Skip to main content

Connecting Ceph

This guide walks you through connecting a Ceph object storage destination to Pluton.

Prerequisites

Before connecting Ceph, you need:

  1. A running Ceph cluster with the RADOS Gateway (RGW) S3-compatible API enabled
  2. An Access Key ID and Secret Access Key with permissions to read/write objects
  3. The S3 endpoint URL of your Ceph RADOS Gateway

Getting Your Credentials

Step 1: Create an S3 User

If you have admin access to your Ceph cluster, create an S3 user via the radosgw-admin command:

radosgw-admin user create --uid="pluton-backup" --display-name="Pluton Backup User"

This outputs a JSON response containing your access_key and secret_key. Copy both values.

If you are using a managed Ceph service or dashboard (e.g., Ceph Dashboard, Proxmox), create the user through the web interface and retrieve the S3 credentials from the user details page.

Step 2: Identify Your Endpoint

Your Ceph S3 endpoint is the URL of the RADOS Gateway. Common examples:

  • https://ceph.example.com (if behind a reverse proxy)
  • http://ceph-node:7480 (default RGW port)

Confirm the endpoint with your Ceph administrator if unsure.

Step 3: Create a Bucket (Optional)

You can create a bucket in advance using the s3cmd tool, the Ceph Dashboard, or let Pluton create one when setting up a backup plan:

s3cmd --host=ceph.example.com --host-bucket="" mb s3://pluton-backups

Connecting to Pluton

Pluton Ceph

Step 1: Add Storage

  1. In Pluton, navigate to Storages
  2. Click Add Storage button
  3. Select Ceph from the provider list

Step 2: Configure Connection

Fill in the required fields:

  • Storage Name: A friendly name (e.g., "Ceph Production Backups")
  • Access Key ID: Your Ceph Access Key ID
  • Secret Access Key: Your Ceph Secret Access Key (password)
  • Endpoint: API endpoint to connect to (e.g., https://ceph.endpoint.example.com)

Step 3: Advanced Options (Optional)

Additional settings available:

  • Server-side Encryption: Choose AES256 or KMS encryption for data at rest
  • Storage Class: Select the storage class for new objects (Standard, Reduced Redundancy, etc.)
  • Bucket ACL: Set access control for bucket creation (private, public-read, etc.)
  • Upload Cutoff: Threshold for switching to chunked uploads (default: 200 MiB)
  • Chunk Size: Size of chunks for multipart uploads (default: 5 MiB)
  • Force Path Style: Enabled by default; use path-style access for S3 requests (recommended for Ceph)
  • Disable Checksum: Skip MD5 checksum storage for faster uploads

Step 4: Test and Save

  1. Click Test Connection to verify credentials
  2. If successful, click Save
  3. Your Ceph storage is now ready for backup plans

Common Issues

Connection Refused: Verify the endpoint URL is correct and that the RADOS Gateway service is running and accessible from the Pluton server.

Access Denied: Ensure the S3 user has sufficient permissions (read/write) on the target bucket. Check that the Access Key ID and Secret Access Key are entered correctly.

SSL Certificate Errors: If using HTTPS with a self-signed certificate, ensure the certificate is trusted on the Pluton server or use HTTP for internal networks.

Bucket Not Found: Confirm the bucket exists and that the S3 user has access. Some Ceph deployments require explicit bucket policies.

Best Practices

  • Create a dedicated S3 user for Pluton with minimum required permissions
  • Use HTTPS endpoints for production environments to encrypt data in transit
  • Enable Force Path Style (enabled by default) — Ceph RGW typically requires path-style access
  • Place the Pluton server in the same network as the Ceph cluster for optimal transfer speeds
  • Monitor Ceph cluster health and storage capacity to ensure reliable backups