Red Hat SummitChapter 3. New features and enhancements
This section lists all the major updates, and enhancements introduced in this release of Red Hat Ceph Storage.
3.1. cephadm utility
Learn about the key enhancements and new features for the cephadm utility included in this release to improve functionality and user experience.
New cephadm certificate lifecycle management for improved Ceph cluster security
cephadm certificate lifecycle management was previously available as limited release. This enhancement provides full availability for new and existing customers in production environments.
With this enhancement, cephadm now has certificate lifecycle management in the certmgr subsystem. This feature provides a unified mechanism to provision, rotate, and apply TLS certificates for Ceph services, supporting both user-provided and automatically generated cephadm-signed certificates. As part of this feature, certmgr periodically checks the status of all certificates managed by cephadm and issues health warnings for any that are nearing expiration, misconfigured, or invalid. This improves Ceph cluster security and simplifies certificate management through automation and proactive alerts.
Multiple container registries can now be defined in registry credentials
Previously, only a single container registry credential could be configured. However, users may have different registries for different service containers.
With this enhancement, registry credentials can now define multiple container registries. To store multiple registry credentials, use the following command:
cephadm -v registry-login --registry-json registry.json
cat registry.json
{
"registry_credentials": [
{
"url": "registry1",
"username": "user1",
"password": "xxx"
},
{
"url": "registry2",
"username": "user2",
"password": "xxx"
}
]
}Enhanced config parameter to set the maximum number of OSDs to upgrade in parallel
With this enhancement, the config parameter sets the maximum number of OSDs that can be upgraded in parallel. The default value is 16.
For example,
[ceph: root@ceph-node-0 ceph]# ceph config get mgr mgr/cephadm/max_parallel_osd_upgrades
16
[ceph: root@ceph-node-0 ceph]#
[ceph: root@ceph-node-0 ceph]# ceph config set mgr mgr/cephadm/max_parallel_osd_upgrades 323.2. Ceph Dashboard
New support for managing Ceph Object Gateway accounts
Previously, managing Ceph Object Gateway accounts was only possible through the command-line interface (CLI) using radosgw-admin commands.
With this enhancement, you can now view account details, create new accounts, manage quotas, and link users and buckets to an account directly from the Ceph Dashboard.
As a result, Ceph Object Gateway environments align more closely with AWS-style account and IAM semantics, improving usability, scalability, and security governance.
New migration from Promtail to Grafana Alloy for centralized logging
Previously, centralized logging relied on Promtail, which is now deprecated and no longer recommended for new deployments.
With this enhancement, Red Hat Ceph Storage uses Grafana Alloy for log scraping and forwarding. Grafana Alloy provides a unified, modern, and more efficient agent for log collection, processing, and forwarding.
Grafana Alloy simplifies configuration management across clusters and improves performance and reliability. As a result, centralized logging reduces maintenance overhead, improves observability performance, and aligns the monitoring stack with current Grafana best practices.
For more information, see Viewing centralized logs of the Ceph cluster on the dashboard.
3.3. Ceph File System (CephFS)
Learn about the key enhancements and new features for Ceph File System (CephFS) included in this release to improve functionality and user experience.
Case sensitivity and Unicode normalization can now be configured during subvolume group creation
Previously, it was possible to configure Unicode normalization and case sensitivity when creating a subvolume, but not when creating a subvolume group. To apply these settings, users had to run additional commands after the group was created.
With this enhancement, new command arguments allow users to configure Unicode normalization and case sensitivity directly during subvolume group creation, eliminating the need for extra steps.
Source information of clone subvolumes is now preserved
Previously, after cloning was completed, the source information (subvolume or snapshot) of the clone was removed from the .meta file. As a result, when users ran the subvolume info command for a clone subvolume, they could not view details about its source.
With this enhancement, source information for a clone subvolume is now preserved even after cloning is complete. This allows the subvolume info command to include details about the source subvolume in its output, making it easier for users to find and view the origin of a clone.
Now supports monitoring subvolume-level metrics
CephFS now provides performance metrics at the subvolume level, including IOPS, throughput, and latency. These metrics help administrators monitor IO allocations for applications and protocol gateways that use CephFS subvolumes. Metrics are available through Prometheus, the Ceph Manager stats module, and the Ceph Dashboard.
For more information, see Viewing subvolume metrics for CephFS metadata server clients.
3.4. Ceph Object Gateway
Learn about the key enhancements and new features for Ceph Object Gateway included in this release to improve functionality and user experience.
Bucket logging support for Ceph Object Gateway with bug fixes and enhancements
Bucket logging was previously available as limited release. This enhancement provides full availability for new and existing customers in production environments.
Bucket logging provides a mechanism for logging all access to a bucket. The log data can be used to monitor bucket activity, detect unauthorized access, get insights into the bucket usage and use the logs as a journal for bucket changes. The log records are stored in objects in a separate bucket and can be analyzed later.
Bucket logging includes support for source and destination buckets across different tenants, suffix/prefix-based key filtering, and standardized AWS operation names in log records.
For more information, see Bucket logging.
Bugzilla:2308169, Bugzilla:2341711
Restore objects transitioned to remote cloud endpoint back into Ceph Object gateway using the cloud-restore feature
The cloud-restore feature was previously available as limited release. This enhancement provides full availability for new and existing customers in production environments.
This feature allows users to restore objects transitioned to remote cloud endpoint back into Ceph Object gateway, using either S3 restore-object API or by re-hydrating using read-through options.
For more information, see Using the radosgw-admin CLI for cloud restore operations.
New support for updating the restoration period for archived objects
With this enhancement, you can now update the expiry date of a restored object by reissuing the restore-object API request with a new restoration period. The updated period is calculated from the current time, allowing you to retain data longer or expire it sooner without re-downloading from the remote cloud endpoint.
For more information, see Restoring objects from S3 cloud-tier storage.
New CLI commands introduced to help monitor and debug restore operations
Previously, administrators had limited visibility into object restore operations, which made monitoring and debugging difficult.
With this enhancement, the system introduces two new CLI commands:
radosgw-admin restore list- Lists the restore status of objects in a bucket.
radosgw-admin restore status- Displays restore attributes for a specific object.
The bucket statistics also include restore-related information for easier monitoring.
For more information, see Using the radosgw-admin CLI for cloud restore operations.
Improved CLI output for topic management
The radosgw-admin topic list command has been enhanced for better usability. The output format is now consistent across v1 and v2 topics and excludes the topics section, reducing complexity for automation and scripting.
Enhanced conditional operations
This enhancement introduces support for conditional PUT and DELETE operations, including bulk and multi-delete requests. These conditional operations improve data consistency for some workloads.
The conditional InitMultipartUpload is not implemented in this release.
Bugzilla:2375000, Bugzilla:2350732
Flushed object name now emitted
Previously, users had no direct way to identify the last object that was flushed. This made it harder to determine the correct starting point when traversing log objects in the log bucket.
With this enhancement, the system now replies with the name of the last flushed object. As a result, users can easily identify the most recent object and streamline log traversal operations.
Reduced client impact during bucket resharding
With this enhancement, bucket resharding now does most of its processing before it starts to block write operations. This should significantly reduce the client-visible impact of resharding on large buckets.
Committed objects now added to log buckets even without pending records
Previously, when committing an object, it was not added to the log bucket if there were no log records pending. This made it harder for consumers to reliably determine the last committed object when listing log bucket contents.
With this enhancement, committed objects are now added to the log bucket even if no log records are pending. As a result, consumers can easily identify the last committed object and traverse log objects more efficiently.
Clear error propagation for logging failures in journal mode
Previously, when logging failed in journal mode, the customer received generic or misleading error messages. For example, a customer performing a regular S3 operation could see a 403 error if permissions were missing on the log bucket, even though permissions were correct on the target bucket.
With this enhancement, the system now propagates a clear error message indicating that the failure occurred during logging, not the primary operation. As a result, customers can quickly identify and resolve logging-related issues without confusion.
Automatic permission setting for D3N cache directory
Previously, configuring the RGW D3N cache directory required manual steps to set permissions, such as running chmod a+rwx rgw_d3n_l1_datacache_persistent_path. This added complexity and increased setup time.
With this enhancement, the correct permissions are automatically applied when the D3N cache directory is created. As a result, customers experience fewer manual configuration steps, improving setup efficiency and overall usability.
New support for AWS S3 GetAccountSummary
Previously, AWS S3 GetAccountSummary was not supported, which limited certain workloads that require account-level information, such as Terraform-based automation.
With this enhancement, AWS S3 GetAccountSummary is now supported.
New support for AWS STS GetCallerIdentity
Previously, AWS STS GetCallerIdentity was not supported, limiting the ability to validate user identities and enforce access policies before creating or modifying policies. This gap impacted workflows that rely on identity verification, such as Terraform-based automation.
With this enhancement, AWS STS GetCallerIdentity is now supported. As a result, customers can securely validate identities and access policies, enabling more robust policy management and seamless integration with Terraform workflows.
Aligned operation names with AWS for consistent log integration
Previously, operation names in Ceph logs were inconsistent with the operation types used by AWS. This required different approaches for log consumption depending on whether Ceph or AWS logs were being processed.
With this enhancement, operation names in Ceph logs now match the names used in AWS logs. This alignment simplifies integration and makes log consumption more consistent across systems.
3.5. Multi-site Ceph Object Gateway
Learn about the key enhancements and new features for multi-site Ceph Object Gateway included in this release to improve functionality and user experience.
Improved reliability for multi-site replication data log delivery
Previously, in rare cases, replication data logs could lose updates, which created the appearance of stalled replication even though data consistency was not affected.
With this enhancement, the multi-site replication process is hardened to prevent such occurrences. As a result, replication performance is smoother, and log reduction happens more promptly, improving overall system responsiveness.
Cleanup added for index segments of replicated buckets
Previously, dynamic resharding with multi-site replication had a long-standing limitation: old index segments were not cleaned up due to simultaneous access to old and new index shards during replication. This resulted in persistent space leakage.
With this enhancement, cleanup for index segments of replicated buckets has been added. As a result, the space leakage issue is resolved, improving storage efficiency and overall system health.
3.6. RADOS
Learn about the key enhancements and new features for RADOS included in this release to improve functionality and user experience.
Enhanced support for moving stretch mode to normal mode
Previously, Ceph clusters operating in stretch mode could not be reverted to normal mode without manual intervention.
With this enhancement, Ceph introduces a command that allows users to gracefully exit stretch mode.
ceph mon disable_stretch_mode CRUSH_RULE --yes-i-really-mean-itUsers may optionally specify a CRUSH rule to which all pools should be migrated. If no rule is provided, Ceph automatically selects a default replicated CRUSH rule.
Enhanced detection of network partitions under connectivity election strategy
Previously, monitors operating under the connectivity election strategy did not provide user-facing alerts when network partitions occurred.
With this enhancement, monitors can detect network partitions between themselves. The elected leader monitor evaluates connectivity scores shared by its peers to identify partitioned connectivity groups.
When a netsplit is detected, monitors emit health warnings.
- Example of complete location-level partitions warning
-
Netsplit detected between dc1 and dc2 - Example of individual monitor disconnections warning
-
Netsplit detected between mon.a and mon.d
New ISA plugin support for erasure coded pools
Previously, erasure coded pools only supported Jerasure plugins.
With this enhancement, ISA plugin is now the default and both plugins are now supported.
General enhancements for RADOS and RADOS BlueStore
This version provides several enhancements for RADOS and RADOS BlueStore. These enhancements include the following:
- BlueStore discard optimization
- Actively triggers block device discards to prevent excessive queue growth on SSDs and improves performance on lower-grade drives.
- Faster device scanning
-
ceph-volumescans devices up to 100-times faster, streamlining day-one cluster setup operations. - Improved write latency
-
Uses a single consolidated
fdatasynccall in the WAL to reduce latency and improve overall write performance in BlueStore. - RADOS OMAP iteration
- Optimizes object map (OMAP) iteration to reduce latency during large-scale operations and improve responsiveness in complex workloads.
Erasure coding ratio support enhancements
This release introduces new support and qualification for 5+2 and 6+2 erasure coding ratios. These configurations deliver an optimal balance of performance, scalability, and cost efficiency, making them ideal for clusters that require high storage utilization and robust data protection.
For more information, see Erasure code profiles.
3.7. Ceph Block Device mirroring (rbd-mirror)
Learn about the key enhancements and new features for Ceph Block Device mirroring included in this release to improve functionality and user experience.
Improved tracking of mirror group snapshot states
Previously, rbd-mirror tracked the progress of a mirror group snapshot without distinguishing between a snapshot that was created and one that was fully synced.
With this enhancement, a new internal field (complete) is integrated into the GroupSnapshotNamespaceMirror structure. This field determines whether a snapshot is completely synced. The existing state field of creating and created continues to indicate whether the snapshot has been created. Together, these fields provide a more precise distinction between snapshots that are created (metadata available) and those that are fully synced.
As a result, mirror group snapshot status tracking is more accurate and consistent, improving compatibility and robustness in the rbd-mirror process. The user-facing output of the rbd group snap ls command is also updated to reflect clearer state names: creating and created instead of incomplete and complete. A mirror group snapshot is completely synced on the secondary cluster when the NAMESPACE column shows as copied, and still syncing when it shows not copied.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}