Last Updated: November 6, 2018

The Ceph connector enables use of a Globus data access interface on an Ceph storage system, via the Ceph Object Gateway. This requires the installation of Globus Connect Server. The connector is available as an add-on subscription to organizations with a Globus Standard subscription - please contact us for pricing.

This document describes how to install and configure the Ceph Connector connector as well as create Ceph Storage Gateway. After the installation is complete, any authorized user can establish a connection to the Ceph buckets that they have access to by following the steps in this How To in order to create a collection

The installation must be done by a system administrator, and has the following distinct set of steps:

  • Installation of the packages needed for Globus Connect Server version 5 endpoint as well as creation of the endpoint itself.

  • Create a storage gateway on the endpoint configured to use the Ceph Connector.

Please contact us at if you have questions or need help with installation and use of the Ceph Connector.

Table of Contents

Endpoint Installation

The Ceph Connector requires a functional Globus Connect Server 5 endpoint in order to be used. Instructions for installing and configuring and endpoint using Globus Connect Server 5 can be found here. The rest of this document assumes that a functional Globus Connect Server 5 endpoint is being used when attempting to configure the Ceph Connector.


The Ceph DSI requires the following steps for configuration:

  • Create a RADOS Gateway User with users:read capabilities

Create a RADOS Gateway User with users:read capabilities

This identity is used by the Ceph DSI to look up keys associated with the Ceph user_id that the GridFTP session is authorized to run as.

This command must be run on a host with access to the ceph client.admin keyring in order to create the gridftp Ceph user_id:

# radosgw-admin user create \
    --uid=gridftp \
    --display-name "GridFTP Ceph Connector" \

Note in the output for this command the access_key and secret_access_key fields of the keys object, as those will be needed in the next step. If you forget to record those, you can use the following command to retrieve the same information:

# radosgw-admin user info --uid=gridftp

Creating a Storage Gateway using the Ceph Connector

To create an Ceph Storage Gateway on an endpoint, use the `globus-connect-server-config storage-gateway create’ command. For example:

$ sudo globus-connect-server-config storage-gateway create \
    --connector Ceph \
    --display-name "Ceph Storage Gateway" \
    --root "/" \
    --domain \
    --s3-endpoint \
    --s3-bucket data-bucket1 \
    --s3-bucket data-bucket2 \
    --ceph-admin-key-id ACCESS-KEY \
    --ceph-admin-secret-key SECRET-ACCESS-KEY

Storage Gateway Created: 99d351bc-cdb4-4cee-be86-3bb01e4b1022

Note that the ID of the new storage gateway is given in the output.

This would create a storage gateway on the endpoint that:

  1. Uses the "Ceph" storage connector and is called "Ceph Storage Gateway".

  2. Causes new collections to be rooted in the bucket space of the Ceph endpoint.

  3. Allows Globus users with a Globus Account that includes an identity from the Identity Provider that controls the domain to create collections if they have a Ceph account.

  4. Allows access to the data-bucket1 and data-bucket2 Ceph buckets as /data-bucket1 and /data-bucket2 on the storage gateway.

  5. Uses the values ACCESS-KEY and SECRET-ACCESS-KEY from the previous configuration step as to access the Ceph administration bucket and access user information.

The the globus-connect-server-config storage-gateway create command supports the following options for storage gateways configured to use the Ceph Connector, in addition to the common options supported for all storage connectors:

include:s3-common/gcsv5-common-options.adoc[] --ceph-admin-key-id:: The Ceph administrator key id with the users:read capability. This is a required parameter for a Ceph Storage Gateway. --ceph-admin-secret-key:: The Ceph administrator secret key associated with the Ceph admin key passed in with the previous parameter.

Creating a collection on a Ceph Storage Gateway

Once a Ceph Storage Gateway has been configured on the endpoint, permitted users can then create collections using the storage gateway. These collections allow permitted Globus users access to the Ceph service using their Ceph username. The process of creating a new collection using a storage gateway configured to use the Ceph Connector is found here. Please refer to the Globus Connect Server install document for the various options available in the tool to manage storage gateways.

© 2010- The University of Chicago Legal