Interface Kaydinta Kontaynarrada (CSI) waa isku xidhka midaysan ee u dhexeeya Kubernetes iyo nidaamyada kaydinta. Horay ayaanu uga hadalnay si kooban
Maqaalku wuxuu bixiyaa tusaalooyin dhab ah, in kasta oo la fududeeyay si loo fududeeyo aragtida. Ma tixgelineyno rakibidda iyo habeynta kooxaha Ceph iyo Kubernetes.
Ma la yaaban tahay sida ay u shaqeyso?
Markaa, waxaad farahaaga ku haysaa koox Kubernetes ah, oo la diray, tusaale ahaan,
Haddii waxaas oo dhan aad haysatid, ina keen!
Marka hore, aan tagno mid ka mid ah qanjidhada kooxda Ceph oo hubi in wax walba ay hagaagsan yihiin:
ceph health
ceph -s
Marka xigta, waxaanu isla markiiba u abuuri doonaa barkad saxannada RBD:
ceph osd pool create kube 32
ceph osd pool application enable kube rbd
Aan u gudubno kooxda Kubernetes. Halkaa, marka hore, waxaanu ku rakibi doonaa darawalka Ceph CSI ee RBD. Waxaan ku rakibi doonaa, sida la filayo, iyada oo loo marayo Helm.
Waxaan ku darnaa kayd shax leh, waxaanu helnaa doorsoomayaal jaantuska ceph-csi-rbd:
helm repo add ceph-csi https://ceph.github.io/csi-charts
helm inspect values ceph-csi/ceph-csi-rbd > cephrbd.yml
Hadda waxaad u baahan tahay inaad buuxiso faylka cephrbd.yml. Si tan loo sameeyo, ogow aqoonsiga kooxda iyo ciwaanka IP-ga ee kormeerayaasha Ceph:
ceph fsid # ΡΠ°ΠΊ ΠΌΡ ΡΠ·Π½Π°Π΅ΠΌ clusterID
ceph mon dump # Π° ΡΠ°ΠΊ ΡΠ²ΠΈΠ΄ΠΈΠΌ IP-Π°Π΄ΡΠ΅ΡΠ° ΠΌΠΎΠ½ΠΈΡΠΎΡΠΎΠ²
Waxaan galeynaa qiyamka la helay faylka cephrbd.yml. Isla mar ahaantaana, waxaan awoodnaa abuurista siyaasadaha PSP (Pod Security Policy). Ikhtiyaarada qaybaha nodeplugin ΠΈ bixiye mar horeba faylka, waa la sixi karaa sida hoos ku cad:
csiConfig:
- clusterID: "bcd0d202-fba8-4352-b25d-75c89258d5ab"
monitors:
- "v2:172.18.8.5:3300/0,v1:172.18.8.5:6789/0"
- "v2:172.18.8.6:3300/0,v1:172.18.8.6:6789/0"
- "v2:172.18.8.7:3300/0,v1:172.18.8.7:6789/0"
nodeplugin:
podSecurityPolicy:
enabled: true
provisioner:
podSecurityPolicy:
enabled: true
Marka xigta, waxa noo hadhay oo dhan waa in aan ku rakibno jaantuska kooxda Kubernetes.
helm upgrade -i ceph-csi-rbd ceph-csi/ceph-csi-rbd -f cephrbd.yml -n ceph-csi-rbd --create-namespace
Way fiicantahay, darawalka RBD wuu shaqeeyaa!
Aynu ka abuurno fasalka kaydinta cusub ee Kubernetes. Tani waxay mar kale u baahan tahay xoogaa ka-fiirsi ah Ceph.
Waxaan ku abuurnay isticmaale cusub Ceph waxaanan siinaa xuquuq uu ku qoro barkada cube:
ceph auth get-or-create client.rbdkube mon 'profile rbd' osd 'profile rbd pool=kube'
Hadda aan aragno furaha gelitaanka oo weli jira:
ceph auth get-key client.rbdkube
Amarku wuxuu soo saari doonaa wax sidan oo kale ah:
AQCO9NJbhYipKRAAMqZsnqqS/T8OYQX20xIa9A==
Aynu ku darno qiimahan sirta ah ee kutlada Kubernetes - halka aan uga baahanahay userKey:
---
apiVersion: v1
kind: Secret
metadata:
name: csi-rbd-secret
namespace: ceph-csi-rbd
stringData:
# ΠΠ½Π°ΡΠ΅Π½ΠΈΡ ΠΊΠ»ΡΡΠ΅ΠΉ ΡΠΎΠΎΡΠ²Π΅ΡΡΡΠ²ΡΡΡ ΠΈΠΌΠ΅Π½ΠΈ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ ΠΈ Π΅Π³ΠΎ ΠΊΠ»ΡΡΡ, ΠΊΠ°ΠΊ ΡΠΊΠ°Π·Π°Π½ΠΎ Π²
# ΠΊΠ»Π°ΡΡΠ΅ΡΠ΅ Ceph. ID ΡΠ·Π΅ΡΠ° Π΄ΠΎΠ»ΠΆΠ΅Π½ ΠΈΠΌΠ΅ΡΡ Π΄ΠΎΡΡΡΠΏ ΠΊ ΠΏΡΠ»Ρ,
# ΡΠΊΠ°Π·Π°Π½Π½ΠΎΠΌΡ Π² storage class
userID: rbdkube
userKey: <user-key>
Oo waxaan abuurnaa sirtayada:
kubectl apply -f secret.yaml
Marka xigta, waxaan u baahanahay muujinta heerka kaydinta wax sidan oo kale ah:
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-rbd-sc
provisioner: rbd.csi.ceph.com
parameters:
clusterID: <cluster-id>
pool: kube
imageFeatures: layering
# ΠΡΠΈ ΡΠ΅ΠΊΡΠ΅ΡΡ Π΄ΠΎΠ»ΠΆΠ½Ρ ΡΠΎΠ΄Π΅ΡΠΆΠ°ΡΡ Π΄Π°Π½Π½ΡΠ΅ Π΄Π»Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ
# Π² Π²Π°Ρ ΠΏΡΠ».
csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret
csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-rbd
csi.storage.k8s.io/controller-expand-secret-name: csi-rbd-secret
csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-rbd
csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret
csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-rbd
csi.storage.k8s.io/fstype: ext4
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
- discard
Waxay u baahan tahay in la buuxiyo clusterID, taas oo aan horay uga baranay kooxda ceph fsid, oo ku dabaq bayaankan kutlada Kubernetes:
kubectl apply -f storageclass.yaml
Si loo hubiyo sida kooxuhu u wada shaqeeyaan, aynu abuurno PVC-ga soo socda ( Sheegashada Mugga Joogtada ah):
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rbd-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: csi-rbd-sc
Aynu isla markiiba aragno sida Kubernetes u abuuray mugga la codsaday ee Ceph:
kubectl get pvc
kubectl get pv
Wax walba waxay u muuqdaan inay weyn yihiin! Maxay tani u egtahay dhanka Ceph?
Waxaan ka helnaa liiska mugga barkadda oo aan aragno macluumaadka ku saabsan muggayaga:
rbd ls -p kube
rbd -p kube info csi-vol-eb3d257d-8c6c-11ea-bff5-6235e7640653 # ΡΡΡ, ΠΊΠΎΠ½Π΅ΡΠ½ΠΎ ΠΆΠ΅, Π±ΡΠ΄Π΅Ρ Π΄ΡΡΠ³ΠΎΠΉ ID ΡΠΎΠΌΠ°, ΠΊΠΎΡΠΎΡΡΠΉ Π²ΡΠ΄Π°Π»Π° ΠΏΡΠ΅Π΄ΡΠ΄ΡΡΠ°Ρ ΠΊΠΎΠΌΠ°Π½Π΄Π°
Hadda aan aragno sida wax u beddelka mugga RBD u shaqeeyo.
U beddel cabbirka mugga ee pvc.yaml muujinta una beddel 2Gi oo adeegso:
kubectl apply -f pvc.yaml
Aynu sugno isbeddellada si ay u dhaqan galaan oo aan eegno xajmiga mugga mar labaad.
rbd -p kube info csi-vol-eb3d257d-8c6c-11ea-bff5-6235e7640653
kubectl get pv
kubectl get pvc
Waxaan aragnaa in cabbirka PVC uusan isbeddelin. Si aad u ogaato sababta, waxaad waydiin kartaa Kubernetes sharaxaadda YAML ee PVC:
kubectl get pvc rbd-pvc -o yaml
Waa kan dhibaatadu:
fariinta: Sugitaanka isticmaalaha inuu (dib u) bilaabo boodh si uu u dhameeyo habka faylalka cabbirka mugga dushiisa. nooca: FileSystemResizePending
Taasi waa, saxanku wuu koray, laakiin nidaamka faylalka ku yaal ma uusan helin.
Si aad u koraan nidaamka faylka, waxaad u baahan tahay inaad kor u qaaddo mugga. Wadankeena, PVC/PV-ga la sameeyay hadda sinaba looma isticmaalo.
Waxaan samayn karnaa qalab tijaabo ah, tusaale ahaan sidan oo kale:
---
apiVersion: v1
kind: Pod
metadata:
name: csi-rbd-demo-pod
spec:
containers:
- name: web-server
image: nginx:1.17.6
volumeMounts:
- name: mypvc
mountPath: /data
volumes:
- name: mypvc
persistentVolumeClaim:
claimName: rbd-pvc
readOnly: false
Oo hadda aynu eegno PVC:
kubectl get pvc
Cabbirku wuu is beddelay, wax walba waa hagaagsan yihiin.
Qeybta hore, waxaan la shaqeynay qalabka RBD block (waxay u taagan tahay Rados Block Device), laakiin tan lama samayn karo haddii adeegayaal kala duwan ay u baahan yihiin inay la shaqeeyaan diskkan isku mar. CephFS aad ayey ugu habboon tahay in lagu shaqeeyo faylasha halkii laga isticmaali lahaa sawirada diskka.
Isticmaalka tusaalaha kooxaha Ceph iyo Kubernetes, waxaanu habayn doonaa CSI iyo hay'adaha kale ee lagama maarmaanka ah si ay ula shaqeeyaan CephFS.
Aynu ka helno qiyamka shaxda cusub ee Helm ee aan u baahanahay:
helm inspect values ceph-csi/ceph-csi-cephfs > cephfs.yml
Mar labaad waxaad u baahan tahay inaad buuxiso faylka cephfs.yml. Sidii hore, amarada Ceph ayaa ku caawin doona:
ceph fsid
ceph mon dump
Ku buuxi feylka qiyamka sidan oo kale ah:
csiConfig:
- clusterID: "bcd0d202-fba8-4352-b25d-75c89258d5ab"
monitors:
- "172.18.8.5:6789"
- "172.18.8.6:6789"
- "172.18.8.7:6789"
nodeplugin:
httpMetrics:
enabled: true
containerPort: 8091
podSecurityPolicy:
enabled: true
provisioner:
replicaCount: 1
podSecurityPolicy:
enabled: true
Fadlan ogow in ciwaanada kormeeruhu ay ku qoran yihiin cinwaanka foomka fudud: port. Si aad ugu dhejiso cephf-yada qanjirada, ciwaanadan waxaa loo gudbiyaa qaybta kernel-ka, kaas oo aan wali garanayn sida loogu shaqeeyo borotokoolka kormeeraha v2.
Waxaan u beddelnaa dekedda httpMetrics (Prometheus wuxuu aadi doonaa halkaas si loo kormeero metrics) si aysan u khilaafin nginx-proxy, kaas oo lagu rakibay Kubespray. Waxaa laga yaabaa inaadan u baahnayn tan.
Ku rakib shaxda Helm ee kutlada Kubernetes:
helm upgrade -i ceph-csi-cephfs ceph-csi/ceph-csi-cephfs -f cephfs.yml -n ceph-csi-cephfs --create-namespace
Aan tagno dukaanka xogta Ceph si aan halkaas ugu abuurno isticmaale gooni ah. Dukumeentigu wuxuu sheegayaa in bixiyaha CephFS uu u baahan yahay xuquuqaha gelitaanka maamulaha kooxda. Laakiin waxaan abuuri doonaa isticmaale gaar ah fs leh xuquuq xaddidan:
ceph auth get-or-create client.fs mon 'allow r' mgr 'allow rw' mds 'allow rws' osd 'allow rw pool=cephfs_data, allow rw pool=cephfs_metadata'
Oo aan isla markiiba eegno furihiisa gelitaanka, waxaanu u baahan doonaa hadhow:
ceph auth get-key client.fs
Aynu abuurno sir gaar ah iyo fasal kaydin.
Wax cusub ma jiraan, waxaan hore ugu aragnay tan tusaalaha RBD:
---
apiVersion: v1
kind: Secret
metadata:
name: csi-cephfs-secret
namespace: ceph-csi-cephfs
stringData:
# ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ Π΄Π»Ρ Π΄ΠΈΠ½Π°ΠΌΠΈΡΠ΅ΡΠΊΠΈ ΡΠΎΠ·Π΄Π°Π²Π°Π΅ΠΌΡΡ
ΡΠΎΠΌΠΎΠ²
adminID: fs
adminKey: <Π²ΡΠ²ΠΎΠ΄ ΠΏΡΠ΅Π΄ΡΠ΄ΡΡΠ΅ΠΉ ΠΊΠΎΠΌΠ°Π½Π΄Ρ>
Codsiga muujinta:
kubectl apply -f secret.yaml
Oo hadda - Class Kaydinta gaar ah:
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-cephfs-sc
provisioner: cephfs.csi.ceph.com
parameters:
clusterID: <cluster-id>
# ΠΠΌΡ ΡΠ°ΠΉΠ»ΠΎΠ²ΠΎΠΉ ΡΠΈΡΡΠ΅ΠΌΡ CephFS, Π² ΠΊΠΎΡΠΎΡΠΎΠΉ Π±ΡΠ΄Π΅Ρ ΡΠΎΠ·Π΄Π°Π½ ΡΠΎΠΌ
fsName: cephfs
# (Π½Π΅ΠΎΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ) ΠΡΠ» Ceph, Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π±ΡΠ΄ΡΡ Ρ
ΡΠ°Π½ΠΈΡΡΡΡ Π΄Π°Π½Π½ΡΠ΅ ΡΠΎΠΌΠ°
# pool: cephfs_data
# (Π½Π΅ΠΎΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ) Π Π°Π·Π΄Π΅Π»Π΅Π½Π½ΡΠ΅ Π·Π°ΠΏΡΡΡΠΌΠΈ ΠΎΠΏΡΠΈΠΈ ΠΌΠΎΠ½ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ Π΄Π»Ρ Ceph-fuse
# Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ:
# fuseMountOptions: debug
# (Π½Π΅ΠΎΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ) Π Π°Π·Π΄Π΅Π»Π΅Π½Π½ΡΠ΅ Π·Π°ΠΏΡΡΡΠΌΠΈ ΠΎΠΏΡΠΈΠΈ ΠΌΠΎΠ½ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ CephFS Π΄Π»Ρ ΡΠ΄ΡΠ°
# Π‘ΠΌ. man mount.ceph ΡΡΠΎΠ±Ρ ΡΠ·Π½Π°ΡΡ ΡΠΏΠΈΡΠΎΠΊ ΡΡΠΈΡ
ΠΎΠΏΡΠΈΠΉ. ΠΠ°ΠΏΡΠΈΠΌΠ΅Ρ:
# kernelMountOptions: readdir_max_bytes=1048576,norbytes
# Π‘Π΅ΠΊΡΠ΅ΡΡ Π΄ΠΎΠ»ΠΆΠ½Ρ ΡΠΎΠ΄Π΅ΡΠΆΠ°ΡΡ Π΄ΠΎΡΡΡΠΏΡ Π΄Π»Ρ Π°Π΄ΠΌΠΈΠ½Π° ΠΈ/ΠΈΠ»ΠΈ ΡΠ·Π΅ΡΠ° Ceph.
csi.storage.k8s.io/provisioner-secret-name: csi-cephfs-secret
csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-cephfs
csi.storage.k8s.io/controller-expand-secret-name: csi-cephfs-secret
csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-cephfs
csi.storage.k8s.io/node-stage-secret-name: csi-cephfs-secret
csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-cephfs
# (Π½Π΅ΠΎΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ) ΠΡΠ°ΠΉΠ²Π΅Ρ ΠΌΠΎΠΆΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π»ΠΈΠ±ΠΎ ceph-fuse (fuse),
# Π»ΠΈΠ±ΠΎ ceph kernelclient (kernel).
# ΠΡΠ»ΠΈ Π½Π΅ ΡΠΊΠ°Π·Π°Π½ΠΎ, Π±ΡΠ΄Π΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡΡΡ ΠΌΠΎΠ½ΡΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ ΡΠΎΠΌΠΎΠ² ΠΏΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ,
# ΡΡΠΎ ΠΎΠΏΡΠ΅Π΄Π΅Π»ΡΠ΅ΡΡΡ ΠΏΠΎΠΈΡΠΊΠΎΠΌ ceph-fuse ΠΈ mount.ceph
# mounter: kernel
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
- debug
Aan ku buuxino halkan clusterID oo lagu dabaqi karo Kubernetes:
kubectl apply -f storageclass.yaml
kormeerka
Si loo hubiyo, sida tusaalihii hore, aan abuurno PVC:
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: csi-cephfs-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
storageClassName: csi-cephfs-sc
Oo hubi joogitaanka PVC/PV:
kubectl get pvc
kubectl get pv
Haddii aad rabto inaad eegto faylasha iyo hagayaasha CephFS, waxaad ku dhejin kartaa nidaamka faylkan meel. Tusaale ahaan sida hoos ku cad.
Aan tagno mid ka mid ah qanjidhada kooxda Ceph oo aan samayno falalka soo socda:
# Π’ΠΎΡΠΊΠ° ΠΌΠΎΠ½ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ
mkdir -p /mnt/cephfs
# Π‘ΠΎΠ·Π΄Π°ΡΠΌ ΡΠ°ΠΉΠ» Ρ ΠΊΠ»ΡΡΠΎΠΌ Π°Π΄ΠΌΠΈΠ½ΠΈΡΡΡΠ°ΡΠΎΡΠ°
ceph auth get-key client.admin >/etc/ceph/secret.key
# ΠΠΎΠ±Π°Π²Π»ΡΠ΅ΠΌ Π·Π°ΠΏΠΈΡΡ Π² /etc/fstab
# !! ΠΠ·ΠΌΠ΅Π½ΡΠ΅ΠΌ ip Π°Π΄ΡΠ΅Ρ Π½Π° Π°Π΄ΡΠ΅Ρ Π½Π°ΡΠ΅Π³ΠΎ ΡΠ·Π»Π°
echo "172.18.8.6:6789:/ /mnt/cephfs ceph name=admin,secretfile=/etc/ceph/secret.key,noatime,_netdev 0 2" >> /etc/fstab
mount /mnt/cephfs
Dabcan, ku dhejinta FS on Ceph noode sidan oo kale ah waxay ku habboon tahay oo kaliya ujeedooyinka tababarka, taas oo ah waxa aan ku sameyneyno annaga.
Ugu dambayntii, aan eegno sida ay arrimuhu ula shaqeeyaan dib-u-habaynta mugga kiiska CephFS. Aan ku soo laabano Kubernetes oo aan wax ka beddelno caddayntayada PVC - kor u qaad cabbirka halkaas, tusaale ahaan, ilaa 7Gi.
Aynu adeegsano faylka la tafatiray:
kubectl apply -f pvc.yaml
Aynu eegno hagaha rakiban si aan u aragno sida kootada isu beddeshay:
getfattr -n ceph.quota.max_bytes <ΠΊΠ°ΡΠ°Π»ΠΎΠ³-Ρ-Π΄Π°Π½Π½ΡΠΌΠΈ>
Si amarkani u shaqeeyo, waxaa laga yaabaa inaad u baahato inaad xirmada ku rakibto nidaamkaaga attr.
Indhuhu way cabsanayaan, laakiinse gacmihii waa cabsadeen
Dhammaan xarfahan iyo calaamadaha YAML ee dhaadheer waxay u muuqdaan kuwo adag oo dusha sare ah, laakiin ficil ahaan, ardayda Slurm waxay si dhakhso ah u helaan iyaga.
Maqaalkani ma aanan si qoto dheer u gelin hawdka - waxaa jira dukumeenti rasmi ah taas. Haddii aad xiisaynayso faahfaahinta dejinta kaydinta Ceph ee kutlada Kubernetes, xidhiidhadan ayaa ku caawin doona:
Koorsada Slurm
Oo haddii aad aad u xiisaynayso kaydinta xogta, ka dibna saxiix
Qoraaga maqaalka: Alexander Shvalov, injineer ku takhasusay
Source: www.habr.com