.. versionadded:: Jewel
-Ceph Object Gateway namespaces can now be exported over file-based
-access protocols such as NFSv3 and NFSv4, alongside traditional HTTP access
+Ceph Object Gateway namespaces can be exported over the file-based
+NFSv4 protocols, alongside traditional HTTP access
protocols (S3 and Swift).
In particular, the Ceph Object Gateway can now be configured to
The RGW NFS interface supports most operations on files and
directories, with the following restrictions:
-- Links, including symlinks, are not supported
-- NFS ACLs are not supported
+- Links, including symlinks, are not supported.
+- NFS ACLs are not supported.
- + Unix user and group ownership and permissions *are* supported
+ + Unix user and group ownership and permissions *are* supported.
-- Directories may not be moved/renamed
+- Directories may not be moved/renamed.
- + files may be moved between directories
+ + Files may be moved between directories.
-- Only full, sequential *write* i/o is supported
+- Only full, sequential *write* I/O is supported
- + i.e., write operations are constrained to be **uploads**
- + many typical i/o operations such as editing files in place will necessarily fail as they perform non-sequential stores
- + some file utilities *apparently* writing sequentially (e.g., some versions of GNU tar) may fail due to infrequent non-sequential stores
- + When mounting via NFS, sequential application i/o can generally be constrained to be written sequentially to the NFS server via a synchronous mount option (e.g. -osync in Linux)
- + NFS clients which cannot mount synchronously (e.g., MS Windows) will not be able to upload files
+ + i.e., write operations are constrained to be **uploads**.
+ + Many typical I/O operations such as editing files in place will necessarily fail as they perform non-sequential stores.
+ + Some file utilities *apparently* writing sequentially (e.g., some versions of GNU tar) may fail due to infrequent non-sequential stores.
+ + When mounting via NFS, sequential application I/O can generally be constrained to be written sequentially to the NFS server via a synchronous mount option (e.g. -osync in Linux).
+ + NFS clients which cannot mount synchronously (e.g., MS Windows) will not be able to upload files.
Security
========
* additional RGW authentication types such as Keystone are not currently supported
-Configuring an NFS-Ganesha Instance
-===================================
+
+Enabling a bucket export
+========================
+
+.. note: If you do not already have NFS service deployed, see
+ :ref:`deploy-cephadm-nfs-ganesha`.
+
+To export a bucket,
+
+ .. prompt:: bash #
+
+ ceph nfs export create rgw *<bucket-name>* *<cluster-id>* *<binding>* [--readonly] [--addr *<client-ip-or-cidr>*
+
+For example, to export *mybucket* via NFS cluster *mynfs* at the pseudo-path */bucketdata* to any host in the ``192.168.10.0/24`` network,
+
+ .. prompt:: bash #
+
+ ceph nfs export create rgw mybucket mynfs /bucketdata --addr 192.168.10.0/24
+
+Listing exports
+===============
+
+You can list current exports with:
+
+ .. prompt:: bash #
+
+ ceph nfs export ls *<cluster-id>* [--detailed]
+
+Disabling a bucket export
+=========================
+
+To disable an existing export,
+
+ .. prompt:: bash #
+
+ ceph nfs export rm *<cluster-id>* *<binding>*
+
+For example, to disable an export from cluster *mynfs* on ``/my-export``,
+
+ .. prompt:: bash #
+
+ ceph nfs export rm mynfs /my-export
+
+
+Manually configuring an NFS-Ganesha Instance
+============================================
Each NFS RGW instance is an NFS-Ganesha server instance *embedding*
a full Ceph RGW instance.
projects / ceph.git / commitdiff