centos7安装ceph问题记录

宿主机安装参考：https://www.cnblogs.com/mituxiaogaoyang/p/14489922.html
docker安装参考：https://blog.csdn.net/u014534808/article/details/109159160
注：docker中，在主节点生成密钥后，需将密钥复制到子节点中

宿主机问题

问题一

执行sudo ceph-deploy install admin-node node1 node2 node3报错：
错误一：

[admin][INFO  ] Running command: rpm --import https://download.ceph.com/keys/release.asc
[admin][WARNIN] curl: (60) The certificate issuer's certificate has expired. Check your system date and time.
[admin][WARNIN] More details here: http://curl.haxx.se/docs/sslcerts.html
[admin][WARNIN] 
[admin][WARNIN] curl performs SSL certificate verification by default, using a "bundle"
[admin][WARNIN]  of Certificate Authority (CA) public keys (CA certs). If the default
[admin][WARNIN]  bundle file isn't adequate, you can specify an alternate file
[admin][WARNIN]  using the --cacert option.
[admin][WARNIN] If this HTTPS server uses a certificate signed by a CA represented in
[admin][WARNIN]  the bundle, the certificate verification probably failed due to a
[admin][WARNIN]  problem with the certificate (it might be expired, or the name might
[admin][WARNIN]  not match the domain name in the URL).
[admin][WARNIN] If you'd like to turn off curl's verification of the certificate, use
[admin][WARNIN]  the -k (or --insecure) option.
[admin][WARNIN] 错误：https://download.ceph.com/keys/release.asc: import read failed(2).
[admin][ERROR ] RuntimeError: command returned non-zero exit status: 1
[ceph_deploy][ERROR ] RuntimeError: Failed to execute command: rpm --import https://download.ceph.com/keys/release.asc

解决方案：

sudo yum install ca-certificates
sudo update-ca-trust extract

错误二：

curl: (35) Peer reports incompatible or unsupported protocol version

解决方案：

yum update -y nss curl libcurl

错误三：

[ceph_deploy][ERROR ] RuntimeError: NoSectionError: No section: 'ceph'

解决方案：

yum remove ceph-release
rm /etc/yum.repos.d/ceph.repo.rpmsave

问题二

执行sudo yum install -y yum-utils && sudo yum-config-manager --add-repo https://dl.fedoraproject.org/pub/epel/7/x86_64/ && sudo yum install --nogpgcheck -y epel-release && sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 && rm /etc/yum.repos.d/dl.fedoraproject.org*报错
解决方案：
参考https://blog.csdn.net/qq_33431394/article/details/107380003 中步骤6：管理节点安装ceph-deploy工具

问题三

初始化 monitor 节点并收集所有密钥：sudo ceph-deploy --overwrite-conf mon create-initial报错：

[ERROR ] ConfigError: Cannot load config: [Errno 2] No such file or directory: 'ceph.conf'; has `ceph-deploy new` been run in this directory?

解决方案：
切换至ceph.conf所在目录下

问题四

激活OSD，执行sudo ceph-deploy osd activate node1:/data node2:/data node3:/data报错：

** ERROR: error creating empty object store in /data: (28) No space left on device

解决方案：
node分区建议10G，不足10G的只要分区不小于6G均可

docker问题

问题一

执行start_mon.sh报错：

monmaptool: invalid ip:port

解决方案：

将脚本中的MON_IP修改为本机IP，重新执行脚本，再将另外两台机器以同样方法修改IP，同样执行脚本，确保三台服务器的mon镜像启动成功

问题二

创建dashboard账号密码docker exec mgr ceph dashboard set-login-credentials admin antiy@123 报错：

Invalid command: unused arguments: [u'antiy@123']
dashboard set-login-credentials <username> :  Set the login credentials. Password read from -i <file>
Error EINVAL: invalid command

解决方案：

1、创建文件dashboard-passwd

2、将密码写入dashboard-passwd文件中：exho antiy@123 > dashboard-passwd

3、执行命令：docker exec mgr ceph dashboard set-login-credentials admin -i dashboard-passwd

问题三

执行ceph -s命令，health状态告警：

    health: HEALTH_WARN
            mons are allowing insecure global_id 

解决方案：

如果AUTH_INSECURE_GLOBAL_ID_RECLAIM还没有引发健康警报并且auth_expose_insecure_global_id_reclaim尚未禁用该设置（默认情况下处于启用状态），则当前没有需要升级的客户端已连接，可以安全地禁止不安全的global_id回收： 
ceph config set mon auth_allow_insecure_global_id_reclaim false

仍然有需要升级的客户端，则可以使用以下方法暂时使此警报静音：
ceph health mute AUTH_INSECURE_GLOBAL_ID_RECLAIM_ALLOWED 1w

也可以无限期地禁用此警告： 
ceph config set mon mon_warn_on_insecure_global_id_reclaim_allowed false

问题四

启动docker报错：

error pulling image configuration: Get https:// ...... x509: certificate has expired or is not yet valid

解决方案：

yum install ntp -y
ntpdate ntp.api.bz