Enabling high availability for Ceph Management gateway
Ensure continuous access to Ceph management tools, such as the Ceph Dashboard, Prometheus, Grafana, and Alertmanager, by enabling high availability (HA) for the Ceph Management gateway (mgmt-gateway).
Before you begin
- A subset of hosts have the
mgmtlabel set on them. These are the hosts where the daemons are deployed.Use the ceph orch host ls command to see which hosts have the
mgmtlabels set. - Have an available Virtual IP (VIP).
About this task
mgmt-gateway instances in an active/standby setup, the system can automatically switch to a backup instance if there is failure. Change to a backup instance by using the keepalived for failover. The oauth2-proxy service operates statelessly, with nginx as a load balancer to evenly distribute traffic. They following are the key components of HA for mgmt-gateway:
- Keepalived
- Provides failover support.
- OAuth2-Proxy
- Manages authentication.
- Nginx
- Runs as a load balancer and reverse-proxy for Ceph Management stack services.
- Virtual IP (VIP)
- Helps ensure smooth access by other external and internal services to the
mgmt-gateway.
Enable Enabling HA to help ensure that tool access is always available, even during a component failure. Enable high availability service either with the cephadm CLI commands or by using a service specification file.
After deploying the mgmt-gateway service, direct access to services like Prometheus, Grafana, and Alertmanager is no longer allowed. These services are now accessible only through the Ceph Dashboard by the links that are provided in .
Enabling HA for Ceph Management gateway with the command-line interface
Procedure
mgmt-gateway service in a high-availability configuration.
oauth2-proxy, the --enable-auth=true parameter is mandatory.
ceph orch apply mgmt-gateway --virtual_ip VIP --enable-auth=true --placement="label:mgmt"
[ceph: root@host01 /]# ceph orch apply mgmt-gateway --virtual_ip 192.168.100.220 --enable-auth=true --placement="label:mgmt"
What to do next
- Run the ceph orch ls command to get the service status.
- Run the ceph orch ps command to get the status of the corresponding daemons.
Enabling HA for Ceph Management gateway with a service specification file
Before you begin
mgmt-gateway service will run on.
- The port for gateway service use.
- A running IBM Storage Ceph cluster.
- (Optional) SSL protocols and ciphers for secure communication.
- (Optional) SSL certificates and private key data for secure connections.
For more information about SSL protocols, ciphers, certificates, and certificate keys, see the Deploying web servers and reverse proxies in the Red Hat Enterprise Linux documentation.
Procedure
What to do next
- Run the ceph orch ls command to get the service status.
- Run the ceph orch ps command to get the status of the corresponding daemons.