RGW多网关高可用部署
上一篇文章完成Ceph Cluster的搭建,这里基于上一个集群搭建RGW高可用负载均衡结构。
RGW涉及realm,zonggroup,zone:
- zone: 对应一个独立后端 ceph 集群;包含一个或多个rgw实例在。同一个zonegroup下,zone之间实现active-active模式,数据相互同步备份,提供灾备功能;
- zonegroup: 由一个或多个zone组成,其中同一个zonegroup下,所有object都在同一个名字空间下,具有独一无二的ID;
- realm: 由一个或多个zongegroup组成的全局唯一的空间。
配置pool:
数据分布:
- .rgw.root: 存放集群命名空间信息
- {zone}.rgw.control: watch/notify,如在RGWCache中就使用此处的object实现同步
- {zone}.rgw.meta: 存放用户的keys, mails, 账号等信息
- {zone}.rgw.log: 操作日志信息
- {zone}.rgw.buckets.index: object的索引信息,每个bucket,rados都会创建一个对象,其命名格式为:.dir.{bucket_id};object存放的内容为key-val结构,key为object,val为object的索引信息
- {zone}.rgw.buckets.data: object数据存放
注: 一般buckets.index会设置在高性能的pool上。
下面实施RGW网关的部署:
规划realm,zonegroup,zone: (sh,pd,upc)
图示:
RGW
创建pool:
#ceph daemon mon.luminous1 config set mon_max_pg_per_osd 6000
#ceph osd pool create .rgw.root 32 32
#ceph osd pool create upc.rgw.control 32 32
#ceph osd pool create upc.rgw.meta 32 32
#ceph osd pool create upc.rgw.log 32 32
#ceph osd pool create upc.rgw.buckets.index 32 32
#ceph osd pool create upc.rgw.buckets.data 32 32
使能pool:
#ceph osd pool application enable .rgw.root rgw
#ceph osd pool application enable upc.rgw.control rgw
#ceph osd pool application enable upc.rgw.meta rgw
#ceph osd pool application enable upc.rgw.log rgw
#ceph osd pool application enable upc.rgw.buckets.index rgw
#ceph osd pool application enable upc.rgw.buckets.data rgw
设置realm,zonegroup,zone:
#radosgw-admin realm create --rgw-realm=sh --default
#radosgw-admin zonegroup create --rgw-zonegroup=pd --rgw-realm=sh --master --default
#radosgw-admin zone create --rgw-zonegroup=pd --rgw-zone=upc --master --default
#radosgw-admin zone default --rgw-zonegroup=pd --rgw-zone=upc --rgw-realm=sh
#radosgw-admin period update --commit
防火墙配置:
rgw监听80端口,Haproxy监听443端口,Haproxy监控口8000:
#ansible ceph -m command -a "iptables -I INPUT -p tcp --dport 80 -j ACCEPT" -l luminous1,luminous2,luminous3
#ansible ceph -m command -a "iptables -I INPUT -p tcp --dport 443 -j ACCEPT" -l luminous1,luminous2,luminous3
#ansible ceph -m command -a "iptables -I INPUT -p tcp --dport 8000 -j ACCEPT" -l luminous1,luminous2,luminous3
#ansible ceph -m command -a "service iptables save" -l luminous1,luminous2,luminous3
在节点luminous1,luminous2,luminous3上部署rgw实例:
创建网关用户及keyring文件:
生成keyring文件
#ansible ceph -m command -a "ceph-authtool --create-keyring /etc/ceph/ceph.client.rgw.keyring" -l luminous1
生成key及用户
#ansible ceph -m command -a "ceph-authtool /etc/ceph/ceph.client.rgw.keyring -n client.rgw.luminous1 --gen-key" -l luminous1
绑定用户和key,以及添加权限信息
#ansible ceph -m command -a "ceph-authtool -n client.rgw.luminous1 --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.rgw.keyring" -l luminous1
用户及key的权限信息添加至集群
#ansible ceph -m command -a "ceph auth add client.rgw.luminous1 -i /etc/ceph/ceph.client.rgw.keyring" -l luminous1
#ansible ceph -m command -a "ceph-authtool --create-keyring /etc/ceph/ceph.client.rgw.keyring" -l luminous2
#ansible ceph -m command -a "ceph-authtool /etc/ceph/ceph.client.rgw.keyring -n client.rgw.luminous2 --gen-key" -l luminous2
#ansible ceph -m command -a "ceph-authtool -n client.rgw.luminous2 --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.rgw.keyring" -l luminous2
#ansible ceph -m command -a "ceph auth add client.rgw.luminous2 -i /etc/ceph/ceph.client.rgw.keyring" -l luminous2
#ansible ceph -m command -a "ceph-authtool --create-keyring /etc/ceph/ceph.client.rgw.keyring" -l luminous3
#ansible ceph -m command -a "ceph-authtool /etc/ceph/ceph.client.rgw.keyring -n client.rgw.luminous3 --gen-key" -l luminous3
#ansible ceph -m command -a "ceph-authtool -n client.rgw.luminous3 --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.rgw.keyring" -l luminous3
#ansible ceph -m command -a "ceph auth add client.rgw.luminous3 -i /etc/ceph/ceph.client.rgw.keyring" -l luminous3
#ansible ceph -m file -a "path=/etc/ceph/ceph.client.rgw.keyring owner=ceph group=ceph mode=0600"
编辑配置文件,如下:
[global]
fsid = e87cd2a8-3a98-4c60-b2f2-cb4f88c845a0
public_network = 192.168.30.110/24
cluster_network = 192.168.130.142/24
mon_initial_members = luminous1, luminous2, luminous3
mon_host = 192.168.30.110,192.168.30.103,192.168.30.202
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
mon_allow_pool_delete = true
[client.rgw.luminous1]
host=luminous1
keyring = /etc/ceph/ceph.client.rgw.keyring
rgw_zone=upc
log file = /var/log/ceph/client.rgw.uprgw.log
rgw frontends = civetweb port=80 num_threads=500
[client.rgw.luminous2]
host=luminous2
keyring = /etc/ceph/ceph.client.rgw.keyring
rgw_zone=upc
log file = /var/log/ceph/client.rgw.uprgw.log
rgw frontends = civetweb port=80 num_threads=500
[client.rgw.luminous3]
host=luminous3
keyring = /etc/ceph/ceph.client.rgw.keyring
rgw_zone=upc
log file = /var/log/ceph/client.rgw.uprgw.log
rgw frontends = civetweb port=80 num_threads=500
推送配置文件:
#ceph-deploy --overwrite-conf config push luminous1 luminous2 luminous3
起服务:
#ansible ceph -m command -a "systemctl start ceph-radosgw@rgw.luminous1" -l luminous1
#ansible ceph -m command -a "systemctl start ceph-radosgw@rgw.luminous2" -l luminous2
#ansible ceph -m command -a "systemctl start ceph-radosgw@rgw.luminous3" -l luminous3
测试:
创建s3用户:
#radosgw-admin user create --uid=ups3 --display-name="S3 User"
{
"user_id": "ups3",
"display_name": "S3 User",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{
"user": "ups3",
"access_key": "035WRIE70VNP1OICPPGL",
"secret_key": "F35Cd4MmsdAtolb8jQsVLtc1XjEfR7Xzjel7gP8l"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw"
}
安装s3客户端:
#yum install s3cmd -y
#s3cmd --configure
设置:
access-key =
secret-key =
host_base = 192.168.30.110
host_bucket = 192.168.30.110/%(bucket)
# s3cmd mb s3://first
Bucket 's3://first/' created
# s3cmd ls
2019-07-18 06:52 s3://first
# s3cmd put ceph.conf s3://first
upload: 'ceph.conf' -> 's3://first/ceph.conf' [1 of 1]
926 of 926 100% in 0s 26.59 kB/s done
# s3cmd del s3://first/ceph.conf
delete: 's3://first/ceph.conf'
# s3cmd rb s3://first
Bucket 's3://first/' removed
同理测试另两个网关。
以上完成rgw网关的部署。
Haproxy及Keepalived的部署
原理: 利用Haproxy实现rgw多实例的负载均衡,keepalived保证VIP的高可用,同时保证 VIP 与 Haproxy 运行在同一节点。
VIP: 192.168.130.10, Port: 443
Haproxy及Keepalived安装:
#ansible ceph -m yum -a "name=haproxy,keepalived state=installed" -l luminous1,luminous2,luminous3
系统参数设置,主要"转发"及"绑定非本地IP":
#ansible ceph -m command -a "echo ‘net.ipv4.ip_forward = 1’ >> /etc/sysctl.conf" -l luminous1,luminous2,luminous3
#ansible ceph -m command -a "echo ‘net.ipv4.ip_nonlocal_bind = 1’ >> /etc/sysctl.conf" -l luminous1,luminous2,luminous3
配置Haproxy:
#管理入口
listen admin_stats
stats enable
bind *:8000
mode http
option httplog
log global
maxconn 10
stats refresh 30s
stats uri /admin
stats realm haproxy
stats auth admin:admin
stats hide-version
stats admin if TRUE
frontend main *:443
default_backend rgw
backend rgw
balance roundrobin
server rgw1 192.168.30.110:80 check inter 2000 rise 2 fall 5
server rgw2 192.168.30.103:80 check inter 2000 rise 2 fall 5
server rgw3 192.168.30.202:80 check inter 2000 rise 2 fall 5
配置Keepalived:
- 配置 Haproxy 的启停脚本;
- 配置 VIP 及监听的网卡;
- 配置手动切花主备的配置;
防火墙:
keepalived使用的是vrrp协议,需要放开vrrp协议
#ansible ceph -m command -a "iptables -I INPUT -p vrrp -j ACCEPT" -l luminous1,luminous2,luminous3
#ansible ceph -m command -a "service iptables save" -l luminous1,luminous2,luminous3
keepalived配置项:
Master节点,keepalived.conf:
! Configuration File for keepalived
global_defs {
#注释EMAIL相关配置项
# notification_email {
# acassen@firewall.loc
# failover@firewall.loc
# sysadmin@firewall.loc
# }
# notification_email_from Alexandre.Cassen@firewall.loc
# smtp_server 192.168.200.1
# smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#配置监测脚本,用于手动切换master
vrrp_script check_keepalived {
script "/usr/bin/bash -c '[[ -f /etc/keepalived/down ]] && exit 1 || exit 0'"
interval 1
weight -20
}
#实例配置
vrrp_instance VI_1 {
state MASTER
#VIP绑定的网卡
interface eth0
#keepalived集群id
virtual_router_id 51
#主节点的优先级,用于VIP的抢占
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
#VIP
virtual_ipaddress {
192.168.30.10
}
#绑定监测脚本
track_script {
check_keepalived
}
#Haproxy服务与VIP绑定,保证VIP和Haproxy同时只在同一个节点上运行。
notify_master "/etc/keepalived/haproxy.sh start"
notify_backup "/etc/keepalived/haproxy.sh stop"
}
Backup节点,keepalived.conf:
! Configuration File for keepalived
global_defs {
# notification_email {
# acassen@firewall.loc
# failover@firewall.loc
# sysadmin@firewall.loc
# }
# notification_email_from Alexandre.Cassen@firewall.loc
# smtp_server 192.168.200.1
# smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
#节点角色
state BACKUP
#VIP绑定的网卡
interface eth1
#keepalived集群id
virtual_router_id 51
#备节点的优先级
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.30.10
}
notify_master "/etc/keepalived/haproxy.sh start"
notify_backup "/etc/keepalived/haproxy.sh stop"
}
haproxy.sh:
#!/bin/bash
case "$1" in
start)
systemctl start haproxy
;;
stop)
systemctl stop haproxy
;;
restart)
systemctl restart haproxy
;;
*)
echo "Usage:$0 start|stop|restart"
;;
esac
luminous1为master,luminous2/luminous3为backup,拷贝文件及起keepalived服务:
#ansible ceph -m copy -a "src=/root/ceph/ansible/keepalived_master.conf dest=/etc/keepalived/keepalived.conf mode=0644" -l luminous1
#ansible ceph -m copy -a "src=/root/ceph/ansible/keepalived_backup.conf dest=/etc/keepalived/keepalived.conf mode=0644" -l luminous2,luminous3
#ansible ceph -m copy -a "src=/root/ceph/ansible/haproxy.sh dest=/etc/keepalived/ mode=0755" -l luminous1,luminous2,luminous3
#ansible ceph -m command -a "systemctl start keepalived" -l luminous1,luminous2,luminous3
#ansible ceph -m command -a "systemctl enable keepalived" -l luminous1,luminous2,luminous3
测试此集群:
主节点:
#ip a
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:e6:00:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.30.110/24 brd 192.168.30.255 scope global noprefixroute dynamic eth0
valid_lft 2376sec preferred_lft 2376sec
inet 192.168.30.10/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::e88c:c9cf:9bc0:5b9f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
手动切换:
[root@luminous1 ansible]#touch /etc/keepalived/down
[root@luminous1 ansible]#ip a
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:e6:00:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.30.110/24 brd 192.168.30.255 scope global noprefixroute dynamic eth0
valid_lft 2313sec preferred_lft 2313sec
inet6 fe80::e88c:c9cf:9bc0:5b9f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@luminous1 ansible]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled; vendor preset: disabled)
Active: inactive (dead)
以上VIP已将漂移,同时此节点haproxy已经关闭
luminous3节点,VIP漂移至luminous3,同时haproxy在此节点被拉起:
[root@luminous3 ~]# ip a
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:71:dc:59 brd ff:ff:ff:ff:ff:ff
inet 192.168.30.202/24 brd 192.168.30.255 scope global noprefixroute dynamic eth1
valid_lft 2409sec preferred_lft 2409sec
inet 192.168.30.10/32 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::f7b2:702e:19da:f6c0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@luminous3 ~]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2019-07-19 15:41:22 CST; 5min ago
Main PID: 18576 (haproxy-systemd)
CGroup: /system.slice/haproxy.service
├─18576 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
├─18577 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
└─18578 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
VIP漂回,luminous1节点:
[root@luminous1 ansible]# rm -rf /etc/keepalived/down
[root@luminous1 ansible]# ip a
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:e6:00:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.30.110/24 brd 192.168.30.255 scope global noprefixroute dynamic eth0
valid_lft 3282sec preferred_lft 3282sec
inet 192.168.30.10/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::e88c:c9cf:9bc0:5b9f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
测试s3功能,更改/root/.s3cfg以下变更为VIP:
host_base = 192.168.30.10:443
host_bucket = 192.168.30.10:443/%(bucket)
测试 s3cmd 命令一切正常。
以上完成Ceph RGW高可用负载均衡方案。
网友评论