[no subject]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



======================================

Once we upgrade all daemons to the same image, the mon and mgr on bootstrap
node is redeployed and the auth_allow_insecure_global_id_reclaim warning
can be observed uniformly across all mons.

ceph orch upgrade start quay.io/ceph/ceph:v16.2.7

[root@hcictrl01 stack_orchestrator]# ceph orch upgrade status
{
    "target_image": null,
    "in_progress": false,
    "services_complete": [],
    "progress": null,
    "message": ""
}

[root@hcictrl01 stack_orchestrator]# ceph orch ps
NAME                         HOST       PORTS   STATUS         REFRESHED
 AGE  MEM USE  MEM LIM  VERSION  IMAGE ID      CONTAINER ID
crash.hcictrl01              hcictrl01          running (40m)     4m ago
 40m    6975k        -  16.2.7   231fd40524c4  f6f866f4be92
crash.hcictrl02              hcictrl02          running (40m)     4m ago
 40m    6975k        -  16.2.7   231fd40524c4  1cb62e191c07
crash.hcictrl03              hcictrl03          running (39m)     4m ago
 39m    6979k        -  16.2.7   231fd40524c4  3e03f99065c0
mds.cephfs.hcictrl01.vuamjy  hcictrl01          running (35m)     4m ago
 35m    15.5M        -  16.2.7   231fd40524c4  9b3aeab68115
mds.cephfs.hcictrl02.myohpi  hcictrl02          running (35m)     4m ago
 35m    16.7M        -  16.2.7   231fd40524c4  5cded1208028
mds.cephfs.hcictrl03.jziler  hcictrl03          running (35m)     4m ago
 35m    15.4M        -  16.2.7   231fd40524c4  94dccd01a123
mgr.hcictrl01.ljtznv         hcictrl01  *:8443  running (15m)     4m ago
 42m     387M        -  16.2.7   231fd40524c4  448c6fab2b98
mgr.hcictrl02.izfnvh         hcictrl02  *:8443  running (40m)     4m ago
 40m     448M        -  16.2.7   231fd40524c4  acd435a8b6b1
mgr.hcictrl03.eekrgo         hcictrl03  *:8443  running (39m)     4m ago
 39m     384M        -  16.2.7   231fd40524c4  3c241b35a3fe
mon.hcictrl01                hcictrl01          running (15m)     4m ago
 42m     123M    2048M  16.2.7   231fd40524c4  b2a8bdbd6983
mon.hcictrl02                hcictrl02          running (40m)     4m ago
 40m     135M    2048M  16.2.7   231fd40524c4  4941ee015e75
mon.hcictrl03                hcictrl03          running (39m)     4m ago
 39m     128M    2048M  16.2.7   231fd40524c4  150cb8e9d25d
osd.0                        hcictrl02          running (39m)     4m ago
 39m    66.4M    1536M  16.2.7   231fd40524c4  9dc98cc6ba3d
osd.1                        hcictrl02          running (39m)     4m ago
 39m    69.2M    1536M  16.2.7   231fd40524c4  62caab356b02
osd.2                        hcictrl02          running (38m)     4m ago
 38m    88.7M    1536M  16.2.7   231fd40524c4  38ea17598fa5
osd.3                        hcictrl01          running (38m)     4m ago
 38m    72.1M    1536M  16.2.7   231fd40524c4  03284b111258
osd.4                        hcictrl01          running (37m)     4m ago
 37m    67.3M    1536M  16.2.7   231fd40524c4  3e3315fbb46a
osd.5                        hcictrl01          running (37m)     4m ago
 37m    87.5M    1536M  16.2.7   231fd40524c4  1f90169412a5
osd.6                        hcictrl03          running (36m)     4m ago
 36m    74.4M    1536M  16.2.7   231fd40524c4  d26811c0c9fc
osd.7                        hcictrl03          running (36m)     4m ago
 36m    98.8M    1536M  16.2.7   231fd40524c4  1ce10dcfa6ca
rgw.rgw.hcictrl01.ceruvj     hcictrl01  *:7480  running (35m)     4m ago
 35m    52.1M        -  16.2.7   231fd40524c4  c2c45767cda5
rgw.rgw.hcictrl02.pzgwht     hcictrl02  *:7480  running (35m)     4m ago
 35m    52.1M        -  16.2.7   231fd40524c4  461c0869e559
rgw.rgw.hcictrl03.ryrptr     hcictrl03  *:7480  running (35m)     4m ago
 35m    54.4M        -  16.2.7   231fd40524c4  8fac107de350


[root@hcictrl01 stack_orchestrator]# ceph config dump | grep -i image
global                                     basic     container_image

quay.io/ceph/ceph@sha256:ac9f32e9a27ded104c2ed64ddbe112d67a461edafb6a7a53525e72fc69df759e
 *

[root@hcictrl01 stack_orchestrator]# ceph health detail
HEALTH_WARN mons are allowing insecure global_id reclaim
[WRN] AUTH_INSECURE_GLOBAL_ID_RECLAIM_ALLOWED: mons are allowing insecure
global_id reclaim
    mon.hcictrl01 has auth_allow_insecure_global_id_reclaim set to true
    mon.hcictrl02 has auth_allow_insecure_global_id_reclaim set to true
    mon.hcictrl03 has auth_allow_insecure_global_id_reclaim set to true

container on bootstrap node:(image name is uniform across all dameons)

[root@hcictrl01 stack_orchestrator]# podman ps
CONTAINER ID  IMAGE
                             COMMAND               CREATED         STATUS
          PORTS       NAMES
f6f866f4be92
quay.io/ceph/ceph@sha256:ac9f32e9a27ded104c2ed64ddbe112d67a461edafb6a7a53525e72fc69df759e
 -n client.crash.h...  43 minutes ago  Up 43 minutes ago
 ceph-c5aa753a-8422-11ec-b231-0015171590ba-crash-hcictrl01
03284b111258
quay.io/ceph/ceph@sha256:ac9f32e9a27ded104c2ed64ddbe112d67a461edafb6a7a53525e72fc69df759e
 -n osd.3 -f --set...  41 minutes ago  Up 41 minutes ago
 ceph-c5aa753a-8422-11ec-b231-0015171590ba-osd-3
3e3315fbb46a
quay.io/ceph/ceph@sha256:ac9f32e9a27ded104c2ed64ddbe112d67a461edafb6a7a53525e72fc69df759e
 -n osd.4 -f --set...  40 minutes ago  Up 40 minutes ago
 ceph-c5aa753a-8422-11ec-b231-0015171590ba-osd-4
1f90169412a5
quay.io/ceph/ceph@sha256:ac9f32e9a27ded104c2ed64ddbe112d67a461edafb6a7a53525e72fc69df759e
 -n osd.5 -f --set...  40 minutes ago  Up 40 minutes ago
 ceph-c5aa753a-8422-11ec-b231-0015171590ba-osd-5
9b3aeab68115
quay.io/ceph/ceph@sha256:ac9f32e9a27ded104c2ed64ddbe112d67a461edafb6a7a53525e72fc69df759e
 -n mds.cephfs.hci...  38 minutes ago  Up 38 minutes ago
 ceph-c5aa753a-8422-11ec-b231-0015171590ba-mds-cephfs-hcictrl01-vuamjy
c2c45767cda5
quay.io/ceph/ceph@sha256:ac9f32e9a27ded104c2ed64ddbe112d67a461edafb6a7a53525e72fc69df759e
 -n client.rgw.rgw...  38 minutes ago  Up 38 minutes ago
 ceph-c5aa753a-8422-11ec-b231-0015171590ba-rgw-rgw-hcictrl01-ceruvj
448c6fab2b98
quay.io/ceph/ceph@sha256:ac9f32e9a27ded104c2ed64ddbe112d67a461edafb6a7a53525e72fc69df759e
 -n mgr.hcictrl01....  18 minutes ago  Up 18 minutes ago
 ceph-c5aa753a-8422-11ec-b231-0015171590ba-mgr-hcictrl01-ljtznv
b2a8bdbd6983
quay.io/ceph/ceph@sha256:ac9f32e9a27ded104c2ed64ddbe112d67a461edafb6a7a53525e72fc69df759e
 -n mon.hcictrl01 ...  18 minutes ago  Up 18 minutes ago
 ceph-c5aa753a-8422-11ec-b231-0015171590ba-mon-hcictrl01

So, we are confused on the container image usage in an ideal ceph cluster;
whether there should be two images, both images should be the same or not,
should we run the 'upgrade' ideally on cluster creations ? etc..

Please mind the length of the response.

Thanks in advance.

Thanks and Regards,
Arun Vinod


On Tue, 1 Feb 2022 at 14:48, Arun Vinod <arunvinod.tech@xxxxxxxxx> wrote:

> Hi Adam,
>
> Thanks for replying.
>
> I have tried the "ceph orch upgrade start <image-name>" as a workaround
> and it works as expected. All the daemons are recreated with the stable
> version of the image. However, it still requires an initial fetch of the
> latest-pacific-devel image and creation of daemons with that.
>
> Also,  cephadm bootstrap was not allowing --image option, so in order to
> specify the image name I have updated the value of DEFAULT_IMAGE  in the
> cephadm script  (/usr/bin/cephadm) as follows
>
> DEFAULT_IMAGE = 'quay.io/ceph/ceph:v16.2.7
>
> I have attached two logs along with this email, first one is the cephadm
> log from the bootstrap node and the second one is from the second host
> after adding it to the cluster.
>
> bootstrap command  used:
> *sudo cephadm bootstrap --skip-monitoring-stack --mon-ip *.*.*.*
> --cluster-network *.*.*.*/24 --ssh-user ceph_user --ssh-private-key
> /home/ceph_user/.ssh/id_rsa --ssh-public-key
> /home/ceph_user/.ssh/id_rsa.pub --config
> /home/ceph_user/ceph_bootstrap/ceph.conf  --no-minimize-config*
>
> containers in bootstrap host:
> [root@hcictrl01 ~]# podman ps -a --format "{{.Image}} {{.Command}}
> {{.Names}}"
> quay.io/ceph/ceph:v16.2.7 -n mon.hcictrl01 ...
> ceph-6eaf15d8-8332-11ec-b820-0015171590ba-mon-hcictrl01
> quay.io/ceph/ceph:v16.2.7 -n mgr.hcictrl01....
> ceph-6eaf15d8-8332-11ec-b820-0015171590ba-mgr-hcictrl01-vmdxbg
> docker.io/ceph/daemon-base:latest-pacific-devel -n client.crash.h...
> ceph-6eaf15d8-8332-11ec-b820-0015171590ba-crash-hcictrl01
>
> host add command used:
> *ceph orch host add hcictrl02 *.*.*.* --labels _admin*
>
> containers in second host:
> [root@hcictrl02 ~]# podman ps -a --format "{{.Image}} {{.Command}}
> {{.Names}}"
> docker.io/ceph/daemon-base:latest-pacific-devel -n client.crash.h...
> ceph-6eaf15d8-8332-11ec-b820-0015171590ba-crash-hcictrl02
> docker.io/ceph/daemon-base:latest-pacific-devel -n mgr.hcictrl02....
> ceph-6eaf15d8-8332-11ec-b820-0015171590ba-mgr-hcictrl02-xfbcwn
> docker.io/ceph/daemon-base:latest-pacific-devel -n mon.hcictrl02 ...
> ceph-6eaf15d8-8332-11ec-b820-0015171590ba-mon-hcictrl02
>
>
> However, does the following line have anything to do with this behaviour
> of cephadm?
>
> https://github.com/ceph/ceph/blob/v16.2.7/src/common/options.cc#L459
>
> [root@hcictrl01 ~]# ceph-conf -D | grep -i container_image
>
> container_image = docker.io/ceph/daemon-base:latest-pacific-devel
>
>
> Thanks and Regards,
> Arun Vinod
>
>
>
> On Mon, 31 Jan 2022 at 22:25, Adam King <adking@xxxxxxxxxx> wrote:
>
>> Hi Arun,
>>
>> Not sure exactly how things got this way. When you provide "--image
>> <image-name>" when bootstrapping that should set the image to be used for
>> all ceph containers. I've never seen just the bootstrap mgr/mon get a
>> totally different image. Would be interesting to maybe see the full
>> bootstrap output here as this issue is new to me.
>>
>> As for resolving the issue, you should be able to use the upgrade
>> procedure to get all the containers on the right image. Just "ceph orch
>> upgrade start <image-name>" then just keep checking "ceph orch upgrade
>> status" until it no longer says it's in progress. That should get all the
>> ceph daemons on whatever image it is you specify in the upgrade start
>> command and cause future ceph daemons to be deployed with that image as
>> well.
>>
>> - Adam King
>>
>> On Mon, Jan 31, 2022 at 10:08 AM Arun Vinod <arunvinod.tech@xxxxxxxxx>
>> wrote:
>>
>>> Hi All,
>>>
>>> How can change the default behaviour of cepham to use stable container
>>> images instead of default latest/devel images.
>>>
>>> By default when we try to bootstrap a cluster and add two additional
>>> hosts
>>> after bootstrap finished, dameons are created on two container images.
>>> Which are, *quay.io/ceph/ceph:v16 <http://quay.io/ceph/ceph:v16>* and
>>> *docker.io/ceph/daemon-base:latest-pacific-devel
>>> <http://docker.io/ceph/daemon-base:latest-pacific-devel>*.
>>>
>>> The ceph:v16 image from quay.io is stable but the second image from
>>> docker.io is not , due to the latest/devel tags which are basically
>>> untested images according to ceph.
>>>
>>> How can we specify cephadm to use a stable version of image for
>>> *daemon-base.*
>>>
>>> The following is the final list of containers created on the cluster
>>> after
>>> bootstrap is finished and another host added. Here the mon, mgr daemons
>>> on
>>> both hosts are running on different container image. Most importantly,
>>> most
>>> of the containers are running on latest-pacific-devel containers, which
>>> is
>>> not apt for a production cluster.
>>>
>>> In bootstrap node:
>>> CONTAINER ID  IMAGE                                            COMMAND
>>>           CREATED      STATUS          PORTS       NAMES
>>> afeb6f92deb2  quay.io/ceph/ceph:v16.2.7                        -n
>>> mon.hcictrl01 ...  4 hours ago  Up 4 hours ago
>>>  ceph-e8200504-8287-11ec-a14f-0015171590ba-mon-hcictrl01
>>> c43d48766a08  quay.io/ceph/ceph:v16.2.7                        -n
>>> mgr.hcictrl01....  4 hours ago  Up 4 hours ago
>>>  ceph-e8200504-8287-11ec-a14f-0015171590ba-mgr-hcictrl01-rmosyh
>>> d70cea0fd561  docker.io/ceph/daemon-base:latest-pacific-devel  -n
>>> client.crash.h...  4 hours ago  Up 4 hours ago
>>>  ceph-e8200504-8287-11ec-a14f-0015171590ba-crash-hcictrl01
>>>
>>> In rest of the nodes:
>>> CONTAINER ID  IMAGE                                            COMMAND
>>>           CREATED        STATUS            PORTS       NAMES
>>> d816ee470753  docker.io/ceph/daemon-base:latest-pacific-devel  -n
>>> client.crash.h...  6 minutes ago  Up 6 minutes ago
>>>  ceph-e8200504-8287-11ec-a14f-0015171590ba-crash-hcictrl02
>>> dde4646f4819  docker.io/ceph/daemon-base:latest-pacific-devel  -n
>>> mgr.hcictrl02....  6 minutes ago  Up 6 minutes ago
>>>  ceph-e8200504-8287-11ec-a14f-0015171590ba-mgr-hcictrl02-hfhapx
>>> 12191a039525  docker.io/ceph/daemon-base:latest-pacific-devel  -n
>>> mon.hcictrl02 ...  6 minutes ago  Up 6 minutes ago
>>>  ceph-e8200504-8287-11ec-a14f-0015171590ba-mon-hcictrl02
>>>
>>> Can someone help to explain how cepham chooses this default image or any
>>> workaround to choose a specific image instead of devel images.
>>>
>>> Thanks in advance.
>>> _______________________________________________
>>> ceph-users mailing list -- ceph-users@xxxxxxx
>>> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>>>
>>>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux