New in Nautilus: ceph-iscsi Improvements
The ceph-iscsi project provides a framework, REST API and CLI tool for creating and managing iSCSI targets and gateways for Ceph via LIO. It is the successor and a consolidation of two formerly separate projects, the ceph-iscsi-cli and ceph-iscsi-config which were initially started in 2016 by Paul Cuzner at Red Hat.
While this is not a new feature of Ceph Nautilus per se, improving ceph-iscsi was required for achieving one of the goals for the Ceph Dashboard in Nautilus: reaching feature parity with the openATTIC project.
One of these features was the possibility to manage iSCSI targets and all related aspects via the Dashboard UI. The key challenge here was to overcome some of the limitations in the openATTIC implementation, which relied on lrbd and DeepSea for performing the actual configuration changes on the iSCSI gateway nodes.
While ceph-iscsi and lrbd use a similar approach in storing the configuration in RADOS objects, there are some fundamental differences in how the configuration is modified and applied. For example, lrbd provides a command-line interface that needed to be triggered remotely via Salt/DeepSea.
The Dashboard now talks to the REST API provided by the
ceph-iscsi-api daemon on the respective node that provides the iSCSI gateway service. This makes it possible to manage the iSCSI gateway configuration (locally and remote) from both the command line via the
gwcli command as well as the Dashboard.
Ricardo Marques from the Ceph Dashboard team at SUSE added numerous features to ceph-iscsi in order to bridge the gap between what openATTIC/lrbd provided and to remove some limitations in ceph-iscsi.
Some noteworthy changes include:
- Python3 support
- Multiple iSCSI target support
- Support “/” in password fields
- Support for dots in pool/image names
- Support for iSCSI discovery and mutual CHAP authentication
- Support for no authentication
- Support for encrypting discovery passwords
- Support for configurable Ceph pool names
- Support for attaching existing RBD images and detaching images without deleting them
- Support for multiple backstores (to support kernel-lio-rbd in addition to tcmu-runner)
- Support for disabling ACL authentication
- Many enhancements to the REST API (e.g. new endpoints)
- Numerous bug fixes and minor enhancements
See the Ceph Dashboard documentation on how to enable iSCSI management support in the Dashboard. Please note that you need a very recent version of ceph-iscsi to make use of this functionality. Packages for the most common Linux distributions are still in the works. Packages for SUSE Linux distributions can be found on the openSUSE Build Service, RPMs for CentOS 7 can be found on Ceph’s Shaman build service.