Questo contenuto non è disponibile nella lingua selezionata.
Chapter 5. Technology Previews
This section provides an overview of Technology Preview features introduced or updated in this release of Red Hat Ceph Storage.
Technology Preview features are not supported with Red Hat production service level agreements (SLAs), might not be functionally complete, and Red Hat does not recommend to use them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information on Red Hat Technology Preview features support scope, see https://access.redhat.com/support/offerings/techpreview/.
Users can archive older data to an AWS bucket
With this release, users can enable data transition to a remote cloud service, such as Amazon Web Services (AWS), as part of the lifecycle configuration. See the Transitioning data to Amazon S3 cloud service for more details.
Expands the application of S3 select to Apache Parquet format
With this release, there are now two S3 select workflows, one for CSV and one for Parquet, that provide S3 select operations with CSV and Parquet objects. See the S3 select operations in the Red Hat Ceph Storage Developer Guide for more details.
Bucket granular multi-site sync policies is now supported
Red Hat now supports bucket granular multi-site sync policies. See the Using multi-site sync policies section in the Red Hat Ceph Storage Object Gateway Guide for more details.
Server-Side encryption is now supported
With this release, Red Hat provides the support to manage Server-Side encryption. This enables S3 users to protect data at rest with a unique key through Server-Side encryption with Amazon S3-managed encryption keys (SSE-S3).
Users can use the PutBucketEncryption S3
feature to enforce object encryption
Previously, to enforce object encryption in order to protect data, users were required to add a header to each request which was not possible in all cases.
With this release, Ceph Object Gateway is updated to support PutBucketEncryption S3
action. Users can use the PutBucketEncryption S3
feature with the Ceph Object Gateway without adding headers to each request. This is handled by the Ceph Object Gateway.
5.1. The Cephadm utility
New Ceph Management gateway and the OAuth2 Proxy service for unified access and high availability
With this enhancement, the Ceph Dashboard introduces the Ceph Management gateway (mgmt-gateway
) and the OAuth2 Proxy service (oauth2-proxy
). With the Ceph Management gateway (mgmt-gateway
) and the OAuth2 Proxy (oauth2-proxy
) in place, nginx
automatically directs the user through the oauth2-proxy
to the configured Identity Provider (IdP), when single sign-on (SSO) is configured.
5.2. Ceph Dashboard
New OAuth2 SSO
OAuth2 SSO uses the oauth2-proxy
service to work with the Ceph Management gateway (mgmt-gateway
), providing unified access and improved user experience.
5.3. Ceph Object Gateway
New bucket logging support for Ceph Object Gateway
Bucket logging provides a mechanism for logging all access to a bucket. The log data can be used to monitor bucket activity, detect unauthorized access, get insights into the bucket usage and use the logs as a journal for bucket changes. The log records are stored in objects in a separate bucket and can be analyzed later. Logging configuration is done at the bucket level and can be enabled or disabled at any time. The log bucket can accumulate logs from multiple buckets. The configured prefix
may be used to distinguish between logs from different buckets.
For performance reasons, even though the log records are written to persistent storage, the log object appears in the log bucket only after a configurable amount of time or when reaching the maximum object size of 128 MB. Adding a log object to the log bucket is done in such a way that if no more records are written to the object, it might remain outside of the log bucket even after the configured time has passed.
There are two logging types: standard
and journal
. The default logging type is standard
.
When set to standard
the log records are written to the log bucket after the bucket operation is completed. As a result the logging operation can fail with no indication to the client.
When set to journal
the records are written to the log bucket before the bucket operation is complete. As a result, the operation does not run if the logging action fails and an error is returned to the client.
You can complete the following bucket logging actions: enable, disable, and get.
Support for user accounts through Identity and Access Management (IAM)
With this release, Ceph Object Gateway supports user accounts as an optional feature to enable the self-service management of Users, Groups, and Roles similar to those in AWS Identity and Access Management(IAM).
Restore objects transitioned to remote cloud endpoint back into Ceph Object gateway using the cloud-restore
feature
With this release, the cloud-restore
feature is implemented. This feature allows users to restore objects transitioned to remote cloud endpoint back into Ceph Object gateway, using either S3 restore-object API or by rehydrating using read-through options.