1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
|
===========
Snapshots
===========
.. index:: Ceph Block Device; snapshots
A snapshot is a read-only logical copy of an image at a particular point in
time: a checkpoint. One of the advanced features of Ceph block devices is that
you can create snapshots of images to retain point-in-time state history. Ceph
also supports snapshot layering, which allows you to clone images (for example,
VM images) quickly and easily. Ceph block device snapshots are managed using
the ``rbd`` command and several higher-level interfaces, including `QEMU`_,
`libvirt`_, `OpenStack`_, and `CloudStack`_.
.. important:: To use RBD snapshots, you must have a running Ceph cluster.
.. note:: Because RBD is unaware of any file system within an image (volume),
snapshots are merely `crash-consistent` unless they are coordinated within
the mounting (attaching) operating system. We therefore recommend that you
pause or stop I/O before taking a snapshot.
If the volume contains a file system, the file system should be in an
internally consistent state before a snapshot is taken. Snapshots taken
without write quiescing could need an `fsck` pass before they are mounted
again. To quiesce I/O you can use `fsfreeze` command. See the `fsfreeze(8)`
man page for more details.
For virtual machines, `qemu-guest-agent` can be used to automatically freeze
file systems when creating a snapshot.
.. ditaa::
+------------+ +-------------+
| {s} | | {s} c999 |
| Active |<-------*| Snapshot |
| Image | | of Image |
| (stop i/o) | | (read only) |
+------------+ +-------------+
Cephx Notes
===========
When `cephx`_ authentication is enabled (it is by default), you must specify a
user name or ID and a path to the keyring containing the corresponding key. See
:ref:`User Management <user-management>` for details.
.. prompt:: bash $
rbd --id {user-ID} --keyring /path/to/secret [commands]
rbd --name {username} --keyring /path/to/secret [commands]
For example:
.. prompt:: bash $
rbd --id admin --keyring /etc/ceph/ceph.keyring [commands]
rbd --name client.admin --keyring /etc/ceph/ceph.keyring [commands]
.. tip:: Add the user and secret to the ``CEPH_ARGS`` environment variable to
avoid re-entry of these parameters.
Snapshot Basics
===============
The following procedures demonstrate how to create, list, and remove
snapshots using the ``rbd`` command.
Create Snapshot
---------------
To create a snapshot, use the ``rbd snap create`` command and specify the pool
name, the image name, and the snap name:
.. prompt:: bash $
rbd snap create {pool-name}/{image-name}@{snap-name}
For example:
.. prompt:: bash $
rbd snap create rbd/foo@snapname
List Snapshots
--------------
To list the snapshots of an image, use the ``rbd snap ls`` command and specify
the pool name and the image name:
.. prompt:: bash $
rbd snap ls {pool-name}/{image-name}
For example:
.. prompt:: bash $
rbd snap ls rbd/foo
Roll back Snapshot
------------------
To roll back to a snapshot, use the ``rbd snap rollback`` command and specify
the pool name, the image name, and the snap name:
.. prompt:: bash $
rbd snap rollback {pool-name}/{image-name}@{snap-name}
For example:
.. prompt:: bash $
rbd snap rollback rbd/foo@snapname
.. note:: Rolling back an image to a snapshot means overwriting the current
version of the image with data from a snapshot. The time it takes to execute
a rollback increases with the size of the image. It is **faster to clone**
from a snapshot **than to roll back** an image to a snapshot. Cloning from a
snapshot is the preferred method of returning to a pre-existing state.
Delete a Snapshot
-----------------
To delete a snapshot, use the ``rbd snap rm`` command and specify the pool
name, the image name, and the snap name:
.. prompt:: bash $
rbd snap rm {pool-name}/{image-name}@{snap-name}
For example:
.. prompt:: bash $
rbd snap rm rbd/foo@snapname
.. note:: Ceph OSDs delete data asynchronously, so deleting a snapshot does
not immediately free up the capacity of the underlying OSDs. This process is
known as "snaptrim", and is referred to as such in ``ceph status`` output.
Purge Snapshots
---------------
To delete all snapshots, use the ``rbd snap purge`` command and specify the
pool name and the image name:
.. prompt:: bash $
rbd snap purge {pool-name}/{image-name}
For example:
.. prompt:: bash $
rbd snap purge rbd/foo
.. index:: Ceph Block Device; snapshot layering
Layering
========
Ceph supports the ability to create many copy-on-write (COW) clones of a block
device snapshot. Snapshot layering enables Ceph block device clients to create
images very quickly. For example, you might create a block device image with a
Linux VM written to it, snapshot the image, protect the snapshot, and create as
many copy-on-write clones as you like. A snapshot is read-only, so cloning a
snapshot simplifies semantics, making it possible to create clones rapidly.
.. ditaa::
+-------------+ +-------------+
| {s} c999 | | {s} |
| Snapshot | Child refers | COW Clone |
| of Image |<------------*| of Snapshot |
| | to Parent | |
| (read only) | | (writable) |
+-------------+ +-------------+
Parent Child
.. note:: The terms "parent" and "child" refer to a Ceph block device snapshot
(parent) and the corresponding image cloned from the snapshot (child).
These terms are important for the command line usage below.
Each cloned image (child) stores a reference to its parent image, which enables
the cloned image to open the parent snapshot and read it.
A copy-on-write clone of a snapshot behaves exactly like any other Ceph
block device image. You can read to, write from, clone, and resize cloned
images. There are no special restrictions with cloned images. However, the
copy-on-write clone of a snapshot depends on the snapshot, so you must
protect the snapshot before you clone it. The diagram below depicts this
process.
.. note:: Ceph supports the cloning of only "RBD format 2" images (that is,
images created without specifying ``--image-format 1``). The Linux kernel
client supports cloned images beginning with the 3.10 release.
Getting Started with Layering
-----------------------------
Ceph block device layering is a simple process. You must have an image. You
must create a snapshot of the image. You must protect the snapshot. After you
have performed these steps, you can begin cloning the snapshot.
.. ditaa::
+----------------------------+ +-----------------------------+
| | | |
| Create Block Device Image |------->| Create a Snapshot |
| | | |
+----------------------------+ +-----------------------------+
|
+--------------------------------------+
|
v
+----------------------------+ +-----------------------------+
| | | |
| Protect the Snapshot |------->| Clone the Snapshot |
| | | |
+----------------------------+ +-----------------------------+
The cloned image has a reference to the parent snapshot, and includes the pool
ID, the image ID, and the snapshot ID. The inclusion of the pool ID means that
you may clone snapshots from one pool to images in another pool.
#. **Image Template:** A common use case for block device layering is to create
a base image and a snapshot that serves as a template for clones. For
example: a user may create an image for a Linux distribution (for example,
Ubuntu 22.04) and create a snapshot of it. The user may occasionally update
the image and create a new snapshot (by using such commands as ``sudo
apt-get update``, ``sudo apt-get upgrade``, or ``sudo apt-get dist-upgrade``
followed by ``rbd snap create``). As the image matures, the user can clone
any one of the snapshots.
#. **Extended Template:** A more advanced use case includes extending a
template image to provide more information than a base image. For
example, a user may clone an image (for example, a VM template) and install
other software (for example, a database, a content management system, an
analytics system) and then snapshot the extended image, which may itself be
updated just like the base image.
#. **Template Pool:** One way to use block device layering is to create a pool
that contains (1) base images that act as templates and (2) snapshots of
those templates. You may then extend read-only privileges to users so that
they may clone the snapshots even though they do not have permissions that
allow them to write or execute within the pool.
#. **Image Migration/Recovery:** One way to use block device layering is to
migrate or recover data from one pool into another pool.
Protecting a Snapshot
---------------------
Clones access the parent snapshots. All clones would break if a user
inadvertently deleted the parent snapshot. To prevent data loss, you must
protect the snapshot before you can clone it:
.. prompt:: bash $
rbd snap protect {pool-name}/{image-name}@{snapshot-name}
For example:
.. prompt:: bash $
rbd snap protect rbd/foo@snapname
.. note:: You cannot delete a protected snapshot.
Cloning a Snapshot
------------------
To clone a snapshot, specify the parent pool, the parent image, and the parent
snapshot; and also the child pool together with the image name. You must
protect the snapshot before you can clone it:
.. prompt:: bash $
rbd clone {pool-name}/{parent-image-name}@{snap-name} {pool-name}/{child-image-name}
For example:
.. prompt:: bash $
rbd clone rbd/foo@snapname rbd/bar
.. note:: You may clone a snapshot from one pool to an image in another pool.
For example, you may maintain read-only images and snapshots as templates in
one pool, and writeable clones in another pool.
Unprotecting a Snapshot
-----------------------
Before you can delete a snapshot, you must first unprotect it. Additionally,
you may *NOT* delete snapshots that have references from clones. You must
flatten or delete each clone of a snapshot before you can unprotect the
snapshot:
.. prompt:: bash $
rbd snap unprotect {pool-name}/{image-name}@{snapshot-name}
For example:
.. prompt:: bash $
rbd snap unprotect rbd/foo@snapname
Listing Children of a Snapshot
------------------------------
To list the children of a snapshot, use the ``rbd children`` command and
specify the pool name, the image name, and the snap name:
.. prompt:: bash $
rbd children {pool-name}/{image-name}@{snapshot-name}
For example:
.. prompt:: bash $
rbd children rbd/foo@snapname
Flattening a Cloned Image
-------------------------
Cloned images retain a reference to the parent snapshot. When you remove the
reference to the parent snapshot from the clone, you effectively "flatten" the
clone by copying the data stored in the snapshot to the clone. The time it
takes to flatten a clone increases with the size of the snapshot. To delete a
snapshot, you must first flatten the child images (or delete them):
.. prompt:: bash $
rbd flatten {pool-name}/{image-name}
For example:
.. prompt:: bash $
rbd flatten rbd/bar
.. note:: Since a flattened image contains all the data stored in the snapshot,
a flattened image takes up more storage space than a layered clone does.
.. _cephx: ../../rados/configuration/auth-config-ref/
.. _QEMU: ../qemu-rbd/
.. _OpenStack: ../rbd-openstack/
.. _CloudStack: ../rbd-cloudstack/
.. _libvirt: ../libvirt/
|
