Not Just a Pretty Face

One criticism directed at software-based storage solutions is that they lack functional management tools. On the other hand, if you have ever dealt with typical storage area network (SAN) or network attached storage (NAS) appliances from the established manufacturers, you know you can get a web interface with a few virtual traffic lights that show the data status as a signal color. If the light is green, you can sleep soundly knowing that your data is fine. These management tools by the established manufacturers not only provide information about the data status, they let you carry out certain operations in a safe way. For example, if you want to set up a logical unit number (LUN) in a SAN, the graphical wizard will guide you through this process without any glitches.

To solve the problem for Ceph, the developers have been working for several years on the Ceph Dashboard, which is now an integral part of Ceph and has undergone a great deal of development since it was once launched as a fork of the openATTIC [1] storage management system. That said, the tool is still largely unknown to many administrators. In this article, I introduce the Ceph Dashboard, show how to activate it, discuss the information to be gleaned from it, and demonstrate the maintenance tasks the dashboard performs on demand.

Well Integrated

The good news right away is that the dashboard is very well integrated with Ceph. If you are using a recent Ceph cluster, you may already be running the dashboard without realizing it because, over the years, Ceph has undergone several radical changes to its own toolchain. The latest development is the management framework for Ceph, which is a kind of orchestration service specifically tailored to Ceph and its needs. The new deployment tool, cephadm [2], is also based on the management framework in the background, as is the dashboard, ceph-mgr [3]. The somewhat unwieldy short form of the framework is now part of the standard installation in a Ceph deployment, and most Ceph products install the dashboard at the same time.

However, you are not completely ready to go yet because, depending on the local specifications, it may be necessary to execute a few additional commands relating to the Ceph dashboard. In the following sections, we look at how you can get the dashboard started in the configuration that is ideal for you.

Finding the Ideal Configuration

To begin, you face the task of finding out which hosts are running an instance of the Ceph Manager daemon (ceph-mgr). These are the hosts that are running an instance of the dashboard. Contrary to what you might expect, the Ceph dashboard does not come as a clustered service. Consequently, it is also necessary to configure the Ceph dashboard per manager instance, not globally for the cluster. To identify the hosts running the manager component, just run the ceph-mgr command on each host where the ceph command works. The MON servers are generally the safest bet. A MON server is a kind of cluster watchdog in the Ceph context. It enforces a quorum for cluster partitions to prevent split-brain situations and keeps track of all existing MON and object storage daemon (OSD) services. OSD is a Ceph-owned service that turns any block storage device into a volume usable by Ceph.

For each instance of the Ceph dashboard, you then configure the IP address,

ceph config set mgr mgr/dashboard/<NAME>/server_addr

replacing <NAME> with the name of the Ceph Manager daemon instance and, ideally, leaving the ports for the connection over HTTP(S) untouched – unless you are dealing with a complicated firewall configuration. Next, run the command

ceph config set mgr mgr/dashboard/<NAME>/ssl_server_port

If you want to access the individual Ceph dashboards, you have to use their respective IP addresses.

Get Your Own SSL Certificate

Because you log in to the dashboard with a username and password combination, it is obvious that any communication between the browser and the dashboard needs to be encrypted. The Ceph Manager daemon sets this up out of the box, but it uses a self-issued and self-signed SSL certificate. If you need an SSL certificate issued by the in-house certificate authority (CA) or even an official CA, you have to replace the Ceph Manager daemon certificate. The example below assumes that a wildcard certificate for *.example.net exists in the cert.pem file and that its unprotected key exists in key.pem. If an intermediate certificate is required for the SSL CA, this must also be available in cert.pem. The installation is then simple:

ceph config-key set mgr mgr/dashboard/crt -i cert.pem
ceph config-key set mgr mgr/dashboard/key -i key.pem

The commands

ceph mgr module disable dashboard
ceph mgr module enable dashboard

restart the mgr component and the dashboard. After that, the dashboard is available with an official SSL certificate if you call it using the correct hostname.