|
|
Install and Set Up the Ceph Object Gateway* h4 H) U6 a# _4 V& N, u
* w4 g6 l( \! _7 j, o, A
Install Ceph Object Gateway Daemon
3 x5 V9 @" m9 q! C- \% bInstall and configure the Ceph Object Gateway daemon on the gateway host:- L0 w# C+ X* g% o
3 I; A* @7 S4 |9 V( N; `4 w2 d$ S6 y
# yum install ceph-radosgw
! `( y8 P2 M" Y% V3 ]+ ^) ANote that for federated architectures, you would additionally install the synchronization agent, radosgw-agent, to handle the metadata synchronization between zones and regions. y6 V: b% M. \1 |
# c5 \9 G8 j {5 m4 xAdditional Basic Requirements To Run The Object Gateway Daemon
$ G1 P- H( f$ D4 V9 rSome actions are not performed automatically during the installation of the Ceph Object Gateway daemon, since these steps may vary if you are configuring a federated gateway or you have chosen an alternative deployment approach. If you have followed the instructions provided so far, continue by performing the following steps:
6 f# J5 H8 k% L" o& R5 y8 b! d+ M. s6 Z" M% |
Create the Ceph Object Gateway data directory manually, if it does not already exist:" y- u9 f: P7 U8 o
, W& X2 L# x+ a# mkdir -p /var/lib/ceph/radosgw/ceph-radosgw.gateway
9 G! E5 x B1 N2 e8 I$ ^Update the ownership of the socket directory to allow the Object Gateway daemon to write to it. The daemon runs as the unprivileged Apache UID. To grant permissions to the default socket location, do the following on the gateway host:
' o# {4 P7 @" h, {' W# C& a! ^* q1 ]% M
# chown apache:apache /var/run/ceph- u# A4 t* J+ y9 S% r
The root user owns the log file, by default, but since the Object Gateway daemon runs as the unprivileged Apache UID, ownership of this file must be changed to allow the Object Gateway to write to it. Do the following on the gateway host:4 W' {; R8 D' V
2 y- C/ J6 n1 K5 [! `3 F5 Z# chown apache:apache /var/log/radosgw/client.radosgw.gateway.log
$ }4 ^% R# t2 R8 R4 O; ECreate a User and Keyring To Authenticate The Object Gateway To The Ceph Storage Cluster: D, k& E/ n4 O3 H2 t! Z/ H* e
The Ceph Object Gateway must have a user name and key to communicate with a Ceph Storage Cluster. In the following steps, an admin node in the Ceph Storage Cluster is used to create a keyring. A client user name and key is then created for the Ceph Object Gateway. The key is added to the Ceph Storage Cluster. Finally, the keyring is copied to the node running the Ceph Object Gateway, so that it can use it to access the Ceph Storage Cluster.1 A2 x: d. n" A3 v2 D7 S+ K N; d: u
7 p& S7 t% W& Q! x& G/ K
Execute the following steps on the admin node of your cluster:
* q8 B& Y! ]4 K; H
9 x# l( }& T fCreate a keyring for the gateway:
$ N) D2 x" X3 b) n' N( E. r: \3 L* `! y& N- q, p0 S5 n
# ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring
. u' V) g6 B% T1 ?# j# chmod +rw /etc/ceph/ceph.client.radosgw.keyring0 u, K* r* R- N9 C9 |4 G
Generate a Ceph Object Gateway user name and key and add it to the keyring:
1 p" ~( b- t& c) ^5 B1 O' d( C
! z) o8 _) u; M! _1 |% X' d# ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key' n7 b/ i3 C- m. v
Note that the Ceph Object Gateway user name is set to client.radosgw.gateway.
! a. t, ]: J. y+ H5 K# X' t
; E! R7 U3 \9 u' O* f2 T' CAdd capabilities to the key:
# x; z! J" m0 J) J% P8 p& O2 K" q
9 R; m# l! i% n6 E L" ^& K5 P4 [, K# ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
+ ] C% `) s1 Z; Q: |- w/ UAdd the key to the Ceph Storage Cluster to enable the Ceph Object Gateway access:" Z# ^, Q9 P$ _9 Z' h) Z6 p
$ m+ w& h# o1 z# ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
' E3 l2 w/ D$ x1 ^$ wIf the admin node of the cluster is not also used to host the Object Gateway, you must copy the keyring to the gateway host. Typically, this is done using scp, for example:" X% o- t* @# k' O9 D4 i
7 X- d8 |: q- u& p2 O% U* P* l# scp /etc/ceph/ceph.client.radosgw.keyring user@gw.example.com:
" ?& U! A5 ^. s- m# p# F/ l3 K: YOn the gateway host, you must ensure that the keyring is moved to the correct location, at /etc/ceph/ceph.client.radosgw.keyring:
* m; o; }1 B+ p Y/ m4 Y9 \: ]( x: D2 _ G, G0 h/ n
# mv ceph.client.radosgw.keyring /etc/ceph/ceph.client.radosgw.keyring
) g: r7 [) h* M1 \Create Pools for the Object Gateway+ u# y1 O- Z- S. M, f# a) b
Ceph Object Gateways require Ceph Storage Cluster pools to store specific gateway data. If the user you created has permissions, the gateway daemon creates the pools automatically. If you intend to allow the gateway daemon to create pools automatically, you should ensure that an appropriate default number of placement groups per pool is set in your Ceph configuration file (/etc/ceph/ceph.conf) on the admin node. Ceph Object Gateways have multiple pools, so you should keep the default number of placement groups per pool low to maximize performance.% r7 T% Y+ C! _% q3 v5 v
& k" o t1 s+ q5 @You can manually create the pools if you wish to use alternative values for the number of placement groups per pool. The default pool names for an Object Gateway are as follows:- t9 [& M7 `6 e
; }' e) V$ v' Q) h
.rgw.root2 c8 ^8 H/ a- n- y- w' I
) H; J8 r# `1 j* X( M% Y
.rgw.control3 _7 C# @1 Q M1 r
' D. |' ?( Z' D3 ~2 O' i3 Q; u.rgw.gc
8 F) `1 k) \; t9 s6 ]& u3 H, o
: L$ w6 k! l. A( m7 p8 ~3 Q.rgw.buckets7 U4 b; T# J7 ~) D, Z3 u" T
5 r/ D% ?( s9 U( h9 ]- O( G.rgw.buckets.index
9 g O- i4 H2 p6 [1 r$ Z/ v0 z* }2 v& D. H3 V7 q+ u1 I- R3 R
.log
2 y9 Z9 y4 u$ P. W4 H3 H. R' O5 r# H" Q0 w' `, b4 Y; u
.intent-log
B& @! Y/ u$ @5 g" q. b$ M# v8 }# x' _" F! P
.usage
: A% a, w) n& A& L2 \% M* B! L2 b+ [
.users
8 p/ R7 i# D5 R
) v0 o7 ^/ A0 f! ^.users.email) m. y7 U3 a, ]; g
( X+ v5 D) G) ]- I: M% [8 V/ `.users.swift
* I' C) |+ @: ], Y' ?- ?2 X
/ k4 I$ T) s @! p% G* T- e' b.users.uid
3 Q( X# d/ C6 \% R- a4 w. J/ [+ j, `6 b: B) W8 a- f2 d3 L
Use the following command to manually create each of these pools, substituting poolname with the name of the pool that you are creating, pg-num with the number of placement groups to create for the pool, and pgp-num for the number of placement groups for placement (usually the same or greater than the number of placement groups).
5 o3 J3 k/ s* p# r: Q6 L+ L
' e9 `- o* K$ R. x. H* n# ceph osd pool create poolname pg-num pgp-num
/ F! o' q. R* g# r3 K' ?. _! pYou can list the available pools and check that pools have been created for the gateway by running:
3 `/ j, H6 Q1 U1 H$ f- x, F8 n# p! u% o. Y A+ a# a
# rados lspools
' @7 u J7 L6 DNote that if you have not yet started the gateway daemon, only pools that you have manually created are listed at this point.
% d, M& H1 ]( @$ Y5 |
) H- H) H _ `: z0 LAdd the Ceph Gateway Configuration Details To The Ceph Configuration File
6 L2 O8 s+ ~* t ODetails of the Ceph Object Gateway configuration must be made available to the Ceph Storage Cluster. Edit the Ceph Configuration file on the admin node of the cluster. Create a configuration entry that identifies the Ceph Object Gateway instance, provides the short hostname of the gateway host, provides a path to the keyring file, provides a path to a lock file and specifies the socket information for FastCGI. This entry is slightly different depending on whether you are running Ceph on Oracle Linux 6 or on Oracle Linux 7, since Oracle Linux 6 uses localhost TCP for the FastCGI socket, while Oracle Linux 7 uses Unix Domain Sockets.+ N! M3 T0 ?7 n; N+ `8 Z
8 s' o/ x, J- Q* w1 \For Oracle Linux 6, append the following configuration to /etc/ceph/ceph.conf on the admin node of the Ceph Storage Cluster:# Z6 o5 F r' z+ |
# `' _4 v H, j$ f0 N7 ]( ~9 V[client.radosgw.gateway]" m2 h) {2 z& o: G$ o5 h; Y. W
host = hostname5 ]2 D. X* _. X1 I/ e
keyring = /etc/ceph/ceph.client.radosgw.keyring
; w6 X) h* k1 c# orgw socket path = ""5 O" ~' j+ m4 J! H4 h( Y
log file = /var/log/radosgw/client.radosgw.gateway.log
- }# V9 {9 n% }: t1 Y% i( Krgw frontends = fastcgi socket_port=9000 socket_host=0.0.0.06 h* d1 I4 J* Q; y" r
For Oracle Linux 7, append the following configuration to /etc/ceph/ceph.conf on the admin node of the Ceph Storage Cluster:
/ H* q$ z$ A) D$ b9 e0 j* e+ n: U3 P" V! {
[client.radosgw.gateway]4 R8 q: Q* q' `1 i7 [
host = hostname1 v, u; h; c" T3 a3 q! |
keyring = /etc/ceph/ceph.client.radosgw.keyring( t- Y% x. P- U
rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
% ~) Z5 f2 K7 J+ p2 Slog file = /var/log/radosgw/client.radosgw.gateway.log
3 A$ w/ z) F4 @& P( @' f+ {( s" Nrgw print continue = false. H# N- V5 B, h6 d' \2 w: w
Replace hostname with the short hostname of the gateway host. You can obtain this value by running hostname -s on the gateway host.
7 W( o( p' V/ ~: U
2 L9 k* ^4 p- [. T. |0 _Update Ceph Configuration Across All Cluster Nodes0 X( ^, I& p- h/ W& a, C
The updated Ceph configuration file must be copied to all Ceph cluster nodes. This is achieved using the ceph-deploy command on the admin node of the cluster.
8 Y9 Z8 R+ {3 F I* i8 n) W! ^. _0 [0 _* c" w- Y( W
First, copy the ceph.conf file to the root directory used by the cluster on the admin node:
3 z; F1 g: T1 f1 m" I3 A( ?' a3 { V" A7 i1 T
# cp /etc/ceph/ceph.conf /var/mydom_ceph
# M5 }4 r- [4 t- u% q& ? WNext, pull the configuration from the cluster directory into the admin node:( V0 U, ]: _+ k2 B' g
1 i+ R7 x) I) w9 l% W( t8 H r( i# ceph-deploy --overwrite-conf config pull hostname
! i8 m+ ]: f" ~6 T3 vSubstitute hostname with the short hostname of the Ceph admin node. You can obtain this value by running hostname -s on the admin node. These commands cause the contents of the ceph.conf file to be overwritten.
3 W( f) v% V3 _3 \' m
1 }8 l" X; `' |" sFinally, push the updated configuration from the admin node to all other nodes in the cluster including the gateway host. Run the following command for each host in the cluster:
5 h. g( X; I- ~ T6 N( x5 p# ?2 c4 z
/ X2 j$ }0 |' t/ q3 {# ceph-deploy --overwrite-conf config push hostname. ]* S3 x8 M D& p
Substitute hostname with the short hostname of each node in the cluster, including the gateway host. You may run this as a single command by substituting hostname with a space-separated list of all of the hostnames that you wish to push the configuration update to.2 ^5 b9 @: c+ ]2 x
3 O, `" n& {& k4 zCreate a CGI wrapper script
$ ]/ V9 b* U+ y) c7 y4 U$ W* LA wrapper CGI script is used to provide an interface between Apache and the Object Gateway daemon. You must create the script yourself in a location that is accessible to Apache on the gateway host.5 Y5 K/ s6 ^) A7 v, J C
( J, D: u: S, X W9 o4 s4 N' XCreate /var/www/html/s3gw.fcgi and open it in an editor. Add the following content to the file:+ \" n: ]: I* {) @
8 @- ~+ B/ _, b2 B+ _' Z
#!/bin/sh
9 f! v9 O, h5 U, nexec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway$ V6 r/ V2 Q' S5 o, P" Y: K) g! @; H
Provide execute permissions to the script and update ownership so that Apache is able to execute the script:
: n1 @ r8 {1 O @5 T, t7 i; B1 T% f0 l( c' e1 @
# chmod +x /var/www/html/s3gw.fcgi 5 ~9 ]4 ~+ o. h( W# I6 G z4 i
# chown apache:apache /var/www/html/s3gw.fcgi
% k6 [# H+ E5 q1 ~- ^Start The Object Gateway Daemon
P7 ]+ |5 G {/ CStart the Ceph Object Gateway daemon on the gateway host.
5 t6 s6 Z8 C, D) `1 m" s, ]3 w& y# b: t2 J# t
On Oracle Linux 6, run:
; n; z/ k& w# a7 o
/ d8 X. M* `% }0 h7 b! Y# service ceph-radosgw start
4 g1 u1 I/ q2 n+ M, y, }# chkconfig ceph-radosgw on2 a0 d& p& U& A" q0 R4 K; k1 s
On Oracle Linux 7, run:
- T9 i, V3 O; w' U8 |3 Y, [, k- `6 _8 V
# systemctl start ceph-radosgw
1 B ^5 I" J5 I0 s" P3 T" p0 k! [# chkconfig ceph-radosgw on1 h1 z! L \3 {, k) r9 K9 j2 d$ o
Create An Apache VirtualHost Entry For the Ceph Object Gateway
+ E2 w; F# n4 r& h3 `Apache must be configured to provide access to the FastCGI wrapper script so that the Ceph Object Gateway is able to function. To do this, create a VirtualHost entry in your Apache configuration. It is best to create this as an individual configuration file in /etc/httpd/conf.d. The VirtualHost entry differs slightly depending on the version of Oracle Linux you are using. Instructions are provided for both.- ~/ F- g/ Z4 B& [* J; i; J
% m- O, L3 Y) B' @On Oracle Linux 6, create the file /etc/httpd/conf.d/rgw.conf and add the following content:) B2 `& ^5 D, U+ h# V' l
) a( x1 ~6 }) K5 v3 C5 u4 {% K<VirtualHost 198.51.100.1:80>
1 ^, B( a$ T, e7 ?ServerName gw.example.com! r& w* b& d, W& |
DocumentRoot /var/www/html
) M5 b) m+ S/ R. K- Z& SErrorLog /var/log/httpd/rgw_error.log
( Q( }: M/ R8 G# r& `/ pCustomLog /var/log/httpd/rgw_access.log combined( b7 O1 m( n: Q3 r
RewriteEngine On: u6 X9 p& Q$ V7 T& G& g
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
% [4 D. r7 e* G7 s7 o# ESetEnv proxy-nokeepalive 1" Y% p! v/ q- {
ProxyPass / fcgi://localhost:9000/
/ `" C. ]7 m' B5 ]</VirtualHost>
! _; w5 q7 }5 l9 _8 fwhere 198.51.100.1 must be replaced with the public facing IP address of the host. Substitute gw.example.com so that the ServerName directive points to the hostname or fully qualified domain name of the gateway host." J/ n+ R: m" r) }1 s8 x
; Q1 Q5 q, a: M$ g5 T" uOn Oracle Linux 7, create the file /etc/httpd/conf.d/rgw.conf and add the following content:
# f6 u9 A, c9 U+ K2 w( I* e' a+ E7 N& p) v+ F. ]
<VirtualHost 198.51.100.1:80>; H6 t! ?: N1 X: P7 e0 q
ServerName gw.example.com4 Q, Z3 o2 f J
DocumentRoot /var/www/html+ }8 O! V& T/ v; p. r' M
ErrorLog /var/log/httpd/rgw_error.log
) t5 F0 M' h6 d# S5 }$ dCustomLog /var/log/httpd/rgw_access.log combined
4 x" ^" Q" _8 WRewriteEngine On$ Q2 W& ~0 V8 T! B; |. [6 {2 P: J5 o
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
; r S3 ^- n- oSetEnv proxy-nokeepalive 1* g4 R) k+ t9 B3 ^) Z
ProxyPass / unix:///var/run/ceph/ceph.radosgw.gateway.fastcgi.sock|fcgi://localhost:9000/* L- E: X8 o1 Y6 K0 a
</VirtualHost>6 P0 W( [& G( z2 Z- C" i
where 198.51.100.1 must be replaced with the public facing IP address of the host. Substitute gw.example.com so that the ServerName directive points to the hostname or fully qualified domain name of the gateway host.) J6 r: ^; K5 r4 ^
# E2 ~, z: ?# Y; {: I0 `+ @ O
Restart Apache! ?4 ~4 J. R1 [+ L3 |
The httpd service needs to be restarted to use the new configuration.* A! W# V9 s: @+ d
1 f+ l2 W3 g7 `) e L/ ]On Oracle Linux 6, do:5 s- {5 W/ C. _3 S. G# q' d
6 w& v5 `( j E9 w: n! g0 q
# service httpd restart
: A$ p$ ~! T4 @0 X# chkconfig httpd on. h1 l" A+ b/ x/ h
Alternately, on Oracle Linux 7, do:
% n& ]0 G ]1 |4 d3 p/ V$ K% \
7 M) t/ _1 |1 A8 T( @! O1 G( h8 x) c# systemctl restart httpd
5 X( g5 I6 W% r9 s! E# systemctl enable httpd( Z( Y+ h2 O# L( I b6 V0 N
At this point, the Ceph Object Gateway should be running and the REST interfaces available. You must create and initial Ceph Object Gateway user for the S3 interface and a subuser for the Swift interface.
W- F+ P: G4 K7 ^" f4 Z: T5 u* z/ d8 P0 @; x: g% y
|
|
发表于 2022-8-18 11:15:58