Eucalyptus Block Storage Service with Ceph RBD

Press: HP acquires Eucalyptus ūüôā

Embracing open source technology is not something new to us and here at Eucalyptus we practice this everyday. In Eucalyptus 4.1.0, we chose this beautiful commodity storage technology Ceph for our Block Storage Service. yay! While the product is under heavy development, I am happy to give update about how Ceph can be used as a block storage backend for Eucalyptus Storage Controller (SC).

First thing first, so to use Ceph as a block storage manager, we need a basic Ceph cluster deployed.¬†Apart from¬†having several automation technologies to deploy Ceph, it also has a beautiful tool called ceph-deploy. We¬†found it really¬†pleasing while¬†deploying Ceph clusters with ceph-deploy.¬†But as our requirement is to be able to deploy Ceph clusters of different sizes on-demand for testing ceph+eucalyptus setup, so we needed some automation for this. After¬†giving some thought about our use case, we decided to take the¬†a newer path which¬†would be easily maintainable for us. So, we decided to write a small chef¬†cookbook to deploy a Ceph cluster with¬†ceph-deploy, fun isn’t it? ūüėČ

 

For those who want to take a quick taste of¬†Eucalyptus and Ceph at it’s early phase here is how you do it:

To deploy using ceph-cookbook which uses ceph-deploy,

1. clone the cookbook from https://github.com/shaon/ceph-cookbook.git (tested with 1x Monitor node and 2x OSDs, should work with a large number of OSDs)

2. upload the cookbook to your Chef server

3. update the environment file and upload it to the Chef server

4. Deploy Ceph cluster using Motherbrain

mb ceph-deploy bootstrap bootstrap.json --environment ceph_cluster -v

To add Ceph cluster as block storage backend for Eucalyptus, we will need a newer kernel with RBD module support and Ceph installed on the Eucalyptus Storage Controller (SC). For this demo we will use the LT kernel from ELRepo.

yum install ceph
yum --enablerepo=elrepo-kernel install kernel-lt

You may need to reboot the host by setting up the proper default value in grub.conf.

Now on your MON node, copy ceph.conf and ceph.client.admin.keyring from /root/mycluster directory and place those into /etc/ceph/ directory of the Eucalyptus SC host.

Register Eucalyptus Storage Controller and set the <cluster>.storage.blockstoragemanager property to “ceph”, e.g

euca-modify-property -p PARTI00.storage.blockstoragemanager=ceph

At this point your Eucalyptus Storage Controller should be ready to be used with Ceph as a storage backend!

Now test your Eucalyptus SC with Ceph RBD by creating volumes and snapshots.

To check the ongoing events on your Ceph cluster, run `ceph -w` on the Monitor node.

Happy Cephing with Eucalyptus!

Even though it’s under heavy development, we will¬†love to hear your experience with¬†Ceph+Eucalyptus.

Join us at #eucalyptus on Freenode.

Update: My colleague and good friend Swathi Gangisetty pointed out that for Eucalyptus Storage Controller to be operational no newer kernel is required. Currently, for librbd, SC interacts with Ceph via JNA bindings that are packaged as jar and comes with Eucalyptus.

Clustered Riak CS with Eucalyptus Object Storage Gateway

In the last post, we have installed Riak CS on a single node. For production, a deployment of five or more nodes is required for better performance, reliability. Riak has a default three times data replication mechanism and in smaller deployment the replication requirement may not be met properly and also it may compromise the fault-tolerance ability of the cluster. Fewer nodes will have higher workloads.

According to the documentation:

If you have 3 nodes, and require all 3 to replicate, 100% of your nodes will respond to a single request. If you have 5, only 60% need respond.

In this post, we will use 5 nodes to create a Riak cluster for our Eucalyptus setup. Since we will be using Riak CS, we will be installing Riak CS in each node. We will also need a Stanchion server.

Overall, our setup will look like below:

a) 5x Riak nodes
b) 5x Riak CS nodes (one in each Riak node)
c) 1x Stanchion node
d) 1x Riak Control
e) 1x Riak CS Control
f) 1x Nginx server for load balancing between the Riak CS nodes

First we will install Riak, Riak CS on all the nodes,

yum install http://yum.basho.com/gpg/basho-release-6-1.noarch.rpm -y
yum install riak riak-cs -y

Configure Riak:

Modify the following lines from /etc/riak/app.config with the host IP address,

{pb, [ {"127.0.0.1", 8087 } ]}

{http, [ {"127.0.0.1", 8098 } ]},

Find the following line from /etc/riak/app.config and replace it with multi backend setup,

from:

{storage_backend, riak_kv_bitcask_backend},

to:

            {add_paths, ["/usr/lib64/riak-cs/lib/riak_cs-1.4.5/ebin"]},
            {storage_backend, riak_cs_kv_multi_backend},
            {multi_backend_prefix_list, [{<<"0b:">>, be_blocks}]},
            {multi_backend_default, be_default},
            {multi_backend, [
              {be_default, riak_kv_eleveldb_backend, [
                {max_open_files, 50},
                {data_root, "/var/lib/riak/leveldb"}
              ]},
              {be_blocks, riak_kv_bitcask_backend, [
                {data_root, "/var/lib/riak/bitcask"}
              ]}
            ]},

And add the following line to riak_core section in the config file,

{default_bucket_props, [{allow_mult, true}]},

Change the following line from /etc/riak/vm.args with host IP address,

-name riak@127.0.0.1

Configure Riak CS:

Modify the following lines from /etc/riak-cs/app.config with the host IP address,

{cs_ip, "127.0.0.1"},

{riak_ip, "127.0.0.1"},

{stanchion_ip, "127.0.0.1"},

We are going to have to create an admin user, modify the following line and set the value to true for now, change it back before going into production,

{anonymous_user_creation, false},

Change the following line from /etc/riak-cs/vm.args with host IP address,

-name riak@127.0.0.1

Follow the same procedure for rest of the nodes.

Configure Stanchion:

Install Stanchion in one of the servers,

yum install stanchion -y

Modify the following lines from /etc/stanchion/app.config with the host IP address,

{stanchion_ip, "127.0.0.1"},

{riak_ip, "127.0.0.1"},

Modify the following lines from /etc/stanchion/vm.args with the host IP address,

-name stanchion@127.0.0.1

Start Riak components on the server where Stanchion is installed:

riak start
riak-cs start
stanchion start

Create admin user:

curl -H 'Content-Type: application/json' \
-X POST http://10.111.5.181:8080/riak-cs/user \
--data '{"email":"admin@admin.com", "name":"admin"}'

From the output save the following two variables,

"key_id":"UMSNH00MXO57XNQ4FH05",
"key_secret":"sApGkHzUaNQ0_54BqwbiofH50qzRb4RLi7hFnQ=="

In production system, you may want to change the anonymous_user_creation settings to false after creating the admin user.

From /etc/riak-cs/app.config and /etc/stanchion/app.config change the following two values with key_id and key_secret,

{admin_key, "admin-key"},
{admin_secret, "admin-secret"},

Restart both riak-cs and stanchion.

Setting up Riak Cluster:

Now we will join all the nodes. Run the following from each node (for this guide, I kept the stanchion node’s IP constant)

riak-admin cluster join riak@<node-ip>
riak-admin cluster plan
riak-admin cluster commit

Activate Riak Control:

Modify the following lines from /etc/riak/app.config with the host IP address,

{https, [{ "127.0.0.1", 8098 }]},

Uncomment the ssl configuration and set file path as appropriate,

{ssl, [
       {certfile, "/etc/riak/cert.pem"},
       {keyfile, "/etc/riak/key.pem"}
     ]},

Follow this guideline to create self-signed certificate,
http://www.akadia.com/services/ssh_test_certificate.html

Set the following to true from riak_control section,

{enabled, false},

and set username/password,

{userlist, [{"user", "pass"}
]},

Login to the following url to access Riak Control web interface,

https://RIAK-NODE-IP:8069/admin

Riak Control
Riak Control

Install and Configure Nginx:

We will use Nginx as a load balancer between the nodes. It can be installed on any node or on an external server as well which can work as a load balancer between the Riak CS nodes.

We will be installing Riak CS Control which seems to be using HTTP 1.1 version (available from Nginx 1.1.4). So, we will be using latest stable version of Nginx on our Nginx server.

yum install http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm -y
yum install nginx -y

Nginx config file will look like this [source],

upstream riak_cs_host {
  server :8080;
  server :8080;
  server :8080;
  server :8080;
  server :8080;
  }

server {
  listen   80;
  server_name  _;
  access_log  /var/log/nginx/riak_cs.access.log;
  client_max_body_size 0;

location / {
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_redirect off;

  proxy_connect_timeout      90;
  proxy_send_timeout         90;
  proxy_read_timeout         90;
  proxy_buffer_size    128k;
  proxy_buffers     4 256k;
  proxy_busy_buffers_size 256k;
  proxy_temp_file_write_size 256k;
  proxy_http_version    1.1;

  proxy_pass http://riak_cs_host;
  }
}

Install and Configure Riak CS Control:

Run the following command to install Riak CS Control,

yum install http://s3.amazonaws.com/downloads.basho.com/riak-cs-control/1.0/1.0.2/rhel/6/riak-cs-control-1.0.2-1.el6.x86_64.rpm -y

Modify the following lines from /etc/riak-cs-control/app.config with the Nginx server’s IP address and proxy,

{cs_proxy_host, "127.0.0.1" },
{cs_proxy_port, 8080 },

Set the admin creds downloaded above in /etc/riak-cs-control/app.config file.

Riak CS Control
Riak CS Control

Configure Eucalyptus:

Now as usual, set the Riak CS property to use as Eucalyptus Object Storage Gateway’s (OSG) backend,

Update:

Instead of using Riak CS admin account since it has special admin privileges, we need to create a regular Riak CS account, via Riak CS Control or command line (like above) and use it for Eucalyptus.

euca-modify-property -p objectstorage.s3provider.s3endpoint=NGINX-IP

euca-modify-property -p objectstorage.s3provider.s3accesskey=ACCESS-KEY

euca-modify-property -p objectstorage.s3provider.s3secretkey=SECRET-KEY

Enjoy multi-clustered Riak CS with Eucalyptus!

Eucalyptus Object Storage Gateway with Riak CS

Eucalyptus 4.0 is the next major release of Eucalyptus. One of the exciting features of this release is Object Storage Gateways (OSG). It uses Riak CS as scalable storage backend. It also works with Walrus as storage backend. Object Storage Gateway first came out as tech preview in 3.4 release. To use Riak CS with OSG it is required to have an existing Riak CS setup.

In this post we will setup a minimal Riak CS setup to work with Eucalyptus OSG. For this demo I am using a Eucalyptus 4.0 setup from the currently available source from github. Here, we will be installing all the necessary Riak CS components on the same host that we are using for frontend, which is what we say a proof of concept setup and not recommended for production deployment.

eucalyptus-logo-349x83

Eucalyptus 4.0 introduces a new component Object Storage Gateway (OSG). Run the following command from Cloud Controller(CLC) to register this new component,

euca-register-object-storage-gateway --partition objectstorage --host <osg host ip address> <component name>

Most likely the OSG component status will be BROKEN at this point, until we configure Eucalyptus properties to work with Riak CS.

Riak CS installation and configuration:

riak-cs-hdr2

Riak CS is built on top of Riak, one of the most popular open source distributed database. To install basic Riak CS we will need to install Riak, Stanchion and finally Riak CS. (Riak 1.4.6, Stanchion 1.4.3, Riak 1.4.3).

Set the user limit to a higher number,

ulimit -n 65536

Install Riak CS,

yum install -y http://yum.basho.com/gpg/basho-release-6-1.noarch.rpm

yum install -y riak stanchion riak-cs

Rest of the configuration steps are very straight-forward and can be found here.

By default Riak CS uses port 8080, while Eucalyptus also uses this port for http redirect. We need to change either of the ports to resolve the port conflict and get both Riak CS and Eucalyptus running on the same host.

To modify Eucalyptus port, run the following from CLC,

euca-modify-property -p www.http_port=<port>

To modify Riak CS port, change the port from /etc/riak-cs/app.config,

{cs_port, "<port>" } ,

While installing Riak CS, we created an admin user and got a similar json output with id, key_id and key_secret. These credentials can be used to access Riak Cloud Storage like Amazon S3.

{
    "email": "admin@admin.com",
    "display_name": "admin",
    "name": "admin",
    "key_id": "BMNVZPO4ZXYAYEIFF9PG",
    "key_secret": "JXvFrTEx4eqirMGJnYZqvZiek7ZDema_1FM2CQ==",
    "id": "f181fac1f8d24fdeec39adbbbba5d13297aa6de056e1b26dc0c9e4a723cec7b2",
    "status": "enabled"
}

To use Riak CS with Eucalyptus OSG we need to modify the at least the following Eucalyptus properties,

PROPERTY	objectstorage.providerclient	s3
DESCRIPTION	objectstorage.providerclient	Object Storage Provider client to use for backend
PROPERTY	objectstorage.s3provider.s3endpoint	<riakcs_ip:port>
DESCRIPTION	objectstorage.s3provider.s3endpoint	External S3 endpoint.
PROPERTY	objectstorage.s3provider.s3accesskey	********
DESCRIPTION	objectstorage.s3provider.s3accesskey	External S3 Access Key.
PROPERTY	objectstorage.s3provider.s3secretkey	********
DESCRIPTION	objectstorage.s3provider.s3secretkey	External S3 Secret Key.

For Riak CS the objectstorage.providerclient will be s3, when using Walrus, the value for this property will be walrus.

Check this wiki link for few other optional configurable options.

Eucalyptus Object Storage Gateway (OSG) service status should be ENABLED now and ready to be used. Point your favorite S3 client to OSG and start using AWS compatible Object Storage.

You can use Eutester if you want to try out Eucalyptus 4.0 with OSG and Riak CS quickly. Setup Eutester and run the following script,

./install_riak_cs.py \
--password foobar \
--config /path/to/config \
--template-path "/templates/" \
--riak-cs-port <port> \
--admin-name <admin_user_name> \
--admin-email <admin_user_email>

The following python script can be used for quick OSG + Riak CS test,

import boto
from boto.ec2.regioninfo import RegionInfo
from boto.s3.connection import OrdinaryCallingFormat
boto_debug=2
boto.set_stream_logger('paws')

if __name__ == '__main__':

    accesskey="<access_key>"
    secretkey="<secret_key>"
    hostname="<hostname>"

    conns3osg = boto.connect_s3(aws_access_key_id=accesskey,
                              aws_secret_access_key=secretkey,
                              is_secure=False,
                              host=hostname,
                              port=8773,
                              path="/services/objectstorage",
                              calling_format=OrdinaryCallingFormat(),
                              debug=boto_debug)

    conns3osg.create_bucket('testbucket')
    conns3osg.get_bucket('testbucket')

Happy New Year Everyone!