SupportConsoleDevelopersStart a trialContact

Chapter 12. Managing Ceph Object Gateway using the dashboard

As a storage administrator, the Ceph Object Gateway functions of the dashboard allow you to manage and monitor the Ceph Object Gateway.

You can also create the Ceph Object Gateway services with Secure Sockets Layer (SSL) using the dashboard.

For example, monitoring functions allow you to view details about a gateway daemon such as its zone name, or performance graphs of GET and PUT rates. Management functions allow you to view, create, and edit both users and buckets.

Ceph Object Gateway functions are divided between user functions and bucket functions.

12.1. Manually adding Ceph object gateway login credentials to the dashboard

The Red Hat Ceph Storage Dashboard can manage the Ceph Object Gateway, also known as the RADOS Gateway, or RGW. When Ceph Object Gateway is deployed with cephadm, the Ceph Object Gateway credentials used by the dashboard is automatically configured. You can also manually force the Ceph object gateway credentials to the Ceph dashboard using the command-line interface.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • Ceph Object Gateway is installed.

Procedure

  1. Log into the Cephadm shell:

    Example

    [root@host01 ~]# cephadm shell

  2. Set up the credentials manually:

    Example

    [ceph: root@host01 /]# ceph dashboard set-rgw-credentials

    This creates a Ceph Object Gateway user with UID dashboard for each realm in the system.

  3. Optional: If you have configured a custom admin resource in your Ceph Object Gateway admin API, you have to also set the the admin resource:

    Syntax

    ceph dashboard set-rgw-api-admin-resource RGW_API_ADMIN_RESOURCE

    Example

    [ceph: root@host01 /]# ceph dashboard set-rgw-api-admin-resource admin
Option RGW_API_ADMIN_RESOURCE updated

  4. Optional: If you are using HTTPS with a self-signed certificate, disable certificate verification in the dashboard to avoid refused connections.

    Refused connections can happen when the certificate is signed by an unknown Certificate Authority, or if the host name used does not match the host name in the certificate.

    Syntax

    ceph dashboard set-rgw-api-ssl-verify false

    Example

    [ceph: root@host01 /]# ceph dashboard set-rgw-api-ssl-verify False
Option RGW_API_SSL_VERIFY updated

  5. Optional: If the Object Gateway takes too long to process requests and the dashboard runs into timeouts, you can set the timeout value:

    Syntax

    ceph dashboard set-rest-requests-timeout _TIME_IN_SECONDS_

    The default value of 45 seconds.

    Example

    [ceph: root@host01 /]# ceph dashboard set-rest-requests-timeout 240

12.2. Creating the Ceph Object Gateway services with SSL using the dashboard

After installing a Red Hat Ceph Storage cluster, you can create the Ceph Object Gateway service with SSL using two methods:

  • Using the command-line interface.
  • Using the dashboard.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • SSL key from Certificate Authority (CA).
Note

Obtain the SSL certificate from a CA that matches the hostname of the gateway host. Red Hat recommends obtaining a certificate from a CA that has subject alternate name fields and a wildcard for use with S3-style subdomains.

Procedure

  1. Log in to the Dashboard.
  2. From the Cluster drop-down menu, select Services.
  3. Click +Create.
  4. In the Create Service window, select rgw service.

  5. Select SSL and upload the Certificate in .pem format.

    Figure 12.1. Creating Ceph Object Gateway service

    Creating Ceph Object Gateway service
  6. Click Create Service.
  7. Check the Ceph Object Gateway service is up and running.

Additional Resources

12.3. Configuring high availability for the Ceph Object Gateway on the dashboard

The ingress service provides a highly available endpoint for the Ceph Object Gateway. You can create and configure the ingress service using the Ceph Dashboard.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • A minimum of two Ceph Object Gateway daemons running on different hosts.
  • Dashboard is installed.
  • A running rgw service.

Procedure

  1. Log in to the Dashboard.
  2. From the Cluster drop-down menu, select Services.
  3. Click Create.
  4. In the Create Service window, select ingress service.

  5. Select backend service and edit the required parameters.

    Figure 12.2. Creating ingress service

    Creating `ingress` service
  6. Click Create Service.
  7. You get a notification that the ingress service was created successfully.

Additional Resources

12.4. Managing Ceph Object Gateway users on the dashboard

As a storage administrator, the Red Hat Ceph Storage Dashboard allows you to view and manage Ceph Object Gateway users.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.

12.4.1. Creating Ceph object gateway users on the dashboard

You can create Ceph object gateway users on the Red Hat Ceph Storage once the credentials are set-up using the CLI.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.
  3. Click Users and then Click Create.

  4. In the Create User window, set the following parameters:

    1. Set the user name, full name, and edit the maximum number of buckets if required.
    2. Optional: Set an email address or suspended status.
    3. Optional: Set a custom access key and secret key by unchecking Auto-generate key.
    4. Optional: Set a user quota.
    5. Check Enabled under User quota.
    6. Uncheck Unlimited size or Unlimited objects.
    7. Enter the required values for Max. size or Max. objects.
    8. Optional: Set a bucket quota.
    9. Check Enabled under Bucket quota.
    10. Uncheck Unlimited size or Unlimited objects:
    11. Enter the required values for Max. size or Max. objects:

  5. Click Create User.

    Figure 12.3. Create Ceph object gateway user

    Ceph object gateway create user
  6. You get a notification that the user was created successfully.

Additional Resources

12.4.2. Creating Ceph object gateway subusers on the dashboard

A subuser is associated with a user of the S3 interface. You can create a sub user for a specific Ceph object gateway user on the Red Hat Ceph Storage dashboard.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • Object gateway user is created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.
  3. Click Users.
  4. Select the user by clicking its row.
  5. From Edit drop-down menu, select Edit.
  6. In the Edit User window, click +Create Subuser.
  7. In the Create Subuser dialog box, enter the user name and select the appropriate permissions.

  8. Check the Auto-generate secret box and then click Create Subuser.

    Figure 12.4. Create Ceph object gateway subuser

    Ceph object gateway create subuser
    Note

    By clicking Auto-generate-secret checkbox, the secret key for object gateway is generated automatically.

  9. In the Edit User window, click the Edit user button
  10. You get a notification that the user was updated successfully.

12.4.3. Editing Ceph object gateway users on the dashboard

You can edit Ceph object gateway users on the Red Hat Ceph Storage once the credentials are set-up using the CLI.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • A Ceph object gateway user is created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.
  3. Click Users.
  4. To edit the user capabilities, click its row.
  5. From the Edit drop-down menu, select Edit.
  6. In the Edit User window, edit the required parameters.

  7. Click Edit User.

    Figure 12.5. Edit Ceph object gateway user

    Ceph object gateway edit user
  8. You get a notification that the user was updated successfully.

Additional Resources

12.4.4. Deleting Ceph object gateway users on the dashboard

You can delete Ceph object gateway users on the Red Hat Ceph Storage once the credentials are set-up using the CLI.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • A Ceph object gateway user is created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.
  3. Click Users.
  4. To delete the user, click its row.
  5. From the Edit drop-down menu, select Delete.
  6. In the Edit User window, edit the required parameters.

  7. In the Delete user dialog window, Click the Yes, I am sure box and then Click Delete User to save the settings:

    Figure 12.6. Delete Ceph object gateway user

    Ceph object gateway delete user

Additional Resources

12.5. Managing Ceph Object Gateway buckets on the dashboard

As a storage administrator, the Red Hat Ceph Storage Dashboard allows you to view and manage Ceph Object Gateway buckets.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • At least one Ceph Object Gateway user is created.
  • Object gateway login credentials are added to the dashboard.

12.5.1. Creating Ceph object gateway buckets on the dashboard

You can create Ceph object gateway buckets on the Red Hat Ceph Storage once the credentials are set-up using the CLI.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • Object gateway user is created and not suspended.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.
  3. Click Buckets and then click Create.

  4. In the Create Bucket window, enter a value for Name and select a user that is not suspended. Select a placement target.

    Figure 12.7. Create Ceph object gateway bucket

    Ceph object gateway create bucket
    Note

    A bucket’s placement target is selected on creation and can not be modified.

  5. Optional: Enable Locking for the objects in the bucket. Locking can only be enabled while creating a bucket. Once locking is enabled, you also have to choose the lock mode, Compliance or Governance and the lock retention period in either days or years, not both.

  6. Optional: Enable Security to encrypt the objects in the bucket. To enable encryption on a bucket, you need to set the configuration values for SSE-S3.

    1. To set the configuration values, hover the cursor over the question mark and click Click here.

    2. In the Update RGW Encryption Configurations window, select SSE-S3 as the Encryption Type, provide the required details, and click Submit.

      Figure 12.8. Encrypt objects in the bucket

      Ceph object gateway encrypt object
      Note

      When using SSE-S3 encryption type, Ceph manages the encryption keys that are stored in the vault by the user.

  7. Click Create bucket.
  8. You get a notification that the bucket was created successfully.

12.5.2. Editing Ceph object gateway buckets on the dashboard

You can edit Ceph object gateway buckets on the Red Hat Ceph Storage once the credentials are set-up using the CLI.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • Object gateway user is created and not suspended.
  • A Ceph Object Gateway bucket created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.
  3. Click Buckets.
  4. To edit the bucket, click it’s row.
  5. From the Edit drop-down select Edit.

  6. In the Edit bucket window, edit the Owner by selecting the user from the dropdown.

    Figure 12.9. Edit Ceph object gateway bucket

    Ceph object gateway edit bucket

    1. Optional: Enable Versioning if you want to enable versioning state for all the objects in an existing bucket.

      • To enable versioning, you must be the owner of the bucket.
      • If Locking is enabled during bucket creation, you cannot disable the versioning.
      • All objects added to the bucket will receive a unique version ID.
      • If the versioning state has not been set on a bucket, then the bucket will not have a versioning state.

    2. Optional: Check Delete enabled for Multi-Factor Authentication. Multi-Factor Authentication(MFA) ensures that users need to use a one-time password(OTP) when removing objects on certain buckets. Enter a value for Token Serial Number and Token PIN.

      Note

      The buckets must be configured with versioning and MFA enabled which can be done through the S3 API.

  7. Click Edit Bucket.
  8. You get a notification that the bucket was updated successfully.

12.5.3. Deleting Ceph object gateway buckets on the dashboard

You can delete Ceph object gateway buckets on the Red Hat Ceph Storage once the credentials are set-up using the CLI.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • Object gateway user is created and not suspended.
  • A Ceph Object Gateway bucket created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.
  3. Click Buckets.
  4. To delete the bucket, click it’s row.
  5. From the Edit drop-down select Delete.

  6. In the Delete Bucket dialog box, Click the Yes, I am sure box and then Click Delete bucket to save the settings:

    Figure 12.10. Delete Ceph object gateway bucket

    Ceph object gateway delete bucket

12.6. Monitoring multi-site object gateway configuration on the Ceph dashboard

The Red Hat Ceph Storage dashboard supports monitoring the users and buckets of one zone in another zone in a multi-site object gateway configuration. For example, if the users and buckets are created in a zone in the primary site, you can monitor those users and buckets in the secondary zone in the secondary site.

Prerequisites

  • At least one running Red Hat Ceph Storage cluster deployed on both the sites.
  • Dashboard is installed.
  • The multi-site object gateway is configured on the primary and secondary sites.
  • Object gateway login credentials of the primary and secondary sites are added to the dashboard.
  • Object gateway users are created on the primary site.
  • Object gateway buckets are created on the primary site.

Procedure

  1. On the Dashboard landing page of the secondary site, in the vertical menu bar, click Object Gateway drop-down list.
  2. Select Buckets.

  3. You can see those object gateway buckets on the secondary landing page that were created for the object gateway users on the primary site.

    Figure 12.11. Multisite object gateway monitoring

    Multisite object gateway monitoring

Additional Resources

12.7. Managing buckets of a multi-site object configuration on the Ceph dashboard

As a storage administrator, you can edit buckets of one zone in another zone on the Red Hat Ceph Storage Dashboard. However, you can delete buckets of secondary sites in the primary site. You cannot delete the buckets of master zones of primary sites in other sites. For example, If the buckets are created in a zone in the secondary site, you can edit and delete those buckets in the master zone in the primary site.

Prerequisites

  • At least one running Red Hat Ceph Storage cluster deployed on both the sites.
  • Dashboard is installed.
  • The multi-site object gateway is configured on the primary and secondary sites.
  • Object gateway login credentials of the primary and secondary sites are added to the dashboard.
  • Object gateway users are created on the primary site.
  • Object gateway buckets are created on the primary site.
  • At least rgw-manager level of access on the Ceph dashboard.

12.7.1. Editing buckets of a multi-site object gateway configuration on the Ceph dashboard

You can edit and update the details of the buckets of one zone in another zone on the Red Hat Ceph Storage Dashboard in a multiste object gateway configuration. You can edit the owner, versioning, multi-factor authentication and locking features of the buckets with this feature of the dashboard.

Prerequisites

  • At least one running Red Hat Ceph Storage cluster deployed on both the sites.
  • Dashboard is installed.
  • The multi-site object gateway is configured on the primary and secondary sites.
  • Object gateway login credentials of the primary and secondary sites are added to the dashboard.
  • Object gateway users are created on the primary site.
  • Object gateway buckets are created on the primary site.
  • At least rgw-manager level of access on the Ceph dashboard.

Procedure

  1. On the Dashboard landing page of the secondary site, in the vertical menu bar, click Object Gateway drop-down list.
  2. Select Buckets.

  3. You can see those object gateway buckets on the secondary landing page that were created for the object gateway users on the primary site.

    Figure 12.12. Monitoring object gateway monitoring

    Multisite object gateway monitoring
  4. Click the row of the bucket that you want to edit.
  5. From the Edit drop-down menu, select Edit.

  6. In the Edit Bucket window, edit the required parameters and click Edit Bucket.

    Figure 12.13. Edit buckets in a multi-site

    Edit buckets in a multi-site

Verification

  • You will get a notification that the bucket is updated successfully.

Additional Resources

12.7.2. Deleting buckets of a multi-site object gateway configuration on the Ceph dashboard

You can delete buckets of secondary sites in primary sites on the Red Hat Ceph Storage Dashboard in a multiste object gateway configuration.

IMPORTANT: Red hat does not recommend to delete buckets of primary site from secondary sites.

Prerequisites

  • At least one running Red Hat Ceph Storage cluster deployed on both the sites.
  • Dashboard is installed.
  • The multi-site object gateway is configured on the primary and secondary sites.
  • Object gateway login credentials of the primary and secondary sites are added to the dashboard.
  • Object gateway users are created on the primary site.
  • Object gateway buckets are created on the primary site.
  • At least rgw-manager level of access on the Ceph dashboard.

Procedure

  1. On the Dashboard landing page of the primary site, in the vertical menu bar, click Object Gateway drop-down list.
  2. Select Buckets.
  3. You can see those object gateway buckets of the secondary site here.
  4. Click the row of the bucket that you want to delete.
  5. From the Edit drop-down menu, select Delete.
  6. In the Delete Bucket dialog box, select Yes, I am sure checkbox, and click Delete Bucket.

Verification

  • The selected row of the bucket is deleted successfully.

Additional Resources

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.