3
ceph 005 赋权补充 rbd块映射 - supermao12
source link: https://www.cnblogs.com/supermao12/p/16582937.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
ceph 005 赋权补充 rbd块映射
我的ceph版本
[root@serverc ~]# ceph -v
ceph version 16.2.0-117.el8cp (0e34bb74700060ebfaa22d99b7d2cdc037b28a57) pacific (stable)
[root@serverc ~]# ceph auth get-or-create client.user2 mon 'allow rw' osd 'allow rw pool=pool2' > /etc/ceph/ceph.client.user2.keyring
只能看指定池子
x: x权限
[root@serverc ~]# ceph auth get-or-create client.user2 --id boss
Error EACCES: access denied
[root@serverc ~]# ceph auth get client.boss
[client.boss]
key = AQBOcfdinDbjNBAAKADdWC1teSs1k+IngZFtLA==
caps mon = "allow rw"
caps osd = "allow rw"
exported keyring for client.boss
[root@serverc ~]#
[root@serverc ~]# ceph auth caps client.boss mon 'allow rwx' osd 'allow rwx'
updated caps for client.boss
[root@serverc ~]# ceph auth get-or-create client.user2 --id boss
[client.user2]
key = AQCpb/ditbuXExAAI0DbTNL5dJta4DwXsd4pIw==
[root@serverc ~]# ceph auth get-or-create client.user3 --id boss
[client.user3]
key = AQAgcvdifGyoHxAAyiO5TzBFb7n6ajvE18STRg==
[root@serverc ~]#
让你可以创建用户(偏向于管理员)
ceph auth ls --keyring abc --name client.boss
当key不在标准的/etc目录时,可以指定
ceph auth get-or-create client.user1 mon 'allow rw' osd 'allow rw pool=pool1 namespace=sys' > /etc/ceph/ceph.client.user8.keyring
精细化指定存储池,以及命名空间,不指定则是所有命名空间,及所有存储池
要保证ceph用户对密钥文件和配置文件由读权限
修改权限时,要注意,全部都写上,不能写一点补一点
删除用户
ceph auth del client.user3
--id 默认admin
--name 默认client.admin
--keyring 默认/etc/ceph/ceph.client.admin.keyring
--conf 默认/etc/ceph/ceph.conf
profile 授权
osd相互访问会使用osd profile权限
内部权限相当是,但可以赋给user1
访问相应rbd,osd,mds之类
[root@serverc ceph]# ceph auth get-or-create-key client.user1
AQBifPZijsT7IhAAJa5qCKaMzQX29ni2yJu//Q==
获取key
ceph auth get client.xxx 可以看到权限信息
ceph auth get client.breeze -o /etc/ceph/ceph.client.breeze.keyring
ceph auth import -i /etc/ceph/ceph.client.breeze.keyring
Ceph密钥管理
客户端访问ceph集群时,会使用本地的keyring文件,默认依次查找下列路径和名称的keyring文件:
/etc/ceph/$cluster.$name.keyring
/etc/ceph/$cluster.keyring
/etc/ceph/keyring
/etc/ceph/keyring.bin
管理RBD块
ceph的三种存储模式,都基于存储池
[root@serverc ceph]# ceph osd pool create rbdpool
pool 'rbdpool' created
[root@serverc ceph]# ceph osd pool application enable rbdpool rbd
enabled application 'rbd' on pool 'rbdpool'
同样效果或者两个都写
rbd pool init rbd
从存储池创建一个块
裸设备从池中创建,名为镜像(被挂载的家伙)
创建一个指定用户,去管理rbd
[root@serverc ceph]# ceph auth get-or-create client.rbd mon 'profile rbd' mgr 'profile rbd' osd 'profile rbd' > /etc/ceph/ceph.client.rbd.keyring
这个用户可以给业务端
[classroom环境]
clienta 管理节点 是集群一份子,没有osd。集群客户端
业务客户端(服务器)
虚拟机可不可以把东西放在rbd里
alias rbd='rbd --id rbd'
可以偷懒
[root@serverc ceph]# rbd -p rbdpool create --size 1G image1 --id rbd
查看存储池里的镜像
[root@serverc ceph]# rbd ls -p rbdpool --id rbd
image1
查看镜像详情
[root@serverc ceph]# rbd info rbdpool/image1 --id rbd
rbd image 'image1':
size 1 GiB in 256 objects
order 22 (4 MiB objects)
snapshot_count: 0
id: fae567c39ea1
block_name_prefix: rbd_data.fae567c39ea1
format: 2
features: layering, exclusive-lock, object-map, fast-diff, deep-flatten
op_features:
flags:
create_timestamp: Sat Aug 13 07:59:16 2022
access_timestamp: Sat Aug 13 07:59:16 2022
modify_timestamp: Sat Aug 13 07:59:16 2022
256个对象
[root@serverc ceph]# rados -p rbdpool ls
rbd_object_map.fae567c39ea1
rbd_directory
rbd_info
rbd_header.fae567c39ea1
rbd_id.image1
元数据信息,描述这个词,与对象的信息
用了再分配对象,不会立即吃你1G
镜像映射到服务器
客户端需要rbd命令
特殊权限用户
ceph配置文件
[root@serverc ceph]# rbd map rbdpool/image1 --id rbd
[root@serverc ceph]# rbd showmapped
id pool namespace image snap device
0 rbdpool image1 - /dev/rbd0
1 rbdpool image1 - /dev/rbd1
[手误映射多了,取消rbd的一个映射]
[root@serverc ceph]# rbd unmap /dev/rbd1
[root@serverc ceph]# mkfs.xfs /dev/rbd0
meta-data=/dev/rbd0 isize=512 agcount=8, agsize=32768 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1
data = bsize=4096 blocks=262144, imaxpct=25
= sunit=16 swidth=16 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=16 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
Discarding blocks...Done.
[root@serverc ceph]# mkdir /mnt/rbd0
[root@serverc ceph]# mount /dev/rbd0 /mnt/rbd0/
[root@serverc ceph]# df -h
/dev/rbd0 1014M 40M 975M 4% /mnt/rbd0
[root@serverc ceph]# rados -p rbdpool ls
rbd_data.fae567c39ea1.0000000000000020
rbd_object_map.fae567c39ea1
rbd_data.fae567c39ea1.0000000000000040
rbd_data.fae567c39ea1.00000000000000c0
rbd_directory
rbd_info
rbd_data.fae567c39ea1.0000000000000080
rbd_data.fae567c39ea1.00000000000000a0
rbd_data.fae567c39ea1.0000000000000060
rbd_data.fae567c39ea1.0000000000000000
rbd_header.fae567c39ea1
rbd_data.fae567c39ea1.00000000000000e0
rbd_data.fae567c39ea1.00000000000000ff
rbd_id.image1
[root@serverc rbd0]# dd if=/dev/zero of=file1 bs=1M count=20
[root@serverc rbd0]# sync
[root@serverc rbd0]# rados -p rbdpool ls
rbd_data.fae567c39ea1.0000000000000020
rbd_object_map.fae567c39ea1
rbd_data.fae567c39ea1.0000000000000040
rbd_data.fae567c39ea1.00000000000000c0
rbd_directory
rbd_data.fae567c39ea1.0000000000000003
rbd_data.fae567c39ea1.0000000000000001
rbd_info
rbd_data.fae567c39ea1.0000000000000080
rbd_data.fae567c39ea1.00000000000000a0
rbd_data.fae567c39ea1.0000000000000060
rbd_data.fae567c39ea1.0000000000000000
rbd_header.fae567c39ea1
rbd_data.fae567c39ea1.00000000000000e0
rbd_data.fae567c39ea1.0000000000000004
rbd_data.fae567c39ea1.0000000000000002
rbd_data.fae567c39ea1.00000000000000ff
rbd_id.image1
rbd_data.fae567c39ea1.0000000000000005
[root@serverc rbd0]#
看不出什么
块多是因为三副本
[root@serverc rbd0]# rbd resize --size 2G rbdpool/image1 --id rbd
Resizing image: 100% complete...done.
[root@serverc rbd0]# rbd du rbdpool/image1
NAME PROVISIONED USED
image1 2 GiB 56 MiB
[root@serverc rbd0]# xfs_growfs /mnt/rbd0/
meta-data=/dev/rbd0 isize=512 agcount=8, agsize=32768 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1
data = bsize=4096 blocks=262144, imaxpct=25
= sunit=16 swidth=16 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=16 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
data blocks changed from 262144 to 524288
[root@serverc rbd0]# df -h | tail -n 2
tmpfs 576M 0 576M 0% /run/user/0
/dev/rbd0 2.0G 68M 2.0G 4% /mnt/rbd0
1.创建rbd存储池
ceph osd pool create rbdpool
2.初始化rbd存储池
rbd pool init rbdpool
3.创建rbd用户
ceph auth get-or-create client.rbd mon 'profile rbd' mgr 'profile rbd' osd 'profile rbd' > /etc/ceph/ceph.client.rbd.keyring
允许与rbd有关的所有相关操作
4.创建rbd镜像
alias rbd='rbd --id rbd'
rbd --id rbd --size 1G rbdpool/image1
5.映射镜像
rbd map rbdpool/image1
rbd showmapped
6.格式化rbd
mkfs.xfs /dev/rbd0
mount /dev/rbd0 /mnt/rbd0
8.永久挂载
/dev/rbd0 /mnt/rbd0 xfs defaults,_netdev 0 0
网络设备,要等一切服务起来之后(不加_netdev真的会起不来)
9.开机自动映射
[root@serverc ~]# vim /etc/ceph/rbdmap
[root@serverc ~]# cat /etc/ceph/rbdmap
# RbdDevice Parameters
#poolname/imagename id=client,keyring=/etc/ceph/ceph.client.keyring
rbdpool/image1 id=rbd,keyring=/etc/ceph/ceph.client.rbd.keyring
[root@serverc ~]# systemctl enable rbdmap.service
Created symlink /etc/systemd/system/multi-user.target.wants/rbdmap.service → /usr/lib/systemd/system/rbdmap.service.
[root@serverc ~]#
ceph-common带上了这个服务
10.扩容
rbd resize --size 2G rbdpool/image1
xfs_growfs /mnt/rbd0/
11.删除
#注释fstab
[root@serverc ~]# umount /mnt/rbd0
[root@serverc ~]# rbd unmap rbdpool/image1
[root@serverc ~]# rbd showmapped
[root@serverc ~]# rbd rm rbdpool/image1
Removing image: 100% complete...done.
[root@serverc ~]#
12.回收站功能(不太确定要不要删)
[root@serverc ~]# rbd create --size 1G rbdpool/image2
[root@serverc ~]# rbd trash move rbdpool/image2
[root@serverc ~]# rbd -p rbdpool ls
[root@serverc ~]# rbd trash ls -p rbdpool
fb5f7c2dd404 image2
[root@serverc ~]# rbd trash restore fb5f7c2dd404 -p rbdpool
[root@serverc ~]# rbd -p rbdpool ls
image2
[root@serverc ~]#
rbd trash purge
清除回收站里的指定池的所有数据
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK