[PVE-User] ceph jewel -> luminous upgrade docs

Discussion:

lists

2018-07-09 13:38:01 UTC

Hi,

We're reading up on the jewel -> luminous upgrade which we are planning
to perform after the holidays.

There seems to be a discrepancy between the proxmox and ceph docs:
http://docs.ceph.com/docs/master/releases/luminous/#upgrade-from-jewel-or-kraken

Step six in the ceph upgrade docs says:

"Verify that all RBD client users have sufficient caps to blacklist
other client users. RBD client users with only "allow r" monitor caps
should to be updated as follows"

Does this not apply to a 'regular' proxmox install? We are managing the
cluster (and installed it) using the regular proxmox 4 installer. (this
gave us hammer at the time, which we have upgraded to jewel)

Since there were issues on the ceph mailinglist where QEMU corrupted VM
images, I thought I'd ask here. Reports:

[1]
http://lists.ceph.com/pipermail/ceph-users-ceph.com/2017-November/022278.html
[2]
http://lists.ceph.com/pipermail/ceph-users-ceph.com/2017-November/022694.html
[3] http://lists.ceph.com/pipermail/ceph-users-ceph.com/2018-May/026496.html
[4] https://www.spinics.net/lists/ceph-users/msg45665.html

Is this step 6 relevant to us, proxmox users?

MJ

Mark Schouten

2018-07-09 13:57:01 UTC

Permalink

Post by lists
"Verify that all RBD client users have sufficient caps to blacklist
other client users. RBD client users with only "allow r" monitor caps
should to be updated as follows"
Does this not apply to a 'regular' proxmox install? We are managing the
cluster (and installed it) using the regular proxmox 4 installer. (this
gave us hammer at the time, which we have upgraded to jewel)

A default Proxmox setup runs as admin, doesn't it? With all caps?

--
Kerio Operator in de Cloud? https://www.kerioindecloud.nl/
Mark Schouten | Tuxis Internet Engineering
KvK: 61527076 | http://www.tuxis.nl/
T: 0318 200208 | ***@tuxis.nl

lists

2018-07-09 14:32:07 UTC

Permalink

Hi Mark,

Post by Mark Schouten
A default Proxmox setup runs as admin, doesn't it? With all caps?

I think the answer to #1 is yes, but I'm not sure how to tell about the

Post by Mark Schouten
osd.0
caps: [mon] allow profile osd
caps: [osd] allow *
osd.1
caps: [mon] allow profile osd
caps: [osd] allow *
skipping
many
more
OSD
lines
osd.17
caps: [mon] allow profile osd
caps: [osd] allow *
osd.18
caps: [mon] allow profile osd
caps: [osd] allow *
osd.19
caps: [mon] allow profile osd
caps: [osd] allow *
client.admin
auid: 0
caps: [mds] allow
caps: [mon] allow *
caps: [osd] allow *
client.bootstrap-mds
caps: [mon] allow profile bootstrap-mds
client.bootstrap-osd
caps: [mon] allow profile bootstrap-osd
client.bootstrap-rgw
caps: [mon] allow profile bootstrap-rgw

Reason I ask here: there is no "blacklist" in any of the output above...

MJ

Mark Schouten

2018-07-09 14:50:37 UTC

Permalink

Post by lists
Hi Mark,

Post by Mark Schouten
A default Proxmox setup runs as admin, doesn't it? With all caps?

I think the answer to #1 is yes, but I'm not sure how to tell about the

In /etc/pve/priv/ceph/ is the file you (and your VM's) are using as a
key-file for Ceph.

Post by lists

Post by Mark Schouten
caps: [osd] allow *

This (*) allows all capabilities.

--
Kerio Operator in de Cloud? https://www.kerioindecloud.nl/
Mark Schouten | Tuxis Internet Engineering
KvK: 61527076 | http://www.tuxis.nl/
T: 0318 200208 | ***@tuxis.nl

lists

2018-07-09 15:34:38 UTC

Permalink

Hi Mark,

Post by Mark Schouten

Post by Mark Schouten
caps: [osd] allow *

This (*) allows all capabilities.

Super, so no need to worry about that :-)

Thanks!

MJ

lyt_yudi

2018-07-10 01:41:38 UTC

Permalink

Hi,

will it be better integrated into the PVE network architecture?

About https://frrouting.org/ <https://frrouting.org/>

https://github.com/FRRouting/frr <https://github.com/FRRouting/frr>

_______________________________________________
pve-user mailing list
pve-***@pve.proxmox.com <mailto:pve-***@pve.proxmox.com>
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

Alexandre DERUMIER

2018-07-10 07:58:39 UTC

Permalink

Hi,

I have sent a package for proxmox last month,

I need to rebase it on frr 5.0.1.

(I need it for vxlan bgp evpn)

----- Mail original -----
De: "lyt_yudi" <***@icloud.com>
À: "proxmoxve" <pve-***@pve.proxmox.com>
Envoyé: Mardi 10 Juillet 2018 03:41:38
Objet: [PVE-User] About the FRR integrated into the PVE?

Hi,

will it be better integrated into the PVE network architecture?

About https://frrouting.org/ <https://frrouting.org/>

https://github.com/FRRouting/frr <https://github.com/FRRouting/frr>

_______________________________________________
pve-user mailing list
pve-***@pve.proxmox.com <mailto:pve-***@pve.proxmox.com>
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

_______________________________________________
pve-user mailing list
pve-***@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

lyt_yudi

2018-07-11 07:58:26 UTC

Permalink

Post by Alexandre DERUMIER
I have sent a package for proxmox last month,
I need to rebase it on frr 5.0.1.
(I need it for vxlan bgp evpn)

It's too fast you are. Great!

Alexandre DERUMIER

2018-07-11 13:17:38 UTC

Permalink

Just curious,

What do you want to do with frr ? (vxlan - bgp evpn ?)

----- Mail original -----
De: "lyt_yudi" <***@icloud.com>
À: "proxmoxve" <pve-***@pve.proxmox.com>
Envoyé: Mercredi 11 Juillet 2018 09:58:26
Objet: Re: [PVE-User] About the FRR integrated into the PVE?

Post by Alexandre DERUMIER
I have sent a package for proxmox last month,
I need to rebase it on frr 5.0.1.
(I need it for vxlan bgp evpn)

It's too fast you are. Great!

_______________________________________________
pve-user mailing list
pve-***@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

lyt_yudi

2018-07-12 01:20:47 UTC

Permalink

Post by Alexandre DERUMIER
What do you want to do with frr ? (vxlan - bgp evpn ?)

yes, this is more urgent!

lyt_yudi

2018-07-12 02:03:46 UTC

Permalink

Post by lyt_yudi

Post by Alexandre DERUMIER
What do you want to do with frr ? (vxlan - bgp evpn ?)

yes, this is more urgent!

Add ospf/ospf6 ?

In small and medium networks, the OSPF will be more advantageous!
By the way, BGP also needs to establish neighbors first, while establishing neighbors is usually OSPF.

It's just a suggestion. I really don't have the experience of large-scale network environment.

Thanks!

Alexandre DERUMIER

2018-07-12 10:59:19 UTC

Permalink

Post by Alexandre DERUMIER
What do you want to do with frr ? (vxlan - bgp evpn ?)

Post by lyt_yudi
yes, this is more urgent!

Great . with me, we are already 3 differents users who's need it :)
I'll send documentation soon, but it's already working in my test lab.

I'm currently trying to polish promox integration, make network config reloading possible,...

If you have time to test next month, it could be great :)

Post by Alexandre DERUMIER

Post by lyt_yudi
Add ospf/ospf6 ?
In small and medium networks, the OSPF will be more advantageous!
By the way, BGP also needs to establish neighbors first, while establishing neighbors is usually OSPF.
It's just a suggestion. I really don't have the experience of large-scale network environment.

well, you can do bgp,ospf with frr.
I don't known yet if we need to manage frr.conf from proxmox gui or not. As they are so many setup possible, depending of infrastructure.

The advantage of bgp-evpn, is that vm live migration is working, because control plane is done through bgp, learning mac address from vm,
and dynamicaly create routes.

bgp/ospf, is more for the routing of the proxmox hosts underlay. (if you have a layer3 network)

----- Mail original -----
De: "lyt_yudi" <***@icloud.com>
À: "proxmoxve" <pve-***@pve.proxmox.com>
Envoyé: Jeudi 12 Juillet 2018 03:20:47
Objet: Re: [PVE-User] About the FRR integrated into the PVE?

Post by Alexandre DERUMIER
What do you want to do with frr ? (vxlan - bgp evpn ?)

yes, this is more urgent!

_______________________________________________
pve-user mailing list
pve-***@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

lyt_yudi

2018-07-12 12:35:53 UTC

Permalink

Post by Alexandre DERUMIER
Great . with me, we are already 3 differents users who's need it :)
I'll send documentation soon, but it's already working in my test lab.
I'm currently trying to polish promox integration, make network config reloading possible,...
If you have time to test next month, it could be great :)

Yes, very happy, if I can to test it!

Post by Alexandre DERUMIER
well, you can do bgp,ospf with frr.
I don't known yet if we need to manage frr.conf from proxmox gui or not. As they are so many setup possible, depending of infrastructure.
The advantage of bgp-evpn, is that vm live migration is working, because control plane is done through bgp, learning mac address from vm,
and dynamicaly create routes.
bgp/ospf, is more for the routing of the proxmox hosts underlay. (if you have a layer3 network)

Yes, the layer3 network it’s possible!
If it can be managed by the PVE UI, it will be more convenient and more network functions.

Thanks!