1、背景
在前面写了一篇配置ceph iscsi 网关的文章。这篇文章里面详细介绍了ceph iscsi 网关配置的步骤,但是由于篇幅原因,没有记录配置网关过程遇到的问题以及解决办法(个人认为一篇文章太长,不利于读者阅读和内化。阅读时间建议控制在5min以内,是比较好的)。所以,专门写一篇文章来澄清配置网关过程遇到的问题,是什么原因引起的,最后再说下怎么处理。这篇文章算是配置ceph iscsi 网关的姊妹篇吧。
2、配置ceph iscsi 网关遇到的问题&注意事项
2.1、在添加网关节点步骤中,如果你的操作不是RHEL/CentOS的话,那么请使用如下命令(否则报错):
cpp
cd iqn.1993-08.org.debian:01:823b6fd8f520:iscsi-igw/gateways
create jeffhe 192.168.237.128 skipchecks=true
create node02 192.168.237.132 skipchecks=true
create node03 192.168.237.132 skipchecks=true
2.2、创建iscsi 网关集群,一定要修改hosts,网关集群下面每一个节点都必须修改hosts文件。
否则可能出现下面两类错误。
2.2.1、报The first gateway defined must be the local machine
错误
可能有两个原因:
a.就是字面意思,添加第一个网关节点,一定要添加本地节点(切换下节点就好了)。
b.没有配置DNS,导致无法识别是否是本地节点。
2.2.2、报错如下:
Get gateway hostname failed : Unable to connect to api endpoint @ http://node02:5000/api/sysinfo/hostname Please check api_host setting and make sure host node02 IP is listening on port 5000
以上两种错误都是有可能是DNS配置问题。下面是我环境上面的DNS配置,给大家做个参考:
cpp
vi /etc/hosts
192.168.237.128 jeffhe
192.168.237.132 node02
192.168.237.133 node03
2.3 配置文件 /etc/ceph/iscsi-gateway.cfg
,缺失或者未配置,报如下错误:
cpp
REST API failure, code : 500
Unable to access the configuration object
Unable to contact the local API endpoint (https://localhost:5000/api)
原因:由于iscsi-gateway.cfg
配置文件缺失或者未配置,导致rbd-target-api 服务启动后没有监听5000端口,故报上述错误。建议按照官方文档,进行配置。为了方便阅读,这里也贴一下官方配置内容。
cpp
[config]
# Name of the Ceph storage cluster. A suitable Ceph configuration file allowing
# access to the Ceph storage cluster from the gateway node is required, if not
# colocated on an OSD node.
cluster_name = ceph
# Place a copy of the ceph cluster's admin keyring in the gateway's /etc/ceph
# directory and reference the filename here
gateway_keyring = ceph.client.admin.keyring
# API settings.
# The API supports a number of options that allow you to tailor it to your
# local environment. If you want to run the API under https, you will need to
# create cert/key files that are compatible for each iSCSI gateway node, that is
# not locked to a specific node. SSL cert and key files *must* be called
# 'iscsi-gateway.crt' and 'iscsi-gateway.key' and placed in the '/etc/ceph/' directory
# on *each* gateway node. With the SSL files in place, you can use 'api_secure = true'
# to switch to https mode.
# To support the API, the bare minimum settings are:
api_secure = false
# Additional API configuration options are as follows, defaults shown.
# api_user = admin
# api_password = admin
# api_port = 5001
trusted_ip_list = 192.168.237.128,192.168.237.132,192.168.237.133
新增配置文件后,一定要重启一下节点,否则要报如下错误(报错原因,暂不明确):
cpp
rbd-target-api.service: Start request repeated too quickly.
Sep 13 04:15:00 jeffhe systemd[1]: rbd-target-api.service: Failed with result 'exit-code'.
重启节点后,rbd-target-api服务就可以正常启动,并且能否成功监听5000端口了。
iscsi 网关下每一个节点,都需要新增iscsi-gateway.cfg
配置,否则报错如下(与2.2.2节未配置hosts文件报错类似):
cpp
Get gateway hostname failed : Unable to connect to api endpoint @ http://node03:5000/api/sysinfo/hostname
Please check api_host setting and make sure host node03 IP is listening on port 5000
具体原因是:如果某个节点没有这个配置文件,那么那个节点的rbd-target-api服务将无法正常监听5000端口,就不能将这个节点添加到集群。例如,在jeffhe节点通过gwcli工具进行iscsi网关配置,想要将node02节点添加到同一网关下面。jeffhe需要与node02节点的5000端口通讯,进行协商&校验后,才能成功将node02节点添加到网关下面。