From: Nilamdyuti Goswami Date: Thu, 2 Apr 2015 11:14:38 +0000 (+0530) Subject: doc: Replaces reference to mod_fastcgi with mod_proxy_fcgi in gateway X-Git-Tag: v9.0.0~49^2~3^2~4 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=be8cb2d95d0d5c50bfa99d727a91b0dd58efee6e;p=ceph.git doc: Replaces reference to mod_fastcgi with mod_proxy_fcgi in gateway installation doc. Fixes: #3299 Signed-off-by: Nilamdyuti Goswami --- diff --git a/doc/install/install-ceph-gateway.rst b/doc/install/install-ceph-gateway.rst index 1be053494937..835deabdaf05 100644 --- a/doc/install/install-ceph-gateway.rst +++ b/doc/install/install-ceph-gateway.rst @@ -2,227 +2,110 @@ Install Ceph Object Gateway ============================= -The :term:`Ceph Object Gateway` daemon runs on Apache and FastCGI. - -To run a :term:`Ceph Object Storage` service, you must install Apache and -FastCGI. Then, you must install the Ceph Object Gateway daemon. The Ceph Object -Gateway supports 100-continue, but you must install Ceph builds of Apache and -FastCGI for 100-continue support. To install the Ceph Object Gateway, first -install and configure Apache and FastCGI. Then, install the Ceph Object Gateway -daemon. If you plan to run a Ceph Object Storage service with a federated -architecture (multiple regions and zones), you must also install the -synchronization agent. - -See `Get Packages`_ for information on adding Ceph packages to each Ceph Node. -Ensure that you have executed those steps on each Ceph Node first. - - -Apache/FastCGI w/out 100-Continue -================================= - -You may use standard Apache and FastCGI packages for your Ceph Object -Gateways. However, they will not provide 100-continue support. - -Debian Packages ---------------- - -To install Apache and FastCGI Debian packages, execute the following:: - - sudo apt-get install apache2 libapache2-mod-fastcgi - - -RPM Packages ------------- - -To install Apache and FastCGI RPMs, execute the following:: - - sudo rpm -ivh fcgi-2.4.0-10.el6.x86_64.rpm - sudo rpm -ivh mod_fastcgi-2.4.6-2.el6.rf.x86_64.rpm - -Or:: - - sudo yum install httpd mod_fastcgi - - -Apache/FastCGI w/ 100-Continue -============================== - -The Ceph community provides a slightly optimized version of the ``apache2`` -and ``fastcgi`` packages. The material difference is that the Ceph packages are -optimized for the ``100-continue`` HTTP response, where the server determines -if it will accept the request by first evaluating the request header. See `RFC -2616, Section 8`_ for details on ``100-continue``. You can find the most recent -builds of Apache and FastCGI packages modified for Ceph at `gitbuilder.ceph.com`_. - - -Debian Packages ---------------- - -#. Add the development key:: - - wget -q -O- https://raw.github.com/ceph/ceph/master/keys/autobuild.asc | sudo apt-key add - - -#. Add a ``ceph-apache.list`` file to your APT sources. :: - - echo deb http://gitbuilder.ceph.com/apache2-deb-$(lsb_release -sc)-x86_64-basic/ref/master $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/ceph-apache.list - -#. Add a ``ceph-fastcgi.list`` file to your APT sources. :: - - echo deb http://gitbuilder.ceph.com/libapache-mod-fastcgi-deb-$(lsb_release -sc)-x86_64-basic/ref/master $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/ceph-fastcgi.list - -#. Update your repository and install Apache and FastCGI:: - - sudo apt-get update && sudo apt-get install apache2 libapache2-mod-fastcgi +.. note:: To run the Ceph object gateway service, you should have a running + Ceph cluster, the gateway host should have access to storage and public + networks, and SELinux should be in permissive mode in rpm-based distros. +The :term:`Ceph Object Gateway` daemon runs on Apache and FastCGI. -RPM Packages ------------- - -To install Apache with 100-continue, execute the following steps: - -#. Install ``yum-plugin-priorities``. :: - - sudo yum install yum-plugin-priorities - -#. Ensure ``/etc/yum/pluginconf.d/priorities.conf`` exists. - -#. Ensure ``priorities.conf`` enables the plugin. :: - - [main] - enabled = 1 - -#. Add a ``ceph-apache.repo`` file to ``/etc/yum.repos.d``. Replace - ``{distro}`` with the name of your distribution (e.g., ``centos6``, - ``rhel6``, etc.) :: - - [apache2-ceph-noarch] - name=Apache noarch packages for Ceph - baseurl=http://gitbuilder.ceph.com/apache2-rpm-{distro}-x86_64-basic/ref/master - enabled=1 - priority=2 - gpgcheck=1 - type=rpm-md - gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc - - [apache2-ceph-source] - name=Apache source packages for Ceph - baseurl=http://gitbuilder.ceph.com/apache2-rpm-{distro}-x86_64-basic/ref/master - enabled=0 - priority=2 - gpgcheck=1 - type=rpm-md - gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc +To run a :term:`Ceph Object Storage` service, you must install Apache and +Ceph Object Gateway daemon on the host that is going to provide the gateway +service, i.e, the `gateway host`. If you plan to run a Ceph Object Storage +service with a federated architecture (multiple regions and zones), you must +also install the synchronization agent. +.. note:: Previous versions of Inktank Ceph Enterprise shipped with + `mod_fastcgi`. The current version ships with `mod_proxy_fcgi` instead. -#. Add a ``ceph-fastcgi.repo`` file to ``/etc/yum.repos.d``. Replace - ``{distro}`` with the name of your distribution (e.g., ``centos6``, - ``rhel6``, etc.) :: +In distros that ship Apache 2.4 (such as RHEL 7, CentOS 7 or Ubuntu 14.04 +`Trusty`), `mod_proxy_fcgi` is already present. When you install the `httpd` +package with `yum`, `mod_proxy_fcgi` becomes available for use on your server. - [fastcgi-ceph-basearch] - name=FastCGI basearch packages for Ceph - baseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-{distro}-x86_64-basic/ref/master - enabled=1 - priority=2 - gpgcheck=1 - type=rpm-md - gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc - - [fastcgi-ceph-noarch] - name=FastCGI noarch packages for Ceph - baseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-{distro}-x86_64-basic/ref/master - enabled=1 - priority=2 - gpgcheck=1 - type=rpm-md - gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc +In distros that ship Apache 2.2 (such as RHEL 6, CentOS 6 or Ubuntu 12.04 +`Precise`), `mod_proxy_fcgi` comes as a separate package. In *RHEL 6/CentOS 6*, +it is available in `EPEL 6` repo and can be installed with `yum install +mod_proxy_fcgi`. For Ubuntu *12.04*, a backport has been created for +`mod_proxy_fcgi` which is available in `Precise` backport repository. - [fastcgi-ceph-source] - name=FastCGI source packages for Ceph - baseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-{distro}-x86_64-basic/ref/master - enabled=0 - priority=2 - gpgcheck=1 - type=rpm-md - gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc - If the repository doesn't have a ``noarch`` section, you may remove the - ``noarch`` entry above. +Install Apache +============== +To install Apache on the `gateway host`, execute the following: -#. Update your repository. On RHEL systems, enable the - ``rhel-6-server-optional-rpms`` repository. :: +On Debian-based distros, run:: - sudo yum update --enablerepo=rhel-6-server-optional-rpms + sudo apt-get install apache2 -#. Install Apache and FastCGI. :: +On RPM-based distros, run:: - sudo yum update && sudo yum install httpd mod_fastcgi + sudo yum install httpd -Configure Apache/FastCGI -======================== +Configure Apache +================ -To complete the installation, ensure that you have the rewrite module -enabled and FastCGI enabled. The steps differ slightly based upon the -type of package installation. +Make the following changes in Apache's configuration on the `gateway host`: -Debian-based Packages ---------------------- +Debian-based distros +-------------------- -#. Open the ``apache2.conf`` file. :: +#. Open the `apache2.conf` file:: sudo vim /etc/apache2/apache2.conf - -#. Add a line for the ``ServerName`` in the Apache configuration file. - Provide the fully qualified domain name of the server machine - (e.g., ``hostname -f``). :: +#. Add a line for the `ServerName` in the Apache configuration file. Provide + the fully qualified domain name of the server machine (e.g., hostname -f):: ServerName {fqdn} -#. Enable the URL rewrite modules for Apache and FastCGI. :: - - sudo a2enmod rewrite - sudo a2enmod fastcgi +#. Update `/etc/apache2/apache2.conf` to load `mod_proxy_fcgi` module. Add the + following to the file:: + + LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so + -#. Restart Apache so that the foregoing changes take effect. :: +#. Edit the line `Listen 80` in `/etc/apache2/apache2.conf` with the public IP + address of the host that you are configuring as a gateway server. Write + `Listen {IP ADDRESS}:80` in place of `Listen 80`. - sudo service apache2 restart +#. Start Apache service:: + sudo service apache2 start -RPM-based Packages ------------------- +RPM-based distros +----------------- - -#. Open the ``httpd.conf`` file. :: +#. Open the `httpd.conf` file:: sudo vim /etc/httpd/conf/httpd.conf -#. Uncomment ``#ServerName`` and add the name of your server. - Provide the fully qualified domain name of the server machine - (e.g., ``hostname -f``).:: +#. Uncomment `#ServerName` in the file and add the name of your server. Provide + the fully qualified domain name of the server machine (e.g., `hostname -f`):: ServerName {fqdn} -#. Ensure that the Rewrite module is enabled. :: +#. Update `/etc/httpd/conf/httpd.conf` to load `mod_proxy_fcgi` module. Add the + following to the file:: - #if not present, add: - LoadModule rewrite_module modules/mod_rewrite.so + + LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so + -#. Save the ``httpd.conf`` file. +#. Edit the line `Listen 80` in `/etc/httpd/conf/httpd.conf` with the public IP + address of the host that you are configuring as a gateway server.Write + `Listen {IP ADDRESS}:80` in place of `Listen 80`. -#. Ensure that the FastCGI module is enabled. The installer should - include an ``/etc/httpd/conf.d/fastcgi.conf`` file that loads the - FastCGI module. :: +#. Start httpd service - #if not present, add: - LoadModule fastcgi_module modules/mod_fastcgi.so + Execute:: -#. Restart Apache so that the foregoing changes take effect.. :: + sudo service httpd start - sudo /etc/init.d/httpd restart + Or:: + sudo systemctl start httpd Enable SSL @@ -236,25 +119,25 @@ for Apache. Use the following procedures to enable SSL. a SSL certificate from a trusted authority to use those client APIs. -Debian Packages ---------------- +Debian-based distros +-------------------- -To enable SSL for Debian/Ubuntu systems, execute the following steps: +To enable SSL on Debian-based distros, execute the following steps: -#. Ensure that you have installed the dependencies. :: +#. Ensure that you have installed the dependencies:: sudo apt-get install openssl ssl-cert -#. Enable the SSL module. :: +#. Enable the SSL module:: sudo a2enmod ssl -#. Generate a certificate. :: +#. Generate a certificate:: sudo mkdir /etc/apache2/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt -#. Restart Apache. :: +#. Restart Apache:: sudo service apache2 restart @@ -262,93 +145,60 @@ To enable SSL for Debian/Ubuntu systems, execute the following steps: See the `Ubuntu Server Guide`_ for additional details. -RPM Packages ------------- +RPM-based distros +----------------- -To enable SSL for RPM-based systems, execute the following steps: +To enable SSL on RPM-based distros, execute the following steps: -#. Ensure that you have installed the dependencies. :: +#. Ensure that you have installed the dependencies:: sudo yum install mod_ssl openssl -#. Generate private key. :: +#. Generate private key:: openssl genrsa -out ca.key 2048 -#. Generate CSR. :: +#. Generate CSR:: openssl req -new -key ca.key -out ca.csr -#. Generate a certificate. :: +#. Generate a certificate:: openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt -#. Copy the files to appropriate locations. :: +#. Copy the files to appropriate locations:: - cp ca.crt /etc/pki/tls/certs - cp ca.key /etc/pki/tls/private/ca.key - cp ca.csr /etc/pki/tls/private/ca.csr + sudo cp ca.crt /etc/pki/tls/certs + sudo cp ca.key /etc/pki/tls/private/ca.key + sudo cp ca.csr /etc/pki/tls/private/ca.csr #. Update the Apache SSL configuration file ``/etc/httpd/conf.d/ssl.conf``. - Give the correct location of ``SSLCertificateFile``. :: + Give the correct location of ``SSLCertificateFile``:: SSLCertificateFile /etc/pki/tls/certs/ca.crt - Give the correct location of ``SSLCertificateKeyFile``. :: + Give the correct location of ``SSLCertificateKeyFile``:: SSLCertificateKeyFile /etc/pki/tls/private/ca.key - Save the changes. - -#. Restart Apache. :: - - sudo /etc/init.d/httpd restart - -See `Setting up an SSL secured Webserver with CentOS`_ for additional details. - - + Save the changes. -Add Wildcard to DNS -=================== +#. Restart Apache. -To use Ceph with S3-style subdomains (e.g., ``bucket-name.domain-name.com``), -you need to add a wildcard to the DNS record of the DNS server you use with the -``radosgw`` daemon. + Execute:: -.. tip:: The address of the DNS must also be specified in the Ceph - configuration file with the ``rgw dns name = {hostname}`` setting. + sudo service httpd restart -For ``dnsmasq``, consider addding the following ``address`` setting with a dot -(.) prepended to the host name:: + Or:: - address=/.{hostname-or-fqdn}/{host-ip-address} - address=/.ceph-node/192.168.0.1 + sudo systemctl restart httpd -For ``bind``, consider adding the a wildcard to the DNS record:: - - $TTL 604800 - @ IN SOA ceph-node. root.ceph-node. ( - 2 ; Serial - 604800 ; Refresh - 86400 ; Retry - 2419200 ; Expire - 604800 ) ; Negative Cache TTL - ; - @ IN NS ceph-node. - @ IN A 192.168.122.113 - * IN CNAME @ - -Restart your DNS server and ping your server with a subdomain to -ensure that your Ceph Object Store ``radosgw`` daemon can process -the subdomain requests. :: +See `Setting up an SSL secured Webserver with CentOS`_ for additional details. - ping mybucket.{fqdn} - ping mybucket.ceph-node - -Install Ceph Object Gateway -=========================== +Install Ceph Object Gateway Daemon +================================== Ceph Object Storage services use the Ceph Object Gateway daemon (``radosgw``) to enable the gateway. For federated architectures, the synchronization @@ -356,10 +206,11 @@ agent (``radosgw-agent``) provides data and metadata synchronization between zones and regions. -Debian Packages ---------------- +Debian-based distros +-------------------- -To install the Ceph Object Gateway daemon, execute the following:: +To install the Ceph Object Gateway daemon on the `gateway host`, execute the +following:: sudo apt-get install radosgw @@ -370,13 +221,13 @@ following:: sudo apt-get install radosgw-agent -RPM Packages ------------- +RPM-based distros +----------------- -To install the Ceph Object Gateway daemon, execute the +To install the Ceph Object Gateway daemon on the `gateway host`, execute the following:: - sudo yum install ceph-radosgw ceph + sudo yum install ceph-radosgw To install the Ceph Object Gateway synchronization agent, execute the @@ -401,13 +252,8 @@ to configure your Ceph Object Gateway. There are two approaches: Ceph Object Gateway instances with regions and zones. Choose the approach that best reflects your cluster. - -.. _Get Packages: ../get-packages .. _Ubuntu Server Guide: https://help.ubuntu.com/12.04/serverguide/httpd.html .. _Setting up an SSL secured Webserver with CentOS: http://wiki.centos.org/HowTos/Https -.. _RFC 2616, Section 8: http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html -.. _gitbuilder.ceph.com: http://gitbuilder.ceph.com -.. _Installing YUM Priorities: ../yum-priorities .. _simple: ../../radosgw/config .. _federated: ../../radosgw/federated-config