:orphan:
+.. _man-radosgw-admin:
+
=================================================================
radosgw-admin -- rados REST gateway user administration utility
=================================================================
+.. _radosgw-admin-guide:
+
=============
Admin Guide
=============
radosgw-admin user modify --uid={username} --admin=0
+.. _radosgw-quota-management:
+
Quota Management
================
be restarted for the changes to take effect.
+.. _radosgw-rate-limit-management:
+
Rate Limit Management
=====================
+.. _radosgw-barbican:
+
==============================
OpenStack Barbican Integration
==============================
+.. _radosgw-elastic-sync-module:
+
=========================
ElasticSearch Sync Module
=========================
In principle, any key management service could be used here. Currently
integration with `Barbican`_, `Vault`_, and `KMIP`_ are implemented.
-See `OpenStack Barbican Integration`_, `HashiCorp Vault Integration`_,
-and `KMIP Integration`_.
+See :ref:`radosgw-barbican`, :ref:`radosgw-vault`,
+and :ref:`radosgw-kmip`.
SSE-S3
======
In principle, any key management service could be used here. Currently
only integration with `Vault`_, is implemented.
-See `HashiCorp Vault Integration`_.
+See :ref:`radosgw-vault`.
Bucket Encryption APIs
======================
.. _PutBucketEncryption: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
.. _GetBucketEncryption: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
.. _DeleteBucketEncryption: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
-.. _OpenStack Barbican Integration: ../barbican
-.. _HashiCorp Vault Integration: ../vault
-.. _KMIP Integration: ../kmip
+.. _radosgw-iam:
+
=============================
Ceph Object Gateway IAM API
=============================
the RESTful management of account users, roles, and associated policies.
This REST API is served by the same HTTP endpoint as the
-`Ceph Object Gateway S3 API`_.
+:ref:`radosgw s3`.
Authorization
=============
.. _Amazon IAM API: https://docs.aws.amazon.com/IAM/latest/APIReference/welcome.html
-.. _Ceph Object Gateway S3 API: ../s3/
+.. _radosgw-kmip:
+
================
KMIP Integration
================
============================
A multi-site configuration requires at least two Ceph storage clusters. The
-multi-site configuration must have at least two Ceph object gateway instances
+multi-site configuration must have at least two Ceph Object Gateway instances
(one for each Ceph storage cluster).
This guide assumes that at least two Ceph storage clusters are in
geographically separate locations; however, the configuration can work on the
-same site. This guide also assumes two Ceph object gateway servers named
+same site. This guide also assumes two Ceph Object Gateway servers named
``rgw1`` and ``rgw2``.
.. important:: Running a single geographically-distributed Ceph storage cluster
zonegroup; and, the ``rgw2`` host will serve as the secondary zone of the
master zonegroup.
-See `Pools`_ for instructions on creating and tuning pools for Ceph Object
-Storage.
+See :ref:`radosgw-pools` for instructions on creating and tuning pools for the
+Ceph Object Gateway.
See :ref:`Sync Policy Config <radosgw-multisite-sync-policy>` for instructions
on defining fine-grained bucket sync policy rules.
-----
A zone defines a logical group that consists of one or more Ceph Object Gateway
-instances. All Ceph Object Gateways in a given zone serve S3 objects that are backed by RADOS objects that are stored in the same set of pools in the same cluster. Ceph Object Gateway supports zones.
+instances. All Ceph Object Gateways in a given zone serve S3 objects that are
+backed by RADOS objects that are stored in the same set of pools in the same
+cluster. Ceph Object Gateway supports zones.
The procedure for configuring zones differs from typical configuration
procedures, because not all of the settings end up in a Ceph configuration
| | changing this setting. | | |
+-------------------------------------+-----------------------------------+---------+-----------------------+
-
-.. _`Pools`: ../pools
+.. _radosgw-notifications:
+
====================
Bucket Notifications
====================
shared. Those shared objects will contain the marker of the original
bucket.
-.. _Data Layout in RADOS : ../layout
-.. _Pool Placement and Storage Classes : ../placement
.. versionadded:: Jewel
-Placement targets control which `Pools`_ are associated with a particular
+Placement targets control which :ref:`radosgw-pools` are associated with a particular
bucket. A bucket's placement target is selected on creation, and cannot be
modified. The ``radosgw-admin bucket stats`` command will display its
``placement_rule``.
``CHEAPNDEEP`` are accepted by Ceph but might not be by some clients and
libraries.
-.. _`Pools`: ../pools
+.. _radosgw-pools:
+
=====
Pools
=====
+.. _radosgw-role:
+
======
Role
======
sudo radosgw-admin user create --subuser="{username}:{subusername}" --uid="{username}"
--display-name="{Display Name}" --key-type=swift --secret="{password}" --access=full
-For details on RADOS Gateway administration, see `radosgw-admin`_.
-
-.. _radosgw-admin: ../../../man/8/radosgw-admin/
+For details on RADOS Gateway administration, see :ref:`man-radosgw-admin`.
.. note::
For those used to the Swift API this is implementing the Swift auth v1.0 API, as such
container and object lifecycle, including adding and retrieving object
metadata. See example code for the following languages:
-- `Java`_
-- `Python`_
-- `Ruby`_
+- :ref:`Java <java_swift>`
+- :ref:`Python <python_swift>`
+- :ref:`Ruby <ruby_swift>`
.. ditaa::
| | | |
+----------------------------+ +-----------------------------+
-.. _Java: ../java
-.. _Python: ../python
-.. _Ruby: ../ruby
+.. _radosgw-vault:
+
===========================
HashiCorp Vault Integration
===========================
transit instances, or different branches under a common transit
point. If you are not using separate Vault instances, you can
use these to point SSE-KMS and SSE-S3 to separate containers:
-``rgw_crypt_vault_prefix``
+:confval:`rgw_crypt_vault_prefix`
and/or
-``rgw_crypt_sse_s3_vault_prefix``.
+:confval:`rgw_crypt_sse_s3_vault_prefix`.
When granting Vault permissions to SSE-KMS bucket owners, you should
not give them permission to muck around with SSE-S3 keys;
only Ceph itself should be doing that.
+.. _radosgw-zone-features:
+
=============
Zone Features
=============
projects / ceph.git / commitdiff