Chapter 3. New features

Add cmount_path option and generate unique user ID

With this enhancement, you can add the optional cmount_path option and generate a unique user ID for each Ceph File System to allow sharing CephFS clients across multiple Ganesha exports thereby reducing the memory usage for a single CephFS client.

TLS is enabled across all monitoring components, enhancing security for Prometheus

With this enhancement, to safeguard data integrity, confidentiality, and alignment with the security best practices, TLS is enabled across the monitoring stack. The enhanced security feature for Prometheus, Alert manager, and Node exporter adds an additional layer of protection by using secure communication across the monitoring stack.

Enhanced security of the monitoring stack

With this enhancement, to safeguard data integrity, confidentiality, and to align with the security best practices, the authentication feature for Prometheus, Alert manager, and the Node exporter is implemented. This enhances the security of the whole monitoring stack by enabling TLS in all the monitoring components and requiring users to provide valid credentials before accessing Prometheus and Alert Manager data. By using this new feature, an additional layer of protection is provided by using secure communication and preventing the unauthorized access to sensitive metrics and monitoring data. With TLS enabled in all the monitoring stack components and authentication in place, users must authenticate before accessing monitoring and metrics data, enhancing overall security and control over data access.

Users can now put a host into maintenance mode

Previously, users could not put a host into maintenance mode as stopping all the daemons on that host would cause data unavailability.

Users can now drain a host of daemons without draining the client conf or keyring files

With this enhancement, users can drain a host of daemons, without also draining the client conf or keyring files deployed on the host by passing the --keep-conf-keyring flag to the ceph orch host drain command. Users can now mark a host to have all daemons drained or not placed there while still having Cephadm manage conf or keyring files on the host.

Cephadm services can now be marked as managed or unmanaged

Previously, the only way to mark the Cephadm services as managed or unmanaged was to edit and re-apply the service specification for the service. This was inconvenient for scenarios, such as temporarily stop making OSDs on devices that match an OSD specification in Cephadm.

Users can now apply client IP restrictions on the NFS deployment using the HAProxy protocol mode

Previously, users could not apply client IP restrictions, while still using HAProxy between the client and NFS. This is because only the HAProxy IP would be recognized by NFS, making proper client IP restriction impossible.

quota.max_bytes is now set in more understandable size values

Previously, the quota.max_bytes value was set in bytes, resulting in often very large size values, which was hard to set or changed.

Laggy clients are now evicted only if there are no laggy OSDs

Previously, monitoring performance dumps from the MDS would sometimes show that the OSDs were laggy, objecter.op_laggy and objecter.osd_laggy, causing laggy clients and the dirty data for cap revokes would not be flushed.

Improved overview dashboard utilization panel

With this enhancement, graphs and graph legends are improved for better usability. In addition, search queries are improved for giving better results.

Upgrade the cluster from the dashboard

Previously, a Red Hat Ceph Storage cluster could only be upgraded through the command-line interface.

The Ceph Dashboard has an Overview page that displays the Ceph Object Gateway information

With this enhancement, an Overview page is added in the Object Gateway section of the Ceph dashboard. From this Overview page, users can now access a dedicated object gateway overview in the Ceph dashboard. This feature enhances the user experience by providing insights into the Object Gateway performance, storage usage, and configuration details. When multi-site is configured in the cluster, the user can also see the multi-site sync status directly on this Overview page.

The Ceph dashboard displays capacity usage information for Block Device images

With this enhancement, a new capacity usage progress bar is visible within the Block > Images table on the Ceph dashboard. The bar provides visible usage information, along with a percentage.

Manage Ceph File System volumes on the dashboard

Previously, Ceph File System (CephFS) volumes could only be managed through the command-line interface.

Manage Ceph File System subvolumes and subvolume groups on the dashboard

Previously, Ceph File System (CephFS) subvolumes and subvolumes groups could only be managed through the command-line interface.

Users can now specify the FQDN for Ceph Object Gateway host through the CLI and the dashboard

Previously, short hostnames were picked to resolve the Ceph Object gateway hostname which would cause issues.

Configure Ceph Object Gateway multi-site on the dashboard

With this enhancement, you can configure multi-site Ceph Object Gateway not only through the command-line interface, but also through the Ceph Dashboard. The dashboard now supports creating, updating, and deleting Object Gateway entities such as realms, zonegroups, and zones. In addition, this feature allows users to configure multi-site between two remote clusters, providing options for data replication and synchronization.

The radosgw-admin bucket command prints bucket versioning

With this enhancement, the ` radosgw-admin bucket stats ` command prints the versioning status for buckets as enabled or off since versioning can be enabled or disabled after creation.

S3 WORM certification with an external entity

With this enhancement, S3 WORM feature is certified with an external entity. This enables data retention in compliance with FSI regulations and a secured object storage deployment that guarantees data retrieval even if the object/buckets in the production zones have been lost or compromised.

Multi-site sync instances now dynamically spread workloads among themselves

Previously, the Ceph Object Gateway multi-site throughput was generally limited to the available bandwidth of a single instance.

Enhanced bucket granular multi-site sync policies

IBM Storage Ceph now supports bucket granular multi-site sync policies.

Reduced object storage query times for data analytics with added JSON, Parquet, and CSV-format object support

Ceph Object Gateway now supports operating on JSON-format, Parquet-format, and CSV-format objects, expanding potential application of S3 select to widely deployed analytics frameworks, for example, Apache Spark and Trino. This added support helps reduce query times.

Data can now be transitioned to the Azure cloud service, using the multi-cloud gateway (MCG)

Previously, transitioning data to the Azure cloud service was a Technology Preview feature. With this enhancement, the feature is ready to be used in a production environment.

Enhanced S3 select feature for more efficient integration with Trino

Object storage now has enhanced integration with Trino for S3 select operations. This improves the query times for semi-structured and structured datasets stored in Ceph Object Gateway.

New performance counters introduced for messenger v2

Previously, there were no dedicated performance counters for accounting encrypted traffic in messenger v2.

New reports available for sub-events for delayed operations

Previously, slow operations were marked as delayed but without a detailed description.

Support HAProxy’s PROXY protocol

With this enhancement, HAProxy uses load balancing servers. This allows load balancing and also enables client restrictions on access.