Chapter 8. Object gateway

As a storage administrator, the object gateway functions of the dashboard allow you to manage and monitor the Ceph Object Gateway.

For example, monitoring functions allow you to view details about a gateway daemon such as its zone name, or performance graphs of GET and PUT rates. Management functions allow you to view, create, and edit both users and buckets.

Object gateway functions are divided between daemon functions, user functions, and bucket functions.

8.1. Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • Ceph Object Gateway is installed.

8.2. Object gateway daemon functions

As a storage administrator, the Red Hat Ceph Storage Dashboard allows you to view and monitor information about Ceph Object Gateway daemons.

8.2.1. Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.

8.2.2. Viewing object gateway daemons

The dashboard allows you to view a list of all Ceph Object Gateway daemons.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.

    Click Object Gateway
  3. Click Daemons.

    Click Daemons
  4. In the example below, you can see a daemon with the ID jb-ceph4-rgw.rgw0 in the Daemons List.

    daemon in list
  5. To view details, select the daemon by clicking the row for jb-ceph4-rgw.rgw0:

    daemon details

    You can see the zone name the daemon is serving is default.

Additional Resources

8.3. Object gateway user functions

As a storage administrator, the Red Hat Ceph Storage Dashboard allows you to view and manage Ceph Object Gateway users.

8.3.1. Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.

8.3.2. Viewing object gateway users

The dashboard allows you to view a list of all Ceph Object Gateway users.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.

    Click Object Gateway
  3. Click Users.

    Click Users
  4. In the example below, you can see a user named rgw-user in the table.

    User in list
  5. To view details, select the user by clicking the row for rgw-user:

    User details

Additional Resources

8.3.3. Creating object gateway users

The dashboard allows you to create Ceph Object Gateway users.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.

    Click Object Gateway
  3. Click Users.

    Click Users
  4. Click Create.

    User in list
  5. Set the user name, full name, and edit the maximum number of buckets if required.

    Create User dialog basic settings
  6. Optional: Set an email address or suspended status.

    Set email address or suspended status
  7. Optional: Set a custom access key and secret key by unchecking Auto-generate key.

    1. Uncheck Auto-generate key:

      Uncheck Aut-generate key
    2. Set the access key and secret key:

      Set a custom access key and secret key
  8. Optional: Set a user quota.

    1. Check Enabled under User quota:

      Check enabled
    2. Uncheck Unlimited size or Unlimited objects:

      Uncheck Unlimited size or Unlimted objects
    3. Enter the required values for Max. size or Max. objects:

      Enter values for Max. size and Max. objects
  9. Optional: Set a bucket quota.

    1. Check Enabled under Bucket quota:

      Check enabled
    2. Uncheck Unlimited size or Unlimited objects:

      Uncheck Unlimited size or Unlimted objects
    3. Enter the required values for Max. size or Max. objects:

      Enter values for Max. size and Max. objects
  10. Finalize the user creation by clicking Create User.

    Click Create User
  11. Verify the user creation was successful. A notification confirms the user was created and the user can be seen in the table of users.

    Verify the user was created

Additional Resources

8.3.4. Editing object gateway users

The dashboard allows you to edit Ceph Object Gateway users.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • A Ceph Object Gateway user created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway:

    Click Object Gateway
  3. Click Users:

    Click Users
  4. To edit the user capabilities, click its row:

    Click user row
  5. Select Edit In the Edit drop-down:

    Click Edit
  6. In the EditUser window, edit the required parameters and click the EditUser button:

    Edit User window
  7. A notification towards the top right corner of the page indicates the user was updated successfully.

    User edit notification

8.3.5. Deleting object gateway users

The dashboard allows you to delete Ceph Object Gateway users.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • A Ceph Object Gateway user created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway:

    Click Object Gateway
  3. Click Users:

    Click Users
  4. To delete the user, click its row:

    Click user row
  5. Select Delete In the Edit drop-down:

    Click Delete
  6. In the Delete User dialog window, Click the Yes, I am sure box and then Click Delete User to save the settings:

    Delete User window

8.3.6. Creating object gateway subusers

A subuser is associated with a user of the S3 interface. The dashboard allows you to create Ceph Object Gateway subusers.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • Object gateway user is created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.

    Click Object Gateway
  3. Click Users from the drop-down menu.

    Click Users
  4. In the example below, you can see a user named ceph-dashboard in the table. Select the user by clicking its row.

    Select user
  5. Click Edit drop-down menu, and then select Edit.

    Edit drop-down
  6. Click the +CreateSubuser button.

    Create Subuser
  7. Enter a Subuser name and select the appropriate permissions.

    Set Subuser username
  8. Click the Auto-generate secret box and then click the Create Subuser button.

    Create Subuser dialog window
    Note

    By clicking Auto-generate-secret checkbox, the secret key for object gateway is generated automatically.

  9. Click the Edit user button in the Edit User window.

    Edit User in Window
  10. Verify the subuser creation was successful. A notification towards the top right corner of the page pops up indicating that the Object Gateway user was updated successfully.

    Object Gateway user update notification

Additional Resources

8.4. Object gateway bucket functions

As a storage administrator, the Red Hat Ceph Storage Dashboard allows you to view and manage Ceph Object Gateway buckets.

8.4.1. Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.

8.4.2. Viewing object gateway buckets

The dashboard allows you to view and manage Ceph Object Gateway buckets.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • An object gateway bucket is created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.

    Click Object Gateway
  3. Click Buckets.

    Click Buckets
  4. In the example below, you can see a bucket named my-bucket in the table.

    Bucket in list
  5. To view details, select the bucket by clicking the row for my-bucket.

    Bucket details

Additional Resources

8.4.3. Creating object gateway buckets

The dashboard allows you to create Ceph Object Gateway buckets.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • An object gateway user that is not suspended is created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway.

    Click Object Gateway
  3. Click Buckets.

    Click Buckets
  4. Click Create.

    Click Create
  5. Enter a value for Name and select a user that is not suspended.

    Set the name and user
  6. Click Create bucket.

    Click Create Bucket
  7. Verify the bucket creation was successful. A notification confirms the bucket was created and the bucket can be seen in the table of buckets.

    Verify the bucket was created

Additional Resources

8.4.4. Editing object gateway buckets

The dashboard allows you to edit Ceph Object Gateway buckets.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • A Ceph Object Gateway user that is not suspended is created.
  • A Ceph Object Gateway bucket created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway:

    Click Object Gateway
  3. Click Buckets:

    Click Buckets
  4. To edit the bucket, click its row:

    Click bucket row
  5. Select Edit In the Edit drop-down:

    Click Edit
  6. In the EditBucket window, edit the required parameters and click the EditBucket button:

    Edit Bucket window
  7. A notification towards the top right corner of the page indicates the bucket was updated successfully.

    Bucket edit notification

Additional Resources

8.4.5. Deleting object gateway buckets

The dashboard allows you to delete Ceph Object Gateway buckets.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • The Ceph Object Gateway is installed.
  • Object gateway login credentials are added to the dashboard.
  • A Ceph Object Gateway user that is not suspended is created.
  • A Ceph Object Gateway bucket created.

Procedure

  1. Log in to the Dashboard.
  2. On the navigation bar, click Object Gateway:

    Click Object Gateway
  3. Click Buckets:

    Click Buckets
  4. To delete the bucket, click its row:

    Click bucket row
  5. Select Delete In the Edit drop-down:

    Click Delete
  6. In the Delete Bucket dialog window, Click the Yes, I am sure box and then Click Delete bucket to save the settings:

    Delete Bucket window

8.5. Manually adding object gateway login credentials to the dashboard

The Red Hat Ceph Storage Dashboard can manage the Ceph Object Gateway, also known as the RADOS Gateway, or RGW. To manage the Ceph Object Gateway, the dashboard must connect to it using login credentials of an RGW user with the system flag. When the Object Gateway is installed using ceph-ansible, it automatically adds the login credentials to the dashboard. It is also possible to set the login credentials manually.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • Ceph Object Gateway is installed.

Procedure

  1. Obtain the access_key and secret_key of an RGW user with the system flag enabled:

    • If you do not have an RGW user with the system flag enabled, create one.

      radosgw-admin user create --uid=USER_ID --display-name=DISPLAY_NAME --system

      Example:

      [root@mon ~]# radosgw-admin user create --uid=rgw-user --display-name=RGW-user --system
      {
          "user_id": "rgw-user",
          "display_name": "RGW-user",
          "email": "",
          "suspended": 0,
          "max_buckets": 1000,
          "subusers": [],
          "keys": [
              {
                  "user": "rgw-user",
                  "access_key": "BYC5SWQQH24A2BFHS2RC",
                  "secret_key": "159d94uHK9ADiWZrGsNYWYjRXCDrhL2xVi8PO6kT"
              }
          ],
          "swift_keys": [],
          "caps": [],
          "op_mask": "read, write, delete",
          "system": "true",
          "default_placement": "",
          "default_storage_class": "",
          "placement_tags": [],
          "bucket_quota": {
              "enabled": false,
              "check_on_raw": false,
              "max_size": -1,
              "max_size_kb": 0,
              "max_objects": -1
          },
          "user_quota": {
              "enabled": false,
              "check_on_raw": false,
              "max_size": -1,
              "max_size_kb": 0,
              "max_objects": -1
          },
          "temp_url_keys": [],
          "type": "rgw",
          "mfa_ids": []
      }

      Take note of the values for access_key and secret_key. In the example above, access_key is BYC5SWQQH24A2BFHS2RC and secret_key is 159d94uHK9ADiWZrGsNYWYjRXCDrhL2xVi8PO6kT.

    • If an RGW user with the system flag enabled is already created, obtain the credentials using the user info command of the radosgw-admin utility.

      radosgw-admin user info --uid=USER_ID

      Example:

      [root@mon ~]# radosgw-admin user info --uid=rgw-user
      {
          "user_id": "rgw-user",
          "display_name": "RGW-user",
          "email": "",
          "suspended": 0,
          "max_buckets": 1000,
          "subusers": [],
          "keys": [
              {
                  "user": "rgw-user",
                  "access_key": "BYC5SWQQH24A2BFHS2RC",
                  "secret_key": "159d94uHK9ADiWZrGsNYWYjRXCDrhL2xVi8PO6kT"
              }
          ],
          "swift_keys": [],
          "caps": [],
          "op_mask": "read, write, delete",
          "system": "true",
          "default_placement": "",
          "default_storage_class": "",
          "placement_tags": [],
          "bucket_quota": {
              "enabled": false,
              "check_on_raw": false,
              "max_size": -1,
              "max_size_kb": 0,
              "max_objects": -1
          },
          "user_quota": {
              "enabled": false,
              "check_on_raw": false,
              "max_size": -1,
              "max_size_kb": 0,
              "max_objects": -1
          },
          "temp_url_keys": [],
          "type": "rgw",
          "mfa_ids": []
      }

      Take note of the values for access_key and secret_key. In the example above, access_key is BYC5SWQQH24A2BFHS2RC and secret_key is 159d94uHK9ADiWZrGsNYWYjRXCDrhL2xVi8PO6kT.

  2. Provide the access_key and secret_key credentials to the dashboard:

    1. Provide the access_key to the dashboard.

      ceph dashboard set-rgw-api-access-key ACCESS_KEY

      Example:

      [root@mon ~]# ceph dashboard set-rgw-api-access-key BYC5SWQQH24A2BFHS2RC
      Option RGW_API_ACCESS_KEY updated
    2. Provide the secret_key to the dashboard.

      ceph dashboard set-rgw-api-secret-key SECRET_KEY

      Example:

      [root@mon ~]# ceph dashboard set-rgw-api-secret-key 159d94uHK9ADiWZrGsNYWYjRXCDrhL2xVi8PO6kT
      Option RGW_API_SECRET_KEY updated
  3. Provide the host name and port of the object gateway to the dashboard:

    1. Provide the host name to the dashboard.

      ceph dashboard set-rgw-api-host HOST_NAME

      Example:

      [root@mon ~]# ceph dashboard set-rgw-api-host 192.168.122.193
      Option RGW_API_HOST updated
    2. Provide the port to the dashboard.

      ceph dashboard set-rgw-api-port PORT

      Example:

      [root@mon ~]# ceph dashboard set-rgw-api-port 8080
      Option RGW_API_PORT updated
  4. Optional: If you are using HTTPS with a self-signed certificate, disable certificate verification in the dashboard to avoid refused connections.

    Refused connections can happen when the certificate is signed by an unknown Certificate Authority, or if the host name used does not match the host name in the certificate.

    ceph dashboard set-rgw-api-ssl-verify false

    Example:

    [root@mon ~]# ceph dashboard set-rgw-api-ssl-verify false
    Option RGW_API_SSL_VERIFY updated

Additional Resources