SUSE Ceph iSCSI 網關管理 - Storage6

     iSCSI網關集成了Ceph存儲和iSCSI標準，以提供一個高可用性(HA) iSCSI目標，該目標將RADOS塊設備(RBD)映像導出為SCSI磁碟。iSCSI協議允許客戶機 (initiator) 通過TCP/IP網路向SCSI存儲設備( targets )發送SCSI命令。這允許異構客戶機訪問Ceph存儲集群。

    每個iSCSI網關運行Linux IO目標內核子系統(LIO)，以提供iSCSI協議支持。LIO利用用戶空間通過( TCMU ) 與Ceph的librbd庫交互，並向iSCSI客戶機暴露RBD鏡像。使用Ceph的iSCSI網關，可以有效地運行一個完全集成的塊存儲基礎設施，它具有傳統存儲區域網路(SAN)的所有特性和優點。

RBD 作為 VMware ESXI datastore 是否支持？

（1）目前來說，RBD是不支持datastore形式。

（2）iSCSI 是支持 datastore 這種方式，可以作為VMware Esxi 虛擬機提供存儲功能，性價比非常不錯的選擇。

 1、創建池和鏡像

（1）創建池

# ceph osd pool create iscsi-images 128 128 replicated
# ceph osd pool application enable iscsi-images rbd

（2）創建images

# rbd --pool iscsi-images create --size=2048 'iscsi-gateway-image001'
# rbd --pool iscsi-images create --size=4096 'iscsi-gateway-image002'
# rbd --pool iscsi-images create --size=2048 'iscsi-gateway-image003'
# rbd --pool iscsi-images create --size=4096 'iscsi-gateway-image004'

（3）顯示images

# rbd ls -p iscsi-images
iscsi-gateway-image001
iscsi-gateway-image002
iscsi-gateway-image003
iscsi-gateway-image004

2、deepsea 方式安裝iSCSI網關

（1）node001 和 node002節點上安裝，編輯policy.cfg 文件

vim /srv/pillar/ceph/proposals/policy.cfg
  ......
# IGW
role-igw/cluster/node00[1-2]*.sls
  ......

 （2）運行 stage 2 和 stage 4

# salt-run state.orch ceph.stage.2
# salt 'node001*' pillar.items
    public_network:
        192.168.2.0/24
    roles:
        - mon
        - mgr
        - storage
        - igw
    time_server:
        admin.example.com
# salt-run state.orch ceph.stage.4

3、手動方式安裝iSCSI網關

（1）node003 節點安裝 iscsi 軟體包

# zypper -n in -t pattern ceph_iscsi
# zypper -n in tcmu-runner  tcmu-runner-handler-rbd \
  ceph-iscsi patterns-ses-ceph_iscsi python3-Flask python3-click python3-configshell-fb \
  python3-itsdangerous python3-netifaces python3-rtslib-fb \
  python3-targetcli-fb python3-urwid targetcli-fb-common 

（2）admin節點創建key,並複製到 node003

# ceph auth add client.igw.node003 mon 'allow *' osd 'allow *' mgr 'allow r'
# ceph auth get client.igw.node003
client.igw.node003
        key: AQC0eotdAAAAABAASZrZH9KEo0V0WtFTCW9AHQ==
        caps: [mgr] allow r
        caps: [mon] allow *
        caps: [osd] allow *

# ceph auth get client.igw.node003 >> /etc/ceph/ceph.client.igw.node003.keyring
# scp /etc/ceph/ceph.client.igw.node003.keyring node003:/etc/ceph

 （3）node003 節點啟動服務

# systemctl start tcmu-runner.service
# systemctl enable tcmu-runner.service 

（4）node003 節點創建配置文件

# vim /etc/ceph/iscsi-gateway.cfg
[config]
cluster_client_name = client.igw.node003
pool = iscsi-images
trusted_ip_list = 192.168.2.42,192.168.2.40,192.168.2.41
minimum_gateways = 1
fqdn_enabled=true

# Additional API configuration options are as follows, defaults shown.
api_port = 5000
api_user = admin
api_password = admin
api_secure = false

# Log level
logger_level = WARNING

（5）啟動 RBD target 服務

# systemctl start rbd-target-api.service
# systemctl enable rbd-target-api.service

（6）顯示配置信息

# gwcli info
HTTP mode          : http
Rest API port      : 5000
Local endpoint     : http://localhost:5000/api
Local Ceph Cluster : ceph
2ndary API IP's    : 192.168.2.42,192.168.2.40,192.168.2.41

# gwcli ls
o- / ...................................................................... [...]
  o- cluster ...................................................... [Clusters: 1]
  | o- ceph ......................................................... [HEALTH_OK]
  |   o- pools ....................................................... [Pools: 1]
  |   | o- iscsi-images ........ [(x3), Commit: 0.00Y/15718656K (0%), Used: 192K]
  |   o- topology ............................................. [OSDs: 6,MONs: 3]
  o- disks .................................................... [0.00Y, Disks: 0]
  o- iscsi-targets ............................ [DiscoveryAuth: None, Targets: 0]

4、Dashboard 添加 iscsi 網關

（1）Admin節點上，查看 dashboard iSCSI 網關

admin:~ # ceph dashboard iscsi-gateway-list
{"gateways": {"node002.example.com": {"service_url": "http://admin:[email protected]:5000"},
 "node001.example.com": {"service_url": "http://admin:[email protected]:5000"}}}

 （2）添加 iSCSI 網關

# ceph dashboard iscsi-gateway-add http://admin:[email protected]:5000
# ceph dashboard iscsi-gateway-list      
{"gateways": {"node002.example.com": {"service_url": "http://admin:[email protected]:5000"},
 "node001.example.com": {"service_url": "http://admin:[email protected]:5000"},
 "node003.example.com": {"service_url": "http://admin:[email protected]:5000"}}}  

（3）登陸 Dashboard 查看 iSCSI 網關

 5、Export RBD Images via iSCSI

（1）創建 iSCSI target name

# gwcli
gwcli > /> cd /iscsi-targets
gwcli > /iscsi-targets> create iqn.2019-10.com.suse-iscsi.iscsi01.x86:iscsi-gateway01

（2）添加 iSCSI 網關

gwcli > /iscsi-targets> cd iqn.2019-10.com.suse-iscsi.iscsi01.x86:iscsi-gateway01/gateways
/iscsi-target...tvol/gateways> create node001.example.com 172.200.50.40
/iscsi-target...tvol/gateways> create node002.example.com 172.200.50.41
/iscsi-target...tvol/gateways> create node003.example.com 172.200.50.42


/iscsi-target...ay01/gateways> ls
o- gateways ......................................................... [Up: 3/3, Portals: 3]
  o- node001.example.com ............................................. [172.200.50.40 (UP)]
  o- node002.example.com ............................................. [172.200.50.41 (UP)]
  o- node003.example.com ............................................. [172.200.50.42 (UP)]

註意：安裝主機名來定義

/iscsi-target...tvol/gateways> create node002 172.200.50.41
The first gateway defined must be the local machine

（3）添加 RBD 鏡像

/iscsi-target...tvol/gateways> cd /disks
/disks> attach iscsi-images/iscsi-gateway-image001
/disks> attach iscsi-images/iscsi-gateway-image002

（4）target 和 RBD 鏡像建立映射關係

/disks> cd /iscsi-targets/iqn.2019-10.com.suse-iscsi.iscsi01.x86:iscsi-gateway01/disks
/iscsi-target...teway01/disks> add iscsi-images/iscsi-gateway-image001
/iscsi-target...teway01/disks> add iscsi-images/iscsi-gateway-image002

（5）設置不驗證

gwcli > /> cd /iscsi-targets/iqn.2019-10.com.suse-iscsi.iscsi01.x86:iscsi-gateway01/hosts
/iscsi-target...teway01/hosts> auth disable_acl
/iscsi-target...teway01/hosts> exit

（6）查看配置信息

node001:~ # gwcli ls
o- / ............................................................................... [...]
  o- cluster ............................................................... [Clusters: 1]
  | o- ceph .................................................................. [HEALTH_OK]
  |   o- pools ................................................................ [Pools: 1]
  |   | o- iscsi-images .................. [(x3), Commit: 6G/15717248K (40%), Used: 1152K]
  |   o- topology ...................................................... [OSDs: 6,MONs: 3]
  o- disks ................................................................ [6G, Disks: 2]
  | o- iscsi-images .................................................. [iscsi-images (6G)]
  |   o- iscsi-gateway-image001 ............... [iscsi-images/iscsi-gateway-image001 (2G)]
  |   o- iscsi-gateway-image002 ............... [iscsi-images/iscsi-gateway-image002 (4G)]
  o- iscsi-targets ..................................... [DiscoveryAuth: None, Targets: 1]
    o- iqn.2019-10.com.suse-iscsi.iscsi01.x86:iscsi-gateway01 .............. [Gateways: 3]
      o- disks ................................................................ [Disks: 2]
      | o- iscsi-images/iscsi-gateway-image001 .............. [Owner: node001.example.com]
      | o- iscsi-images/iscsi-gateway-image002 .............. [Owner: node002.example.com]
      o- gateways .................................................. [Up: 3/3, Portals: 3]
      | o- node001.example.com ...................................... [172.200.50.40 (UP)]
      | o- node002.example.com ...................................... [172.200.50.41 (UP)]
      | o- node003.example.com ...................................... [172.200.50.42 (UP)]
      o- host-groups ........................................................ [Groups : 0]
      o- hosts .................................................... [Hosts: 0: Auth: None]

 6、使用 Dashboard 界面輸出 RBD Images

 （1）添加 iSCSI target

 （2）編寫 target IQN，並且添加鏡像 Portals 和 images

 （3）查看新添加 iSCSI target 信息

 7、Linux 客戶端訪問

（1）啟動 iscsid 服務

• SLES or RHEL

# systemctl start iscsid.service
# systemctl enable iscsid.service 

• Debian or Ubuntu

# systemctl start open-iscsi

（2）發現和連接 targets

# iscsiadm -m discovery -t st -p 172.200.50.40
172.200.50.40:3260,1 iqn.2019-10.com.suse-iscsi.iscsi01.x86:iscsi-gateway01
172.200.50.41:3260,2 iqn.2019-10.com.suse-iscsi.iscsi01.x86:iscsi-gateway01
172.200.50.42:3260,3 iqn.2019-10.com.suse-iscsi.iscsi01.x86:iscsi-gateway01
172.200.50.40:3260,1 iqn.2019-10.com.suse-iscsi.iscsi01.x86:iscsi-gateway02
172.200.50.41:3260,2 iqn.2019-10.com.suse-iscsi.iscsi01.x86:iscsi-gateway02
172.200.50.42:3260,3 iqn.2019-10.com.suse-iscsi.iscsi01.x86:iscsi-gateway02

（3）登錄target

# iscsiadm -m node -p 172.200.50.40 --login
# iscsiadm -m node -p 172.200.50.41 --login
# iscsiadm -m node -p 172.200.50.42 --login

# lsblk
NAME            MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda               8:0    0    25G  0 disk
├─sda1            8:1    0   509M  0 part /boot
└─sda2            8:2    0  24.5G  0 part
  ├─vg00-lvswap 254:0    0     2G  0 lvm  [SWAP]
  └─vg00-lvroot 254:1    0 122.5G  0 lvm  /
sdb               8:16   0   100G  0 disk
└─vg00-lvroot   254:1    0 122.5G  0 lvm  /
sdc               8:32   0     2G  0 disk
sdd               8:48   0     2G  0 disk
sde               8:64   0     4G  0 disk
sdf               8:80   0     4G  0 disk
sdg               8:96   0     2G  0 disk
sdh               8:112  0     4G  0 disk
sdi               8:128  0     2G  0 disk
sdj               8:144  0     4G  0 disk
sdk               8:160  0     2G  0 disk
sdl               8:176  0     2G  0 disk
sdm               8:192  0     4G  0 disk
sdn               8:208  0     4G  0 disk

（4）如果系統上已安裝 lsscsi 實用程式，您可以使用它來枚舉系統上可用的 SCSI 設備：

# lsscsi
[1:0:0:0]    cd/dvd  NECVMWar VMware SATA CD01 1.00  /dev/sr0
[30:0:0:0]   disk    VMware,  VMware Virtual S 1.0   /dev/sda
[30:0:1:0]   disk    VMware,  VMware Virtual S 1.0   /dev/sdb
[33:0:0:0]   disk    SUSE     RBD              4.0   /dev/sdc
[33:0:0:1]   disk    SUSE     RBD              4.0   /dev/sde
[34:0:0:2]   disk    SUSE     RBD              4.0   /dev/sdd
[34:0:0:3]   disk    SUSE     RBD              4.0   /dev/sdf
[35:0:0:0]   disk    SUSE     RBD              4.0   /dev/sdg
[35:0:0:1]   disk    SUSE     RBD              4.0   /dev/sdh
[36:0:0:2]   disk    SUSE     RBD              4.0   /dev/sdi
[36:0:0:3]   disk    SUSE     RBD              4.0   /dev/sdj
[37:0:0:0]   disk    SUSE     RBD              4.0   /dev/sdk
[37:0:0:1]   disk    SUSE     RBD              4.0   /dev/sdm
[38:0:0:2]   disk    SUSE     RBD              4.0   /dev/sdl
[38:0:0:3]   disk    SUSE     RBD              4.0   /dev/sdn 

（5）多路徑設置

# zypper in multipath-tools
# modprobe dm-multipath path
# systemctl start multipathd.service
# systemctl enable multipathd.service

# multipath -ll
36001405863b0b3975c54c5f8d1ce0e01 dm-3 SUSE,RBD
size=4.0G features='2 queue_if_no_path retain_attached_hw_handler' hwhandler='1 alua' wp=rw
|-+- policy='service-time 0' prio=50 status=active
| `- 35:0:0:1 sdh 8:112 active ready running  <=== 單條鏈路 active
`-+- policy='service-time 0' prio=10 status=enabled
  |- 33:0:0:1 sde 8:64  active ready running
  `- 37:0:0:1 sdm 8:192 active ready running
3600140529260bf41c294075beede0c21 dm-2 SUSE,RBD
size=2.0G features='2 queue_if_no_path retain_attached_hw_handler' hwhandler='1 alua' wp=rw
|-+- policy='service-time 0' prio=50 status=active
| `- 33:0:0:0 sdc 8:32  active ready running
`-+- policy='service-time 0' prio=10 status=enabled
  |- 35:0:0:0 sdg 8:96  active ready running
  `- 37:0:0:0 sdk 8:160 active ready running
360014055d00387c82104d338e81589cb dm-4 SUSE,RBD
size=2.0G features='2 queue_if_no_path retain_attached_hw_handler' hwhandler='1 alua' wp=rw
|-+- policy='service-time 0' prio=50 status=active
| `- 38:0:0:2 sdl 8:176 active ready running
`-+- policy='service-time 0' prio=10 status=enabled
  |- 34:0:0:2 sdd 8:48  active ready running
  `- 36:0:0:2 sdi 8:128 active ready running
3600140522ec3f9612b64b45aa3e72d9c dm-5 SUSE,RBD
size=4.0G features='2 queue_if_no_path retain_attached_hw_handler' hwhandler='1 alua' wp=rw
|-+- policy='service-time 0' prio=50 status=active
| `- 34:0:0:3 sdf 8:80  active ready running
`-+- policy='service-time 0' prio=10 status=enabled
  |- 36:0:0:3 sdj 8:144 active ready running
  `- 38:0:0:3 sdn 8:208 active ready running

（5）編輯多路徑配置文件

# vim /etc/multipath.conf
defaults {
    user_friendly_names yes
}

devices {
    device {
        vendor "(LIO-ORG|SUSE)"
        product "RBD"
        path_grouping_policy "multibus" # 所有有效路徑在一個優先組群中
        path_checker "tur"              # 在設備中執行 TEST UNIT READY 命令。
        features "0"
        hardware_handler "1 alua"       # 在切換路徑組群或者處理 I/O 錯誤時用來執行硬體具體動作的模塊。
        prio "alua"
        failback "immediate"
        rr_weight "uniform"             # 所有路徑都有相同的加權
        no_path_retry 12                # 路徑故障後，重試12次，每次5秒
        rr_min_io 100                   # 指定切換到當前路徑組的下一個路徑前路由到該路徑的 I/O 請求數。
    }
}

# systemctl stop multipathd.service
# systemctl start multipathd.service

（6）查看多路徑狀態

# multipath -ll                     
mpathd (3600140522ec3f9612b64b45aa3e72d9c) dm-5 SUSE,RBD
size=4.0G features='2 queue_if_no_path retain_attached_hw_handler' hwhandler='1 alua' wp=rw
`-+- policy='service-time 0' prio=23 status=active
  |- 34:0:0:3 sdf 8:80  active ready running  <=== 多條鏈路 active
  |- 36:0:0:3 sdj 8:144 active ready running
  `- 38:0:0:3 sdn 8:208 active ready running
mpathc (360014055d00387c82104d338e81589cb) dm-4 SUSE,RBD
size=2.0G features='2 queue_if_no_path retain_attached_hw_handler' hwhandler='1 alua' wp=rw
`-+- policy='service-time 0' prio=23 status=active
  |- 34:0:0:2 sdd 8:48  active ready running
  |- 36:0:0:2 sdi 8:128 active ready running
  `- 38:0:0:2 sdl 8:176 active ready running
mpathb (36001405863b0b3975c54c5f8d1ce0e01) dm-3 SUSE,RBD
size=4.0G features='2 queue_if_no_path retain_attached_hw_handler' hwhandler='1 alua' wp=rw
`-+- policy='service-time 0' prio=23 status=active
  |- 33:0:0:1 sde 8:64  active ready running
  |- 35:0:0:1 sdh 8:112 active ready running
  `- 37:0:0:1 sdm 8:192 active ready running
mpatha (3600140529260bf41c294075beede0c21) dm-2 SUSE,RBD
size=2.0G features='2 queue_if_no_path retain_attached_hw_handler' hwhandler='1 alua' wp=rw
`-+- policy='service-time 0' prio=23 status=active
  |- 33:0:0:0 sdc 8:32  active ready running
  |- 35:0:0:0 sdg 8:96  active ready running
  `- 37:0:0:0 sdk 8:160 active ready running

（7）顯示當前的device mapper的信息

# dmsetup ls --tree
mpathd (254:5)
 ├─ (8:208)
 ├─ (8:144)
 └─ (8:80)
mpathc (254:4)
 ├─ (8:176)
 ├─ (8:128)
 └─ (8:48)
mpathb (254:3)
 ├─ (8:192)
 ├─ (8:112)
 └─ (8:64)
mpatha (254:2)
 ├─ (8:160)
 ├─ (8:96)
 └─ (8:32)
vg00-lvswap (254:0)
 └─ (8:2)
vg00-lvroot (254:1)
 ├─ (8:16)
 └─ (8:2)

（8）客戶端 yast iscsi-client 工具查看

iSCSI的其他常用操作（客戶端）

（1）列出所有target

# iscsiadm -m node

（2）連接所有target

# iscsiadm -m node -L all

（3）連接指定target

# iscsiadm -m node -T iqn.... -p 172.29.88.62 --login

（4）使用如下命令可以查看配置信息

# iscsiadm -m node -o show -T iqn.2000-01.com.synology:rackstation.exservice-bak

（5）查看目前 iSCSI target 連接狀態

# iscsiadm -m session
# iscsiadm: No active sessions.

(目前沒有已連接的 iSCSI target)
（6）斷開所有target

# iscsiadm -m node -U all

（7）斷開指定target

# iscsiadm -m node -T iqn... -p 172.29.88.62 --logout

（8）刪除所有node信息

# iscsiadm -m node --op delete

（9）刪除指定節點（/var/lib/iscsi/nodes目錄下，先斷開session）

# iscsiadm -m node -o delete -name iqn.2012-01.cn.nayun:test-01

（10）刪除一個目標（/var/lib/iscsi/send_targets目錄下）

# iscsiadm --mode discovery -o delete -p 172.29.88.62:3260