ceph/doc/rados/operations/add-or-rm-mons.rst
Sebastian Wagner 02584d3ee7 doc/cephadm: Restoring the MON quorum
Fixes: https://tracker.ceph.com/issues/49214
Signed-off-by: Sebastian Wagner <sebastian.wagner@suse.com>
2021-02-16 13:48:09 +01:00

386 lines
14 KiB
ReStructuredText

.. _adding-and-removing-monitors:
==========================
Adding/Removing Monitors
==========================
When you have a cluster up and running, you may add or remove monitors
from the cluster at runtime. To bootstrap a monitor, see `Manual Deployment`_
or `Monitor Bootstrap`_.
.. _adding-monitors:
Adding Monitors
===============
Ceph monitors are lightweight processes that are the single source of truth
for the cluster map. You can run a cluster with 1 monitor but we recommend at least 3
for a production cluster. Ceph monitors use a variation of the
`Paxos`_ algorithm to establish consensus about maps and other critical
information across the cluster. Due to the nature of Paxos, Ceph requires
a majority of monitors to be active to establish a quorum (thus establishing
consensus).
It is advisable to run an odd number of monitors. An
odd number of monitors is more resilient than an
even number. For instance, with a two monitor deployment, no
failures can be tolerated and still maintain a quorum; with three monitors,
one failure can be tolerated; in a four monitor deployment, one failure can
be tolerated; with five monitors, two failures can be tolerated. This avoids
the dreaded *split brain* phenomenon, and is why an odd number is best.
In short, Ceph needs a majority of
monitors to be active (and able to communicate with each other), but that
majority can be achieved using a single monitor, or 2 out of 2 monitors,
2 out of 3, 3 out of 4, etc.
For small or non-critical deployments of multi-node Ceph clusters, it is
advisable to deploy three monitors, and to increase the number of monitors
to five for larger clusters or to survive a double failure. There is rarely
justification for seven or more.
Since monitors are lightweight, it is possible to run them on the same
host as OSDs; however, we recommend running them on separate hosts,
because `fsync` issues with the kernel may impair performance.
Dedicated monitor nodes also minimize disruption since monitor and OSD
daemons are not inactive at the same time when a node crashes or is
taken down for maintenance.
Dedicated
monitor nodes also make for cleaner maintenance by avoiding both OSDs and
a mon going down if a node is rebooted, taken down, or crashes.
.. note:: A *majority* of monitors in your cluster must be able to
reach each other in order to establish a quorum.
Deploy your Hardware
--------------------
If you are adding a new host when adding a new monitor, see `Hardware
Recommendations`_ for details on minimum recommendations for monitor hardware.
To add a monitor host to your cluster, first make sure you have an up-to-date
version of Linux installed (typically Ubuntu 16.04 or RHEL 7).
Add your monitor host to a rack in your cluster, connect it to the network
and ensure that it has network connectivity.
.. _Hardware Recommendations: ../../../start/hardware-recommendations
Install the Required Software
-----------------------------
For manually deployed clusters, you must install Ceph packages
manually. See `Installing Packages`_ for details.
You should configure SSH to a user with password-less authentication
and root permissions.
.. _Installing Packages: ../../../install/install-storage-cluster
.. _Adding a Monitor (Manual):
Adding a Monitor (Manual)
-------------------------
This procedure creates a ``ceph-mon`` data directory, retrieves the monitor map
and monitor keyring, and adds a ``ceph-mon`` daemon to your cluster. If
this results in only two monitor daemons, you may add more monitors by
repeating this procedure until you have a sufficient number of ``ceph-mon``
daemons to achieve a quorum.
At this point you should define your monitor's id. Traditionally, monitors
have been named with single letters (``a``, ``b``, ``c``, ...), but you are
free to define the id as you see fit. For the purpose of this document,
please take into account that ``{mon-id}`` should be the id you chose,
without the ``mon.`` prefix (i.e., ``{mon-id}`` should be the ``a``
on ``mon.a``).
#. Create the default directory on the machine that will host your
new monitor. ::
ssh {new-mon-host}
sudo mkdir /var/lib/ceph/mon/ceph-{mon-id}
#. Create a temporary directory ``{tmp}`` to keep the files needed during
this process. This directory should be different from the monitor's default
directory created in the previous step, and can be removed after all the
steps are executed. ::
mkdir {tmp}
#. Retrieve the keyring for your monitors, where ``{tmp}`` is the path to
the retrieved keyring, and ``{key-filename}`` is the name of the file
containing the retrieved monitor key. ::
ceph auth get mon. -o {tmp}/{key-filename}
#. Retrieve the monitor map, where ``{tmp}`` is the path to
the retrieved monitor map, and ``{map-filename}`` is the name of the file
containing the retrieved monitor map. ::
ceph mon getmap -o {tmp}/{map-filename}
#. Prepare the monitor's data directory created in the first step. You must
specify the path to the monitor map so that you can retrieve the
information about a quorum of monitors and their ``fsid``. You must also
specify a path to the monitor keyring::
sudo ceph-mon -i {mon-id} --mkfs --monmap {tmp}/{map-filename} --keyring {tmp}/{key-filename}
#. Start the new monitor and it will automatically join the cluster.
The daemon needs to know which address to bind to, via either the
``--public-addr {ip}`` or ``--public-network {network}`` argument.
For example::
ceph-mon -i {mon-id} --public-addr {ip:port}
.. _removing-monitors:
Removing Monitors
=================
When you remove monitors from a cluster, consider that Ceph monitors use
Paxos to establish consensus about the master cluster map. You must have
a sufficient number of monitors to establish a quorum for consensus about
the cluster map.
.. _Removing a Monitor (Manual):
Removing a Monitor (Manual)
---------------------------
This procedure removes a ``ceph-mon`` daemon from your cluster. If this
procedure results in only two monitor daemons, you may add or remove another
monitor until you have a number of ``ceph-mon`` daemons that can achieve a
quorum.
#. Stop the monitor. ::
service ceph -a stop mon.{mon-id}
#. Remove the monitor from the cluster. ::
ceph mon remove {mon-id}
#. Remove the monitor entry from ``ceph.conf``.
.. _rados-mon-remove-from-unhealthy:
Removing Monitors from an Unhealthy Cluster
-------------------------------------------
This procedure removes a ``ceph-mon`` daemon from an unhealthy
cluster, for example a cluster where the monitors cannot form a
quorum.
#. Stop all ``ceph-mon`` daemons on all monitor hosts. ::
ssh {mon-host}
systemctl stop ceph-mon.target
# and repeat for all mons
#. Identify a surviving monitor and log in to that host. ::
ssh {mon-host}
#. Extract a copy of the monmap file. ::
ceph-mon -i {mon-id} --extract-monmap {map-path}
# in most cases, that's
ceph-mon -i `hostname` --extract-monmap /tmp/monmap
#. Remove the non-surviving or problematic monitors. For example, if
you have three monitors, ``mon.a``, ``mon.b``, and ``mon.c``, where
only ``mon.a`` will survive, follow the example below::
monmaptool {map-path} --rm {mon-id}
# for example,
monmaptool /tmp/monmap --rm b
monmaptool /tmp/monmap --rm c
#. Inject the surviving map with the removed monitors into the
surviving monitor(s). For example, to inject a map into monitor
``mon.a``, follow the example below::
ceph-mon -i {mon-id} --inject-monmap {map-path}
# for example,
ceph-mon -i a --inject-monmap /tmp/monmap
#. Start only the surviving monitors.
#. Verify the monitors form a quorum (``ceph -s``).
#. You may wish to archive the removed monitors' data directory in
``/var/lib/ceph/mon`` in a safe location, or delete it if you are
confident the remaining monitors are healthy and are sufficiently
redundant.
.. _Changing a Monitor's IP address:
Changing a Monitor's IP Address
===============================
.. important:: Existing monitors are not supposed to change their IP addresses.
Monitors are critical components of a Ceph cluster, and they need to maintain a
quorum for the whole system to work properly. To establish a quorum, the
monitors need to discover each other. Ceph has strict requirements for
discovering monitors.
Ceph clients and other Ceph daemons use ``ceph.conf`` to discover monitors.
However, monitors discover each other using the monitor map, not ``ceph.conf``.
For example, if you refer to `Adding a Monitor (Manual)`_ you will see that you
need to obtain the current monmap for the cluster when creating a new monitor,
as it is one of the required arguments of ``ceph-mon -i {mon-id} --mkfs``. The
following sections explain the consistency requirements for Ceph monitors, and a
few safe ways to change a monitor's IP address.
Consistency Requirements
------------------------
A monitor always refers to the local copy of the monmap when discovering other
monitors in the cluster. Using the monmap instead of ``ceph.conf`` avoids
errors that could break the cluster (e.g., typos in ``ceph.conf`` when
specifying a monitor address or port). Since monitors use monmaps for discovery
and they share monmaps with clients and other Ceph daemons, the monmap provides
monitors with a strict guarantee that their consensus is valid.
Strict consistency also applies to updates to the monmap. As with any other
updates on the monitor, changes to the monmap always run through a distributed
consensus algorithm called `Paxos`_. The monitors must agree on each update to
the monmap, such as adding or removing a monitor, to ensure that each monitor in
the quorum has the same version of the monmap. Updates to the monmap are
incremental so that monitors have the latest agreed upon version, and a set of
previous versions, allowing a monitor that has an older version of the monmap to
catch up with the current state of the cluster.
If monitors discovered each other through the Ceph configuration file instead of
through the monmap, it would introduce additional risks because the Ceph
configuration files are not updated and distributed automatically. Monitors
might inadvertently use an older ``ceph.conf`` file, fail to recognize a
monitor, fall out of a quorum, or develop a situation where `Paxos`_ is not able
to determine the current state of the system accurately. Consequently, making
changes to an existing monitor's IP address must be done with great care.
Changing a Monitor's IP address (The Right Way)
-----------------------------------------------
Changing a monitor's IP address in ``ceph.conf`` only is not sufficient to
ensure that other monitors in the cluster will receive the update. To change a
monitor's IP address, you must add a new monitor with the IP address you want
to use (as described in `Adding a Monitor (Manual)`_), ensure that the new
monitor successfully joins the quorum; then, remove the monitor that uses the
old IP address. Then, update the ``ceph.conf`` file to ensure that clients and
other daemons know the IP address of the new monitor.
For example, lets assume there are three monitors in place, such as ::
[mon.a]
host = host01
addr = 10.0.0.1:6789
[mon.b]
host = host02
addr = 10.0.0.2:6789
[mon.c]
host = host03
addr = 10.0.0.3:6789
To change ``mon.c`` to ``host04`` with the IP address ``10.0.0.4``, follow the
steps in `Adding a Monitor (Manual)`_ by adding a new monitor ``mon.d``. Ensure
that ``mon.d`` is running before removing ``mon.c``, or it will break the
quorum. Remove ``mon.c`` as described on `Removing a Monitor (Manual)`_. Moving
all three monitors would thus require repeating this process as many times as
needed.
Changing a Monitor's IP address (The Messy Way)
-----------------------------------------------
There may come a time when the monitors must be moved to a different network, a
different part of the datacenter or a different datacenter altogether. While it
is possible to do it, the process becomes a bit more hazardous.
In such a case, the solution is to generate a new monmap with updated IP
addresses for all the monitors in the cluster, and inject the new map on each
individual monitor. This is not the most user-friendly approach, but we do not
expect this to be something that needs to be done every other week. As it is
clearly stated on the top of this section, monitors are not supposed to change
IP addresses.
Using the previous monitor configuration as an example, assume you want to move
all the monitors from the ``10.0.0.x`` range to ``10.1.0.x``, and these
networks are unable to communicate. Use the following procedure:
#. Retrieve the monitor map, where ``{tmp}`` is the path to
the retrieved monitor map, and ``{filename}`` is the name of the file
containing the retrieved monitor map. ::
ceph mon getmap -o {tmp}/{filename}
#. The following example demonstrates the contents of the monmap. ::
$ monmaptool --print {tmp}/{filename}
monmaptool: monmap file {tmp}/{filename}
epoch 1
fsid 224e376d-c5fe-4504-96bb-ea6332a19e61
last_changed 2012-12-17 02:46:41.591248
created 2012-12-17 02:46:41.591248
0: 10.0.0.1:6789/0 mon.a
1: 10.0.0.2:6789/0 mon.b
2: 10.0.0.3:6789/0 mon.c
#. Remove the existing monitors. ::
$ monmaptool --rm a --rm b --rm c {tmp}/{filename}
monmaptool: monmap file {tmp}/{filename}
monmaptool: removing a
monmaptool: removing b
monmaptool: removing c
monmaptool: writing epoch 1 to {tmp}/{filename} (0 monitors)
#. Add the new monitor locations. ::
$ monmaptool --add a 10.1.0.1:6789 --add b 10.1.0.2:6789 --add c 10.1.0.3:6789 {tmp}/{filename}
monmaptool: monmap file {tmp}/{filename}
monmaptool: writing epoch 1 to {tmp}/{filename} (3 monitors)
#. Check new contents. ::
$ monmaptool --print {tmp}/{filename}
monmaptool: monmap file {tmp}/{filename}
epoch 1
fsid 224e376d-c5fe-4504-96bb-ea6332a19e61
last_changed 2012-12-17 02:46:41.591248
created 2012-12-17 02:46:41.591248
0: 10.1.0.1:6789/0 mon.a
1: 10.1.0.2:6789/0 mon.b
2: 10.1.0.3:6789/0 mon.c
At this point, we assume the monitors (and stores) are installed at the new
location. The next step is to propagate the modified monmap to the new
monitors, and inject the modified monmap into each new monitor.
#. First, make sure to stop all your monitors. Injection must be done while
the daemon is not running.
#. Inject the monmap. ::
ceph-mon -i {mon-id} --inject-monmap {tmp}/{filename}
#. Restart the monitors.
After this step, migration to the new location is complete and
the monitors should operate successfully.
.. _Manual Deployment: ../../../install/manual-deployment
.. _Monitor Bootstrap: ../../../dev/mon-bootstrap
.. _Paxos: https://en.wikipedia.org/wiki/Paxos_(computer_science)