Preparing access to the Ceph Object Gateway using S3

As root, open port 8080 on the firewall:

[root@rgw ~]# firewall-cmd --zone=public --add-port=8080/tcp --permanent
[root@rgw ~]# firewall-cmd --reload

Add a wildcard to the DNS server that you are using for the gateway, as mentioned in Add a wildcard to the DNS.

You can also set up the gateway node for local DNS caching. To do so, execute the following steps:

1. As root, install and setup dnsmasq:

   [root@rgw ]# yum install dnsmasq
   [root@rgw ]# echo "address=/.FQDN_OF_GATEWAY_NODE/IP_OF_GATEWAY_NODE" | tee --append /etc/dnsmasq.conf
   [root@rgw ]# systemctl start dnsmasq
   [root@rgw ]# systemctl enable dnsmasq

   Replace IP_OF_GATEWAY_NODE and FQDN_OF_GATEWAY_NODE with the IP address and FQDN of the gateway node.

2. As root, stop NetworkManager:

   [root@rgw ~]# systemctl stop NetworkManager
   [root@rgw ~]# systemctl disable NetworkManager

3. As root, set the gateway server’s IP as the nameserver:

   [root@rgw ]# echo "DNS1=IP_OF_GATEWAY_NODE" | tee --append /etc/sysconfig/network-scripts/ifcfg-eth0
   [root@rgw ]# echo "IP_OF_GATEWAY_NODE FQDN_OF_GATEWAY_NODE" | tee --append /etc/hosts
   [root@rgw ]# systemctl restart network
   [root@rgw ]# systemctl enable network
   [root@rgw ~]# systemctl restart dnsmasq

   Replace IP_OF_GATEWAY_NODE and FQDN_OF_GATEWAY_NODE with the IP address and FQDN of the gateway node.

4. Verify subdomain requests:

   [user@rgw ~]$ ping mybucket.FQDN_OF_GATEWAY_NODE

   Replace FQDN_OF_GATEWAY_NODE with the FQDN of the gateway node.

   Warning: Setting up the gateway server for local DNS caching is for testing purposes only. You won’t be able to access the outside network after doing this. It is strongly recommended to use a proper DNS server for the IBM Storage cluster and gateway node.

Create the radosgw user for S3 access carefully and copy the generated access_key and secret_key.You will need these keys for S3 access and subsequent bucket management tasks. For more information, see Create an S3 user