ScaleIO Gateway/Open Source Project

docker-scaleio-gw

This image runs EMC ScaleIO as a container.

How to use this image

sudo docker run -d --name=scaleio-gw vchrisb/scaleio-gw The following environment variables are also honored for configuring your ScaleIO Gateway instance: * -e GW_PASSWORD= (Gateway password, defaults to Scaleio123) * -e MDM1_IP_ADDRESS= and -e MDM2_IP_ADDRESS= (MDM IP addresses) * -e MDM1_CRT= and -e MDM2_CRT= (manually add the MDM public certificates to the truststore) * -e TRUST_MDM_CRT= (if variable is set with a non empty value will the MDM certificate being trusted) * -e GW_KEY= and -e GW_CRT= (public certificate and private key to be used) * -e BYPASS_CRT_CHECK= (if variable is set with a non empty value will the certificate check for the MDMs and LIAs bypassed)

Examples

docker run -d --name=scaleio-gw --restart=always -p 443:443 -e GW_PASSWORD=Scaleio123 -e MDM1_IP_ADDRESS=192.168.100.1 -e MDM2_IP_ADDRESS=192.168.100.2 -e TRUST_MDM_CRT=true vchrisb/scaleio-gw docker run -d --name scaleio-gw --restart=always -p 443:443 -e GW_PASSWORD=Scaleio123 -e MDM1_IP_ADDRESS=192.168.100.1 -e MDM2_IP_ADDRESS=192.168.100.2 -e TRUST_MDM_CRT=true -e GW_KEY="$GW_KEY" -e GW_CRT="$GW_CRT" vchrisb/scaleio-gw

Docker Tags

  • latest -> v2.0.1.2
  • v2.0.1.2
  • v2.0.0.2
  • v2.0.0.1

certificates

Gateway certificate

It makes sense to have a common certificate when running multiple instances of scaleio-gw or to persist the certificate between scaleio-gw upgrades. You can either generate your own self-signed certificate or add signed certificate from your certificate authority.
create a self-signed certificate is
openssl req -x509 -sha256 -newkey rsa:2048 -keyout certificate.key -out certificate.crt -days 1024 -nodes -subj '/CN=scaleio-gw.marathon.mesos'
export GW_KEY=$(cat certificate.key | sed ':a;N;$!ba;s/n/\n/g')
export GW_CRT=$(cat certificate.crt | sed ':a;N;$!ba;s/n/\n/g')

MDM certificates

Following commands can be used to get the MDM1and MDM2 certificates:
export MDM1_IP_ADDRESS=x.x.x.x
export MDM2_IP_ADDRESS=x.x.x.x
export MDM1_CRT=$(ssh -q $MDM1_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | sed ':a;N;$!ba;s/n/\n/g')
export MDM2_CRT=$(ssh -q $MDM2_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | sed ':a;N;$!ba;s/n/\n/g')
If requiretty is not enabled in sudoers, please use following commands instead:
export MDM1_IP_ADDRESS=x.x.x.x  
export MDM2_IP_ADDRESS=x.x.x.x  
export MDM1_CRT=$(ssh -qt $MDM1_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | tr -d "r" | sed ':a;N;$!ba;s/n/\n/g')
export MDM2_CRT=$(ssh -qt $MDM2_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | tr -d "r" | sed ':a;N;$!ba;s/n/\n/g')

DC/OS with RexRay

RexRay, a vendor agnostic storage orchestration engine supported by DC/OS, requires a high available connection to the ScaleIO Gateway if using ScaleIO as a storage provider. Normally runnig the gateway on a host makes it harder to maintain the installation and making the gateway redundant. Running the ScaleIO gateway as a container in Mesos makes it much easier to achieve these goals. The gateway can be reached from within the mesos cluster via .marathon.mesos. To be able to know the the port of the container, you have to use currently a defined host port. Using a VIPis investigated.
Please have a look at the sample marathon file scaleio-gw.json.

Docker Swarm with RexRay

When using Docker Swarm with RexRay and ScaleIO, it is desired to have a high available ScaleIO Gateway. One can start the ScaleIO Gateway Docker image on the swarm cluster with following command. sudo docker service create --replicas 2 --name=scaleio-gw -p 8443:443 -e GW_PASSWORD= -e MDM1_IP_ADDRESS= -e MDM2_IP_ADDRESS= -e TRUST_MDM_CRT=true vchrisb/scaleio-gw The gateway is reachable by accessing any of the swarm nodes on port 8443. This is possible by swarms network feature. An example RexRay configuration could look like:
libstorage:
  service: scaleio
scaleio:
  endpoint: https://127.0.0.1:8443/api
  insecure: true
  usecerts: true
  userName: admin
  password: Scaleio123
  systemName: Vagrant
  protectionDomainName: pd1
  storagePoolName: sp1
  thinOrThick: ThinProvisioned
For testing the scaleio gateway docker image with docker swarm, you can try out vagrant-swarm

Support

If you need generic help with the ScaleIO Gateway please reach out to the ScaleIO Community or the EMC CodeCommunity on Slack in the scaleio_restchannel. For problems or questions regarding the Docker Image please report an issue on GitHub.

Disclaimer

This is not an official EMC product/solution. Use at your own risk!

From the {code} Blog

  • What’s new with Storage in Kubernetes 1.8?

    Do you care about storage? Sure you do! Who doesn’t? It’s the hottest thing hitting the container scene right now. We’ve been talking about it for years now but the greatest question to answer ...
    September 29, 2017
  • DC/OS 1.10 Includes New Storage Provider Support

    Background Mesosphere DC/OS, the datacenter operating system, is an open-source, distributed operating system based on the Apache Mesos distributed systems kernel. DC/OS: Manages multiple machines in the cloud or on-premises, from a single interface. ...
    September 15, 2017
  • Off to LA for Open Source Summit and MesosCon North America

    We have our sunglasses, our {code} shoes, and Hollywood REX-Ray! The second week of September, we are off to Open Source Summit and MesosCon North America as they bring their events to Los Angeles. ...
    September 5, 2017
More related posts on the {code} Blog

docker-scaleio-gw

This image runs EMC ScaleIO as a container.

How to use this image

sudo docker run -d --name=scaleio-gw vchrisb/scaleio-gw The following environment variables are also honored for configuring your ScaleIO Gateway instance: * -e GW_PASSWORD= (Gateway password, defaults to Scaleio123) * -e MDM1_IP_ADDRESS= and -e MDM2_IP_ADDRESS= (MDM IP addresses) * -e MDM1_CRT= and -e MDM2_CRT= (manually add the MDM public certificates to the truststore) * -e TRUST_MDM_CRT= (if variable is set with a non empty value will the MDM certificate being trusted) * -e GW_KEY= and -e GW_CRT= (public certificate and private key to be used) * -e BYPASS_CRT_CHECK= (if variable is set with a non empty value will the certificate check for the MDMs and LIAs bypassed)

Examples

docker run -d --name=scaleio-gw --restart=always -p 443:443 -e GW_PASSWORD=Scaleio123 -e MDM1_IP_ADDRESS=192.168.100.1 -e MDM2_IP_ADDRESS=192.168.100.2 -e TRUST_MDM_CRT=true vchrisb/scaleio-gw docker run -d --name scaleio-gw --restart=always -p 443:443 -e GW_PASSWORD=Scaleio123 -e MDM1_IP_ADDRESS=192.168.100.1 -e MDM2_IP_ADDRESS=192.168.100.2 -e TRUST_MDM_CRT=true -e GW_KEY="$GW_KEY" -e GW_CRT="$GW_CRT" vchrisb/scaleio-gw

Docker Tags

  • latest -> v2.0.1.2
  • v2.0.1.2
  • v2.0.0.2
  • v2.0.0.1

certificates

Gateway certificate

It makes sense to have a common certificate when running multiple instances of scaleio-gw or to persist the certificate between scaleio-gw upgrades. You can either generate your own self-signed certificate or add signed certificate from your certificate authority.
create a self-signed certificate is
openssl req -x509 -sha256 -newkey rsa:2048 -keyout certificate.key -out certificate.crt -days 1024 -nodes -subj '/CN=scaleio-gw.marathon.mesos'
export GW_KEY=$(cat certificate.key | sed ':a;N;$!ba;s/n/\n/g')
export GW_CRT=$(cat certificate.crt | sed ':a;N;$!ba;s/n/\n/g')

MDM certificates

Following commands can be used to get the MDM1and MDM2 certificates:
export MDM1_IP_ADDRESS=x.x.x.x
export MDM2_IP_ADDRESS=x.x.x.x
export MDM1_CRT=$(ssh -q $MDM1_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | sed ':a;N;$!ba;s/n/\n/g')
export MDM2_CRT=$(ssh -q $MDM2_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | sed ':a;N;$!ba;s/n/\n/g')
If requiretty is not enabled in sudoers, please use following commands instead:
export MDM1_IP_ADDRESS=x.x.x.x  
export MDM2_IP_ADDRESS=x.x.x.x  
export MDM1_CRT=$(ssh -qt $MDM1_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | tr -d "r" | sed ':a;N;$!ba;s/n/\n/g')
export MDM2_CRT=$(ssh -qt $MDM2_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | tr -d "r" | sed ':a;N;$!ba;s/n/\n/g')

DC/OS with RexRay

RexRay, a vendor agnostic storage orchestration engine supported by DC/OS, requires a high available connection to the ScaleIO Gateway if using ScaleIO as a storage provider. Normally runnig the gateway on a host makes it harder to maintain the installation and making the gateway redundant. Running the ScaleIO gateway as a container in Mesos makes it much easier to achieve these goals. The gateway can be reached from within the mesos cluster via .marathon.mesos. To be able to know the the port of the container, you have to use currently a defined host port. Using a VIPis investigated.
Please have a look at the sample marathon file scaleio-gw.json.

Docker Swarm with RexRay

When using Docker Swarm with RexRay and ScaleIO, it is desired to have a high available ScaleIO Gateway. One can start the ScaleIO Gateway Docker image on the swarm cluster with following command. sudo docker service create --replicas 2 --name=scaleio-gw -p 8443:443 -e GW_PASSWORD= -e MDM1_IP_ADDRESS= -e MDM2_IP_ADDRESS= -e TRUST_MDM_CRT=true vchrisb/scaleio-gw The gateway is reachable by accessing any of the swarm nodes on port 8443. This is possible by swarms network feature. An example RexRay configuration could look like:
libstorage:
  service: scaleio
scaleio:
  endpoint: https://127.0.0.1:8443/api
  insecure: true
  usecerts: true
  userName: admin
  password: Scaleio123
  systemName: Vagrant
  protectionDomainName: pd1
  storagePoolName: sp1
  thinOrThick: ThinProvisioned
For testing the scaleio gateway docker image with docker swarm, you can try out vagrant-swarm

Support

If you need generic help with the ScaleIO Gateway please reach out to the ScaleIO Community or the EMC CodeCommunity on Slack in the scaleio_restchannel. For problems or questions regarding the Docker Image please report an issue on GitHub.

Disclaimer

This is not an official EMC product/solution. Use at your own risk!

From the {code} Blog

  • What’s new with Storage in Kubernetes 1.8?

    Do you care about storage? Sure you do! Who doesn’t? It’s the hottest thing hitting the container scene right now. We’ve been talking about it for years now but the greatest question to answer ...
    September 29, 2017
  • DC/OS 1.10 Includes New Storage Provider Support

    Background Mesosphere DC/OS, the datacenter operating system, is an open-source, distributed operating system based on the Apache Mesos distributed systems kernel. DC/OS: Manages multiple machines in the cloud or on-premises, from a single interface. ...
    September 15, 2017
  • Off to LA for Open Source Summit and MesosCon North America

    We have our sunglasses, our {code} shoes, and Hollywood REX-Ray! The second week of September, we are off to Open Source Summit and MesosCon North America as they bring their events to Los Angeles. ...
    September 5, 2017
More related posts on the {code} Blog

From the {code} Blog

  • What’s new with Storage in Kubernetes 1.8?

    Do you care about storage? Sure you do! Who doesn’t? It’s the hottest thing hitting the container scene right now. We’ve been talking about it for years now but the greatest question to answer ...
    September 29, 2017
  • DC/OS 1.10 Includes New Storage Provider Support

    Background Mesosphere DC/OS, the datacenter operating system, is an open-source, distributed operating system based on the Apache Mesos distributed systems kernel. DC/OS: Manages multiple machines in the cloud or on-premises, from a single interface. ...
    September 15, 2017
  • Off to LA for Open Source Summit and MesosCon North America

    We have our sunglasses, our {code} shoes, and Hollywood REX-Ray! The second week of September, we are off to Open Source Summit and MesosCon North America as they bring their events to Los Angeles. ...
    September 5, 2017
More related posts on the {code} Blog