|
|
楼主 |
发表于 2022-2-9 10:04:03
|
显示全部楼层
ceph对象存储- E8 y" d5 r, _9 B/ p
顾名思义,对象存储以对象方式管理数据。每一个对象存储数据、元数据以及一个唯一的标识符。对象存储不能直接被操作系统当成本地或者远程文件系统访问。它只能在应用程序级别通过API访问。ceph提供的对象存储接口是RADOS网关,它建立在ceph RADOS层之上。RADOS网关为应用程序提供兼容S3或者Swift的RESTful API接口,以便将数据以对象方式存储到ceph集群中。( O' @: o @) W+ C; K
在生产环境中,如果你在ceph对象存储上有大量的工作负载,则你应该使用专用的物理服务器来配置RADOS网关,另外你可以考虑将所有的monitor节点配置成RADOS网关。, Z" l( O1 P. |# x d
* w7 [8 U' g! Z4 K' N安装radosgw相关包6 o! J1 j# d' R) {
yum -y install ceph-radosgw ceph
9 b* Z6 x% _6 Y+ q/ V7 W; s1
% r0 V( m/ G0 I. \$ x# [创建用户
, R K- P% q( f8 E& Y9 E为ceph创建rados网关用户及密钥环,登录任意一台ceph monitor节点上,并执行下列命令
( {5 Y5 b5 V7 i% O, C创建密钥环
# w, \5 K W5 m7 q& [' P" o$ o6 `6 ? y2 J$ U) r
ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring 0 a. p# a. E: b C. q; b C0 z
输出& W3 ^# `5 {3 Q+ t
creating /etc/ceph/ceph.client.radosgw.keyring
% Z i/ p/ f2 L5 j/ v1, Z# G6 }. p! g
2
6 r/ h% T$ v. B( {- l7 i) b+ o' ^3 }, g% _7 ^' Q7 }# g* k
chmod +r /etc/ceph/ceph.client.radosgw.keyring# q, j2 v0 x4 O* d0 |' Y
1# O4 R ? z* |6 [
这时候/etc/ceph/ceph.client.radosgw.keyring 文件还是空的/ c. x" r- A! t6 k1 m
为RADOS网关实例生成网关用户以及密钥,这里的RADOS网关实例名是gateway
; i" o2 `. Z6 }& B
/ \" ?" q- e1 I' ^, n! r& Y: Lceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key: `+ z- p t# ?8 W. l
1. E9 N) [2 @& a: J6 S
cat /etc/ceph/ceph.client.radosgw.keyring
: V7 H& Z7 D# \* }[client.radosgw.gateway]
% W; i. n7 w8 J0 |# w key = AQBWuqBf5apFDxAAAbqsG0NTx8lehGoNpcPVJQ==
" @* r" B; C! |5 n1# b0 u/ O" T1 _; [* s$ N0 y
20 T( _: t% j( g1 |5 j
3
) \. Z) d* T; L8 V" B( s. H为密钥增加功能
5 e2 x- |7 n+ w8 o. w" W
9 v( i2 p/ Y9 @& Y0 ~ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
' C5 W3 w: Q8 v$ v& z h1: w' g, I3 _6 {/ M0 v
cat /etc/ceph/ceph.client.radosgw.keyring
6 t* A, a3 P% f9 M# C( e' x[client.radosgw.gateway]
! _* C& x8 `% q: z' Z: W* }. R key = AQBWuqBf5apFDxAAAbqsG0NTx8lehGoNpcPVJQ==
2 X4 G+ e! ~/ J$ H A0 t caps mon = "allow rw" K5 ]# J( i& F4 n$ M' W
caps osd = "allow rwx"
7 R" S) V4 v8 _' ^+ ]( s1% g9 | s: y8 q
2
9 D. a! o# E1 E35 M2 F' X: P# E
4
* [6 u3 c/ f/ ^$ d4 s& h: p, w51 O0 s) R* m8 l3 O) {0 N
将密钥添加到ceph集群中
! I y4 p9 k/ L- A1 e6 d
- b( h' W# T# L7 S2 ]7 Oceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
" m& h; g# w* ?$ u( T. z输出
& Y, i( k( l8 padded key for client.radosgw.gateway
, |, {2 G1 Z, a& d* a: E1* K8 e& f3 B- v; e
2# M8 E, y5 `- x z1 E6 X
3
4 C" C: ]1 V7 q) b分发密钥到ceph rados网关节点上" T0 ~5 T0 u2 R; C8 x3 @
2 n% ~1 L6 l5 ?/ I1 O6 n; Z1 P- r
scp /etc/ceph/ceph.client.radosgw.keyring radosgw节点的hostname:/etc/ceph/ceph.client.radosgw.keyring 6 }/ L( g4 w& ~! m8 q" J- G
1
1 M; l. r' K3 q# Z% X9 g3 K由于这里的rados网关节点和monitor节点在一台机器上,所以不必分发。
; p( `3 s# h, s0 H6 p8 ~, B8 M
) c1 C/ K; h, d. Q为rados网关创建池
! O/ y$ k/ ], wceph osd pool create .rgw 128 128/ Q/ ?# w$ X( C; E4 w
1$ [& S8 W9 m" B ?
创建radosgw网关数据目录6 O, [ r6 g( m6 X3 r3 ~; z
mkdir -p /var/lib/ceph/radosgw/ceph-ceph01.gateway( r8 p! T1 @" B( j7 }8 c
1. K' b0 z8 S! m* U
Civetweb方式配置rgw3 j6 E r0 N/ F1 z- F4 a; @ A
增加配置' u. C- I% g# J4 m5 k0 I
给ceph添加一个网关配置,添加如下配置到ceph monitor节点的ceph.conf文件中, 并将该文件移动到RADOS网关节点。确保主机名是RADOS网关的主机名。1 a3 C! _& u' u& t: g
5 Y8 H$ A; e+ c, _0 {3 m. z
[client.radosgw.gateway]
N8 K' n( `8 n8 H* J. q9 ?host=ceph01
, w/ P+ X! t9 `% ^3 W" m S5 }% Ckeyring=/etc/ceph/ceph.client.radosgw.keyring
5 K* B _, X/ i" e6 t( Olog file=/var/log/ceph/client.radosgw.gateway.log7 k2 e6 N. J. @) a
rgw_frontends = civetweb port=80
- m3 p2 f- ^0 m* Z6 `+ Q1; [8 H4 Q, z o* n5 i. V1 o
2
/ h& U; D5 u9 h ]& F5 d0 w3+ E# S% u# G* r$ s c- l( _% M
4
3 {! @+ ~1 H$ H% w' F( _# K: \) M9 h& ~5
/ P4 V. g# N/ d" n) w" Lcivetweb默认监听在7480端口,上述的配置中显示指定监听端口为80(port=80)
7 K4 t) k% j7 u2 @复制配置文件到rgw节点,这里rgw节点在ceph节点上,不必复制。! Q0 V0 ?- z) w; y
/ }( ^2 b3 v7 y7 o5 _
scp /etc/ceph/ceph.conf radosgw节点的hostname:/etc/ceph/ceph.conf# I3 |; g2 O0 i
1
. p3 n9 m- ~$ L: Q% G8 f/ z! W$ U启动rgw实例$ r* i) _" t1 Z& k0 F( H
systemctl start ceph-radosgw@radosgw.gateway.service5 v' L3 @9 J/ z7 k3 f) S% d
1 V4 P" z) C0 q8 K
说明:ceph-radosgw@radosgw.gateway.service中gateway为具体的实例名,这个实例名要和ceph.conf中配置的一致。, o, E# C/ o, X# w
) A, p7 U K; I3 M5 N1 T/ t验证. [1 g6 s& u2 m
rgw节点curl
3 @2 j( _& b9 t' v, R7 U3 o& U& b" |" r# D" |6 `. j
curl localhost:80; K6 S0 G, t" z) v c: E8 \
正确输出
4 d4 H/ j+ N4 x4 d<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 ceph]#
9 ~1 F: Z- M$ B1 U# m+ c! p1& U% U y4 d8 O: o
2% R# n2 s: r' a/ E6 C; Y1 O
3
5 S$ ?+ p: M! P: D3 P& @+ D+ [+ V8 G或者浏览器输入rgw节点ip ~( k2 {! S. T" {7 O0 W/ ^
正确输出如下( R8 k! {% n, v1 |$ s" ^+ W1 y
+ z5 r8 ~& h$ t9 t' {9 f+ J
+ i8 z$ E. x3 Lapache fastcgi方式配置rgw(方法1简单)
; e6 Z( t) _: r# _8 D安装httpd% g' L! r3 N& M9 x9 A( z; x: q
yum -y install httpd
' `/ t# S( B% o! C1
8 K% ]/ S. U: u8 Z7 a配置httpd8 F& k6 m# _' X; z% g& r
cat > /etc/httpd/conf.d/rgw.conf << EOF
% O* l! b( S+ \<VirtualHost *:80>
) l5 Y6 ^6 ~( B1 _$ {ServerName localhost; A3 l, E' g" {8 S) Y4 e. t
DocumentRoot /var/www/html5 E! h1 L2 f( i' e
+ d% c' P4 l- G! ~2 F5 mErrorLog /var/log/httpd/rgw_error.log
. i, T8 X# L& s+ B8 pCustomLog /var/log/httpd/rgw_access.log combined
' J- Z. M9 X8 @1 H* L6 y$ c
2 l# f/ Q% P a, `- L) @" C( @2 a# LogLevel debug8 ^2 E* ]' y Q( \2 Z9 }
1 g/ \5 {- g6 _. wRewriteEngine On. v Q9 T5 N; I V
" ]+ _5 G, E" @3 R, BRewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
1 K. c1 Z& c; r4 |1 X& _+ s# N7 F" K/ \1 U. v' ^3 B$ t
SetEnv proxy-nokeepalive 10 E% R; T* H. n' Z) _7 N S2 u! F
5 c" k" P: M" u1 VProxyPass / fcgi://localhost:9000/) Y# X. V! z0 v' \9 i
. s) Z. [5 F! Q8 F</VirtualHost>2 u" b, A9 K* U3 d3 d, @! f! W
EOF
- i: Q; @( |; X( S1
/ P7 |! F1 O' [" _) a& E2
' m; A2 U" H- E. R, U4 o i' t3, w+ B% k8 i, W& I3 w
4
5 a( e* F- m) X: p* i( G. t$ M54 w" T& \0 w6 w% X4 v. q% \
6# g4 b- W- _, m+ l0 M e
7
+ j8 r0 J7 M; ]: y8& N# `/ y* }# R8 w
9
* e8 x# O* d( M' p" `8 k10
4 i* }- G0 T4 X5 S# G. O( ^ S11
( ?) m. Q6 J" |1 C12
7 u1 C' r8 V' _13
- R: r) N' K5 N14
- Q- V1 n, d) d3 I9 o15; e6 `6 [ J% q7 o
16
/ C1 k' g7 }) q17% i4 [# Y; Z# E! w. B+ ?5 D o0 x
18' i1 c. g- M. S
19
% c6 E2 [+ _( s# Y. g20
! |8 V' I. s0 M2 J0 ?配置ceph
& d2 s+ ?# ]: d* ~[client.radosgw.gateway]( c2 m/ G+ I2 S& ~% ]5 u' k, I0 P# ]
host=ceph01( J# L- W( t' y; `
keyring=/etc/ceph/ceph.client.radosgw.keyring
0 [" x u) t# o. Srgw_socket_path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock' S! Z2 S" W x2 W) V: T* x' X
log file=/var/log/ceph/client.radosgw.gateway.log
3 p3 c: G/ C7 i# O& B% q+ O" frgw frontends = fastcgi socket_port=9000 socket_host=0.0.0.0
1 J9 N, B" V! D, a" K#rgw dns name = ceph-rgw.objectstore.com' N/ `" e {% K6 Z# Q
rgw print continue=false, e! o# l7 b+ c5 D8 W: d
1% f h1 n+ h6 o9 Z
2
: \7 r# R7 B* I. M) @/ \4 n0 J3
/ c# h+ s2 M$ j/ S0 N _/ x48 a' q1 j' P! M
5
& V$ z' T, h' o& n62 y2 s/ b$ L" i& F$ l. F |
7
$ b1 `; _1 ~4 O8
4 o/ U) B* s6 ]5 s7 T3 j( k启动httpd; u! [/ C/ r3 f$ J# c
systemctl start httpd3 X/ ~) i; c8 w4 l( c
1
% F" Y! t* G1 C9 F7 l: m% L U$ D启动ceph-radosgw.target服务; J" F s) C+ K5 F) s; X3 b5 [5 e
systemctl start ceph-radosgw@radosgw.gateway.service' B' M, @ i9 [( f
1
1 k+ r; Z E+ M验证
4 y5 J$ O. {5 r. a2 Fcurl http://ceph01; \0 }; X" H+ B, h% ]
<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 yum.repos.d]#
3 |$ ]4 j T' m1
5 K% i% s. [" I6 b$ Q2 [4 z2) B/ P0 t) O2 T1 L Y
或者浏览器输入rgw节点ip
( T) U0 `+ \9 F' X6 |# x正确输出如下
) l6 p8 u; p" I" ~) c9 G5 w! w G' b% p5 \
4 k* y! \5 }! l5 Vapache fastcgi方式配置rgw(方法2复杂)' U. p& D" ^% O7 S; m2 c: C! f) g% z
安装yum-plugin-priorities/ q9 t1 W, ?/ d5 V: N
yum -y install yum-plugin-priorities
. B* O9 d# v7 O) R" @+ n1
# P$ C) g+ F s6 T. ?9 y, U, l配置mod_fastcgi的yum源
# j# K4 ?; u& {& o, `' Tcat > /etc/yum.repos.d/ceph-fastcgi.repo <<EOF
3 p, A: F3 P0 M1 B0 J( C! E[fastcgi-ceph-basearch] f% g- Q- j/ k; c: D) [
name=FastCGI basearch packages for Ceph; Z4 [0 l: i8 T. A. v& R
baseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-centos7-x86_64-basic/ref/master/3 h0 @' Y7 Y( [
enabled=1$ Y" }# C9 A9 h1 O
priority=2! Z0 `, a" \. ~+ S* Z6 o$ {# Y9 g% H
gpgcheck=1
! H' n1 m: l, g/ T8 Xtype=rpm-md1 F4 ?; Q% N, O- u& f$ L( x
gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc
/ f6 E$ w* ^4 i5 @& _5 @
% p( S6 Y9 F& A3 h5 U[fastcgi-ceph-noarch]3 D& K B$ l+ u+ l0 u
name=FastCGI noarch packages for Ceph
5 J7 x- Y$ M/ D4 L* M* P1 l# K6 Sbaseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-centos7-x86_64-basic/ref/master/) [2 o! c0 m' W) C3 N% U2 j
enabled=1
( ?% w) h0 _& M2 r: Q7 ]# Q/ jpriority=2" [: V. B+ [# M
gpgcheck=1
" ^4 h5 R l& X7 S, Gtype=rpm-md5 C, G3 q4 d3 g6 w! J3 A d1 G/ E
gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc
7 F" Y8 x9 R3 P! h: b% x& M
3 O! x9 v8 E3 m4 z/ C( ?; S[fastcgi-ceph-basearch]# P- a/ r- J/ S
name=FastCGI source packages for Ceph
3 O6 Z4 d1 T: h5 V# V3 y# ybaseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-centos7-x86_64-basic/ref/master/8 _& [" `! m- b
enabled=1# Y2 j! h# R8 g. I: ~
priority=2, s4 N1 Z- T% W8 {0 ~6 ?$ z
gpgcheck=1
. ?8 X! {) S; e9 L( L1 J7 Ltype=rpm-md
# ^7 H2 e, w% j* H6 a4 O& b3 Zgpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc0 \' G7 `2 l. i* p; k* X
EOF
4 f H3 `( N$ @# y$ K5 E1
$ A9 p7 [; W: E* P& b! k" y6 ]6 x- A2
5 \# _ {2 [. f+ U9 Y+ l. r3
9 ~2 M% K$ h% m% q4 t) j8 R4 x0 f4
3 C5 |. F" r+ p ^. u' _5/ J1 l8 M5 W+ f" U2 t
6( q* D# h: m% S0 _ o
78 x& l% z2 i, Q7 P: y" @: g
89 e) t y( W( h1 ?3 [5 j4 o
9* g1 ]2 x |, F9 p
10
! b% G8 k# S) v" U5 P; t112 ]4 s! ~& G# j
12
1 ~' A8 `/ j7 q13
' X+ T0 s$ u, M/ C9 p& w& n14; `7 l; m e ~. W
15) p0 a6 S% p, j+ d* d9 |1 {
16
1 v6 {$ K$ _- e17
- o9 M* ^2 i2 P1 _3 y# \7 q8 T3 j18
5 h, L2 u& ?* h! v19+ S( j0 V' a/ p; z
203 Q" d3 s+ g/ j) }$ {% o
212 u: o$ f: B& y. v* s2 e$ }* p
225 H% ~/ v1 f3 B' H' M% r& o
231 ]8 V7 i* {* }) o& I; G
247 y6 N5 |! n# W. ] f
257 E0 z. Q; r# D7 |. J
26 p3 V. @# I3 |9 x: E8 a# P) a
27, _8 x7 }) `8 z B9 d
288 K; L( Q7 A. n! }- ~- w
安装相关包
5 ^$ F, ~" n' Uyum -y install httpd mod_fastcgi ceph-radosgw ceph4 S# T- p( h' O D# m' }
1
/ t3 O! m! l2 n配置rados网关
: S! `# A1 \5 }/ V" ?6 drados网关的配置包括apache和fastcgi的配置以及ceph密钥的生成。
4 f$ [0 U+ l# D编辑/etc/httpd/conf/httpd.conf文件以配置apache1 d/ i. @# U, ~0 Z9 j! W
+ S" t/ z% C3 l! ^* t* H
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak+ o7 o& x, M) i4 k* b
1
T2 q I7 |% C/ V9 x7 w设置ServerName = 主机名4 T9 G# |6 g3 ]# i/ ?+ w0 |! N
1
9 A% C: `% W8 }7 p确保下面这行存在并且是非注释状态
2 j/ L; `" X* u P3 X( k( o2 t: q* [
" `( x3 Q7 o" d- n }cat /etc/httpd/conf/httpd.conf|egrep "rgw|rewrite", z5 u% G) N* T& m' n4 V
LoadModule rewrite_module modules/mod_rewrite.so$ t# E: w, d2 f; d8 C$ y
1. f5 S$ A s, ]& r
2
2 {6 F" Q$ D# M编辑/etc/httpd/conf.d/fastcgi.conf文件以配置FastCGI
% p, D3 e# h9 u( `+ |1 ^确保FastCGI模块开启
Z" }; l+ m& Z9 l8 K4 F1 o
0 I6 ]3 `$ F3 E& \cat /etc/httpd/conf.d/fastcgi.conf |grep "fastcgi_module"
) r! T5 I \ ^% TLoadModule fastcgi_module modules/mod_fastcgi.so
$ E+ E& |9 @+ b0 _16 B" X5 G' {' ~4 S
2" n# T& j3 K7 d4 ?' x- Z5 V
关闭FastCgiWrapper$ s( N' E% f# ^% a9 c' w) t
+ T. X2 S- }& G6 t4 m" k) l/ ]
cat /etc/httpd/conf.d/fastcgi.conf |grep -i "fastcgiwrapper"8 g7 ^' A* L. w1 s
FastCgiWrapper Off n' k f |" {5 y+ g
1
1 |8 }% X1 q. C' Y) n; y2) p& {# a6 l. m2 ?7 ~
设置对象网关脚本+ L n. _! {0 r& e- z
, a; ?. ]' o! m5 R9 hcat > /var/www/html/s3gw.fcgi <<
& W+ e+ o! E# t* \1 h8 `$ Z#!/bin/sh' T5 o( X+ b! A, B4 `2 ~
exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway2 V' B3 }( n( v7 p5 R
EOF9 D. E* e1 ^* x2 H
1
) W0 Z. E$ V7 X. D0 B+ a2; b7 D& e! V# z
3" D9 D! H3 x0 l( M
4/ a' m8 K8 o1 ]9 V# N
授权脚本0 o" G9 I7 d1 Z/ L" `& ?- ]. R# Z( E& m
chmod +x /var/www/html/s3gw.fcgi 7 v0 i1 n+ o; w( b; Q
chown apache.apache /var/www/html/s3gw.fcgi
/ G/ V& r9 N( ?1
* r! m( K! [% }2 X7 ?4 @2
+ [ j" H$ C9 g% Q Z0 K在/etc/httpd/conf.d/目录下创建网关配置文件rgw.conf( g' V) @; g! `" _( ~
1 ~ Z, n6 S! u
cat >/etc/httpd/conf.d/rgw.conf<<EOF, J( _* R1 O) N0 p2 K& ~7 h
FastCgiExternalServer /var/www/html/s3gw.fcgi -socket /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
# b9 y* M. Z9 J( |6 t<VirtualHost *:80>
$ ~( Y. o( a, m4 j( z( IServerName ceph01
0 A1 I7 Z; }' |, z! A7 F( cServerAdmin {zhanghao@ceicloud.com}; {, `# _7 G# v. o' u$ ^& s; u
DocumentRoot /var/www/html5 B& U1 N4 C% d5 M h
RewriteEngine On2 d% j! ^' _, T- y% u
RewriteRule ^/(.*) /s3gw.fcgi?%{QUERY_STRING}[E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]8 O4 ^ e9 ?; L! h
<IfModule mod_fastcgi.c>
; n' X3 u' V0 |0 y9 B+ z& t<Directory /var/www/html>
" ^3 D5 m' N8 ~0 nOptions +ExecCGI
# ^+ [% n* x/ E! x, r4 qAllowOverride ALL
8 i. o* ]! E' Z9 ISetHandler fastcgi-script
7 d% V; G7 `0 j! Z7 u2 @& z) w+ kOrder allow,deny) J5 _9 x8 L. Z3 n; [0 e) B
Allow from all
3 Z/ Z5 U: S( }3 k4 v& N2 dAuthBasicAuthoritative Off
8 L# c& }, a( ?* Z, D, q</Directory>3 |9 _& ^* C2 |7 Y) u O
</IfModule>7 G+ u% c; L/ _8 G! w
AllowEncodedSlashes On9 B: @# q) Q; m# r8 _! s
Errorlog /var/log/httpd/error.log
. [& e' j) q% R4 N3 q% P/ [9 TCustomLog /var/log/httpd/access.log combined
# ^, r9 b% Y" B/ L* qServerSignature Off& F8 Q" C6 E( U
</VirtualHost>
1 ]* q, \, @* E. F6 pEOF
7 n! h: ^9 K) Z5 a7 b, |: _16 @. ]- a; r4 x3 [4 x8 Z' g3 S
22 E: Z# a. n8 s4 z( ^! C' ` b
3
3 F! P' n g& J4
+ H' }. I, W2 Z' i) L( `5
! a- G2 n J$ X2 P63 T) @6 N ?& y8 E
7
5 S# p1 c, [( ^8
# T* C) L. N5 |" v97 q( H5 i, ?8 J- [; C, J: L# |* k: s
10# W! i8 R+ z! N; x7 x0 m0 [
11
% E2 Q e: M& }$ m12
' \8 c7 i+ L5 p7 f0 a" ^" Q134 d! e1 c! K" ]6 n7 c
14+ b* ?$ T2 l5 |% _/ j/ M; C r
15
/ e2 O4 r2 u/ T, U" S' r# z16
6 \3 M- o3 g: s2 R3 {17
/ C1 E# t. U1 q3 Q7 a. w7 |0 Z18
# y; c3 g, }( |' [4 I19
' K* K5 A: r: q0 X206 w! D& F* s$ F9 i' {
21
: d( _# T* i) y2 P/ d$ ?22
) u* T1 S, J9 \( y/ \, X2 |23
: x) b# G! C" s- o( _ y24/ Z! ?; ^) z, i3 _
添加ceph配置1 O2 v& k4 b* T: B/ d
给ceph添加一个网关配置,添加如下配置到ceph monitor节点的ceph.conf文件中, 并将该文件移动到RADOS网关节点。确保主机名是RADOS网关的主机名。5 d6 B* |$ a6 w7 Q, m; M2 D/ |
# v/ L$ N; P+ o3 s/ e7 e! k
[client.radosgw.gateway]
9 b( ]4 C; ?4 _0 i' lhost=ceph017 {9 J* N2 D& ?% J5 V( ]: J
keyring=/etc/ceph/ceph.client.radosgw.keyring& j: V8 W2 o# A4 k$ {
rgw socket path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock& {( K# O9 B0 E w" Y! [- W
log file=/var/log/ceph/client.radosgw.gateway.log0 {2 P. o: Z; y2 Y) P
#rgw frontends = fastcgi socket_port=80 socket_host=0.0.0.0
; F6 Z& {% D% j+ p3 a% [rgw dns name = ceph-rgw.objectstore.com
& Y1 m" _ v% U( n- }rgw print continue=false/ s9 s6 V2 A* c2 C
10 ?/ v' ~5 ~0 _6 v7 F& r* k8 b' M) h
25 M0 q0 C6 v; F7 z* W4 }& }+ ^* g$ F
3
# z! x+ K/ q, |4 _4( G# x* M! G$ Q$ P! e
5
8 s7 Q3 E% y% F- t61 @9 @1 G5 S% `; k, ^, g
74 M$ I' x$ }5 [- F7 A) K
8/ r. t5 Y8 t( a, O5 G% C
设置文件权限
- R4 s. {8 N- T, w调整RADOS网关节点上的/var/log/httpd、/var/run/ceph和/var/log/ceph这三个文件的所有权和权限,并设置SELinux为Permissive。8 {2 P% W. c5 Y
1 [7 ~9 t3 \& b$ m2 J/ Echown apache:apache /var/log/httpd/8 |7 U/ i) D1 r- V+ B0 r
chown apache:apache /var/run/ceph/; j1 r2 }) h. b0 I! O
chown apache:apache /var/log/ceph/3 H$ E5 z% N/ J6 ^9 p
1/ Z; j& r9 l: c1 {; X& [! {2 Q
2
1 B3 x6 y4 E& A0 G3# @7 y9 b ] L# w S6 V* e) ^. ^
启动Apache和ceph RADOS网关服务,忽略遇到的任何警告。
2 d% O& O. Z# i3 K, u0 c! @( |" k. H6 N7 Z# E' [4 B
启动httpd
8 l+ x: ~' a8 k' Vsystemctl start httpd
0 L: P- H6 o' V* a) V6 o1
/ A. T, d6 B4 e6 }8 i启动ceph-radosgw.target服务
) C8 g3 Q2 \( n2 r# h$ ksystemctl start ceph-radosgw@radosgw.gateway.service
% R- C3 d4 \& c4 `7 y$ y- g1
o, Q3 s4 g2 O* B& i验证
9 s }3 C6 c" ~' n( G; Tcurl http://ceph01% m8 n& x& U) |+ D c# }
<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 yum.repos.d]#
! i6 k5 e; k3 b& T, ?6 a0 s) Z$ v' j1
7 Z% n' C, `( @+ \0 u% {29 l. S$ E3 Q% h* ?
或者浏览器输入rgw节点ip3 S- m0 R6 `2 a" d6 B
正确输出如下
$ X5 N+ I. d) w% x3 k
% j) _, B/ P2 @, A
8 U$ J0 w- c4 A& n2 M3 rNginx fastcgi方式配置rgw
- q% |) P1 }3 _. Y) r8 ]4 n添加ceph配置
& B7 k( H9 p2 E: \- k8 Z( H给ceph添加一个网关配置,添加如下配置到ceph monitor节点的ceph.conf文件中, 并将该文件移动到RADOS网关节点。确保主机名是RADOS网关的主机名。/ h+ Q9 x' F1 x! a9 h1 [
7 V; [5 L4 h6 u& d: C& P- n: b[client.radosgw.gateway]
; W. {6 _) v; M- p7 shost=ceph01* g0 w! P6 B+ }' u; j, I9 g1 q1 \- |! l
keyring=/etc/ceph/ceph.client.radosgw.keyring* T7 e! O6 {2 o* N, K/ W
rgw_socket_path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock1 L) Q5 O. z, n8 j0 @. Q2 r
log file=/var/log/ceph/client.radosgw.gateway.log
$ I/ p2 g1 g. G) h7 Xrgw frontends = fastcgi$ }$ q6 h1 ^' {* M+ x4 _
rgw print continue=false; d/ Z0 @" R# M( {5 B% Z4 i
rgw_content_length_compat = true
3 L2 t7 }: ]) t! \' c+ y1
% V Y/ h0 e% V# v( R7 y2 ~8 \2 M+ k% m
3* o1 g9 s) l8 m% B+ j
4* U! c$ _6 b* }" R9 P5 j8 E
5
1 ^) K% i3 O: I9 R2 Q6; `9 n( ]3 p7 H6 Y: g
7
' e9 x9 z8 T, J' Q8
" U* J/ b+ G4 H2 T, w4 o# ]+ \安装nginx% J! Y) Y. `$ a4 Y$ W
yum -y install epel-release
' s4 S0 N) | w& Y4 iyum -y install nginx
N; x9 w* z4 {$ L1
* R" S" r( m, {2
- M, j' d( _0 t" T7 @4 q配置nginx v/ u+ Q' f4 d2 h J$ }" | I" P
配置nginx服务,在/etc/nginx/nginx.conf文件的http段下添加如下内容:
5 a' u9 {* ~$ E
! g; X' q% E7 V4 q% L! \9 uhttp {# P+ y" y8 ]5 \; U& ~+ Q( i: K
server {
) y% e' B1 o- R. F& } listen 80 default;
- W0 ^) _4 o$ L+ t server_name {hostname};
' R' k% t/ u$ F8 C7 R! t( e location / {, O4 O3 l& Z9 F, o x* n( X3 C
fastcgi_pass_header Authorization;
6 U) W4 M5 l/ p6 ^! h( X fastcgi_pass_request_headers on;
! e4 ~' f+ m* W% R/ x fastcgi_param QUERY_STRING $query_string;2 I( O2 t: `2 o
fastcgi_param REQUEST_METHOD $request_method;
3 E, j+ t; d% G; g fastcgi_param CONTENT_LENGTH $content_length;
T& `. m! y5 ]5 I/ v3 h# [$ d fastcgi_param CONTENT_LENGTH $content_length;; d( ~& _" }* b2 c6 b) S
! c. c. B& X0 f; j% G' R( Y
if ($request_method = PUT) {
- e6 H! w) w3 W! q rewrite ^ /PUT$request_uri;
s+ G* J) G5 R0 ~- v }( }4 z8 M, d/ ]( B" ^* w
9 S/ l3 T8 G: y* D- V1 ` include fastcgi_params;) j2 s5 ]& e; O$ b) k5 U+ x" g
fastcgi_pass unix:/var/run/ceph/ceph.radosgw.gateway.sock;
9 ^* F2 v% c! Y! c `# P7 T+ T }. I. q# D) D$ a6 U% M
- b1 [: S$ J, _# C9 p. a. j6 ^
location /PUT/ {3 t2 U: p% i% Q2 D$ k/ [
internal;! ?# I' m, t9 v6 I* O$ D, M
fastcgi_pass_header Authorization;! U" R* ] D7 i2 ^" E
fastcgi_pass_request_headers on;7 |2 k0 P x6 `
: M- [0 m- J: u# o
include fastcgi_params;" C" j* G! k! T: V3 |8 M
fastcgi_param QUERY_STRING $query_string;& f6 x8 h( V' X: @* f1 C3 d, d- V
fastcgi_param REQUEST_METHOD $request_method;( y0 u, g, ` `" |
fastcgi_param CONTENT_LENGTH $content_length;
" F9 e6 s7 P* H8 Z- R4 O# W! R fastcgi_param CONTENT_TYPE $content_type;4 s! F" y4 P6 b3 @
fastcgi_pass unix:/var/run/ceph/ceph.radosgw.gateway.sock;
6 Z8 }' A: N; s; w. \ }
' @( u. B$ }3 a$ f9 P" C}, e$ G, ]- H4 U- Z- a' j
- z+ A* b1 Q" j5 \
w4 S3 m* F6 }. r+ d
注意: fastcgi_pass 指向的路径需要与ceph.conf中配置的路径一致。& p$ j/ V, N& c) F
修改nginx启动用户3 M1 B. N+ [( i0 Z
编辑/etc/nginx/nginx.conf文件,修改user为root( F' L. p$ V0 Z4 O4 _ s+ O
2 @+ V+ \, N* Q& F
user root;
d4 Y5 S$ b9 d$ h4 ^
- O3 ^* S$ I7 p2 f' m9 G. C启动nginx
8 ?* l5 s( W& b b4 zsystemctl start nginx* u# i" l1 L1 I2 `# f" J
( ?: i8 S" y1 t; ~4 A7 Q7 N# Q
cat /var/log/nginx/error.log; {3 D) l- V# W
2020/11/03 15:19:09 [crit] 26789#0: *23 connect() to unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.229.114, server: ceph01, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock:", host: "ceph01"- p# u7 T( J+ ?8 V: l, F' Y- R
6 b' s' \7 Y" e3 Y: y$ L验证
$ P* m2 f: L% Y6 }+ X4 h/ kcurl http://ceph01
. f3 U4 x5 c" W1 a, E<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 yum.repos.d]# 5 @+ c! s0 A" n& L2 R
; q1 W+ S, U+ X8 `' m, v1 }" X或者浏览器输入rgw节点ip5 @1 F$ F* K J7 m2 ~
正确输出如下! D2 R) p! N0 s2 `
# |; X: B. T; Z) Y, D. x8 j& H# `8 D
报错
' k. j2 o- ~! s; {3 ~配置nginx fastcgi rgw时候权限错误6 P* D$ _; j! o$ k. k
curl http://ceph01' t( n2 W( v4 F7 _& S7 H" [) R
<html>$ r% X, _/ H/ { A* E7 V2 s( v$ v
<head><title>502 Bad Gateway</title></head>
; g$ g" N8 H" m1 u7 S$ \: D<body>
- Y" v( b1 \+ `, K1 ^8 ]) K<center><h1>502 Bad Gateway</h1></center>
$ D$ w. P% y9 l/ }" o<hr><center>nginx/1.16.1</center>
; M, f0 J, R" }8 s$ {/ Z</body>
: ?0 ?) ?5 o, t. V</html>* I: ]0 j V) `
: K- [ d' Z6 Pnginx错误日志
* \; `4 O$ K4 _8 S0 C5 H5 ?" D9 T
2020/11/03 15:19:09 [crit] 26789#0: *23 connect() to unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.229.114, server: ceph01, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock:", host: "ceph01"
# h, I% G* y! M! _1 G
) X" O, ~( |5 \解决
: [! H. Q4 J! [% A P, L7 S% A修改nginx启动用户
: H# A& t4 O; ?: B! B+ X编辑/etc/nginx/nginx.conf文件,修改user为root
/ U$ u7 o7 G# r" _7 m# l. p3 A7 o G
user root;0 L) z1 W s* F1 o1 J
' P: m7 e7 Z, f2 P1 u1 X( G9 h) i& E/ I
重载nginx配置/ s5 M6 ?2 k$ p
- W* W" N8 j# ~+ H c
nginx -s reload
" y' y: B& a! Z4 J% d, e8 |) ?& x+ H
8 S, L. C( z; X& G2 v4 Uapache fastcgi配置rgw(方法2复杂)报错
z6 e" H. u6 T: W/ U0 \curl http://ceph016 c+ v5 I3 k% ?. K
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
7 p- B) @8 |+ z9 N/ H9 U" c' I/ Q<html><head>2 E! J- ?$ Q3 O; e8 S- z
<title>500 Internal Server Error</title>
8 _2 P$ q9 J7 \! A S</head><body>
: [4 p2 k W& Z, D<h1>Internal Server Error</h1>. T7 d) y! u9 E: g7 F3 @, w
<p>The server encountered an internal error or8 D' z$ h% `4 K' H# N* [! I
misconfiguration and was unable to complete. O! u/ K4 I) x' R& ` {! [
your request.</p>0 z# n1 G' n7 {! W% `+ ~
<p>Please contact the server administrator at 3 O$ s: i2 o1 A# w( E9 ~, ^5 M
zhanghao@ceicloud.com to inform them of the time this error occurred,
P: x$ I+ j, M7 h" }0 z, r/ k and the actions you performed just before this error.</p>
% ~+ p# i. b+ c! F<p>More information about this error may be available+ W3 t) \, e9 O6 R; [; q% a* r
in the server error log.</p>5 e% O2 G: w" M4 S% N0 F
</body></html>/ G) D5 B# m7 b& _0 c
' P: ?/ `! @4 Y0 H. W0 y# Z+ w
0 z" j) w# X: {+ m
[Tue Nov 03 15:31:06.955924 2020] [:error] [pid 28243] (13)Permission denied: [client 192.168.229.114:36712] FastCGI: failed to connect to server "/var/www/html/s3gw.fcgi": connect() failed5 k' w1 D& R+ B% H' [/ d
[Tue Nov 03 15:31:06.956045 2020] [:error] [pid 28243] [client 192.168.229.114:36712] FastCGI: incomplete headers (0 bytes) received from server "/var/www/html/s3gw.fcgi". i) S" P4 W2 q$ [& e+ R- S
/ c$ w3 m9 j! s' P+ ]
3 E. |0 I$ y V* h: W: h! ~5 {授权; ]; f& O. B% R' T; y( o o
7 B8 L t, C- R( @) P, C) p7 |chmod 777 -R /var/run/ceph/2 F# N* h. X. A5 h1 [/ e1 ?
) z5 ` o* L1 K7 w* ~) }5 ^. [换了报错,但还是权限的问题
' ~6 t# G- l6 @/ \+ A. D
# [. ~0 t, `0 M4 k$ ]4 |[Tue Nov 03 15:39:19.598498 2020] [:error] [pid 29128] (111)Connection refused: [client 192.168.229.114:36768] FastCGI: failed to connect to server "/var/www/html/s3gw.fcgi": connect() failed
6 b |$ Q4 w/ c[Tue Nov 03 15:39:19.598595 2020] [:error] [pid 29128] [client 192.168.229.114:36768] FastCGI: incomplete headers (0 bytes) received from server "/var/www/html/s3gw.fcgi"6 D6 ~+ Q1 i# w5 Z% ?
( E& W4 M" I9 X* j9 Q6 m# i! m8 `3 x( `
检查httpd的启动用户,发现启动用户不一致
0 _6 L G& X$ Z* V8 V+ t6 m
' r0 ~# Q% S9 b' w9 Q8 J0 v[root@ceph01 yum.repos.d]# ps -ef|grep httpd5 S% w3 b7 T' J+ R; P: p$ l0 d
root 29125 1 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND# n3 p% e' D# j A* @5 \/ c
apache 29127 29125 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND" {) t D1 o3 q: h! ? }
apache 29128 29125 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND& d9 T1 e/ g+ q
apache 29129 29125 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND$ H- g3 s$ R7 d# F6 X
apache 29130 29125 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND+ X2 W! x6 b% s9 A3 {
apache 29131 29125 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
7 g: g- X# N& H" C- f* `root 29414 12349 0 15:43 pts/3 00:00:00 grep --color=auto httpd* S: Y3 f4 W: `2 o
& q; ?7 Y: A( u) R: `
解决:9 W3 R: |& O. M* W& O7 a) G
用root用户启动nginx
* ^6 e9 \9 [" {- D- _具体方法百度,但不是只改配置文件User Group那么简单。( K9 T: `" ?& L! h$ R
3 _1 K" y* U) o+ l* G
创建rados网关用户
7 q( i' Q8 j* N* s% s要访问对象存储,需要为RADOS网关创建用户。这些用户的账户将由访问权限以及密钥标识,客户端可以使用这些账户来执行ceph对象存储操作。; b6 T0 {8 ]: R, c
, P7 t1 @1 H6 ~5 c( ]7 `
复制ceph密钥
6 s5 F/ q8 Q L从monitor节点复制admin的密钥到rados的网关节点* Y" m: ?1 W+ E+ t7 p8 M
v" i5 i# u" A$ b" X% p! j/ r+ o8 Oscp /etc/ceph/ceph.client.admin.keyring RADOS网关节点ip:/etc/ceph/% z" j7 y, o( L
% y( Y$ ]( I5 c& ^6 r; e; S
从rados网关节点执行命令确定集群可达7 A# P- i" G6 A5 c0 ~, l) S
ceph -s
: P1 \' F5 s, i5 [/ ?
3 q* |% N4 Y8 P) V+ O创建rados网关用户
2 u, T1 q- a4 {- C. X, N% j; K8 l这是会生成该用户的access_key和secret_key,这两个密钥用于访问ceph对象存储。
$ Q* O0 |- l- m9 I9 x! }
6 z8 _7 k% t+ E0 b g, I6 Xradosgw-admin user create --uid=mona --display-name='Monika Singh' --email=mona@example.com
: R6 t y. l) q% d5 Y: h输出
% Z: w" n5 Y( u- G9 Y1 w{
4 e; n3 ]+ h+ k "user_id": "mona",2 C9 f0 J2 X4 n* p" [
"display_name": "Monika Singh",$ M1 g8 e9 \! p0 w- @
"email": "mona@example.com",
& P, J4 u: {$ d# `% \ "suspended": 0,1 E' y5 d! P: J6 @0 ^
"max_buckets": 1000,
! t- n5 c- _) ~) _9 S4 H, v. p; _ "auid": 0,
7 I& r7 a. a/ N6 ` "subusers": [],8 N$ b/ n7 v+ P& S! ^% w
"keys": [, R9 R* \# y5 y5 O: b
{
" y; w; y+ K3 f( u1 h* k% j "user": "mona",4 U9 ~0 N+ V* O; W; l
"access_key": "JDRTJS0766NOL89YXR8X",: t( ?9 q* f# t4 u) k. `
"secret_key": "Sg6QTkXMs79epxSUEvwFmjVNWgqvWI2Jkll4KiNQ"
, ?/ O2 u! w; v. M5 x, {$ _/ t3 z }$ B* }4 b% e5 Q/ t
],3 n7 x: E% z5 I1 [+ X
"swift_keys": [],( I) `$ o: J! f! o0 l
"caps": [],: T+ ~2 j! ?% O; y
"op_mask": "read, write, delete",7 S2 m: y6 Y4 p6 V6 @
"default_placement": "",
9 ~' @+ X% H1 _4 x8 H "placement_tags": [],# s! `% y1 j0 r, e* _, A
"bucket_quota": {
& f3 X0 P; v! v& }" n "enabled": false,2 o' K' }2 f) N2 H7 F) d1 t( q+ j
"max_size_kb": -1,
* ?" d8 s. B! ~8 I2 d7 ] "max_objects": -1
5 l1 W! m8 _& I p },
. \) I% \9 {/ P9 } "user_quota": {
. O- |6 N2 k/ J' }9 B: \9 i2 v "enabled": false,
* y; h6 r; Z q. Q0 b2 _ "max_size_kb": -1,& O2 U/ f K5 b0 \1 D
"max_objects": -1
) H1 ?8 ^7 |. k0 T7 S },
/ B6 y2 j2 U; p5 h7 f "temp_url_keys": [], i2 }4 ~- j h9 C9 \, {
}
$ _9 I2 o+ A' n; P* |
0 J& [9 F& U+ t: m( A L7 f说明:执行这条命令之后会自动创建存储池,创建的存储池如下
' R' A: [/ I1 D9 m6 r, \% A- ^5 v2 y* y9 G' s! K3 X) z6 z
ceph osd pool ls
* ]! U( m: i/ @3 t6 {.rgw.root
4 u2 U, {* S! t" ~ M+ ydefault.rgw.control. h+ ?6 C. N9 ^, [
default.rgw.data.root
, m+ |. G0 P7 R( _default.rgw.gc' d2 Z% P6 j7 L: t
default.rgw.log
# Q# k3 D; w5 kdefault.rgw.users.uid
, _- e* a1 ~" Hdefault.rgw.users.email& N/ ~/ n: X/ c3 _& D3 p
default.rgw.users.keys, {: ~8 A; ]9 u5 p Q
+ d- [4 M& ?" H+ Z k% ]
创建一个mano的子用户用于swift访问
1 J2 E- Q' i- b. ^5 D4 j, Y8 M5 Hradosgw-admin subuser create --uid=mona --subuser=mona:swift --access=full --secret=secretkey --key-type=swift6 m3 g" |, w5 x6 [! } c
{/ G; K: E6 V7 R& M7 D6 ~0 \( a, m
"user_id": "mona",2 f6 n1 s8 l) S$ p
"display_name": "Monika Singh",+ T- i" m. q. D$ O" j9 J7 k0 H
"email": "mona@example.com",
- G( \& g# ?) I; P# [ `7 l "suspended": 0,& m: ?( l4 v# [ L l# R# k
"max_buckets": 1000," _! V; M% S$ M; k
"auid": 0, @1 l& l! g& `# Q/ D8 I- ]
"subusers": [6 T, s! M* ]/ \: U9 n
{/ H* B6 ~3 h g0 Q3 N
"id": "mona:swift",: Z' ]! H }' D3 `. d% c% j7 a
"permissions": "full-control"
+ V: S0 ]& o% P6 I6 @ I" R }
. D! @, V: P! ~: r2 n: d( U ],
' o$ f9 m- @& ^ "keys": [
7 t# Z3 E8 K2 D) M! a0 A {
# B. q4 \0 Z& W9 Y3 G "user": "mona",
: q' P% P4 r! x M+ ]& D "access_key": "JDRTJS0766NOL89YXR8X",
) m( \3 Z, ?9 v9 B# R "secret_key": "Sg6QTkXMs79epxSUEvwFmjVNWgqvWI2Jkll4KiNQ"6 V) K! Y; l; q7 ?; p, k
}4 ^ n2 }* J1 _; P1 p) R
],
Q) N) c5 r8 z' c, u" ]# f "swift_keys": [* @; I: X. A, P* S
{
# l, @- J6 `/ e5 S \) e! z "user": "mona:swift",) P; A( A+ ]. J' N3 B+ W0 X& x
"secret_key": "secretkey"$ ]9 l/ o5 C' S
}
: v( O, r7 @" \0 V q3 o ],
- _8 D' X. a0 L6 H& ?# u "caps": [
$ a8 ^+ j2 l4 i* B) H {* D$ b7 S8 P) F) m3 g% g" O
"type": "buckets",' j% O, I% ^" a
"perm": "*"
" D1 Y: i0 V! ?3 {3 X },& U5 t( {7 A# V* o4 ~7 }% V! _: Y* [
{2 O+ i4 e5 k( x8 B4 X0 s5 P
"type": "metadata",
" p0 m" w2 D9 b "perm": "*"
1 u. o0 O: O6 q3 P; N1 m4 l, ?& U },
; u9 q9 f' E- C( z {
1 ~5 F r; q. a- N "type": "users",
. ?1 n, R: g! g% C "perm": "*"
/ @2 s( @3 K N2 [8 A) H },/ j4 A' }# c$ s/ U: U8 ~
{
4 O! S5 C# `0 x* ]9 R$ F% Y "type": "zone",
- q- x V4 G, [, {* B "perm": "*"3 q' C- z( u9 @& b; K3 h) X9 Y
} w; _: J" \" b; K w
],
- J E1 c3 T) Y& I "op_mask": "read, write, delete",
4 b/ t0 ?8 N# X6 ^ u8 E "default_placement": "",
% ?7 E+ A2 H7 i e1 j) t. Y% P "placement_tags": [],
$ X$ V) R/ b' f) F' G# ^! P "bucket_quota": {5 i z) d3 y# \( l/ [
"enabled": false,
$ P- r8 j- P& F" i; S6 u "max_size_kb": -1,& w3 e' i7 R0 C2 i* P
"max_objects": -1
% N8 ]) r2 g, G( k7 D },
& t" I) u9 Q2 r9 M "user_quota": {
# ~. t$ C. i* C$ g "enabled": false,6 \- R9 }! e) z( m
"max_size_kb": -1,
" |1 D8 J* \2 a' ]! f1 S "max_objects": -17 O2 v. k. u6 ?, l* d: w& m7 H! A8 v
},
3 A) X0 t7 L7 K/ |& X& O/ f "temp_url_keys": []3 q6 `" O8 L( v% Q7 A
}! P7 `2 w6 f; ?/ t, i( O/ ~$ @
/ K+ H0 w! M9 w8 ~* }% T7 L
为访问用户增加必要的能力! a1 U7 P. E) _ _6 S( S
radosgw-admin caps add --uid=mona --caps='zone=*'
0 x3 x' \: K- d( w5 ^# R输出
: L' ?: |2 G' @' J3 T" I{: h5 x4 w0 T& q9 t; Q
"user_id": "mona",
' a8 B6 W& w8 E# I; r; q "display_name": "Monika Singh",
) {" ~' {$ e8 }8 Q8 ? "email": "mona@example.com",
5 k( c4 v3 [# x4 s! k "suspended": 0,: r+ q+ U4 |8 [! j, p0 s
"max_buckets": 1000,3 G) J$ q( B! q, ]# h
"auid": 0,7 P9 K; @1 G. c+ E6 ^
"subusers": [],
3 e# j; f# e" A2 g, k "keys": [
k# W/ Q# }; F+ i _ {% J: G# A' D1 l/ T- O& c, B
"user": "mona",
- _3 o9 f2 F6 m9 ?) Q "access_key": "JDRTJS0766NOL89YXR8X",0 c( f" A' H/ D5 }1 `5 B( o( A
"secret_key": "Sg6QTkXMs79epxSUEvwFmjVNWgqvWI2Jkll4KiNQ"
: K; Y- p1 m- o }3 i( S k2 q: s* i! V
],
: Z( O. b! K5 @ Q* E$ b5 y3 B& R "swift_keys": [],
1 F' ?5 X3 F5 H! }. b$ C "caps": [0 Z+ |2 B4 U8 |7 D( ?+ g
{
a/ ~* Q* T6 M1 S- i) m "type": "zone",8 M0 c, p; D! {: U* s: x" \ Q
"perm": "*"
4 O3 k7 C% k4 f }
% x7 c$ i7 H8 x ],
- Y0 t9 [+ X. K/ B5 Z "op_mask": "read, write, delete",$ K. {; ~- A' {& F+ |) i
"default_placement": "",
) m0 Y/ |" p0 y$ D "placement_tags": [],
: t9 N2 e# u! C* {3 [- K e3 P5 L "bucket_quota": {. V! V0 `. k5 i2 d1 Z- x/ [2 D
"enabled": false," M6 w6 m& R$ |/ ~ h" s$ @4 O
"max_size_kb": -1,6 x' e) Z" }' S( G) ^9 A
"max_objects": -1. ]/ _: e0 b5 b+ o
},
* p0 L- G& b% p& a/ T+ J "user_quota": {
' H. K. g3 w9 O) y: h "enabled": false,
+ ~3 j; @! [; y% U5 u "max_size_kb": -1,/ c( |; ^+ a- ~4 `9 d' c. g
"max_objects": -1
' @! d3 d2 |1 F( q2 b% A: R, M$ { },7 N6 t D( K G7 i, A
"temp_url_keys": []
% X4 b. c1 U! @/ y/ e}3 R% b( L& S/ V2 v) p4 F; g
& f9 ]- e" _( ?
; s, F2 q6 \9 J# I6 Y) [访问对象存储(IP方式访问)
0 J' K* U. ~) L) f- ZS3 API访问
1 i; R* G2 u: R7 l, E+ ]- n客户端安装s3cmd/ n: s, M! G% g O0 F8 T9 X
yum -y install s3cmd: g8 b. F3 D# k% L0 M: D4 m9 D$ V
3 L ~ a9 n6 y A6 ?9 {! n+ z生成s3.cfg配置文件$ U, [3 P# W; u0 a
s3cmd --configure
# A1 ^; L" t. c1 @9 ^. J
l( R2 L& D3 m x, OEnter new values or accept defaults in brackets with Enter.' U% r/ Q1 `0 V, B3 Y, R# L/ @
Refer to user manual for detailed description of all options.+ M; `+ u- D N4 d
, c. ]) M2 M- J& A# v) i( T tAccess key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.+ s. [0 ~% j% d! F4 N
Access Key: 1F0D2GRLPRU9ENSB689J # 粘贴服务端生成的Access Key2 T o( s% c3 R% n$ V! c, J
Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4 # 粘贴服务端生成的Secret Key
) a! N7 t3 ~4 `Default Region [US]: # 直接回车即可
, {9 T* P* q$ Q& u! I z+ m0 {- n6 q) P: T, Y% X$ l
Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.) e0 E2 K- R8 y, p( M. ~
S3 Endpoint [s3.amazonaws.com]: 192.168.229.114 # 输入对象存储的IP地址
, ~; H6 ~# B) r5 Y: j) e& h" W/ |, e8 b+ l% h& c4 h/ A0 N. W, p
Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used$ ]! d% D0 t. g8 K+ s
if the target S3 system supports dns based buckets./ r; I( p3 B+ W) h; Y/ q
DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket).192.168.229.114 # 输入对象存储的bucket地址) Y6 S( R3 n& r
U% O4 f6 a7 ]# G2 \Encryption password is used to protect your files from reading
" A7 k- X( \) p( u1 E# D/ Y) Mby unauthorized persons while in transfer to S3) q4 N2 ^9 ]3 F% l! F" h
Encryption password: # 空密码回车+ { ^, p. [2 ~% x$ O: k. s
Path to GPG program [/usr/bin/gpg]: # 回车& N" [2 J" w$ I
1 R1 P% h* i% h" {! U
When using secure HTTPS protocol all communication with Amazon S3
" m1 f5 u: i, u7 w; i# Gservers is protected from 3rd party eavesdropping. This method is
7 P, G' Z8 f: e; {0 nslower than plain HTTP, and can only be proxied with Python 2.7 or newer
! F7 p- ~1 i: RUse HTTPS protocol [Yes]: No # 是否使用https,选no
" g+ i) b; B6 d/ b) {& n. ?0 k5 Z' [3 N$ g$ y
On some networks all internet access must go through a HTTP proxy.5 @: h) ? ?* {# A2 b, e( M- s
Try setting it here if you can't connect to S3 directly& C4 E' \1 ]% |2 q( p$ `
HTTP Proxy server name: # 留空回车
; F& z% a/ S+ o& `% S$ O
o: n |& G' L' nNew settings:
; m O3 i+ g/ B- g2 W Access Key: 1F0D2GRLPRU9ENSB689J2 V0 V. ^1 X% n. ~9 @
Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4
( {/ q' ?" [; j" @ Default Region: US& V- d9 ?) B P: r. ?
S3 Endpoint: 192.168.229.1149 r* s7 c- P) E/ ]4 Y9 y! {
DNS-style bucket+hostname:port template for accessing a bucket: %(bucket).192.168.229.1141 t3 M: E, ~' ]- G; s1 l
Encryption password:
( Y1 b0 Z8 ^9 @ Path to GPG program: /usr/bin/gpg
6 U; q2 ?, z4 O& T0 l Z Use HTTPS protocol: False
! I! V6 p7 a7 ? HTTP Proxy server name:
, [$ @3 Z6 @% ?0 j6 i HTTP Proxy server port: 0( ^( _& I3 n" K
8 m) @" x; U6 e5 d8 C$ e9 \
Test access with supplied credentials? [Y/n] n #输入n
: C) P$ N- U! D5 a& \/ t' x' L8 C" u! i& b" M7 l0 ^
Save settings? [y/N] y # y 要保存配置文件
( {) b3 c1 o* M! `Configuration saved to '/root/.s3cfg' # 最后配置文件保存的位置/root.s3cfg" v* b8 u7 a0 i; C
& v0 M3 p" X( d6 H
4 l8 W v* T8 h6 |+ B* s生成的s3.cfg配置文件内容如下
* |2 C/ a% T, G2 ~) C& Ucat /root/.s3cfg ; g. J+ J- F) p
[default], |5 y0 R0 M' U" W- A- Q
access_key = 1F0D2GRLPRU9ENSB689J
& P3 |9 T( N& J4 L$ vaccess_token = % q2 {, R# z S! d
add_encoding_exts =
9 ^) m" ?' A( l1 F7 Madd_headers = : b M: [# Z+ M7 |" @/ V) V
bucket_location = US- _- ~5 W& c& S4 K# d, _
ca_certs_file = 6 d& r2 A4 j+ \3 A; A
cache_file =
' t9 M. C# |- z( T2 V) Q6 y" \( Zcheck_ssl_certificate = True
1 k/ | G6 p9 X D" Pcheck_ssl_hostname = True
J' p) f1 s) F* Q6 {4 t( Zcloudfront_host = cloudfront.amazonaws.com
, ]7 [ u( W2 R" m6 i1 \connection_pooling = True7 u0 p' j1 q8 T+ ]' |
content_disposition =
( a2 X- ^1 ~1 e" U8 l* Rcontent_type = 4 e8 U: _ Q# G, k( o- n. {
default_mime_type = binary/octet-stream
4 w |$ \, c( S5 P( bdelay_updates = False. H. D: ~$ a W3 {, h! X7 y
delete_after = False/ U# N. ?9 u- [
delete_after_fetch = False
+ m! S& V" e# y I8 J* A$ Idelete_removed = False
# h3 k0 V$ x/ R D3 `3 t2 adry_run = False1 \# D% U) v+ G9 n
enable_multipart = True0 h4 r' |6 |0 h4 C7 h, B
encrypt = False8 o8 Y" y: m$ }2 m
expiry_date = # {$ h7 S V* L' i
expiry_days = " g9 g$ T; R2 T5 t! K+ J* t
expiry_prefix =
6 [% F6 z3 w# [+ [, wfollow_symlinks = False1 X M7 c ?# Y
force = False
w+ R) n2 H$ w3 l- ~! ^7 w6 x# I5 tget_continue = False
. F; [: m: d4 N1 G tgpg_command = /usr/bin/gpg
3 S4 ?7 j0 W) j; _8 i8 \gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
" o) V3 z% i& I0 a3 j: ^- Sgpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s$ Z+ h1 q, `' Y
gpg_passphrase = ' V' Q9 \; Z% _ |6 n% y
guess_mime_type = True
. s v6 r* e2 ]host_base = 192.168.229.114/ a' X" u9 i; R
host_bucket = %(bucket).192.168.229.114 _4 P5 c2 w& O, b
human_readable_sizes = False+ H- n, S- X/ q- W6 U' ?
invalidate_default_index_on_cf = False
# o; H! y8 H f; g+ Jinvalidate_default_index_root_on_cf = True
* P0 ?, ^6 b( J+ a. p. k7 jinvalidate_on_cf = False% c' K6 r; I J% {- Q
kms_key = ! X! @# i2 w7 T1 {8 X" h" z
limit = -1- n; L& ?& k, p6 r1 P% ^7 E
limitrate = 0! _- G' ^' R/ `: q) z$ }1 R1 {5 e
list_md5 = False2 U7 r3 i0 Z/ P) w( {3 j/ R
log_target_prefix = 1 t5 q$ ?0 i# S) t8 |
long_listing = False* h: J( h* P* ]5 _
max_delete = -15 C. H$ d/ d( @7 Y/ b# p; F. \
mime_type = 7 g V. B5 z( l1 v
multipart_chunk_size_mb = 15; a- ], q- h) B( y
multipart_max_chunks = 10000" D# ~1 b- T1 P
preserve_attrs = True
3 g {$ a P3 [+ M* J, k2 J1 R) cprogress_meter = True# T1 J0 g- S4 b$ S
proxy_host = 5 f; D8 F( R6 Z2 t
proxy_port = 0
, e: e1 e" U. Q# t1 q* H) E" Vpublic_url_use_https = False
& h' ]/ o$ v+ J R; i. j5 aput_continue = False
+ h' n4 Y* u* ]4 ~* k' Arecursive = False
3 A& S! H& b, frecv_chunk = 655366 L) M! J& ^/ x- j0 j S$ ]& p( t
reduced_redundancy = False# x& M) u7 f1 h0 \. c
requester_pays = False
0 a3 k! }) ?' W5 u# ^! L$ Urestore_days = 1
" }( R7 r1 ]! v( i. A( Urestore_priority = Standard
% o/ \+ P: l, U5 [; hsecret_key = M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4; H) _: X6 P) B0 D, s/ o* g3 `
send_chunk = 65536
* `8 P( p! M: g! y3 i2 ?server_side_encryption = False9 r2 m( }# {7 G: D& S2 _% _4 o
signature_v2 = False
9 ~3 _" _ n9 d7 B- _. Isignurl_use_https = False' _ ~# f1 t8 z) r1 `1 A
simpledb_host = sdb.amazonaws.com" L m& c/ a' F; J8 t' K5 S
skip_existing = False
: I3 E! ?7 C$ n6 L1 F+ n* wsocket_timeout = 300
: v" m1 t7 I; i# w) Estats = False
. d0 ^$ f" |/ Sstop_on_error = False ?( _" j T7 R( ?* \5 N7 F$ W
storage_class = 6 H& M: ^8 `4 C' }, ], s: j
throttle_max = 1006 L6 m. q( a5 P
upload_id = ' J0 B& m$ B" X. W+ P! x" Y$ C
urlencoding_mode = normal
8 |* F" s: C! S; }( Yuse_http_expect = False6 I5 D; r3 P- H8 [( p
use_https = False# ]# _1 b2 |; l2 i$ G+ F4 E) X0 n
use_mime_magic = True, D! ~' h5 p9 Y3 F5 O
verbosity = WARNING4 b2 C" `0 D1 T K2 a1 U
website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/5 O0 @% u6 |7 X7 W
website_error = : w3 g! q# e! W/ u0 ]+ T4 y
website_index = index.html
% H8 v' {0 x& z4 O' c& B% v, i' M! U5 y! x
创建桶6 D- k2 w: n7 t
s3cmd mb s3://buck1& W6 y& H0 X6 }% E: s& s; O
输出
% k5 y7 a3 S) V! s$ FBucket 's3://buck1/' created. x3 q$ r9 }5 D) Q0 a9 z* e
* v& D( q' ?4 J6 bs3cmd mb s3://my-bucket
) X4 W' X. m; D0 q& \, k输出) v0 t9 R: L/ ^9 A; n' |
Bucket 's3://my-bucket/' created
7 n. k$ I" y1 v
+ i# A. F' i; T7 B' F! |- T" g
; O/ y3 s) ^% b, [' d查看桶
1 k+ o9 Z2 N2 _/ y) Z! }4 ^s3cmd ls! D+ V. z& k3 Q1 a* s( H
输出
) R3 I/ w, M9 q" G8 @2020-11-04 02:43 s3://buck1
4 D* z9 i7 K5 D6 g7 o) z* g3 q# J2020-11-04 02:30 s3://my-bucket" G2 n' L- {7 Z% X" ]* C
' m3 x9 s0 l1 d5 C' o往桶中传数据2 |* j2 [/ ?8 f0 R2 V
s3cmd put /etc/hosts s3://buck16 k# j: n/ N1 m C/ h" @: e* B
输出9 U- e; U3 F1 Z( v& b4 y! U9 B
upload: '/etc/hosts' -> 's3://buck1/hosts' [1 of 1]/ y8 T9 Z' l, {6 Z
304 of 304 100% in 3s 92.11 B/s done
6 x/ }/ ~& t( u# S% w
! ], ~- ^/ m- U' E, N( Pswift访问
8 e1 O3 H7 q/ l" O9 `客户端安装swift客户端6 Z. J" J$ f/ ?6 k# D5 _' l) P
yum -y install python-setuptools
2 v: x0 i* _2 t; Q* A6 Nyum -y install python-pip3 t0 ~- Y" g3 T' p' W) k
pip install --upgrade pip -i https://mirrors.aliyun.com/pypi/simple7 i( V2 v. H+ g
pip install --upgrade setuptools -i https://mirrors.aliyun.com/pypi/simple
9 }/ L6 b% L8 U% i) s1 }6 Mpip install python-swiftclient -i https://mirrors.aliyun.com/pypi/simple
, d/ ^) _7 x# O1 I G, [& [( N% F p0 M3 g- ~' @3 D
swift创建并查看桶
9 ~ n9 r- F- ~. G3 I8 Wswift -V 1.0 -A http://192.168.229.114/auth -U mona:swift -K secretkey post swift-buck# |+ d* M) f% m) i" G
swift -V 1.0 -A http://192.168.229.114/auth -U mona:swift -K secretkey list
+ o5 C# x, N0 g4 K输出/ V, I1 f# }' [
buck1
p. Q/ \7 I$ m0 Mmy-bucket
$ |- ]1 F$ b f# R! n! Uswift-buck# v/ ` {# v9 D( R, K6 D
3 t$ r/ t7 B5 Z访问对象存储(DNS方式访问)+ a N4 \, j9 T! g& f5 Z
ceph对象存储支持S3和swift兼容的API。为了利用ceph对象存储的能力,我们需要配置S3或者swift接口。接下来我们依次为这两种接口做一个基本配置。高级配置请查阅它们各自的文档。& u n$ Y0 T( h* {+ m! k& `" s) U; }
9 }8 T( y) O$ Z& e: r; bS3 API访问5 I; E$ p1 X i; g
Amazon的简单存储服务(S3)通过Web接口(例如REST)为用户提供存储服务。ceph通过RESTful API兼容S3。S3客户端应用程序能够通过access和密钥来访问ceph对象存储。下面我们来配置它,除非特别指明,否则以下命令都在ceph-rgw节点上执行。
6 `: }- w, ~: I& }, Bradosgw用户应该有足够的能力来处理S3请求。为radosgw用户(ID为mona)增加必要的能力。
O" g; ^+ Z: O9 @8 u0 A5 F2 x* I7 B- d. m3 v
安装dns服务$ f# p, P0 {, n6 ~9 P
yum -y install bind* -y1 x! \/ r. ?6 X& g
3 L0 D; b" O1 N+ A0 m( j8 d配置dns服务6 y @3 z# P' ?7 J' W
cat /etc/named.conf2 n" m3 ~) c' f8 k/ w8 a6 [
options {
: J' |1 O$ s7 Q1 K6 \: [8 t listen-on port 53 { 127.0.0.1;192.168.229.114; };
# G6 t9 Y: N6 [ listen-on-v6 port 53 { ::1; };% `9 L _" W( ~- g0 T, j0 N& {2 y
directory "/var/named";
: E" j3 ] L6 g+ l7 n2 @ dump-file "/var/named/data/cache_dump.db";
; x# B3 I) ?9 o) N9 |0 @0 y statistics-file "/var/named/data/named_stats.txt";
5 M0 k& v" h) f2 a. P" k: u memstatistics-file "/var/named/data/named_mem_stats.txt";; l: [. S. C6 V( N( X8 o" ?
recursing-file "/var/named/data/named.recursing";1 v G# v& s) z8 O
secroots-file "/var/named/data/named.secroots";# g/ U* u9 @3 U+ z+ }( k7 u |) \
allow-query { localhost;192.168.0.0/16; };8 Y# v8 @6 d) j$ L
8 M0 N% |/ C/ m6 ~( p4 Lzone "objectstore.com" IN {7 h0 P Y/ C' X. q2 N5 ?
type master;+ d) J* V: ?5 s
file "db.objectstore.com";" \& X2 H1 w6 x9 ]+ ]9 w
allow-update {none;};& [8 w/ x. q+ A N& d4 B
};
1 D, x. P7 t+ J+ v$ K/ `' x& m7 X+ n( j6 E/ D: S" H# X7 U& E
说明:ip地址根据实际情况更改。1 f% u9 \: ^5 N8 ]" Q# i
4 q! ]& [& z2 V( n; ^+ i
cat >/var/named/db.objectstore.com <<EOF5 C3 v1 o' N6 k5 I2 v
@ 86400 IN SOA objectstore.com. root.objectstore.com. (: @. L( f! [( b/ Q2 |6 }. I( r
20091028 ; serial yyyy-mm-dd6 \. d$ t, s. a
10800 ; serial every 15 min
: [# b0 u& u" N8 T) J; ] 3600 ; serial every hour
% L7 Y+ n! V! E! A) _2 X F 3600000 ; expire after 1 month +2 ^( o) V# Y1 T) c/ ~
86400) ; min ttl of 1 day! g% ^+ ]) [8 ^7 e: c2 i9 Q" R
@ 86400 IN NS objectstore.com.
0 I+ g' Z( j; t@ 86400 IN A 192.168.229.114
+ C1 r6 ~' O: d5 h* 86400 IN CNAME @+ q P, N2 r( D. c5 Q
EOF4 g( F8 v1 U" S. K/ ]# H
: G. }: V. `( I5 j1 h. Y8 U! u编辑/etc/resolv.conf文件
0 B. O" K! ]" L) B+ \cat /etc/resolv.conf
4 h4 g, C6 J* w' E0 u: T# Generated by NetworkManager
7 X2 v6 O0 O& _; C* J9 l2 Fnameserver 114.114.114.1143 G& f' o, V$ H, ]2 H. a. S# f
search objectstore.com* b0 s8 p: i7 G# S3 @* V* Y
nameserver 192.168.229.1140 x8 U. N6 X+ Y
1 c2 x& F# w1 u( D+ j% E
, X7 _2 E8 `) [! U9 @2 i检查配置
6 _6 R9 @0 e4 J2 p, Z5 \ Znamed-checkconf /etc/named.conf! L# g; }, F: c6 B9 K, P
1
* J5 `' c8 s/ nnamed-checkzone objectstore.com /var/named/db.objectstore.com
; X3 E' U+ H# S- f. O0 M( K正确输出
1 K9 [% h1 y+ Ezone objectstore.com/IN: loaded serial 20091028( r' _. J z9 x" X5 v+ b
OK
h z4 n0 @8 |& G$ r$ \- ]9 k( T4 j1 {& O6 K. [" t# w. h
启动dns服务- d# y4 G; p: X+ T. P" c' [
systemctl start named6 ~& ~' p6 w0 F6 \% O0 s4 e: W3 w
! X( k5 o1 _3 B8 m测试dns配置
* N8 a5 v0 _% y3 t; y7 ydig ceph01.objectstore.com
- m- Y6 d$ Q3 ~6 {; s: P) t8 Snslookup ceph01.objectstore.com# |4 s& i( c: R& {+ |
8 a X' w) O* M/ G( I+ x/ b8 j9 ~% u
在客户端的/etc/resolv.conf文件增加配置4 E; f0 Q! }3 V, n
cat /etc/resolv.conf& J8 s ]- }1 K. M2 _
# Generated by NetworkManager" o1 b( H. O+ C
nameserver 114.114.114.1141 u i; f1 [8 H: T/ i
search objectstore.com
: H& {- H1 K+ a1 }nameserver 192.168.229.114' G+ o Y% S0 }0 n% g/ s
6 c7 n; U8 J& i* b. e7 I5 ^( y9 E
测试客户端的dns配置
. ?$ r2 g" ^' w7 r5 Lyum install bind-utils
) Q. Q5 x+ V) N( s/ i% n" J8 c" c7 mdig ceph01.objectstore.com
?+ ?' o; p( I2 q" Rnslookup ceph01.objectstore.com
q# M# z2 L7 _% A2 ]# k, b, ^! `* X% L; [; c
客户端安装s3cmd9 Q* V( \" k% R; U
yum -y install s3cmd
( @& G3 K( T. n) y$ [0 W
6 U L5 M: ]% L% I) O0 H生成s3.cfg配置文件1 s, Q+ ]+ X9 e, \
s3cmd --configure
+ l* i9 Z) g/ p* D: d2 F
0 ^7 z, c$ X( REnter new values or accept defaults in brackets with Enter.
) n) C: y4 K, R* g# e5 _Refer to user manual for detailed description of all options.2 b4 I, ~" p( s. u$ p7 I5 b0 D3 q
9 O) ?2 w, ^5 n/ w. x+ i: rAccess key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.7 ~5 R: A4 A1 W$ ]
Access Key: 1F0D2GRLPRU9ENSB689J # 粘贴服务端生成的Access Key
. j6 M, L* ?/ b2 G3 f- I7 a) {Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4 # 粘贴服务端生成的Secret Key* ]; m6 N. |1 h" Y# o
Default Region [US]: # 直接回车即可$ s! m% ?9 P( _2 l
$ P" i4 {' z/ k) a+ i. e, }
Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.
& W+ a* Z; x& a I: e/ T6 @S3 Endpoint [s3.amazonaws.com]: ceph01.objectstore.com # 输入对象存储的域名+ {9 ?# a- Y/ z8 E3 r; i
+ J- h& j: _" J+ k# G& h I% ^& g. `. OUse "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used
) O8 X% ~7 ~4 F6 I* o: Gif the target S3 system supports dns based buckets.
# _2 V6 U/ v) c0 M2 BDNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket).ceph01.objectstore.com # 输入对象存储的bucket地址
3 `9 r( h1 d. l
) S' T& W. H- |$ SEncryption password is used to protect your files from reading, l# b3 D8 F% C! ~$ N! H0 X
by unauthorized persons while in transfer to S3
! C& v3 b8 z9 p, c/ I/ G$ p- uEncryption password: # 空密码回车; L( B f$ k! Q$ }, b/ A
Path to GPG program [/usr/bin/gpg]: #回车
2 h1 ?% ]# B5 V& ]* \9 D
% d \: n; Q# d5 T$ h8 fWhen using secure HTTPS protocol all communication with Amazon S3
& z5 E5 A) K2 ^" }6 q' ~7 |4 hservers is protected from 3rd party eavesdropping. This method is
8 z( U+ N& e9 |1 e) U) ^7 D( N) d; aslower than plain HTTP, and can only be proxied with Python 2.7 or newer( Q r/ U, a2 Q& y4 D, X
Use HTTPS protocol [Yes]: No #输入No
' Z2 j4 g/ r( ^' v* t/ q
0 }7 C# m2 N W9 B2 d" x. {. q' ~, ^On some networks all internet access must go through a HTTP proxy.
" z( z# D- V" d3 _- _Try setting it here if you can't connect to S3 directly
/ q! l9 q) b% AHTTP Proxy server name: #回车
: |0 R- [+ h* F) Q( d: d) d' A* p! S1 T+ h
New settings:
6 a/ A- q0 Q& c; ~; m$ u, a0 f: {6 M Access Key: 1F0D2GRLPRU9ENSB689J% X/ g0 k) f' m9 t D
Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h47 Z; T P/ M8 t; ~
Default Region: US
5 Q b. {& c( y5 m2 }' m0 W8 Y$ ^ S3 Endpoint: ceph01.objectstore.com3 Y7 g3 ]5 y7 b; K
DNS-style bucket+hostname:port template for accessing a bucket: %(bucket).ceph01.objectstore.com3 N( B. s5 e. l
Encryption password:
/ U2 Y7 G! L( E, d, O" ] Path to GPG program: /usr/bin/gpg( Z- l! r" v4 M/ _* T
Use HTTPS protocol: False* a7 e8 }3 a# M) R
HTTP Proxy server name: 1 z6 b2 f0 a' b
HTTP Proxy server port: 0
2 m; r O* s8 z; c
H- N% j, }$ c5 V! `+ hTest access with supplied credentials? [Y/n] n #输入n
+ ?6 y8 L) l T1 H, A; U1 N2 v; l) o3 w- M
Save settings? [y/N] y #输入y! z8 u, ]% I1 d& R1 H! k5 x
Configuration saved to '/root/.s3cfg' # 最后配置文件保存的位置/root.s3cfg
# v9 M+ a9 |* i: c7 F& K7 K& l6 K9 ~" h
G' E6 D$ d2 v0 H生成的s3.cfg配置文件内容如下! V- c( l2 ^) R f, z# ?6 N
cat /root/.s3cfg 6 K. k) ]4 k& X d, `
[default], U, c! Y, Y0 B( J
access_key = 1F0D2GRLPRU9ENSB689J! ?+ c% [# {, c: s1 ?4 I7 R: J
access_token = 0 I' y* ]% f- o9 d; q" r
add_encoding_exts =
5 w. x! W$ F0 T/ k+ Qadd_headers =
( ]- p- w/ W0 u5 f$ f; ]/ Kbucket_location = US
9 z7 X' `. c$ R8 H. d3 J' o5 O% xca_certs_file = / b" K I5 U4 S- s8 \- N
cache_file = 7 @, V4 o) C# ^. a0 v$ Q! B4 V
check_ssl_certificate = True1 Z2 S; q& K5 H$ r1 m, u
check_ssl_hostname = True
) R, @! P0 B v% ~4 ]9 h0 A" Ecloudfront_host = cloudfront.amazonaws.com
; H* Q7 O2 J. Hconnection_pooling = True- H1 v2 c2 U9 a2 [1 U" u* p( ]
content_disposition =
( x' s% L: ~4 ~9 e& R) T! C: q/ Fcontent_type =
5 F- n7 h7 v. a0 i2 v. W1 Kdefault_mime_type = binary/octet-stream. E0 Y+ t: {6 M% _5 z6 \/ p
delay_updates = False
/ ^: k6 p, f" Q3 i% Y# `. n) F; ?delete_after = False
: F) |4 N4 N6 X5 b) S4 Q: \+ W# ^delete_after_fetch = False( A) f3 W1 |" p: p! I/ x# ^$ F. Q
delete_removed = False
5 {( d, K: B8 Z, C* R2 B& @dry_run = False) R& Z% _! D( Z& _
enable_multipart = True8 L% t7 E i* h" a& i1 ~) a
encrypt = False1 K3 a" p/ v- `' s
expiry_date =
9 T4 S) B. ]& A- n, F4 f0 Eexpiry_days =
8 e4 D6 F7 d' `: q) M+ `" ]expiry_prefix = 9 r' ~" \/ B# a/ R
follow_symlinks = False
) J' u: v5 f* pforce = False
3 V, C* @% M3 i3 W. w2 dget_continue = False8 K" R- r! I" B3 k
gpg_command = /usr/bin/gpg& s+ M3 l* j$ X$ A, P1 I" q7 i
gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s) f$ c: s5 X0 W" ^0 Y$ G
gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s/ ~" r) t- K( P" r
gpg_passphrase = ( y3 v3 a4 v# v% k( t
guess_mime_type = True
) o. }+ s/ p5 \) Lhost_base = ceph01.objectstore.com
+ B Q- Y6 N" nhost_bucket = %(bucket).ceph01.objectstore.com
Z/ G* n8 u+ C1 l1 l4 N: qhuman_readable_sizes = False. N) _5 F, j3 q* n- ]7 @5 q1 F
invalidate_default_index_on_cf = False
$ \5 O& o+ p# U" ^ F7 u- Z5 Ninvalidate_default_index_root_on_cf = True
( |% s% ]3 k% E8 b3 |0 B4 ]invalidate_on_cf = False3 ^) r5 _$ t) U3 P; ^$ s: \" t
kms_key = 3 x5 @' g* U; L0 n
limit = -1
1 k5 i0 d8 O0 P# }9 M" P0 Mlimitrate = 0, |* |$ y- r: G
list_md5 = False9 {* Z t' t! Y8 B
log_target_prefix =
- z! x+ }( r- Q" hlong_listing = False
3 q8 Q1 A+ e7 imax_delete = -1- R! p% ?/ k4 _. _' E
mime_type =
$ b6 v8 L( {9 u4 l7 Omultipart_chunk_size_mb = 158 x0 T( ~, d% g9 S
multipart_max_chunks = 10000
: ]! P O5 N0 cpreserve_attrs = True8 L8 R- m2 \/ ?
progress_meter = True) U3 C& w, `7 G" A) @5 x
proxy_host =
5 [- Q$ k. g& l$ z1 f$ H/ [proxy_port = 0; i: g" Y3 ~ F$ U/ \4 t- d2 S
public_url_use_https = False
# W: P. U, x- [' @put_continue = False* r/ [% T# u- T+ p$ c- Q7 o
recursive = False
: g0 N$ p# [# \$ irecv_chunk = 65536
% I( K' L0 F/ z' c- S( `reduced_redundancy = False# M- Z* e3 P& y1 w
requester_pays = False
# p4 i9 |3 q4 [- p7 J) H. a/ Orestore_days = 1
& B( F( v9 ~' k5 k F5 j7 u& Urestore_priority = Standard( E5 \# J( @" q( t; V
secret_key = M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4( t& I2 L7 _$ x
send_chunk = 65536
; l0 y( e% B$ N i+ bserver_side_encryption = False
+ F$ w) b( {: J1 P& f. u, ^3 ]8 e0 zsignature_v2 = False
& A) t9 F1 \; t8 S5 Y* H- Usignurl_use_https = False, n/ }1 U- e; v! I: b- }
simpledb_host = sdb.amazonaws.com
1 Z) P: h8 Q. ^5 }, }skip_existing = False
& y$ C! w8 ~- A4 z% g: Rsocket_timeout = 3009 A3 r. k' ?; d$ }: b
stats = False
5 l8 J' r) k' I. istop_on_error = False
, x6 O+ U4 V3 i8 Zstorage_class = 9 u* g1 `8 S3 x: ~7 @# o7 a" L
throttle_max = 100
: {0 h- X+ @* q+ x0 aupload_id = . `! r$ F( A! j0 c. n) q" N- m
urlencoding_mode = normal
; f6 I ^+ _( c2 q! `% huse_http_expect = False
: f7 o- M7 ^, r' _4 n0 x# N3 n& xuse_https = False
. i0 T9 X3 a: l& m7 ~! Kuse_mime_magic = True) A( X9 c/ N0 u; i. e) {, V
verbosity = WARNING. C( a5 F: r7 F
website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/# y, u3 ?& f" A2 z1 [: j
website_error = 0 r1 p3 j. j( F
website_index = index.html% q1 e6 ^% U$ o" X, \7 w
2 Y( C6 O) B+ c5 C
vim /root/.s3cfg
8 }' [# v* C$ v, uhost_base = ceph01.objectstore.com
6 @ R n/ T% ^( Y3 shost_bucket = %(bucket)s.ceph01.objectstore.com
/ X# P a3 n! i* n) r# `: k' H6 Z% q% s' s( y
创建桶" X- a1 E3 J* t* i6 F
s3cmd mb s3://buck19 D3 k; A8 X# d9 C
输出* _8 P7 ~: f8 ]: Q# h/ R
Bucket 's3://buck1/' created/ k% x, _( |7 B; L* s+ S
) X/ N$ X+ K6 t1 r/ c
s3cmd mb s3://my-bucket
$ u+ w9 T# ]3 f" B+ Y输出0 G1 Q {2 J$ c X
Bucket 's3://my-bucket/' created$ r8 V" N! @4 I$ Z4 _
9 f0 J. |; P) h; K查看桶
% X5 }8 |% f: E( D W$ Us3cmd ls
- X' f5 o# M1 W4 w输出
1 H( ~2 Z3 T( p& e* ^, F2020-11-04 02:43 s3://buck1" _- ?" w+ `2 B5 T" ^/ F6 P2 L
2020-11-04 02:30 s3://my-bucket* m" z- `! T) d8 y% d$ b
* m; S+ F; ~, R' Q' O往桶中传数据
3 i5 U; ?% F9 v) G! h# J9 F9 ms3cmd put /etc/hosts s3://buck1
9 m. E1 g# C c$ ?) E$ j0 u; d+ p输出
& G8 P3 z$ o& l8 d* D; h8 jupload: '/etc/hosts' -> 's3://buck1/hosts' [1 of 1]
* V2 m' L8 ~; {: q 304 of 304 100% in 3s 92.11 B/s done# N* m( C8 ?* m7 L$ r; Q! m5 L
p- z& w" d) X
swift访问& m3 H( h$ ^0 s' i2 m5 z4 U7 \
客户端安装swift客户端
- H2 @" f' I1 i q& p/ B2 Oyum -y install python-setuptools
6 U0 T& J- B, F; d1 Z+ c& |yum -y install python-pip
! ?3 y! i+ O$ b6 D3 n k# \0 }pip install --upgrade pip -i https://mirrors.aliyun.com/pypi/simple" N, J; A g) d( t0 u! Y
pip install --upgrade setuptools -i https://mirrors.aliyun.com/pypi/simple
0 w+ o k. K3 K) x7 I, h2 q6 Ppip install python-swiftclient -i https://mirrors.aliyun.com/pypi/simple
! B' T, @4 }, l! j/ Q2 Z, r1 ^& `. `1 ?9 \
swift创建并查看桶" \& w1 o6 e6 K, W) m
swift -V 1.0 -A http://ceph01.objectstore.com/auth -U mona:swift -K secretkey post swift-buck
' h& @2 Q. `+ W) Iswift -V 1.0 -A http://ceph01.objectstore.com/auth -U mona:swift -K secretkey list
* S9 C" ~% A$ m输出
9 P2 {! U2 ~3 [+ w* W6 E% ebuck1 X; S* E1 a" K( L
my-bucket0 c' |2 w# `: f
swift-buck8 ^ h$ |% J& k
9 k! t1 S8 Z5 Q1 i
: ~0 V$ t5 X5 D' A. T' O% o& B% K r |
|
发表于 2022-2-9 09:58:36