Last Updated: April 4, 2017
The Ceph connector enables use of a Globus data access interface on an Ceph storage system, via the Ceph Object Gateway. This requires the installation of Globus Connect Server and an additional package that is specific to the CEPH storage system called the CEPH DSI.
The CEPH connector is a premium feature available only to Globus subscribers, and is thus only available for Managed Endpoints.
For adding the CEPH connector to Globus Connect Server v5 endpoint, please refer to Ceph Connector for GCSv5
A functional Globus Connect Server installation is required for installation and use of the CEPH connector. The Globus Connect Server Installation Guide provides detailed documentation on the steps for installing and configuring a server endpoint.
The CEPH connector is available for all distributions supported by Globus Connect Server.
Install the package globus-gridftp-server-ceph from the Globus repository.
For RedHat-based systems:
$ yum install globus-gridftp-server-ceph
For Debian-based systems:
$ apt-get install globus-gridftp-server-ceph
For SLES 11-based systems:
$ zypper install globus-gridftp-server-ceph
The Ceph DSI requires the following steps for configuration:
Create a RADOS Gateway User with users:read capabilities
Configure the Ceph DSI
Enable the Ceph DSI
Restart the GridFTP server
This identity is used by the Ceph DSI to look up keys associated with the Ceph user_id that the GridFTP session is authorized to run as.
This command must be run on a host with access to the ceph client.admin keyring in order to create the gridftp Ceph user_id:
$ radosgw-admin user create \ --uid=gridftp \ --display-name "GridFTP Ceph DSI" \ --caps="users=read"
Note in the output for this command the "access_key" and "secret_access_key" fields of the "keys" object, as those will be needed in the next step. If you forget to record those, you can use the following command to retrieve the same information:
$ radosgw-admin user info --uid=gridftp
The package contains an example configuration file in /etc/globus/globus-gridftp-server-ceph.conf
The format of the file is very simple:
Comments begin with
Configuration values are set by a line of the form
name = value
There is no special quoting syntax, and whitespace is ignored between tokens.
At the very minimum, the configuration values "host_name", "ceph_rg_admin_access_key_id", and "ceph_rgw_admin_secret_access_key" must be set. There are comments in the file describing all available configuration options.
Since ceph users need not have user accounts on the local endpoint, ceph transfers will be configured to run under a local service user account. Create a user named
globus-ceph. This account name will be used below as the value of the
process_user configuration option.
Globus Connect Server configuration that refers to
$HOME, such as
SharingStateDir, will be using the home directory of this account. Ensure that these files are only accessible by the
Create the file /etc/gridftp.d/gridftp-ceph containing these lines:
threads 2 load_dsi_module ceph process_user globus-ceph
To enable a debugging log for the ceph dsi, set the environment variable GLOBUS_S3_DEBUG "1023,/tmp/s3.log" to enable a highly verbose log of the DSI. This can be easily done for a gridftp configuration by creating a file /etc/gridftp.d/ceph-debug with the contents