新版使用cephadm安装ceph octopus

admin

Ceph集群基础库安装
步骤：
7 s+ y- E: t4 {' C  \2-1. 安装配置其它基础包，pip、deltarpm、ceph-common  
0 |  B! h$ B4 D: r1 d2-2. 防火墙规则添加

2-1 安装配置其它基础包，pip、deltarpm、ceph-common

1. sed -i 's/^SELINUX\=.*/SELINUX=disabled/g' /etc/selinux/config2.  yum install -y python3 epel-release ceph-mgr-dashboard ceph-common    pip3 install --upgrade pip3. yum install -y snappy leveldb gdisk python3-ceph-argparse python3-flask gperftools-libs4. yum install -y ceph
& Y7 R/ W9 E3 ~/ s$ [$ U
& G; W7 c3 Y7 D3 O) Q$ x# X( D" S2-2 防火墙规则添加

bash> firewall-cmd --zone=public --add-service=ceph-mon --permanentbash> firewall-cmd --zone=public --add-service=ceph --permanentbash> firewall-cmd --zone=public --add-service=ntp --permanentbash> firewall-cmd --reload
附：ceph相关使端口列表
　　CephMonitor(ceph-mon)：3300、6789(TCP)
1 I8 v* Q- t. I　　CephManager(ceph-mgr)：6800、6801、以及一个自定义Web端口(TCP)
　　CephOSD(ceph-osd): 6800->7300(TCP)
- P$ |; ?2 N7 V  k以上为止，则整个ceph集群的基础依赖环境都安装好。

Cephadm使用podman容器和systemd安装和管理Ceph分布式集群，并与CLI和仪表板GUI紧密集成。
•cephadm仅支持octopus  v15.2.0或者更高版本。
•cephadm与新的业务流程API完全集成，并完全支持新的CLI和仪表板功能来管理集群部署。
: h. u* D* J) Q7 x•cephadm需要容器支持（podman或docker）和Python 3。
+ r  L, p! H- ]! a/ Q$ X+ X0 G•时间同步

这里使用的centos8来安装的ceph
7 i8 l3 a5 `0 j# r% p/ u# h, l
1 N0 r$ o. z) X5 M+ q4 Z9 X) H配置hosts解析cat >> /etc/hosts <<EOF192.168.8.65 node1192.168.8.66 node2192.168.8.67 node3EOF关闭selinux
5 P- T/ C/ Q6 g' _1 u9 {1 osetenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config设置主机名hostnamectl set-hostname node1安装podmandnf install -y podman
, v: @9 O! ]* v0 y9 a安装cephadm
/ q  {! ^# F! {cephadm命令可以
1.引导新集群
2.使用有效的Ceph CLI启动容器化的Shell
3.帮助调试容器化的Ceph守护进程。
. W' S5 @4 y1 J1 b1 _
以下操作只在一台节点执行就可以
# ?: }7 q( l% V1 N2 Y% i( \curl --silent --remote-name --location https://github.com/ceph/ceph/raw/octopus/src/cephadm/cephadm
chmod +x cephadm
! O. V% W  h* J8 Q安装cephadmn
6 N% s- k7 A; M. [* a# ~' l" T./cephadm add-repo --release octopus
+ |' ?: @( N7 ?./cephadm install
要引导群集，需要先创建一个目录：/etc/ceph
. Z5 k; T6 u6 E) A: e* N; k- O( ?mkdir -p /etc/ceph
6 W9 X7 s) C1 t' _. q0 K% n0 Y然后运行该命令：ceph bootstrap
6 l; @' W5 o  S6 j! Zcephadm bootstrap --mon-ip 192.168.8.65
& ]2 C, r/ a5 c" _) r4 k4 v

0 J7 J. Z1 T# `6 j3 o  G' s此命令将会进行以下操作：
4 y5 j9 g8 P4 l  c/ P7 R为本地主机上的新群集创建monitor和manager守护程序。
, n: I5 ~, t8 g/ N; ?* F  k为 Ceph 群集生成新的 SSH 密钥，并将其添加到root用户的文件/root/.ssh/authorized_keys
2 X! W( ~  _) K0 o, }8 A1 p- G将与新群集通信所需的最小配置文件保存到 /etc/ceph/ceph.conf
将client.admin管理（特权！）密钥的副本写入/etc/ceph/ceph.client.admin.keyring
将公钥的副本写入/etc/ceph/ceph.pub
安装完成后会有一个dashboard界面


执行完成后我们可以查看ceph.conf已经写入了
; x) `3 H) M2 F& o- \2 S
0 b: i' J% Q" p$ I, O5 a' \
启用 CEPH CLI
6 q# N" L4 H0 S3 y1 n! R$ h9 o! Gcephadm shell命令在安装了所有Ceph包的容器中启动bash shell。默认情况下，如果在主机上的/etc/ceph中找到配置和keyring文件，则会将它们传递到容器环境中，以便shell完全正常工作。
) {$ h2 S( G" h  [cephadm shell

& [4 e7 N$ a# Z& ?" h1 n' U4 k1 p可以在节点上安装包含所有 ceph 命令的包，包括 、（用于安装 CephFS 文件系统）等
cephadm add-repo --release octopus
5 P: ?3 ~: ~: ~# _1 h6 r. Icephadm install ceph-common
; [% c! i4 ], v. \/ l
安装过程很慢，可以手动将源改为本地镜像：
2 l: F5 g+ n) C; J/ ^% o; L& ]! n8 ]
添加主机到集群
  O( G/ q- @8 r+ }将公钥添加到新主机
+ A. S9 K, x0 ?/ K. c! `ssh-copy-id -f -i /etc/ceph/ceph.pub node2
7 w( g" R6 _8 W5 a, q7 jssh-copy-id -f -i /etc/ceph/ceph.pub node3
; s" U6 ^% M; i# Q. d* S1 U* a0 z
4 d" o5 _7 V4 c' F' l# ]
告诉Ceph，新节点是集群的一部分
[root@localhost ~]# ceph orch host add node2
9 r; M, f0 ~5 l& c, \& @: cAdded host 'node2'
- H/ h: o4 u% x4 z) i5 e[root@localhost ~]# ceph orch host add node3
" J9 e+ `" n6 _4 |& G$ p# uAdded host 'node3'
, }) u, Y: l% E% l: V) {
添加主机会自动扩展mon和mgr节点



部署其他监视器（可选）
& h5 }2 z! [2 }典型的 Ceph 群集具有三个或五个分布在不同主机的mon守护程序。如果群集中有五个或更多节点，建议部署五个mon。
! w! H" t0 w: n6 ?4 e当Ceph知道mon应该使用什么IP子网时，它可以随着群集的增长（或收缩）自动部署和缩放mon。默认情况下，Ceph假定其他mon使用与第一个mon的IP相同的子网。
( |- X( L1 H6 }0 w* v$ e在单个子网的情况下，如果向集群中添加主机，默认最多只会添加5个mon 如果有特定的IP子网给mon使用，可以使用CIDR格式配置该子网：
) X: Q! Y" T7 P4 J+ s& O% Z0 p. {
ceph config set mon public_network 10.1.2.0/24
cephadm只会在配置了特定子网IP的主机上部署mon守护程序 如果要调整特定子网mon的默认数量，可以执行以下命令：
ceph orch apply mon *<number-of-monitors>*
7 y5 O7 N9 B4 L如果要在一组特定的主机上部署mon，可以执行以下命令：
ceph orch apply mon *<host1,host2,host3,...>*
如果要查看当前主机和标签，可以执行以下命令：
7 I9 z) @0 C2 N8 l" {% O1 E) T4 L
$ Y4 p( Z- N9 O8 M[root@node1 ~]# ceph orch host ls
# F3 `: [, Z: S3 N! ]HOST   ADDR   LABELS  STATUS  
node1  node1                  
/ b; ?/ S! E$ X, h6 u; ]4 p0 \2 d7 enode2  node2                  
node3  node3  
如果要禁用自动mon部署，执行以下命令：
- {9 G4 I/ J3 o5 Mceph orch apply mon --unmanaged
* U! u4 F6 ^' U9 n3 ]8 n+ b要在不同网络中添加mon执行以下命令：
: L) Q. H2 x0 m, S7 E( ~+ i( I8 xceph orch apply mon --unmanaged
' Q" t2 v6 ^4 e* [3 uceph orch daemon add mon node2:192.168.8.66
6 f2 m7 j& g+ l4 K6 Kceph orch daemon add mon node2:192.168.17.0/24

如果要添加mon到多个主机，也可以用以下命令：
ceph orch apply mon "host1,host2,host3"

部署OSD
可以用以下命令显示集群中的存储设备清单
ceph orch device ls

如果满足以下所有_条件_，则存储设备被视为可用：
  ]' U% F( `/ s9 v4 u: x设备必须没有分区。
# U' q4 r  \) q% o" F5 q" H" v5 S) P设备不得具有任何 LVM 状态。
8 H6 X+ x' Z8 J& W" l不得安装设备。
设备不能包含文件系统。
& j* d. {. \! \设备不得包含 Ceph BlueStore OSD。
设备必须大于 5 GB。
  ^& m8 j. \- WCeph 拒绝在不可用的设备上预配 OSD。为保证能成功添加osd，我刚才在每个node上新加了一块磁盘 创建新 OSD 的方法有几种方法：
. _' U- }# @# H3 n, O' @在未使用的设备上自动创建osd
[root@node1 ~]# ceph orch apply osd --all-available-devices
Scheduled osd.all-available-devices update...
可以看到已经在三块磁盘上创建了osd
$ j' {5 [% N1 P, h
从特定主机上的特定设备创建 OSD
ceph orch daemon add osd host1:/dev/sdb
# F3 K  m9 _  ~6 i4 a部署MDS
0 P) {! Y( D8 f2 o使用 CephFS 文件系统需要一个或多个 MDS 守护程序。如果使用新的ceph fs卷接口来创建新文件系统，则会自动创建这些文件 部署元数据服务器：
ceph orch apply mds *<fs-name>* --placement="*<num-daemons>* [*<host1>* ...]"
CephFS 需要两个 Pools，cephfs-data 和 cephfs-metadata,分别存储文件数据和文件元数据
[root@node1 ~]# ceph osd pool create cephfs_data 64 64
* N. i) d2 V/ y[root@node1 ~]# ceph osd pool create cephfs_metadata 64 64
创建一个 CephFS, 名字为 cephfs
[root@node1 ~]# ceph fs new cephfs cephfs_metadata cephfs_data
[root@node1 ~]# ceph orch apply mds cephfs --placement="3 node1 node2 node3"
  {( z; B+ i6 x+ y, e% d; u, U( eScheduled mds.cephfs update...

验证至少有一个MDS已经进入active状态，默认情况下，ceph只支持一个活跃的MDS，其他的作为备用MDS
ceph fs status cephfs

  S1 e  U! i8 g' z9 M% g部署RGW
* u% V8 O. |3 l# N5 c+ g+ f$ LCephadm将radosgw部署为管理特定领域和区域的守护程序的集合，RGW是Ceph对象存储网关服务RADOS Gateway的简称，是一套基于LIBRADOS接口封装而实现的FastCGI服务，对外提供RESTful风格的对象存储数据访问和管理接口。
0 G& N& ^/ e  G+ I% y
使用cephadm时，radosgw守护程序是通过mon配置数据库而不是通过ceph.conf或命令行配置的。如果该配置尚未就绪，则radosgw守护进程将使用默认设置启动（默认绑定到端口80）。要在node1、node2和node3上部署3个服务于myorg领域和us-east-1区域的rgw守护进程，在部署rgw守护进程之前，如果它们不存在，则自动创建提供的域和区域：
ceph orch apply rgw myorg cn-east-1 --placement="3 node1 node2 node3"
) ~1 u0 y0 t' T7 Q; \+ d. L或者可以使用radosgw-admin命令手动创建区域、区域组和区域：
* r7 X9 D+ e9 p5 K  Nradosgw-admin realm create --rgw-realm=myorg --default
radosgw-admin zonegroup create --rgw-zonegroup=default --master --default
! H8 w2 ?* q2 O$ J, Fradosgw-admin zone create --rgw-zonegroup=default --rgw-zone=cn-east-1 --master --default
' X, ]3 ?4 d6 W6 y, `+ wradosgw-admin period update --rgw-realm=myorg --c
4 F4 g$ \# g. s7 C; m+ \可以看到RGW已经创建完成
" c' h# y1 ?* G' u" [$ o
并且cephadm会自动安装Prometheus和grafana等组件，grafana默认用户密码为admin/admin，并且已经导入了Prometheus监控ceph的仪表盘
2 t/ Y" N6 w( U7 q$ M% V; B( H
; @* _9 Q2 L, m  F. p# c0 |

; Z0 c) j6 d- ^

* U1 ~# L, d6 Y! l; b* @- r( C

admin

安装ceph源
. y5 h6 S; J, v$ j
[root@controller ~]# yum install centos-release-ceph-octopus.noarch -y
[root@computer ~]# yum install centos-release-ceph-octopus.noarch -y
安装ceph组件

0 L) Y( O, M! F" a+ m6 z[root@controller ~]# yum install cephadm -y
[root@computer ~]# yum install ceph -y
( K9 U. F/ b0 e1 w7 k. lcomputer结点安装libvirt

9 A; K% v# c: z" a6 g9 F: L[root@computer ~]# yum install libvirt -y
部署ceph集群
1 j) x3 t  N/ R/ x创建集群
5 R6 n; z! E1 F' G/ t' p5 C
  t) A( u! I. k: }2 l( Q( F  c[root@controller ~]# mkdir -p /etc/ceph
[root@controller ~]# cd /etc/ceph/
$ y: G( E6 S' u1 f- R[root@controller ceph]# cephadm boostrap --mon-ip 192.168.29.148
[root@controller ceph]# ceph status
: d+ n6 c2 \$ z" v2 X  _5 w, C7 g5 q[root@controller ceph]#  cephadm install ceph-common
[root@controller ceph]# ssh-copy-id -f -i /etc/ceph/ceph.pub root@computer
修改配置
6 w# K4 S2 m& o4 b: b  {
4 Y) ^4 Z$ {4 k% d% f: \  Y2 y[root@controller ceph]# ceph config set mon public_network 192.168.29.0/24
, H+ S0 e7 \2 i; k$ F' X添加主机
1 U+ B3 n3 \9 A# N' I* _* _
[root@controller ceph]# ceph orch host add computer
[root@controller ceph]# ceph orch host ls
初始化集群监控
/ @0 j* U  y* q7 s7 x" o
[root@controller ceph]# ceph orch host label add controller mon
[root@controller ceph]# ceph orch host label add computer mon
  t2 L" |& O' t[root@controller ceph]# ceph orch apply mon label:mon
[root@controller ceph]# ceph orch daemon add mon computer:192.168.29.149
创建OSD
% j+ J1 z% H+ ^& B# q+ _
[root@controller ceph]# ceph orch daemon add osd controller:/dev/nvme0n2
[root@controller ceph]# ceph orch daemon add osd computer:/dev/nvme0n3
查看集群状态
( m$ y( B; |& I% ~9 ~
[root@controller ceph]# ceph -s
查看集群容量

7 ?- t  z/ W! J; e$ p[root@controller ceph]# ceph df
& g5 V  l- \2 S  p6 l( H, O* I6 H# s创建pool
  ~! O8 z+ e$ ]. d: _
[root@controller ceph]# ceph osd pool create volumes 64
$ K6 K0 ]/ b. y. X! C3 l, d' G[root@controller ceph]# ceph osd pool create vms 64
# J5 i5 ]; |+ }8 G- V) F& v9 w  w
#设置自启动
! ^$ B+ K1 D* Y9 s- ~& p! Q; a6 u[root@controller ceph]# ceph osd pool application enable vms mon
% A+ `$ o2 T, q( R[root@controller ceph]# ceph osd pool application enable volumes mon
! o0 {% g: N7 ^9 {  z( q查看mon,osd,pool状态

: Y) X9 W4 S5 i* O- @[root@controller ceph]# ceph mon stat
[root@controller ceph]#  ceph osd status
+ w$ Q% t( r7 A" t& ~0 Y1 D[root@controller ceph]# ceph osd lspools
查看pool情况

[root@controller ~]# rbd ls vms
[root@controller ~]# rbd ls volumes

admin

RUNNING THE BOOTSTRAP COMMAND
" h7 n$ O" m8 b! c% l$ t( gRun the ceph bootstrap command:
; H2 _% L  j1 t1 u
cephadm bootstrap --mon-ip *<mon-ip>*
, c8 g0 Q8 W7 h( `- O- e8 N( eThis command will:

Create a monitor and manager daemon for the new cluster on the local host.
; _. Z9 m) i+ p1 `) P
Generate a new SSH key for the Ceph cluster and add it to the root user’s /root/.ssh/authorized_keys file.

Write a copy of the public key to /etc/ceph/ceph.pub.
1 G2 w+ K7 o/ v
" i0 \; F' j7 r5 T1 y7 m/ nWrite a minimal configuration file to /etc/ceph/ceph.conf. This file is needed to communicate with the new cluster.

  ?4 Z# n( W$ TWrite a copy of the client.admin administrative (privileged!) secret key to /etc/ceph/ceph.client.admin.keyring.
; Z3 {, x# P- H" A# l- i0 ?
Add the _admin label to the bootstrap host. By default, any host with this label will (also) get a copy of /etc/ceph/ceph.conf and /etc/ceph/ceph.client.admin.keyring.

FURTHER INFORMATION ABOUT CEPHADM BOOTSTRAP
/ v( b8 I: A$ B  y) y" p& oThe default bootstrap behavior will work for most users. But if you’d like immediately to know more about cephadm bootstrap, read the list below.
9 t2 C) D% R7 A9 N, f/ {  v
Also, you can run cephadm bootstrap -h to see all of cephadm’s available options.

By default, Ceph daemons send their log output to stdout/stderr, which is picked up by the container runtime (docker or podman) and (on most systems) sent to journald. If you want Ceph to write traditional log files to /var/log/ceph/$fsid, use --log-to-file option during bootstrap.

Larger Ceph clusters perform better when (external to the Ceph cluster) public network traffic is separated from (internal to the Ceph cluster) cluster traffic. The internal cluster traffic handles replication, recovery, and heartbeats between OSD daemons. You can define the cluster network by supplying the --cluster-network option to the bootstrap subcommand. This parameter must define a subnet in CIDR notation (for example 10.90.90.0/24 or fe80::/64).

cephadm bootstrap writes to /etc/ceph the files needed to access the new cluster. This central location makes it possible for Ceph packages installed on the host (e.g., packages that give access to the cephadm command line interface) to find these files.
+ s- U% y7 F9 J: n. |. G) p' T
Daemon containers deployed with cephadm, however, do not need /etc/ceph at all. Use the --output-dir *<directory>* option to put them in a different directory (for example, .). This may help avoid conflicts with an existing Ceph configuration (cephadm or otherwise) on the same host.

: w' ]7 X4 h& g8 WYou can pass any initial Ceph configuration options to the new cluster by putting them in a standard ini-style configuration file and using the --config *<config-file>* option. For example:

9 F* D, V1 M7 ~/ d( \) }0 ^  p2 z* hcat <<EOF > initial-ceph.conf
# \3 ~) O  ]) i; p[global]
osd crush chooseleaf type = 0
* @- B# o4 \0 |$ Q* a  q8 [& VEOF
./cephadm bootstrap --config initial-ceph.conf ...
The --ssh-user *<user>* option makes it possible to choose which ssh user cephadm will use to connect to hosts. The associated ssh key will be added to /home/*<user>*/.ssh/authorized_keys. The user that you designate with this option must have passwordless sudo access.
: t% h! C: _# I0 B% x( l+ C
If you are using a container on an authenticated registry that requires login, you may add the three arguments:
, g/ M" G7 E+ R, ?5 W5 R& l
) p( ^0 I4 A! ?, m--registry-url <url of registry>
6 M5 A; ]3 ~* P2 j& h" i/ y
--registry-username <username of account on registry>
9 ?  o: i4 j2 a- P6 u$ v' V; E
--registry-password <password of account on registry>

- y5 a3 [0 D) z$ i, mOR

6 v: s& n4 {- D) R--registry-json <json file with login info>

Cephadm will attempt to log in to this registry so it can pull your container and then store the login info in its config database. Other hosts added to the cluster will then also be able to make use of the authenticated registry.

ENABLE CEPH CLI
* J( s$ @# |* qCephadm does not require any Ceph packages to be installed on the host. However, we recommend enabling easy access to the ceph command. There are several ways to do this:

3 R! {) w: t! T0 y6 AThe cephadm shell command launches a bash shell in a container with all of the Ceph packages installed. By default, if configuration and keyring files are found in /etc/ceph on the host, they are passed into the container environment so that the shell is fully functional. Note that when executed on a MON host, cephadm shell will infer the config from the MON container instead of using the default configuration. If --mount <path> is given, then the host <path> (file or directory) will appear under /mnt inside the container:
+ ~4 E7 i: H7 R4 T7 N; I3 P- {
: ]# G- i% w) R6 P4 k8 F2 w7 _- D9 zcephadm shell
3 f8 T- T! H" j/ \% [# p# @8 X! vTo execute ceph commands, you can also run commands like this:
& N) [$ J5 U4 G) f
6 H' t4 T9 M0 D, kcephadm shell -- ceph -s
7 T0 L* E1 W8 c5 k8 f. e0 M% c8 WYou can install the ceph-common package, which contains all of the ceph commands, including ceph, rbd, mount.ceph (for mounting CephFS file systems), etc.:

cephadm add-repo --release pacific
cephadm install ceph-common
! G/ c  [& k* H# H/ i) IConfirm that the ceph command is accessible with:
& ]# W( n0 z, Y0 _% @) {
ceph -v
' O: Q+ b# I% u1 s2 yConfirm that the ceph command can connect to the cluster and also its status with:
3 @: ?& _% G# h
# V+ E, w5 f' Uceph status
6 D/ C8 v1 y: C5 o9 i+ B9 hADDING HOSTS
: [! {# ~% T: a6 U5 kNext, add all hosts to the cluster by following Adding Hosts.

5 R& O$ A" q( K" j# O* n3 cBy default, a ceph.conf file and a copy of the client.admin keyring are maintained in /etc/ceph on all hosts with the _admin label, which is initially applied only to the bootstrap host. We usually recommend that one or more other hosts be given the _admin label so that the Ceph CLI (e.g., via cephadm shell) is easily accessible on multiple hosts. To add the _admin label to additional host(s),

0 a% e. Z+ x9 c" V' Uceph orch host label add *<host>* _admin
ADDING ADDITIONAL MONS
# T0 D1 I5 g. ~# h) _A typical Ceph cluster has three or five monitor daemons spread across different hosts. We recommend deploying five monitors if there are five or more nodes in your cluster.

- \' @! I6 ?6 oPlease follow Deploying additional monitors to deploy additional MONs.

ADDING STORAGE
1 D# h  c- S3 J! p+ R" F; c+ D! m5 K8 \  XTo add storage to the cluster, either tell Ceph to consume any available and unused device:

' e% ~& \8 H- |" oceph orch apply osd --all-available-devices
$ E$ \% X: c4 `6 IOr See Deploy OSDs for more detailed instructions.

admin

cat <<EOF > initial-ceph.conf
6 f! w9 V, w1 G# n [global]
osd crush chooseleaf type = 0
EOF
% q- C1 b: K" U5 c, R2 S# U" L: X4 P ./cephadm bootstrap --config initial-ceph.conf --mon-ip *<mon-ip>*

cephadm shell

admin

To deploy an iSCSI gateway, create a yaml file containing a service specification for iscsi:
2 j) g+ |: t9 j8 h7 K5 S, k; ]$ A
7 j) E3 c- C  H0 w, N! L9 tservice_type: iscsi
* P1 n0 D  I0 {# Jservice_id: iscsi
3 S* ]; W- F* h! e. yplacement:
  hosts:
4 g2 u1 R, ]! Q: X' D; z    - host1
0 q4 Y* |0 `* F0 Z    - host2
spec:
  pool: mypool  # RADOS pool where ceph-iscsi config data is stored.
/ w8 d# G8 \$ q7 g/ W, G  trusted_ip_list: "IP_ADDRESS_1,IP_ADDRESS_2"
/ H4 p: m: {: S" M  api_port: ... # optional
' A: z3 `1 u5 w5 N6 A, r8 h  api_user: ... # optional
  api_password: ... # optional
/ O$ b$ X  ?; W2 n4 h  api_secure: true/false # optional
3 ^! p& B: @$ P6 o4 {  ssl_cert: | # optional
1 X6 J8 K. ~( _4 K    ...
2 r1 X" q9 y+ J& x8 t2 S  ssl_key: | # optional
    ...
8 e1 h. T* V2 T6 f3 K9 J+ BFor example:

service_type: iscsi
; N6 D( y6 d/ V  s" G, K  a9 S- H4 [service_id: iscsi
& R; i: e1 [$ Nplacement:
& P, ^1 w! M1 k4 {  hosts:
. w9 i5 L  F0 l! t) C* p, n  - [...]
spec:
+ f* F! \/ f4 L" y5 @% ]8 |: Q  pool: iscsi_pool
4 ~2 C9 ^% ?" ?. \6 L  trusted_ip_list: "IP_ADDRESS_1,IP_ADDRESS_2,IP_ADDRESS_3,..."
  api_user: API_USERNAME
  api_password: API_PASSWORD
  api_secure: true
$ k. @+ {- Z7 n% t1 w8 G  ssl_cert: |
    -----BEGIN CERTIFICATE-----
% e$ }" [$ h8 k0 e2 }0 u    MIIDtTCCAp2gAwIBAgIYMC4xNzc1NDQxNjEzMzc2MjMyXzxvQ7EcMA0GCSqGSIb3
8 ?8 i, i9 r! D! \* Q% H. ]    DQEBCwUAMG0xCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARVdGFoMRcwFQYDVQQHDA5T
* n2 }: ?4 k7 A. `5 E    [...]
    -----END CERTIFICATE-----
  ssl_key: |
- ^% G8 |4 D9 @3 q7 ], f    -----BEGIN PRIVATE KEY-----
    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5jdYbjtNTAKW4
    /CwQr/7wOiLGzVxChn3mmCIF3DwbL/qvTFTX2d8bDf6LjGwLYloXHscRfxszX/4h
    [...]
4 ?- X0 O; W4 o: w- e    -----END PRIVATE KEY-----
0 U9 C! T" m) |/ M; k7 cThe specification can then be applied using:

. B4 w/ l* b8 Xceph orch apply -i iscsi.yaml

admin

ceph orch apply mon --unmanaged
0 n+ O4 u$ N* n: {' j' z9 vceph orch apply mon --unmanaged
0 R  I6 ?8 t' J* A
ceph orch daemon add mon newhost1:10.1.2.123
, ]! N2 d* W, R- f$ u) [; X8 p
ceph orch daemon add mon newhost2:10.1.2.0/24
) @3 h1 d# y; s+ m% D" \, l

ceph orch apply mon "host1,host2,host3"
$ I( w$ s6 C9 q  u5 h/ J

admin

环境介绍
IP地址 配置 主机名 Ceph版本
2 N( P+ D3 {9 b1 }; r3 D10.15.253.161 c2m8h300 cephnode01 Octopus 15.2.4
0 f# c. T3 N& p) x8 H10.15.253.193 c2m8h300 cephnode02 Octopus 15.2.4
10.15.253.225 c2m8h300 cephnode03 Octopus 15.2.4

#Linux系统版本
8 D8 A. o  C  l[root@cephnode01 ~]# cat /etc/redhat-release
6 \" h0 r2 ], MCentOS Linux release 8.2.2004 (Core)
[root@cephnode01 ~]# uname -r
9 w4 B. a+ m# f9 _, J4 a( c: N4.18.0-193.14.2.el8_2.x86_64

* r3 C: q+ M3 o3 z3 E/ a  n#网络设计:建议各网络单独分开
10.15.253.0/24 #Public Network  公共网络
172.31.253.0/24 #Cluster Network 集群网络
#每台ceph节点下除系统盘外，最少挂载两块相同的大容量硬盘，不需要进行分区
+ |1 B6 w: u  m[root@cephnode01 ~]# lsblk
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
" D% `( D6 x5 n9 _sda      8:0    0   20G  0 disk
+ g9 B+ J, R5 u& O8 H- G$ D├─sda1   8:1    0  200M  0 part /boot
6 _# y  k8 j- ^; E. r8 z8 g├─sda2   8:2    0    1G  0 part [SWAP]
└─sda3   8:3    0 18.8G  0 part /
sdb      8:16   0   20G  0 disk
2.1.1 Ceph安装与版本选择
https://docs.ceph.com/docs/master/install/
ceph-deploy 是用于快速部署群集的工具；社区不再积极维护ceph-deploy。仅支持Nautilus版之前的Ceph版本上进行。它不支持RHEL8，CentOS 8或更新的操作系统。
0 X! H0 v" t2 `9 }( h这里的系统环境是centos8系统，所以需要使用cephadm部署工具部署octopus版的ceph
2.1.2 基础环境准备
全部Ceph节点上操作；以cephnode01节点为例；

#（1）关闭防火墙：
systemctl stop firewalld
4 o. D/ N% A, ~) hsystemctl disable firewalld
1 b7 v, f7 e- P( f" Y3 n+ L& W, \) k#（2）关闭selinux：
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
#（3）在cephnode01上配置免密登录到cephnode02、cephnode03
dnf install sshpass -y
' X5 T. ~+ B: E+ Q- ]% p1 Fssh-keygen -t rsa -f ~/.ssh/id_rsa -P ''
for ip in 161 193 225 ;do sshpass -pZxzn@2020 ssh-copy-id -o StrictHostKeyChecking=no 10.15.253.$ip ;done
#（4）在cephnode01上添加主机名：已经配置过则不需要再次添加
  z) P4 C* y, k2 Ecat >>/etc/hosts <<EOF
) |4 u4 @/ N4 x10.15.253.161 cephnode01
' m# y  Q9 g) Q, c10.15.253.193 cephnode02
$ _' J4 h# ^' |" i* U10.15.253.225 cephnode03
EOF
/ n  t9 I! `5 P3 ?5 Zfor ip in 193 225 ;do scp -rp /etc/hosts root@10.15.253.$ip:/etc/hosts ;done
) W* i0 D  e/ P. U#（5）设置文件连接数最大值
echo "ulimit -SHn 102400" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
* soft nofile 65535
* hard nofile 65535
EOF
7 g$ J! |' d9 n$ T6 y#（6）内核参数优化
+ ]7 T, h, Z. n3 j% Iecho 'net.ipv4.ip_forward = 1' >>/etc/sysctl.conf
1 r. ^+ J8 T; u; x2 n; lecho 'kernel.pid_max = 4194303' >>/etc/sysctl.conf
#内存不足时低于此值，使用交换空间
6 c3 v4 \" `% I/ U8 R% d7 B/ recho "vm.swappiness = 0" >>/etc/sysctl.conf
sysctl -p
- X  M5 ]- {) k5 M7 r#（7）同步网络时间和修改时区；已经添加不需要配置
  s/ ~+ u1 S& {' v& Y7 ^8 p  O5 G7 l安装chrony时间同步 同步cephnode01节点
. H0 B: E! R' F1 Eyum install chrony -y
# }. |+ c- l, M2 |3 q3 Wvim /etc/chrony.conf
. }$ J2 @. c0 o+ c3 }server cephnode01 iburst
. s$ M* S7 N$ Z& D---
  r+ Y- j4 I- Y& lsystemctl restart chronyd.service
systemctl enable chronyd.service
chronyc sources
3 C7 c# L% `; e; `5 Z) D8 a6 U, b1 q#(8)read_ahead,通过数据预读并且记载到随机访问内存方式提高磁盘读操作
- W2 g1 l5 j1 a" ^echo "8192" > /sys/block/sda/queue/read_ahead_kb
#(9) I/O Scheduler，SSD要用noop(电梯式调度程序)，SATA/SAS使用deadline(截止时间调度程序)
! p; R7 o& W5 x  L- x+ G" E, D#https://blog.csdn.net/shipeng1022/article/details/78604910
7 U" T: d5 V& V' Q8 _6 p) K  mecho "deadline" >/sys/block/sda/queue/scheduler
echo "deadline" >/sys/block/sdb/queue/scheduler
& c$ h2 X' d/ O6 B" g#echo "noop" >/sys/block/sd[x]/queue/scheduler
3. 添加Octopus版yum源

6 v- e) z$ M" g3 q( Jcat >>/etc/yum.repos.d/ceph.repo <<EOF
. y: c1 `1 K  q1 s[Ceph]
name=Ceph packages for $basearch
  A* w& h& b- Y9 T# @3 S8 }baseurl=https://mirrors.aliyun.com/ceph/rpm-octopus/el8/$basearch
enabled=1
gpgcheck=0
2 U( j( V: f7 A4 Jtype=rpm-md
[Ceph-noarch]
name=Ceph noarch packages
baseurl=https://mirrors.aliyun.com/ceph/rpm-octopus/el8/noarch
enabled=1
gpgcheck=0
4 x: g' m5 \) |* x4 g  v# otype=rpm-md
[ceph-source]
name=Ceph source packages
baseurl=https://mirrors.aliyun.com/ceph/rpm-octopus/el8/SRPMS
enabled=1
2 v- U: L2 r0 v/ m. {8 U; d/ mgpgcheck=0
type=rpm-md
; {" g) F2 k6 d! f) rEOF
yum clean all && yum makecache
#安装基础软件
& C  D, E" X8 H% P1 ?: Z" a) D+ Uyum install net-tools wget vim bash-completion lrzsz unzip zip -y
" h! ]9 Q2 g3 N' A: r2 k4. cephadm工具部署
, l) f/ U* Q# i! Whttps://docs.ceph.com/docs/master/cephadm/install/
在15版本，支持使用cephadm工具部署，ceph-deploy在14版本前都支持
& ~; M3 v* W. k" L3 v: u4.1 拉取最新的cephadm并赋权
在cephnode01节点配置；

: V# `! ~' d3 \8 M% e$ h[root@cephnode01 ~]# curl --silent --remote-name --location https://github.com/ceph/ceph/raw/octopus/src/cephadm/cephadm
- Z9 S" h& D3 ]: M3 q, g" ^- q[root@cephnode01 ~]# chmod +x cephadm
[root@cephnode01 ~]#ll
5 h  e& ^" u) s, \. p. F3 U* [-rwxr-xr-x. 1 root root 184653 Sep 10 12:01 cephadm
$ _9 F- ^# n, N6 Q/ R: {4.2 使用cephadm获取octopus最新版本并安装
6 _- S5 \4 s% X已手动配置为国内yum源，不需要按官方文档的步骤再进行添加yum源
% R$ `+ h7 B. B6 `" e9 v
#全部ceph节点安装
[root@cephnode01 ~]# dnf install python3 podman -y
) r$ O7 q: I" @0 {5 \[root@cephnode01 ~]# ./cephadm install
, v1 v* I0 b: s...
[root@cephnode01 ~]# which cephadm
( y- ~7 Q& ?) o* }/usr/sbin/cephadm
0 \8 P2 }( }7 W% z: W5 L2 ~5. 创建ceph新集群
5.1 指定管理节点
创建一个可以被任何访问Ceph集群的主机访问的网络，指定mon-ip，并将生成的配置文件写进/etc/ceph目录里
$ i! n' @. e9 H! R8 c
[root@cephnode01 ~]# mkdir -p /etc/ceph
[root@cephnode01 ~]# cephadm bootstrap --mon-ip 10.15.253.161
2 q* y: e2 ^. O. v! k; l0 h...
        URL: https://cephnode01:8443/
        User: admin
: P; x$ J+ ~# E& X    Password: 6v7xazcbwk
...
可登陆URL: https://cephnode01:8443/，首次登陆要修改密码，进行验证
) l9 m- p. F) e+ t: V6 b

5.2 将ceph命令映射到本地
  r3 `9 R- |2 }! d$ Y  z( b1 jCephadm不需要在主机上安装任何Ceph包。但是，建议启用对ceph命令的简单访问。
cephadm shell命令在安装了所有Ceph包的容器中启动一个bash shell。默认情况下，如果在主机上的/etc/ceph中找到配置和keyring文件，它们将被传递到容器环境中，这样就可以完全正常工作了。
0 T0 Q  T3 D* y2 H' r  ]3 ~
- h9 g6 y% q; x- Q& O[root@cephnode01 ~]# cephadm shell
" i, \6 ]* o& w[root@cephnode01 ~]# alias ceph='cephadm shell -- ceph'
[root@cephnode01 ~]# exit
8 w2 O0 X$ ]( G% R2 D& V" _8 i#安装ceph-common包；包括ceph，rbd，mount.ceph的命令
. [2 T+ O3 u: I* G[root@cephnode01 ~]# ephadm install ceph-common包；包括ceph，rbd，mount.ceph的命令
#查看版本
  f8 k/ v+ M. _- x$ `[root@cephnode01 ~]# ceph -v
ceph version 15.2.4 (7447c15c6ff58d7fce91843b705a268a1917325c) octopus (stable)
查看状态

) z& O+ l  r4 y0 f[root@cephnode01 ~]# ceph status
  cluster:
    id:     8a4fdb4e-f31c-11ea-be33-000c29358c7a
    health: HEALTH_OK
    Reduced data availability: 1 pg inactive
% P; r* Z, b. M+ e    OSD count 0 < osd_pool_default_size 3
9 k( I6 G7 L( s+ p; k
  services:
    mon: 1 daemons, quorum ceph135 (age 14m)
: {: t1 m" ?2 n    mgr: ceph03.oesega(active, since 10m)
1 p4 R4 j- P: R    osd: 0 osds: 0 up (since 31m), 0 in
2 C0 ^- n" i" Y( Y3 B; A  r  w
  data:
    pools:   1 pools, 1 pgs
+ u  P- q5 u; k  d    objects: 0 objects, 0 B
' G" \+ t6 B6 z: ?  k    usage:   0 B used, 0 B / 0 B avail
5 D  ~, k2 d$ g1 K    pgs:     100.000% pgs unknown
; V7 L% z# d5 n- D9 S0 L8 }             1 unknown
: j% j, O- q$ {" b0 o5.3 添加新节点进ceph集群

[root@cephnode01 ~]# ssh-copy-id -f -i /etc/ceph/ceph.pub root@cephnode02
[root@cephnode01 ~]# ssh-copy-id -f -i /etc/ceph/ceph.pub root@cephnode03
. A2 T  u# S: ~7 M[root@cephnode01 ~]# ceph orch host add cephnode02
% l3 ~" e1 @7 b0 U% d/ x7 w, w: |% M0 YAdded host 'cephnode02'
[root@cephnode01 ~]# ceph orch host add cephnode03
- Z5 Q; B4 ^, D6 S) c! vAdded host 'cephnode03'
5.4 部署添加 monitor
选择需要设置mon的节点，全选
/ e' ^3 b! ]" M& \
[root@cephnode01 ~]# ceph orch host label add cephnode01 mon
- F2 H2 q3 a! gAdded label mon to host cephnode01
# v- H  g2 v% L+ Y- n; A8 ]1 b[root@cephnode01 ~]# ceph orch host label add cephnode02 mon
0 R$ P$ G9 e+ @3 U; U: a0 e/ d; i7 i' aAdded label mon to host cephnode02
$ S2 a" u( M2 l$ x4 ^+ Y" K[root@cephnode01 ~]# ceph orch host label add cephnode03 mon
Added label mon to host cephnode03
: t# U- `: u) L) }$ a+ N[root@cephnode01 ~]# ceph orch host ls
HOST        ADDR        LABELS  STATUS  
7 R! a; M% j- k6 B+ scephnode01  cephnode01  mon            
cephnode02  cephnode02  mon            
cephnode03  cephnode03  mon
告诉cephadm根据标签部署mon，这步需要等待各节点拉取images并启动容器
- u: k: n: Z3 N4 _7 X0 p; m
$ h: S; y' B+ m8 m- H+ V[root@cephnode01 ~]# ceph orch apply mon label:mon
5 n# |! f$ q9 G( N7 k) @具体验证是否安装完成，其他两台节点可查看下

[root@cephnode02 ~]# podman ps -a
' x5 x9 X% a+ p$ T9 L, g# }...
[root@cephnode02 ~]# podman images
6 R  u# u3 I3 L; C1 i+ ^% }; D8 l  zREPOSITORY                     TAG       IMAGE ID       CREATED         SIZE
" X. j( P/ t- ]2 ]5 |1 B- hdocker.io/ceph/ceph            v15       852b28cb10de   3 weeks ago     1 GB
6 M, j+ ^8 ]6 jdocker.io/prom/node-exporter   v0.18.1   e5a616e4b9cf   15 months ago   24.3 MB
6. 部署OSD
+ O- A) V6 i/ K( a% f* `: D6.1 查看可使用的硬盘
- v, Z) y7 `! Z3 @5 B' z8 y
[root@cephnode01 ~]# ceph orch device ls
, b* v! i, U# B9 `; x7 C2 J7 P+ jHOST    PATH      TYPE   SIZE  DEVICE  AVAIL  REJECT REASONS                        
7 u: C7 q2 N4 ^/ uceph01  /dev/sda  hdd   20.0G          False  locked, Insufficient space (<5GB) on vgs, LVM detected  
5 K$ G) ^$ b# F0 I2 C% C/ [& aceph01  /dev/sdb  hdd   20.0G          True
6 K3 p6 {+ O& P5 B! n+ Xceph02  /dev/sda  hdd   20.0G          False  Insufficient space (<5GB) on vgs, LVM detected, locked  
ceph02  /dev/sdb  hdd   20.0G          True
8 j4 k( v5 B- H' z( Gceph03  /dev/sda  hdd   20.0G          False  locked, Insufficient space (<5GB) on vgs, LVM detected  
  N3 q$ n. q  z- a2 S! Sceph03  /dev/sdb  hdd   20.0G          True
6.2 使用所有可用硬盘
9 U7 F7 N4 S$ U
[root@cephnode01 ~]# ceph orch apply osd --all-available-devices
添加单块盘的方式
9 @/ ^0 E. h9 ]( L1 x6 V! J- t
[root@cephnode01 ~]# ceph orch daemon add osd cephnode02:/dev/sdc
  @0 a' t! e& z; c/ A7 z2 R+ v6.3 验证部署情况

[root@cephnode01 ~]# ceph osd df
ID  CLASS  WEIGHT   REWEIGHT  SIZE    RAW USE  DATA     OMAP     META      AVAIL   %USE  VAR   PGS  STATUS
0    hdd  0.01949   1.00000  20 GiB  1.0 GiB  3.8 MiB    1 KiB  1024 MiB  19 GiB  5.02  1.00    1      up
1    hdd  0.01949   1.00000  20 GiB  1.0 GiB  3.8 MiB    1 KiB  1024 MiB  19 GiB  5.02  1.00    1      up
2 M5 ?7 {% R  d& t 2    hdd  0.01949   1.00000  20 GiB  1.0 GiB  3.8 MiB    1 KiB  1024 MiB  19 GiB  5.02  1.00    1      up
1 _7 r+ I- C4 l# g& u                       TOTAL  60 GiB  3.0 GiB   11 MiB  4.2 KiB   3.0 GiB  57 GiB  5.02                  
MIN/MAX VAR: 1.00/1.00  STDDEV: 0
8 I6 X' k9 k/ ]. P( w7. 存储部署
7.1 CephFS部署
部署cephfs的mds服务，指定集群名及mds的数量
2 l& g0 n& T2 L3 F" C# R6 T, _
& r9 y5 Q+ M3 h# z; g7 _[root@cephnode01 ~]# ceph orch apply mds fs-cluster --placement=3

* b- E0 K: [4 c# f2 Q2 i[root@cephnode01 ~]# ceph -s
  cluster:
% H* d- x$ {9 m. C5 |0 E3 x    id:     8a4fdb4e-f31c-11ea-be33-000c29358c7a
    health: HEALTH_OK
8 Y* a! T/ k0 q. o% R, ?& V
  services:
    mon: 3 daemons, quorum cephnode01,cephnode02,cephnode03 (age 1m)
    mgr: cephnode01.oesega(active, since 49m), standbys: cephnode02.lphrtb, cephnode03.wkthtb
    mds:  3 up:standby
) Q. I$ h& G0 [0 ^8 Y/ g! l    osd: 3 osds: 3 up (since 51m), 3 in (since 30m)

9 I+ Z! K$ E3 Y  data:
    pools:   1 pools, 1 pgs
' d( R6 ~$ o% _) V" h    objects: 0 objects, 0 B
. n' t- n$ r7 i- S  Z    usage:   3.0 GiB used, 57 GiB / 60 GiB avail
    pgs:     1 active+clean
7.2 部署RGW
; @! m( {1 j' X& v1 i创建一个领域

[root@cephnode01 ~]# radosgw-admin realm create --rgw-realm=rgw-org --default
{
    "id": "43dc34c0-6b5b-411c-9e23-687a29c8bd00",
: y6 B" v- I/ q% L% s% @3 s    "name": "rgw-org",
/ ?% Y! E$ u8 @' p    "current_period": "ea3dd54c-2dfe-4180-bf11-4415be6ccafd",
) B( \& z& w# i6 i  w% F    "epoch": 1
& w! E/ U- W$ \- d7 x9 D}
创建一个zonegroup区域组
7 I4 H2 Y) r4 R$ u5 ^$ _/ S
$ f! e9 e) x$ v8 T[root@cephnode01 ~]# radosgw-admin zonegroup create --rgw-zonegroup=rgwgroup --master --default
" Z! |  F* I0 K$ `{
    "id": "1878ecaa-216b-4c99-ad4e-b72f4fa9193f",
    "name": "rgwgroup",
" p% B% W/ `7 r    "api_name": "rgwgroup",
    "is_master": "true",
    "endpoints": [],
    "hostnames": [],
    "hostnames_s3website": [],
    "master_zone": "",
, v+ |4 ?2 X/ F/ T: B. m    "zones": [],
    "placement_targets": [],
6 d! P% J! x5 Q* T7 `# a5 R    "default_placement": "",
    "realm_id": "43dc34c0-6b5b-411c-9e23-687a29c8bd00",
    "sync_policy": {
        "groups": []
    }
' [5 u" ]+ [9 R}
$ T. ]6 d" m# Y1 Q$ B创建一个区域

$ H& k/ S# t3 i! Z( O( z# F[root@cephnode01 ~]# radosgw-admin zone create --rgw-zonegroup=rgwgroup --rgw-zone=zone-dc1 --master --default
( I: o6 p4 `6 G- m, P{
' u8 y% z0 O" H- x% d9 L/ s6 W& h    "id": "fbdc5f83-9022-4675-b98e-39738920bb57",
2 B9 b, h6 U) j; n    "name": "zone-dc1",
    "domain_root": "zone-dc1.rgw.meta:root",
    "control_pool": "zone-dc1.rgw.control",
' {' t$ t0 N- Y9 x% H7 l    "gc_pool": "zone-dc1.rgw.log:gc",
    "lc_pool": "zone-dc1.rgw.log:lc",
    "log_pool": "zone-dc1.rgw.log",
; A6 G  P; t7 j5 E% t2 R    "intent_log_pool": "zone-dc1.rgw.log:intent",
* |6 x  n0 y$ E, _( x+ I0 A1 y    "usage_log_pool": "zone-dc1.rgw.log:usage",
, t* ?" Z1 ^- U6 H8 N    "roles_pool": "zone-dc1.rgw.meta:roles",
! j' A4 m& T' D* f4 W3 n1 ^/ U    "reshard_pool": "zone-dc1.rgw.log:reshard",
    "user_keys_pool": "zone-dc1.rgw.meta:users.keys",
, w$ Y- g" l$ }4 g    "user_email_pool": "zone-dc1.rgw.meta:users.email",
3 ]5 `; a0 c& v. t# n    "user_swift_pool": "zone-dc1.rgw.meta:users.swift",
) a( B: K% f- i2 a5 o; ?2 C4 A    "user_uid_pool": "zone-dc1.rgw.meta:users.uid",
    "otp_pool": "zone-dc1.rgw.otp",
3 P4 @+ h8 n0 l) {! W    "system_key": {
        "access_key": "",
        "secret_key": ""
    },
    "placement_pools": [
2 C2 J0 t$ @, E        {
            "key": "default-placement",
; T( U) N- }% T( p9 q( D$ c5 V            "val": {
# d4 q: d7 Q9 L, b                "index_pool": "zone-dc1.rgw.buckets.index",
                "storage_classes": {
                    "STANDARD": {
                        "data_pool": "zone-dc1.rgw.buckets.data"
                    }
                },
9 F/ A& q2 s1 g. W8 Y                "data_extra_pool": "zone-dc1.rgw.buckets.non-ec",
- e2 U, n  N$ z* s( y                "index_type": 0
* {# B  t& a, D' m9 Y            }
- R- O( ^6 j1 K7 R        }
. M( k* g! `: z$ u2 z5 }( a    ],
    "realm_id": "43dc34c0-6b5b-411c-9e23-687a29c8bd00"
}
8 n* C: M8 \6 g: H& G+ v' F为特定领域和区域部署一组radosgw守护进程，这里只指定了两个节点开启rgw
2 x% a8 X0 m8 o1
" S1 l9 k  ^9 [- F: M% D* }[root@cephnode01 ~]# ceph orch apply rgw rgw-org zone-dc1 --placement="2 cephnode02 cephnode03"
验证
  ~5 [& Z* c6 a. H* l3 Q6 f
[root@cephnode01 ~]# ceph -s
1 ]- ~- O; Y7 \7 u: ]5 l  cluster:
$ |, b$ n4 U- J    id:     8a4fdb4e-f31c-11ea-be33-000c29358c7a
    health: HEALTH_OK

  services:
. N1 k/ ~: F2 N' Q9 I' b  Z    mon: 3 daemons, quorum cephnode01,cephnode02,cephnode03 (age 1m)
2 d. T' N+ J* z    mgr: cephnode01.oesega(active, since 49m), standbys: cephnode02.lphrtb, cephnode03.wkthtb
' Q. O, ?+ ~- m' B8 B* A& h* B    mds:  3 up:standby
    osd: 3 osds: 3 up (since 51m), 3 in (since 30m)
$ h/ M0 k) C) Y+ q, a. C( s1 s    rgw: 2 daemons active (rgw-org.zone-dc1.cephnode02.cdgjsi, rgw-org.zone-dc1.cephnode03.nmbbsz)
  data:
2 R+ C) y$ c3 q8 X; A5 p' Y    pools:   1 pools, 1 pgs
0 k+ C3 B' H4 ^; k    objects: 0 objects, 0 B
    usage:   3.0 GiB used, 57 GiB / 60 GiB avail
    pgs:     1 active+clean
: `( P3 q4 m  Z8 E! s: I为RGW开启dashborad
5 s! r( T( m7 F) J, T- `+ P
. @2 k4 |6 N% \: A/ r4 K#创建rgw的管理用户
& o, E& L" J5 u+ g[root@cephnode01 ~]# radosgw-admin user create --uid=admin --display-name=admin --system
{
, T9 H. M% d) }! T: x$ ~, j    "user_id": "admin",
1 L. T% o; K8 T: n  `) c+ s$ ?    "display_name": "admin",
' ~1 V% j/ s. T( c% R    "email": "",
    "suspended": 0,
    "max_buckets": 1000,
    "subusers": [],
1 p1 L6 c% y: E  X7 V2 n2 F    "keys": [
+ G; ^) D* ^; h! D% l' p6 S/ S        {
' ?" [+ \, a# a& ?            "user": "admin",
            "access_key": "WG9W5O9O11TGGOLU6OD2",
            "secret_key": "h2DfrWvlS4NMkdgGin4g6OB6Z50F1VNmhRCRQo3W"
        }
    ],
    "swift_keys": [],
0 C( Z7 [8 {$ @. ]    "caps": [],
( g% F; B3 W4 |$ S* g% o    "op_mask": "read, write, delete",
4 n6 o$ W( g  G- S1 b7 Z2 ]    "system": "true",
    "default_placement": "",
+ ]9 ^2 H4 N" u( y8 g$ N    "default_storage_class": "",
: _! E' i- }2 q6 g. Y9 F2 m( ?    "placement_tags": [],
    "bucket_quota": {
        "enabled": false,
        "check_on_raw": false,
9 B- B/ g4 T. _" U1 I/ J0 b        "max_size": -1,
        "max_size_kb": 0,
        "max_objects": -1
9 f/ Q! C6 W; d( H6 D    },
" a0 e! G* W) Y$ V* C* V    "user_quota": {
        "enabled": false,
3 j8 A, j7 F* @# Y+ f% V$ w        "check_on_raw": false,
+ h* z. ?' Q: }. C, ?) Y        "max_size": -1,
$ X! ~. `  D; z- L' e* \        "max_size_kb": 0,
$ [* I2 G: k* r  B( v8 N/ A6 o        "max_objects": -1
    },
5 E( Q+ r# W3 X  B; _6 d( R    "temp_url_keys": [],
    "type": "rgw",
    "mfa_ids": []
}
设置dashboard凭证

( O; \; {4 Y, u# r8 w) b! Q! s3 t/ `[root@cephnode01 ~]# ceph dashboard set-rgw-api-access-key WG9W5O9O11TGGOLU6OD2
8 I1 y7 m/ o+ H. s2 p/ eOption RGW_API_ACCESS_KEY updated
[root@cephnode01 ~]# ceph dashboard set-rgw-api-secret-key h2DfrWvlS4NMkdgGin4g6OB6Z50F1VNmhRCRQo3W
Option RGW_API_SECRET_KEY updated
设置禁用证书验证、http访问方式及使用admin账号

ceph dashboard set-rgw-api-ssl-verify False
ceph dashboard set-rgw-api-scheme http
) E3 y' b& s2 }' k# Rceph dashboard set-rgw-api-host 10.15.253.225
# Z* M: D$ S. D( [ceph dashboard set-rgw-api-port 80
8 L" X/ k2 y5 p5 u( |/ Y" rceph dashboard set-rgw-api-user-id admin
重启RGW

& B3 x3 r% ^) z0 t. W4 f& b9 a' Tceph orch restart rgw
" f4 m4 P( C- s. t: r