Shulou(Shulou.com)06/01 Report--

This article mainly introduces the installation and configuration of Ceph object Storage Gateway. in daily operation, I believe many people have doubts about the installation and configuration of Ceph object Storage Gateway. the editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "installation and configuration of Ceph object Storage Gateway". Next, please follow the editor to study!

Introduction

Based on the deployed Ceph cluster, a gateway server is deployed to provide object storage services. In fact, the operating system CentOS6.5 CEPH0.94.3 can be accessed directly based on librados, but I have seen the object storage of Baidu and UCLOUD. When users upload and download files on the web page, they all deal with the storage cluster indirectly through the web server, which is isolated instead of communicating directly with the cluster. I have to understand that it is easy to access control and isolation.

1. Dependent package installation

Ceph rados-gateway relies on Apache and FastCGI. The user's request goes to the web server first, and then goes to rados-gateway to enter the cluster.

1.1 install Apache service sudo yum install httpdPackage httpd-2.2.15-47.el6.centos.x86_64 already installed and latest version1.2 configure http server sudo vim / etc/httpd/conf/httpd.conf

Remove the comment number of ServerName and add the IP address of your own gateway server

272 # If your host doesn't have a registered DNS name, enter its IP address here.273 # You will have to access it by its address anyway, and this will make 274 # redirections work in a sensible way.275 # 276 ServerName 101.67.163.34:80

Add the following information to the configuration to load mod_proxy_fcgi

LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so

Note here that the content needs to be loaded at the back of the LoadModule series, otherwise the following error will be reported:

Sudo service httpd startStarting httpd: httpd: Syntax error on line 129 of / etc/httpd/conf/httpd.conf: Cannot load / etc/httpd/modules/mod_proxy_fcgi.so into server: / etc/httpd/modules/mod_proxy_fcgi.so: undefined symbol: ap_proxy_release_connection

Modify the LISTEN field in the configuration to add the IP address of the host where the gateway is located

# Listen: Allows you to bind Apache to specific IP addresses and/or# ports, in addition to the default. See also the # directive.## Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # Listen 101.67.163.34:80#Listen 801.3 SSL support (whether it must be clear here, just follow the official documentation)

Secret key file generation

Sudo yum install mod_ssl opensslopenssl genrsa-out ca.key 2048openssl req-new-key ca.key-out ca.csropenssl x509-req-days 365-in ca.csr-signkey ca.key-out ca.crt

Place sudo cp ca.crt / etc/pki/tls/certs in the file directory

Sudo cp ca.key / etc/pki/tls/private/ca.keysudo cp ca.csr / etc/pki/tls/private/ca.csr

Configuration file modification / etc/httpd/conf.d/ssl.conf.

SSLCertificateFile / etc/pki/tls/certs/ca.crtSSLCertificateKeyFile / etc/pki/tls/private/ca.key

Restart the httpd service sudo service httpd restart

1.4 Gateway service installation sudo yum install ceph-radosgw

At this point, the relevant dependency packages have been installed

2. CEPH gateway service configuration

The ceph gateway is actually a client of the ceph cluster. Users access the ceph cluster indirectly through this gateway. As a client, it needs to prepare the following:

Gateway name, which is called gateway here

A user who can access the storage cluster and the corresponding KEYRING

Data resource pool, which is provided by the ceph cluster

Prepare a data storage space for the gateway service example

Set gateway information in the ceph.conf configuration file

2.1 create access users and permission settings

Create a gateway keyring, which is empty at first

Sudo ceph-authtool-- create-keyring / etc/ceph/ceph.client.radosgw.keyringsudo chmod + r / etc/ceph/ceph.client.radosgw.keyring

Create the gateway user name and key where the name is client.radosgw.gateway

Sudo ceph-authtool / etc/ceph/ceph.client.radosgw.keyring-n client.radosgw.gateway-- gen-key

Add permissions for KEYRING

Sudo ceph-authtool-n client.radosgw.gateway-- cap osd 'allow rwx'-- cap mon' allow rwx' / etc/ceph/ceph.client.radosgw.keyring

Add key to the cluster

Sudo ceph-k / etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway-I / etc/ceph/ceph.client.radosgw.keyring

Copy the relevant KEYRING files to the host / etc/ceph/ directory where rados-gateway is located

2.2 data resource pool creation. Rgw.root.rgw.control.rgw.gc.rgw.buckets.rgw.buckets.index.rgw.buckets.extra.log.intent-log.usage.users.users.email.users.swift.users.uid [root@gnop029-ct-zhejiang_wenzhou-16-34 conf] # ceph osd lspools4 rbd,6 pool-1,7 pool-2,8 .rgw, 9. Rgw.root, 10. Rgw.control, 11. Rgw.gc, 12. Rgw.buckets, 13. Rgw.buckets.index, 14. Log 15. Intent-log,16 .usage, 17. Users, 18. Users.email, 19. Users.swift, 20. Users.uid2.3 add gateway configuration information to the cluster configuration [client.radosgw.gateway] host=ceph-24keyring=/etc/ceph/ceph.client.radosgw.keyringrgw socket path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.socklog file=/var/log/radosgw/client.radosgw.gateway.logrgw frontends=fastcgi socket_port=9000 socket_host=0.0.0.0rgw print continue=false2.4 directory and permission adjustment

Create a data directory

Sudo mkdir-p / var/lib/ceph/radosgw/ceph-radosgw.gateway adjust apache running permissions sudo chown apache:apache / var/run/ceph

Adjust log permissions

Sudo chown apache:apache / var/log/radosgw/client.radosgw.gateway.log

Start the gateway service sudo / etc/init.d/ceph-radosgw start

2.5 Gateway Profil

A configuration file for interaction between web server and FastCGI

Sudo vi / etc/httpd/conf.d/rgw.conf

ServerName 101.67.163.34DocumentRoot / var/www/htmlErrorLog / var/log/httpd/rgw_error.logCustomLog / var/log/httpd/rgw_access.log combinedRewriteEngine OnRewriteRule. *-[SetEnv proxy-nokeepalive 1ProxyPass / fcgi://101.67.163.34:9000/] SetEnv proxy-nokeepalive 1ProxyPass / fcgi://101.67.163.34:9000/

The red mark should be filled in according to the actual situation.

User creates radosgw-admin user create-- uid=xuwenping-- display-name= "ceph xuwenping"-- email=xuwenping@d***n.com {"user_id": "xuwenping", "display_name": "ceph xuwenping", "email": "xuwenping@dnion.com", "suspended": 0, "max_buckets": 1000, "auid": 0, "subusers": [] "keys": [{"user": "xuwenping", "access_key": "4J3GD7GJIJKSDCVS1I9T", "secret_key": "yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I"}], "swift_keys": [], "caps": [], "op_mask": "read, write, delete", "default_placement": "" Placement_tags: [], bucket_quota: {"enabled": false, "max_size_kb":-1, "max_objects":-1}, "user_quota": {"enabled": false, "max_size_kb":-1, "max_objects":-1}, "temp_url_keys": []}

Create SWIFT type USER

Sudo radosgw-admin subuser create-- uid=xuwenping-- subuser=xuwenping: swift-- access=full2015-10-10 1414 swift 19.854951 7f402eadc8a0 0 max_buckets=1000 specified=0 {"user_id": "xuwenping", "display_name": "ceph xuwenping", "email": "xuwenping@dnion.com", "suspended": 0, "max_buckets": 1000, "auid": 0 "subusers": [{"id": "xuwenping:swift", "permissions": "full-control"}], "keys": [{"user": "xuwenping", "access_key": "4J3GD7GJIJKSDCVS1I9T", "secret_key": "yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I"} {"user": "xuwenping:swift", "access_key": "PEIT99BBWMZP31BD6S3I", "secret_key": ""}], "swift_keys": [{"user": "xuwenping:swift", "secret_key": "qWHPhvUy4md1XSa2PSbcxUyMU5YXodlqxt0ZC2hn"}], "caps": [] "op_mask": "read, write, delete", "default_placement": "," placement_tags ": []," bucket_quota ": {" enabled ": false," max_size_kb ":-1," max_objects ":-1}," user_quota ": {" enabled ": false," max_size_kb ":-1 "max_objects":-1}, "temp_url_keys": []} 2.7 actual verification

Write a piece of python code to access the gateway, create a bucket, and list all the current bucket through the list method (official example)

Dependent library installation

Sudo yum install python-botoimport botoimport boto.s3.connectionaccess_key = '4J3GD7GJIJKSDCVS1I9T'secret_key =' yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I'conn = boto.connect_s3 (aws_access_key_id = access_key,aws_secret_access_key = secret_key,host = '101.67.163.34) ) bucket = conn.create_bucket ('my-new-bucket') for bucket in conn.get_all_buckets (): print "{name}\ t {created}" .format (name = bucket.name, created = bucket.creation_date,)

Running result

[root@gnop029-ct-zhejiang_wenzhou-16-34 ceph-rados] # python s3test.py my-new-bucket 2015-10-10T06:23:48.000Z

At this point, the object storage gateway of the Ceph cluster is installed and set up.

Attached:

Sometimes the following error is reported when installing software through yum:

Downloading Packages:warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEYRetrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6GPG key retrieval failed: [Errno 14] Could not open/read file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

You can execute the installation command with the following parameters:

Yum install mod_proxy_fcgi-nogpgcheck at this point, the study on "installation and configuration of Ceph object Storage Gateway" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.