Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 2. Configure Ceph Object Gateway
Once you have installed the Ceph Object Gateway packages, the next step is to configure your Ceph Object Gateway. There are two approaches:
-
Simple: A
simpleCeph Object Gateway configuration implies that you are running a Ceph Object Storage service in a single data center. So you can configure the Ceph Object Gateway without regard to regions and zones. -
Federated: A
federatedCeph Object Gateway configuration implies that you are running a Ceph Object Storage service in a geographically distributed manner for fault tolerance and failover. This involves configuring your Ceph Object Gateway instances with regions and zones.
In this guide we shall proceed with a simple Ceph Object Gateway configuration.
The Ceph Object Gateway is a client of the Ceph Storage Cluster. As a Ceph Storage Cluster client, it requires:
-
A name for the gateway instance. We use
gatewayin this guide. - A storage cluster user name with appropriate permissions in a keyring.
- Pools to store its data.
- A data directory for the gateway instance.
- An instance entry in the Ceph Configuration file.
- A configuration file for the web server to interact with FastCGI.
The configuration steps are as follows:
2.1. Create a User and Keyring
Each instance must have a user name and key to communicate with a Ceph Storage Cluster. In the following steps, we use an admin node to create a keyring. Then, we create a client user name and key. Next, we add the key to the Ceph Storage Cluster. Finally, we distribute the key ring to the node containing the gateway instance i.e, gateway host.
Monitor Key CAPS
When you provide CAPS to the key, you MUST provide read capability. However, you have the option of providing write capability for the monitor. This is an important choice. If you provide write capability to the key, the Ceph Object Gateway will have the ability to create pools automatically; however, it will create pools with either the default number of placement groups (not ideal) or the number of placement groups you specified in your Ceph configuration file. If you allow the Ceph Object Gateway to create pools automatically, ensure that you have reasonable defaults for the number of placement groups first.
Execute the following steps on the admin node of your cluster:
Create a keyring for the gateway:
sudo ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring sudo chmod +r /etc/ceph/ceph.client.radosgw.keyring
sudo ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring sudo chmod +r /etc/ceph/ceph.client.radosgw.keyringCopy to Clipboard Copied! Toggle word wrap Toggle overflow Generate a Ceph Object Gateway user name and key for each instance. For exemplary purposes, we will use the name
gatewayafterclient.radosgw:sudo ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key
sudo ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-keyCopy to Clipboard Copied! Toggle word wrap Toggle overflow Add capabilities to the key:
sudo ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
sudo ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyringCopy to Clipboard Copied! Toggle word wrap Toggle overflow Once you have created a keyring and key to enable the Ceph Object Gateway with access to the Ceph Storage Cluster, add the key to your Ceph Storage Cluster. For example:
sudo ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
sudo ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyringCopy to Clipboard Copied! Toggle word wrap Toggle overflow Distribute the keyring to the
gateway host:sudo scp /etc/ceph/ceph.client.radosgw.keyring ceph@{hostname}:/home/ceph ssh {hostname} sudo mv ceph.client.radosgw.keyring /etc/ceph/ceph.client.radosgw.keyringsudo scp /etc/ceph/ceph.client.radosgw.keyring ceph@{hostname}:/home/ceph ssh {hostname} sudo mv ceph.client.radosgw.keyring /etc/ceph/ceph.client.radosgw.keyringCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThe 5th step is optional if
admin nodeis thegateway host.
2.2. Create Pools
Ceph Object Gateways require Ceph Storage Cluster pools to store specific gateway data. If the user you created in the preceding section has permissions, the gateway will create the pools automatically. However, you should ensure that you have set an appropriate default number of placement groups per pool in your Ceph configuration file, or create the pools manually with an appropriate number of placement groups. See Ceph Placement Groups (PGs) per Pool Calculator for details.
The Ceph Object Gateway requires multiple pools, and they can use the same CRUSH ruleset. The mon_pg_warn_max_per_osd setting warns you if assign too many placement groups to a pool (i.e., 300 by default). You may adjust the value to suit your needs and the capabilities of your hardware where n is the maximum number of PGs per OSD.
mon_pg_warn_max_per_osd = n
mon_pg_warn_max_per_osd = nWhen configuring a gateway with the default region and zone, the naming convention for pools typically omits region and zone naming, but you can use any naming convention you prefer. For example:
-
.rgw -
.rgw.root -
.rgw.control -
.rgw.gc -
.rgw.buckets -
.rgw.buckets.index -
.log -
.intent-log -
.usage -
.users -
.users.email -
.users.swift -
.users.uid
As already said, if write permission is given, Ceph Object Gateway will create pools automatically. To create a pool manually, execute the following:
ceph osd pool create {poolname} {pg-num} {pgp-num}
ceph osd pool create {poolname} {pg-num} {pgp-num}
When adding a large number of pools, it may take some time for your cluster to return to a active + clean state.
When you have completed this step, execute the following to ensure that you have created all of the foregoing pools:
rados lspools
rados lspools2.3. Add a Gateway Configuration to Ceph
Add the Ceph Object Gateway configuration to your Ceph Configuration file in admin node. The Ceph Object Gateway configuration requires you to identify the Ceph Object Gateway instance. Then, you must specify the host name where you installed the Ceph Object Gateway daemon, a keyring (for use with cephx), the socket path for FastCGI and a log file.
For RHEL 6, append the following configuration to /etc/ceph/ceph.conf in your admin node:
For RHEL 7, append the following configuration to /etc/ceph/ceph.conf in your admin node:
Here, {hostname} is the short hostname (output of command hostname -s) of the node that is going to provide the gateway service i.e, the gateway host.
The [client.radosgw.gateway] portion of the gateway instance identifies this portion of the Ceph configuration file as configuring a Ceph Storage Cluster client where the client type is a Ceph Object Gateway (i.e., radosgw).
The last line in the configuration i.e, rgw print continue = false is added to avoid issues with PUT operations.
Once you finish the setup procedure, if you encounter issues with your configuration, you can add debugging to the [global] section of your Ceph configuration file and restart the gateway to help troubleshoot any configuration issues. For example:
[global] #append the following in the global section. debug ms = 1 debug rgw = 20
[global]
#append the following in the global section.
debug ms = 1
debug rgw = 202.4. Distribute updated Ceph configuration file
The updated Ceph configuration file needs to be distributed to all Ceph cluster nodes from the admin node.
It involves the following steps:
Pull the updated
ceph.conffrom/etc/ceph/to the root directory of the cluster in admin node (e.g.ceph-configdirectory). The contents ofceph.confinceph-configwill get overwritten. To do so, execute the following:ceph-deploy --overwrite-conf config pull {hostname}ceph-deploy --overwrite-conf config pull {hostname}Copy to Clipboard Copied! Toggle word wrap Toggle overflow Here,
{hostname}is the short hostname of the Ceph admin node.Push the updated
ceph.conffile from the admin node to all other nodes in the cluster including thegateway host:ceph-deploy --overwrite-conf config push [HOST][HOST...]
ceph-deploy --overwrite-conf config push [HOST][HOST...]Copy to Clipboard Copied! Toggle word wrap Toggle overflow Give the hostnames of the other Ceph nodes in place of
[HOST][HOST...].
2.5. Copy ceph.client.admin.keyring from admin node to gateway host
As the gateway host can be a different node that is not part of the cluster, the ceph.client.admin.keyring needs to be copied from the admin node to the gateway host. To do so, execute the following on admin node:
sudo scp /etc/ceph/ceph.client.admin.keyring ceph@{hostname}:/home/ceph
ssh {hostname}
sudo mv ceph.client.admin.keyring /etc/ceph/ceph.client.admin.keyring
sudo scp /etc/ceph/ceph.client.admin.keyring ceph@{hostname}:/home/ceph
ssh {hostname}
sudo mv ceph.client.admin.keyring /etc/ceph/ceph.client.admin.keyring
The above step need not be executed if admin node is the gateway host.
2.6. Create Data Directory
Deployment scripts may not create the default Ceph Object Gateway data directory. Create data directories for each instance of a radosgw daemon (if you haven’t done so already). The host variables in the Ceph configuration file determine which host runs each instance of a radosgw daemon. The typical form specifies the radosgw daemon, the cluster name and the daemon ID.
To create the directory on the gateway host, execute the following:
sudo mkdir -p /var/lib/ceph/radosgw/ceph-radosgw.gateway
sudo mkdir -p /var/lib/ceph/radosgw/ceph-radosgw.gateway2.7. Adjust Socket Directory Permissions
The radosgw daemon runs as the unprivileged apache UID, and this UID must have write access to the location where it will write its socket file.
To grant permissions to the default socket location, execute the following on the gateway host:
sudo chown apache:apache /var/run/ceph
sudo chown apache:apache /var/run/ceph2.8. Start radosgw service
The Ceph Object gateway daemon needs to be started. To do so, execute the following on the gateway host:
On RHEL 7:
sudo systemctl start ceph-radosgw sudo chkconfig ceph-radosgw on
sudo systemctl start ceph-radosgw
sudo chkconfig ceph-radosgw onOn RHEL 6:
sudo service ceph-radosgw start sudo chkconfig ceph-radosgw on
sudo service ceph-radosgw start
sudo chkconfig ceph-radosgw on2.9. Change Log File Owner
The radosgw daemon runs as the unprivileged apache UID, but the root user owns the log file by default. You must change it to the apache user so that Apache can populate the log file.
sudo chown apache:apache /var/log/radosgw/client.radosgw.gateway.log
sudo chown apache:apache /var/log/radosgw/client.radosgw.gateway.log2.10. Create a Gateway Configuration file
On the host where you installed the Ceph Object Gateway i.e, gateway host, create an rgw.conf file. Place the file in the /etc/httpd/conf.d directory. It is a httpd configuration file which is needed for the radosgw service. This file must be readable by the web server.
Execute the following steps:
Create the file:
sudo vi /etc/httpd/conf.d/rgw.conf
sudo vi /etc/httpd/conf.d/rgw.confCopy to Clipboard Copied! Toggle word wrap Toggle overflow For RHEL 6, add the following contents to the file:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow For RHEL 7, add the following contents to the file:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.11. Restart httpd service
The httpd service needs to be restarted to accept the new configuration.
On RHEL 7, execute:
sudo systemctl restart httpd sudo systemctl enable httpd
sudo systemctl restart httpd
sudo systemctl enable httpdOn RHEL 6, execute:
sudo service httpd restart sudo chkconfig httpd on
sudo service httpd restart
sudo chkconfig httpd on
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}