summaryrefslogtreecommitdiff
path: root/README.md
blob: edc26e054bc2016008fcb021e96e566d79fb784f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
Overview
========

Ceph is a distributed storage and network file system designed to provide
excellent performance, reliability, and scalability.

This charm deploys additional Ceph OSD storage service units and should be
used in conjunction with the 'ceph' charm to scale out the amount of storage
available in a Ceph cluster.

Usage
=====

The charm also supports specification of the storage devices to use in the ceph
cluster::

    osd-devices:
        A list of devices that the charm will attempt to detect, initialise and
        activate as ceph storage.

        This this can be a superset of the actual storage devices presented to
        each service unit and can be changed post ceph-osd deployment using
        `juju set`.

For example::

    ceph-osd:
        osd-devices: /dev/vdb /dev/vdc /dev/vdd /dev/vde

Boot things up by using::

    juju deploy -n 3 --config ceph.yaml ceph

You can then deploy this charm by simple doing::

    juju deploy -n 10 --config ceph.yaml ceph-osd
    juju add-relation ceph-osd ceph

Once the ceph charm has bootstrapped the cluster, it will notify the ceph-osd
charm which will scan for the configured storage devices and add them to the
pool of available storage.

Network Space support
=====================

This charm supports the use of Juju Network Spaces, allowing the charm to be bound to network space configurations managed directly by Juju.  This is only supported with Juju 2.0 and above.

Network traffic can be bound to specific network spaces using the public (front-side) and cluster (back-side) bindings:

    juju deploy ceph-osd --bind "public=data-space cluster=cluster-space"

alternatively these can also be provided as part of a Juju native bundle configuration:

    ceph-osd:
      charm: cs:xenial/ceph-osd
      num_units: 1
      bindings:
        public: data-space
        cluster: cluster-space

Please refer to the [Ceph Network Reference](http://docs.ceph.com/docs/master/rados/configuration/network-config-ref) for details on how using these options effects network traffic within a Ceph deployment.

**NOTE:** Spaces must be configured in the underlying provider prior to attempting to use them.

**NOTE**: Existing deployments using ceph-*-network configuration options will continue to function; these options are preferred over any network space binding provided if set.

AppArmor Profiles
=================

AppArmor is not enforced for Ceph by default.  An AppArmor profile can be generated by the charm.  However, great care must be taken.

Changing the value of the ```aa-profile-mode``` option is disruptive to a running Ceph cluster as all ceph-osd processes must be restarted as part of changing the AppArmor profile enforcement mode.

The generated AppArmor profile currently has a narrow supported use case, and it should always be verified in pre-production against the specific configurations and topologies intended for production.

The AppArmor profile(s) which are generated by the charm should NOT yet be used in the following scenarios:
  - When there are separate journal devices.
  - On any version of Ceph prior to Luminous.
  - On any version of Ubuntu other than 16.04.
  - With Bluestore enabled.


Block Device Encryption
=======================

The ceph-osd charm supports encryption of underlying block devices supporting OSD's.

To use the 'native' key management approach (where dm-crypt keys are stored in the
ceph-mon cluster), simply set the 'osd-encrypt' configuration option::

    ceph-osd:
      options:
        osd-encrypt: True

**NOTE:** This is supported for Ceph Jewel or later.

Alternatively, encryption keys can be stored in Vault; this requires deployment of
the vault charm (and associated initialization of vault - see the Vault charm for
details) and configuration of the 'osd-encrypt' and 'osd-encrypt-keymanager'
options::

    ceph-osd:
      options:
        osd-encrypt: True
        osd-encrypt-keymanager: vault

**NOTE:** This option is only supported with Ceph Luminous or later.

**NOTE:** Changing these options post deployment will only take effect for any
new block devices added to the ceph-osd application; existing OSD devices will
not be encrypted.

Contact Information
===================

Author: James Page <james.page@ubuntu.com>
Report bugs at: http://bugs.launchpad.net/charm-ceph-osd/+filebug
Location: http://jujucharms.com/ceph-osd