|
本文介绍在CentOS 8/CentOS 7操作系统上安装和配置Heketi服务器的方法。Heketi提供了一个RESTful管理界面,可用于管理GlusterFS存储卷的生命周期,这使GlusterFS与OpenShift、OpenStack Manila和Kubernetes等云服务轻松集成,以进行动态卷配置。
安装Heketi的方法 可先参考:在CentOS 8/CentOS 7系统上安装GlusterFS的方法,我将使用gluster01节点运行Heketi服务,从Github发布页面(地址:https://github.com/heketi/heketi/releases)下载最新的Heketi服务器和客户端文件: curl -s https://api.github.com/repos/heketi/heketi/releases/latest \ | grep browser_download_url \ | grep linux.amd64 \ | cut -d '"' -f 4 \ | wget -qi - 提取下载的heketi文件: for i in `ls | grep heketi | grep .tar.gz`; do tar xvf $i; done 复制heketi和heketi-cli二进制软件包: sudo cp heketi/{heketi,heketi-cli} /usr/local/bin 确认它们在你的PATH中可用: $ heketi --version Heketi v9.0.0 $ heketi-cli --version heketi-cli v9.0.0
配置Heketi服务器的方法 1、添加heketi系统用户: sudo groupadd --system heketi sudo useradd -s /sbin/nologin --system -g heketi heketi 2、创建heketi配置和数据路径: sudo mkdir -p /var/lib/heketi /etc/heketi /var/log/heketi 3、将heketi配置文件复制到/etc/heketi目录: sudo cp heketi/heketi.json /etc/heketi 4、编辑Heketi配置文件: sudo vim /etc/heketi/heketi.json 设置服务端口: "port": "8080" 设置管理员并使用机密: "_jwt": "Private keys for access", "jwt": { "_admin": "Admin has access to all APIs", "admin": { "key": "ivd7dfORN7QNeKVO" }, "_user": "User only has access to /volumes endpoint", "user": { "key": "gZPgdZ8NtBNj6jfp" } }, 配置glusterfs执行器: _sshexec_comment": "SSH username and private key file information", "sshexec": { "keyfile": "/etc/heketi/heketi_key", "user": "root", "port": "22", "fstab": "/etc/fstab", ...... }, 如果你使用的不是root用户,请确保该用户具有无密码的sudo特权升级。 确认数据库路径设置正确: "_db_comment": "Database file name", "db": "/var/lib/heketi/heketi.db", }, 下面是我修改后的完整配置文件: { "_port_comment": "Heketi Server Port Number", "port": "8080", "_enable_tls_comment": "Enable TLS in Heketi Server", "enable_tls": false, "_cert_file_comment": "Path to a valid certificate file", "cert_file": "", "_key_file_comment": "Path to a valid private key file", "key_file": "", "_use_auth": "Enable JWT authorization. Please enable for deployment", "use_auth": false, "_jwt": "Private keys for access", "jwt": { "_admin": "Admin has access to all APIs", "admin": { "key": "ivd7dfORN7QNeKVO" }, "_user": "User only has access to /volumes endpoint", "user": { "key": "gZPgdZ8NtBNj6jfp" } }, "_backup_db_to_kube_secret": "Backup the heketi database to a Kubernetes secret when running in Kubernetes. Default is off.", "backup_db_to_kube_secret": false, "_profiling": "Enable go/pprof profiling on the /debug/pprof endpoints.", "profiling": false, "_glusterfs_comment": "GlusterFS Configuration", "glusterfs": { "_executor_comment": [ "Execute plugin. Possible choices: mock, ssh", "mock: This setting is used for testing and development.", " It will not send commands to any node.", "ssh: This setting will notify Heketi to ssh to the nodes.", " It will need the values in sshexec to be configured.", "kubernetes: Communicate with GlusterFS containers over", " Kubernetes exec api." ], "executor": "mock", "_sshexec_comment": "SSH username and private key file information", "sshexec": { "keyfile": "/etc/heketi/heketi_key", "user": "cloud-user", "port": "22", "fstab": "/etc/fstab" }, "_db_comment": "Database file name", "db": "/var/lib/heketi/heketi.db", "_refresh_time_monitor_gluster_nodes": "Refresh time in seconds to monitor Gluster nodes", "refresh_time_monitor_gluster_nodes": 120, "_start_time_monitor_gluster_nodes": "Start time in seconds to monitor Gluster nodes when the heketi comes up", "start_time_monitor_gluster_nodes": 10, "_loglevel_comment": [ "Set log level. Choices are:", " none, critical, error, warning, info, debug", "Default is warning" ], "loglevel" : "debug", "_auto_create_block_hosting_volume": "Creates Block Hosting volumes automatically if not found or exsisting volume exhausted", "auto_create_block_hosting_volume": true, "_block_hosting_volume_size": "New block hosting volume will be created in size mentioned, This is considered only if auto-create is enabled.", "block_hosting_volume_size": 500, "_block_hosting_volume_options": "New block hosting volume will be created with the following set of options. Removing the group gluster-block option is NOT recommended. Additional options can be added next to it separated by a comma.", "block_hosting_volume_options": "group gluster-block", "_pre_request_volume_options": "Volume options that will be applied for all volumes created. Can be overridden by volume options in volume create request.", "pre_request_volume_options": "", "_post_request_volume_options": "Volume options that will be applied for all volumes created. To be used to override volume options in volume create request.", "post_request_volume_options": "" } } 5、生成Heketi SSH密钥: sudo ssh-keygen -f /etc/heketi/heketi_key -t rsa -N '' sudo chown heketi:heketi /etc/heketi/heketi_key* 6、将生成的公钥复制到所有GlusterFS节点: for i in gluster01 gluster02 gluster03; do ssh-copy-id -i /etc/heketi/heketi_key.pub root@$i done 或者,你可以管理/etc/heketi/heketi_key.pub的内容,并将其添加到每个服务器~/.ssh/authorized_keys。 确认你可以使用Heketi私钥访问GlusterFS节点: $ ssh -i /etc/heketi/heketi_key root@gluster02 The authenticity of host 'gluster02 (10.10.1.179)' can't be established. ECDSA key fingerprint is SHA256:GXNdsSxmp2O104rPB4RmYsH73nTa5U10cw3LG22sANc. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'gluster02,10.10.1.179' (ECDSA) to the list of known hosts. Activate the web console with: systemctl enable --now cockpit.socket Last login: Tue Nov 19 20:11:32 2019 from 10.10.1.168 [root@gluster02 ~]# 7、创建系统单位文件 为Heketi创建系统单位文件: $ sudo vim /etc/systemd/system/heketi.service [Unit] Description=Heketi Server [Service] Type=simple WorkingDirectory=/var/lib/heketi EnvironmentFile=-/etc/heketi/heketi.env User=heketi ExecStart=/usr/local/bin/heketi --config=/etc/heketi/heketi.json Restart=on-failure StandardOutput=syslog StandardError=syslog [Install] WantedBy=multi-user.target 还要下载Heketi的示例环境文件: sudo wget -O /etc/heketi/heketi.env https://raw.githubusercontent.com/heketi/heketi/master/extras/systemd/heketi.env 8、设置所有目录权限: sudo chown -R heketi:heketi /var/lib/heketi /var/log/heketi /etc/heketi 9、启动Heketi服务 禁用SELinux: sudo setenforce 0 sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config 参考:在RHEL 8/CentOS 8系统中禁用SELinux的方法。 然后重新加载Systemd并启动Heketi服务: sudo systemctl daemon-reload sudo systemctl enable --now heketi 确认服务正在运行: $ systemctl status heketi
注:如上图所示,Heketi服务运行一切正常。
相关主题 |
