Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Enterprise Storage 5.5 (SES 5 & SES 5.5)

17 openATTIC Edit source

Tip
Tip: Calamari Removed

Calamari used to be the preferred Web UI application for managing and monitoring the Ceph cluster. Since SUSE Enterprise Storage 5.5, Calamari has been removed in favor of the more advanced openATTIC.

openATTIC is a central storage management system which supports Ceph storage cluster. With openATTIC, you can control everything from a central management interface. It is no longer necessary to be familiar with the inner workings of the Ceph storage tools. Cluster management tasks can be carried out either by using openATTIC's intuitive Web interface, or via its REST API.

17.1 openATTIC Deployment and Configuration Edit source

This section introduces steps to deploy and configure openATTIC and its supported features so that you can administer your Ceph cluster using a user-friendly Web interface.

17.1.1 Enabling Secure Access to openATTIC using SSL Edit source

Access to the openATTIC Web application uses non-secure HTTP protocol by default. To enable secure access to openATTIC, you need to configure the Apache Web server manually:

  1. If you do not have an SSL certificate signed by a well known certificate authority (CA), create a self-signed SSL certificate and copy its files to the directory where the Web server expects it, for example:

    root # openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 \
     -keyout key.pem -out cert.pem
    root # cp cert.pem /etc/ssl/certs/servercert.pem
    root # cp key.pem /etc/ssl/certs/serverkey.pem

    Refer to https://documentation.suse.com/sles/12-SP5/single-html/SLES-admin/#sec-apache2-ssl for more details on creating SSL certificates.

  2. Add 'SSL' to the APACHE_SERVER_FLAGS option in the /etc/sysconfig/apache2 configuration file. You can do it manually, or run the following commands:

    root # a2enmod ssl
    root # a2enflag SSL
  3. Create /etc/apache2/vhosts.d/vhost-ssl.conf for a new Apache virtual host with the following content:

    <IfDefine SSL>
    <IfDefine !NOSSL>
    <VirtualHost *:80>
     ServerName OA_HOST_NAME
     Redirect "/" "https://OA_HOST_NAME/"
    </VirtualHost>
    <VirtualHost _default_:443>
     ServerName OA_HOST_NAME
     DocumentRoot "/srv/www/htdocs"
     ErrorLog /var/log/apache2/error_log
     TransferLog /var/log/apache2/access_log
     SSLEngine on
     SSLCertificateFile /etc/ssl/certs/servercert.pem
     SSLCertificateKeyFile /etc/ssl/certs/serverkey.pem
     CustomLog /var/log/apache2/ssl_request_log ssl_combined
    </VirtualHost>
    </IfDefine>
    </IfDefine>
  4. Restart the Web server to reload the new virtual host definition together with the certificate files:

    root # systemctl restart apache2.service

17.1.2 Deploying openATTIC Edit source

Since SUSE Enterprise Storage 5.5, openATTIC has been deployed as a DeepSea role. Refer to Chapter 1, Salt Cluster Administration for a general procedure.

17.1.3 openATTIC Initial Setup Edit source

By default, oaconfig creates an administrative user account, openattic, with the same password as the user name. As a security precaution, we strongly recommend changing this password immediately:

cephadm > oaconfig changepassword openattic
Changing password for user 'openattic'
Password: <enter password>
Password (again): <re-enter password>
Password changed successfully for user 'openattic'

17.1.4 DeepSea Integration in openATTIC Edit source

Some openATTIC features, such as iSCSI Gateway and Object Gateway management, make use of the DeepSea REST API. It is enabled and configured by default. If you need to override its default settings for debugging purposes, edit /etc/sysconfig/openattic and add or change the following lines:

SALT_API_HOST="salt_api_host"
SALT_API_PORT=8001
SALT_API_USERNAME="example_user"
SALT_API_PASSWORD="password"
Important
Important: oaconfig restart

Remember to run oaconfig restart after you make changes to the /etc/sysconfig/openattic file.

Important
Important: File Syntax

/etc/sysconfig/openattic is used in Python as well as Bash. Therefore, the files need to be in a format which Bash can understand, and it is not possible to have spaces before or after the 'equals' signs.

17.1.5 Object Gateway Management Edit source

Object Gateway management features in openATTIC are enabled by default. If you need to override the default values for Object Gateway API as discovered from DeepSea, include the following options with relevant values in /etc/sysconfig/openattic. For example:

RGW_API_HOST="rgw_api_host"
RGW_API_PORT=80
RGW_API_SCHEME="http"
RGW_API_ACCESS_KEY="VFEG733GBY0DJCIV6NK0"
RGW_API_SECRET_KEY="lJzPbZYZTv8FzmJS5eiiZPHxlT2LMGOMW8ZAeOAq"
Note
Note: Default Resource for Object Gateway

If your Object Gateway admin resource is not configured to use the default value 'admin' as used in 'http://rgw_host:80/admin', you need to also set the RGW_API_ADMIN_RESOURCE option appropriately.

To obtain Object Gateway credentials, use the radosgw-admin command:

cephadm > radosgw-admin user info --uid=admin

17.1.6 iSCSI Gateway Management Edit source

iSCSI Gateway management features in openATTIC are enabled by default. If you need override the default Salt API host name, change the SALT_API_HOST value as described in Section 17.1.4, “DeepSea Integration in openATTIC”.

17.2 openATTIC Web User Interface Edit source

openATTIC can be managed using a Web user interface. Open a Web browser and navigate to http://SERVER_HOST/openattic. To log in, use the default user name openattic and the corresponding password.

openATTIC Login Screen
Figure 17.1: openATTIC Login Screen

The openATTIC user interface is graphically divided into a top menu pane and a content pane.

The right part of the top pane includes a link to the current user settings, and a Logout link, and links to the list of existing Background tasks and system Notifications. The rest of the top pane includes the main openATTIC menu.

The content pane changes depending on which item menu is activated. By default, a Dashboard is displayed showing a number widgets to inform you about the status of the cluster.

openATTIC Dashboard
Figure 17.2: openATTIC Dashboard

17.3 Dashboard Edit source

Each Dashboard widget shows specific status information related to the running Ceph cluster. After clicking the title of a widget, the widget spreads across the whole content pane, possibly showing more details. A list of several widgets follows:

The Status widget tells whether the cluster is operating correctly. In case a problem is detected, you can view the detailed error message by clicking the subtitle inside the widget.

The Monitors in Quorum, Pools, OSDs In, OSDs Out, OSDs Up, OSDs Down, and Average PGs per OSD widgets simply show the related numbers.

Basic Widgets
Figure 17.3: Basic Widgets

The following widgets deal with total and available storage capacity: Cluster Capacity, Available Capacity, Used Capacity, and Capacity.

Capacity Widgets
Figure 17.4: Capacity Widgets

The following widgets deal with OSD and monitor node latency: Average OSD Apply Latency, Average OSD Commit Latency, and Average Monitor Latency:

Latency Widgets
Figure 17.5: Latency Widgets

The Throughput widget shows the read and write per second statistics in time.

Throughput
Figure 17.6: Throughput
Tip
Tip: More Details on Mouse Over

If you move the mouse pointer over any of the displayed charts, you will be shown more details related to the date and time pointed at in a pop-up window.

If you click in the chart area and then drag the mouse pointer to the left or right along the time axis, the time interval on the axis will be zoomed in to the interval you marked by moving the mouse. To zoom out back to the original scale, double-click the chart.

Within openATTIC there are options to display graphs for longer than 15 days. However, by default Prometheus only stores history for 15 days. You can adjust this behavior in /etc/systemd/system/multi-user.target.wants/prometheus.service.

  1. Open /etc/systemd/system/multi-user.target.wants/prometheus.service.

  2. This file should reference the following:

            EnvironmentFile=-/etc/sysconfig/prometheus
            ExecStart=/usr/bin/prometheus $ARGS

    If not does not, add the above two lines and include the following:

            ARGS="--storage.tsdb.retention=90d" \
                  --log.level=warn"
    Tip
    Tip

    Ensure ARGS is a multiline bash string. This enables Prometheus to store up to 90 days of data.

    If you want other time options, the format is as follows: number X time multiplier (where time multiplier can be h[ours], d[ays], w[eeks], y[ears]).

  3. Restart the Prometheus service.

17.4 Ceph Related Tasks Edit source

openATTIC's main menu lists Ceph related tasks. Currently, the following tasks are relevant: OSDs, RBDs, Pools, Nodes, iSCSI, NFS, CRUSH Map, and Object Gateway.

17.4.1 Common Web UI Features Edit source

In openATTIC, you often work with lists—for example, lists of pools, OSD nodes, or RBD devices. The following common widgets help you manage or adjust these list:

Click to refresh the list of items.

Click to display or hide individual table columns.

Click and select how many rows to display on a single page.

Click inside and filter the rows by typing the string to search for.

Use to change the currently displayed page if the list spans across multiple pages.

17.4.2 Listing OSD Nodes Edit source

To list all available OSD nodes, click OSDs from the main menu.

The list shows each OSD's name, host name, status, weight, and storage back-end.

List of OSD nodes
Figure 17.7: List of OSD nodes

17.4.3 Managing RADOS Block Devices (RBDs) Edit source

To list all available RADOS Block Devices, click RBDs from the main menu.

The list shows each device's name, the related pool name, size of the device, and, if 'fast-diff' was enabled during the RADOS Block Device creation, the percentage that is already occupied.

List of RBDs
Figure 17.8: List of RBDs

17.4.3.1 Status Information Edit source

To view more detailed information about a device, activate its check box in the very left column:

RBD Details
Figure 17.9: RBD Details

17.4.3.2 Statistics Edit source

Click the Statistics tab of an RADOS Block Device to view the statistics of transferred data. You can zoom in and out the time range either by highlighting the time range with a mouse, or by selecting it after clicking the date in the top left corner of the tab.

17.4.3.3 RADOS Block Device Snapshots Edit source

To create an RADOS Block Device snapshot, click its Snapshots tab and select Create from the left top drop-down box.

After selecting a snapshot, you can rename, protect, clone, or delete it. Deletion also works if you select multiple snapshots. Rollback restores the device's state from the current snapshot.

RBD Snapshots
Figure 17.10: RBD Snapshots

17.4.3.4 Deleting RBDs Edit source

To delete a device or a group of devices, activate their check boxes in the very left column and click Delete in the top-left of the RBDs table:

Deleting RBD
Figure 17.11: Deleting RBD

17.4.3.5 Adding RBDs Edit source

To add a new device, click Add in the top left of the RBDs table and do the following on the Create RBD screen:

Adding a New RBD
Figure 17.12: Adding a New RBD
  1. Enter the name of the new device. Refer to Section 2.8, “Naming Limitations” for naming limitations.

  2. Select the cluster that will store the new pool.

  3. Select the pool from which the new RBD device will be created.

  4. Specify the size of the new device. If you click the use max link above, the maximum pool size is populated.

  5. To fine-tune the device parameters, click Expert settings and activate or deactivate the displayed options.

  6. Confirm with Create.

17.4.4 Managing Pools Edit source

Tip
Tip: More Information on Pools

For more general information about Ceph pools, refer to Chapter 8, Managing Storage Pools. For information specific to erasure coded pools, refer to Chapter 10, Erasure Coded Pools.

To list all available pools, click Pools from the main menu.

The list shows each pool's name, ID, the percentage of used space, the number of placement groups, replica size, type ('replicated' or 'erasure'), erasure code profile, and the CRUSH ruleset.

List of Pools
Figure 17.13: List of Pools

To view more detailed information about a pool, activate its check box in the very left column:

Pool Details
Figure 17.14: Pool Details

17.4.4.1 Deleting Pools Edit source

To delete a pool or a group of pools, activate their check boxes in the very left column and click Delete in the top left of the pools table:

Deleting Pools
Figure 17.15: Deleting Pools

17.4.4.2 Adding Pools Edit source

To add a new pool, click Add in the top left of the pools table and do the following on the Create Ceph pool screen:

Adding a New Pool
Figure 17.16: Adding a New Pool
  1. Enter the name of the new pool. Refer to Section 2.8, “Naming Limitations” for naming limitations.

  2. Select the cluster that will store the new pool.

  3. Select the pool type. Pools can be either replicated or erasure coded.

    1. For a replicated pool, specify the replica size and the number of placement groups.

    2. For an erasure code pool, specify the number of placement groups and erasure code profile. You can add your custom profile by clicking the plus '+' sign and specifying the profile name, data and coding chunks, and a ruleset failure domain.

  4. Confirm with Create.

17.4.5 Listing Nodes Edit source

Click Nodes from the main menu to view the list of nodes available on the cluster.

List of Nodes
Figure 17.17: List of Nodes

Each node is represented by its host name, public IP address, cluster ID it belongs to, node role (for example, 'admin', 'storage', or 'master'), and key acceptance status.

17.4.6 Managing NFS Ganesha Edit source

Tip
Tip: More Information on NFS Ganesha

For more general information about NFS Ganesha, refer to Chapter 16, NFS Ganesha: Export Ceph Data via NFS.

To list all available NFS exports, click NFS from the main menu.

The list shows each export's directory, host name, status, type of storage back-end, and access type.

List of NFS Exports
Figure 17.18: List of NFS Exports

To view more detailed information about an NFS export, activate its check box in the very left column:

NFS Export Details
Figure 17.19: NFS Export Details
Tip
Tip: NFS Mount Command

At the bottom of the export detailed view, there is a mount command for you to be able to easily mount the related NFS export from a client machine.

17.4.6.1 Adding NFS Exports Edit source

To add a new NFS export, click Add in the top left of the exports table and enter the required information.

Adding a New NFS Export
Figure 17.20: Adding a New NFS Export
  1. Select a server host for the NFS export.

  2. Select a storage back-end—either CephFS or Object Gateway.

  3. Enter the directory path for the NFS export. If the directory does not exist on the server, it will be created.

  4. Specify other NFS related options, such as supported NFS protocol version, access type, squashing, or transport protocol.

  5. If you need to limit access to specific clients only, click Add clients and add their IP addresses together with access type and squashing options.

  6. Confirm with Submit.

17.4.6.2 Cloning and Deleting NFS Exports Edit source

To delete an export or a group of exports, activate their check boxes in the very left column and select Delete in the top left of the exports table.

Similarly, you can select Clone to clone the activated gateway.

17.4.6.3 Editing NFS Exports Edit source

To edit an existing export, either click its name in the exports table, or activate its check box and click Edit in the top left of the exports table.

You can then adjust all the details of the NFS export.

Editing an NFS Export
Figure 17.21: Editing an NFS Export

17.4.7 Managing iSCSI Gateways Edit source

Tip
Tip: More Information on iSCSI Gateways

For more general information about iSCSI Gateways, refer to Chapter 10, Installation of iSCSI Gateway and Chapter 14, Ceph iSCSI Gateway.

To list all available gateways, click iSCSI from the main menu.

The list shows each gateway's target, state, and related portals and RBD images.

List of iSCSI Gateways
Figure 17.22: List of iSCSI Gateways

To view more detailed information about a gateway, activate its check box in the very left column:

Gateway Details
Figure 17.23: Gateway Details

17.4.7.1 Adding iSCSI Gateways Edit source

To add a new iSCSI Gateway, click Add in the top left of the gateways table and enter the required information.

Adding a New iSCSI Gateway
Figure 17.24: Adding a New iSCSI Gateway
  1. Enter the target address of the new gateway.

  2. Click Add portal and select one or multiple iSCSI portals from the list.

  3. Click Add image and select one or multiple RBD images for the gateway.

  4. If you need to use authentication to access the gateway, activate the Authentication check box and enter the credentials. You can find more advanced authentication options after activating Mutual authentication and Discovery authentication.

  5. Confirm with Submit.

17.4.7.2 Editing iSCSI Gateways Edit source

To edit an existing iSCSI Gateway, either click its name in the gateways table, or activate its check box and click Edit in the top left of the gateways table.

You can then modify the iSCSI target, add or delete portals, and add or delete related RBD images. You can also adjust authentication information for the gateway.

17.4.7.3 Cloning and Deleting iSCSI Gateways Edit source

To delete a gateway or a group of gateways, activate their check boxes in the very left column and select Delete in the top left of the gateways table.

Similarly, you can select Clone to clone the activated gateway.

17.4.7.4 Starting and Stopping iSCSI Gateways Edit source

To start all gateways, select Start all in the top left of the gateways table. To stop all gateways, select Stop all.

17.4.8 Viewing the Cluster CRUSH Map Edit source

Click CRUSH Map from the main menu to view cluster CRUSH Map.

CRUSH Map
Figure 17.25: CRUSH Map

In the Physical setup pane, you can see the structure of the cluster as described by the CRUSH Map.

In the Replication rules pane, you can view individual rulesets after selecting one of them from the Content drop-down box.

Replication rules
Figure 17.26: Replication rules

17.4.9 Managing Object Gateway Users and Buckets Edit source

Tip
Tip: More Information on Object Gateways

For more general information about Object Gateways, refer to Chapter 13, Ceph Object Gateway.

To list Object Gateway users, select Object Gateway › Users from the main menu.

The list shows each user's ID, display name, e-mail address, if the user is suspended, and the maximum number of buckets for the user.

List of Object Gateway Users
Figure 17.27: List of Object Gateway Users

17.4.9.1 Adding a New Object Gateway User Edit source

To add a new Object Gateway user, click Add in the top left of the users' table and enter the relevant information.

Tip
Tip: More Information

Find more information about Object Gateway user accounts in Section 13.5.2, “Managing S3 and Swift Accounts”.

Adding a New Object Gateway User
Figure 17.28: Adding a New Object Gateway User
  1. Enter the user name, full name, and optionally an e-mail address and the maximum number of buckets for the user.

  2. If the user should be initially suspended, activate the Suspended check box.

  3. Specify the access and secret keys for the S3 authentication. If you want openATTIC to generate the keys for you, activate Generate key.

  4. In the User quota section, set quota limits for the current user.

    Check Enabled to activate the user quota limits. You can either specify the Maximum size of the disk space the user can use within the cluster, or check Unlimited size for no size limit.

    Similarly, specify Maximum objects that the user can store on the cluster storage, or Unlimited objects if the user may store any number of objects.

    User quota
    Figure 17.29: User quota
  5. In the Bucket Quota section, set the bucket quota limits for the current user.

    Bucket Quota
    Figure 17.30: Bucket Quota
  6. Confirm with Submit.

17.4.9.2 Deleting Object Gateway Users Edit source

To delete one or more Object Gateway users, activate their check boxes in the very left column and select Delete in the top left of the users table.

17.4.9.3 Editing Object Gateway Users Edit source

To edit the user information of an Object Gateway user, either activate their check box in the very left column and select Edit in the top left of the users table, or click their ID. You can change the information you entered when adding the user in Section 17.4.9.1, “Adding a New Object Gateway User”, plus the following additional information:

Subusers

Add, remove, or edit subusers of the currently edited user.

Adding a Subuser
Figure 17.31: Adding a Subuser
Keys

Add, remove, or view access and secret keys of the currently edited user.

You can add S3 keys for the currently edited user, or view Swift keys for their subusers.

View S3 keys
Figure 17.32: View S3 keys
Capabilities

Add or remove user's capabilities. The capabilities apply to buckets, zone, users, metadata, and usage. Each capability value can be one of 'read', 'write', or '*' for read and write privilege.

Capabilities
Figure 17.33: Capabilities

17.4.9.4 Listing Buckets for Object Gateway Users Edit source

Tip
Tip

A bucket is a mechanism for storing data objects. A user account may have many buckets, but bucket names must be unique. Although the term 'bucket' is normally used within the Amazon S3 API, the term 'container' is used in the OpenStack Swift API context.

Click Object Gateway › Buckets to list all available Object Gateway buckets.

Object Gateway Buckets
Figure 17.34: Object Gateway Buckets

17.4.9.5 Adding Buckets for Object Gateway Users Edit source

To add a new bucket, click Add in the top left of the buckets table and enter the new bucket name and the related Object Gateway user. Confirm with Submit.

Adding a New Bucket
Figure 17.35: Adding a New Bucket

17.4.9.6 Viewing Bucket Details Edit source

To view detailed information about an Object Gateway bucket, activate its check box in the very left column of the buckets table.

Bucket Details
Figure 17.36: Bucket Details

17.4.9.7 Editing Buckets Edit source

To edit a bucket, either activate its check box in the very left column and select Edit in the top left of the buckets table, or click its name.

Editing an Object Gateway Bucket
Figure 17.37: Editing an Object Gateway Bucket

On the edit screen, you can change the user to which the bucket belongs.

17.4.9.8 Deleting Buckets Edit source

To delete one or more Object Gateway buckets, activate their check boxes in the very left column of the buckets table, and select Delete in the top left of the table.

Deleting Buckets
Figure 17.38: Deleting Buckets

To confirm the deletion, type 'yes' in the Delete buckets pop-up window, and click Delete.

Warning
Warning: Careful Deletion

When deleting an Object Gateway bucket, it is currently not verified if the bucket is actually in use, for example by NFS Ganesha via the S3 storage back-end.

Print this page