Install Ceph Object Gateway

Note

To run the Ceph object gateway service, you should have a running Ceph cluster, the gateway host should have access to storage and public networks, and SELinux should be in permissive mode in rpm-based distros.

The Ceph Object Gateway daemon runs on Apache and FastCGI.

To run a Ceph Object Storage service, you must install Apache and Ceph Object Gateway daemon on the host that is going to provide the gateway service, i.e, the gateway host. If you plan to run a Ceph Object Storage service with a federated architecture (multiple regions and zones), you must also install the synchronization agent.

Note

Previous versions of Ceph shipped with mod_fastcgi. The current version ships with mod_proxy_fcgi instead.

In distros that ship Apache 2.4 (such as RHEL 7, CentOS 7 or Ubuntu 14.04 Trusty), mod_proxy_fcgi is already present. When you install the httpd package with yum or the apache2 package with apt-get, mod_proxy_fcgi becomes available for use on your server.

In distros that ship Apache 2.2 (such as RHEL 6, CentOS 6 or Ubuntu 12.04 Precise), mod_proxy_fcgi comes as a separate package. In RHEL 6/CentOS 6, it is available in EPEL 6 repo and can be installed with yum install mod_proxy_fcgi. For Ubuntu 12.04, a backport for mod_proxy_fcgi is in progress and a bug has been filed for the same. See: ceph radosgw needs mod-proxy-fcgi for apache 2.2

Install Apache

To install Apache on the gateway host, execute the following:

On Debian-based distros, run:

sudo apt-get install apache2

On RPM-based distros, run:

sudo yum install httpd

Configure Apache

Make the following changes in Apache’s configuration on the gateway host:

Debian-based distros

1. Add a line for the ServerName in /etc/apache2/apache2.conf. Provide the fully qualified domain name of the server machine (e.g., hostname -f):

   ServerName {fqdn}

2. Load mod_proxy_fcgi module.

   Execute:

   sudo a2enmod proxy_fcgi

3. Start Apache service:

   sudo service apache2 start

RPM-based distros

1. Open the httpd.conf file:

   sudo vim /etc/httpd/conf/httpd.conf

2. Uncomment #ServerName in the file and add the name of your server. Provide the fully qualified domain name of the server machine (e.g., hostname -f):

   ServerName {fqdn}

3. Update /etc/httpd/conf/httpd.conf to load mod_proxy_fcgi module. Add the following to the file:

   <IfModule !proxy_fcgi_module>
   LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
   </IfModule>

4. Edit the line Listen 80 in /etc/httpd/conf/httpd.conf with the public IP address of the host that you are configuring as a gateway server. Write Listen {IP ADDRESS}:80 in place of Listen 80.

5. Start httpd service

   Execute:

   sudo service httpd start

   Or:

   sudo systemctl start httpd

Enable SSL

Some REST clients use HTTPS by default. So you should consider enabling SSL for Apache. Use the following procedures to enable SSL.

Note

You can use self-certified certificates. Some client APIs check for a trusted certificate authority. You may need to obtain a SSL certificate from a trusted authority to use those client APIs.

Debian-based distros

To enable SSL on Debian-based distros, execute the following steps:

1. Ensure that you have installed the dependencies:

   sudo apt-get install openssl ssl-cert

2. Enable the SSL module:

   sudo a2enmod ssl

3. Generate a certificate:

   sudo mkdir /etc/apache2/ssl
   sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

4. Restart Apache:

   sudo service apache2 restart

See the Ubuntu Server Guide for additional details.

RPM-based distros

To enable SSL on RPM-based distros, execute the following steps:

1. Ensure that you have installed the dependencies:

   sudo yum install mod_ssl openssl

2. Generate private key:

   openssl genrsa -out ca.key 2048

3. Generate CSR:

   openssl req -new -key ca.key -out ca.csr

4. Generate a certificate:

   openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

5. Copy the files to appropriate locations:

   sudo cp ca.crt /etc/pki/tls/certs
   sudo cp ca.key /etc/pki/tls/private/ca.key
   sudo cp ca.csr /etc/pki/tls/private/ca.csr

6. Update the Apache SSL configuration file /etc/httpd/conf.d/ssl.conf.

   Give the correct location of SSLCertificateFile:

   SSLCertificateFile /etc/pki/tls/certs/ca.crt
   

   Give the correct location of SSLCertificateKeyFile:

   SSLCertificateKeyFile /etc/pki/tls/private/ca.key
   

   Save the changes.

7. Restart Apache.

   Execute:

   sudo service httpd restart

   Or:

   sudo systemctl restart httpd

See Setting up an SSL secured Webserver with CentOS for additional details.

Install Ceph Object Gateway Daemon

Ceph Object Storage services use the Ceph Object Gateway daemon (radosgw) to enable the gateway. For federated architectures, the synchronization agent (radosgw-agent) provides data and metadata synchronization between zones and regions.

Debian-based distros

To install the Ceph Object Gateway daemon on the gateway host, execute the following:

sudo apt-get install radosgw

To install the Ceph Object Gateway synchronization agent, execute the following:

sudo apt-get install radosgw-agent

RPM-based distros

To install the Ceph Object Gateway daemon on the gateway host, execute the following:

sudo yum install ceph-radosgw

To install the Ceph Object Gateway synchronization agent, execute the following:

sudo yum install radosgw-agent

Configure The Gateway

Once you have installed the Ceph Object Gateway packages, the next step is to configure your Ceph Object Gateway. There are two approaches:

• Simple: A simple Ceph Object Gateway configuration implies that you are running a Ceph Object Storage service in a single data center. So you can configure the Ceph Object Gateway without regard to regions and zones.
• Federated: A federated Ceph Object Gateway configuration implies that you are running a Ceph Object Storage service in a geographically distributed manner for fault tolerance and failover. This involves configuring your Ceph Object Gateway instances with regions and zones.

Choose the approach that best reflects your cluster.