Ceph » Orchestrator

Nathan Cutler wrote:

This looks like a mistake. https://github.com/ceph/ceph/pull/31321 contains a single commit 0444025aaf559a662882abc49465b5e31a66280d and this commit is already present in octopus.

After a closer look, it looks like iSCSI gateway deployment doesn't use ceph-daemon but the issue is the same; re-labeling of /sys and/dev directories.

The following causes the tcmu and iscsi containers to fail at start.

/sys/kernel/config:z
/dev:/dev:z
/dev/log:/dev/log:z

Removing :z from those in unit.run allows both containers to start.

After a closer look, it looks like iSCSI gateway deployment doesn't use ceph-daemon

cephadm is not called "ceph-daemon" anymore: it was renamed to cephadm some time ago.

but the issue is the same; re-labeling of /sys and/dev directories.

How did you deploy your iscsi gateway, if not using cephadm?

Nathan Cutler wrote:

How did you deploy your iscsi gateway, if not using cephadm?

iSCSI gateway was deployed using the ceph orchestrator.

[ceph: root@ceph0 /]# ceph -v
ceph version 15.2.5 (2c93eff00150f0cc5f106a559557a58d3d7b6f1f) octopus (stable)

I attempted to deploy the gateway using the command line and using by applying a service text file. Both methods resulted in failure to start dues to selinux relabeling.

Using the command Line:

ceph orch iscsi apply rbd admin admin --trusted_ip_list=192.168.22.100 --placement=ceph0.cluster.internal

Using service text file:

service_type: iscsi
service_id: iscsi
placement:
  hosts:
    - ceph0.cluster.internal
spec:
  pool: rbd
  api_user: admin
  api_password: admin
  trusted_ip_list: 192.168.22.100

ceph orch apply -i /tmp/iscsi.txt