Monitoring of a Ceph Cluster with Ceph-dash on CentOS 7

Ceph-dash is is a WSGI application based on the Flask framework for monitoring of Ceph clusters. It uses librados to communicate with the Ceph cluster. Ceph-dash has a nice dashboard, it is easy to install has many features, including InfluxDB and Graphite support.

In this tutorial, I will show you to install Ceph-dash and configure it to run under an apache web server with SSL and mod_auth support. In the first Ceph tutorial, we've already installed a 'Ceph cluster', in this tutorial, we will configure ceph-dash on the monitor host 'mon1' of that setup.

Prerequisites

  • Ceph Cluster - Ceph I Tutorial
  • Monitor node CentOS 7 - mon1
  • Root privileges

Step 1 - Installing Ceph-dash Dependencies

In this first step, we will install the dependencies needed by ceph-dash, including apache web server and mod_ssl.

Connect to the mon1 node from the ceph-admin node.

ssh mon1

Install all dependencies needed with the yum command.

sudo yum -y install httpd mod_wsgi mod_ssl git

Then start apache/httpd and add it to be started at boot time.

sudo systemctl start httpd
sudo systemctl enable httpd

Step 2 - Download Ceph-dash

Ceph-dash is an open source application, available from the github repository. Clone the repository to the /var/www/ directory.

cd /var/www/html/
git clone https://github.com/Crapworks/ceph-dash.git

By default, apache/httpd is running under the user name 'apache', so we need to change the owner of ceph-dash files and directories to the 'apache' user.

sudo chown -R /var/www/html/ceph-dash/

Step 3 - Configure an Apache Virtual Host for Ceph-dash

Ceph-dash provides a sample of a virtual host configuration for apache and Nginx in the 'contrib' directory. We will use apache as the web server for Ceph-dash, so we need to copy the configuration file for apache to the apache/httpd directory.

cd /var/www/html/ceph-dash/
cp contrib/apache/cephdash /etc/httpd/conf.d/cephdash.conf

Go to the virtual host configuration directory and edit cephdash.conf file.

cd /etc/httpd/conf.d/
vim cephdash.conf

Change value of the 'ServerName' to your domain name - in my case ceph-mon.co

Change the wsgi daemon process to runn as the apache user.

Change the cephdash.wsgi directory to '/var/www/html/ceph-dash/contrib/wsgi/cephdash.wsgi'.

Change the SSL configuration directory to '/etc/httpd/ssl/'.

Change the ceph-dash directory to '/var/www/html/ceph-dash', then add the basic auth configuration.

Below is the configuration.

<VirtualHost *:80>
    ServerName ceph-mon.co

    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/server-status
    RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName ceph-mon.co

    WSGIDaemonProcess cephdash user=apache group=apache processes=1 threads=5
    WSGIScriptAlias / /var/www/html/ceph-dash/contrib/wsgi/cephdash.wsgi
    WSGIPassAuthorization On

    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/ssl.crt
    SSLCertificateKeyFile /etc/httpd/ssl/ssl.key

    <Directory /var/www/html/ceph-dash>
        WSGIProcessGroup cephdash
        WSGIApplicationGroup %{GLOBAL}
        Order deny,allow
        Allow from all

        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Directory>
</VirtualHost>

Save the file and exit the editor.

Step 4 - Configure SSL and Apache Basic Auth

In the virtual host configuration, we've already defined the SSL configuration in the '/etc/httpd/ssl' directory, so we need to create the SSL cert and key there.

mkdir -p /etc/httpd/ssl/

Now generate a self-signed SSL certificate file with the OpenSSL command.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/httpd/ssl/ssl.key -out \
/etc/httpd/ssl/ssl.crt

Change the permissions of the certificate file to 600.

chmod 600 /etc/httpd/ssl/*

Next, add apache basic auth with the htpasswd command below to password protect the Ceph-dash access.

htpasswd -c /etc/httpd/htpasswd hakase
Type your password:

hakase is the username that I#ve chosen.

If all is done, test the apache configuration file with the apachectl command and make sure the result is 'Syntax OK', then restart apache.

apachectl configtest
sudo systemctl restart httpd

Step 5 - Add HTTP and HTTPS Port to Firewalld

On the monitor node 'mon1', firewalld is enabled. We have to open a new port for the http and https connection so we can access Ceph-dash from a web browser.

Add the http and https port to firewalld with the firewall-cmd command.

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=443/tcp --permanent

Reload the firewalld configuration.

sudo firewall-cmd --reload

Step 6 - Testing

Open your web browser and type in the ceph-mon.co domain (use the domain name that you have chosen for your ceph-dash installation) in the address bar, press enter.

You will be asked for username and password, type in your username and password that you used in the htpasswd file.

Ceph-dash with .htpasswd authentication

Now you can see the Ceph-dash dashboard.

Cluster health Status, Monitor node status, OSD nodes status.

ceph-dash dashboard health status, monitor node status and osd nodes status

Storage and PG status.

Storage and PG status of ceph cluster

Ceph-dash has been installed under an apache web server on the monitor node 'mon1'.

Reference

Share this page:

Suggested articles

1 Comment(s)

Add comment

Comments

From: Andre Spaziani

Hi, thank you for the tutorial! there are a couple of things to check:

1) in cephdash.conf you insert "AuthUserFile /etc/apache2/.htpasswd" instead of "AuthUserFile /etc/httpd/htpasswd"

2) you need to auth apache on "/etc/ceph/ceph.client.admin.keyring"

3) apache missing in sudo chown apache -R /var/www/html/ceph-dash/