=========================== Configuring RADOS Gateway =========================== Before you can start RADOS Gateway, you must modify your ``ceph.conf`` file to include a section for RADOS Gateway You must also create an ``rgw.conf`` file in the ``/etc/apache2/sites-enabled`` directory. The ``rgw.conf`` file configures Apache to interact with FastCGI. Add a RADOS GW Configuration to ``ceph.conf`` --------------------------------------------- Add the RADOS Gateway configuration to your ``ceph.conf`` file. The RADOS Gateway configuration requires you to specify the host name where you installed RADOS Gateway, a keyring (for use with cephx), the socket path and a log file. For example:: [client.radosgw.gateway] host = {host-name} keyring = /etc/ceph/keyring.radosgw.gateway rgw socket path = /var/run/ceph/ log file = /var/log/ceph/radosgw.log If you deploy Ceph with ``mkcephfs``, manually redeploy ``ceph.conf`` to the hosts in your cluster. For example:: cd /etc/ceph ssh {host-name} sudo /etc/ceph/ceph.conf < ceph.conf Create ``rgw.conf`` ------------------- Create an ``rgw.conf`` file on the host where you installed RADOS Gateway under the ``/etc/apache2/sites-enabled`` directory. There are several ways to use FastCGI with Apache. You may let Apache manage FastCGI, or you may manage FastCGI separately as an external server. See `Module mod_fastcgi`_ for details. .. _Module mod_fastcgi: http://www.fastcgi.com/drupal/node/25 .. tip: We recommend using the external server option, because allowing Apache to manage FastCGI sometimes introduces high latency. To manage FastCGI as an external server, use the ``FastCgiExternalServer`` directive. See `FastCgiExternalServer`_ for details on this directive. :: FastCgiExternalServer /var/www/s3gw.fcgi -socket /var/run/ceph/radosgw.client.radosgw .. _FastCgiExternalServer: http://www.fastcgi.com/drupal/node/25#FastCgiExternalServer To allow Apache to manage FastCGI, add a path to the FastCGI wrapper, and add a path to the FastCGI server. :: FastCgiWrapper /var/www/s3gw.fcgi FastCgiServer /usr/bin/radosgw .. note: You may set either the externally-managed or Apache-managed settings. You do not need both. Once you have configured how Apache and FastCGI will interact, you must create the virtual host configuration within your ``rgw.conf`` file. See `Apache Virtual Host documentation`_ for details on ```` format and settings. Replace the values in brackets. :: ServerName {fqdn} ServerAlias {alias-fqdn} ServerAdmin {email.address} DocumentRoot /var/www .. _Apache Virtual Host documentation: http://httpd.apache.org/docs/2.2/vhosts/ RADOS Gateway requires a rewrite rule for the Amazon S3-compatible interface. It's required for passing in the ``HTTP_AUTHORIZATION env`` for S3, which is filtered out by Apache. The rewrite rule is not necessary for the OpenStack Swift-compatible interface. Turn on the rewrite engine and add the following rewrite rule to your Virtual Host configuration. :: RewriteEngine On RewriteRule ^/(.*)/s3gw.fcgi?params=$1&%{QUERY_STRING}[E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] Since the ```` is running ``mod_fastcgi.c``, you must include a section in your ```` configuration for the ``mod_fastcgi.c`` module. :: ... Options +ExecCGI AllowOverride All SetHandler fastcgi-script Order allow,deny Allow from all AuthBasicAuthoritative Off ... See ` Directive`_ for additional details. .. _ Directive: http://httpd.apache.org/docs/2.2/mod/core.html#ifmodule Finally, you should configure Apache to allow encoded slashes, provide paths for log files and to trun off server signatures. :: ... AllowEncodedSlashes On ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined ServerSignature Off Enable the RADOS Gateway Configuration -------------------------------------- Enable the site for ``rgw.conf``. :: sudo a2ensite rgw.conf Disable the default site. :: sudo a2dissite default Add a RADOS GW Script --------------------- Add a ``s3gw.fcgi`` file (use the same name referenced in the first line of ``rgw.conf``) to ``/var/www``. The contents of the file should include:: #!/bin/sh exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.rados.gateway Ensure that you apply execute permissions to ``s3gw.fcgi``. :: sudo chmod +x s3gw.fcgi Generate a Keyring and Key for RADOS Gateway -------------------------------------------- You must create a keyring for the RADOS Gateway. For example:: sudo ceph-authtool --create-keyring /etc/ceph/keyring.rados.gateway sudo chmod +r /etc/ceph/keyring.rados.gateway Generate a key so that RADOS Gateway can identify a user name and authenticate the user with the cluster. Then, add capabilities to the key. For example:: sudo ceph-authtool /etc/ceph/keyring.rados.gateway -n client.rados.gateway --gen-key sudo ceph-authtool -n client.rados.gateway --cap mds 'allow' --cap osd 'allow rwx' --cap mon 'allow r' /etc/ceph/keyring.rados.gateway Add to Ceph Keyring Entries --------------------------- Once you have created a keyring and key for RADOS GW, add it as an entry in the Ceph keyring. For example:: ceph -k /etc/ceph/ceph.keyring auth add client.rados.gateway -i /etc/ceph/keyring.rados.gateway Restart Services and Start the RADOS Gateway -------------------------------------------- To ensure that all components have reloaded their configurations, we recommend restarting your ``ceph`` and ``apaches`` services. Then, start up the ``radosgw`` service. For example:: sudo service ceph restart sudo service apache2 restart sudo service radosgw start Create a RADOS Gateway User --------------------------- To use the REST interfaces, first create an initial RADOS Gateway user. The RADOS Gateway user is not the same user as the ``client.rados.gateway`` user, which identifies the RADOS Gateway as a user of the RADOS cluster. The RADOS Gateway user is a user of the RADOS Gateway. For example:: sudo radosgw-admin user create --uid="{username}" --displayname="{Display Name}" For details on RADOS Gateway administration, see `radosgw-admin`_. .. _radosgw-admin: ../../man/8/radosgw-admin/