Open Source Object Storage for Unstructured Data: Ceph on HP ProLiant SL4540 Gen8 Servers
Table Of Contents
- Executive summary
- Introduction
- Overview
- Solution components
- Workload testing
- Configuration guidance
- Bill of materials
- Summary
- Appendix A: Sample Reference Ceph Configuration File
- Appendix B: Sample Reference Pool Configuration
- Appendix C: Syntactical Conventions for command samples
- Appendix D: Server Preparation
- Appendix E: Cluster Installation
- Naming Conventions
- Ceph Deploy Setup
- Ceph Node Setup
- Create a Cluster
- Add Object Gateways
- Apache/FastCGI W/100-Continue
- Configure Apache/FastCGI
- Enable SSL
- Install Ceph Object Gateway
- Add gateway configuration to Ceph
- Redeploy Ceph Configuration
- Create Data Directory
- Create Gateway Configuration
- Enable the Configuration
- Add Ceph Object Gateway Script
- Generate Keyring and Key for the Gateway
- Restart Services and Start the Gateway
- Create a Gateway User
- Appendix F: Newer Ceph Features
- Appendix G: Helpful Commands
- Appendix H: Workload Tool Detail
- Glossary
- For more information
Reference Architecture | Product, solution, or service
Generate Keyring and Key for the Gateway
Here a keyring is created on the object gateway install system. These steps also set up read access for administrative ease
of use, and attach the gateway user to the cluster and keyring file. For simplicity, this config doesn’t bother merging
gateway keyring files across object gateways.
• sudo ceph-authtool --create-keyring /etc/ceph/keyring.radosgw.gateway
• sudo chmod +r /etc/ceph/keyring.radosgw.gateway
• sudo ceph-authtool /etc/ceph/keyring.radosgw.gateway -n client.radosgw.<gateway name> --gen-key
• sudo ceph-authtool -n client.radosgw.<gateway name> --cap osd 'allow rwx' --cap mon 'allow rw'
/etc/ceph/keyring.radosgw.gateway
• sudo ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.<gateway name> -i
/etc/ceph/keyring.radosgw.gateway
Restart Services and Start the Gateway
sudo service ceph restart
sudo service apache2 restart
sudo /etc/init.d/radosgw start
Create a Gateway User
To use the Swift and S3 APIs through the object gateway, a user account is required. This was done extensively for the
seeding part of the test with an automatic script. Since tests used the Swift API and SW_AUTH through the object gateway,
each account involves setting up a user, a swift subuser and a key for the subuser to authenticate to.
sudo radosgw-admin user create --uid=testusr --display-name="Test User"
sudo radosgw-admin subuser create --uid=testusr --subuser=testusr:swift --access=full
sudo radosgw-admin key create --subuser=testusr:swift --key-type=swift --gen-secret
You may want to modify read permissions for /etc/ceph/ceph.client.admin.keyring to allow radosgw-admin usage without
sudo.
To validate the object gateway is working, you can utilize swift client to do a ‘list’ on a user account created. Even without
any objects written, the command should return without error if the object gateway is working. When using the subuser
secret key, watch out for keys with escapes of ‘/’ (\/ represents just /). You may need to delete the escape character
depending on how you’re using the key.
swift -U <user name>:swift -K "<swift subuser secret key>" -A http://<object gateway IP>/auth/v1.0 list
47