Using Rest api to manage Ceph gateway


The development of microservices based on Ceph RadosGW requires that callers can create users and obtain user information through rest api.


Ceph's RadosGW has this function itself. These functions of creating users, obtaining user information, obtaining usage, etc. are called admin operation. We can access and perform administrative operations directly through the URL of RadosGW plus / Admin. For example, the URL of RadosGW is Http://, then the URL of the management operation is
The authorization of management operation is the same as the authorization mechanism of S3. Only after creating S3 user, you need to attach management permission to the responding user. As follows, we will create a user with administrative rights.
In the Ceph cluster, execute the following statements (of course, you can change the user name and key you need):

$ sudo radosgw-admin user create --uid="my_s3_user" --display-name="my_user_display_name" --access-key="my_admin_access_key" --secret-key="my_admin_secret_key"
$ sudo radosgw-admin --id admin caps add --caps="buckets=*;users=*;usage=*;metadata=*" --uid="my_s3_user"

As mentioned above, a user with administrative authority is created. Next, you can use the API provided by the official website ([click Browse] [1]).
In addition, if you don't want to use the Rest api directly, you can also use some encapsulated third-party libraries. Here, I will introduce a third-party Java library ([click Browse] [2]), which is also the one I am using now. The following example code creates an S3 user, obtains the S3 certificate, and sets the quota.

    private static void testRadosAdmin() {
        String accessKey = "my_admin_access_key";
        String secretKey = "my_admin_secret_key";
        String adminEndpoint = "";
        RgwAdmin rgwAdmin = new RgwAdminBuilder().accessKey(accessKey).secretKey(secretKey).endpoint(adminEndpoint)

        String userId = "8eeb3bb0-eda0-48f9-a18f-c04daecb5e69";
        User user = null;
        // create a user
        user = rgwAdmin.createUser(userId);
        if (user != null) {
            // get user S3Credential
            for (S3Credential credential : user.getS3Credentials()) {
                System.out.println("userid: " + credential.getUserId() + ",getAccessKey: " + credential.getAccessKey()
                        + ", getSecretKey: " + credential.getSecretKey());

            // set user quota, such as maxObjects and maxSize(KB)
            rgwAdmin.setUserQuota(userId, 1000, 1024 * 1024 * 5);

            Optional<Quota> quota = rgwAdmin.getUserQuota(userId);
            if (quota.isPresent()) {
                System.out.println("quota KB: " + quota.get().getMaxSizeKb());
        } else {
            System.out.println("create user failed");

  [1]: [2]:

Keywords: Ceph REST sudo Java

Added by everogrin on Wed, 15 Apr 2020 19:31:16 +0300