|
**Requirements:**
|
|
|
|
|
|
2017-07-06 22:22:38 +00:00
|
|
|
|
- A running Ceph Luminous (12.2.x) cluster or newer
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
2018-03-02 22:05:54 +00:00
|
|
|
|
- RHEL/CentOS 7.5; Linux kernel v4.16 or newer; or the `Ceph iSCSI client test kernel <https://shaman.ceph.com/repos/kernel/ceph-iscsi-test>`_
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
- The ``ceph-iscsi-config`` package installed on all the iSCSI gateway nodes
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
|
|
|
|
**Installing:**
|
|
|
|
|
|
2017-07-12 22:11:25 +00:00
|
|
|
|
#. On the Ansible installer node, which could be either the administration node
|
2017-07-06 17:32:53 +00:00
|
|
|
|
or a dedicated deployment node, perform the following steps:
|
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
#. As ``root``, install the ``ceph-ansible`` package:
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
# yum install ceph-ansible
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
2017-07-12 22:11:25 +00:00
|
|
|
|
#. Add an entry in ``/etc/ansible/hosts`` file for the gateway group:
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
[ceph-iscsi-gw]
|
|
|
|
|
ceph-igw-1
|
|
|
|
|
ceph-igw-2
|
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
.. note::
|
2017-07-06 22:22:38 +00:00
|
|
|
|
If co-locating the iSCSI gateway with an OSD node, then add the OSD node to the
|
|
|
|
|
``[ceph-iscsi-gw]`` section.
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
|
|
|
|
**Configuring:**
|
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
The ``ceph-ansible`` package places a file in the ``/usr/share/ceph-ansible/group_vars/``
|
2017-07-06 22:22:38 +00:00
|
|
|
|
directory called ``ceph-iscsi-gw.sample``. Create a copy of this sample file named
|
|
|
|
|
``ceph-iscsi-gw.yml``. Review the following Ansible variables and descriptions,
|
|
|
|
|
and update accordingly.
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| Variable | Meaning/Purpose |
|
|
|
|
|
+======================================+======================================+
|
|
|
|
|
| ``seed_monitor`` | Each gateway needs access to the |
|
|
|
|
|
| | ceph cluster for rados and rbd |
|
|
|
|
|
| | calls. This means the iSCSI gateway |
|
|
|
|
|
| | must have an appropriate |
|
|
|
|
|
| | ``/etc/ceph/`` directory defined. |
|
|
|
|
|
| | The ``seed_monitor`` host is used to |
|
|
|
|
|
| | populate the iSCSI gateway’s |
|
|
|
|
|
| | ``/etc/ceph/`` directory. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
2017-07-06 22:22:38 +00:00
|
|
|
|
| ``cluster_name`` | Define a custom storage cluster |
|
|
|
|
|
| | name. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| ``gateway_keyring`` | Define a custom keyring name. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| ``deploy_settings`` | If set to ``true``, then deploy the |
|
|
|
|
|
| | settings when the playbook is ran. |
|
2017-07-06 17:32:53 +00:00
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| ``perform_system_checks`` | This is a boolean value that checks |
|
|
|
|
|
| | for multipath and lvm configuration |
|
|
|
|
|
| | settings on each gateway. It must be |
|
|
|
|
|
| | set to true for at least the first |
|
|
|
|
|
| | run to ensure multipathd and lvm are |
|
|
|
|
|
| | configured properly. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| ``gateway_iqn`` | This is the iSCSI IQN that all the |
|
|
|
|
|
| | gateways will expose to clients. |
|
|
|
|
|
| | This means each client will see the |
|
|
|
|
|
| | gateway group as a single subsystem. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| ``gateway_ip_list`` | The ip list defines the IP addresses |
|
|
|
|
|
| | that will be used on the front end |
|
|
|
|
|
| | network for iSCSI traffic. This IP |
|
|
|
|
|
| | will be bound to the active target |
|
|
|
|
|
| | portal group on each node, and is |
|
|
|
|
|
| | the access point for iSCSI traffic. |
|
|
|
|
|
| | Each IP should correspond to an IP |
|
|
|
|
|
| | available on the hosts defined in |
|
|
|
|
|
| | the ``ceph-iscsi-gw`` host group in |
|
|
|
|
|
| | ``/etc/ansible/hosts``. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| ``rbd_devices`` | This section defines the RBD images |
|
|
|
|
|
| | that will be controlled and managed |
|
|
|
|
|
| | within the iSCSI gateway |
|
|
|
|
|
| | configuration. Parameters like |
|
|
|
|
|
| | ``pool`` and ``image`` are self |
|
|
|
|
|
| | explanatory. Here are the other |
|
|
|
|
|
| | parameters: ``size`` = This defines |
|
|
|
|
|
| | the size of the RBD. You may |
|
|
|
|
|
| | increase the size later, by simply |
|
|
|
|
|
| | changing this value, but shrinking |
|
|
|
|
|
| | the size of an RBD is not supported |
|
|
|
|
|
| | and is ignored. ``host`` = This is |
|
|
|
|
|
| | the iSCSI gateway host name that |
|
|
|
|
|
| | will be responsible for the rbd |
|
|
|
|
|
| | allocation/resize. Every defined |
|
|
|
|
|
| | ``rbd_device`` entry must have a |
|
|
|
|
|
| | host assigned. ``state`` = This is |
|
|
|
|
|
| | typical Ansible syntax for whether |
|
|
|
|
|
| | the resource should be defined or |
|
|
|
|
|
| | removed. A request with a state of |
|
|
|
|
|
| | absent will first be checked to |
|
|
|
|
|
| | ensure the rbd is not mapped to any |
|
|
|
|
|
| | client. If the RBD is unallocated, |
|
|
|
|
|
| | it will be removed from the iSCSI |
|
|
|
|
|
| | gateway and deleted from the |
|
|
|
|
|
| | configuration. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| ``client_connections`` | This section defines the iSCSI |
|
|
|
|
|
| | client connection details together |
|
|
|
|
|
| | with the LUN (RBD image) masking. |
|
|
|
|
|
| | Currently only CHAP is supported as |
|
|
|
|
|
| | an authentication mechanism. Each |
|
|
|
|
|
| | connection defines an ``image_list`` |
|
|
|
|
|
| | which is a comma separated list of |
|
|
|
|
|
| | the form |
|
2017-07-12 22:11:25 +00:00
|
|
|
|
| | ``pool.rbd_image[,pool.rbd_image]``. |
|
2017-07-06 17:32:53 +00:00
|
|
|
|
| | RBD images can be added and removed |
|
|
|
|
|
| | from this list, to change the client |
|
|
|
|
|
| | masking. Note that there are no |
|
|
|
|
|
| | checks done to limit RBD sharing |
|
|
|
|
|
| | across client connections. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
.. note::
|
2017-07-06 17:32:53 +00:00
|
|
|
|
When using the ``gateway_iqn`` variable, and for Red Hat Enterprise Linux
|
|
|
|
|
clients, installing the ``iscsi-initiator-utils`` package is required for
|
|
|
|
|
retrieving the gateway’s IQN name. The iSCSI initiator name is located in the
|
|
|
|
|
``/etc/iscsi/initiatorname.iscsi`` file.
|
|
|
|
|
|
|
|
|
|
**Deploying:**
|
|
|
|
|
|
|
|
|
|
On the Ansible installer node, perform the following steps.
|
|
|
|
|
|
2017-07-12 22:11:25 +00:00
|
|
|
|
#. As ``root``, execute the Ansible playbook:
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
# cd /usr/share/ceph-ansible
|
|
|
|
|
# ansible-playbook ceph-iscsi-gw.yml
|
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
.. note::
|
2017-07-06 17:32:53 +00:00
|
|
|
|
The Ansible playbook will handle RPM dependencies, RBD creation
|
|
|
|
|
and Linux IO configuration.
|
|
|
|
|
|
2017-07-12 22:11:25 +00:00
|
|
|
|
#. Verify the configuration from an iSCSI gateway node:
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
2017-07-06 22:22:38 +00:00
|
|
|
|
# gwcli ls
|
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
.. note::
|
2017-07-06 22:22:38 +00:00
|
|
|
|
For more information on using the ``gwcli`` command to install and configure
|
2018-08-28 06:56:16 +00:00
|
|
|
|
a Ceph iSCSI gateway, see the `Configuring the iSCSI Target using the Command Line Interface`_
|
2017-07-06 22:22:38 +00:00
|
|
|
|
section.
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
.. important::
|
2017-07-06 22:22:38 +00:00
|
|
|
|
Attempting to use the ``targetcli`` tool to change the configuration will
|
|
|
|
|
result in the following issues, such as ALUA misconfiguration and path failover
|
|
|
|
|
problems. There is the potential to corrupt data, to have mismatched
|
|
|
|
|
configuration across iSCSI gateways, and to have mismatched WWN information,
|
|
|
|
|
which will lead to client multipath problems.
|
2017-07-06 17:32:53 +00:00
|
|
|
|
|
|
|
|
|
**Service Management:**
|
|
|
|
|
|
|
|
|
|
The ``ceph-iscsi-config`` package installs the configuration management
|
|
|
|
|
logic and a Systemd service called ``rbd-target-gw``. When the Systemd
|
|
|
|
|
service is enabled, the ``rbd-target-gw`` will start at boot time and
|
|
|
|
|
will restore the Linux IO state. The Ansible playbook disables the
|
|
|
|
|
target service during the deployment. Below are the outcomes of when
|
|
|
|
|
interacting with the ``rbd-target-gw`` Systemd service.
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
# systemctl <start|stop|restart|reload> rbd-target-gw
|
|
|
|
|
|
|
|
|
|
- ``reload``
|
|
|
|
|
|
|
|
|
|
A reload request will force ``rbd-target-gw`` to reread the
|
|
|
|
|
configuration and apply it to the current running environment. This
|
|
|
|
|
is normally not required, since changes are deployed in parallel from
|
|
|
|
|
Ansible to all iSCSI gateway nodes
|
|
|
|
|
|
|
|
|
|
- ``stop``
|
|
|
|
|
|
|
|
|
|
A stop request will close the gateway’s portal interfaces, dropping
|
|
|
|
|
connections to clients and wipe the current LIO configuration from
|
|
|
|
|
the kernel. This returns the iSCSI gateway to a clean state. When
|
|
|
|
|
clients are disconnected, active I/O is rescheduled to the other
|
|
|
|
|
iSCSI gateways by the client side multipathing layer.
|
|
|
|
|
|
|
|
|
|
**Administration:**
|
|
|
|
|
|
|
|
|
|
Within the ``/usr/share/ceph-ansible/group_vars/ceph-iscsi-gw`` file
|
|
|
|
|
there are a number of operational workflows that the Ansible playbook
|
|
|
|
|
supports.
|
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
.. warning::
|
2017-07-06 17:32:53 +00:00
|
|
|
|
Before removing RBD images from the iSCSI gateway configuration,
|
|
|
|
|
follow the standard procedures for removing a storage device from
|
|
|
|
|
the operating system.
|
|
|
|
|
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| I want to… | Update the ``ceph-iscsi-gw`` file |
|
|
|
|
|
| | by… |
|
|
|
|
|
+======================================+======================================+
|
|
|
|
|
| Add more RBD images | Adding another entry to the |
|
|
|
|
|
| | ``rbd_devices`` section with the new |
|
|
|
|
|
| | image. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| Resize an existing RBD image | Updating the size parameter within |
|
|
|
|
|
| | the ``rbd_devices`` section. Client |
|
|
|
|
|
| | side actions are required to pick up |
|
|
|
|
|
| | the new size of the disk. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| Add a client | Adding an entry to the |
|
|
|
|
|
| | ``client_connections`` section. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| Add another RBD to a client | Adding the relevant RBD |
|
|
|
|
|
| | ``pool.image`` name to the |
|
|
|
|
|
| | ``image_list`` variable for the |
|
|
|
|
|
| | client. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| Remove an RBD from a client | Removing the RBD ``pool.image`` name |
|
|
|
|
|
| | from the clients ``image_list`` |
|
|
|
|
|
| | variable. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| Remove an RBD from the system | Changing the RBD entry state |
|
|
|
|
|
| | variable to ``absent``. The RBD |
|
|
|
|
|
| | image must be unallocated from the |
|
|
|
|
|
| | operating system first for this to |
|
|
|
|
|
| | succeed. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| Change the clients CHAP credentials | Updating the relevant CHAP details |
|
|
|
|
|
| | in ``client_connections``. This will |
|
|
|
|
|
| | need to be coordinated with the |
|
|
|
|
|
| | clients. For example, the client |
|
|
|
|
|
| | issues an iSCSI logout, the |
|
|
|
|
|
| | credentials are changed by the |
|
|
|
|
|
| | Ansible playbook, the credentials |
|
|
|
|
|
| | are changed at the client, then the |
|
|
|
|
|
| | client performs an iSCSI login. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
| Remove a client | Updating the relevant |
|
|
|
|
|
| | ``client_connections`` item with a |
|
|
|
|
|
| | state of ``absent``. Once the |
|
|
|
|
|
| | Ansible playbook is ran, the client |
|
|
|
|
|
| | will be purged from the system, but |
|
|
|
|
|
| | the disks will remain defined to |
|
|
|
|
|
| | Linux IO for potential reuse. |
|
|
|
|
|
+--------------------------------------+--------------------------------------+
|
|
|
|
|
|
|
|
|
|
Once a change has been made, rerun the Ansible playbook to apply the
|
|
|
|
|
change across the iSCSI gateway nodes.
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
# ansible-playbook ceph-iscsi-gw.yml
|
|
|
|
|
|
|
|
|
|
**Removing the Configuration:**
|
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
The ``ceph-ansible`` package provides an Ansible playbook to
|
2017-07-06 17:32:53 +00:00
|
|
|
|
remove the iSCSI gateway configuration and related RBD images. The
|
|
|
|
|
Ansible playbook is ``/usr/share/ceph-ansible/purge_gateways.yml``. When
|
|
|
|
|
this Ansible playbook is ran a prompted for the type of purge to
|
|
|
|
|
perform:
|
|
|
|
|
|
|
|
|
|
*lio* :
|
|
|
|
|
|
|
|
|
|
In this mode the LIO configuration is purged on all iSCSI gateways that
|
|
|
|
|
are defined. Disks that were created are left untouched within the Ceph
|
|
|
|
|
storage cluster.
|
|
|
|
|
|
|
|
|
|
*all* :
|
|
|
|
|
|
|
|
|
|
When ``all`` is chosen, the LIO configuration is removed together with
|
|
|
|
|
**all** RBD images that were defined within the iSCSI gateway
|
|
|
|
|
environment, other unrelated RBD images will not be removed. Ensure the
|
|
|
|
|
correct mode is chosen, this operation will delete data.
|
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
.. warning::
|
2017-07-06 17:32:53 +00:00
|
|
|
|
A purge operation is destructive action against your iSCSI gateway
|
|
|
|
|
environment.
|
|
|
|
|
|
2017-08-08 23:14:57 +00:00
|
|
|
|
.. warning::
|
2017-07-06 17:32:53 +00:00
|
|
|
|
A purge operation will fail, if RBD images have snapshots or clones
|
|
|
|
|
and are exported through the Ceph iSCSI gateway.
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
[root@rh7-iscsi-client ceph-ansible]# ansible-playbook purge_gateways.yml
|
|
|
|
|
Which configuration elements should be purged? (all, lio or abort) [abort]: all
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PLAY [Confirm removal of the iSCSI gateway configuration] *********************
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
GATHERING FACTS ***************************************************************
|
|
|
|
|
ok: [localhost]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TASK: [Exit playbook if user aborted the purge] *******************************
|
|
|
|
|
skipping: [localhost]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TASK: [set_fact ] *************************************************************
|
|
|
|
|
ok: [localhost]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PLAY [Removing the gateway configuration] *************************************
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
GATHERING FACTS ***************************************************************
|
|
|
|
|
ok: [ceph-igw-1]
|
|
|
|
|
ok: [ceph-igw-2]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TASK: [igw_purge | purging the gateway configuration] *************************
|
|
|
|
|
changed: [ceph-igw-1]
|
|
|
|
|
changed: [ceph-igw-2]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TASK: [igw_purge | deleting configured rbd devices] ***************************
|
|
|
|
|
changed: [ceph-igw-1]
|
|
|
|
|
changed: [ceph-igw-2]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PLAY RECAP ********************************************************************
|
|
|
|
|
ceph-igw-1 : ok=3 changed=2 unreachable=0 failed=0
|
|
|
|
|
ceph-igw-2 : ok=3 changed=2 unreachable=0 failed=0
|
|
|
|
|
localhost : ok=2 changed=0 unreachable=0 failed=0
|
2017-07-06 22:22:38 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.. _Configuring the iSCSI Target using the Command Line Interface: ../iscsi-target-cli
|