Den ons 26 aug. 2020 kl 14:16 skrev Simon Sutter <ssutter(a)hosttech.ch>ch>:
Hello,
So I know, the mon services can only bind to just one ip.
But I have to make it accessible to two networks because internal and
external servers have to mount the cephfs.
The internal ip is 10.99.10.1 and the external is some public-ip.
I tried nat'ing it with this: "firewall-cmd --zone=public
--add-forward-port=port=6789:proto=tcp:toport=6789:toaddr=10.99.10.1
-permanent"
So the nat is working, because I get a "ceph v027" (alongside with some
gibberish) when I do a telnet "telnet *public-ip* 6789"
But when I try to mount it, I get just a timeout:
mount -vvvv -t ceph *public-ip*:6789:/testing /mnt -o
name=test,secretfile=/root/ceph.client. test.key
mount error 110 = Connection timed out
The tcpdump also recognizes a "Ceph Connect" packet, coming from the mon.
How can I get around this problem?
Is there something I have missed?
Any ceph client will need direct access to all OSDs involved also. Your
mail doesn't really say if the cephfs-mounting client can talk to OSDs?
In ceph, traffic is not shuffled via mons, mons only tell the client which
OSDs it needs to talk to, then all IO goes directly from client to any
involved OSD servers.
--
May the most significant bit of your life be positive.