Enabling bucket notifications for Ceph Object Storage

Use this information to enable bucket notifications for Ceph® Object Storage.

Before you begin

Make sure you have the following features set up:
  • IBM Spectrum® Discover 2.0.2.1
  • Red Hat® Ceph Storage 4.0 (available starting with version Beta 8)
  • A Ceph Object Gateway node that is set up with an HTTPS endpoint
Restriction:
  • Ceph Object bucket names must be unique across all data sources. You cannot use the same bucket name to reach a Ceph data source. For example, if there is the IBM Cloud® Object Storage or Amazon S3 bucket with the name "my_bucket", you cannot reach a Ceph data source with the bucket name "my_bucket".
  • Notifications from versioned buckets are not supported.
  • Only one IBM Spectrum Discover node can be configured for push notifications from Ceph Object Storage cluster at a time.

About this task

Use the following steps to enable bucket notifications for Ceph Object Storage.

Procedure

  1. Create a data source connection to the Ceph Object Storage cluster.
    A Ceph Object Storage source is established as an Amazon S3 data source connection.
    Remember: Each bucket must have its own data source connection entry in IBM Spectrum Discover.
  2. To enable Ceph Object Storage bucket notifications:
    1. Copy the ca.crt file from IBM Spectrum Discover node to a directory on the Ceph Object Gateway nodes.
    2. Locate the file in the /etc/kafka directory on the IBM Spectrum Discover node.
    3. Give this file a unique name on the Ceph node after it is copied over.
      Remember: Make sure that the file has the same name and in the same location on each Ceph Object Gateway node.
      You can choose to use /etc/ssl/certs as the copy target directory on the Ceph Object Gateway node.
  3. Create a topic entity by using Ceph bucket notification REST API. The topic contains the push endpoint on IBM Spectrum Discover where the notifications are sent to.
    Remember: To enable notifications to be sent to IBM Spectrum Discover you must provide push endpoint parameters when you create the topic entity.
    These parameters include the IBM Spectrum Discover Kafka topic and credentials that are required to securely produce messages to the topic. For more information about the REST API, see Create a TopicCreate a Topic in the Ceph documentation.
    The following parameters must be in the POST request:
    POST
    Action=CreateTopic
    &Name=ceph-le-connector-topic
    &push-endpoint=<endpoint>
    &Attributes.entry.5.key=use-ssl&Attributes.entry.5.value=true
    &Attributes.entry.6.key=ca-location&Attributes.entry.6.value=<file path>
    In this example:
    <endpoint>
    Indicates the URI of the IBM Spectrum Discover Kafka broker in this format: kafka://cos:<password>@<discover_fqdn>:9092
    <password>
    Indicates the password that can be obtained by an administrator on the IBM Spectrum Discover node from the following location: /etc/kafka/sasl_password
    <discover_fqdn>
    Indicates the fully qualified domain name of the IBM Spectrum Discover node.
    <file path>
    Indicates the location and file name of the Kafka certificate authority (CA) file on the Ceph Object Gateway Node.

    The following example shows topic creation by using the s3curl utility:

    $ ./s3curl.pl --id=rhceph -- -k -X POST https://<ceph object gateway address>:8080/ -d
    "Action=CreateTopic&Name=ceph-le-connector-topic&push-endpoint=kafka://cos:
    <password>@<discover_fqdn>:9092&Attributes.entry.5.key=use-ssl&Attributes.entry.5.value=true&
    Attributes.entry.6.key=ca-location&Attributes.entry.6.value=/etc/ssl/certs/ca.crt"

    The --id parameter identifies the credentials to use in the s3curl configuration file.

  4. Create a notification entity by using the Ceph bucket REST API. This associates events on a specific bucket to a topic. For more information, see CREATE NOTIFICATION CREATE NOTIFICATION in the Ceph documentation.
    The following example shows how to establish a bucket notification by using the s3curl utility:
    $ ./s3curl.pl --id=rhceph --put=notif.xml -- -k https://<ceph object gateway address>:8080/<bucket>?notification
    
    
    Contents of notif.xml:
    <NotificationConfiguration xmlns="http://s3.amazonaws.com/doc/2010-03-31/">
        <TopicConfiguration>
            <Id>id1</Id>
            <Topic>arn:aws:sns:default::ceph-le-connector-topic</Topic>
        </TopicConfiguration>
    </NotificationConfiguration>
    You can now capture events on objects within the configured buckets.