zrepl_sink
所属分类:Docker
开发工具:Dockerfile
文件大小:0KB
下载次数:0
上传日期:2023-08-08 13:59:28
上 传 者:
sh-1993
说明: zrepl复制客户端的接收器服务器容器
(Sink Server Container for zrepl Replication Client)
文件列表:
.dockerignore (84, 2023-10-30)
Dockerfile (1342, 2023-10-30)
docs/ (0, 2023-10-30)
docs/ca_using_easyrsa.md (2026, 2023-10-30)
docs/client_manual_push.md (6104, 2023-10-30)
docs/client_sink_job_check.png (113670, 2023-10-30)
docs/client_sink_job_status.png (520351, 2023-10-30)
docs/destroy_zrepl_datasets.md (2946, 2023-10-30)
docs/truenas.md (6481, 2023-10-30)
docs/zrepl_sink_server_active.png (16918, 2023-10-30)
docs/zrepl_sink_server_dashboard.png (247396, 2023-10-30)
entrypoint.sh (1320, 2023-10-30)
examples/ (0, 2023-10-30)
examples/grafana_dashboard.json (33726, 2023-10-30)
examples/zrepl_push_manual.yml (1089, 2023-10-30)
examples/zrepl_sink.yml (957, 2023-10-30)
# zrepl sink
Sink server daemon container for zrepl push jobs. This is intended for environments which have a kernel that support ZFS but are unable to deploy [zrepl](https://zrepl.github.io/index.html) [sink](https://zrepl.github.io/v0.2.1/configuration/jobs.html#job-type-sink) job type such as TrueNAS Scale.
**This is experimental proof of concept for testing**. You should already have working knowledge of `zrepl`, its configuration and why you would want a sink server.
---
## Test Environment
1. Create a dataset container to hold sink job datasets from remote hosts
* Adjust the ZFS pool name and dataset name for your needs, `zroot/zrepl_sink_data` is used here:
```shell
zfs create zroot/zrepl_sink_data -o mountpoint=none -o canmount=off -o readonly=on
```
2. Create `config` directory for `zrepl.yaml` and certificates.
* This directory will be mapped into the container
* Do store this within the sink dataset as it will remain unmounted
```shell
mkdir ./config
```
3. [Create TLS Certificates](./docs/ca_using_easyrsa.md) for `zrepl sink` daemon container
* [zrepl transport](https://zrepl.github.io/configuration/transports.html#transport) documents different method to support inbound connections and client identification, this example assumes TLS certificates
* `ca.crt` - certificate authority certificate
* `sink-srv.crt` - Sink server daemon certificate
* `sink-srv.key` - Sink server daemon private key
```shell
$ ls -l ./config
.rw------- rich rich 1.2 KB Thu Aug 3 14:39:09 2023 ca.crt
.rw-r--r-- rich rich 4.6 KB Thu Aug 3 14:39:21 2023 sink-srv.crt
.rw------- rich rich 1.7 KB Thu Aug 3 14:39:31 2023 sink-srv.key
```
4. Customize `zrepl.yml` configuration file (see example [sink config file](./examples/zrepl_sink.yml))
* The `jobs` section defined the `sink` job for the daemon:
```yaml
jobs:
- type: sink
name: zrepl_sink_server
```
* The `root_fs` defined the ZFS pool and dataset the daemon will use (dataset created in Step `1`)
* ZFS filesystems are received to `$root_fs/$client_identity/$source_path`
```yaml
root_fs: "zroot/zrepl_sink_data"
```
* Define how connections will be served, this will listen for `tls` connections on port `8448`:
```yaml
serve:
type: tls
listen: ":8448"
listen_freebind: true
```
* Define the full pathname for certificates used inside the Sink Server daemon container (paths are inside the container):
```yaml
ca: /config/ca.crt
cert: /config/sink-srv.crt
key: /config/sink-srv.key
```
* Define names of clients allowed to connect to the Sink Server daemon (adjust the names to match the `CN` values in the certificates you generated):
```yaml
client_cns:
- "dldsk01"
- "k3s01"
- "k3s02"
- "k3s03"
- "k3s04"
- "k3s05"
- "k3s06"
```
* Review [property overrides](https://zrepl.github.io/configuration/sendrecvoptions.html#a-note-on-property-replication), below prevents the Sink Server daemon host from trying to mount or allow modifications of replicated datasets:
```yaml
recv:
properties:
# Force mountpoint to be inherited from Sink container (set to none)
inherit:
- "mountpoint"
override: {
# These two need to be disabled to support ZVOL replication
# "canmount": "off",
# "mountpoint": "none"
"readonly": "on",
"openzfs.systemd:ignore": "on"
}
```
* Review properties assigned to placeholder datasets. `zrepl` will maintain the hierarchy of your filesystem datasets even if you do not replicate all of them. Datasets not replicated will have a placeholder created for them:
```yaml
placeholder:
encryption: inherit
```
---
## Environment Variables
The following environment variables can be set within the container:
| Variable | Description | Default Value |
|--- |--- |--- |
| `CONFIG` | Full pathname inside container to `zrepl.yml` | `/config/zrepl.yml` |
---
## Running Test Container
```shell
docker run -d --privileged -p 8448:8448 \
-v ./config:/config \
-v /etc/timezone:/etc/timezone:ro \
--name zrepl_sink quay.io/reefland/zrepl_sink:latest
```
* Container runs as `root` and requires `--privileged` to access the underlying hosts `/dev/zfs` device to issue `zfs` commands
* The internal port number `8448` is defined in the `zrepl.yml` file, external port `8448` will be used for inbound connection from clients (adjust as needed)
### Container Logs
```shell
$ docker logs zrepl_sink
* Default Config File Set: /config/zrepl.yml
* Config location verified.
* root_fs value for sink pool: zroot/sink
NAME USED AVAIL REFER MOUNTPOINT
zroot/sink 247M 515G 320K none
Attempting zrepl config check...
Attempting to start zrepl daemon...
2023-08-06T15:25:38Z [INFO]: zrepl version=v0.6.0 go=go1.19.2 GOOS=linux GOARCH=amd64 Compiler=gc
2023-08-06T15:25:38Z [INFO]: starting daemon
2023-08-06T15:25:38Z [INFO][_control][job][Uv38$Uv38]: starting job
2023-08-06T15:25:38Z [INFO][zrepl_sink_server][job][Uv38$Uv38]: starting job
```
---
#### Enable Prometheus Monitoring
See `zrepl` project documentation on [monitoring](https://zrepl.github.io/configuration/monitoring.html) for details.
In the `global:` section of the `zrepl.yml` file add:
```yaml
monitoring:
- type: prometheus
listen: ":9811"
listen_freebind: true
```
* Add the port forwarding to the `docker run` command: `-p 9811:9811`
* Add the container IP address to the Prometheus Scape jobs (as well as all zrepl clients)
My work in progress [Grafana dashboard for Zrepl Sink Server](./examples/grafana_dashboard.json):
![Grafana Dashboard for Zrepl Sink Server](./docs/zrepl_sink_server_dashboard.png)
---
* See [Configure Clients](./docs/client_manual_push.md) for Push Replication example to Sink Server daemon.
近期下载者:
相关文件:
收藏者: