The Gateway service is essentially a reverse proxy with some protocol inspection duties. As a proxy between the client applications and the storage nodes, its primary duty is to pass bytes from one network adapter to another.

Prerequisites

Content Gateway requires the following components for installation and operation:

• Swarm Storage cluster implemented with Storage settings needed by Gateway

• Elasticsearch cluster installed (if using metering data for critical functions such as billing, deploy at least 3 Elasticsearch servers and set up snapshot backups of that data)

• Search feed defined and enabled

• An authentication backend, such as LDAP or PAM

• Network time protocol (NTP) server reachable by both Gateway server(s) and Swarm storage nodes

• At least one server on which to install the Content Gateway software

• System locale set to LANG=en_US.UTF8

System Requirements

The system requirements for the Gateway depend on the volume of the traffic and the speed of the upstream network connection to client applications. 

• Gateway server software:

  • 64-bit Linux operating system, RHEL/Rocky Linux 8 or RHEL/CentOS 7

  • System locale set to LANG=en_US.UTF8

• Gateway server hardware:

  • Virtual or physical machine

  • 2+ CPU cores

  • 2+ GB RAM

  • 3+ GB /tmp space

  • 2+ GB available disk storage after OS installation (see Space Requirements below)

• For high availability and capacity scaling, add the following:

  • Two or more additional Gateways 

  • A load-balancing mechanism

• Prevent Gateway clients from making storage requests directly to the back-end storage cluster using one of these methods:

  • (most common) Make the Gateway servers dual-homed on the front-end client network and the back-end storage network. 

  • Use network filtering to prevent direct user access to the storage cluster and to deploy Gateway servers and storage servers on one subnet. 

  • Use VLAN tagging on the Gateway server's network interface to allow one physical interface to carry both front-end and back-end traffic.

Space Requirements

Spool Space for Multipart Uploads

The HTTP multipart MIME upload operation requires spool space on the Gateway server; all other operations, including the S3 multipart upload, SCSP multipart writes, and normal whole-object writes, stream through the Gateway and directly to the back-end object storage nodes. HTTP multipart MIME POST requests are used by the upload function in the Content Portal and by HTML form POSTs.

Verify the total free disk space on a Gateway server includes an allowance for the maximum expected to be needed for these requests. To control the spool location and the percentage of disk space that can be used, set the multipartSpoolDir and multipartUsageAllowed in the [gateway] section of the configuration file.

Logging Space

The Gateway server uses up to 2GB of disk space for application logs and audit logs in the default configuration. The retention time and file size of the historical logs can be changed as required based on the deployment requirements. See the logging configuration in https://perifery.atlassian.net/wiki/spaces/public/pages/2443810201 section.

S3 Requirements

Follow these requirements to use S3 with Content Gateway:

• Enable and configure erasure-coding (EC).

• Size the cluster to support EC; for example, do not attempt to use S3 with inadequate resources, such as 3 chassis and reps=2.

See https://perifery.atlassian.net/wiki/spaces/public/pages/2443810131 and also https://perifery.atlassian.net/wiki/spaces/public/pages/2443812123 and https://perifery.atlassian.net/wiki/spaces/public/pages/2443808733 in the Swarm Storage guide.