MayaScale utilizes instances with local NVMe devices and provides robust NVMe over Fabrics platform to clients that support NVMe/TCP. Deploy MayaScale in 2-node HA configuration if the NVMe devices are temporary storage devices to safe guard against data loss in the event of interruption.
To configure High Availability operation for Mayascale
To provide virtual IP address for HA operation assign suitable secondary address range to your network subnet
For example to assign virtual IP addresses in 10.9.0.0 network range to default network in the region us-west1
gcloud compute networks subnets update default --region us-west1 --add-secondary-ranges range1=10.9.0.0/24 |
After this virtual IP address 10.9.0.100 can be used for MayaScale HA configuration.
This step is optional as the MayaScale solution deployed from GCP Marketplace will already have a service account with necessary permissions. Check the service account permissions that was used to deploy Mayascale instances. Mayascale requires a service account with sufficient permissions to manipulate disk attachments for proper sharing and fencing, and also storage read-write access to object storage. It also needs sufficient permission to float the virtual IP across multiple instances. If the default service account lacks these permission a separate service account is needed for proper HA configuration
From Google cloud shell or from computer where gcloud CLI is available create a new service account as follows
PROJECT=$(gcloud info --format='value(config.project)')
gcloud config set project YOUR_PROJECTgcloud iam service-accounts create $SA --display-name "mayasacale service account"
SA_EMAIL=$(gcloud iam service-accounts list --filter="displayName:mayascale service account" \
--format='value(email)')The variable SA_EMAIL wlil be ${SA}
@${PROJECT}.iam.gserviceaccount.com
Add relevant permissions to the newly created service account with the role scope limited to this project only. Your other instances in different projects will not be affected by these changes.
# permission to create/modify instances in your project
gcloud projects add-iam-policy-binding $PROJECT --member serviceAccount:$SA_EMAIL \
--role roles/compute.instanceAdmin
# permission to create/modify network settings in your project
gcloud projects add-iam-policy-binding $PROJECT --member serviceAccount:$SA_EMAIL \
--role roles/compute.networkAdmin
# permission to create/modify images & disks in your project
gcloud projects add-iam-policy-binding $PROJECT --member serviceAccount:$SA_EMAIL \
--role roles/compute.storageAdmin
Update Mayascale instances with the newly created service account. The instances have to be stopped to attach service account to instance but these instances with local SSDs cannot be stopped from the Google Cloud Web Console. To overcome this ssh to instances and issue poweroff and wait for instances to STOP. After this to use shell to run
gcloud compute instances set-service-account YOUR_INSTANCE --zone us-west1-b --service-account=$SA_EMAIL
Change the MayaScale Administration GUI default password to something random by running
# /opt/mayastor/web/genrandpass.sh |
Or to set your own password
# /opt/mayastor/web/changepass.sh Login name (default admin): Login password: Password again: |
And then restart the web server for password changes to take effect
# /opt/mayastor/web/stop # /opt/mayastor/web/start |
Now you can proceed with High-Availability setup using the Getting Started wizard from Administration Web console available on http://<mayascale1-ip>:2020
To avoid public network exposure of port 2020 it is recommended to use ssh tunneling with port forwarding as follows gcloud compute ssh --zone YOUR_ZONE mayascale1" --project YOUR_PROJECT -L 2020:localhost:2020 |
Next proceed to Configure MayaScale