Questo contenuto non è disponibile nella lingua selezionata.

Chapter 3. New features


This section lists all major updates, enhancements, and new features introduced in this release of Red Hat Ceph Storage.

3.1. The Cephadm utility

Added automation for the Ceph Object Gateway multi-site setup

With this enhancement, zone group host names can now be set using the Ceph Object Gateway realm bootstrap command. Set the zonegroups_hostnames by using the specification file that is provided to the ceph rgw realm bootstrap command.

This feature continues to add another setup option through the initial specification file that is passed to the bootstrap command, instead of requiring additional steps.

Add the zonegroup_hostnames section to the spec section of the Ceph Object Gateway specification that is passed to the realm bootstrap command. When the section is added, Cephadm automatically adds these specified host names to the zone group that is defined in the specification after the Ceph Object Gateway module finishes creating the palm, zone group, or zone.

The following provides an example of the zonegroup_hostnames section to be added to the specification file:

zonegroup_hostnames:
- host1
- host2
Copy to Clipboard Toggle word wrap
Note

Adding the zone group host names can take a few minutes, depending on other Cephadm module workload activity at the time of compeltion.

Bugzilla:2241321

New automatic application of updated SSL certificates during Ceph rgw service updates

Previously, when updating SSL certificates for Ceph Object Gateway in the service specification, the changes did not take effect until the daemons were manually restarted. This manual step hindered automation and could leave services temporarily running with outdated certificates.

With this enhancement, SSL certificate updates in the Ceph Object Gateway specification automatically trigger the necessary daemon restarts as part of the service update process. As a result, the feature helps ensure that new certificates are applied immediately and improves automation and operational reliability.

Bugzilla:2344352

New ceph orch device replace HOST DEVICE_PATH command to simplify OSD device replacement

Previously, replacing a shared DB device was tedious and error-prone. Cephadm also often redeployed OSDs too quickly after destruction, before the physical device was replaced.

With this enhancement, users can now safely replace devices without race conditions or manual cleanup steps.

Bugzilla:2256116

Improved core dump handling in cephadm systemd units

Previously, core dumps were not generated or were truncated when services crashed, especially in hard-to-reproduce cases, resulting in the loss of valuable debugging information.

With this enhancement, cephadm now sets LimitCORE=infinity in its systemd unit file template and configures the ProcessSizeMax and ExternalSizeMax settings for coredumpctl, provided that the mgr/cephadm/set_coredump_overrides setting is enabled. The maximum size for core dumps is controlled by the mgr/cephadm/coredump_max_size setting. As a result, services now generate complete core dumps, improving the ability to debug crash issues.

Bugzilla:2303745

New custom log rotate configurations available for Cephadm to deploy to each host

With this enhancement, users can now set custom logrotate configurations for both the rotation of cephadm.log and daemons logs that cephadm will deploy to each host.

ceph orch write-custom-logrotate TYPE -i LOGROTATE_FILE
Copy to Clipboard Toggle word wrap

Replace TYPE with either cephadm or cluster, depending on whether you are overwriting the logrotate file for the cluster logs or the cephadm.log. Replace LOGROTATE_FILE to the contents of that logrotate file you want written out.

Note

Start from an existing logrotate config deployed by cephadm and then edit it from there.

The following is the default cephadm.log logrotate configuration file:

# created by cephadm
/var/log/ceph/cephadm.log {
    rotate 7
    daily
    compress
    missingok
    notifempty
    su root root
}
Copy to Clipboard Toggle word wrap

The following is an example of the cluster logrotate configuration file:

# created by cephadm
/var/log/ceph/eb082d44-4225-11f0-9e4b-525400eee38f/*.log {
    rotate 7
    daily
    compress
    sharedscripts
    postrotate
        killall -q -1 ceph-mon ceph-mgr ceph-mds ceph-osd ceph-fuse radosgw rbd-mirror cephfs-mirror tcmu-runner || pkill -1 -x 'ceph-mon|ceph-mgr|ceph-mds|ceph-osd|ceph-fuse|radosgw|rbd-mirror|cephfs-mirror|tcmu-runner' || true
    endscript
    missingok
    notifempty
    su root root
Copy to Clipboard Toggle word wrap

Both cephadm and cluster files can be found on a host in the cluster at /etc/logrotate.d/cephadm and /etc/logrotate.d/ceph-FSID.

Note

If either of these files have been previously edited, the edited version may still exist, and cephadm will not automatically overwrite these configuration files. To overwrite these files, use the ceph orch write-custom-logrotate command.

Cephadm can regenerate the default configurations by removing them and running and triggering a redeploy of daemon on that host. For example, for host1 that has the crash.host1 daemon deployed there, you could run the following command:

ceph orch daemon redeploy crash.host1
Copy to Clipboard Toggle word wrap

In this example, if the two logrotate configs were not present, cephadm will write them out with the current Ceph version default.

Bugzilla:2090881

New support for topographical labeling on hosts

This enhancement expands cephadm’s capabilities by introducing topological key/value properties for hosts. Administrators can now group hosts by meaningful, configurable labels, enabling more efficient rolling upgrades. Instead of issuing multiple commands for each service group (for example, distinct RGW services by rack), upgrades can iterate through a list of topographical labels—streamlining multi-rack operations. Additionally, these new properties open the door for enhanced RADOS read affinity by leveraging improved CRUSH location settings.

Bugzilla:2353013

3.2. Ceph Metrics

New metric allows quick detection of Ceph daemon problems

This enhancement provides the new ceph_daemon_socket_up metric for each Ceph daemon running in the same host as the ceph exporter. The ceph_daemon_socket_up metric provides the health status of a Ceph daemon based on its ability to respond through the admin socket, where a value of 1 indicates a healthy state and 0 indicates an unhealthy state. The metric serves as a tool for quickly detecting problems in any of the main Ceph daemon.

Note

This metric does not provide indicators for the ceph mgr and ceph exporter daemons.

Bugzilla:2146728

3.3. Ceph Dashboard

New bucket shard count displayed

Previously, shard counts were not displayed, limiting visibility into bucket configurations.

With this enhancement, the user can see the number of shards for every bucket in the Object > Buckets list.

Bugzilla:2129325

Ceph Dashboard now supports managing Storage Classes through the UI

Previously, users could not configure or manage Storage Classes through the Dashboard. Although Life Cycle (LC) policies introduced in 8.0 allowed data tiering between Storage Classes, the UI lacked the ability to define or manage the classes themselves.

With this enhancement, users can configure and manage Storage Classes, including cloud-S3 class types, directly from the Dashboard. The enhancement also introduces templates for easier setup of common storage class configurations.

Bugzilla:2350291

KMIP is now added to the list of KMS providers under the Objects > Configuration section of the Dashboard

Previously, the Ceph dashboard supported only KMS providers for managing encryption keys.

With this enhancement, KMIP is now added to the list of KMS providers under the Objects > Configuration section of the dashboard. The dashboard now supports both vault and KMIP as the KMS providers for managing encryption keys. providers for managing encryption keys.

Bugzilla:2305658

Ceph Dashboard now requires users to type the resource name to confirm deletion of critical resources

Previously, users could delete one or more critical resources (such as images, snapshots, subvolumes, subvolume groups, pools, hosts, OSDs, buckets, and file systems) by simply selecting a checkbox. This made accidental deletions more likely.

With this enhancement, the Dashboard prompts users to manually type the resource name in a confirmation textbox before deletion. Additionally, users can now delete only one critical resource at a time, reducing the risk of unintentional data loss.

Bugzilla:2350295

3.4. Ceph File System

cephfs-mirror daemon only transfers changed blocks in a file

Previously, cephfs-mirror daemon would transfer whole files, which is inefficient for large files.

With this enhancement, the cephfs-mirror daemon uses the blockdiff API in the MDS to only transfer changed blocks in a file. As a result, sync performance is significantly improved in some circumstances, especially for large files.

Bugzilla:2317735

Metadata and data pool names can now be used for creating the volume

With this enhancement, the ceph fs volume create command allows users to pass metadata and data pool names to be used for creating the volume. If either is not passed or if either is a non-empty pool, the command stops.

Bugzilla:2355686

CephFS now supports hierarchical case-insensitive or normalized directory entry naming

With this enhancement, CephFS now supports performant case-insensitive file access protocols. As a result, CephFS performance is competitive with other case-insensitive native file systems.

Bugzilla:2350186

FSCrypt encryption is now supported within user space CephFS

With this enhancement, FSCrypt encryption is supported, allowing other software stacks to enable encryption. As a result, encryption can now be enabled and used within CephFS.

Bugzilla:2358435

New support for retrieving the path of a subvolume snapshot

With this enhancement, users can now obtain the path of a subvolume snapshot. Get the path of a subvolume snapshot, by using the new ceph fs subvolume snapshot getpath command. NOTE: If the snapshot does not exist, the command returns an ENOENT error.

Bugzilla:2354017

New support for disabling always-on manager modules and plugins

This enhancement allows administrators to force-disable always-on modules and plugins in the Ceph MGR. Force disabling can help prevent flooding by module commands when the corresponding Ceph service is down or degraded.

Bugzilla:2280032

quota.max_bytes is now set in more understandable size values

Previously, the quota.max_bytes value was set in bytes, resulting in often very large size values, which were hard to set or change.

With this enhancement, the quota.max_bytes values can now be set with human-friendly values, such as M/Mi, G/Gi, or T/Ti. For example, 10GiB or 100K.

Bugzilla:2345288

3.5. Ceph Volume

New support for TPM 2.0 for encrypted OSDs

With this enhancement, users can now enroll a Trusted Platform Module (TPM) 2.0 token during OSD preparation to store Linux Unified Key Setup (LUKS) securely. As a result, key management is now improved by leveraging hardware-backed security.

Bugzilla:2304317

Improved stability for DB partitions

With this enhancement, users can create a dedicated DB partition, even on a colocated OSD deployment scenario. Isolating the RocksDB helps improve stability and prevents fragmentation-related issues.

Bugzilla:2319755

3.6. Ceph Object Gateway

Sites can now configure Ceph Object Gateway error handling for existing bucket creation

Previously, Ceph Object Gateway (RGW) returned a success response when creating a bucket that already existed in the same zone, even if no new bucket was created. This caused confusion in automated workflows.

With this enhancement, sites can now configure RGW to return an error instead of success when attempting to create a bucket that already exists in the zone.

If the configuration option rgw_bucket_exist_override is set to true, RGW returns a 409 BucketAlreadyExists error for duplicate bucket creation requests. By default, this option is set to false.

Bugzilla:2336983

New cloud restore support for Glacier/Tape endpoints to retrieve objects

This enhancement introduces the new cloud-glacier-s3 tier-type to extend S3 endpoint support for Glacier/Tape.

For more information, see Policy Based Data Archival and Retrieval to S3 compatible platforms.

Bugzilla:2358617, Bugzilla:2345486

Dynamic bucket resharding now has the ability to reduce the number of shards

When a bucket undergoes a reduction in the number of objects contained within for an extended period of time, the number of shards should be reduced automatically.

With this enhancement, over time the number of bucket index shards for a bucket will better correspond to the number of objects in the bucket.

Bugzilla:2135354

New support for restoration of versioned objects transitioned to Cloud

With this enhancement, versioned objects can now be restored from the Cloud back into the Ceph Object Gateway cluster.

For more information, see Restoring objects from S3 cloud-tier storage.

Bugzilla:2312931

Creation dates are now added as part of user keys

With this enhancement, when keys are added to a user, a creation stamp is now attached to it. As a result, keys are removed in the proper order when credentials are rotated.

Bugzilla:2316598

HeadBucket requests are now less resource intensive

Previously, all HeadBucket requests required querying all the shards to assemble statistics, which made the requests resource intensive operations.

With this enhancement, the HeadBucket API now reports the X-RGW-Bytes-Used and X-RGW-Object-Count headers only when the read-stats query string is explicitly included in the API request. As a result, HeadBucket requests are now less resource intensive but results received, when specified.

Bugzilla:2325408

A clientID can now be removed from an OpenID Connect provider registered with Ceph Object Gateway

Previously, a clientID could be added to an OpenID Connect provider, but removal was not supported.

With this enhancement, a REST API was added to remove an existing clientID from an OpenID Connect provider.

Bugzilla:2322664

Administrators can now delete bucket index entries with a missing head object

Previously, using a radosgw-admin object rm command would not remove a bucket index entry with a head object missing. Instead of removing the bucket, an error message would be emitted.

With this enhancement, bucket index entries with a missing head object can now be removed with the ` --yes-i-really-mean-it` flag.

Bugzilla:2341761

AssumeRoleWithIdentity now supports validating JWT signatures

Previously, AssumeRoleWithWebIdenity supported JSON Web Token (JWT) signature validation using only x5c.

With this enhancement, AssumeRoleWithIdentity validates JWT signatures by using a JSON Web Key (JWK) with modulus and exponent (n+e). As a result, an OpenID Connect (OIDC) IdP issuing JWK with n+e can now integrate with Ceph Object Gateway.

Bugzilla:2346769

Cloud-transitioned objects can now be restored to a selected storage class

Previously, objects transitioned to cloud were restored only to STANDARD storage class. This was a limitation and can affect data usage of the cluster.

With this enhancement, the new tier-config restore-storage-class option is introduced. Administrators can now choose the data pool to which the objects need to be restored to, providing more flexibility.

For more information, see Restoring objects from S3 cloud-tier storage.

Bugzilla:2345488

New support for PUT bucket notifications from other tenant users

With this enhancement, there is added support for cross tenant topic management, allowing PUT bucket notifications from other tenant users. Cross tenant management includes creating, deleting, and modifying topic management.

Bugzilla:2238814

Support for user accounts through Identity and Access Management (IAM)

User accounts through IAM was previously available as limited release. This enhancement provides full availability for new and existing customers in production environments.

With this release, Ceph Object Gateway supports user accounts as an optional feature to enable the self-service management of users, groups, and roles similar to those in AWS Identity and Access Management (IAM).

For more information, see Identity and Access Management (IAM).

3.7. RADOS

Ceph now optimizes OMAP listing at the OSD level.

OMAP listing at the Ceph OSD is optimized.

Bugzilla:2307146

PG scrub performance improved by removing unnecessary object ID repair check.

Previously, every PG scrub triggered the repair_oinfo_oid() function, which addressed rare object ID mismatches caused by a historical filesystem bug. This added overhead, even when the conditions didn’t apply.

Bugzilla:2356515

pg-upmap-primary mappings can now be removed from the OSDmap

With this enhancement, the new ceph osd rm-pg-upmap-primary-all command is introduced. The command allows users to clear all pg-upmap-primary mappings in the OSDmap at any time.

Use the command to remove pg-upmap-primary with a single command. The command can also be used to remove any invalid mappings, when required.

Important

Use the command carefully, as it directly modifies primary PG mappings and can impact read performance.

Bugzilla:2349077

Cluster log level verbosity for external entities can now be controlled

Previously, debug verbosity logs were sent to all external logging systems regardless of their level settings. As a result, the /var/ filesystem would rapidly fill up.

With this enhancement, the new mon_cluster_log_level command option is introduced and the previous mon_cluster_log_file_level and mon_cluster_log_to_syslog_level command options have been removed.

Important

From this release, use only the new generic mon_cluster_log_level command option to control the cluster log level verbosity for the cluster log file and all external entities.

Bugzilla:2320860

Ceph now reports BlueStore fragmentation through the health warning subsystem

Previously, Ceph only logged BlueStore fragmentation issues in low-visibility log entries, making them easy to overlook.

With this enhancement, Ceph surfaces fragmentation issues directly in the health status, enabling faster detection and easier troubleshooting.

Bugzilla:2350214

Advance notifications are now provided on free fragmentation disk space

Previously, when free space on the disk was significantly fragmented, the searching for free space took longer and potentially impacted performance. While this did not immediately cause problems, impact only emerged at a very late stage, free disk space was very low.

With this enhancement, the disk allocator is queried for current fragmentation, by using the config.bluestore_fragmentation_check_period option. The default check period is every 3600 seconds (1 hour). The fragmentation value is then emitted to the respective OSD log, on level 0. If the value exceeds the free fragmentation level, config.bluestore_warn_on_free_fragmentation with the default value of 0.8, a health warning for the OSD is emitted.

As a result, fragmentation disk space is not at risk, as warnings are emitted with advance notice. For more information, see Health messages of a Ceph cluster.

For more information, see Health messages of a Ceph cluster.

New support for 2-site stretch cluster (stretch-mode)

This enhancement enables a two-site stretch cluster deployment, allowing users to extend Ceph’s failure domain from the OSD level to the data-center or zone level. In this configuration, OSDs and Monitors can be deployed across two data sites, while a third site (monitor-only) acts as a tie-breaker for MON quorum during site failure. This architecture enhances fault tolerance by enabling automatic failover, preventing split-brain scenarios, and supporting recovery to ensure continued cluster availability and data integrity, even during a full-site outage.

Reduced fast storage requirements with RocksDB compression enabled

With this enhancement, when RocksDB compression is enabled, Ceph Object Gateway has a reduced block.db reserved size. The new reduced requirement is changed from 4% to 2.5% of reserved space. The RocksDB compression is enabled by default.

3.8. RBD Mirroring

RBD now supports mirroring between default and non-default namespaces.

With this enhancement, Ceph Block Device introduces a new init-only mode for the rbd mirror pool enable command. This command provides the ability to configure a pool for mirroring and disable mirroring on the default namespace. However, mirroring can still be configured for other namespaces. This feature allows a non-default namespace in the pool to be mirrored to the default namespace in a pool of the same name in the remote cluster.

Bugzilla:2327267

New consistency group snapshot mirroring (CGSM)

Previously, disaster recovery relied on single-image mirroring between clusters. This approach supported isolated images but did not meet the needs of applications that depend on multiple volumes. For example, in a libvirt VM with several disks, each disk serves a different role. Restoring all volumes to a consistent, same-point-in-time state was challenging.

With this enhancement, consistency group mirroring in snapshot mode is now available. CGSM mirrors a group of images or volumes as a consistent set, ensuring data uniformity during recovery. The feature introduces various operations, including enabling, disabling, promoting, demoting, resyncing, snapshotting, and scheduling, which support more robust relocation, failover, and failback processes.

Bugzilla:2089305

Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat