红帽全球峰会此内容没有您所选择的语言版本。
Chapter 1. Install Ceph object gateway
To run the Ceph object gateway service, you should have a running Ceph cluster, the gateway host should have access to storage and public networks, and SELinux should be in permissive mode.
The Ceph Object Gateway daemon runs on Apache and FastCGI.
To run a Ceph Object Storage service, you must install Apache and Ceph Object Gateway daemon on the host that is going to provide the gateway service, i.e, the gateway host. If you plan to run a Ceph Object Storage service with a federated architecture (multiple regions and zones), you must also install the synchronization agent.
Previous versions of Ceph shipped with mod_fastcgi. The current version of Red Hat Ceph Storage ships with mod_proxy_fcgi instead.
In RHEL 7, mod_proxy_fcgi is present in the main httpd package. When you’ve installed the httpd package with yum, mod_proxy_fcgi will already be available for use on your server.
In RHEL 6, mod_proxy_fcgi comes in its own mod_proxy_fcgi package. You will need to install it with yum install mod_proxy_fcgi.
1.1. Install Apache
To install Apache on the gateway host, execute the following:
sudo yum install httpd
sudo yum install httpd1.2. Enable RH-COMMON repositories
You need to enable RH-COMMON repositories with subscription-manager to install packages required for setting up Ceph Object Gateway on the gateway host.
On RHEL 7, execute:
subscription-manager repos --enable=rhel-7-server-rh-common-rpms
subscription-manager repos --enable=rhel-7-server-rh-common-rpmsOn RHEL 6, execute:
subscription-manager repos --enable=rhel-6-server-rh-common-rpms
subscription-manager repos --enable=rhel-6-server-rh-common-rpms1.3. Configure Apache
Make the following changes in Apache’s configuration on the gateway host:
1.3.1. Give the ServerName in httpd.conf
Uncomment #ServerName in /etc/httpd/conf/httpd.conf and add the name of your server. Provide the fully qualified domain name of the server machine (e.g., hostname -f):
ServerName {fqdn}
ServerName {fqdn}1.3.2. Load mod_proxy_fcgi module
Update /etc/httpd/conf/httpd.conf to load mod_proxy_fcgi module. Append the following to the file:
<IfModule !proxy_fcgi_module> LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so </IfModule>
<IfModule !proxy_fcgi_module>
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
</IfModule>1.3.3. Update httpd to listen to public IP address
Edit the line Listen 80 in /etc/httpd/conf/httpd.conf with the public IP address of the host that you are configuring as a gateway server.
e.g. Listen {IP ADDRESS}:80 in place of Listen 80.
1.3.4. Start httpd service
On RHEL 7, execute:
sudo systemctl start httpd
sudo systemctl start httpdOn RHEL 6, execute:
sudo service httpd start
sudo service httpd start1.4. Enable SSL
Some REST clients use HTTPS by default. So you should consider enabling SSL for Apache. Use the following procedures to enable SSL on the gateway host.
You can use self-certified certificates. Some client APIs check for a trusted certificate authority. You may need to obtain a SSL certificate from a trusted authority to use those client APIs.
To enable SSL, execute the following steps:
Ensure that you have installed the dependencies:
sudo yum install mod_ssl openssl
sudo yum install mod_ssl opensslCopy to Clipboard Copied! Toggle word wrap Toggle overflow Generate private key:
openssl genrsa -out ca.key 2048
openssl genrsa -out ca.key 2048Copy to Clipboard Copied! Toggle word wrap Toggle overflow Generate CSR:
openssl req -new -key ca.key -out ca.csr
openssl req -new -key ca.key -out ca.csrCopy to Clipboard Copied! Toggle word wrap Toggle overflow Generate a certificate:
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow Copy the files to appropriate locations:
sudo cp ca.crt /etc/pki/tls/certs sudo cp ca.key /etc/pki/tls/private/ca.key sudo cp ca.csr /etc/pki/tls/private/ca.csr
sudo cp ca.crt /etc/pki/tls/certs sudo cp ca.key /etc/pki/tls/private/ca.key sudo cp ca.csr /etc/pki/tls/private/ca.csrCopy to Clipboard Copied! Toggle word wrap Toggle overflow Update the Apache SSL configuration file
/etc/httpd/conf.d/ssl.conf. with correct locations ofSSLCertificateFileandSSLCertificateKeyFile:SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key
SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.keyCopy to Clipboard Copied! Toggle word wrap Toggle overflow Restart httpd service:
On RHEL 7, execute:
sudo systemctl restart httpd
sudo systemctl restart httpdCopy to Clipboard Copied! Toggle word wrap Toggle overflow On RHEL 6, execute:
sudo service httpd restart
sudo service httpd restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow
1.5. Install Ceph Object Gateway Daemon
Ceph Object Storage services use the Ceph Object Gateway daemon (radosgw) to enable the gateway. For federated architectures, the synchronization agent (radosgw-agent) provides data and metadata synchronization between zones and regions.
To install the Ceph Object Gateway daemon on the gateway host, execute the following:
sudo yum install ceph-radosgw
sudo yum install ceph-radosgwTo install the Ceph Object Gateway synchronization agent, execute the following:
sudo yum install radosgw-agent
sudo yum install radosgw-agent
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}