OpenStack G2 - new ceph pools Ostrava IT4I (CL3)
The snippet can be accessed without any authentication.
Authored by
František Řezníček
Pro IT4I (DU CL3) měli obdržet toto:
Původní návrh https://gitlab.ics.muni.cz/-/snippets/471 je tímto deprekovaný.
Pooly (celkem cca 151TB)
# general kubernetes persistent storage
# group a] general kubernetes persistent storage
cloud-ceph-blockpool-it4i 15TB replication ~erasure coding~ <--- CHANGE 2023-02-17
cloud-ceph-blockpool-it4i-backup 15TB replication ~erasure coding~ <--- CHANGE 2023-02-17
# group b] radosgw with its own realm/zonegroup/group i.e. prefixed cloud-ceph-objectstore-it4i
cloud-ceph-objectstore-it4i.rgw.control 1GB
cloud-ceph-objectstore-it4i.rgw.meta 1GB
cloud-ceph-objectstore-it4i.rgw.log 1TB
cloud-ceph-objectstore-it4i.rgw.buckets.index 1GB
cloud-ceph-objectstore-it4i.rgw.buckets.non-ec 1GB
cloud-ceph-objectstore-it4i.rgw.otp 1GB
cloud-ceph-objectstore-it4i.rgw.buckets.data 10TB erasure coding
# group c] openstack glance/cinder/nova/libvirt
cloud-cinder-volumes-it4i 50TB replication ~erasure coding~ <--- CHANGE 2023-02-22
cloud-glance-images-it4i 10TB replication ~erasure coding~ <--- CHANGE 2023-02-22
cloud-cinder-it4i-backup 20TB replication ~erasure coding~ <--- CHANGE 2023-02-22
cloud-ephemeral-volumes-it4i 30TB replication ~erasure coding~ <--- CHANGE 2023-02-22Definice uživatelů:
group a] uživatelé kubernetes PV
Skript /etc/rook-external/create-external-cluster-resources.py.
for i_pool in cloud-ceph-blockpool-it4i cloud-ceph-blockpool-it4i-backup; do
python3 create-external-cluster-resources.py
--rbd-data-pool-name ${i_pool}
--namespace rook-ceph-external # our external CephCluster will run in rook-ceph-external namespace
--format bash
--cluster-name ceph # name of the DU external cluster
--restricted-auth-permission true
--rgw-pool-prefix cloud-ceph-objectstore-it4i
doneKaždý běh skriptu vytvoří následující uživatele:
-
client.healthchecker(společný pro všechny pooly) client.csi-rbd-node.<cluster>.<pool>client.csi-rbd-provisioner.<cluster>.<pool>
Příklad uživatelů vytvořených skriptem create-external-cluster-resources.py a jejich práv pro pool cloud-ceph-blockpool-it4i
client.healthchecker
key: AQ...=
caps: [mgr] allow command config
caps: [mon] allow r, allow command quorum_status, allow command version
caps: [osd] allow rwx pool=cloud-ceph-objectstore-it4i.rgw.meta, allow r pool=.rgw.root, allow rw pool=cloud-ceph-objectstore-it4i.rgw.control, allow rx pool=cloud-ceph-objectstore-it4i.rgw.log, allow x pool=cloud-ceph-objectstore-it4i.rgw.buckets.index
client.csi-rbd-node.ceph.cloud-ceph-blockpool-it4i
key: AQ..=
caps: [mon] profile rbd, allow command 'osd blocklist'
caps: [osd] profile rbd pool=cloud-ceph-blockpool-it4i
client.csi-rbd-provisioner.ceph.cloud-ceph-blockpool-it4i
key: AQ...=
caps: [mgr] allow rw
caps: [mon] profile rbd, allow command 'osd blocklist'
caps: [osd] profile rbd pool=cloud-ceph-blockpool-it4iuživatelé pro cloud-ceph-blockpool-it4i-backup
client.csi-rbd-node.ceph.cloud-ceph-blockpool-it4i-backup
caps: [mon] profile rbd, allow command 'osd blocklist'
caps: [osd] profile rbd pool=cloud-ceph-blockpool-it4i-backup
client.csi-rbd-provisioner.ceph.cloud-ceph-blockpool-it4i-backup
caps: [mgr] allow rw
caps: [mon] profile rbd, allow command 'osd blocklist'
caps: [osd] profile rbd pool=cloud-ceph-blockpool-it4i-backupgroup b] uživatelé RGW
Pro RGW obvykle pořebujeme client.bootstrap-rgw uživatele ale podle diskuze ho nemůžete dát proto si logiku upravíme tak aby nám stačili 4 předgenerovaní uživatelé s právy do RGW poolů:
client.cloud.rgw.ceph-rgw-1
key: <...>
caps: [mgr] allow r
caps: [mon] allow rw
caps: [osd] allow rwx pool=cloud-ceph-objectstore-it4i.rgw.control,
allow rwx pool=cloud-ceph-objectstore-it4i.rgw.meta,
allow rwx pool=cloud-ceph-objectstore-it4i.rgw.log,
allow rwx pool=cloud-ceph-objectstore-it4i.rgw.buckets.index,
allow rwx pool=cloud-ceph-objectstore-it4i.rgw.buckets.non-ec,
allow rwx pool=cloud-ceph-objectstore-it4i.rgw.otp,
allow rwx pool=cloud-ceph-objectstore-it4i.rgw.buckets.data,
allow rwx pool=.rgw.root
podobně ostatní
client.cloud.rgw.ceph-rgw-2
client.cloud.rgw.ceph-rgw-3
client.cloud.rgw.ceph-rgw-4real zone zonegroup
Aby mohly být použity v radosgw pooly s prefixem cloud-ceph-objectstore-it4i prosím o vytvoření realmu, zóny a zóngrupy:
radosgw-admin realm create --rgw-realm=cloud-ceph-objectstore-it4i
radosgw-admin zonegroup create --rgw-zonegroup=cloud-ceph-objectstore-it4i --endpoints=http://radosgw.openstack.svc.cluster.local:80 --rgw-realm=cloud-ceph-objectstore-it4i --master
radosgw-admin zone create --rgw-zonegroup=cloud-ceph-objectstore-it4i --rgw-zone=cloud-ceph-objectstore-it4i --master --endpoints=http://radosgw.openstack.svc.cluster.local:80Nastavení uživatelů do zón/realmu
for i in client.cloud.rgw.ceph-rgw-1 client.cloud.rgw.ceph-rgw-2 client.cloud.rgw.ceph-rgw-3 client.cloud.rgw.ceph-rgw-4; do
ceph config set $i rgw_realm cloud-ceph-objectstore-it4i
ceph config set $i rgw_zonegroup cloud-ceph-objectstore-it4i
ceph config set $i rgw_zone cloud-ceph-objectstore-it4i
ceph config set $i rgw_enable_usage_log true
ceph config set $i rgw_log_nonexistent_bucket true
ceph config set $i rgw_log_object_name_utc true
donegroup c]
Manuální 3 uživatelé pro skupinu c)
ceph auth get-or-create client.cinder.it4i \
mon 'allow r' \
osd 'allow class-read object_prefix rbd_children, allow rwx pool=cloud-cinder-volumes-it4i, allow rwx pool=cloud-ephemeral-volumes-it4i, allow rx pool=cloud-glance-images-it4i'
ceph auth get-or-create client.cinder-backup.it4i \
mon 'allow r' \
osd 'allow class-read object_prefix rbd_children, allow rwx pool=cloud-cinder-it4i-backup'
ceph auth get-or-create client.glance.it4i \
mon 'allow r' \
osd 'allow class-read object_prefix rbd_children, allow rwx pool=cloud-glance-images-it4i' snippetfile1.txt 1 B
Please register or sign in to comment