Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!
Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly MCC). This means everything you need is in one place. The separate MCC documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.
Manage Ceph RBD or CephFS clients¶
Warning
This procedure is valid for MOSK clusters that use the MiraCeph custom
resource (CR), which is available since MOSK 25.2 to replace the deprecated
KaaSCephCluster. For the equivalent procedure with the KaaSCephCluster
CR, refer to the following section:
The MiraCeph resource allows managing custom Ceph RADOS Block Device (RBD)
or Ceph File System (CephFS) clients. This section describes how to create,
access, and remove Ceph RBD or CephFS clients.
For all supported parameters of Ceph clients, refer to Clients parameters.
Create an RBD or CephFS client¶
Edit the
MiraCephresource by adding a new Ceph client to thespecsection:kubectl -n ceph-lcm-mirantis edit miraceph
Example of adding an RBD client to the
kubernetes-ssdpool:spec: clients: - name: rbd-client caps: mon: allow r, allow command "osd blacklist" osd: profile rbd pool=kubernetes-ssd
Example of adding a CephFS client to the
cephfs-1Ceph File System:spec: clients: - name: cephfs-1-client caps: mds: allow rwp mon: allow r, allow command "osd blacklist" osd: allow rw tag cephfs data=cephfs-1 metadata=*
For details about
caps, refer to Ceph documentation: Authorization (capabilities).Note
Ceph supports only providing of client access to the whole Ceph File System with all data pools in it.
Wait for created clients to become ready in the
MiraCephHealthstatus:kubectl -n ceph-lcm-mirantis get mchealth -o yaml
Example output:
status: fullClusterInfo: blockStorageStatus: clientsStatus: rbd-client: present: true status: Ready cephfs-1-client: present: true status: Ready
Access data using an RBD or CephFS client¶
Using the
MiraCephSecretstatus, obtainsecretInfowith the Ceph client credentials :kubectl -n ceph-lcm-mirantis get mcsecret -o yaml
Example output:
status: secretInfo: clientSecrets: - name: rbd-client secretName: rook-ceph-client-rbd-client secretNamespace: rook-ceph - name: cephfs-1-client secretName: rook-ceph-client-cephfs-1-client secretNamespace: rook-ceph
Use
secretNameandsecretNamespaceto access the Ceph client credentials from a MOSK cluster:kubectl -n <secretNamespace> get secret <secretName> -o jsonpath='{.data.<clientName>}' | base64 -d; echo
Substitute the following parameters:
<secretNamespace>withsecretNamespacefrom the previous step<secretName>withsecretNamefrom the previous step<clientName>with the Ceph RBD or CephFS client name set inspec.clientstheMiraCephresource, for example,rbd-client
Example output:
AQAGHDNjxWYXJhAAjafCn3EtC6KgzgI1x4XDlg==
Using the obtained credentials, create two configuration files on the required workloads to connect them with Ceph pools or file systems:
/etc/ceph/ceph.conf:[default] mon_host = <mon1IP>:6789,<mon2IP>:6789,...,<monNIP>:6789
where
mon_hostare the comma-separated IP addresses with6789ports of the current Ceph Monitors. For example,10.10.0.145:6789,10.10.0.153:6789,10.10.0.235:6789./etc/ceph/ceph.client.<clientName>.keyring:[client.<clientName>] key = <cephClientCredentials>
<clientName>is a client name set inspec.clientsof theMiraCephresource. For example,rbd-client.<cephClientCredentials>are the client credentials obtained in the previous steps. For example,AQAGHDNjxWYXJhAAjafCn3EtC6KgzgI1x4XDlg==.
If the client
capsparameters containmon: allow r, verify the client access using the following command:ceph -n client.<clientName> -s
Remove an RBD or CephFS client¶
Edit the
MiraCephresource by removing the Ceph client fromspec.clients:kubectl -n ceph-lcm-mirantis edit miraceph
Wait for the client to be removed from the
MiraCephHealthstatus instatus.fullClusterInfo.blockStorageStatus.clientsStatus:kubectl -n ceph-lcm-mirantis get mchealth -o yaml