Menu Close
Settings Close

Language and Page Formatting Options

Chapter 3. Red Hat Ceph Storage installation

As a storage administrator, you can use the cephadm utility to deploy new Red Hat Ceph Storage clusters.

The cephadm utility manages the entire life cycle of a Ceph cluster. Installation and management tasks comprise two types of operations:

  • Day One operations involve installing and bootstrapping a bare-minimum, containerized Ceph storage cluster, running on a single node. Day One also includes deploying the Monitor and Manager daemons and adding Ceph OSDs.
  • Day Two operations use the Ceph orchestration interface, cephadm orch, or the Red Hat Ceph Storage Dashboard to expand the storage cluster by adding other Ceph services to the storage cluster.

3.1. Prerequisites

  • At least one running virtual machine (VM) or bare-metal server with an active internet connection.
  • Red Hat Enterprise Linux 8.4 EUS or later.
  • Ansible 2.9 or later.
  • A valid Red Hat subscription with the appropriate entitlements.
  • Root-level access to all nodes.
  • An active Red Hat Network (RHN) or service account to access the Red Hat Registry.

3.2. The cephadm utility

The cephadm utility deploys and manages a Ceph storage cluster. It is tightly integrated with both the command-line interface (CLI) and the Red Hat Ceph Storage Dashboard web interface, so that you can manage storage clusters from either environment. cephadm uses SSH to connect to hosts from the manager daemon to add, remove, or update Ceph daemon containers. It does not rely on external configuration or orchestration tools such as Ansible or Rook.

Note

The cephadm utility is available after running the preflight playbook on a host.

The cephadm utility consists of two main components:

  • The cephadm shell.
  • The cephadm orchestrator.

The cephadm shell

The cephadm shell launches a bash shell within a container. This enables you to perform “Day One” cluster setup tasks, such as installation and bootstrapping, and to invoke ceph commands.

There are two ways to invoke the cephadm shell:

  • Enter cephadm shell at the system prompt:

    Example

    [root@host01 ~]# cephadm shell
    [ceph: root@host01 /]# ceph -s

  • At the system prompt, type cephadm shell and the command you want to execute:

    Example

    [root@host01 ~]# cephadm shell ceph -s

Note

If the node contains configuration and keyring files in /etc/ceph/, the container environment uses the values in those files as defaults for the cephadm shell. However, if you execute the cephadm shell on a Ceph Monitor node, the cephadm shell inherits its default configuration from the Ceph Monitor container, instead of using the default configuration.

The cephadm orchestrator

The cephadm orchestrator enables you to perform “Day Two” Ceph functions, such as expanding the storage cluster and provisioning Ceph daemons and services. You can use the cephadm orchestrator through either the command-line interface (CLI) or the web-based Red Hat Ceph Storage Dashboard. Orchestrator commands take the form ceph orch.

The cephadm script interacts with the Ceph orchestration module used by the Ceph Manager.

3.3. How cephadm works

The cephadm command manages the full lifecycle of a Red Hat Ceph Storage cluster. The cephadm command can perform the following operations:

  • Bootstrap a new Red Hat Ceph Storage cluster.
  • Launch a containerized shell that works with the Red Hat Ceph Storage command-line interface (CLI).
  • Aid in debugging containerized daemons.

The cephadm command uses ssh to communicate with the nodes in the storage cluster. This allows you to add, remove, or update Red Hat Ceph Storage containers without using external tools. Generate the ssh key pair during the bootstrapping process, or use your own ssh key.

The cephadm bootstrapping process creates a small storage cluster on a single node, consisting of one Ceph Monitor and one Ceph Manager, as well as any required dependencies. You then use the orchestrator CLI or the Red Hat Ceph Storage Dashboard to expand the storage cluster to include nodes, and to provision all of the Red Hat Ceph Storage daemons and services. You can perform management functions through the CLI or from the Red Hat Ceph Storage Dashboard web interface.

Note

The cephadm utility is a new feature in Red Hat Ceph Storage 5. It does not support older versions of Red Hat Ceph Storage.

Ceph storage cluster deployment

3.4. The cephadm-ansible playbooks

The cephadm-ansible package is a collection of Ansible playbooks to simplify workflows that are not covered by cephadm. After installation, the playbooks are located in /usr/share/cephadm-ansible/.

The cephadm-ansbile package includes the following playbooks:

  • cephadm-preflight.yml
  • cephadm-clients.yml
  • cephadm-purge-cluster.yml

The cephadm-preflight playbook

Use the cephadm-preflight playbook to initially setup hosts before bootstrapping the storage cluster and before adding new nodes or clients to your storage cluster. This playbook configures the Ceph repository and installs some prerequisites such as podman, lvm2, chronyd, and cephadm.

The cephadm-clients playbook

Use the cephadm-clients playbook to set up client hosts. This playbook handles the distribution of configuration and keyring files to a group of Ceph clients.

The cephadm-purge-cluster playbook

Use the cephadm-purge-cluster playbook to remove a Ceph cluster. This playbook purges a Ceph cluster managed with cephadm.

Additional Resources

3.5. Registering the Red Hat Ceph Storage nodes to the CDN and attaching subscriptions

Red Hat Ceph Storage 5.2 is supported on Red Hat Enterprise Linux 8.4 EUS or later.

Prerequisites

  • At least one running virtual machine (VM) or bare-metal server with an active internet connection.
  • Red Hat Enterprise Linux 8.4 EUS or later.
  • A valid Red Hat subscription with the appropriate entitlements.
  • Root-level access to all nodes.

Procedure

  1. Register the node, and when prompted, enter your Red Hat Customer Portal credentials:

    Syntax

    subscription-manager register

  2. Pull the latest subscription data from the CDN:

    Syntax

    subscription-manager refresh

  3. List all available subscriptions for Red Hat Ceph Storage:

    Syntax

    subscription-manager list --available --matches 'Red Hat Ceph Storage'

  4. Identify the appropriate subscription and retrieve its Pool ID.
  5. Attach a pool ID to gain access to the software entitlements. Use the Pool ID you identified in the previous step.

    Syntax

    subscription-manager attach --pool=POOL_ID

  6. Disable the default software repositories, and then enable the server and the extras repositories on the respective version of Red Hat Enterprise Linux:

    Red Hat Enterprise Linux 8

    subscription-manager repos --disable=*
    subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms
    subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms

    Red Hat Enterprise Linux 9

    subscription-manager repos --disable=*
    subscription-manager repos --enable=rhel-9-for-x86_64-baseos-rpms
    subscription-manager repos --enable=rhel-9-for-x86_64-appstream-rpms

  7. Update the system to receive the latest packages for Red Hat Enterprise Linux:

    Syntax

    # dnf update

  8. Subscribe to Red Hat Ceph Storage 5 content. Follow the instructions in How to Register Ceph with Red Hat Satellite 6.
  9. Enable the ceph-tools repository:

    Red Hat Enterprise Linux 8

    subscription-manager repos --enable=rhceph-5-tools-for-rhel-8-x86_64-rpms

    Red Hat Enterprise Linux 9

    subscription-manager repos --enable=rhceph-5-tools-for-rhel-9-x86_64-rpms

  10. Repeat the above steps on all nodes you are adding to the cluster.
  11. Complete the following steps on the node where you are running the Ansible playbooks from:

    Note

    You do not need to enable Ansible for Red Hat Enterprise Linux 9 as ansible-core is bundled into Red Hat Enterprise Linux 9 AppStream.

    1. Enable the Ansible repository:

      Red Hat Enterprise Linux 8

      subscription-manager repos --enable=ansible-2.9-for-rhel-8-x86_64-rpms

    2. Install cephadm-ansible:

      Syntax

      dnf install cephadm-ansible

3.6. Configuring Ansible inventory location

You can configure inventory location files for the cephadm-ansible staging and production environments. The Ansible inventory hosts file contains all the hosts that are part of the storage cluster. You can list nodes individually in the inventory hosts file or you can create groups such as [mons],[osds], and [rgws] to provide clarity to your inventory and ease the usage of the --limit option to target a group or node when running a playbook.

Note

If deploying clients, client nodes must be defined in a dedicated [clients] group.

Prerequisites

  • An Ansible administration node.
  • Root-level access to the Ansible administration node.
  • The cephadm-ansible package is installed on the node.

Procedure

  1. Navigate to the /usr/share/cephadm-ansible/ directory:

    [root@admin ~]# cd /usr/share/cephadm-ansible
  2. Optional: Create subdirectories for staging and production:

    [root@admin cephadm-ansible]# mkdir -p inventory/staging inventory/production
  3. Optional: Edit the ansible.cfg file and add the following line to assign a default inventory location:

    [defaults]
    inventory = ./inventory/staging
  4. Optional: Create an inventory hosts file for each environment:

    [root@admin cephadm-ansible]# touch inventory/staging/hosts
    [root@admin cephadm-ansible]# touch inventory/production/hosts
  5. Open and edit each hosts file and add the nodes and [admin] group:

    NODE_NAME_1
    NODE_NAME_2
    
    [admin]
    ADMIN_NODE_NAME_1
    • Replace NODE_NAME_1 and NODE_NAME_2 with the Ceph nodes such as monitors, OSDs, MDSs, and gateway nodes.
    • Replace ADMIN_NODE_NAME_1 with the name of the node where the admin keyring is stored.

      Example

      host02
      host03
      host04
      
      [admin]
      host01

      Note

      If you set the inventory location in the ansible.cfg file to staging, you need to run the playbooks in the staging environment as follows:

      Syntax

      ansible-playbook -i inventory/staging/hosts PLAYBOOK.yml

      To run the playbooks in the production environment:

      Syntax

      ansible-playbook -i inventory/production/hosts PLAYBOOK.yml

3.7. Creating an Ansible user with sudo access

You can create an Ansible user with password-less root access on all nodes in the storage cluster to run the cephadm-ansible playbooks. The Ansible user must be able to log into all the Red Hat Ceph Storage nodes as a user that has root privileges to install software and create configuration files without prompting for a password.

Prerequisites

  • Root-level access to all nodes.

Procedure

  1. Log in to the node as the root user:

    Syntax

    ssh root@HOST_NAME

    Replace HOST_NAME with the host name of the Ceph node.

    Example

    [root@admin ~]# ssh root@host01

    Enter the root password when prompted.

  2. Create a new Ansible user:

    Syntax

    adduser USER_NAME

    Replace USER_NAME with the new user name for the Ansible user.

    Example

    [root@host01 ~]# adduser ceph-admin

    Important

    Do not use ceph as the user name. The ceph user name is reserved for the Ceph daemons. A uniform user name across the cluster can improve ease of use, but avoid using obvious user names, because intruders typically use them for brute-force attacks.

  3. Set a new password for this user:

    Syntax

    passwd USER_NAME

    Replace USER_NAME with the new user name for the Ansible user.

    Example

    [root@host01 ~]# passwd ceph-admin

    Enter the new password twice when prompted.

  4. Configure sudo access for the newly created user:

    Syntax

    cat << EOF >/etc/sudoers.d/USER_NAME
    $USER_NAME ALL = (root) NOPASSWD:ALL
    EOF

    Replace USER_NAME with the new user name for the Ansible user.

    Example

    [root@host01 ~]# cat << EOF >/etc/sudoers.d/ceph-admin
    ceph-admin ALL = (root) NOPASSWD:ALL
    EOF

  5. Assign the correct file permissions to the new file:

    Syntax

    chmod 0440 /etc/sudoers.d/USER_NAME

    Replace USER_NAME with the new user name for the Ansible user.

    Example

    [root@host01 ~]# chmod 0440 /etc/sudoers.d/ceph-admin

  6. Repeat the above steps on all nodes in the storage cluster.

Additional Resources

3.8. Enabling password-less SSH for Ansible

Generate an SSH key pair on the Ansible administration node and distribute the public key to each node in the storage cluster so that Ansible can access the nodes without being prompted for a password.

Prerequisites

  • Access to the Ansible administration node.
  • Ansible user with sudo access to all nodes in the storage cluster.

Procedure

  1. Generate the SSH key pair, accept the default file name and leave the passphrase empty:

    [ansible@admin ~]$ ssh-keygen
  2. Copy the public key to all nodes in the storage cluster:

    ssh-copy-id USER_NAME@HOST_NAME

    Replace USER_NAME with the new user name for the Ansible user. Replace HOST_NAME with the host name of the Ceph node.

    Example

    [ansible@admin ~]$ ssh-copy-id ceph-admin@host01

  3. Create the user’s SSH config file:

    [ansible@admin ~]$ touch ~/.ssh/config
  4. Open for editing the config file. Set values for the Hostname and User options for each node in the storage cluster:

    Host host01
       Hostname HOST_NAME
       User USER_NAME
    Host host02
       Hostname HOST_NAME
       User USER_NAME
    ...

    Replace HOST_NAME with the host name of the Ceph node. Replace USER_NAME with the new user name for the Ansible user.

    Example

    Host host01
       Hostname host01
       User ceph-admin
    Host host02
       Hostname host02
       User ceph-admin
    Host host03
       Hostname host03
       User ceph-admin

    Important

    By configuring the ~/.ssh/config file you do not have to specify the -u USER_NAME option each time you execute the ansible-playbook command.

  5. Set the correct file permissions for the ~/.ssh/config file:

    [ansible@admin ~]$ chmod 600 ~/.ssh/config

Additional Resources

3.9. Running the preflight playbook

This Ansible playbook configures the Ceph repository and prepares the storage cluster for bootstrapping. It also installs some prerequisites, such as podman, lvm2, chronyd, and cephadm. The default location for cephadm-ansible and cephadm-preflight.yml is /usr/share/cephadm-ansible.

The preflight playbook uses the cephadm-ansible inventory file to identify all the admin and nodes in the storage cluster.

The default location for the inventory file is /usr/share/cephadm-ansible/hosts. The following example shows the structure of a typical inventory file:

Example

host02
host03
host04

[admin]
host01

The [admin] group in the inventory file contains the name of the node where the admin keyring is stored. On a new storage cluster, the node in the [admin] group will be the bootstrap node. To add additional admin hosts after bootstrapping the cluster see Setting up the admin node in the Installation Guide for more information.

Note

Run the preflight playbook before you bootstrap the initial host.

Important

If you are performing a disconnected installation, see Running the preflight playbook for a disconnected installation.

Prerequisites

  • Root-level access to the Ansible administration node.
  • Ansible user with sudo and passwordless ssh access to all nodes in the storage cluster.

    Note

    In the below example, host01 is the bootstrap node.

Procedure

  1. Navigate to the the /usr/share/cephadm-ansible directory.
  2. Open and edit the hosts file and add your nodes:

    Example

    host02
    host03
    host04
    
    [admin]
    host01

  3. Run the preflight playbook:

    Syntax

    ansible-playbook -i INVENTORY_FILE cephadm-preflight.yml --extra-vars "ceph_origin=rhcs"

    Example

    [ansible@admin cephadm-ansible]$ ansible-playbook -i hosts cephadm-preflight.yml --extra-vars "ceph_origin=rhcs"

    After installation is complete, cephadm resides in the /usr/sbin/ directory.

    • Use the --limit option to run the preflight playbook on a selected set of hosts in the storage cluster:

      Syntax

      ansible-playbook -i INVENTORY_FILE cephadm-preflight.yml --extra-vars "ceph_origin=rhcs" --limit GROUP_NAME|NODE_NAME

      Replace GROUP_NAME with a group name from your inventory file. Replace NODE_NAME with a specific node name from your inventory file.

      Note

      Optionally, you can group your nodes in your inventory file by group name such as [mons], [osds], and [mgrs]. However, admin nodes must be added to the [admin] group and clients must be added to the [clients] group.

      Example

      [ansible@admin cephadm-ansible]$ ansible-playbook -i hosts cephadm-preflight.yml --extra-vars "ceph_origin=rhcs" --limit clients
      [ansible@admin cephadm-ansible]$ ansible-playbook -i hosts cephadm-preflight.yml --extra-vars "ceph_origin=rhcs" --limit host01

    • When you run the preflight playbook, cephadm-ansible automatically installs chronyd and ceph-common on the client nodes.

3.10. Bootstrapping a new storage cluster

The cephadm utility performs the following tasks during the bootstrap process:

  • Installs and starts a Ceph Monitor daemon and a Ceph Manager daemon for a new Red Hat Ceph Storage cluster on the local node as containers.
  • Creates the /etc/ceph directory.
  • Writes a copy of the public key to /etc/ceph/ceph.pub for the Red Hat Ceph Storage cluster and adds the SSH key to the root user’s /root/.ssh/authorized_keys file.
  • Applies the _admin label to the bootstrap node.
  • Writes a minimal configuration file needed to communicate with the new cluster to /etc/ceph/ceph.conf.
  • Writes a copy of the client.admin administrative secret key to /etc/ceph/ceph.client.admin.keyring.
  • Deploys a basic monitoring stack with prometheus, grafana, and other tools such as node-exporter and alert-manager.
Important

If you are performing a disconnected installation, see Performing a disconnected installation.

Note

If you have existing prometheus services that you want to run with the new storage cluster, or if you are running Ceph with Rook, use the --skip-monitoring-stack option with the cephadm bootstrap command. This option bypasses the basic monitoring stack so that you can manually configure it later.

Important

If you are deploying a monitoring stack, see Deploying the monitoring stack using the Ceph Orchestrator in the Red Hat Ceph Storage Operations Guide.

Important

Bootstrapping provides the default user name and password for the initial login to the Dashboard. Bootstrap requires you to change the password after you log in.

Important

Before you begin the bootstrapping process, make sure that the container image that you want to use has the same version of Red Hat Ceph Storage as cephadm. If the two versions do not match, bootstrapping fails at the Creating initial admin user stage.

Note

Before you begin the bootstrapping process, you must create a username and password for the registry.redhat.io container registry. For more information about Red Hat container registry authentication, see the knowledge base article Red Hat Container Registry Authentication

Prerequisites

  • An IP address for the first Ceph Monitor container, which is also the IP address for the first node in the storage cluster.
  • Login access to registry.redhat.io.
  • A minimum of 10 GB of free space for /var/lib/containers/.
  • Root-level access to all nodes.
Note

If the storage cluster includes multiple networks and interfaces, be sure to choose a network that is accessible by any node that uses the storage cluster.

Note

If the local node uses fully-qualified domain names (FQDN), then add the --allow-fqdn-hostname option to cephadm bootstrap on the command line.

Important

Run cephadm bootstrap on the node that you want to be the initial Monitor node in the cluster. The IP_ADDRESS option should be the IP address of the node you are using to run cephadm bootstrap.

Note

If you want to deploy a storage cluster using IPV6 addresses, then use the IPV6 address format for the --mon-ip IP_ADDRESS option. For example: cephadm bootstrap --mon-ip 2620:52:0:880:225:90ff:fefc:2536 --registry-json /etc/mylogin.json

Important

Configuring Ceph Object Gateway multi-site on Red Hat Ceph Storage 5.1 is not supported due to several open issues. For more information, see the knowledge base article Red Hat Ceph Storage 5.1 does not support multi-site configuration.

Use the --yes-i-know flag while bootstrapping a new Red Hat Ceph Storage cluster to get past the warning about multi-site regressions.

Note

Follow the knowledge base article How to upgrade from Red Hat Ceph Storage 4.2z4 to 5.0z4 with the bootstrapping procedure if you are planning for a new installation of Red Hat Ceph Storage 5.0z4.

Procedure

  1. Bootstrap a storage cluster:

    Syntax

    cephadm bootstrap --cluster-network NETWORK_CIDR --mon-ip IP_ADDRESS --registry-url registry.redhat.io --registry-username USER_NAME --registry-password PASSWORD --yes-i-know

    Example

    [root@host01 ~]# cephadm bootstrap --cluster-network 10.10.128.0/24 --mon-ip 10.10.128.68 --registry-url registry.redhat.io --registry-username myuser1 --registry-password mypassword1 --yes-i-know

    Note

    If you want internal cluster traffic routed over the public network, you can omit the --cluster-network NETWORK_CIDR option.

    The script takes a few minutes to complete. Once the script completes, it provides the credentials to the Red Hat Ceph Storage Dashboard URL, a command to access the Ceph command-line interface (CLI), and a request to enable telemetry.

    Ceph Dashboard is now available at:
    
                 URL: https://host01:8443/
                User: admin
            Password: i8nhu7zham
    
    Enabling client.admin keyring and conf on hosts with "admin" label
    You can access the Ceph CLI with:
    
            sudo /usr/sbin/cephadm shell --fsid 266ee7a8-2a05-11eb-b846-5254002d4916 -c /etc/ceph/ceph.conf -k /etc/ceph/ceph.client.admin.keyring
    
    Please consider enabling telemetry to help improve Ceph:
    
            ceph telemetry on
    
    For more information see:
    
            https://docs.ceph.com/docs/master/mgr/telemetry/
    
    Bootstrap complete.

Additional Resources

3.10.2. Using a JSON file to protect login information

As a storage administrator, you might choose to add login and password information to a JSON file, and then refer to the JSON file for bootstrapping. This protects the login credentials from exposure.

Note

You can also use a JSON file with the cephadm --registry-login command.

Prerequisites

  • An IP address for the first Ceph Monitor container, which is also the IP address for the first node in the storage cluster.
  • Login access to registry.redhat.io.
  • A minimum of 10 GB of free space for /var/lib/containers/.
  • Root-level access to all nodes.

Procedure

  1. Create the JSON file. In this example, the file is named mylogin.json.

    Syntax

    {
     "url":"REGISTRY_URL",
     "username":"USER_NAME",
     "password":"PASSWORD"
    }

    Example

    {
     "url":"registry.redhat.io",
     "username":"myuser1",
     "password":"mypassword1"
    }

  2. Bootstrap a storage cluster:

    Syntax

    cephadm bootstrap --mon-ip IP_ADDRESS --registry-json /etc/mylogin.json

    Example

    [root@host01 ~]# cephadm bootstrap --mon-ip 10.10.128.68 --registry-json /etc/mylogin.json

3.10.3. Bootstrapping a storage cluster using a service configuration file

To bootstrap the storage cluster and configure additional hosts and daemons using a service configuration file, use the --apply-spec option with the cephadm bootstrap command. The configuration file is a .yaml file that contains the service type, placement, and designated nodes for services that you want to deploy.

Note

If you want to use a non-default realm or zone for applications such as multi-site, configure your Ceph Object Gateway daemons after you bootstrap the storage cluster, instead of adding them to the configuration file and using the --apply-spec option. This gives you the opportunity to create the realm or zone you need for the Ceph Object Gateway daemons before deploying them. See the Red Hat Ceph Storage Operations Guide for more information.

Note

If deploying a Ceph iSCSI gateway, NFS-Ganesha gateway, or Metadata Server (MDS) service, configure them after bootstrapping the storage cluster.

  • To deploy a Ceph iSCSI gateway or Ceph NFS-Ganesha gateway, you must create a RADOS pool first.
  • To deploy the MDS service, you must create a CephFS volume first.

See the Red Hat Ceph Storage Operations Guide for more information.

Note

Starting with Red Hat Ceph Storage 5.1, if you run the bootstrap command with --apply-spec option, ensure to include the IP address of the bootstrap host in the specification file. This prevents resolving the IP address to loopback address while re-adding the bootstrap host where active Ceph Manager is already running.

If you do not use the --apply spec option during bootstrap and instead use ceph orch apply command with another specification file which includes re-adding the host and contains an active Ceph Manager running, then ensure to explicitly provide the addr field. This is applicable for applying any specification file after bootstrapping.

Prerequisites

  • At least one running virtual machine (VM) or server.
  • Red Hat Enterprise Linux 8.4 EUS or later.
  • Root-level access to all nodes.
  • Login access to registry.redhat.io.
  • Passwordless ssh is set up on all hosts in the storage cluster.
  • cephadm is installed on the node that you want to be the initial Monitor node in the storage cluster.

Procedure

  1. Log in to the bootstrap host.
  2. Create the service configuration .yaml file for your storage cluster. The example file directs cephadm bootstrap to configure the initial host and two additional hosts, and it specifies that OSDs be created on all available disks.

    Example

    service_type: host
    addr: host01
    hostname: host01
    ---
    service_type: host
    addr: host02
    hostname: host02
    ---
    service_type: host
    addr: host03
    hostname: host03
    ---
    service_type: host
    addr: host04
    hostname: host04
    ---
    service_type: mon
    placement:
      host_pattern: "host[0-2]"
    ---
    service_type: osd
    service_id: my_osds
    placement:
      host_pattern: "host[1-3]"
    data_devices:
      all: true

  3. Bootstrap the storage cluster with the --apply-spec option:

    Syntax

    cephadm bootstrap --apply-spec CONFIGURATION_FILE_NAME --mon-ip MONITOR_IP_ADDRESS --registry-url registry.redhat.io --registry-username USER_NAME --registry-password PASSWORD

    Example

    [root@host01 ~]# cephadm bootstrap --apply-spec initial-config.yaml --mon-ip 10.10.128.68 --registry-url registry.redhat.io --registry-username myuser1 --registry-password mypassword1

    The script takes a few minutes to complete. Once the script completes, it provides the credentials to the Red Hat Ceph Storage Dashboard URL, a command to access the Ceph command-line interface (CLI), and a request to enable telemetry.

  4. Once your storage cluster is up and running, see the Red Hat Ceph Storage Operations Guide for more information about configuring additional daemons and services.

Additional Resources

3.10.4. Bootstrapping the storage cluster as a non-root user

To bootstrap the Red Hat Ceph Storage cluster as a non-root user on the bootstrap node, use the --ssh-user option with the cephadm bootstrap command. --ssh-user specifies a user for SSH connections to cluster nodes.

Non-root users must have passwordless sudo access.

Prerequisites

  • An IP address for the first Ceph Monitor container, which is also the IP address for the initial Monitor node in the storage cluster.
  • Login access to registry.redhat.io.
  • A minimum of 10 GB of free space for /var/lib/containers/.
  • SSH public and private keys.
  • Passwordless sudo access to the bootstrap node.

Procedure

  1. Change to sudo on the bootstrap node:

    Syntax

    su - SSH_USER_NAME

    Example

    [root@host01 ~]# su - ceph
    Last login: Tue Sep 14 12:00:29 EST 2021 on pts/0

  2. Establish the SSH connection to the bootstrap node:

    Example

    [ceph@host01 ~]# ssh host01
    Last login: Tue Sep 14 12:03:29 EST 2021 on pts/0

  3. Invoke the cephadm bootstrap command. Include the --ssh-private-key and --ssh-public-key options:

    Syntax

    cephadm bootstrap --ssh-user USER_NAME --mon-ip IP_ADDRESS --ssh-private-key PRIVATE_KEY --ssh-public-key PUBLIC_KEY --registry-url registry.redhat.io --registry-username USER_NAME --registry-password PASSWORD

    Example

    cephadm bootstrap --ssh-user ceph --mon-ip 10.10.128.68 --ssh-private-key /home/ceph/.ssh/id_rsa --ssh-public-key /home/ceph/.ssh/id_rsa.pub --registry-url registry.redhat.io --registry-username myuser1 --registry-password mypassword1

Additional Resources

3.10.5. Bootstrap command options

The cephadm bootstrap command bootstraps a Ceph storage cluster on the local host. It deploys a MON daemon and a MGR daemon on the bootstrap node, automatically deploys the monitoring stack on the local host, and calls ceph orch host add HOSTNAME.

The following table lists the available options for cephadm bootstrap.

cephadm bootstrap optionDescription

--config CONFIG_FILE, -c CONFIG_FILE

CONFIG_FILE is the ceph.conf file to use with the bootstrap command

--cluster-network NETWORK_CIDR

Use the subnet defined by NETWORK_CIDR for internal cluster traffic. This is specified in CIDR notation. For example: 10.10.128.0/24.

--mon-id MON_ID

Bootstraps on the host named MON_ID. Default value is the local host.

--mon-addrv MON_ADDRV

mon IPs (e.g., [v2:localipaddr:3300,v1:localipaddr:6789])

--mon-ip IP_ADDRESS

IP address of the node you are using to run cephadm bootstrap.

--mgr-id MGR_ID

Host ID where a MGR node should be installed. Default: randomly generated.

--fsid FSID

Cluster FSID.

--output-dir OUTPUT_DIR

Use this directory to write config, keyring, and pub key files.

--output-keyring OUTPUT_KEYRING

Use this location to write the keyring file with the new cluster admin and mon keys.

--output-config OUTPUT_CONFIG

Use this location to write the configuration file to connect to the new cluster.

--output-pub-ssh-key OUTPUT_PUB_SSH_KEY

Use this location to write the public SSH key for the cluster.

--skip-ssh

Skip the setup of the ssh key on the local host.

--initial-dashboard-user INITIAL_DASHBOARD_USER

Initial user for the dashboard.

--initial-dashboard-password INITIAL_DASHBOARD_PASSWORD

Initial password for the initial dashboard user.

--ssl-dashboard-port SSL_DASHBOARD_PORT

Port number used to connect with the dashboard using SSL.

--dashboard-key DASHBOARD_KEY

Dashboard key.

--dashboard-crt DASHBOARD_CRT

Dashboard certificate.

--ssh-config SSH_CONFIG

SSH config.

--ssh-private-key SSH_PRIVATE_KEY

SSH private key.

--ssh-public-key SSH_PUBLIC_KEY

SSH public key.

--ssh-user SSH_USER

Sets the user for SSH connections to cluster hosts. Passwordless sudo is needed for non-root users.

--skip-mon-network

Sets mon public_network based on the bootstrap mon ip.

--skip-dashboard

Do not enable the Ceph Dashboard.

--dashboard-password-noupdate

Disable forced dashboard password change.

--no-minimize-config

Do not assimilate and minimize the configuration file.

--skip-ping-check

Do not verify that the mon IP is pingable.

--skip-pull

Do not pull the latest image before bootstrapping.

--skip-firewalld

Do not configure firewalld.

--allow-overwrite

Allow the overwrite of existing –output-* config/keyring/ssh files.

--allow-fqdn-hostname

Allow fully qualified host name.

--skip-prepare-host

Do not prepare host.

--orphan-initial-daemons

Do not create initial mon, mgr, and crash service specs.

--skip-monitoring-stack

Do not automatically provision the monitoring stack] (prometheus, grafana, alertmanager, node-exporter).

--apply-spec APPLY_SPEC

Apply cluster spec file after bootstrap (copy ssh key, add hosts and apply services).

--registry-url REGISTRY_URL

Specifies the URL of the custom registry to log into. For example: registry.redhat.io.

--registry-username REGISTRY_USERNAME

User name of the login account to the custom registry.

--registry-password REGISTRY_PASSWORD

Password of the login account to the custom registry.

--registry-json REGISTRY_JSON

JSON file containing registry login information.

Additional Resources

  • For more information about the --skip-monitoring-stack option, see Adding hosts.
  • For more information about logging into the registry with the registry-json option, see help for the registry-login command.
  • For more information about cephadm options, see help for cephadm.

3.10.6. Configuring a private registry for a disconnected installation

You can use a disconnected installation procedure to install cephadm and bootstrap your storage cluster on a private network. A disconnected installation uses a private registry for installation. Use this procedure when the Red Hat Ceph Storage nodes do NOT have access to the Internet during deployment.

Follow this procedure to set up a secure private registry using authentication and a self-signed certificate. Perform these steps on a node that has both Internet access and access to the local cluster.

Note

Using an insecure registry for production is not recommended.

Prerequisites

  • At least one running virtual machine (VM) or server with an active internet connection.
  • Red Hat Enterprise Linux 8.4 EUS or later.
  • Login access to registry.redhat.io.
  • Root-level access to all nodes.

Procedure

  1. Log in to the node that has access to both the public network and the cluster nodes.
  2. Register the node, and when prompted, enter the appropriate Red Hat Customer Portal credentials:

    Example

    [root@admin ~]# subscription-manager register

  3. Pull the latest subscription data:

    Example

    [root@admin ~]# subscription-manager refresh

  4. List all available subscriptions for Red Hat Ceph Storage:

    Example

    [root@admin ~]# subscription-manager list --available --all --matches="*Ceph*"

    Copy the Pool ID from the list of available subscriptions for Red Hat Ceph Storage.

  5. Attach the subscription to get access to the software entitlements:

    Syntax

    subscription-manager attach --pool=POOL_ID

    Replace POOL_ID with the Pool ID identified in the previous step.

  6. Disable the default software repositories, and enable the server and the extras repositories:

    Red Hat Enterprise Linux 8

    [root@admin ~]# subscription-manager repos --disable=*
    [root@admin ~]# subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms
    [root@admin ~]# subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms

    Red Hat Enterprise Linux 9

    [root@admin ~]# subscription-manager repos --disable=*
    [root@admin ~]# subscription-manager repos --enable=rhel-9-for-x86_64-baseos-rpms
    [root@admin ~]# subscription-manager repos --enable=rhel-9-for-x86_64-appstream-rpms

  7. Install the podman and httpd-tools packages:

    Example

    [root@admin ~]# dnf install -y podman httpd-tools

  8. Create folders for the private registry:

    Example

    [root@admin ~]# mkdir -p /opt/registry/{auth,certs,data}

    The registry will be stored in /opt/registry and the directories are mounted in the container running the registry.

    • The auth directory stores the htpasswd file the registry uses for authentication.
    • The certs directory stores the certificates the registry uses for authentication.
    • The data directory stores the registry images.
  9. Create credentials for accessing the private registry:

    Syntax

    htpasswd -bBc /opt/registry/auth/htpasswd PRIVATE_REGISTRY_USERNAME PRIVATE_REGISTRY_PASSWORD

    • The b option provides the password from the command line.
    • The B option stores the password using Bcrypt encryption.
    • The c option creates the htpasswd file.
    • Replace PRIVATE_REGISTRY_USERNAME with the username to create for the private registry.
    • Replace PRIVATE_REGISTRY_PASSWORD with the password to create for the private registry username.

      Example

      [root@admin ~]# htpasswd -bBc /opt/registry/auth/htpasswd myregistryusername myregistrypassword1

  10. Create a self-signed certificate:

    Syntax

    openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/domain.key -x509 -days 365 -out /opt/registry/certs/domain.crt -addext "subjectAltName = DNS:LOCAL_NODE_FQDN"

    • Replace LOCAL_NODE_FQDN with the fully qualified host name of the private registry node.

      Note

      You will be prompted for the respective options for your certificate. The CN= value is the host name of your node and should be resolvable by DNS or the /etc/hosts file.

      Example

      [root@admin ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/domain.key -x509 -days 365 -out /opt/registry/certs/domain.crt -addext "subjectAltName = DNS:admin.lab.redhat.com"

      Note

      When creating a self-signed certificate, be sure to create a certificate with a proper Subject Alternative Name (SAN). Podman commands that require TLS verification for certificates that do not include a proper SAN, return the following error: x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0

  11. Create a symbolic link to domain.cert to allow skopeo to locate the certificate with the file extension .cert:

    Example

    [root@admin ~]# ln -s /opt/registry/certs/domain.crt /opt/registry/certs/domain.cert

  12. Add the certificate to the trusted list on the private registry node:

    Syntax

    cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
    update-ca-trust
    trust list | grep -i "LOCAL_NODE_FQDN"

    Replace LOCAL_NODE_FQDN with the FQDN of the private registry node.

    Example

    [root@admin ~]# cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
    [root@admin ~]# update-ca-trust
    [root@admin ~]# trust list | grep -i "admin.lab.redhat.com"
    
        label: admin.lab.redhat.com

  13. Copy the certificate to any nodes that will access the private registry for installation and update the trusted list:

    Example

    [root@admin ~]# scp /opt/registry/certs/domain.crt root@host01:/etc/pki/ca-trust/source/anchors/
    [root@admin ~]# ssh root@host01
    [root@host01 ~]# update-ca-trust
    [root@host01 ~]# trust list | grep -i "admin.lab.redhat.com"
    
        label: admin.lab.redhat.com

  14. Start the local secure private registry:

    Syntax

    [root@admin ~]# podman run --restart=always --name NAME_OF_CONTAINER \
    -p 5000:5000 -v /opt/registry/data:/var/lib/registry:z \
    -v /opt/registry/auth:/auth:z \
    -v /opt/registry/certs:/certs:z \
    -e "REGISTRY_AUTH=htpasswd" \
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
    -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
    -e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt" \
    -e "REGISTRY_HTTP_TLS_KEY=/certs/domain.key" \
    -e REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED=true \
    -d registry:2

    Replace NAME_OF_CONTAINER with a name to assign to the container.

    Example

    [root@admin ~]# podman run --restart=always --name myprivateregistry \
    -p 5000:5000 -v /opt/registry/data:/var/lib/registry:z \
    -v /opt/registry/auth:/auth:z \
    -v /opt/registry/certs:/certs:z \
    -e "REGISTRY_AUTH=htpasswd" \
    -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
    -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
    -e "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt" \
    -e "REGISTRY_HTTP_TLS_KEY=/certs/domain.key" \
    -e REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED=true \
    -d registry:2

    This starts the private registry on port 5000 and mounts the volumes of the registry directories in the container running the registry.

  15. On the local registry node, verify that registry.redhat.io is in the container registry search path.

    1. Open for editing the /etc/containers/registries.conf file, and add registry.redhat.io to the unqualified-search-registries list, if it does not exist:

      Example

      unqualified-search-registries = ["registry.redhat.io", "registry.access.redhat.com", "registry.fedoraproject.org", "registry.centos.org", "docker.io"]

  16. Login to registry.redhat.io with your Red Hat Customer Portal credentials:

    Syntax

    podman login registry.redhat.io

  17. Copy the following Red Hat Ceph Storage 5 image, Prometheus images, and Dashboard image from the Red Hat Customer Portal to the private registry:

    Table 3.1. Custom image details for monitoring stack

    Monitoring stack componentRed Hat Ceph Storage versionImage details

    Prometheus

    All Red Hat Ceph Storage 5 versions

    registry.redhat.io/openshift4/ose-prometheus:v4.6

    Grafana

    All Red Hat Ceph Storage 5 versions

    registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8:latest

    Node-exporter

    Red Hat Ceph Storage 5.0

    registry.redhat.io/openshift4/ose-prometheus-node-exporter:v4.5

     

    Red Hat Ceph Storage 5.0z1 onwards

    registry.redhat.io/openshift4/ose-prometheus-node-exporter:v4.6

    AlertManager

    Red Hat Ceph Storage 5.0

    registry.redhat.io/openshift4/ose-prometheus-alertmanager:v4.5

     

    Red Hat Ceph Storage 5.0z1 onwards

    registry.redhat.io/openshift4/ose-prometheus-alertmanager:v4.6

    HAProxy

    Red Hat Ceph Storage 5.1 onwards

    registry.redhat.io/rhceph/rhceph-haproxy-rhel8:latest

    Keepalived

    Red Hat Ceph Storage 5.1 onwards

    registry.redhat.io/rhceph/keepalived-rhel8:latest

    SNMP Gateway

    Red Hat Ceph Storage 5.0 onwards

    registry.redhat.io/rhceph/snmp-notifier-rhel8:latest

    Syntax

    podman run -v /CERTIFICATE_DIRECTORY_PATH:/certs:Z -v /CERTIFICATE_DIRECTORY_PATH/domain.cert:/certs/domain.cert:Z  --rm registry.redhat.io/rhel8/skopeo:8.5-8 skopeo copy  --remove-signatures --src-creds RED_HAT_CUSTOMER_PORTAL_LOGIN:RED_HAT_CUSTOMER_PORTAL_PASSWORD --dest-cert-dir=./certs/ --dest-creds PRIVATE_REGISTRY_USERNAME:PRIVATE_REGISTRY_PASSWORD docker://registry.redhat.io/SRC_IMAGE:SRC_TAG docker://LOCAL_NODE_FQDN:5000/DST_IMAGE:DST_TAG

    • Replace CERTIFICATE_DIRECTORY_PATH with the directory path to the self-signed certificates.
    • Replace RED_HAT_CUSTOMER_PORTAL_LOGIN and RED_HAT_CUSTOMER_PORTAL_PASSWORD with your Red Hat Customer Portal credentials.
    • Replace PRIVATE_REGISTRY_USERNAME and PRIVATE_REGISTRY_PASSWORD with the private registry credentials.
    • Replace SRC_IMAGE and SRC_TAG with the name and tag of the image to copy from registry.redhat.io.
    • Replace DST_IMAGE and DST_TAG with the name and tag of the image to copy to the private registry.
    • Replace LOCAL_NODE_FQDN with the FQDN of the private registry.

      Example

      [root@admin ~]# podman run -v /opt/registry/certs:/certs:Z -v /opt/registry/certs/domain.cert:/certs/domain.cert:Z --rm registry.redhat.io/rhel8/skopeo:8.5-8 skopeo copy  --remove-signatures --src-creds myusername:mypassword1 --dest-cert-dir=./certs/ --dest-creds myregistryusername:myregistrypassword1 docker://registry.redhat.io/rhceph/rhceph-5-rhel8:latest docker://admin.lab.redhat.com:5000/rhceph/rhceph-5-rhel8:latest
      
      [root@admin ~]# podman run -v /opt/registry/certs:/certs:Z -v /opt/registry/certs/domain.cert:/certs/domain.cert:Z --rm registry.redhat.io/rhel8/skopeo:8.5-8 skopeo copy  --remove-signatures --src-creds myusername:mypassword1 --dest-cert-dir=./certs/ --dest-creds myregistryusername:myregistrypassword1 docker://registry.redhat.io/openshift4/ose-prometheus-node-exporter:v4.6 docker://admin.lab.redhat.com:5000/openshift4/ose-prometheus-node-exporter:v4.6
      
      [root@admin ~]# podman run -v /opt/registry/certs:/certs:Z -v /opt/registry/certs/domain.cert:/certs/domain.cert:Z --rm registry.redhat.io/rhel8/skopeo:8.5-8 skopeo copy  --remove-signatures --src-creds myusername:mypassword1 --dest-cert-dir=./certs/ --dest-creds myregistryusername:myregistrypassword1 docker://registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8:latest docker://admin.lab.redhat.com:5000/rhceph/rhceph-5-dashboard-rhel8:latest
      
      [root@admin ~]# podman run -v /opt/registry/certs:/certs:Z -v /opt/registry/certs/domain.cert:/certs/domain.cert:Z --rm registry.redhat.io/rhel8/skopeo:8.5-8 skopeo copy  --remove-signatures --src-creds myusername:mypassword1 --dest-cert-dir=./certs/ --dest-creds myregistryusername:myregistrypassword1 docker://registry.redhat.io/openshift4/ose-prometheus:v4.6 docker://admin.lab.redhat.com:5000/openshift4/ose-prometheus:v4.6
      
      [root@admin ~]# podman run -v /opt/registry/certs:/certs:Z -v /opt/registry/certs/domain.cert:/certs/domain.cert:Z --rm registry.redhat.io/rhel8/skopeo:8.5-8 skopeo copy  --remove-signatures --src-creds myusername:mypassword1 --dest-cert-dir=./certs/ --dest-creds myregistryusername:myregistrypassword1 docker://registry.redhat.io/openshift4/ose-prometheus-alertmanager:v4.6 docker://admin.lab.redhat.com:5000/openshift4/ose-prometheus-alertmanager:v4.6

  18. Using the curl command, verify the images reside in the local registry:

    Syntax

    curl -u PRIVATE_REGISTRY_USERNAME:PRIVATE_REGISTRY_PASSWORD https://LOCAL_NODE_FQDN:5000/v2/_catalog

    Example

    [root@admin ~]# curl -u myregistryusername:myregistrypassword1 https://admin.lab.redhat.com:5000/v2/_catalog
    
    {"repositories":["openshift4/ose-prometheus","openshift4/ose-prometheus-alertmanager","openshift4/ose-prometheus-node-exporter","rhceph/rhceph-5-dashboard-rhel8","rhceph/rhceph-5-rhel8"]}

Additional Resources

3.10.7. Running the preflight playbook for a disconnected installation

You use the cephadm-preflight.yml Ansible playbook to configure the Ceph repository and prepare the storage cluster for bootstrapping. It also installs some prerequisites, such as podman, lvm2, chronyd, and cephadm.

The preflight playbook uses the cephadm-ansible inventory hosts file to identify all the nodes in the storage cluster. The default location for cephadm-ansible, cephadm-preflight.yml, and the inventory hosts file is /usr/share/cephadm-ansible/.

The following example shows the structure of a typical inventory file:

Example

host02
host03
host04

[admin]
host01

The [admin] group in the inventory file contains the name of the node where the admin keyring is stored.

Note

Run the preflight playbook before you bootstrap the initial host.

Prerequisites

  • The cephadm-ansible package is installed on the Ansible administration node.
  • Root-level access to all nodes in the storage cluster.
  • Passwordless ssh is set up on all hosts in the storage cluster.
  • Nodes configured to access a local YUM repository server with the following repositories enabled:

    • rhel-8-for-x86_64-baseos-rpms
    • rhel-8-for-x86_64-appstream-rpms
    • rhceph-5-tools-for-rhel-8-x86_64-rpms
Note

For more information about setting up a local YUM repository, see the knowledge base article Creating a Local Repository and Sharing with Disconnected/Offline/Air-gapped Systems

Procedure

  1. Navigate to the /usr/share/cephadm-ansible directory on the Ansible administration node.
  2. Open and edit the hosts file and add your nodes.
  3. Run the preflight playbook with the ceph_origin parameter set to custom to use a local YUM repository:

    Syntax

    ansible-playbook -i INVENTORY_FILE cephadm-preflight.yml --extra-vars "ceph_origin=custom" -e "custom_repo_url=CUSTOM_REPO_URL"

    Example

    [ansible@admin cephadm-ansible]$ ansible-playbook -i hosts cephadm-preflight.yml --extra-vars "ceph_origin=custom" -e "custom_repo_url=http://mycustomrepo.lab.redhat.com/x86_64/os/"

    After installation is complete, cephadm resides in the /usr/sbin/ directory.

  4. Alternatively, you can use the --limit option to run the preflight playbook on a selected set of hosts in the storage cluster:

    Syntax

    ansible-playbook -i INVENTORY_FILE cephadm-preflight.yml --extra-vars "ceph_origin=custom" -e "custom_repo_url=CUSTOM_REPO_URL" --limit GROUP_NAME|NODE_NAME

    Replace GROUP_NAME with a group name from your inventory file. Replace NODE_NAME with a specific node name from your inventory file.

    Example

    [ansible@admin cephadm-ansible]$ ansible-playbook -i hosts cephadm-preflight.yml --extra-vars "ceph_origin=custom" -e "custom_repo_url=http://mycustomrepo.lab.redhat.com/x86_64/os/" --limit clients
    [ansible@admin cephadm-ansible]$ ansible-playbook -i hosts cephadm-preflight.yml --extra-vars "ceph_origin=custom" -e "custom_repo_url=http://mycustomrepo.lab.redhat.com/x86_64/os/" --limit host02

    Note

    When you run the preflight playbook, cephadm-ansible automatically installs chronyd and ceph-common on the client nodes.

3.10.8. Performing a disconnected installation

Before you can perform the installation, you must obtain a Red Hat Ceph Storage container image, either from a proxy host that has access to the Red Hat registry or by copying the image to your local registry.

Note

If your local registry uses a self-signed certificate with a local registry, ensure you have added the trusted root certificate to the bootstrap host. For more information, see Configuring a private registry for a disconnected installation.

Note

Red Hat Ceph Storage 5.2 is supported on Red Hat Enterprise Linux 8.4 EUS or later.

Important

Before you begin the bootstrapping process, make sure that the container image that you want to use has the same version of Red Hat Ceph Storage as cephadm. If the two versions do not match, bootstrapping fails at the Creating initial admin user stage.

Prerequisites

Procedure

  1. Log in to the bootstrap host.
  2. Bootstrap the storage cluster:

    Syntax

    cephadm --image PRIVATE_REGISTRY_NODE_FQDN:5000/CUSTOM_IMAGE_NAME:IMAGE_TAG bootstrap --mon-ip IP_ADDRESS --registry-url PRIVATE_REGISTRY_NODE_FQDN:5000 --registry-username PRIVATE_REGISTRY_USERNAME --registry-password PRIVATE_REGISTRY_PASSWORD

    • Replace PRIVATE_REGISTRY_NODE_FQDN with the fully qualified domain name of your private registry.
    • Replace CUSTOM_IMAGE_NAME and IMAGE_TAG with the name and tag of the Red Hat Ceph Storage container image that resides in the private registry.
    • Replace IP_ADDRESS with the IP address of the node you are using to run cephadm bootstrap.
    • Replace PRIVATE_REGISTRY_USERNAME with the username to create for the private registry.
    • Replace PRIVATE_REGISTRY_PASSWORD with the password to create for the private registry username.

      Example

      [root@host01 ~]# cephadm --image admin.lab.redhat.com:5000/rhceph/rhceph-5-rhel8:latest bootstrap --mon-ip 10.10.128.68 --registry-url admin.lab.redhat.com:5000 --registry-username myregistryusername --registry-password myregistrypassword1

      The script takes a few minutes to complete. Once the script completes, it provides the credentials to the Red Hat Ceph Storage Dashboard URL, a command to access the Ceph command-line interface (CLI), and a request to enable telemetry.

      Ceph Dashboard is now available at:
      
                   URL: https://host01:8443/
                  User: admin
              Password: i8nhu7zham
      
      Enabling client.admin keyring and conf on hosts with "admin" label
      You can access the Ceph CLI with:
      
              sudo /usr/sbin/cephadm shell --fsid 266ee7a8-2a05-11eb-b846-5254002d4916 -c /etc/ceph/ceph.conf -k /etc/ceph/ceph.client.admin.keyring
      
      Please consider enabling telemetry to help improve Ceph:
      
              ceph telemetry on
      
      For more information see:
      
              https://docs.ceph.com/docs/master/mgr/telemetry/
      
      Bootstrap complete.

After the bootstrap process is complete, see Changing configurations of custom container images for disconnected installations to configure the container images.

Additional Resources

3.10.9. Changing configurations of custom container images for disconnected installations

After you perform the initial bootstrap for disconnected nodes, you must specify custom container images for monitoring stack daemons. You can override the default container images for monitoring stack daemons, since the nodes do not have access to the default container registry.

Note

Make sure that the bootstrap process on the initial host is complete before making any configuration changes.

By default, the monitoring stack components are deployed based on the primary Ceph image. For disconnected environment of the storage cluster, you can use the latest available monitoring stack component images.

Prerequisites

  • At least one running virtual machine (VM) or server.
  • Red Hat Enterprise Linux 8.4 EUS or Red Hat Enterprise Linux 8.5.
  • Root-level access to all nodes.
  • Passwordless ssh is set up on all hosts in the storage cluster.

Procedure

  1. Set the custom container images with the ceph config command:

    Syntax

    ceph config set mgr mgr/cephadm/OPTION_NAME CUSTOM_REGISTRY_NAME/CONTAINER_NAME

    Use the following options for OPTION_NAME:

    container_image_prometheus
    container_image_grafana
    container_image_alertmanager
    container_image_node_exporter

    Example

    [root@host01 ~]# ceph config set mgr mgr/cephadm/container_image_prometheus myregistry/mycontainer
    [root@host01 ~]# ceph config set mgr mgr/cephadm/container_image_grafana myregistry/mycontainer
    [root@host01 ~]# ceph config set mgr mgr/cephadm/container_image_alertmanager myregistry/mycontainer
    [root@host01 ~]# ceph config set mgr mgr/cephadm/container_image_node_exporter myregistry/mycontainer

  2. Redeploy node-exporter:

    Syntax

    ceph orch redeploy node-exporter

Note

If any of the services do not deploy, you can redeploy them with the ceph orch redeploy command.

Note

By setting a custom image, the default values for the configuration image name and tag will be overridden, but not overwritten. The default values change when updates become available. By setting a custom image, you will not be able to configure the component for which you have set the custom image for automatic updates. You will need to manually update the configuration image name and tag to be able to install updates.

  • If you choose to revert to using the default configuration, you can reset the custom container image. Use ceph config rm to reset the configuration option:

    Syntax

    ceph config rm mgr mgr/cephadm/OPTION_NAME

    Example

    ceph config rm mgr mgr/cephadm/container_image_prometheus

Additional Resources

3.11. Launching the cephadm shell

The cephadm shell command launches a bash shell in a container with all of the Ceph packages installed. This enables you to perform “Day One” cluster setup tasks, such as installation and bootstrapping, and to invoke ceph commands.

Prerequisites

  • A storage cluster that has been installed and bootstrapped.
  • Root-level access to all nodes in the storage cluster.

Procedure

There are two ways to launch the cephadm shell:

  • Enter cephadm shell at the system prompt. This example invokes the ceph -s command from within the shell.

    Example

    [root@host01 ~]# cephadm shell
    [ceph: root@host01 /]# ceph -s

  • At the system prompt, type cephadm shell and the command you want to execute:

    Example

    [root@host01 ~]# cephadm shell ceph -s
    
    cluster:
        id:     f64f341c-655d-11eb-8778-fa163e914bcc
        health: HEALTH_OK
     
      services:
        mon: 3 daemons, quorum host01,host02,host03 (age 94m)
        mgr: host01.lbnhug(active, since 59m), standbys: host02.rofgay, host03.ohipra
        mds: 1/1 daemons up, 1 standby
        osd: 18 osds: 18 up (since 10m), 18 in (since 10m)
        rgw: 4 daemons active (2 hosts, 1 zones)
     
      data:
        volumes: 1/1 healthy
        pools:   8 pools, 225 pgs
        objects: 230 objects, 9.9 KiB
        usage:   271 MiB used, 269 GiB / 270 GiB avail
        pgs:     225 active+clean
     
      io:
        client:   85 B/s rd, 0 op/s rd, 0 op/s wr

Note

If the node contains configuration and keyring files in /etc/ceph/, the container environment uses the values in those files as defaults for the cephadm shell. If you execute the cephadm shell on a MON node, the cephadm shell inherits its default configuration from the MON container, instead of using the default configuration.

3.12. Verifying the cluster installation

Once the cluster installation is complete, you can verify that the Red Hat Ceph Storage 5 installation is running properly.

There are two ways of verifying the storage cluster installation as a root user:

  • Run the podman ps command.
  • Run the cephadm shell ceph -s.

Prerequisites

  • Root-level access to all nodes in the storage cluster.

Procedure

  • Run the podman ps command:

    Example

    [root@host01 ~]# podman ps

    Note

    In Red Hat Ceph Storage 5, the format of the systemd units has changed. In the NAMES column, the unit files now include the FSID.

  • Run the cephadm shell ceph -s command:

    Example

    [root@host01 ~]# cephadm shell ceph -s
      cluster:
        id:     f64f341c-655d-11eb-8778-fa163e914bcc
        health: HEALTH_OK
     
      services:
        mon: 3 daemons, quorum host01,host02,host03 (age 94m)
        mgr: host01.lbnhug(active, since 59m), standbys: host02.rofgay, host03.ohipra
        mds: 1/1 daemons up, 1 standby
        osd: 18 osds: 18 up (since 10m), 18 in (since 10m)
        rgw: 4 daemons active (2 hosts, 1 zones)
     
      data:
        volumes: 1/1 healthy
        pools:   8 pools, 225 pgs
        objects: 230 objects, 9.9 KiB
        usage:   271 MiB used, 269 GiB / 270 GiB avail
        pgs:     225 active+clean
     
      io:
        client:   85 B/s rd, 0 op/s rd, 0 op/s wr

    Note

    The health of the storage cluster is in HEALTH_WARN status as the hosts and the daemons are not added.

3.13. Adding hosts

Bootstrapping the Red Hat Ceph Storage installation creates a working storage cluster, consisting of one Monitor daemon and one Manager daemon within the same container. As a storage administrator, you can add additional hosts to the storage cluster and configure them.

Note

Running the preflight playbook installs podman, lvm2, chronyd, and cephadm on all hosts listed in the Ansible inventory file.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Root-level access to all nodes in the storage cluster.
  • Register the nodes to the CDN and attach subscriptions.
  • Ansible user with sudo and passwordless ssh access to all nodes in the storage cluster.

Procedure

  1. From the node that contains the admin keyring, install the storage cluster’s public SSH key in the root user’s authorized_keys file on the new host:

    Syntax

    ssh-copy-id -f -i /etc/ceph/ceph.pub root@NEWHOST

    Example

    [root@host01 ~]# ssh-copy-id -f -i /etc/ceph/ceph.pub root@host02
    [root@host01 ~]# ssh-copy-id -f -i /etc/ceph/ceph.pub root@host03

  2. Navigate to the /usr/share/cephadm-ansible directory on the Ansible administration node.

    Example

    [ansible@admin ~]$ cd /usr/share/cephadm-ansible

  3. From the Ansible administration node, add the new host to the Ansible inventory file. The default location for the file is /usr/share/cephadm-ansible/hosts. The following example shows the structure of a typical inventory file:

    Example

    [ansible@admin ~]$ cat hosts
    
    host02
    host03
    host04
    
    [admin]
    host01

    Note

    If you have previously added the new host to the Ansible inventory file and run the preflight playbook on the host, skip to step 4.

  4. Run the preflight playbook with the --limit option:

    Syntax

    ansible-playbook -i INVENTORY_FILE cephadm-preflight.yml --extra-vars "ceph_origin=rhcs" --limit NEWHOST

    Example

    [ansible@admin cephadm-ansible]$ ansible-playbook -i hosts cephadm-preflight.yml --extra-vars "ceph_origin=rhcs" --limit host02

    The preflight playbook installs podman, lvm2, chronyd, and cephadm on the new host. After installation is complete, cephadm resides in the /usr/sbin/ directory.

  5. From the bootstrap node, use the cephadm orchestrator to add the new host to the storage cluster:

    Syntax

    ceph orch host add NEWHOST

    Example

    [ceph: root@host01 /]# ceph orch host add host02
    Added host 'host02' with addr '10.10.128.69'
    [ceph: root@host01 /]# ceph orch host add host03
    Added host 'host03' with addr '10.10.128.70'

  6. Optional: You can also add nodes by IP address, before and after you run the preflight playbook. If you do not have DNS configured in your storage cluster environment, you can add the hosts by IP address, along with the host names.

    Syntax

    ceph orch host add HOSTNAME IP_ADDRESS

    Example

    [ceph: root@host01 /]# ceph orch host add host02 10.10.128.69
    Added host 'host02' with addr '10.10.128.69'

    Verification

    • View the status of the storage cluster and verify that the new host has been added. The STATUS of the hosts is blank, in the output of the ceph orch host ls command.

      Example

      [ceph: root@host01 /]# ceph orch host ls

Additional Resources

3.13.1. Using the addr option to identify hosts

The addr option offers an additional way to contact a host. Add the IP address of the host to the addr option. If ssh cannot connect to the host by its hostname, then it uses the value stored in addr to reach the host by its IP address.

Prerequisites

  • A storage cluster that has been installed and bootstrapped.
  • Root-level access to all nodes in the storage cluster.

Procedure

Run this procedure from inside the cephadm shell.

  1. Add the IP address:

    Syntax

    ceph orch host add HOSTNAME IP_ADDR

    Example

    [ceph: root@host01 /]# ceph orch host add host01 10.10.128.68

Note

If adding a host by hostname results in that host being added with an IPv6 address instead of an IPv4 address, use ceph orch host to specify the IP address of that host:

ceph orch host set-addr HOSTNAME IP_ADDR

To convert the IP address from IPv6 format to IPv4 format for a host you have added, use the following command:

ceph orch host set-addr HOSTNAME IPV4_ADDRESS

3.13.2. Adding multiple hosts

Use a YAML file to add multiple hosts to the storage cluster at the same time.

Note

Be sure to create the hosts.yaml file within a host container, or create the file on the local host and then use the cephadm shell to mount the file within the container. The cephadm shell automatically places mounted files in /mnt. If you create the file directly on the local host and then apply the hosts.yaml file instead of mounting it, you might see a File does not exist error.

Prerequisites

  • A storage cluster that has been installed and bootstrapped.
  • Root-level access to all nodes in the storage cluster.

Procedure

  1. Copy over the public ssh key to each of the hosts that you want to add.
  2. Use a text editor to create a hosts.yaml file.
  3. Add the host descriptions to the hosts.yaml file, as shown in the following example. Include the labels to identify placements for the daemons that you want to deploy on each host. Separate each host description with three dashes (---).

    Example

    service_type: host
    addr:
    hostname: host02
    labels:
    - mon
    - osd
    - mgr
    ---
    service_type: host
    addr:
    hostname: host03
    labels:
    - mon
    - osd
    - mgr
    ---
    service_type: host
    addr:
    hostname: host04
    labels:
    - mon
    - osd

  4. If you created the hosts.yaml file within the host container, invoke the ceph orch apply command:

    Example

    [root@host01 ~]# ceph orch apply -i hosts.yaml
    Added host 'host02' with addr '10.10.128.69'
    Added host 'host03' with addr '10.10.128.70'
    Added host 'host04' with addr '10.10.128.71'

  5. If you created the hosts.yaml file directly on the local host, use the cephadm shell to mount the file:

    Example

    [root@host01 ~]# cephadm shell --mount hosts.yaml -- ceph orch apply -i /mnt/hosts.yaml

  6. View the list of hosts and their labels:

    Example

    [root@host01 ~]# ceph orch host ls
    HOST      ADDR      LABELS          STATUS
    host02   host02    mon osd mgr
    host03   host03    mon osd mgr
    host04   host04    mon osd

    Note

    If a host is online and operating normally, its status is blank. An offline host shows a status of OFFLINE, and a host in maintenance mode shows a status of MAINTENANCE.

3.13.3. Adding hosts in disconnected deployments

If you are running a storage cluster on a private network and your host domain name server (DNS) cannot be reached through private IP, you must include both the host name and the IP address for each host you want to add to the storage cluster.

Prerequisites

  • A running storage cluster.
  • Root-level access to all hosts in the storage cluster.

Procedure

  1. Invoke the cephadm shell.

    Syntax

    [root@host01 ~]# cephadm shell

  2. Add the host:

    Syntax

    ceph orch host add HOST_NAME HOST_ADDRESS

    Example

    [ceph: root@host01 /]# ceph orch host add host03 10.10.128.70

3.13.4. Removing hosts

You can remove hosts of a Ceph cluster with the Ceph Orchestrators. All the daemons are removed with the drain option which adds the _no_schedule label to ensure that you cannot deploy any daemons or a cluster till the operation is complete.

Important

If you are removing the bootstrap host, be sure to copy the admin keyring and the configuration file to another host in the storage cluster before you remove the host.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Root-level access to all the nodes.
  • Hosts are added to the storage cluster.
  • All the services are deployed.
  • Cephadm is deployed on the nodes where the services have to be removed.

Procedure

  1. Log into the Cephadm shell:

    Example

    [root@host01 ~]# cephadm shell

  2. Fetch the host details:

    Example

    [ceph: root@host01 /]# ceph orch host ls

  3. Drain all the daemons from the host:

    Syntax

    ceph orch host drain HOSTNAME

    Example

    [ceph: root@host01 /]# ceph orch host drain host02

    The _no_schedule label is automatically applied to the host which blocks deployment.

  4. Check the status of OSD removal:

    Example

    [ceph: root@host01 /]# ceph orch osd rm status

    When no placement groups (PG) are left on the OSD, the OSD is decommissioned and removed from the storage cluster.

  5. Check if all the daemons are removed from the storage cluster:

    Syntax

    ceph orch ps HOSTNAME

    Example

    [ceph: root@host01 /]# ceph orch ps host02

  6. Remove the host:

    Syntax

    ceph orch rm HOSTNAME

    Example

    [ceph: root@host01 /]# ceph orch rm host02

Additional Resources

3.14. Labeling hosts

The Ceph orchestrator supports assigning labels to hosts. Labels are free-form and have no specific meanings. This means that you can use mon, monitor, mycluster_monitor, or any other text string. Each host can have multiple labels.

For example, apply the mon label to all hosts on which you want to deploy Ceph Monitor daemons, mgr for all hosts on which you want to deploy Ceph Manager daemons, rgw for Ceph Object Gateway daemons, and so on.

Labeling all the hosts in the storage cluster helps to simplify system management tasks by allowing you to quickly identify the daemons running on each host. In addition, you can use the Ceph orchestrator or a YAML file to deploy or remove daemons on hosts that have specific host labels.

Prerequisites

  • A storage cluster that has been installed and bootstrapped.

3.14.1. Adding a label to a host

You can use the Ceph orchestrator to add a label to a host. Each host can have multiple labels. Labels can be used to specify placement of daemons.

Prerequisites

  • A storage cluster that has been installed and bootstrapped.
  • Root-level access to all nodes in the storage cluster.
  • Hosts are added to the storage cluster.

Procedure

  1. Launch the cephadm shell:

    [root@host01 ~]# cephadm shell
    [ceph: root@host01 /]#
  2. Add a label to a host:

    Syntax

    ceph orch host label add HOSTNAME LABEL

    Example

    [ceph: root@host01 /]# ceph orch host label add host02 mon

Verification

  • List the hosts:

    Example

    [ceph: root@host01 /]# ceph orch host ls

3.14.2. Removing a label from a host

You can use the Ceph orchestrator to remove a label from a host.

Prerequisites

  • A storage cluster that has been installed and bootstrapped.
  • Root-level access to all nodes in the storage cluster.

Procedure

  1. Launch the cephadm shell:

    [root@host01 ~]# cephadm shell
    [ceph: root@host01 /]#
  2. Use the ceph orchestrator to remove a label from a host:

    Syntax

    ceph orch host label rm HOSTNAME LABEL

    Example

    [ceph: root@host01 /]# ceph orch host label rm host02 mon

Verification

  • List the hosts:

    Example

    [ceph: root@host01 /]# ceph orch host ls

3.14.3. Using host labels to deploy daemons on specific hosts

You can use host labels to deploy daemons to specific hosts. There are two ways to use host labels to deploy daemons on specific hosts:

  • By using the --placement option from the command line.
  • By using a YAML file.

Prerequisites

  • A storage cluster that has been installed and bootstrapped.
  • Root-level access to all nodes in the storage cluster.

Procedure

  1. Log into the Cephadm shell:

    Example

    [root@host01 ~]# cephadm shell

  2. List current hosts and labels:

    Example

    [ceph: root@host01 /]# ceph orch host ls
    HOST      ADDR     LABELS               STATUS
    host01              _admin mon osd mgr
    host02              mon osd mgr mylabel

    • Method 1: Use the --placement option to deploy a daemon from the command line:

      Syntax

      ceph orch apply DAEMON --placement="label:LABEL"

      Example

      [ceph: root@host01 /]# ceph orch apply prometheus --placement="label:mylabel"

    • Method 2 To assign the daemon to a specific host label in a YAML file, specify the service type and label in the YAML file:

      1. Create the placement.yml file:

        Example

        [ceph: root@host01 /]# vi placement.yml

      2. Specify the service type and label in the placement.yml file:

        Example

        service_type: prometheus
        placement:
          label: "mylabel"

      3. Apply the daemon placement file:

        Syntax

        ceph orch apply -i FILENAME

        Example

        [ceph: root@host01 /]# ceph orch apply -i placement.yml
        Scheduled prometheus update…

Verification

  • List the status of the daemons:

    Syntax

    ceph orch ps --daemon_type=DAEMON_NAME

    Example

    [ceph: root@host01 /]# ceph orch ps --daemon_type=prometheus
    NAME               HOST   PORTS   STATUS        REFRESHED  AGE  MEM USE  MEM LIM  VERSION  IMAGE ID      CONTAINER ID
    prometheus.host02  host02  *:9095  running (2h)     8m ago   2h    85.3M        -  2.22.2   ac25aac5d567  ad8c7593d7c0

3.15. Adding Monitor service

A typical Red Hat Ceph Storage storage cluster has three or five monitor daemons deployed on different hosts. If your storage cluster has five or more hosts, Red Hat recommends that you deploy five Monitor nodes.

Note

In the case of a firewall, see the Firewall settings for Ceph Monitor node section of the Red Hat Ceph Storage Configuration Guide for details.

Note

The bootstrap node is the initial monitor of the storage cluster. Be sure to include the bootstrap node in the list of hosts to which you want to deploy.

Note

If you want to apply Monitor service to more than one specific host, be sure to specify all of the host names within the same ceph orch apply command. If you specify ceph orch apply mon --placement host1 and then specify ceph orch apply mon --placement host2, the second command removes the Monitor service on host1 and applies a Monitor service to host2.

If your Monitor nodes or your entire cluster are located on a single subnet, then cephadm automatically adds up to five Monitor daemons as you add new hosts to the cluster. cephadm automatically configures the Monitor daemons on the new hosts. The new hosts reside on the same subnet as the first (bootstrap) host in the storage cluster. cephadm can also deploy and scale monitors to correspond to changes in the size of the storage cluster.

Prerequisites

  • Root-level access to all hosts in the storage cluster.
  • A running storage cluster.

Procedure

  1. Apply the five Monitor daemons to five random hosts in the storage cluster:

    ceph orch apply mon 5
  2. Disable automatic Monitor deployment:

    ceph orch apply mon --unmanaged

3.15.1. Adding Monitor nodes to specific hosts

Use host labels to identify the hosts that contain Monitor nodes.

Prerequisites

  • Root-level access to all nodes in the storage cluster.
  • A running storage cluster.

Procedure

  1. Assign the mon label to the host:

    Syntax

    ceph orch host label add HOSTNAME mon

    Example

    [ceph: root@host01 /]# ceph orch host label add host01 mon

  2. View the current hosts and labels:

    Syntax

    ceph orch host ls

    Example

    [ceph: root@host01 /]# ceph orch host label add host02 mon
    [ceph: root@host01 /]# ceph orch host label add host03 mon
    [ceph: root@host01 /]# ceph orch host ls
    HOST   ADDR   LABELS  STATUS
    host01        mon
    host02        mon
    host03        mon
    host04
    host05
    host06

  3. Deploy monitors based on the host label:

    Syntax

    ceph orch apply mon label:mon

  4. Deploy monitors on a specific set of hosts:

    Syntax

    ceph orch apply mon HOSTNAME1,HOSTNAME2,HOSTNAME3

    Example

    [root@host01 ~]# ceph orch apply mon host01,host02,host03

    Note

    Be sure to include the bootstrap node in the list of hosts to which you want to deploy.

3.16. Setting up the admin node

Use an admin node to administer the storage cluster.

An admin node contains both the cluster configuration file and the admin keyring. Both of these files are stored in the directory /etc/ceph and use the name of the storage cluster as a prefix.

For example, the default ceph cluster name is ceph. In a cluster using the default name, the admin keyring is named /etc/ceph/ceph.client.admin.keyring. The corresponding cluster configuration file is named /etc/ceph/ceph.conf.

To set up additional hosts in the storage cluster as admin nodes, apply the _admin label to the host you want to designate as an administrator node.

Note

By default, after applying the _admin label to a node, cephadm copies the ceph.conf and client.admin keyring files to that node. The _admin label is automatically applied to the bootstrap node unless the --skip-admin-label option was specified with the cephadm bootstrap command.

Prerequisites

  • A running storage cluster with cephadm installed.
  • The storage cluster has running Monitor and Manager nodes.
  • Root-level access to all nodes in the cluster.

Procedure

  1. Use ceph orch host ls to view the hosts in your storage cluster:

    Example

    [root@host01 ~]# ceph orch host ls
    HOST   ADDR   LABELS  STATUS
    host01        mon,mgr,_admin
    host02        mon
    host03        mon,mgr
    host04
    host05
    host06

  2. Use the _admin label to designate the admin host in your storage cluster. For best results, this host should have both Monitor and Manager daemons running.

    Syntax

    ceph orch host label add HOSTNAME _admin

    Example

    [root@host01 ~]#  ceph orch host label add host03 _admin

  3. Verify that the admin host has the _admin label.

    Example

    [root@host01 ~]#  ceph orch host ls
    HOST   ADDR   LABELS  STATUS
    host01        mon,mgr,_admin
    host02        mon
    host03        mon,mgr,_admin
    host04
    host05
    host06

  4. Log in to the admin node to manage the storage cluster.

3.16.1. Deploying Ceph monitor nodes using host labels

A typical Red Hat Ceph Storage storage cluster has three or five Ceph Monitor daemons deployed on different hosts. If your storage cluster has five or more hosts, Red Hat recommends that you deploy five Ceph Monitor nodes.

If your Ceph Monitor nodes or your entire cluster are located on a single subnet, then cephadm automatically adds up to five Ceph Monitor daemons as you add new nodes to the cluster. cephadm automatically configures the Ceph Monitor daemons on the new nodes. The new nodes reside on the same subnet as the first (bootstrap) node in the storage cluster. cephadm can also deploy and scale monitors to correspond to changes in the size of the storage cluster.

Note

Use host labels to identify the hosts that contain Ceph Monitor nodes.

Prerequisites

  • Root-level access to all nodes in the storage cluster.
  • A running storage cluster.

Procedure

  1. Assign the mon label to the host:

    Syntax

    ceph orch host label add HOSTNAME mon

    Example

    [ceph: root@host01 /]# ceph orch host label add host02 mon
    [ceph: root@host01 /]# ceph orch host label add host03 mon

  2. View the current hosts and labels:

    Syntax

    ceph orch host ls

    Example

    [ceph: root@host01 /]# ceph orch host ls
    HOST   ADDR   LABELS  STATUS
    host01        mon,mgr,_admin
    host02        mon
    host03        mon
    host04
    host05
    host06

    • Deploy Ceph Monitor daemons based on the host label:

      Syntax

      ceph orch apply mon label:mon

    • Deploy Ceph Monitor daemons on a specific set of hosts:

      Syntax

      ceph orch apply mon HOSTNAME1,HOSTNAME2,HOSTNAME3

      Example

      [ceph: root@host01 /]# ceph orch apply mon host01,host02,host03

      Note

      Be sure to include the bootstrap node in the list of hosts to which you want to deploy.

3.16.2. Adding Ceph Monitor nodes by IP address or network name

A typical Red Hat Ceph Storage storage cluster has three or five monitor daemons deployed on different hosts. If your storage cluster has five or more hosts, Red Hat recommends that you deploy five Monitor nodes.

If your Monitor nodes or your entire cluster are located on a single subnet, then cephadm automatically adds up to five Monitor daemons as you add new nodes to the cluster. You do not need to configure the Monitor daemons on the new nodes. The new nodes reside on the same subnet as the first node in the storage cluster. The first node in the storage cluster is the bootstrap node. cephadm can also deploy and scale monitors to correspond to changes in the size of the storage cluster.

Prerequisites

  • Root-level access to all nodes in the storage cluster.
  • A running storage cluster.

Procedure

  1. To deploy each additional Ceph Monitor node:

    Syntax

    ceph orch apply mon NODE:IP_ADDRESS_OR_NETWORK_NAME [NODE:IP_ADDRESS_OR_NETWORK_NAME...]

    Example

    [ceph: root@host01 /]# ceph orch apply mon host02:10.10.128.69 host03:mynetwork

3.17. Adding Manager service

cephadm automatically installs a Manager daemon on the bootstrap node during the bootstrapping process. Use the Ceph orchestrator to deploy additional Manager daemons.

The Ceph orchestrator deploys two Manager daemons by default. To deploy a different number of Manager daemons, specify a different number. If you do not specify the hosts where the Manager daemons should be deployed, the Ceph orchestrator randomly selects the hosts and deploys the Manager daemons to them.

Note

If you want to apply Manager daemons to more than one specific host, be sure to specify all of the host names within the same ceph orch apply command. If you specify ceph orch apply mgr --placement host1 and then specify ceph orch apply mgr --placement host2, the second command removes the Manager daemon on host1 and applies a Manager daemon to host2.

Red Hat recommends that you use the --placement option to deploy to specific hosts.

Prerequisites

  • A running storage cluster.

Procedure

  • To specify that you want to apply a certain number of Manager daemons to randomly selected hosts:

    Syntax

    ceph orch apply mgr NUMBER_OF_DAEMONS

    Example

    [ceph: root@host01 /]# ceph orch apply mgr 3

  • To add Manager daemons to specific hosts in your storage cluster:

    Syntax

    ceph orch apply mgr --placement "HOSTNAME1 HOSTNAME2 HOSTNAME3"

    Example

    [ceph: root@host01 /]# ceph orch apply mgr --placement "host02 host03 host04"

3.18. Adding OSDs

Cephadm will not provision an OSD on a device that is not available. A storage device is considered available if it meets all of the following conditions:

  • The device must have no partitions.
  • The device must not be mounted.
  • The device must not contain a file system.
  • The device must not contain a Ceph BlueStore OSD.
  • The device must be larger than 5 GB.
Important

By default, the osd_memory_target_autotune parameter is set to true in Red Hat Ceph Storage 5.1. For more information about tuning OSD memory, see the Automatically tuning OSD memory section in the Red Hat Ceph Storage Operations Guide.

Important

In Red Hat Ceph Storage 5.0, due to known bugs, pre-created LVM disks are not supported for OSD, DB, or WAL deployment.

Starting with Red Hat Ceph Storage 5.1, pre-created LVM disks are supported for OSD deployment, including DB and WAL devices.

Prerequisites

  • A running Red Hat Ceph Storage cluster.

Procedure

  1. List the available devices to deploy OSDs:

    Syntax

    ceph orch device ls [--hostname=HOSTNAME1 HOSTNAME2] [--wide] [--refresh]

    Example

    [ceph: root@host01 /]# ceph orch device ls --wide --refresh

  2. You can either deploy the OSDs on specific hosts or on all the available devices:

    • To create an OSD from a specific device on a specific host:

      Syntax

      ceph orch daemon add osd HOSTNAME:DEVICE_PATH

      Example

      [ceph: root@host01 /]# ceph orch daemon add osd host02:/dev/sdb

    • To deploy OSDs on any available and unused devices, use the --all-available-devices option.

      Example

      [ceph: root@host01 /]# ceph orch apply osd --all-available-devices

Note

This command creates colocated WAL and DB daemons. If you want to create non-colocated daemons, do not use this command.

Additional Resources

3.19. Deploying client nodes

As a storage administrator, you can deploy client nodes by running the cephadm-preflight.yml and cephadm-clients.yml playbooks. The cephadm-preflight.yml playbook configures the Ceph repository and prepares the storage cluster for bootstrapping. It also installs some prerequisites, such as podman, lvm2, chronyd, and cephadm. The cephadm-clients.yml playbook handles the distribution of configuration and keyring files to a group of Ceph clients.

Note

If you are not using the cephadm-ansible playbooks, after upgrading your Ceph cluster, you must upgrade the ceph-common package and client libraries on your client nodes. For more information, see Upgrading the Red Hat Ceph Storage cluster section in the Red Hat Ceph Storage Upgrade Guide.

Prerequisites

  • Root-level access to the Ansible administration node.
  • Ansible user with sudo and passwordless SSH access to all nodes in the storage cluster.
  • Installation of the cephadm-ansible package.
  • The [admin] group is defined in the inventory file with a node where the admin keyring is present at /etc/ceph/ceph.client.admin.keyring.

Procedure

  1. As an Ansible user, navigate to the /usr/share/cephadm-ansible directory on the Ansible administration node.

    Example

    [ansible@admin ~]$ cd /usr/share/cephadm-ansible

  2. Open and edit the hosts inventory file and add the [clients] group and clients to your inventory:

    Example

    host02
    host03
    host04
    
    [clients]
    client01
    client02
    client03
    
    [admin]
    host01

  3. Run the cephadm-preflight.yml playbook to install the prerequisites on the clients:

    Syntax

    ansible-playbook -i INVENTORY_FILE cephadm-preflight.yml --limit CLIENT_GROUP_NAME|CLIENT_NODE_NAME

    Example

    [ansible@admin cephadm-ansible]$ ansible-playbook -i hosts cephadm-preflight.yml --limit clients

  4. Run the cephadm-clients.yml playbook to distribute the keyring and Ceph configuration files to a set of clients.

    1. To copy the keyring with a custom destination keyring name:

      Syntax

      ansible-playbook -i INVENTORY_FILE cephadm-clients.yml --extra-vars '{"fsid":"FSID","keyring":"KEYRING_PATH","client_group":"CLIENT_GROUP_NAME","conf":"CEPH_CONFIGURATION_PATH","keyring_dest":"KEYRING_DESTINATION_PATH"}'

      • Replace INVENTORY_FILE with the Ansible inventory file name.
      • Replace FSID with the FSID of the cluster.
      • Replace KEYRING_PATH with the full path name to the keyring on the admin host that you want to copy to the client.
      • Optional: Replace CLIENT_GROUP_NAME with the Ansible group name for the clients to set up.
      • Optional: Replace CEPH_CONFIGURATION_PATH with the full path to the Ceph configuration file on the admin node.
      • Optional: Replace KEYRING_DESTINATION_PATH with the full path name of the destination where the keyring will be copied.

        Note

        If you do not specify a configuration file with the conf option when you run the playbook, the playbook generates and distributes a minimal configuration file. By default, the generated file is located at /etc/ceph/ceph.conf.

        Example

        [ansible@host01 cephadm-ansible]$ ansible-playbook -i hosts cephadm-clients.yml --extra-vars '{"fsid":"266ee7a8-2a05-11eb-b846-5254002d4916","client_group":"clients","keyring":"/etc/ceph/ceph.client.admin.keyring","conf":"/etc/ceph/ceph.conf","keyring_dest":"/etc/ceph/custom.name.ceph.keyring"}'

    2. To copy a keyring with the default destination keyring name of ceph.keyring and using the default group of clients:

      Syntax

      ansible-playbook -i INVENTORY_FILE cephadm-clients.yml --extra-vars '{"fsid":"FSID","keyring":"KEYRING_PATH","conf":"CEPH_CONFIGURATION_PATH"}'

      Example

      [ansible@host01 cephadm-ansible]$ ansible-playbook -i hosts cephadm-clients.yml --extra-vars '{"fsid":"266ee7a8-2a05-11eb-b846-5254002d4916","keyring":"/etc/ceph/ceph.client.admin.keyring","conf":"/etc/ceph/ceph.conf"}'

Verification

  • Log into the client nodes and verify that the keyring and configuration files exist.

    Example

    [user@client01 ~]# ls -l /etc/ceph/
    
    -rw-------. 1 ceph ceph 151 Jul 11 12:23 custom.name.ceph.keyring
    -rw-------. 1 ceph ceph 151 Jul 11 12:23 ceph.keyring
    -rw-------. 1 ceph ceph 269 Jul 11 12:23 ceph.conf

Additional Resources

  • For more information about admin keys, see the Ceph User Management section in the Red Hat Ceph Storage Administration Guide.
  • For more information about the cephadm-preflight playbook, see the Running the preflight playbook section in the Red Hat Ceph Storage Installation Guide.

3.20. Purging the Ceph storage cluster

Purging the Ceph storage cluster clears any data or connections that remain from previous deployments on your server. This Ansible script removes all daemons, logs, and data that belong to the fsid passed to the script from all hosts in the storage cluster.

Important

This process works only if the cephadm binary is installed on all hosts in the storage cluster.

The Ansible inventory file lists all the hosts in your cluster and what roles each host plays in your Ceph storage cluster. The default location for an inventory file is /usr/share/cephadm-ansible/hosts, but this file can be placed anywhere.

The following example shows the structure of an inventory file:

Example

host02
host03
host04

[admin]
host01

[clients]
client01
client02
client03

Prerequisites

  • A running bootstrap node.
  • Ansible 2.9 or later is installed on the bootstrap node.
  • Root-level access to the Ansible administration node.
  • Ansible user with sudo and passwordless ssh access to all nodes in the storage cluster.
  • The [admin] group is defined in the inventory file with a node where the admin keyring is present at /etc/ceph/ceph.client.admin.keyring.

Procedure

  • As an Ansible user on the bootstrap node, run the purge script:

    Syntax

    ansible-playbook -i hosts cephadm-purge-cluster.yml -e fsid=FSID -vvv

    Example

    [ansible@host01 cephadm-ansible]$ ansible-playbook -i hosts cephadm-purge-cluster.yml -e fsid=a6ca415a-cde7-11eb-a41a-002590fc2544 -vvv

When the script has completed, the entire storage cluster, including all OSD disks, will have been removed from all hosts in the cluster.