rgw custom roles

Default case

By default the default role for rgw nodes is termed rgw and this would be most commonest single RGW in a node deployment usecase. However there are use cases where multiple rgws need to be deployed in the same node, or you have a few ssl terminated and non-ssl terminated rgws, etc. and this is where creation of custom roles can be useful.

Custom Roles

Custom roles need to be mentioned in the global/cluster.yml files, the default location being /srv/pillar/ceph/stack/global.yml.

The syntax for rgw custom roles follow the structure:

rgw_configurations:
  <rgw_role1_name>:
    users:
      - {uid: "foo", name: "foo", email: "[email protected]"}
  <rgw_role2_name>:
    users:
      - {uid: "bar", name: "bar", email: "[email protected]"}

This section no longer accurate and preceded the ceph.conf.d implementation. For current examples, see rgw.conf and rgw-ssl.conf in /srv/salt/ceph/configuration/files.

RGW with SSL and non SSL on the same node

RGW now has support for deploying both ssl and non ssl RGWs on the same node, for this we again make use of the custom roles feature

• In global.yml add the following:

rgw_init: default-ssl
rgw_configurations:
  rgw:
    users:
      - { uid: "admin", name: "Admin", email: "[email protected]", system: True }
  # when using only RGW& not ganesha ssl will have all the users of rgw already,
  # but to be consistent we define atleast one user
  rgw-ssl:
    users:
      - { uid: "admin", name: "Admin", email: "[email protected]", system: True }

• modify /srv/salt/ceph/configuration/files/ceph.conf.<rgw-role-name> in this case rgw-ssl and rgw to suit your needs, the default assume ports 443 and 80 respectively
• add the requisite roles in policy.cfg

role-rgw/cluster/rgw-node.sls
role-rgw-ssl/cluster/rgw-node.sls

• add a openssl pem cert file in /srv/salt/ceph/rgw/cert, this will get deployed in nodes at the /etc/ceph/ location
• run stages 2 through 4 to see the newly deployed rgw