ceph/doc/install/install-ceph-gateway.rst
Nilamdyuti Goswami 9c00592d4e doc: Updates gateway installation doc with some changes.
Signed-off-by: Nilamdyuti Goswami <ngoswami@redhat.com>
2015-04-02 23:18:26 +05:30

265 lines
7.4 KiB
ReStructuredText

=============================
Install Ceph Object Gateway
=============================
.. note:: To run the Ceph object gateway service, you should have a running
Ceph cluster, the gateway host should have access to storage and public
networks, and SELinux should be in permissive mode in rpm-based distros.
The :term:`Ceph Object Gateway` daemon runs on Apache and FastCGI.
To run a :term:`Ceph Object Storage` service, you must install Apache and
Ceph Object Gateway daemon on the host that is going to provide the gateway
service, i.e, the ``gateway host``. If you plan to run a Ceph Object Storage
service with a federated architecture (multiple regions and zones), you must
also install the synchronization agent.
.. note:: Previous versions of Ceph shipped with ``mod_fastcgi``. The current
version ships with ``mod_proxy_fcgi`` instead.
In distros that ship Apache 2.4 (such as RHEL 7, CentOS 7 or Ubuntu 14.04
``Trusty``), ``mod_proxy_fcgi`` is already present. When you install the
``httpd`` package with ``yum`` or the ``apache2`` package with ``apt-get``,
``mod_proxy_fcgi`` becomes available for use on your server.
In distros that ship Apache 2.2 (such as RHEL 6, CentOS 6 or Ubuntu 12.04
``Precise``), ``mod_proxy_fcgi`` comes as a separate package. In
**RHEL 6/CentOS 6**, it is available in ``EPEL 6`` repo and can be installed with
``yum install mod_proxy_fcgi``. For **Ubuntu 12.04**, a backport for
``mod_proxy_fcgi`` is in progress and a bug has been filed for the same.
See: `ceph radosgw needs mod-proxy-fcgi for apache 2.2`_
Install Apache
==============
To install Apache on the ``gateway host``, execute the following:
On Debian-based distros, run::
sudo apt-get install apache2
On RPM-based distros, run::
sudo yum install httpd
Configure Apache
================
Make the following changes in Apache's configuration on the ``gateway host``:
Debian-based distros
--------------------
#. Open the ``apache2.conf`` file::
sudo vim /etc/apache2/apache2.conf
#. Add a line for the ``ServerName`` in the Apache configuration file. Provide
the fully qualified domain name of the server machine
(e.g., ``hostname -f``)::
ServerName {fqdn}
#. Update ``/etc/apache2/apache2.conf`` to load ``mod_proxy_fcgi`` module. Add
the following to the file::
<IfModule !proxy_fcgi_module>
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
</IfModule>
#. Edit the line ``Listen 80`` in ``/etc/apache2/apache2.conf`` with the public
IP address of the host that you are configuring as a gateway server. Write
``Listen {IP ADDRESS}:80`` in place of ``Listen 80``.
#. Start Apache service::
sudo service apache2 start
RPM-based distros
-----------------
#. Open the ``httpd.conf`` file::
sudo vim /etc/httpd/conf/httpd.conf
#. Uncomment ``#ServerName`` in the file and add the name of your server. Provide
the fully qualified domain name of the server machine
(e.g., ``hostname -f``)::
ServerName {fqdn}
#. Update ``/etc/httpd/conf/httpd.conf`` to load ``mod_proxy_fcgi`` module. Add
the following to the file::
<IfModule !proxy_fcgi_module>
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
</IfModule>
#. Edit the line ``Listen 80`` in ``/etc/httpd/conf/httpd.conf`` with the public
IP address of the host that you are configuring as a gateway server. Write
``Listen {IP ADDRESS}:80`` in place of ``Listen 80``.
#. Start httpd service
Execute::
sudo service httpd start
Or::
sudo systemctl start httpd
Enable SSL
==========
Some REST clients use HTTPS by default. So you should consider enabling SSL
for Apache. Use the following procedures to enable SSL.
.. note:: You can use self-certified certificates. Some client
APIs check for a trusted certificate authority. You may need to obtain
a SSL certificate from a trusted authority to use those client APIs.
Debian-based distros
--------------------
To enable SSL on Debian-based distros, execute the following steps:
#. Ensure that you have installed the dependencies::
sudo apt-get install openssl ssl-cert
#. Enable the SSL module::
sudo a2enmod ssl
#. Generate a certificate::
sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
#. Restart Apache::
sudo service apache2 restart
See the `Ubuntu Server Guide`_ for additional details.
RPM-based distros
-----------------
To enable SSL on RPM-based distros, execute the following steps:
#. Ensure that you have installed the dependencies::
sudo yum install mod_ssl openssl
#. Generate private key::
openssl genrsa -out ca.key 2048
#. Generate CSR::
openssl req -new -key ca.key -out ca.csr
#. Generate a certificate::
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
#. Copy the files to appropriate locations::
sudo cp ca.crt /etc/pki/tls/certs
sudo cp ca.key /etc/pki/tls/private/ca.key
sudo cp ca.csr /etc/pki/tls/private/ca.csr
#. Update the Apache SSL configuration file ``/etc/httpd/conf.d/ssl.conf``.
Give the correct location of ``SSLCertificateFile``::
SSLCertificateFile /etc/pki/tls/certs/ca.crt
Give the correct location of ``SSLCertificateKeyFile``::
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Save the changes.
#. Restart Apache.
Execute::
sudo service httpd restart
Or::
sudo systemctl restart httpd
See `Setting up an SSL secured Webserver with CentOS`_ for additional details.
Install Ceph Object Gateway Daemon
==================================
Ceph Object Storage services use the Ceph Object Gateway daemon (``radosgw``)
to enable the gateway. For federated architectures, the synchronization
agent (``radosgw-agent``) provides data and metadata synchronization between
zones and regions.
Debian-based distros
--------------------
To install the Ceph Object Gateway daemon on the `gateway host`, execute the
following::
sudo apt-get install radosgw
To install the Ceph Object Gateway synchronization agent, execute the
following::
sudo apt-get install radosgw-agent
RPM-based distros
-----------------
To install the Ceph Object Gateway daemon on the ``gateway host``, execute the
following::
sudo yum install ceph-radosgw
To install the Ceph Object Gateway synchronization agent, execute the
following::
sudo yum install radosgw-agent
Configure The Gateway
=====================
Once you have installed the Ceph Object Gateway packages, the next step is
to configure your Ceph Object Gateway. There are two approaches:
- **Simple:** A `simple`_ Ceph Object Gateway configuration implies that you
are running a Ceph Object Storage service in a single data center. So you can
configure the Ceph Object Gateway without regard to regions and zones.
- **Federated:** A `federated`_ Ceph Object Gateway configuration implies that
you are running a Ceph Object Storage service in a geographically distributed
manner for fault tolerance and failover. This involves configuring your
Ceph Object Gateway instances with regions and zones.
Choose the approach that best reflects your cluster.
.. _ceph radosgw needs mod-proxy-fcgi for apache 2.2: https://bugs.launchpad.net/precise-backports/+bug/1422417
.. _Ubuntu Server Guide: https://help.ubuntu.com/12.04/serverguide/httpd.html
.. _Setting up an SSL secured Webserver with CentOS: http://wiki.centos.org/HowTos/Https
.. _simple: ../../radosgw/config
.. _federated: ../../radosgw/federated-config