Page MenuHomePhabricator
Create Task
Maniphest T330149

Deploy ceph mon and mgr processes to data-engineering cluster
Closed, ResolvedPublic
Actions

Description

We have now acquired the Ceph servers identified in T310195: Ceph Data Infrastructure Request and they have been racked in the task {T311869}

This is the 5th subtask in EPIC T324660

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Remove the specified location of the mon keysoperations/puppetproduction+0 -5
Correct an error in the location of the ceph mon and mgr keyringsoperations/puppetproduction+10 -10
Update the location of the mgr and mon keyrings for the new ceph clusteroperations/puppetproduction+15 -0
Fix the srange format for the ceph servers srangeoperations/puppetproduction+3 -3
Fix an error with the ceph::server::firewall profile.operations/puppetproduction+1 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

JArguello-WMF created this task.Feb 21 2023, 1:19 PM
JArguello-WMF removed a project: Shared-Data-Infrastructure.Feb 21 2023, 1:21 PM
JArguello-WMF added a project: Shared-Data-Infrastructure (2022-23 Q4 Wrap up).
JArguello-WMF moved this task from Backlog to Shared Data Infra on the Data-Engineering-Planning board.
JArguello-WMF edited projects, added: Shared-Data-Infrastructure; removed: Shared-Data-Infrastructure (2022-23 Q4 Wrap up).
JArguello-WMF edited projects, added: Shared-Data-Infrastructure (2022-23 Q4 Wrap up); removed: Shared-Data-Infrastructure.Feb 21 2023, 1:24 PM
BTullis triaged this task as High priority.Mar 14 2023, 4:07 PM
BTullis moved this task from Next Up to In Progress on the Shared-Data-Infrastructure (2022-23 Q4 Wrap up) board.

We have deployed the profiles in T328123: Create puppet profiles for the new ceph cluster so this in in progress while we bootstrap the cluster.

gerritbot added a comment.Mar 14 2023, 4:28 PM

Change 898803 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/puppet@production] Fix an error with the ceph::server::firewall profile.

https://gerrit.wikimedia.org/r/898803

gerritbot added a project: Patch-For-Review.Mar 14 2023, 4:28 PM
gerritbot added a comment.Mar 14 2023, 4:34 PM

Change 898803 merged by Btullis:

[operations/puppet@production] Fix an error with the ceph::server::firewall profile.

https://gerrit.wikimedia.org/r/898803

Maintenance_bot removed a project: Patch-For-Review.Mar 14 2023, 5:10 PM
gerritbot added a comment.Mar 14 2023, 6:10 PM

Change 898819 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/puppet@production] Fix the srange format for the ceph servers srange

https://gerrit.wikimedia.org/r/898819

gerritbot added a project: Patch-For-Review.Mar 14 2023, 6:10 PM
gerritbot added a comment.Mar 14 2023, 6:27 PM

Change 898819 merged by Btullis:

[operations/puppet@production] Fix the srange format for the ceph servers srange

https://gerrit.wikimedia.org/r/898819

Maintenance_bot removed a project: Patch-For-Review.Mar 14 2023, 6:30 PM
BTullis added a comment.Mar 16 2023, 9:58 AM

I have created the initial monmap for bootstrapping the cluster with the following command.

btullis@cephosd1001:~$ monmaptool --create --fsid 6d4278e1-ea45-4d29-86fe-85b44c150813 --add cephosd1001 10.64.130.13 --add cephosd1002 10.64.131.21 --add cephosd1003 10.64.132.23 --add cephosd1004 10.64.134.12 --add cephosd1005 10.64.135.21 --enable-all-features --set-min-mon-release quincy monmap
monmaptool: monmap file monmap
setting min_mon_release = quincy
monmaptool: set fsid to 6d4278e1-ea45-4d29-86fe-85b44c150813
monmaptool: writing epoch 0 to monmap (5 monitors)

This is a binary file, but we can validate its contents with:

btullis@cephosd1001:~$ monmaptool --print monmap
monmaptool: monmap file monmap
epoch 0
fsid 6d4278e1-ea45-4d29-86fe-85b44c150813
last_changed 2023-03-16T09:56:13.788886+0000
created 2023-03-16T09:56:13.788886+0000
min_mon_release 17 (quincy)
election_strategy: 1
0: [v2:10.64.130.13:3300/0,v1:10.64.130.13:6789/0] mon.cephosd1001
1: [v2:10.64.131.21:3300/0,v1:10.64.131.21:6789/0] mon.cephosd1002
2: [v2:10.64.132.23:3300/0,v1:10.64.132.23:6789/0] mon.cephosd1003
3: [v2:10.64.134.12:3300/0,v1:10.64.134.12:6789/0] mon.cephosd1004
4: [v2:10.64.135.21:3300/0,v1:10.64.135.21:6789/0] mon.cephosd1005
BTullis added a comment.Mar 17 2023, 12:45 PM

The monitor processes are now running.

btullis@cephosd1001:~$ sudo ceph -s
  cluster:
    id:     6d4278e1-ea45-4d29-86fe-85b44c150813
    health: HEALTH_WARN
            mons are allowing insecure global_id reclaim
 
  services:
    mon: 5 daemons, quorum cephosd1001,cephosd1002,cephosd1003,cephosd1004,cephosd1005 (age 24s)
    mgr: no daemons active
    osd: 0 osds: 0 up, 0 in
 
  data:
    pools:   0 pools, 0 pgs
    objects: 0 objects, 0 B
    usage:   0 B used, 0 B / 0 B avail
    pgs:

The bootstrapping process was a little more manual than I would like and the documentation a little scattered.
I followed the steps outlined here:

https://docs.ceph.com/en/quincy/dev/mon-bootstrap/
https://docs.ceph.com/en/quincy/install/manual-deployment/
https://docs.ceph.com/en/latest/man/8/monmaptool/

What was confusing is that puppet attempts to create keyrings for each monitor:
https://github.com/wikimedia/operations-puppet/blob/production/hieradata/role/common/ceph/server.yaml#L7-L21
e.g.

mon.cephosd1001:
  caps:
    mon: allow *
mon.cephosd1002:
  caps:
    mon: allow *

However, when attempting to use these individual keys with the commands to bootstrap the cluster, the first mon process would work but all subsequent versions would not work.

I reverted to using the instructions from the manual installation, which instead refer to creating a single key for mon. like this:

sudo ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'

I checked the cloudceph cluster and verified that indeed the contents of each mon server's /var/lib/ceph/mon/ceph-$hostname/keyring are in fact a key named mon. and they are identical across all monitor modes.

Once I did that I was able to use the generated ceph.client.admin.keyring with:

sudo ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring

I created an initial monmap with:

monmaptool --create --fsid 6d4278e1-ea45-4d29-86fe-85b44c150813 --add cephosd1001 10.64.130.13 --add cephosd1002 10.64.131.21 --add cephosd1003 10.64.132.23 --add cephosd1004 10.64.134.12 --add cephosd1005 10.64.135.21 --enable-all-features --set-min-mon-release quincy monmap

Then I used this monmap with the ceph-mon bootstrap command on each of the five servers.

sudo -u ceph ceph-mon --mkfs -i cephosd1001 --monmap monmap --keyring /tmp/ceph.mon.keyring

Then I was able to start the ceph-mon service on each server with:

sudo systemctl start ceph-mon@cephosd1001.service
BTullis renamed this task from Deploy ceph mon processes to data-engineering cluster to Deploy ceph mon and mgr processes to data-engineering cluster.Mar 17 2023, 4:20 PM
gerritbot added a comment.Mar 17 2023, 4:20 PM

Change 900694 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/puppet@production] Update the location of the mgr and mon keyrings for the new ceph cluster

https://gerrit.wikimedia.org/r/900694

gerritbot added a project: Patch-For-Review.Mar 17 2023, 4:20 PM
gerritbot added a comment.Mar 17 2023, 4:26 PM

Change 900694 merged by Btullis:

[operations/puppet@production] Update the location of the mgr and mon keyrings for the new ceph cluster

https://gerrit.wikimedia.org/r/900694

Maintenance_bot removed a project: Patch-For-Review.Mar 17 2023, 4:30 PM
gerritbot added a comment.Mar 17 2023, 4:41 PM

Change 900697 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/puppet@production] Correct an error in the location of the ceph mon and mgr keyrings

https://gerrit.wikimedia.org/r/900697

gerritbot added a project: Patch-For-Review.Mar 17 2023, 4:41 PM
gerritbot added a comment.Mar 17 2023, 4:44 PM

Change 900697 merged by Btullis:

[operations/puppet@production] Correct an error in the location of the ceph mon and mgr keyrings

https://gerrit.wikimedia.org/r/900697

gerritbot added a comment.Mar 17 2023, 5:02 PM

Change 900699 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/puppet@production] Remove the specified location of the mon keys

https://gerrit.wikimedia.org/r/900699

gerritbot added a comment.Mar 17 2023, 5:05 PM

Change 900699 merged by Btullis:

[operations/puppet@production] Remove the specified location of the mon keys

https://gerrit.wikimedia.org/r/900699

Maintenance_bot removed a project: Patch-For-Review.Mar 17 2023, 5:10 PM
BTullis mentioned this in T332987: Review and fix any bugs found in the automated bootstrap process for a ceph mon/mgr server.Mar 24 2023, 12:45 PM
BTullis moved this task from In Progress to Done on the Shared-Data-Infrastructure (2022-23 Q4 Wrap up) board.Mar 24 2023, 5:27 PM

These mon and mgr daemons are now deployed to the cluster.

btullis@cephosd1001:~$ sudo ceph -s
  cluster:
    id:     6d4278e1-ea45-4d29-86fe-85b44c150813
    health: HEALTH_WARN
            28 daemons have recently crashed
            OSD count 0 < osd_pool_default_size 3
 
  services:
    mon: 5 daemons, quorum cephosd1001,cephosd1002,cephosd1003,cephosd1004,cephosd1005 (age 24h)
    mgr: cephosd1001(active, since 25h), standbys: cephosd1005, cephosd1002, cephosd1003, cephosd1004
    osd: 0 osds: 0 up, 0 in
 
  data:
    pools:   0 pools, 0 pgs
    objects: 0 objects, 0 B
    usage:   0 B used, 0 B / 0 B avail
    pgs:

There is still a potential issue with the bootstrapping process, which I have tried to outline in T332987: Review and fix any bugs found in the automated bootstrap process for a ceph mon/mgr server.
I believe that before we promote this cluster to production we will want to try to identify and fix any of these bugs and reimage at least one, or possibly all nodes in the cluster.

Nevertheless, I believe that we can call this ticket done.

JArguello-WMF closed this task as Resolved.Mar 31 2023, 1:41 PM
BTullis mentioned this in T374923: Bring cephosd200[1-3] into service as a new cluster in codfw.Jul 9 2025, 11:54 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits