ProHoster > Π‘Π»ΠΎΠ³ > Maamulka > Tusaalaha wax ku oolka ah ee isku xidhka kaydinta ku salaysan Ceph iyo kutlada Kubernetes

Tusaalaha wax ku oolka ah ee isku xidhka kaydinta ku salaysan Ceph iyo kutlada Kubernetes

Interface Kaydinta Kontaynarrada (CSI) waa isku xidhka midaysan ee u dhexeeya Kubernetes iyo nidaamyada kaydinta. Horay ayaanu uga hadalnay si kooban sheegay, maantana waxaan si dhow u eegi doonaa isku dhafka CSI iyo Ceph: waxaan tusi doonaa sida isku xidh kaydinta Ceph ilaa kooxda Kubernetes.
Maqaalku wuxuu bixiyaa tusaalooyin dhab ah, in kasta oo la fududeeyay si loo fududeeyo aragtida. Ma tixgelineyno rakibidda iyo habeynta kooxaha Ceph iyo Kubernetes.

Ma la yaaban tahay sida ay u shaqeyso?

Tusaalaha wax ku oolka ah ee isku xidhka kaydinta ku salaysan Ceph iyo kutlada Kubernetes

Markaa, waxaad farahaaga ku haysaa koox Kubernetes ah, oo la diray, tusaale ahaan, kubespray. Waxaa jira koox Ceph ah oo ka shaqeysa meel u dhow - waxaad sidoo kale ku rakibi kartaa, tusaale ahaan, tan buug-ciyaareedyo. Waxaan rajeynayaa in aysan jirin baahi loo qabo in la sheego in wax soo saarka dhexdooda ay tahay in ay jiraan shabakad leh xajmiga xajmiga ugu yaraan 10 Gbit / s.

Haddii waxaas oo dhan aad haysatid, ina keen!

Marka hore, aan tagno mid ka mid ah qanjidhada kooxda Ceph oo hubi in wax walba ay hagaagsan yihiin:

ceph health
ceph -s

Marka xigta, waxaanu isla markiiba u abuuri doonaa barkad saxannada RBD:

ceph osd pool create kube 32
ceph osd pool application enable kube rbd

Aan u gudubno kooxda Kubernetes. Halkaa, marka hore, waxaanu ku rakibi doonaa darawalka Ceph CSI ee RBD. Waxaan ku rakibi doonaa, sida la filayo, iyada oo loo marayo Helm.
Waxaan ku darnaa kayd shax leh, waxaanu helnaa doorsoomayaal jaantuska ceph-csi-rbd:

helm repo add ceph-csi https://ceph.github.io/csi-charts
helm inspect values ceph-csi/ceph-csi-rbd > cephrbd.yml

Hadda waxaad u baahan tahay inaad buuxiso faylka cephrbd.yml. Si tan loo sameeyo, ogow aqoonsiga kooxda iyo ciwaanka IP-ga ee kormeerayaasha Ceph:

ceph fsid  # Ρ‚Π°ΠΊ ΠΌΡ‹ ΡƒΠ·Π½Π°Π΅ΠΌ clusterID
ceph mon dump  # Π° Ρ‚Π°ΠΊ ΡƒΠ²ΠΈΠ΄ΠΈΠΌ IP-адрСса ΠΌΠΎΠ½ΠΈΡ‚ΠΎΡ€ΠΎΠ²

Waxaan galeynaa qiyamka la helay faylka cephrbd.yml. Isla mar ahaantaana, waxaan awoodnaa abuurista siyaasadaha PSP (Pod Security Policy). Ikhtiyaarada qaybaha nodeplugin ΠΈ bixiye mar horeba faylka, waa la sixi karaa sida hoos ku cad:

csiConfig:
  - clusterID: "bcd0d202-fba8-4352-b25d-75c89258d5ab"
    monitors:
      - "v2:172.18.8.5:3300/0,v1:172.18.8.5:6789/0"
      - "v2:172.18.8.6:3300/0,v1:172.18.8.6:6789/0"
      - "v2:172.18.8.7:3300/0,v1:172.18.8.7:6789/0"

nodeplugin:
  podSecurityPolicy:
    enabled: true

provisioner:
  podSecurityPolicy:
    enabled: true

Marka xigta, waxa noo hadhay oo dhan waa in aan ku rakibno jaantuska kooxda Kubernetes.

helm upgrade -i ceph-csi-rbd ceph-csi/ceph-csi-rbd -f cephrbd.yml -n ceph-csi-rbd --create-namespace

Way fiicantahay, darawalka RBD wuu shaqeeyaa!
Aynu ka abuurno fasalka kaydinta cusub ee Kubernetes. Tani waxay mar kale u baahan tahay xoogaa ka-fiirsi ah Ceph.

Waxaan ku abuurnay isticmaale cusub Ceph waxaanan siinaa xuquuq uu ku qoro barkada cube:

ceph auth get-or-create client.rbdkube mon 'profile rbd' osd 'profile rbd pool=kube'

Hadda aan aragno furaha gelitaanka oo weli jira:

ceph auth get-key client.rbdkube

Amarku wuxuu soo saari doonaa wax sidan oo kale ah:

AQCO9NJbhYipKRAAMqZsnqqS/T8OYQX20xIa9A==

Aynu ku darno qiimahan sirta ah ee kutlada Kubernetes - halka aan uga baahanahay userKey:

---
apiVersion: v1
kind: Secret
metadata:
  name: csi-rbd-secret
  namespace: ceph-csi-rbd
stringData:
  # ЗначСния ΠΊΠ»ΡŽΡ‡Π΅ΠΉ ΡΠΎΠΎΡ‚Π²Π΅Ρ‚ΡΡ‚Π²ΡƒΡŽΡ‚ ΠΈΠΌΠ΅Π½ΠΈ ΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚Π΅Π»Ρ ΠΈ Π΅Π³ΠΎ ΠΊΠ»ΡŽΡ‡Ρƒ, ΠΊΠ°ΠΊ ΡƒΠΊΠ°Π·Π°Π½ΠΎ Π²
  # кластСрС Ceph. ID ΡŽΠ·Π΅Ρ€Π° Π΄ΠΎΠ»ΠΆΠ΅Π½ ΠΈΠΌΠ΅Ρ‚ΡŒ доступ ΠΊ ΠΏΡƒΠ»Ρƒ,
  # ΡƒΠΊΠ°Π·Π°Π½Π½ΠΎΠΌΡƒ Π² storage class
  userID: rbdkube
  userKey: <user-key>

Oo waxaan abuurnaa sirtayada:

kubectl apply -f secret.yaml

Marka xigta, waxaan u baahanahay muujinta heerka kaydinta wax sidan oo kale ah:

---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
   name: csi-rbd-sc
provisioner: rbd.csi.ceph.com
parameters:
   clusterID: <cluster-id>
   pool: kube

   imageFeatures: layering

   # Π­Ρ‚ΠΈ сСкрСты Π΄ΠΎΠ»ΠΆΠ½Ρ‹ ΡΠΎΠ΄Π΅Ρ€ΠΆΠ°Ρ‚ΡŒ Π΄Π°Π½Π½Ρ‹Π΅ для Π°Π²Ρ‚ΠΎΡ€ΠΈΠ·Π°Ρ†ΠΈΠΈ
   # Π² ваш ΠΏΡƒΠ».
   csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret
   csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-rbd
   csi.storage.k8s.io/controller-expand-secret-name: csi-rbd-secret
   csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-rbd
   csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret
   csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-rbd

   csi.storage.k8s.io/fstype: ext4

reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
  - discard

Waxay u baahan tahay in la buuxiyo clusterID, taas oo aan horay uga baranay kooxda ceph fsid, oo ku dabaq bayaankan kutlada Kubernetes:

kubectl apply -f storageclass.yaml

Si loo hubiyo sida kooxuhu u wada shaqeeyaan, aynu abuurno PVC-ga soo socda ( Sheegashada Mugga Joogtada ah):

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: rbd-pvc
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: csi-rbd-sc

Aynu isla markiiba aragno sida Kubernetes u abuuray mugga la codsaday ee Ceph:

kubectl get pvc
kubectl get pv

Wax walba waxay u muuqdaan inay weyn yihiin! Maxay tani u egtahay dhanka Ceph?
Waxaan ka helnaa liiska mugga barkadda oo aan aragno macluumaadka ku saabsan muggayaga:

rbd ls -p kube
rbd -p kube info csi-vol-eb3d257d-8c6c-11ea-bff5-6235e7640653  # Ρ‚ΡƒΡ‚, ΠΊΠΎΠ½Π΅Ρ‡Π½ΠΎ ΠΆΠ΅, Π±ΡƒΠ΄Π΅Ρ‚ Π΄Ρ€ΡƒΠ³ΠΎΠΉ ID Ρ‚ΠΎΠΌΠ°, ΠΊΠΎΡ‚ΠΎΡ€Ρ‹ΠΉ Π²Ρ‹Π΄Π°Π»Π° прСдыдущая ΠΊΠΎΠΌΠ°Π½Π΄Π°

Hadda aan aragno sida wax u beddelka mugga RBD u shaqeeyo.
U beddel cabbirka mugga ee pvc.yaml muujinta una beddel 2Gi oo adeegso:

kubectl apply -f pvc.yaml

Aynu sugno isbeddellada si ay u dhaqan galaan oo aan eegno xajmiga mugga mar labaad.

rbd -p kube info csi-vol-eb3d257d-8c6c-11ea-bff5-6235e7640653

kubectl get pv
kubectl get pvc

Waxaan aragnaa in cabbirka PVC uusan isbeddelin. Si aad u ogaato sababta, waxaad waydiin kartaa Kubernetes sharaxaadda YAML ee PVC:

kubectl get pvc rbd-pvc -o yaml

Waa kan dhibaatadu:

fariinta: Sugitaanka isticmaalaha inuu (dib u) bilaabo boodh si uu u dhameeyo habka faylalka cabbirka mugga dushiisa. nooca: FileSystemResizePending

Taasi waa, saxanku wuu koray, laakiin nidaamka faylalka ku yaal ma uusan helin.
Si aad u koraan nidaamka faylka, waxaad u baahan tahay inaad kor u qaaddo mugga. Wadankeena, PVC/PV-ga la sameeyay hadda sinaba looma isticmaalo.

Waxaan samayn karnaa qalab tijaabo ah, tusaale ahaan sidan oo kale:

---
apiVersion: v1
kind: Pod
metadata:
  name: csi-rbd-demo-pod
spec:
  containers:
    - name: web-server
      image: nginx:1.17.6
      volumeMounts:
        - name: mypvc
          mountPath: /data
  volumes:
    - name: mypvc
      persistentVolumeClaim:
        claimName: rbd-pvc
        readOnly: false

Oo hadda aynu eegno PVC:

kubectl get pvc

Cabbirku wuu is beddelay, wax walba waa hagaagsan yihiin.

Qeybta hore, waxaan la shaqeynay qalabka RBD block (waxay u taagan tahay Rados Block Device), laakiin tan lama samayn karo haddii adeegayaal kala duwan ay u baahan yihiin inay la shaqeeyaan diskkan isku mar. CephFS aad ayey ugu habboon tahay in lagu shaqeeyo faylasha halkii laga isticmaali lahaa sawirada diskka.
Isticmaalka tusaalaha kooxaha Ceph iyo Kubernetes, waxaanu habayn doonaa CSI iyo hay'adaha kale ee lagama maarmaanka ah si ay ula shaqeeyaan CephFS.

Aynu ka helno qiyamka shaxda cusub ee Helm ee aan u baahanahay:

helm inspect values ceph-csi/ceph-csi-cephfs > cephfs.yml

Mar labaad waxaad u baahan tahay inaad buuxiso faylka cephfs.yml. Sidii hore, amarada Ceph ayaa ku caawin doona:

ceph fsid
ceph mon dump

Ku buuxi feylka qiyamka sidan oo kale ah:

csiConfig:
  - clusterID: "bcd0d202-fba8-4352-b25d-75c89258d5ab"
    monitors:
      - "172.18.8.5:6789"
      - "172.18.8.6:6789"
      - "172.18.8.7:6789"

nodeplugin:
  httpMetrics:
    enabled: true
    containerPort: 8091
  podSecurityPolicy:
    enabled: true

provisioner:
  replicaCount: 1
  podSecurityPolicy:
    enabled: true

Fadlan ogow in ciwaanada kormeeruhu ay ku qoran yihiin cinwaanka foomka fudud: port. Si aad ugu dhejiso cephf-yada qanjirada, ciwaanadan waxaa loo gudbiyaa qaybta kernel-ka, kaas oo aan wali garanayn sida loogu shaqeeyo borotokoolka kormeeraha v2.
Waxaan u beddelnaa dekedda httpMetrics (Prometheus wuxuu aadi doonaa halkaas si loo kormeero metrics) si aysan u khilaafin nginx-proxy, kaas oo lagu rakibay Kubespray. Waxaa laga yaabaa inaadan u baahnayn tan.

Ku rakib shaxda Helm ee kutlada Kubernetes:

helm upgrade -i ceph-csi-cephfs ceph-csi/ceph-csi-cephfs -f cephfs.yml -n ceph-csi-cephfs --create-namespace

Aan tagno dukaanka xogta Ceph si aan halkaas ugu abuurno isticmaale gooni ah. Dukumeentigu wuxuu sheegayaa in bixiyaha CephFS uu u baahan yahay xuquuqaha gelitaanka maamulaha kooxda. Laakiin waxaan abuuri doonaa isticmaale gaar ah fs leh xuquuq xaddidan:

ceph auth get-or-create client.fs mon 'allow r' mgr 'allow rw' mds 'allow rws' osd 'allow rw pool=cephfs_data, allow rw pool=cephfs_metadata'

Oo aan isla markiiba eegno furihiisa gelitaanka, waxaanu u baahan doonaa hadhow:

ceph auth get-key client.fs

Aynu abuurno sir gaar ah iyo fasal kaydin.
Wax cusub ma jiraan, waxaan hore ugu aragnay tan tusaalaha RBD:

---
apiVersion: v1
kind: Secret
metadata:
  name: csi-cephfs-secret
  namespace: ceph-csi-cephfs
stringData:
  # НСобходимо для динамичСски создаваСмых Ρ‚ΠΎΠΌΠΎΠ²
  adminID: fs
  adminKey: <Π²Ρ‹Π²ΠΎΠ΄ ΠΏΡ€Π΅Π΄Ρ‹Π΄ΡƒΡ‰Π΅ΠΉ ΠΊΠΎΠΌΠ°Π½Π΄Ρ‹>

Codsiga muujinta:

kubectl apply -f secret.yaml

Oo hadda - Class Kaydinta gaar ah:

---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: csi-cephfs-sc
provisioner: cephfs.csi.ceph.com
parameters:
  clusterID: <cluster-id>

  # Имя Ρ„Π°ΠΉΠ»ΠΎΠ²ΠΎΠΉ систСмы CephFS, Π² ΠΊΠΎΡ‚ΠΎΡ€ΠΎΠΉ Π±ΡƒΠ΄Π΅Ρ‚ создан Ρ‚ΠΎΠΌ
  fsName: cephfs

  # (Π½Π΅ΠΎΠ±ΡΠ·Π°Ρ‚Π΅Π»ΡŒΠ½ΠΎ) ΠŸΡƒΠ» Ceph, Π² ΠΊΠΎΡ‚ΠΎΡ€ΠΎΠΌ Π±ΡƒΠ΄ΡƒΡ‚ Ρ…Ρ€Π°Π½ΠΈΡ‚ΡŒΡΡ Π΄Π°Π½Π½Ρ‹Π΅ Ρ‚ΠΎΠΌΠ°
  # pool: cephfs_data

  # (Π½Π΅ΠΎΠ±ΡΠ·Π°Ρ‚Π΅Π»ΡŒΠ½ΠΎ) Π Π°Π·Π΄Π΅Π»Π΅Π½Π½Ρ‹Π΅ запятыми ΠΎΠΏΡ†ΠΈΠΈ монтирования для Ceph-fuse
  # Π½Π°ΠΏΡ€ΠΈΠΌΠ΅Ρ€:
  # fuseMountOptions: debug

  # (Π½Π΅ΠΎΠ±ΡΠ·Π°Ρ‚Π΅Π»ΡŒΠ½ΠΎ) Π Π°Π·Π΄Π΅Π»Π΅Π½Π½Ρ‹Π΅ запятыми ΠΎΠΏΡ†ΠΈΠΈ монтирования CephFS для ядра
  # Π‘ΠΌ. man mount.ceph Ρ‡Ρ‚ΠΎΠ±Ρ‹ ΡƒΠ·Π½Π°Ρ‚ΡŒ список этих ΠΎΠΏΡ†ΠΈΠΉ. НапримСр:
  # kernelMountOptions: readdir_max_bytes=1048576,norbytes

  # Π‘Π΅ΠΊΡ€Π΅Ρ‚Ρ‹ Π΄ΠΎΠ»ΠΆΠ½Ρ‹ ΡΠΎΠ΄Π΅Ρ€ΠΆΠ°Ρ‚ΡŒ доступы для Π°Π΄ΠΌΠΈΠ½Π° ΠΈ/ΠΈΠ»ΠΈ ΡŽΠ·Π΅Ρ€Π° Ceph.
  csi.storage.k8s.io/provisioner-secret-name: csi-cephfs-secret
  csi.storage.k8s.io/provisioner-secret-namespace: ceph-csi-cephfs
  csi.storage.k8s.io/controller-expand-secret-name: csi-cephfs-secret
  csi.storage.k8s.io/controller-expand-secret-namespace: ceph-csi-cephfs
  csi.storage.k8s.io/node-stage-secret-name: csi-cephfs-secret
  csi.storage.k8s.io/node-stage-secret-namespace: ceph-csi-cephfs

  # (Π½Π΅ΠΎΠ±ΡΠ·Π°Ρ‚Π΅Π»ΡŒΠ½ΠΎ) Π”Ρ€Π°ΠΉΠ²Π΅Ρ€ ΠΌΠΎΠΆΠ΅Ρ‚ ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚ΡŒ Π»ΠΈΠ±ΠΎ ceph-fuse (fuse), 
  # Π»ΠΈΠ±ΠΎ ceph kernelclient (kernel).
  # Если Π½Π΅ ΡƒΠΊΠ°Π·Π°Π½ΠΎ, Π±ΡƒΠ΄Π΅Ρ‚ ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚ΡŒΡΡ ΠΌΠΎΠ½Ρ‚ΠΈΡ€ΠΎΠ²Π°Π½ΠΈΠ΅ Ρ‚ΠΎΠΌΠΎΠ² ΠΏΠΎ ΡƒΠΌΠΎΠ»Ρ‡Π°Π½ΠΈΡŽ,
  # это опрСдСляСтся поиском ceph-fuse ΠΈ mount.ceph
  # mounter: kernel
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
  - debug

Aan ku buuxino halkan clusterID oo lagu dabaqi karo Kubernetes:

kubectl apply -f storageclass.yaml

kormeerka

Si loo hubiyo, sida tusaalihii hore, aan abuurno PVC:

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: csi-cephfs-pvc
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi
  storageClassName: csi-cephfs-sc

Oo hubi joogitaanka PVC/PV:

kubectl get pvc
kubectl get pv

Haddii aad rabto inaad eegto faylasha iyo hagayaasha CephFS, waxaad ku dhejin kartaa nidaamka faylkan meel. Tusaale ahaan sida hoos ku cad.

Aan tagno mid ka mid ah qanjidhada kooxda Ceph oo aan samayno falalka soo socda:

# Π’ΠΎΡ‡ΠΊΠ° монтирования
mkdir -p /mnt/cephfs

# Π‘ΠΎΠ·Π΄Π°Ρ‘ΠΌ Ρ„Π°ΠΉΠ» с ΠΊΠ»ΡŽΡ‡ΠΎΠΌ администратора
ceph auth get-key client.admin >/etc/ceph/secret.key

# ДобавляСм запись Π² /etc/fstab
# !! ИзмСняСм ip адрСс Π½Π° адрСс нашСго ΡƒΠ·Π»Π°
echo "172.18.8.6:6789:/ /mnt/cephfs ceph name=admin,secretfile=/etc/ceph/secret.key,noatime,_netdev    0       2" >> /etc/fstab

mount /mnt/cephfs

Dabcan, ku dhejinta FS on Ceph noode sidan oo kale ah waxay ku habboon tahay oo kaliya ujeedooyinka tababarka, taas oo ah waxa aan ku sameyneyno annaga. Koorsooyinka slurm. Uma maleynayo in qofna uu tan ku sameyn doono wax soo saarka; waxaa jira halis sare oo ah in si lama filaan ah loo tirtiro faylasha muhiimka ah.

Ugu dambayntii, aan eegno sida ay arrimuhu ula shaqeeyaan dib-u-habaynta mugga kiiska CephFS. Aan ku soo laabano Kubernetes oo aan wax ka beddelno caddayntayada PVC - kor u qaad cabbirka halkaas, tusaale ahaan, ilaa 7Gi.

Aynu adeegsano faylka la tafatiray:

kubectl apply -f pvc.yaml

Aynu eegno hagaha rakiban si aan u aragno sida kootada isu beddeshay:

getfattr -n ceph.quota.max_bytes <ΠΊΠ°Ρ‚Π°Π»ΠΎΠ³-с-Π΄Π°Π½Π½Ρ‹ΠΌΠΈ>

Si amarkani u shaqeeyo, waxaa laga yaabaa inaad u baahato inaad xirmada ku rakibto nidaamkaaga attr.

Indhuhu way cabsanayaan, laakiinse gacmihii waa cabsadeen

Dhammaan xarfahan iyo calaamadaha YAML ee dhaadheer waxay u muuqdaan kuwo adag oo dusha sare ah, laakiin ficil ahaan, ardayda Slurm waxay si dhakhso ah u helaan iyaga.
Maqaalkani ma aanan si qoto dheer u gelin hawdka - waxaa jira dukumeenti rasmi ah taas. Haddii aad xiisaynayso faahfaahinta dejinta kaydinta Ceph ee kutlada Kubernetes, xidhiidhadan ayaa ku caawin doona:

Mabaadi'da guud ee Kubernetes oo la shaqeynaya mugga
Dukumentiyada RBD
Isku dhafka RBD iyo Kubernetes ee dhinaca Ceph
Isku dhafka RBD iyo Kubernetes ee CSI
Dukumentiyada Guud ee CephFS
Isku dhafka CephFS iyo Kubernetes ee CSI

Koorsada Slurm Saldhigga Kubernetes Waxaad wax yar ka sii socon kartaa oo aad geyn kartaa codsi dhab ah Kubernetes kaas oo u isticmaali doona CephFS sida kaydinta faylka. Codsiyada GET/POST waxaad awoodi doontaa inaad u wareejiso faylasha oo aad ka hesho Ceph.

Oo haddii aad aad u xiisaynayso kaydinta xogta, ka dibna saxiix koorsada cusub ee Ceph. Iyadoo imtixaanka beta uu socdo, koorsada waxaa lagu heli karaa qiimo dhimis oo waxaad saameyn kartaa waxa ku jira.

Qoraaga maqaalka: Alexander Shvalov, injineer ku takhasusay Southbridge, Maamulaha Kubernetes Shahaadaysan, qoraa iyo horumariye koorsooyinka Slurm.

Source: www.habr.com