Project

General

Profile

Actions

Task #7632

closed

Setup rados / s3 storage on ceph

Added by Nico Schottelius about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
ll nu
Target version:
-
Start date:
01/20/2020
Due date:
01/20/2020
% Done:

0%

Estimated time:
PM Check date:

Description

  • Including permissions
  • Document the setup
  • Document how to use it
Actions #1

Updated by ll nu about 4 years ago

  • Status changed from New to Seen
Actions #3

Updated by ll nu about 4 years ago

using this manual the radosgw is configured at rgw.llnu.at

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html/installation_guide_for_red_hat_enterprise_linux/manually-installing-ceph-object-gateway

We don't have ceph-deploy/redhat init scripts so some parts of the setup might be missing

It starts up, talks to the monitor (checked via tcpdup) however it doesnt start to listen at port :80 via civetweb as it was specified in the ceph.conf file:

[client.rgw.rgw]
host = rgw
#rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
rgw frontends = "civetweb port=80"
log file = /var/log/ceph/ceph-rgw-gateway.log
rgw dns name = rgw.llnu.at
keyring = /var/lib/ceph/radosgw/ceph-rgw.rgw/keyring

Actions #4

Updated by ll nu about 4 years ago

Radosgw is running. The correct way to start is1:

/usr/bin/radosgw --cluster ceph --name client.rgw.`hostname -s` -setuser ceph --setgroup ceph

atm I'm tweaking the settings to setup ssl, and ipv6 support

1: (it wasnt writted anywhere but one must supply the --name argument, without it doesnt work, and it wont complain either -.-)

Actions #5

Updated by ll nu about 4 years ago

updated conf with ssl

[client.rgw.rgw]
host = rgw
#rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
rgw socket path = /tmp/radosgw.sock
rgw frontends = beast ssl_port=443 ssl_certificate=/etc/letsencrypt/live/rgw.llnu.at/cert.pem ssl_private_key=/etc/letsencrypt/live/rgw.llnu.at/privkey.pem
log file = /var/log/ceph/ceph-rgw-gateway.log
rgw dns name = rgw.llnu.at
keyring = /var/lib/ceph/radosgw/ceph-rgw.rgw/keyring

Actions #6

Updated by Nico Schottelius about 4 years ago

Note for production checking: what happens/is required to do if the
certificate is replaced with a new one?

writes:

Actions #7

Updated by ll nu about 4 years ago

thats a good question, first ill test the existing setup

wildcard cert setup:

certbot  certonly --manual --preferred-challenges=dns --email llnu@protonmail.ch --server https://acme-v02.api.letsencrypt.org/direct
ory --agree-tos -d *.rgw.llnu.a

challange:
Please deploy a DNS TXT record under the name
_acme-challenge.rgw.llnu.at with the following value:

added to bind:
_acme-challenge.rgw TXT "kEuj7KknBtnGzUAVykfqfvlH6d0qwflF5FDY3SwNg7M" 

added wildcard dns entries so all domains under .rgw.llnu.at will resolve to 1 ip

*.rgw    AAAA 2a0a:e5c0:10:bee:0:ff:fe00:205

testing begins here:

add user:
radosgw-admin user create --uid="testuser" --display-name="First User" 

list keys/infos about a user
radosgw-admin user info --uid=testuser

git to useful ceph test programs:
https://github.com/ronaldddilley/ceph-s3-examples

depreceated:

with python.boto, as described on https://docs.ceph.com/docs/nautilus/install/install-ceph-gateway/

to create a user:
radosgw-admin user create --uid="testuser" --display-name="First User" 
# note here the access/secret key
Actions

Also available in: Atom PDF