This image runs EMC ScaleIO as a container.
sudo docker run -d --name=scaleio-gw vchrisb/scaleio-gw
The following environment variables are also honored for configuring your ScaleIO Gateway instance:
-e GW_PASSWORD=
(Gateway password, defaults toScaleio123
)-e MDM1_IP_ADDRESS=
and-e MDM2_IP_ADDRESS=
(MDM IP addresses)-e MDM1_CRT=
and-e MDM2_CRT=
(manually add the MDM public certificates to the truststore)-e TRUST_MDM_CRT=
(if variable is set with a non empty value will the MDM certificate being trusted)-e GW_KEY=
and-e GW_CRT=
(public certificate and private key to be used)-e BYPASS_CRT_CHECK=
(if variable is set with a non empty value will the certificate check for the MDMs and LIAs bypassed)
docker run -d --name=scaleio-gw --restart=always -p 443:443 -e GW_PASSWORD=Scaleio123 -e MDM1_IP_ADDRESS=192.168.100.1 -e MDM2_IP_ADDRESS=192.168.100.2 -e TRUST_MDM_CRT=true vchrisb/scaleio-gw
docker run -d --name scaleio-gw --restart=always -p 443:443 -e GW_PASSWORD=Scaleio123 -e MDM1_IP_ADDRESS=192.168.100.1 -e MDM2_IP_ADDRESS=192.168.100.2 -e TRUST_MDM_CRT=true -e GW_KEY="$GW_KEY" -e GW_CRT="$GW_CRT" vchrisb/scaleio-gw
- latest -> v2.0.1.2
- v2.0.1.2
- v2.0.0.2
- v2.0.0.1
It makes sense to have a common certificate when running multiple instances of scaleio-gw or to persist the certificate between scaleio-gw upgrades. You can either generate your own self-signed certificate or add signed certificate from your certificate authority.
openssl req -x509 -sha256 -newkey rsa:2048 -keyout certificate.key -out certificate.crt -days 1024 -nodes -subj '/CN=scaleio-gw.marathon.mesos'
export GW_KEY=$(cat certificate.key | sed ':a;N;$!ba;s/\n/\\n/g')
export GW_CRT=$(cat certificate.crt | sed ':a;N;$!ba;s/\n/\\n/g')
Following commands can be used to get the MDM1
and MDM2
certificates:
export MDM1_IP_ADDRESS=x.x.x.x
export MDM2_IP_ADDRESS=x.x.x.x
export MDM1_CRT=$(ssh -q $MDM1_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | sed ':a;N;$!ba;s/\n/\\n/g')
export MDM2_CRT=$(ssh -q $MDM2_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | sed ':a;N;$!ba;s/\n/\\n/g')
If requiretty
is not enabled in sudoers, please use following commands instead:
export MDM1_IP_ADDRESS=x.x.x.x
export MDM2_IP_ADDRESS=x.x.x.x
export MDM1_CRT=$(ssh -qt $MDM1_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | tr -d "\r" | sed ':a;N;$!ba;s/\n/\\n/g')
export MDM2_CRT=$(ssh -qt $MDM2_IP_ADDRESS sudo cat /opt/emc/scaleio/mdm/cfg/mdm_management_certificate.pem | sed -n -e '/-----BEGIN CERTIFICATE-----/,$p' | tr -d "\r" | sed ':a;N;$!ba;s/\n/\\n/g')
RexRay, a vendor agnostic storage orchestration engine supported by DC/OS, requires a high available connection to the ScaleIO Gateway if using ScaleIO as a storage provider. Normally runnig the gateway on a host makes it harder to maintain the installation and making the gateway redundant. Running the ScaleIO gateway as a container in Mesos makes it much easier to achieve these goals.
The gateway can be reached from within the mesos cluster via <scaleio-gw name>.marathon.mesos
. To be able to know the the port of the container, you have to use currently a defined host port
. Using a VIP
is investigated.
Please have a look at the sample marathon file scaleio-gw.json
.
When using Docker Swarm with RexRay and ScaleIO, it is desired to have a high available ScaleIO Gateway.
One can start the ScaleIO Gateway Docker image on the swarm cluster with following command.
sudo docker service create --replicas 2 --name=scaleio-gw -p 8443:443 -e GW_PASSWORD=<gw password> -e MDM1_IP_ADDRESS=<mdm1 ip address> -e MDM2_IP_ADDRESS=<mdm2 ip address> -e TRUST_MDM_CRT=true vchrisb/scaleio-gw
The gateway is reachable by accessing any of the swarm nodes on port 8443
. This is possible by swarms network feature.
An example RexRay configuration could look like:
libstorage:
service: scaleio
scaleio:
endpoint: https://127.0.0.1:8443/api
insecure: true
usecerts: true
userName: admin
password: Scaleio123
systemName: Vagrant
protectionDomainName: pd1
storagePoolName: sp1
thinOrThick: ThinProvisioned
For testing the scaleio gateway docker image with docker swarm, you can try out vagrant-swarm
If you need generic help with the ScaleIO Gateway please reach out to the ScaleIO Community or the EMC CodeCommunity on Slack in the scaleio_rest
channel.
For problems or questions regarding the Docker Image please report an issue on GitHub.
This is not an official EMC product/solution. Use at your own risk!