iSCSI Service¶
Deploying iSCSI¶
To deploy an iSCSI gateway, create a yaml file containing a service specification for iscsi:
service_type: iscsi
service_id: iscsi
placement:
hosts:
- host1
- host2
spec:
pool: mypool # RADOS pool where ceph-iscsi config data is stored.
trusted_ip_list: "IP_ADDRESS_1,IP_ADDRESS_2"
api_port: ... # optional
api_user: ... # optional
api_password: ... # optional
api_secure: true/false # optional
ssl_cert: | # optional
...
ssl_key: | # optional
...
For example:
service_type: iscsi
service_id: iscsi
placement:
hosts:
- [...]
spec:
pool: iscsi_pool
trusted_ip_list: "IP_ADDRESS_1,IP_ADDRESS_2,IP_ADDRESS_3,..."
api_user: API_USERNAME
api_password: API_PASSWORD
ssl_cert: |
-----BEGIN CERTIFICATE-----
MIIDtTCCAp2gAwIBAgIYMC4xNzc1NDQxNjEzMzc2MjMyXzxvQ7EcMA0GCSqGSIb3
DQEBCwUAMG0xCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARVdGFoMRcwFQYDVQQHDA5T
[...]
-----END CERTIFICATE-----
ssl_key: |
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5jdYbjtNTAKW4
/CwQr/7wOiLGzVxChn3mmCIF3DwbL/qvTFTX2d8bDf6LjGwLYloXHscRfxszX/4h
[...]
-----END PRIVATE KEY-----
- class ceph.deployment.service_spec.IscsiServiceSpec(service_type='iscsi', service_id=None, pool=None, trusted_ip_list=None, api_port=5000, api_user='admin', api_password='admin', api_secure=None, ssl_cert=None, ssl_key=None, placement=None, unmanaged=False, preview_only=False, config=None, networks=None, extra_container_args=None, extra_entrypoint_args=None, custom_configs=None)¶
- api_password¶
api_password
as defined in theiscsi-gateway.cfg
- api_port¶
api_port
as defined in theiscsi-gateway.cfg
- api_secure¶
api_secure
as defined in theiscsi-gateway.cfg
- api_user¶
api_user
as defined in theiscsi-gateway.cfg
- networks: List[str]¶
A list of network identities instructing the daemons to only bind on the particular networks in that list. In case the cluster is distributed across multiple networks, you can add multiple networks. See Networks and Ports, Specifying Networks and Specifying Networks.
- placement: PlacementSpec¶
See Daemon Placement.
- pool¶
RADOS pool where ceph-iscsi config data is stored.
- ssl_cert¶
SSL certificate
- ssl_key¶
SSL private key
- trusted_ip_list¶
list of trusted IP addresses
The specification can then be applied using:
ceph orch apply -i iscsi.yaml
See Daemon Placement for details of the placement specification.
See also: Service Specification.
Further Reading¶
RBD: Ceph iSCSI Gateway