Enhancements
This section lists all the major updates, and enhancements introduced in this release of IBM Storage Ceph.
The Cephadm utility
- Deploy NVMe-oF Gateway using
cephadm -
With this release, you can now deploy NVME over Fabrics either by using the
ceph orch apply nvmeofcommand or by applying a service specification with theservice_type nvme. - TLS is enabled across all monitoring components, enhancing security for Prometheus
-
With this enhancement, to safeguard data integrity, confidentiality, and alignment with the security best practices, TLS is enabled across the monitoring stack. The enhanced security feature for Prometheus, Alert manager and Node exporter adds an additional layer of protection by using secure communication across the monitoring stack.
- Enhanced security of the monitoring stack
-
With this enhancement, to safeguard data integrity, confidentiality, and to align with the security best practices, the authentication feature for Prometheus, Alert manager, and the Node exporter is implemented. This enhances the security of the whole monitoring stack by enabling TLS in all the monitoring components and requiring users to provide valid credentials before accessing Prometheus and Alert Manager data. By using this new feature, an additional layer of protection is provided by using secure communication and preventing the unauthorized access to sensitive metrics and monitoring data. With TLS enabled in all the monitoring stack components and authentication in place, users must authenticate before accessing monitoring and metrics data, enhancing overall security and control over data access.
- Users can now put a host into maintenance mode
-
Previously, users could not put a host into maintenance mode as stopping all the daemons on that host would cause data unavailability.
With this enhancement, a stronger force flag for the
ceph orch host maintenance entercommand called--yes-i-really-mean-itis added. Users can now put a host into maintenance mode, even when Cephadm warns against it. - Users can now drain a host of daemons without draining the client
conforkeyringfiles -
With this enhancement, users can drain a host of daemons, without also draining the client
conforkeyringfiles deployed on the host by passing the--keep-conf-keyringflag to theceph orch host draincommand. Users can now mark a host to have all daemons drained or not placed there while still having Cephadm manageconforkeyringfiles on the host. - Cephadm services can now be marked as
managedorunmanaged -
Previously, the only way to mark the Cephadm services as
managedorunmanagedwas to edit and re-apply the service specification for the service. This was inconvenient for scenarios, such as temporarily stop making OSDs on devices that match an OSD specification in Cephadm.With this enhancement, commands are added to set the Cephadm services to be marked as
managedorunmanaged. For example, one can runceph orch set-unmanaged moncommand orceph orch set-managed moncommand. These new commands allow toggling the states without having to edit and re-apply the service specification. - Users can now apply client IP restrictions on the NFS deployment using the HAProxy protocol mode
-
Previously, users could not apply client IP restrictions, while still using HAProxy between the client and NFS. This is because only the HAProxy IP would be recognized by NFS, making proper client IP restriction impossible.
With this enhancement, it is possible to deploy an NFS service in HAProxy protocol mode by passing
--ingress-mode=haproxy-protocolargument in theceph nfs cluster createcommand or by settingenable_haproxy_protocol: truein both the NFS service specification and the corresponding ingress specification. Users can now apply proper client IP restriction on their NFS deployment using the new HAProxy protocol mode in their NFS deployment.
Ceph File System
- Laggy clients are now evicted only if there are no laggy OSDs
-
Previously, monitoring performance dumps from the MDS would sometimes show that the OSDs were laggy,
objecter.op_laggyandobjecter.osd_laggy, causing laggy clients and the dirty data for cap revokes would not be flushed.With this enhancement, if the defer_client_eviction_on_laggy_osds parameter is set to
trueand a client gets laggy because of a laggy OSD then client eviction does not take place until OSDs are no longer laggy. quota.max_bytesis now set in more understandable size values-
Previously, the
quota.max_bytesvalue was set in bytes, resulting in often very large size values, which was hard to set or changed.With this enhancement, the
quota.max_bytesvalues can now be set with human-friendly values, such as M/Mi, G/Gi, or T/Ti. For example, 10GiB or 100K.
Ceph Dashboard
- Configure Ceph Object Gateway multi-site on the dashboard
- With this enhancement, you can configure multi-site Ceph Object Gateway not only through the
command-line interface, but also through the Ceph Dashboard. The dashboard now supports creating,
updating, and deleting Ceph Object Gateway entities such as realms, zonegroups, and zones. In
addition, this feature allows users to configure multi-site between two remote clusters, providing
options for data replication and synchronization.
For more information, see Configuring a multi-site.
- Improved overview dashboard utilization panel
- With this enhancement, graphs and graph legends are improved for better usability. In addition, search queries are improved for giving better results.
- Upgrade the cluster from the dashboard
-
Previously, an IBM Storage Ceph cluster could only be upgraded through the command-line interface.
With this enhancement, you can easily view and upgrade the available versions of the storage cluster and also track the upgrade progress from the Ceph dashboard.
- The Ceph Dashboard has an Overview page that displays the Ceph Object Gateway information
-
With this enhancement, an Overview page is added in the Object Gateway section of the Ceph dashboard. From this Overview page, users can now access a dedicated object gateway overview in the Ceph dashboard. This feature enhances the user experience by providing insights into the Object Gateway performance, storage usage, and configuration details. When multi-site is configured in the cluster, the user can also see the multi-site sync status directly on this Overview page.
- The Ceph dashboard displays capacity usage information for Block Device images
-
With this enhancement, a new capacity usage progress bar is visible within the Block > Images table on the Ceph dashboard. The bar provides visible usage information, along with a percentage.
- Manage Ceph File System volumes on the dashboard
-
Previously, Ceph File System (CephFS) volumes could only be managed through the command-line interface.
With this enhancement, CephFS volumes can now be listed, created, edited, and removed through the Ceph dashboard.
For more information, see Configuring CephFS volumes.
- Manage Ceph File System subvolumes and subvolume groups on the dashboard
-
Previously, Ceph File System (CephFS) subvolumes and subvolumes groups could only be managed through the command-line interface.
With this enhancement, CephFS subvolumes and subvolume groups can now be listed, created, edited, and removed through the Ceph dashboard.
For more information, see Configuring CephFS subvolumes and Configuring CephFS subvolume groups.
- Users can now specify the FQDN for Ceph Object Gateway host through the CLI and the dashboard
-
Previously, short hostnames were picked to resolve the Ceph Object gateway hostname which would cause issues.
With this enhancement, in the Ceph dashboard, the
rgw_dns_nameconfiguration option of the Ceph Object Gateway is used to resolve the hostname if it is provided. If you wants to specify the FQDN for the Ceph Object Gateway host, use thergw_dns_nameconfiguration option in the CLI and the dashboard then picks it up and the Ceph Object Gateway requests are made against it.
Ceph Object Gateway
- S3 WORM certification with an external entity
-
With this enhancement, S3 WORM feature is certified with an external entity. This enables data retention in compliance with FSI regulations and a secured object storage deployment that guarantees data retrieval even if the object/buckets in the production zones have been lost or compromised.
For more information, see Introduction to WORM.
- The
radosgw-adminbucket command prints bucket versioning - With this enhancement, the
radosgw-admin bucket statscommand prints the versioning status for buckets asenabledoroffsince versioning can be enabled or disabled after creation. - Multi-site sync instances now dynamically spread workloads among themselves
- Previously, the Ceph Object Gateway multi-site throughput was generally limited to the available
bandwidth of a single instance.
With this enhancement, Ceph Object Gateway multisite sync instances dynamically parallelize workload among themselves, using a work sharing algorithm. As a result, the scalability is now significantly improved and sync workloads are divided evenly throughout the sync.
- Enhanced bucket granular multi-site sync policies
- IBM Storage Ceph now supports bucket granular multi-site sync policies.
Bucket granular multi-sync sync replication was previously available as limited release. This enhancement provides full availability for new and existing customers in production environments. This feature allows enabling and disabling multi-site async replication on a per bucket level. This enhancement also increases the total RAW space required and increases the amount of synchronization traffic between sites.
For more information, see Bucket granular sync policies.
- Reduced object storage query times for data analytics with added JSON, Parquet, and CSV-format object support
- Ceph Object Gateway now supports operating on JSON-format, Parquet-format, and CSV-format
objects, expanding potential application of S3 select to widely deployed analytics frameworks, for
example, Apache Spark and Trino. This added support helps reduce query times.
For more information, see S3 select content from an object.
- Data can now be transitioned to the Azure cloud service, using the multi-cloud gateway (MCG)
- Previously, transitioning data to the Azure cloud service was a Technology Preview feature. With
this enhancement, the feature is ready to be used in a production environment.
This feature enables data transition in a Ceph Object Gateway storage environment, into the Azure cloud, for archiving purposes.
For more information, see Transitioning data to Azure cloud service.
- Enhanced S3 select feature for more efficient integration with Trino
- Object storage now has enhanced integration with Trino for S3 select operations. This improves
the query times for semi-structured and structured datasets stored in Ceph Object Gateway.
For more information, see Integrating Ceph Object Gateway with Trino.
RADOS
- New reports available for sub-events for delayed operations
-
Previously, slow operations were marked as delayed but without a detailed description.
With this enhancement, you can view the detailed descriptions of delayed sub-events for operations.
- New performance counters introduced for messenger v2
-
Previously, there were no dedicated performance counters for accounting encrypted traffic in messenger v2.
With this enhancement,
msgr_recv_encrypted_bytesandmsgr_send_encrypted_bytesperformance counters are introduced to account for receiving and sending bytes respectively that facilitate rough validation of the encryption status.
NFS Ganesha
- Support HAProxy's PROXY protocol
-
With this enhancement, HAProxy uses load balancing servers. This allows load balancing and also enables client restrictions on access.
- Add
cmount_pathoption and generate unique user ID -
With this enhancement, you can add the optional
cmount_pathoption and generate a unique user ID for each Ceph File System to allow sharing CephFS clients across multiple Ganesha exports thereby reducing the memory usage for a single CephFS client.