Monitoring of a Ceph Cluster with Ceph-dash on CentOS 7

Ceph-dash is is a WSGI application based on the Flask framework for monitoring of Ceph clusters. It uses librados to communicate with the Ceph cluster. Ceph-dash has a nice dashboard, it is easy to install has many features, including InfluxDB and Graphite support.

In this tutorial, I will show you to install Ceph-dash and configure it to run under an apache web server with SSL and mod_auth support. In the first Ceph tutorial, we've already installed a 'Ceph cluster', in this tutorial, we will configure ceph-dash on the monitor host 'mon1' of that setup.

Prerequisites

  • Ceph Cluster - Ceph I Tutorial
  • Monitor node CentOS 7 - mon1
  • Root privileges

Step 1 - Installing Ceph-dash Dependencies

In this first step, we will install the dependencies needed by ceph-dash, including apache web server and mod_ssl.

Connect to the mon1 node from the ceph-admin node.

ssh mon1

Install all dependencies needed with the yum command.

sudo yum -y install httpd mod_wsgi mod_ssl git

Then start apache/httpd and add it to be started at boot time.

sudo systemctl start httpd
sudo systemctl enable httpd

Step 2 - Download Ceph-dash

Ceph-dash is an open source application, available from the github repository. Clone the repository to the /var/www/ directory.

cd /var/www/html/
git clone https://github.com/Crapworks/ceph-dash.git

By default, apache/httpd is running under the user name 'apache', so we need to change the owner of ceph-dash files and directories to the 'apache' user.

sudo chown -R /var/www/html/ceph-dash/

Step 3 - Configure an Apache Virtual Host for Ceph-dash

Ceph-dash provides a sample of a virtual host configuration for apache and Nginx in the 'contrib' directory. We will use apache as the web server for Ceph-dash, so we need to copy the configuration file for apache to the apache/httpd directory.

cd /var/www/html/ceph-dash/
cp contrib/apache/cephdash /etc/httpd/conf.d/cephdash.conf

Go to the virtual host configuration directory and edit cephdash.conf file.

cd /etc/httpd/conf.d/
vim cephdash.conf

Change value of the 'ServerName' to your domain name - in my case ceph-mon.co

Change the wsgi daemon process to runn as the apache user.

Change the cephdash.wsgi directory to '/var/www/html/ceph-dash/contrib/wsgi/cephdash.wsgi'.

Change the SSL configuration directory to '/etc/httpd/ssl/'.

Change the ceph-dash directory to '/var/www/html/ceph-dash', then add the basic auth configuration.

Below is the configuration.

<VirtualHost *:80>
    ServerName ceph-mon.co

    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/server-status
    RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName ceph-mon.co

    WSGIDaemonProcess cephdash user=apache group=apache processes=1 threads=5
    WSGIScriptAlias / /var/www/html/ceph-dash/contrib/wsgi/cephdash.wsgi
    WSGIPassAuthorization On

    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/ssl.crt
    SSLCertificateKeyFile /etc/httpd/ssl/ssl.key

    <Directory /var/www/html/ceph-dash>
        WSGIProcessGroup cephdash
        WSGIApplicationGroup %{GLOBAL}
        Order deny,allow
        Allow from all

        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Directory>
</VirtualHost>

Save the file and exit the editor.

Step 4 - Configure SSL and Apache Basic Auth

In the virtual host configuration, we've already defined the SSL configuration in the '/etc/httpd/ssl' directory, so we need to create the SSL cert and key there.

mkdir -p /etc/httpd/ssl/

Now generate a self-signed SSL certificate file with the OpenSSL command.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/httpd/ssl/ssl.key -out \
/etc/httpd/ssl/ssl.crt

Change the permissions of the certificate file to 600.

chmod 600 /etc/httpd/ssl/*

Next, add apache basic auth with the htpasswd command below to password protect the Ceph-dash access.

htpasswd -c /etc/httpd/htpasswd hakase
Type your password:

hakase is the username that I#ve chosen.

If all is done, test the apache configuration file with the apachectl command and make sure the result is 'Syntax OK', then restart apache.

apachectl configtest
sudo systemctl restart httpd

Step 5 - Add HTTP and HTTPS Port to Firewalld

On the monitor node 'mon1', firewalld is enabled. We have to open a new port for the http and https connection so we can access Ceph-dash from a web browser.

Add the http and https port to firewalld with the firewall-cmd command.

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=443/tcp --permanent

Reload the firewalld configuration.

sudo firewall-cmd --reload

Step 6 - Testing

Open your web browser and type in the ceph-mon.co domain (use the domain name that you have chosen for your ceph-dash installation) in the address bar, press enter.

You will be asked for username and password, type in your username and password that you used in the htpasswd file.

Ceph-dash with .htpasswd authentication

Now you can see the Ceph-dash dashboard.

Cluster health Status, Monitor node status, OSD nodes status.

ceph-dash dashboard health status, monitor node status and osd nodes status

Storage and PG status.

Storage and PG status of ceph cluster

Ceph-dash has been installed under an apache web server on the monitor node 'mon1'.

Reference

Share this page:

Suggested articles

5 Comment(s)

Add comment

Comments

By: Andre Spaziani

Hi, thank you for the tutorial! there are a couple of things to check:

1) in cephdash.conf you insert "AuthUserFile /etc/apache2/.htpasswd" instead of "AuthUserFile /etc/httpd/htpasswd"

2) you need to auth apache on "/etc/ceph/ceph.client.admin.keyring"

3) apache missing in sudo chown apache -R /var/www/html/ceph-dash/

By: Vivek Shwarup

Hi, thank you...!!!

sudo chmod +r /etc/ceph/ceph.client.admin.keyring 

By: krishna

Thanks for the wonderful article. In addition "Insert the following line at the httpd.conf: ServerName localhost" to avoid below error 

[[email protected]]# apachectl configtest

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using XXXXX. Set the 'ServerName' directive globally to suppress this message

 

However it would be grate if you can extend  the tutorial for 2nd ceph cluster integerated with 1st cluster over gateway in multiple geolocations    

By: Siraj

Hi, I am having issue ininstalling the ceph dashboard for the nautilus version on CentOS 7

In cli mode i am able to see all the Monitors, Managers , MSD's and OSD's. I amb able to get the dashboard for the mimic version, but when i tried with the nautilus version, dashboard is not work. The commands given in the ceph document does not work for nautilus. Pls help

By: moula

Hello Muhammad

Your howto is great but with the new versions CENTOS 8, CEPH NAUTILUS with the integrated MGR and the ROOK project for ceph in containers, we are looking forward to a new one. Thank you.