ceph-ansible
ceph-ansible copied to clipboard
ceph
dashboard_frontend_vip: not working at all
- added below config in the all.yml
# Dashboards
dashboard_enabled: True
dashboard_admin_password: passw0rd
grafana_admin_password: passw0rd
dashboard_frontend_vip: '192.168.20.99'
- Inventory files
root@spare:~/ceph-ansible# cat inventory
[mons]
192.168.20.2
192.168.20.3
192.168.20.4
[mgrs]
192.168.20.2
192.168.20.3
192.168.20.4
[osds]
192.168.20.5
192.168.20.6
192.168.20.7
#[rgw]
#192.168.20.8
#192.168.20.9
[monitoring]
192.168.20.10
192.168.20.11
Expectations
- VIP 192.168.20.99 should get configured on any one of the monitoring node.
- VIP address not found on the node
- Try to ping this ip 192.168.20.99
root@spare:~/ceph-ansible# ping 192.168.20.99
PING 192.168.20.99 (192.168.20.99) 56(84) bytes of data.
From 192.168.20.1 icmp_seq=1 Destination Host Unreachable
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.20.99 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4089ms
pipe 3
root@spare:~/ceph-ansible#
Environment:
- OS (e.g. from /etc/os-release):
root@root-ceph-mon-node-0:~# cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.6 LTS"
NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.6 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
root@root-ceph-mon-node-0:~#
- Kernel (e.g.
uname -a):
root@root-ceph-mon-node-0:~# uname -a
Linux root-ceph-mon-node-0 5.4.0-173-generic #191-Ubuntu SMP Fri Feb 2 13:55:07 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
root@root-ceph-mon-node-0:~#
- Docker version if applicable (e.g.
docker version): NA
Ansible version (e.g. ansible-playbook --version):
(pacific) root@spare:~/ceph-ansible# ansible --version
ansible 2.10.17
config file = /root/ceph-ansible/ansible.cfg
configured module search path = ['/root/ceph-ansible/library']
ansible python module location = /root/pacific/lib/python3.10/site-packages/ansible
executable location = /root/pacific/bin/ansible
python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0]
(pacific) root@spare:~/ceph-ansible#
- ceph-ansible version (e.g.
git head or tag or stable branch):
(pacific) root@spare:~/ceph-ansible# git branch
* (HEAD detached at origin/stable-6.0)
main
(pacific) root@spare:~/ceph-ansible#
- Ceph version (e.g.
ceph -v):
root@root-ceph-mon-node-0:~# ceph --version
ceph version 16.2.15 (618f440892089921c3e944a991122ddc44e60516) pacific (stable)
root@root-ceph-mon-node-0:~#
@NileshChandekar that's a bit confusing:
(pacific) root@spare:~/ceph-ansible# git branch
* (HEAD detached at origin/stable-6.0)
main
(pacific) root@spare:~/ceph-ansible#
are you deploying Ceph pacific with main ?
in any case, I think your assumption :
VIP 192.168.20.99 should get configured on any one of the monitoring node.
is wrong, ceph-ansible won't configure the VIP for you. As far as I know, it has to be configured prior to running the playbook.
- @guits I am deploying stable 6.0 which is pacific,
- OK, so if ceph-ansible is not configured it for us then we should have this below network on all the nodes where the dashboard is running mainly on the MON nodes, before run,
# Binnd the External VIP
auto br-host:0
iface br-host:0 inet static
address 192.168.20.99
netmask 255.255.255.255
-
I am also thinking to instead of this I can use my existing haproxy+keepalived nodes for LB+HA.
-
Planning to extend my haproxy nodes to get use with dashboard.
/etc/haproxy/haproxy.cfg
global
log stdout format raw local0
maxconn 2048
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
frontend https-in
bind *:443 ssl crt /etc/haproxy/certs/example.com.pem
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
default_backend servers
backend servers
balance roundrobin
server server1 192.168.20.2:8443 check
server server2 192.168.20.3:8443 check
server server2 192.168.20.4:8443 check
/etc/keepalived/keepalived.conf
global_defs {
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface enp1s0
virtual_router_id 51
priority 101
authentication {
auth_type PASS
auth_pass password
}
virtual_ipaddress {
192.168.20.99/24
}
track_script {
chk_haproxy
}
}
that seems correct, let me know how it goes @NileshChandekar
@guits Yup Yup, working.
Haproxy+keepalived doing the job.
Here is the working config
this is without ssl/tls , i will next test ssl/tls
global
log stdout format raw local0
maxconn 2048
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
daemon
defaults
mode http
timeout client 5s
timeout connect 5s
timeout server 5s
timeout http-request 5s
frontend http-in
bind *:8090
default_backend servers
frontend http-rgw
bind *:8080
default_backend rgw
backend servers
option httpchk
http-check expect status 200
server server1 192.168.20.2:7443 check
server server2 192.168.20.3:7443 check
server server3 192.168.20.4:7443 check
backend rgw
server server1 192.168.20.8:8080
server server2 192.168.20.9:8080
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in a week if no further activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically closed due to inactivity. Please re-open if this still requires investigation.