S3

Rados Gateways (RGW)

To access the S3 API you will need to setup RGWs, which your S3 clients will be able to connect to.

  1. Navigate to Config and adjust the rgw dns name.
  2. Navigate to S3.
  3. You will be prompted to choose servers for your RGWs.

SSL Certificate

To secure your S3 traffic, you might want to change the certificate.

  1. Navigate to S3 -> SSL Certificate.
  2. Replace the existing self-signed certificate with a new PEM-encoded file.

High Availability

Clients are able to connect to your RGWs directly. Croit can setup failover for you with HA Groups.

Load Balancing

Croit currently doesn't handle any load balancing. If this is a requirement, we recommend setting up HAProxy in front of your RGWs.

Running Multiple RGW per Server

We recommend running only a single RGW service per server. However, croit does allow you to install multiple RGW services on a single server.

There some important things to keep in mind with this feature:

  • Each RGW service needs to be configured to run on different ports. By default, RGW runs on port 80 and 443 (with SSL). All additional RGW services created on a server will run on different ports.
  • Since additional RGWs run on different ports, such a setup typically only makes sense with an external load balancer (external meaning configured outside of croit).
  • HA groups (high availability) aren't supported with servers that run multiple RGW services. HA groups only work with servers running a single RGW service with ports 80/443. All RGW servers in an HA group also have to have the same RGW DNS name and RGW zone. Your external load balancer should instead take care of providing HA.
  • The rgw frontends setting will need to be removed before you can enable this feature. This setting isn't configured by default, and only needs to be removed if you added it via the croit UI in the past.
  • If you edited the ceph.conf template, make sure the template itself doesn't contain rgw frontends, rgw dns name or rgw zone options.

Enabling Multi-RGW support

First, make sure that the rgw frontends setting is removed. To do so, navigate to Config on the left and remove the setting (if it's configured at all) by selecting it in the table and clicking on Reset. Croit will also verify this later on.

With that done, you can enable the feature via the croit settings page:

  1. Navigate to Croit in the bottom left to access the croit settings page.
  2. Click Add and search for croit enable multi rgw support. Multi-RGW settings
  3. Enable the toggle button, and click on Save.
  4. If you don't have RGW/S3 configured already, you can ignore the following steps.
  5. Croit will make sure that there aren't any conflicting settings with this feature. You will be notified about any complications.
  6. Finally, croit will try to find what ports your existing RGW services are running on. Typically, all services should run with ports 80/443. You will see a message similar to this: RGW ports Confirm that the ports are correct.
  7. Navigate to Servers, and go to the Services tab. Select all RGW services, and do a rolling restart (Actions > Rolling restart). Restarting all RGW services will make sure that multi-RGW support is correctly enabled, and RGW is still working as expected.

Support for multiple RGW per server is now enabled. You can now create additional RGW services on any server.

When adding additional RGW services, the new services will use the first free ports counting up from 80 and 443 respectively. For example, the second RGW service on a server would use ports 81/444, the third would use 82/445, and so on. You can customize which ports a service uses on the Services tab after creating it:

  1. Navigate to Servers, and go to the Services tab. RGW Edit
  2. Click on an RGW service.
  3. Click on Edit at the top.
  4. You can change the HTTP port, HTTPS port, the RGW DNS name and the RGW zone for this service. RGW Edit Dialog

Please note that HA groups with RGWs only work with port 80/443, and that all servers in an HA group need to have the same RGW DNS name and RGW zone.

Disabling Multi-RGW support

To disable support for multiple RGW services per server again:

  1. Make sure only 1 RGW service is running per server. Delete any additional RGW services on each server.
  2. Configure each RGW to use ports 80/443 with no customized RGW DNS name or RGW zone (i.e. leave both fields empty).
  3. Remove the rgw frontends setting (just like when enabling multi-RGW support). To do so, navigate to Config on the left and remove the setting (if it's configured at all) by selecting it in the table and clicking on Reset.
  4. Navigate to Croit in the bottom left to access the croit settings page, select the croit enable multi rgw support setting, click on Edit and disable it again.
  5. Croit will make sure that everything is correctly configured to disable multi-RGW support again.
  6. Navigate to Servers, and go to the Services tab. Select all RGW services, and do a rolling restart (Actions > Rolling restart). Restarting all RGW services will make sure that multi-RGW support is correctly disabled, and RGW is still working as expected.