/
Swarm Gateway

Swarm Gateway

Overview

For more information about Swarm Gateway, its concepts, and operations, click here.

Prerequisites

Setup Linux for Cloud Gateway

Below is the deployment example for the site.

Minimal Server

Host name

cg77-01.datacore.internal

cg77-02.datacore.internal

Application Network 

IP Address

172.16.33.16/24 

172.16.33.17/24 

Gateway

172.16.33.1

NTP

172.16.33.10

To set up time synchronization for RHEL/CentOS 7 or RHEL/Rocky Linux 8, see here.

Install Swarm Gateway

Info

Creating a user/user group/password applies when PAM authentication is used. Create a user group via standard Linux user administration commands.

  1. Create a user group.

    groupadd clusteradmins

  2. Add a new user.

    adduser admin -g clusteradmins -p datacore passwd admin

  3. Update Linux and install EPEL.

    dnf -y update dnf -y install epel-release

  4. Install NTP server and verify NTP starts on system boot.

    dnf -y install chrony systemctl enable chronyd systemctl start chronyd

  5. Configure the firewall to allow Swarm Gateway.

    vi /etc/firewalld/services/swarm_gateway.xml
    <?xml version="1.0" encoding="utf-8"?> <service>   <short>SwarmGateway</short>   <description>Gateway server, which is based on http traffic.</description>   <port protocol="tcp" port="80"/>   <port protocol="tcp" port="91"/>   <port protocol="tcp" port="8090"/> <port protocol="tcp" port="9095"/>   <port protocol="tcp" port="9100"/> </service>

  6. Restart the firewall service.

  7. Add Swarm Gateway firewall rule (permanent)

    firewall-cmd --permanent --add-service swarm_gateway

  8. Reload the firewall service.

    firewall-cmd --reload

  9. Unzip the Swarm bundle package.

    cd /root/datacore unzip Swarm-{bundle version here}.zip

  10. Get the latest gateway and UI RPMs from the downloaded Swarm bundle.

    ll ~/datacore/Gateway/ -rw-r--r--. 1 root root 58718208 Dec 16 22:37 caringo-gateway-{version here}.noarch.rpm  -rw-r--r--. 1 root root      395 Dec 16 22:37 README.txt  -rw-r--r--. 1 root root     1927 Oct  2 04:17 RPM-GPG-KEY ll ~/datacore/UI/  -rw-r--r--. 1 root root  2835590 Oct  2 04:17 caringo-gateway-webui-{version here}.noarch.rpm  -rw-r--r--. 1 root root 19286001 Dec 16 22:37 caringo-storage-webui-{version here}.noarch.rpm  -rw-r--r--. 1 root root      359 Dec 16 22:37 README.txt  -rw-r--r--. 1 root root     1927 Oct  2 04:17 RPM-GPG-KEY 

  11. Install Swarm RPM public key included with the distribution bundle.

    rpm --import RPM-GPG-KEY

  12. Install Cloud Gateway components.

    dnf -y install caringo-gateway-{version here}.noarch.rpm

  13. Complete the IDSYS document for PAM user authentication.

    vi /etc/caringo/cloudgateway/idsys.json
    {"pam": {    "name" : "idsys-pam",    "description": "PAM identity management configuration",    "cookieName": "token",    "tokenPath":  "/.TOKEN/",    "tokenAdmin": "admin@" }} 

  14. Complete policy document for access control.

    vi /etc/caringo/cloudgateway/policy.json
    { "Id": "PAM policy example", "Statement": [{ "Sid": "1", "Resource": "/*", "Action": ["*"], "Principal": {"user": ["admin"], "group": ["clusteradmins"]}, "Effect": "Allow" }], "Version": "2008-10-17" }

  15. Install Gateway WebUI.

    dnf -y install caringo-gateway-webui-{version here}.noarch.rpm

  16. Edit the configuration file.

    vi /etc/caringo/cloudgateway/gateway.cfg

    1. Set adminDomain for the administrative domain name to be created. It is recommended to always set a unique name for each Swarm cluster to prevent replication collision between the Source and Target Swarm Cluster when using replication feeds. Set a unique name for each Swarm cluster to prevent replication collision.

    2. Set hosts for the storage cluster nodes (IP address of storage nodes).

    3. Set indexerHosts to Elasticsearch Servers (IP address of Elasticsearch nodes).

    4. Enable S3.

    5. Enable Cluster Admin on the gateway server to allow usage of the Swarm Storage UI.

    6. Set Management Port to 91. The admin user and password must be the same as configured in SCS.

      1. Set managementUser to the same value as admin.username

      2. Set managementPassword to the same value as admin.password

        # Following are only needed when enabling cluster_admin managementPort = 91  managementUser = admin  managementPassword = datacore 

    7. Enable metering.

Below is a sample Gateway configuration file in its entirety.

# gateway.cfg -- configuration file for Caringo CloudScaler Gateway server  # Please read the CloudScaler Gateway Administration Guide for an explanation  # of the parameters in this configuration file.  # Basic Configuration Steps:  # -------------------------  #   1. Set '[gateway]adminDomain' to administrative domain's name  #   2. Use the Swarm static locator for the backend cluster:  #        - Set '[storage_cluster]locatorType' to 'static'  #        - Set '[storage_cluster]hosts' for your Swarm nodes  #   3. Configure the Elasticsearch metadata backend:  #        - Set '[storage_cluster]indexerHosts' to the metadata search servers  #   4. If the S3 protocol is used:  #        - Ensure that bindAddress:bindPort does not conflict with SCSP  # NOTE: For production use, you will need to adjust the thread counts,  #       connection limits, connection time outs, and the space/limits  #       for the HTTP multi-part spool.  # Client communications and handling  [gateway] adminDomain = Lab1GatewayAdminDomain  threads = 100 * (Number of CPUs present in the Gateway)  # multipartSpoolDir = /var/spool/cloudgateway  # multipartUsageAllowed = 50  # sanitizeErrors = false  # enablePasswordEncryption = false  # legacyOnlyMode = false   # Storage cluster back-end configuration # [storage_cluster]  locatorType = static  hosts = 192.168.9.143 192.168.9.144 192.168.9.145 # port = 80 # dataProtection = immediate # blockUndeletableWrites = true indexerHosts = 192.168.9.21 192.168.9.22 192.168.9.23 # indexerPort = 9200 # indexerSocketTimeout = 120 # maxConnectionsPerRoute = threads / 2  # maxConnections = (threads / 2) * (number of nodes) # connectTimeout = 60 # socketTimeout = 120 # idleTimeout = 120 # continueWaitTimeout = 30 # Following are only needed when enabling cluster_admin  managementPort = 91 managementUser = admin managementPassword = datacore # SCSP front-end protocol # [scsp]  enabled = true  bindAddress = 0.0.0.0  bindPort = 80 # Set the following if this Gateway is the target of a push-style replication feed. # See 'Replication Feeds' in the Swarm documentation for details. # allowSwarmAdminIP = list,of,node,ips -or- all allowSwarmAdminIP = all # Set these to the external ports on your proxy, if using one  #externalHTTPPort = 80  #externalHTTPSPort = 443  # S3 front-end protocol [s3] enabled = true  bindAddress = 0.0.0.0  bindPort = 8090 # Set these to the external ports on your proxy, if using one  #externalHTTPPort = 80  #externalHTTPSPort = 443 # Cluster management protocol  # [cluster_admin]  enabled = true  bindAddress = 0.0.0.0  bindPort = 91 # secretKey = yoursecretkeyhere # Set these to the external ports on your proxy, if using one  #externalHTTPPort = 91  #externalHTTPSPort = 1443  # # Internal "folder listing service" config [folder_listings] # enhancedListingConsistency = true     # force ES index flush before query  # feedCheckInterval = 60000             # in milliseconds, how often to check for non-searchable domains (search feed filters)  # suppressNonSearchableError = false    # suppress 412 error when searching non-searchable domain  # Caching timers : 0 == disabled  # [caching]  # authRefresh = 300  # tokenRefresh = 300  # idsysRefresh = 300  # policyRefresh = 300  # xformRefresh = 300  # metadataRefresh = 300  # domainExistenceRefresh = 300 # Metering Support  # [metering]  enabled = true  # flushIntervalSeconds = 300  # retentionDays = 100  # storageSampleIntervalSeconds = 3600  # Quota Support  # [quota] enabled = false  smtpHost = localhost  mailFrom = donotreply@localhost  # mailSubjectTemplate = Quota state change notification  # mailTemplate = Metric %metric% changed to %state% state in %contextType% %contextName%. # smtpPort = 25  # smtpUser =  # smtpPassword =  # minRefreshDeadline = 60  # maxRefreshDeadline = 3600  # numRefreshThreads = 4  # maxRefreshRetries = 3  # maxQueueSize = 10000  # queryTTL = 3600  # refreshRetryDelay = 10  # refreshIdleSleep = 3 # Prometheus metrics capturing support  [metrics]  metricsEnabled = true     # default enabled  # metricsPort = 9100        # port where to scrape for metrics  # Remote synchronous write support (RSW)  [rsw] # enabled = true            # default enabled # maxWaitTime = -1          # timeout in seconds to wait for RSW completion, -1 means no timeout # enableInfoLogging = true  # default true, log RSW operations at INFO level # Object Lock Support (Retention, LegalHold) # [object_locking]  # scspDeleteUsesS3Logic = true  # Allows delete of a locked current object version (via delete marker) # retentionMaxYears = 100       # Max retention duration 

Cluster Initialization

The gateway must be initialized once the configuration is complete to guarantee a proper runtime environment. This ensures the administrative domain exists within the storage cluster and secures all plaintext passwords entered into the configuration files.

  1. Verify Gateway is not running.

    systemctl stop cloudgateway

  2. Perform the initialization of the environment.

    /opt/caringo/cloudgateway/bin/initgateway

  3. Start CloudGateway and verify the gateway service is running on system boot once initialization is successfully completed.

    systemctl start cloudgateway systemctl enable cloudgateway

Info

If you encounter the error "No module named PAM", run sudo dnf install -y python3-pam command to install the required PAM module.

Next, Setup Additional Gateways.

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.