安装Ceph RadosGW
一.安装配置Apache
#sudo apt-get install apache2 libapache2-mod-fastcgi
配置/etc/apache2/apache2.conf
添加:ServerName {hostname}
加载rewrite和fastcgi模块
#sudo a2enmod rewrite #sudo a2enmod fastcgi
启动Apache服务
#sudo service apache2 start
二.启用SSL
1.安装
#sudo apt-get install openssl ssl-cert
2.加载SSL模块
#sudo a2enmod ssl
3.生成证书
#sudo mkdir /etc/apache2/ssl
#sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
4.重启Apache
#sudo service apache2 restart
三.安装Ceph Object Gateway守护进程
在Ceph Object Gateway服务器上安装下面两个程序:
#sudo apt-get install radosgw
#sudo apt-get install radosgw-agent
四.配置Ceph Object Gateway
1.创建用户和 Keyring
1)为网关服务器创建Keyring:
#sudo ceph-authtool --create-keyring/etc/ceph/ceph.client.radosgw.keyring
#sudo chmod +r/etc/ceph/ceph.client.radosgw.keyring
2)为每一个网关实例生成一个名称和key. 在client.radosgw后面使用这个名称(下面实例的名称为gateway):
#sudo ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key
3)key添加相应权限(读、写、执行):
#sudo ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
4)将key添加到Ceph Storage Cluster:
#sudo ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
5)将key拷贝到网关服务器:
#sudo scp/etc/ceph/ceph.client.radosgw.keyring root@{hostname}:/etc/ceph/
注:1-4步在Ceph的admin节点执行,如果admin节点和网关服务器在一台机器上,第5步不需要执行。
2.创建池
#ceph osd pool create .rgw 128 128
#ceph osd pool create .rgw.root 128 128
#ceph osd pool create .rgw.control 128 128
#ceph osd pool create .rgw.gc 128 128
#ceph osd pool create .rgw.buckets 128 128
#ceph osd pool create .rgw.buckets.index 128 128
#ceph osd pool create .log 128 128
#ceph osd pool create .intent-log 128 128
#ceph osd pool create .usage 128 128
#ceph osd pool create .users 128 128
#ceph osd pool create .users.email 128 128
#ceph osd pool create .users.swift 128 128
#ceph osd pool create .users.uid 128 128
确认:
#rados lspools
3.添加一个网关配置文件到Ceph
Apache2.2和早期的2.4版本,admin节点上的/etc/ceph/ceph.conf中添加:
[client.radosgw.gateway]
host = {hostname}
keyring = /etc/ceph/ceph.client.radosgw.keyring
rgw socket path = ""
log file = /var/log/radosgw/client.radosgw.gateway.log
rgw frontends = fastcgi socket_port=9000 socket_host=0.0.0.0
rgw print continue = false
Apache 2.4.9 和后面版本:
[client.radosgw.gateway]
host= {hostname}
keyring= /etc/ceph/ceph.client.radosgw.keyring
rgwsocket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
logfile = /var/log/radosgw/client.radosgw.gateway.log
rgwprint continue = false
注:Apache 2.4.7用前一种方式radosgw服务起不来,用后一种是OK的,Apache2.4.7支持Unix Domain Socket。
4.分发Ceph配置文件
1)更新/etc/ceph/ceph.conf到Ceph集群的根目录:
#ceph-deploy --overwrite-conf config pull {hostname}
hostname是ceph集群的admin节点, 在集群目录下执行。
2)将admin节点上的ceph.conf更新到Ceph集群的其他节点和网关服务器:
#ceph-deploy--overwrite-conf config push [HOST] [HOST...]
5.拷贝ceph.client.admin.keyring到网关服务器
网关服务器可能不是Ceph集群中的机器,需要将ceph.client.admin.keyring拷贝到网关服务器(当admin节点是网关服务器的时候不需要执行):
#sudo scp /etc/ceph/ceph.client.admin.keyring root@{hostname}:/etc/ceph/
6.创建 CGI wrapper 脚本
1. 创建脚本:
#sudo vi /var/www/html/s3gw.fcgi
2. 添加相关内容:
#!/bin/sh
exec /usr/bin/radosgw -c/etc/ceph/ceph.conf -n client.radosgw.gateway
3. 授予脚本执行权限:
#sudo chmod +x /var/www/html/s3gw.fcgi
7. 调整 CGI wrapper脚本权限
#sudo chown www-data:www-data /var/www/html/s3gw.fcgi
注: Ubuntu默认apache的用户是www-data:www-data
8.创建数据存放目录
网关服务器上创建目录:
#sudo mkdir -p /var/lib/ceph/radosgw/ceph-radosgw.gateway
9. 调整Socket目录权限
#sudo chown www-data:www-data /var/run/ceph
10.修改日志文件权限
#sudo chown www-data:www-data/var/log/radosgw/client.radosgw.gateway.log
11.启动radosgw服务
#sudo /etc/init.d/radosgw start
12. 创建一个网关配置文件
1. 创建文件:
#sudo vi /etc/apache2/sites-available/rgw.conf
2. 文件中添加以下内容:
FastCgiExternalServer /var/www/html/s3gw.fcgi -socket /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock <VirtualHost *:80> ServerName {hostname} ServerAlias *.{hostname} ServerAdmin cephtest@hikvision.com DocumentRoot /var/www/html RewriteEngine On RewriteRule ^/(.*) /s3gw.fcgi?%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] <IfModule mod_fastcgi.c> <Directory /var/www/html> Options +ExecCGI AllowOverride All SetHandler fastcgi-script Order allow,deny Allow from all AuthBasicAuthoritative Off </Directory> </IfModule> AllowEncodedSlashes On ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined ServerSignature Off </VirtualHost>
3.使rgw.conf配置生效
<pre name="code" class="plain">#sudo a2ensite rgw.conf #sudo a2dissite 000-default.conf
13.重启Apache
#sudo service apache2 restart
14.使用RadosGW网关
1. 创建一个swift用户
#sudo radosgw-admin user create --uid="testuser" --display-name="First User"
#sudo radosgw-admin subuser create --uid=testuser --subuser=testuser:swift –access=full
2. 创建密钥
#sudo radosgw-admin key create --subuser=testuser:swift --key-type=swift --gen-secret
15.访问确认
测试swift访问
#apt-get install python-swiftclient #swift -A http://{IP ADDRESS}/auth/1.0 -U testuser:swift -K ‘{swift_secret_key}’ list
替换{IP ADDRESS}的地址,swift_secret_key中的’\’要去掉 。