Introduction
Caph is the future of data storage whether it was objects, blocks or a file system. It provides a great alternative to self-hosted solutions such as GlusterFS in the realm of file systems and to managed services such as AWS S3 as an object storage where it makes more sense to host your own data because you have to store it on private cloud or simply to reduce costs as S3 costs sometimes grow to be pretty insane.
Environment setup
I used Vagrant to create a declarative configuration of my environment.
My setup consist of three virtual machines with Ubuntu 20.04 and attached disk storage of 10 GiB to each one of them (except the first machine it has two disks). Ceph documentation says the minimum disk size is 5 GiB but I had problems in the past working with storage less than 10 GiB so I wanted to be in the safe side.
I gave the admin host more memory than the others because it's the one I mainly interact with and I wanted to make it fast and smooth as possible.
# Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
num_of_nodes = 3
(0..(num_of_nodes - 1)).each do |node|
node_name = "ceph-#{node + 1}"
config.vm.define node_name do |ceph_node|
ceph_node.vm.box = "ubuntu/focal64"
ceph_node.vm.hostname = node_name
ceph_node.vm.network "private_network", type: "dhcp"
ceph_node.vm.disk :disk, size: "10GB", name: "ceph_storage"
# CephFS
ceph_node.vm.disk :disk, size: "10GB", name: "ceph_storage_extra" if node == 0
ceph_node.vm.provision "shell", path: "install-docker.sh"
ceph_node.vm.provision "shell", inline: "timedatectl set-ntp on"
ceph_node.vm.provider "virtualbox" do |vb|
vb.memory = node == 0 ? "3072" : "2048"
end
end
end
end
I used cephadm to create my Ceph cluster, which requires Docker (or Podman) to be installed on the machine I want to run it on so I made Vagrant execute install-docker.sh on all the virtual machines it creates but I edited it to suit my needs.
# install-docker.sh
#!/bin/sh
set -o errexit
set -o nounset
IFS=$(printf '\n\t')
apt remove --yes docker docker-engine docker.io containerd runc || true
apt update
apt --yes --no-install-recommends install apt-transport-https ca-certificates
wget --quiet --output-document=- https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository --yes "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release --codename --short) stable"
apt update
apt --yes --no-install-recommends install docker-ce docker-ce-cli containerd.io
systemctl enable docker
printf '\nDocker installed successfully\n\n'
I also activated time synchronization on all the hosts in the Vagrantfile because it was disabled for some reason and Ceph requires it to be activated.
$ timedatectl set-ntp on
After running vagrant up you should have three virtual machines on a private network which is also accessible from your host machine in something like this:
ceph-1 (admin)
IPv4 address for enp0s8: 172.28.128.7
ceph-2
IPv4 address for enp0s8: 172.28.128.8
ceph-3
IPv4 address for enp0s8: 172.28.128.9
Creating the cluster
On the host machine:
vagrant ssh ceph-1
To create our Ceph cluster using cephadm we have to download the script from Github on the admin host machine and make it executable:
curl --silent --remote-name --location https://github.com/ceph/ceph/raw/pacific/src/cephadm/cephadm
chmod +x cephadm
The script itself is sufficient enough to bootstrap the cluster but it's more convenient to install it as a package on the system.
./cephadm add-repo --release pacific
./cephadm install
After that we can bootstrap our cluster safely:
cephadm bootstrap --mon-ip 172.28.128.7 --ssh-user vagrant
Obviously 172.28.128.7 is the IP of the admin host (current host).
From Ceph documentation:
The --ssh-user option makes it possible to choose which ssh user cephadm will use to connect to hosts. The associated ssh key will be added to /home//.ssh/authorized_keys. The user that you designate with this option must have passwordless sudo access.
This is slightly off-topic but Vagrant by default creates a passwordless sudo and passwordless SSH access to the virtual machines in creates, the SSH access is possible through private key which it creates and puts in .vagrant/machines/*<machine name>*/virtualbox/private_key in the host Vagrantfile directory. Vagrant also maps Vagrantfile directory to /vagrant in the guest virtual machine, so for example ceph-3 host private SSH key is located in ceph-1 host in directory /vagrant/.vagrant/machines/ceph-3/virtualbox/private_key
Anyway, back to Ceph, after running the bootstrap command you should get your dashboard credentials:
After that, from your host machine, replace ceph-1 with the IP of the virtual machine of your admin host in order to access the dashboard. The dashboard will ask you to change your password to a new one do it and make sure you can access the dashboard successfully.
If everything run smoothly we can now add new hosts to the cluster.
First we run ssh-agent
eval $(ssh-agent)
Then we add the private keys of the other virtual machines (ceph-2 and ceph-3) we want to add to the cluster.
ssh-add /vagrant/.vagrant/machines/ceph-2/virtualbox/private_key
ssh-add /vagrant/.vagrant/machines/ceph-3/virtualbox/private_key
We now copy Ceph public keys to authorized_keys in the other virtual machines to make Ceph able to access those machines and add them to the cluster.
ssh-copy-id -f -i /etc/ceph/ceph.pub vagrant@172.28.128.9
ssh-copy-id -f -i /etc/ceph/ceph.pub vagrant@172.28.128.8
Add them to the clusters.
sudo ceph orch host add ceph-2 172.28.128.8
sudo ceph orch host add ceph-3 172.28.128.9
Notice that the hostname should match the hostname on those machines.
It might take some time (couple of minutes in my case) for Ceph to pull all the images and run all the containers on those machines in order to be added to the cluster.
Make sure all the other hosts are added you should open the dashboard and get something like this:
Notice that the cluster health is yellow because there's no storage yet Ceph can use to store data in it.
Finally in order to add the disks we attached earlier we have to deploy OSD Service.
sudo ceph orch apply osd --all-available-devices
It might take some time (couple of minutes too) until it propagate in the three hosts and add their attached disks.
After that your cluster status should be healthy and you can run object storage services and file system services in your cluster.
Object Storage
To use the Object Gateway a RGW service must be running.
ceph orch apply rgw s3
You should also create a radosgw user in order to access the object gateway service whether it was from an API or from Ceph dashboard.
ceph dashboard set-rgw-credentials
radosgw-admin user create --uid="ahmed" --display-name="Ahmed Khaled" --system
You should get a result similar to this:
{
"user_id": "ahmed",
"display_name": "Ahmed Khaled",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"subusers": [],
"keys": [
{
"user": "ahmed",
"access_key": "05LT3KPECW7E30X2P4UO",
"secret_key": "bBEJBxiM6JkRDUzCpGzN7EkGaVr9qSjqlDdNZWMp"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"system": "true",
"default_placement": "",
"default_storage_class": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}
The access_key and secret_key are what we care about the most in the result.
In order to access the object gateway from the dashboard we should import the access key and the secret key.
echo 05LT3KPECW7E30X2P4UO > /tmp/access_key
echo bBEJBxiM6JkRDUzCpGzN7EkGaVr9qSjqlDdNZWMp > /tmp/secret_key
ceph dashboard set-rgw-api-access-key -i /tmp/access_key
ceph dashboard set-rgw-api-secret-key -i /tmp/secret_key
Test Ceph S3-like API using boto
In your host machine setup a virtual Python environment using virtualenv in any directory you want.
virtualenv --python=python2.7 .venv
source .venv/bin/activate
pip install boto
I used Python 2.7 because it's what the official documentation supports but I do't think there would ny any issue for Python 3 and boto3 to work with Ceph API.
To make it more real-world-like I added the IP of the Ceph admin virtual machine to my /etc/hosts and named it 'objects.lan'
For more information about private networks and private domains check my article on this topic.
172.28.128.7 objects.lan
After that create the Python test file.
# s3.py
import boto
import boto.s3.connection
# This is for quick demonstration purpose
# Never write your credentials in a code
access_key = '05LT3KPECW7E30X2P4UO'
secret_key = 'bBEJBxiM6JkRDUzCpGzN7EkGaVr9qSjqlDdNZWMp'
host = 'objects.lan' # /etc/hosts
conn = boto.connect_s3(
aws_access_key_id = access_key,
aws_secret_access_key = secret_key,
host = host,
is_secure=False, # uncomment if you are not using ssl
calling_format = boto.s3.connection.OrdinaryCallingFormat(),
)
# Create a new nucket
bucket = conn.create_bucket('my-new-bucket')
# List all buckets
for bucket in conn.get_all_buckets():
print("{name}\t{created}".format(
name = bucket.name,
created = bucket.creation_date,
))
# Add object to bucket
key = bucket.new_key('hello.txt')
key.set_contents_from_string('Hello World!\n')
# Generate a presigned URL
object_key = bucket.get_key('hello.txt')
# Make the url available for 20 seconds only
object_url = object_key.generate_url(20, query_auth=True, force_http=True)
print(object_url)
Run it and you should get a similar result.
$ python s3.py
my-new-bucket 2021-10-08T13:37:03.013Z
http://objects.lan/my-new-bucket/hello.txt?Signature=4ukxcnWqcNjbRKbF1gJ8%2FQ9eJMI%3D&Expires=1633873445&AWSAccessKeyId=05LT3KPECW7E30X2P4UO
Test it
$ for i in {1..5}; do curl 'http://objects.lan/my-new-bucket/hello.txt?Signature=4ukxcnWqcNjbRKbF1gJ8%2FQ9eJMI%3D&Expires=1633873445&AWSAccessKeyId=05LT3KPECW7E30X2P4UO'; sleep 5; done
Hello World!
Hello World!
Hello World!
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><RequestId>tx000000000000000000043-006162f2c5-455c5-default</RequestId><HostId>455c5-default-default</HostId></Error><?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><RequestId>tx000000000000000000044-006162f2ca-455c5-default</RequestId><HostId>455c5-default-default</HostId></Error
File System
Creating and testing the files system is much easier and more straightforward.
To create a file system named cfs
ceph fs volume create cfs
Create a client to access the file system
ceph fs authorize cfs client.cfs / rw > /etc/ceph/ceph.client.cfs.keyring
Test it
mkdir /mnt/mycephfs/test
Now in the dashboard:
Notes
You can send commands to Ceph clusters from a client host.
AWS uses SSD (as in
gp2andgp3types) doesn't work natievly with Ceph but there's a workaround for this using ceph-volume.Ceph is designed by default to be highly available so it by default expects multiple nodes with multiple disks however it can be configured to work in a single node environment.
Top comments (0)