|
|
楼主 |
发表于 2022-2-9 10:04:03
|
显示全部楼层
ceph对象存储
0 K+ }5 y f5 y顾名思义,对象存储以对象方式管理数据。每一个对象存储数据、元数据以及一个唯一的标识符。对象存储不能直接被操作系统当成本地或者远程文件系统访问。它只能在应用程序级别通过API访问。ceph提供的对象存储接口是RADOS网关,它建立在ceph RADOS层之上。RADOS网关为应用程序提供兼容S3或者Swift的RESTful API接口,以便将数据以对象方式存储到ceph集群中。8 j x: {+ V7 V( {) h7 E
在生产环境中,如果你在ceph对象存储上有大量的工作负载,则你应该使用专用的物理服务器来配置RADOS网关,另外你可以考虑将所有的monitor节点配置成RADOS网关。: O; e8 ]: S' x: m0 c* N" G6 C2 l
; W0 ^/ X5 y/ D安装radosgw相关包
" e3 l% s0 |- C# y T1 hyum -y install ceph-radosgw ceph
. s7 k$ B7 O! J3 [3 {10 H# g0 J: _/ ~
创建用户
) Z# b5 u4 ?$ r为ceph创建rados网关用户及密钥环,登录任意一台ceph monitor节点上,并执行下列命令
: J# {0 u/ o/ \8 i& d, i' N* R$ s- Z创建密钥环
0 u/ k, H( l" F7 k' `* s
# X& t9 }0 ^2 nceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring - A( {5 s9 `# C% r" S! ?
输出
- C, t# B. o+ L; a* hcreating /etc/ceph/ceph.client.radosgw.keyring, Q: t$ S: _9 e _* O( R
1
. O4 @) c l9 W" X" q; }2 Y9 Y2- I. Z% f* @* X5 C" W2 W# g
37 L/ P3 m- C" M0 }7 B8 m0 u
chmod +r /etc/ceph/ceph.client.radosgw.keyring( J p2 J' o# B# M9 G
10 N+ z* T' d1 y, e
这时候/etc/ceph/ceph.client.radosgw.keyring 文件还是空的. }" ^% [" u* o+ r5 W8 {
为RADOS网关实例生成网关用户以及密钥,这里的RADOS网关实例名是gateway6 _7 ~! {* S! j& h0 S6 K
' ]# b! T0 t& i4 Iceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key2 ~: X, d# t( j, @
1
7 k( f9 N5 y+ R/ A Y. M6 Zcat /etc/ceph/ceph.client.radosgw.keyring 7 d" t" K5 c5 E) \. j9 a
[client.radosgw.gateway]
5 c2 [. J0 _0 u0 [8 c9 f% i key = AQBWuqBf5apFDxAAAbqsG0NTx8lehGoNpcPVJQ==3 L2 D/ [ d* U: F% c3 ]# z
14 T% I0 R, Y# g+ Q6 r
2
, y* b, j5 H9 S+ \+ q8 Z9 m3
M" |2 B3 q- O+ u为密钥增加功能
$ n* \# S3 T0 m# B
2 Q; v' W# q# o: ~% u! _ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
' d, N3 A2 d$ Y" G/ {( H, t1
0 M' M& P" N* q2 u& e8 ^cat /etc/ceph/ceph.client.radosgw.keyring
3 c3 `! N- X; P U% i; y Y3 G[client.radosgw.gateway]
* O5 R7 R6 J4 A! t$ T key = AQBWuqBf5apFDxAAAbqsG0NTx8lehGoNpcPVJQ==
: {" L! V& X! n2 M" M" o caps mon = "allow rw"
9 e& `" \ f5 w6 t+ l caps osd = "allow rwx"
3 x( z$ D; q. T6 t1
$ l: f+ u/ d$ {2
3 k% ~. @8 i+ M: x$ E0 y3& I& E+ z7 T9 U5 G9 Z
4
$ A. Q0 o9 D0 o: ]! S! z) g7 J6 {0 x5
% V1 G5 `4 l, U! o2 y将密钥添加到ceph集群中9 `% |& g# o5 G7 d: ^- o% q3 W
* ?, z1 }) O. ~: y6 P2 i$ d0 U
ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
, s$ ^; E) m( `$ C" I输出8 x, |3 \- _+ Y8 w- Y6 ^, ?+ z2 n
added key for client.radosgw.gateway: |6 _ O$ \# b; G& T- r0 f5 X
1
2 j, w( E3 o$ H3 h21 D8 W$ o3 p* R1 a9 g
3$ c4 P( J9 m( y) E5 N, P, b
分发密钥到ceph rados网关节点上
# [4 x: f5 \. M) r! @4 ^8 |
$ k9 _* l2 l5 @ c" S7 escp /etc/ceph/ceph.client.radosgw.keyring radosgw节点的hostname:/etc/ceph/ceph.client.radosgw.keyring / u" k9 Y- y' j" S, ^# D
1
( |& ]) r# W# f0 B0 C( E( p, s由于这里的rados网关节点和monitor节点在一台机器上,所以不必分发。$ W6 H$ x' F* V9 R+ @- I$ \! w6 M
& X1 K# M; p0 T; b" m ^4 K
为rados网关创建池5 Y/ J" t/ `9 y9 @! `
ceph osd pool create .rgw 128 128
8 O* D+ a; y: o! O% {1
7 U/ g1 z( E* m" c( l7 k创建radosgw网关数据目录. r! Q7 W1 l1 x( \. s& S
mkdir -p /var/lib/ceph/radosgw/ceph-ceph01.gateway( p t) m1 m8 J& ~
1
5 d9 s. J2 n" {" l# ]# {! ZCivetweb方式配置rgw0 ?2 H) Y3 z f6 j" Z, h# a5 |
增加配置
8 ], l, l- R( A( u6 M, u! [给ceph添加一个网关配置,添加如下配置到ceph monitor节点的ceph.conf文件中, 并将该文件移动到RADOS网关节点。确保主机名是RADOS网关的主机名。2 F# _- Y5 u6 [( L
0 E! u' c( f; S4 s# m4 h. }8 l `
[client.radosgw.gateway]
. G6 Q2 Y% w+ e3 F' dhost=ceph01
1 {. q1 ^' y1 m: Pkeyring=/etc/ceph/ceph.client.radosgw.keyring, a7 R# ^7 F- q& A" h2 N
log file=/var/log/ceph/client.radosgw.gateway.log
5 f: p; y2 D5 Krgw_frontends = civetweb port=80
% y4 b7 K7 D: v$ t+ \0 w' T: W1, ~3 b& E- T! U8 k! i- Q
2& M) T9 N* E) V; v5 l6 W- L
3
" w# k& j. y; C( m* s: a, i. m7 y4
& W, k# ~3 E- F53 C4 D0 X+ Q* t+ N+ V
civetweb默认监听在7480端口,上述的配置中显示指定监听端口为80(port=80). o+ W/ u' G7 o/ z `
复制配置文件到rgw节点,这里rgw节点在ceph节点上,不必复制。0 \# |4 j/ ?! W5 X) ?
2 F I4 S2 \- ^
scp /etc/ceph/ceph.conf radosgw节点的hostname:/etc/ceph/ceph.conf
# N* \* D- E% @9 X1
) T6 |! W, }9 @+ b u启动rgw实例
* R5 m1 ~' `+ @systemctl start ceph-radosgw@radosgw.gateway.service
V9 D7 t) E& C# W1 W0 }: ^& H9 y: a6 D, m
说明:ceph-radosgw@radosgw.gateway.service中gateway为具体的实例名,这个实例名要和ceph.conf中配置的一致。
+ V7 e' |- w& d7 o; w7 a" z
/ C% H: K4 e w* ]1 d# K& @8 m验证1 Y: d( r5 k* D- Y* J
rgw节点curl! y; W1 f' v$ r. v$ L
6 ]0 e' t. G6 i( s. x; T" wcurl localhost:80- N5 j; s2 p: I( G7 }' z4 `& U
正确输出8 ]% t& Q8 m- m7 i
<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 ceph]# 8 Q- v* g5 T, d9 o0 R v
1
: v8 x) n/ e; ?/ u/ \" c" ?: S; R2* x$ g# h1 F3 t: T& R: L; W& r
3* N6 M5 t* S( ^' G% h1 }- c& s
或者浏览器输入rgw节点ip
# r \6 ^ `2 s! }# M正确输出如下- S8 ] q' Q3 W1 x( Q" G
6 S- R; N0 I. K( B# K
$ K0 ]& N1 m! A
apache fastcgi方式配置rgw(方法1简单)
& [& B% z' m" r( i4 J( S9 w* `" t安装httpd
" H: H2 X) y" L' B" z4 N! Tyum -y install httpd4 l! B- v' X: s; [4 p" @
1
, l$ S5 y/ N5 D2 r/ O配置httpd3 N4 h$ i9 C/ I
cat > /etc/httpd/conf.d/rgw.conf << EOF7 M$ _! k; p5 Y: p: E3 o+ s8 v0 i
<VirtualHost *:80>
2 V) r/ R1 f7 P. k9 V" Q& zServerName localhost
% `' I5 a: c* c: K6 Y& q/ EDocumentRoot /var/www/html
7 ~$ b" ~$ h( q1 j* W, l" ^& m; P
+ V1 z" C Z tErrorLog /var/log/httpd/rgw_error.log) X) B$ N; j+ n H4 e" Z: X
CustomLog /var/log/httpd/rgw_access.log combined7 |8 P) u4 y* ?
# L+ t, P4 \) W' p; o; o# LogLevel debug
& s* g- k0 V3 U5 q8 g
4 G+ _0 @" \% a" |% S6 PRewriteEngine On
' X8 v' j2 }! L. Y2 `) f7 c+ o6 I0 V
% o$ `. V$ ^/ {5 ^8 pRewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
- ?- {+ S0 u& s. ^8 Q* V7 J
: w. y7 q: V7 h; C+ QSetEnv proxy-nokeepalive 1
4 ], l1 P; t. H( p! ^; S# b, V+ K" ]- c- R6 @4 ^" g
ProxyPass / fcgi://localhost:9000/6 Q6 g7 B9 w1 }' Y; }) M( d, S' Y
5 ]) J' R/ C' \6 F2 T3 C
</VirtualHost>
2 m" p9 M1 n( f8 aEOF
% t0 M8 s" G/ W v$ T/ h1
" E2 `6 G6 `4 T( U& [2
5 ^! v2 d( Y/ E; b- @& g6 B$ D3
& Z, l! R" i' N6 B46 W: a! c k+ k1 `6 x0 b
5$ e/ C4 a' s2 C) |- n/ n/ J
6
8 F6 v) @6 c% m x; J+ y7; a* a S7 U- G4 D& p8 B* o7 j
86 {" s- Q+ q- l5 z8 i& r; j! _
9
9 _4 y" j- @0 @. c4 k$ l10( ?5 `$ `) [: Y! M6 v( I7 L4 O1 ?7 ~
11
3 n1 v5 M I, G3 @! R3 [: u& o12: x* C8 \+ e2 U0 g
138 b* @5 L$ I6 U1 Q* k
14
, }1 B9 n( |/ W# v, ~ }155 W. T4 L+ c5 i, v9 f! M6 g+ o1 [
163 ^0 f4 g( R5 \! Y1 D5 }
17# j! j! B" I/ C% f4 d1 O7 C/ q5 k
18
/ s1 j3 l/ j+ \! a" m' U @ x19
0 _3 m y9 O( M203 W4 ?7 k) I3 x5 v. Z( D
配置ceph/ v% ]: D8 b# O7 F% G( [5 e W9 k8 F
[client.radosgw.gateway]
9 v+ f. z0 m# h* vhost=ceph01
" b5 Y8 [! C' w* R5 J! `( J! _+ `+ J6 A' e; ekeyring=/etc/ceph/ceph.client.radosgw.keyring
. n0 y# Q( m8 u9 h) T. x0 v/ Mrgw_socket_path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
0 r. d6 p1 a/ ~* I2 O9 L4 Vlog file=/var/log/ceph/client.radosgw.gateway.log2 |9 z, s+ t) F9 z" \/ }
rgw frontends = fastcgi socket_port=9000 socket_host=0.0.0.07 d; m" J/ j0 v4 L9 c$ G
#rgw dns name = ceph-rgw.objectstore.com3 [! k4 _# K; r {
rgw print continue=false+ k s9 t5 \! s9 o$ Y' S0 c4 u
1
0 B5 F p# S$ B" ~2 R0 B. z i; }; b
3' U: _$ _7 ^' \* `& l: B
42 ]* @( U% w% O8 B4 \2 L2 @; A
5) a( U% a) S. t2 f- x8 d( c
6
, V+ p/ R3 n1 x( X/ I& {0 {7
- y/ F3 C- g; c& v Y" ` `9 @% O8
6 P9 c( R; _" v- B) b, t; h启动httpd$ X, h5 F, d W! `& N
systemctl start httpd
# N. _4 j' p0 F% V$ e2 `+ ?, y, [1
5 F) V7 y7 o# O. G% \* {9 r启动ceph-radosgw.target服务4 a# f4 Z" M) T( u
systemctl start ceph-radosgw@radosgw.gateway.service- x, h1 u. P6 n9 G
1- x) u0 U* f# z
验证% g; v; ~4 ^9 c
curl http://ceph01
$ b- K4 T4 x4 L0 l: f6 F0 O( a<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 yum.repos.d]# / l* u6 D- k9 Y* I% S/ W- e
1, H% y# ]2 u, p" I- z- t
2( N( {) P! S0 R' K- q( @$ A: M
或者浏览器输入rgw节点ip
9 U3 \5 H* q7 ]: _5 j2 h正确输出如下# z& N- N+ h" }( ^
3 L0 S* Y: E1 p( `0 Z+ s/ P4 M% v7 @& C. p. _& n8 g% C
apache fastcgi方式配置rgw(方法2复杂)
8 v- l+ L4 t. R安装yum-plugin-priorities/ ?$ t6 r( N3 g( i% K; h4 s
yum -y install yum-plugin-priorities
( Y% Y' w+ E9 F. ?1 I1
% X3 [# h' Q; B' N配置mod_fastcgi的yum源
( N: x: P8 Y3 @, m8 ]cat > /etc/yum.repos.d/ceph-fastcgi.repo <<EOF' | b$ J6 J k; C# r1 Z
[fastcgi-ceph-basearch]( S% V8 C! n% r. t% r5 E) ~
name=FastCGI basearch packages for Ceph
5 n! [4 b# D" H6 Obaseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-centos7-x86_64-basic/ref/master/3 q. }$ X. P. X1 h4 n" v
enabled=16 i {# ?; f( k1 ~4 ?& G
priority=2: a& |9 W& F, j& l
gpgcheck=1
. M9 L; }' f5 R' R* [9 g. otype=rpm-md
3 M, T3 o/ Z) v4 E3 o9 ~gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc
- j& u3 w ~+ i
5 h5 y4 r9 D6 p2 D! r: y3 t[fastcgi-ceph-noarch]8 x5 r$ v4 L7 K$ k. F8 B, V
name=FastCGI noarch packages for Ceph: L; x$ m6 e: ^8 N% A+ I. Q7 x, }
baseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-centos7-x86_64-basic/ref/master/
1 w& M" | ~8 B( Xenabled=1
6 j+ K k0 n2 |* H) [7 Y) f5 cpriority=22 |" p. \& u2 P# q* v9 w6 `
gpgcheck=1
! ?: n5 n+ o" S+ b& ^0 ]# o0 qtype=rpm-md: s; N: {2 O0 i( _' i/ Q
gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc
: k" c1 U) Z+ D& @( L9 z8 [- f. K
- F7 z) w i( D& \9 `# y$ A[fastcgi-ceph-basearch]
5 H" h+ g/ \% F+ vname=FastCGI source packages for Ceph; {+ e6 Q2 ~& O& G" x
baseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-centos7-x86_64-basic/ref/master/
' v: Y8 n2 Q) J7 e0 S( f# n Y% C6 Uenabled=1% T" G3 f& I( P! M' q% o. [/ I
priority=2
: j. D3 g! _# e8 S" Tgpgcheck=1
3 p$ d- k! p9 `' q! Y8 Ltype=rpm-md
" ?& e6 \. {6 t, Rgpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc
+ }& n0 F; f2 d g* f1 \1 ]! Y! G3 `EOF% \, K. {' Z' R% o6 u, T
1' ~* A F" o7 ^/ I$ Q
27 q, {9 K# V0 c W+ i
3% u/ ~- h3 U" v- ~$ |1 k
4; B) Z; W: T6 y8 P2 h: ?4 }" H
5! z0 H5 C( i& |" B( A8 u ~+ u
6
9 F. J' O: Y+ Z, S( M* s7" F$ Y6 i; ?$ V8 t& e5 M
88 u# h. c4 m; F, N6 n: E9 s
9% R4 [, L" |9 y0 f2 k+ _
10
- @0 R _, d H1 z11, p0 \9 ~" ~# B9 C
12# ?1 \- O* E) A+ h
139 p, E, U4 e6 {, t
14" R. F+ Z' h) S" Q
15
) C- R, X+ b! M6 e. R+ {: h16) I h: P# }. y* ~0 P: ?* f" Y. k
17
* D* B# H+ }* `- P18
, o/ c8 p- _3 [: S. Z19
7 ~. u5 R9 r, a1 e) K20
4 g1 e- y Y+ i3 v6 b& Y" \216 n5 c. G+ }1 H2 S& v% y! a* n5 J
22
! S+ g) e# e4 F, Z1 g* [7 ~, l# Z23
* J7 ^5 ^* n( l, s. D$ ]/ [; r245 T( a# g; l6 n9 ` G
25
! r; u8 I7 z% R$ ^26
6 f, n+ l7 t- v6 S1 V27
( V7 Z7 v: n. H* `1 x28
5 V% h! e- d ^& B/ r安装相关包2 i6 w/ p# {) y/ m# n8 S/ p9 G
yum -y install httpd mod_fastcgi ceph-radosgw ceph
6 L, K4 o c3 i1
! R! Q, M; W# V/ ]6 O, e# Q3 k8 n8 N, J配置rados网关% [0 i+ [/ _( V$ f$ e
rados网关的配置包括apache和fastcgi的配置以及ceph密钥的生成。
0 ]# u6 Y* k9 J" b编辑/etc/httpd/conf/httpd.conf文件以配置apache9 w: `1 z- [/ H; h3 x
# q. b% x* S- m8 L8 j$ L
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak
( f# x) X& _# ^7 f* S* F1 f; `9 c1 Q1$ T) h9 b1 F& y s% q
设置ServerName = 主机名2 t! m6 v& C+ N/ A' I) G$ n$ j
1
! A3 K' W* d3 v l7 O确保下面这行存在并且是非注释状态5 j/ z, Q6 e* x8 ^6 v
8 U8 S$ u& \" c! |* O3 v
cat /etc/httpd/conf/httpd.conf|egrep "rgw|rewrite"
+ ?& z. Y: W; \+ y0 A6 w* i9 l( ALoadModule rewrite_module modules/mod_rewrite.so- p# y, @; i& Y- i% w7 G
1 W! r2 J; O' g
2" q, S v/ L# L) Q5 E3 O$ c
编辑/etc/httpd/conf.d/fastcgi.conf文件以配置FastCGI
. e4 h, E P& h" q6 Y, l9 x Q确保FastCGI模块开启/ V$ s$ V2 w* e
" x! ^/ q: H9 ]/ e$ r+ ` Acat /etc/httpd/conf.d/fastcgi.conf |grep "fastcgi_module"
' Z/ Z7 r9 ^+ N" W9 r1 z+ L1 M/ QLoadModule fastcgi_module modules/mod_fastcgi.so
7 Y) g7 a. [- v2 L- i19 Z) _6 [* p" L
2
+ `% v, R1 q! R$ e- L关闭FastCgiWrapper
+ b/ Y4 Q" @5 G {6 N C- B" b- g# p
cat /etc/httpd/conf.d/fastcgi.conf |grep -i "fastcgiwrapper"
2 P+ }. b1 V1 YFastCgiWrapper Off. E* {. M% G/ X8 K2 K, y
1; Z' Y Z, b0 }- e% {( \7 M1 H G9 M- V
2
3 Z7 j3 v& X) K; M设置对象网关脚本
[5 p, ~# p d: s7 v: |( T
4 f. w( z6 D5 @' \) Z% xcat > /var/www/html/s3gw.fcgi <<% G7 t T6 j; D, e
#!/bin/sh/ P/ d5 j# A7 u: e0 H
exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway4 R" x$ T% H) P5 V- s1 G
EOF; t) r; @/ T+ K: ?1 v3 w' e% P
1
* z9 \% k) ~2 O$ D" }0 H2
7 r. D) u. l# I1 C38 g _6 U4 K# u
4
3 P- z* @& L: v4 j& R授权脚本+ ~) N1 [% F& N+ W2 @) D" @0 c/ T8 f
chmod +x /var/www/html/s3gw.fcgi ) I" P" d7 p# G$ A; k
chown apache.apache /var/www/html/s3gw.fcgi " U {: m: C6 a. D! W
1
@0 P) m1 N/ U2/ w: e2 |8 ?8 V5 U5 c6 h
在/etc/httpd/conf.d/目录下创建网关配置文件rgw.conf
4 y, a! K# v! Z3 p) c! I
. j( i$ I: F+ O2 \7 H: rcat >/etc/httpd/conf.d/rgw.conf<<EOF% ]% |+ _" M @0 w
FastCgiExternalServer /var/www/html/s3gw.fcgi -socket /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
7 \* X1 i# x% \; ~, q<VirtualHost *:80>3 D/ ~1 ]) G8 u+ C- L) J
ServerName ceph01
* |* Q$ j c5 {% H) m' DServerAdmin {zhanghao@ceicloud.com}
8 X9 W% F) q( D4 aDocumentRoot /var/www/html
- X6 |8 K8 F7 r0 eRewriteEngine On
' y) v9 y' {7 v6 \5 YRewriteRule ^/(.*) /s3gw.fcgi?%{QUERY_STRING}[E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
7 a& T& Y w7 V, h {<IfModule mod_fastcgi.c>" f4 k" T2 [7 V$ j
<Directory /var/www/html>0 y F; n1 o- W! n
Options +ExecCGI
% E+ Y2 v) X5 \5 b% V- C' xAllowOverride ALL
6 v2 a4 S) m/ ?2 W9 v" U: SSetHandler fastcgi-script$ D; _; y; p1 T
Order allow,deny
( y5 E: c& N" L4 ~# cAllow from all
) m( m0 {* h. LAuthBasicAuthoritative Off/ c: J4 y- [: l2 Y, d
</Directory>
8 R, ?# p4 P- X% Y* Y</IfModule>5 T' s4 i0 M' t
AllowEncodedSlashes On% p% z$ I- I4 _. Y: {* n
Errorlog /var/log/httpd/error.log
# J0 r- H% {( z; c/ FCustomLog /var/log/httpd/access.log combined
" f# d; }( ^5 j- o, lServerSignature Off
6 F" i6 ^0 j8 x1 l2 [2 n</VirtualHost>
8 S' x1 g! I/ s, q# [# JEOF7 B. ?% A4 T, G" F$ L5 r* _
12 w, K- N$ U9 s
22 S+ L3 y, i" J$ w# H2 l
30 h4 Z6 T# s& S, T2 t2 ^
4
+ Q6 v9 \- I* w: r0 m3 l: u' p5- L) p3 @2 Z; @( A
6; K+ ^ z4 s( }; i
76 f1 X5 q0 \( z( p/ y. H/ g
8
6 z- E: m$ C: U' h; M9
' I% T7 Y) m8 V; |: ?10; y$ b/ a, Z6 d6 z
11" _% i; a+ E( x9 C6 d9 q/ ~, [
12% z+ O/ n/ l1 p) U
137 F; J9 g6 G, s
14
o) t( z R# {) l. I15
# r2 {( \$ Z) h4 v* Q- r6 t16 _5 L* _4 b$ O" E/ |8 E
17
$ K0 K, {8 |& Y18/ v/ E$ F& a' M; F
19; Z1 Y7 m' c6 D' \/ ^" ^7 R# I9 l$ I
20
1 _; Y8 F2 H; X Y- C21) X& _* s3 B/ y3 o2 [
22
0 G) | ?- a, ]; |3 `23
0 @7 p' ?& x8 t7 e& @+ u. L" k24
" e1 t/ p& s# n添加ceph配置
, u+ u' x) u4 A# S. s9 w2 P) L" a给ceph添加一个网关配置,添加如下配置到ceph monitor节点的ceph.conf文件中, 并将该文件移动到RADOS网关节点。确保主机名是RADOS网关的主机名。
5 p4 D5 @, u$ r8 z# C
. n$ ] a* c. c! G; l* z[client.radosgw.gateway]5 ~0 y3 u, j( |: ]) @# K
host=ceph01
) I! L. H7 c( ^& Y+ R% u! ?keyring=/etc/ceph/ceph.client.radosgw.keyring
! \: o1 ]' |& }8 K+ vrgw socket path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock5 I8 e2 K5 @& i9 k: c
log file=/var/log/ceph/client.radosgw.gateway.log! {. G) y6 L6 Y; s3 P8 Q
#rgw frontends = fastcgi socket_port=80 socket_host=0.0.0.0) _, n# {$ r, T K
rgw dns name = ceph-rgw.objectstore.com
$ s3 m5 F& R7 b$ ?( K) }) w# }rgw print continue=false" F M* B7 f+ ^0 @6 z$ L/ u7 T
1 G) v3 A7 u$ U6 m# I
2$ _* W W1 `- f
3/ ]" V) s) n$ g
4$ t* A7 s: Z3 O( |7 L% a
5/ _$ Q/ S: u# f( A+ x7 ?
6
# x9 C$ e: y, I0 V/ K8 e7
6 k1 v5 [3 L6 P6 o$ j$ ?8
4 f' _ p4 k- ~设置文件权限- C" e; ^" g! W5 g& f# }! x
调整RADOS网关节点上的/var/log/httpd、/var/run/ceph和/var/log/ceph这三个文件的所有权和权限,并设置SELinux为Permissive。
$ z1 ]9 m, M s! W' K- X
1 j+ \. W3 H0 v/ z) |% b: Wchown apache:apache /var/log/httpd/
0 n7 I) K6 m" h0 {, f7 g) L. R& |9 D6 Jchown apache:apache /var/run/ceph/
( \* ^( E; |: o/ Kchown apache:apache /var/log/ceph/
$ v1 q! W* z+ \7 j; C* R3 ?9 F1
. V4 a w# u/ S9 C20 {4 [& s+ y5 \
37 m6 L. p) F; p5 e9 v% z
启动Apache和ceph RADOS网关服务,忽略遇到的任何警告。
) h" Z* M5 ?0 |. T0 b
6 ^, ?* O6 z0 I启动httpd7 e5 S6 U3 Q0 \1 S! q
systemctl start httpd4 `; E. o, ?+ D3 j/ f$ J
10 [( t8 i0 B7 u- z% r# i8 x7 F
启动ceph-radosgw.target服务 W8 ^& u* ~5 M* S2 V- {
systemctl start ceph-radosgw@radosgw.gateway.service
& x2 H7 B# Q. s( A. H1. P0 w5 q; f( n( ^- O9 g9 J. ^) a
验证
, _! Z/ w$ p- d; a! Mcurl http://ceph01
! r- M+ F# ^+ S1 m! P1 h$ G! E$ w<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 yum.repos.d]#
8 V: ]' U2 r2 D0 b6 [! {1 l1
8 f1 |5 `& y6 }2 c$ X- n! [2
3 C. R$ T0 ]1 w9 a. j或者浏览器输入rgw节点ip) V# o+ ~1 r; r5 n8 b. A) o4 q; ]+ f
正确输出如下4 }- s) k. I d
' [9 K3 N( k1 O+ R* ?1 d r
: A1 M1 q, J2 k
Nginx fastcgi方式配置rgw
5 p7 ]+ E& M: J( K/ V/ i/ y+ x* v添加ceph配置$ ]( ^4 h1 H# U# K( `
给ceph添加一个网关配置,添加如下配置到ceph monitor节点的ceph.conf文件中, 并将该文件移动到RADOS网关节点。确保主机名是RADOS网关的主机名。
( M: a* H N: U [8 B2 [* S& p! K1 E
[client.radosgw.gateway]
! }" m: Q, I# {* M1 Khost=ceph01
# e$ n; c3 ?$ k8 a; dkeyring=/etc/ceph/ceph.client.radosgw.keyring
( c; R0 k; g1 ~3 s% h7 prgw_socket_path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock3 b3 J4 e1 }! h! ]/ w; f
log file=/var/log/ceph/client.radosgw.gateway.log
% D) P, u+ r8 r# U' p" ]$ P; v* E! Rrgw frontends = fastcgi1 W, H" ]# o: J
rgw print continue=false) E n6 v5 S' S/ x4 A, J' @
rgw_content_length_compat = true# K1 P" i- y8 N/ ^
1: a* Y% r" A1 V; H ?; s' P
2, ~2 X7 B$ @! L6 x0 N; e+ F* D
34 d* H0 h. R3 f( |2 c
46 z# d) X6 K( @/ Q+ I
5
+ Z. x+ K o" Z0 V/ a6
; z0 a8 C! R* q. Q0 b' J7* ?% @% b m1 ~
8' N8 f" F' ~8 X) Z! W; N" \
安装nginx+ C+ g# \, i. {* A/ L# R8 o6 |2 O
yum -y install epel-release! V& x2 `. L- u$ k" n N) ^" Q6 ?/ @
yum -y install nginx
) ~1 w- H8 y1 J0 e$ J1( q) z* G2 [2 y
2
, L& ?* G3 t" ~- A# X配置nginx1 Z( e/ u! `1 a- b7 U4 @% K6 r
配置nginx服务,在/etc/nginx/nginx.conf文件的http段下添加如下内容:
/ N! y/ B) G2 Y- i/ f( }5 ^- ?
+ {; d1 d0 g0 O6 @3 W6 p& yhttp {% T# G" G) g5 V
server {: S( c* O) B3 S. n3 {5 |. N# Y
listen 80 default;# x- {5 B# [- z5 R$ m3 C! J6 ?/ A- s- R
server_name {hostname};
) [9 S" ?* N7 Y0 Q, i7 {% E2 c$ n% u location / {6 B7 p: u& A7 D% ?0 f
fastcgi_pass_header Authorization;$ G+ P: y' L/ ^" C/ o
fastcgi_pass_request_headers on;
1 ^, O9 f4 A* c l M fastcgi_param QUERY_STRING $query_string;
: c) d+ D; y8 ] fastcgi_param REQUEST_METHOD $request_method;7 [' A2 L' B5 d. }* @
fastcgi_param CONTENT_LENGTH $content_length;; Z4 c( e y; o+ P: R
fastcgi_param CONTENT_LENGTH $content_length;
7 r4 ~, z3 N9 ~, H) T }( Y
( ]& B2 T& D+ y2 Y$ m8 L* Q6 y* } if ($request_method = PUT) {% X! P5 i1 i+ _7 e
rewrite ^ /PUT$request_uri;. s3 Q8 G9 j/ i% i2 S
}
4 x/ R( h+ K% B& g9 m- y$ X1 h% m* U/ y
include fastcgi_params;
2 ~6 \5 E) B% u/ z fastcgi_pass unix:/var/run/ceph/ceph.radosgw.gateway.sock;
- t- `. l, L! f9 E1 c3 Y, o! ] }; ~; V2 ^/ }5 n* T' e
) A5 {9 N* l/ o location /PUT/ {' q7 I% ?, G5 o
internal;3 a7 K- I1 a3 h, j3 q# E. A
fastcgi_pass_header Authorization;! X2 @5 V: J( b, x( [5 b) ^# L
fastcgi_pass_request_headers on;
7 \4 c5 ~6 }0 A! v4 F$ q' r3 p" u% m$ {
include fastcgi_params;
8 K2 \$ [( w$ ?& x fastcgi_param QUERY_STRING $query_string;. I6 z7 v; _- H$ G3 ]/ P! o
fastcgi_param REQUEST_METHOD $request_method;
8 ^! _, R$ r' ]$ K fastcgi_param CONTENT_LENGTH $content_length;& K% u8 u: w" U M$ s+ D
fastcgi_param CONTENT_TYPE $content_type;
2 U4 T( B( u/ H& T% Z fastcgi_pass unix:/var/run/ceph/ceph.radosgw.gateway.sock;* \0 ]" r3 t' x2 F0 @9 p
}' `1 v6 J6 l6 o& b$ B+ i
}
) G; N* G" i* W6 o3 [2 W* d \& T3 D$ L" V. ]+ d
, t4 ^* G% @4 c8 C! c4 g
注意: fastcgi_pass 指向的路径需要与ceph.conf中配置的路径一致。
+ @5 L# n0 F* ?8 ^修改nginx启动用户
+ q& c* u$ k% I# w& Y% e( m* l1 y编辑/etc/nginx/nginx.conf文件,修改user为root
5 _; A) q+ s$ A8 g
- n3 R2 z, `0 E3 M! O( iuser root;! C+ ~3 p7 B6 O9 a/ u
# A1 }" {, E2 ~. w8 t' c0 m启动nginx9 u3 [4 @" J' w+ j+ d9 @* r6 I
systemctl start nginx6 ^, w- w" e% V& p
) d3 B( {7 `- U" t3 Wcat /var/log/nginx/error.log; W; }3 L; {! }3 @5 J& y9 O
2020/11/03 15:19:09 [crit] 26789#0: *23 connect() to unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.229.114, server: ceph01, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock:", host: "ceph01"
) j' j p( L5 E+ l8 c. |, D- q2 H7 n6 e+ q& m" \0 o( A
验证/ I6 W: l+ m P6 _2 h; j0 j, Y/ i
curl http://ceph01/ V# q0 ~4 j6 p, P) Y
<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 yum.repos.d]# 1 j0 x2 o8 a! U
f& `% r! o) _7 H6 D. E* x+ k4 e& l或者浏览器输入rgw节点ip$ y B' x2 N8 p7 I
正确输出如下
2 e3 j, `% l" G! o
3 C" m7 |( G& q: c. |
9 o' {* N3 f8 z; k( C0 J. q报错
4 R# _) g/ ? e. X* C: N配置nginx fastcgi rgw时候权限错误
8 i6 \2 @2 h& B5 ^" C3 y; _curl http://ceph01
; k1 g: P6 d9 u; T A<html>
( p( e ]3 q, \* u<head><title>502 Bad Gateway</title></head>
' ?8 v& A b V<body>, {* d( t1 r: N9 G) d; E: N
<center><h1>502 Bad Gateway</h1></center>3 M0 z4 Y, @1 t. a% [
<hr><center>nginx/1.16.1</center>( i$ O2 s# s" n' j" X; O, T
</body>0 F# L( I) W+ g+ E8 n' B4 ?
</html>4 w5 y" U+ F& p( L* S/ M
) K' A4 p+ T1 `4 znginx错误日志( ?1 H# k: s- J' [
* F1 V. \! t5 C7 X; A2020/11/03 15:19:09 [crit] 26789#0: *23 connect() to unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.229.114, server: ceph01, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock:", host: "ceph01"$ h T3 Z" e4 ~" `) n" H1 ?
9 J8 U- |" c6 z/ ?+ p `
解决- ` w% C& [( k& f" A- u
修改nginx启动用户
7 V* R$ I; R9 z编辑/etc/nginx/nginx.conf文件,修改user为root
8 y' N# z+ m; n" b& u
7 l; u2 [ o6 E: G5 ?) Nuser root;/ [0 C) M+ k6 i) v
5 G! z6 W5 K6 Y' U' n
& f0 C( `/ \7 ~( S6 W- a
重载nginx配置% Q. }) c& Z: q$ e2 o2 j
" l" O! ]: X! x* j, W- wnginx -s reload
+ \$ Q' _% o' E P& Z- s) s( c# |$ q5 u P
apache fastcgi配置rgw(方法2复杂)报错
8 B6 l* k+ F" b& w0 h" kcurl http://ceph01, N3 a' Z1 a7 o2 s8 K# G8 A6 T
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
( A; T6 B7 l- U! V" H! e1 b* j- V+ }) n+ C<html><head>7 ?9 k! d9 j- Y- F6 U& F
<title>500 Internal Server Error</title>
0 T' W0 z2 A8 }</head><body>
3 [" x! r% h; u7 ^<h1>Internal Server Error</h1>) R- D$ t3 Q) l; f2 R
<p>The server encountered an internal error or5 u) B8 A2 v9 K- T
misconfiguration and was unable to complete1 `; e/ p8 l4 \: { M: g$ g. x% B
your request.</p>
- M2 a6 I& i- u* F, g1 |<p>Please contact the server administrator at
5 j- e, e8 u5 z d# R zhanghao@ceicloud.com to inform them of the time this error occurred,! U2 F. K3 ?& h- I4 W' u
and the actions you performed just before this error.</p>! c4 O4 l5 ~' A" m
<p>More information about this error may be available
3 k+ J3 g$ u. Z* B" k6 \in the server error log.</p>- s2 g. s+ j' p; T2 C: v
</body></html>7 ?( J u: R I0 t) `% ^& u
2 V6 y g7 ^# s" S# }
6 [( y6 T. Q4 N: C. _5 Z2 Y[Tue Nov 03 15:31:06.955924 2020] [:error] [pid 28243] (13)Permission denied: [client 192.168.229.114:36712] FastCGI: failed to connect to server "/var/www/html/s3gw.fcgi": connect() failed+ t% j7 u' N% m& X% [% m
[Tue Nov 03 15:31:06.956045 2020] [:error] [pid 28243] [client 192.168.229.114:36712] FastCGI: incomplete headers (0 bytes) received from server "/var/www/html/s3gw.fcgi"
/ u$ A4 R6 I0 r( ~2 Z' c
5 p/ M9 |/ B9 b1 s4 m3 t, e
K9 \. b! E% [授权/ G. z: [7 V' L5 F: X! P
( Z: e8 X+ _( j! r: p8 T
chmod 777 -R /var/run/ceph/
! g9 ?" D4 l* \7 B. w! N
3 p" C# M% w2 G8 z换了报错,但还是权限的问题+ K1 u! H9 y% R7 e3 p5 o
) I1 Y. k( x$ e% `1 g5 t n
[Tue Nov 03 15:39:19.598498 2020] [:error] [pid 29128] (111)Connection refused: [client 192.168.229.114:36768] FastCGI: failed to connect to server "/var/www/html/s3gw.fcgi": connect() failed8 u$ m: q- b$ n' Q( I7 l- O8 F9 X
[Tue Nov 03 15:39:19.598595 2020] [:error] [pid 29128] [client 192.168.229.114:36768] FastCGI: incomplete headers (0 bytes) received from server "/var/www/html/s3gw.fcgi"
4 N2 _/ h' o |! ]( `$ @ l
9 O) b: ?& k* }) Z: `3 } O8 E5 R4 ?* g. R2 P
检查httpd的启动用户,发现启动用户不一致9 F4 e6 E! f$ S
`3 J$ C: P' e[root@ceph01 yum.repos.d]# ps -ef|grep httpd9 v0 k) N* {. Q2 y2 V4 ~+ W
root 29125 1 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
7 d# ]8 H% P& Wapache 29127 29125 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND) Q, r. u$ P. D7 e+ W5 g4 F7 W
apache 29128 29125 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
# [/ n- p `6 @. U' napache 29129 29125 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND+ z' }9 R& ]4 K$ m# s
apache 29130 29125 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
. Y5 o) ]! J* a6 b4 g japache 29131 29125 0 15:38 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
8 B' h7 v. |9 |/ c/ O# W% Froot 29414 12349 0 15:43 pts/3 00:00:00 grep --color=auto httpd
+ U w7 }% u! {% M( [ W a
' u. K+ |4 x; _% V解决:6 f/ Y$ }7 ]+ l6 n8 n3 e& v
用root用户启动nginx
* q) ?5 r- O6 ~/ `具体方法百度,但不是只改配置文件User Group那么简单。
% d. f, j0 @& \9 L. }! m1 F2 ~! r; p% b [$ o% r2 D
创建rados网关用户' Q5 P3 c% V4 c4 A( l
要访问对象存储,需要为RADOS网关创建用户。这些用户的账户将由访问权限以及密钥标识,客户端可以使用这些账户来执行ceph对象存储操作。
' X( a5 I" }8 W0 ]) L% B
T t* e7 t k# n7 @# `& j复制ceph密钥
% a. X7 j7 X8 |从monitor节点复制admin的密钥到rados的网关节点2 R8 L1 l8 W( M6 M
" U. Y: P5 s; ^" ~scp /etc/ceph/ceph.client.admin.keyring RADOS网关节点ip:/etc/ceph/
. ?2 V1 J0 J }0 ?
5 _5 Q. V( h8 ?* G7 M从rados网关节点执行命令确定集群可达
; f d5 C, P) H; Fceph -s0 |1 Y9 J3 h' y; H9 c
2 ~2 S$ X! P6 z* R/ \/ V' W创建rados网关用户
\ W7 B Z; Y' Z) {这是会生成该用户的access_key和secret_key,这两个密钥用于访问ceph对象存储。
& F: z/ d; M9 c; M
1 W" v! _7 ^. F! i# pradosgw-admin user create --uid=mona --display-name='Monika Singh' --email=mona@example.com1 e2 j) @8 J) L' P6 Q
输出. O: |5 A7 T8 A, W6 N6 A0 H
{! b" ~' t ?9 C7 K$ L- s1 b2 k
"user_id": "mona",
+ W+ G; U4 g6 c; U3 z# H "display_name": "Monika Singh",) ~" \3 ?, }; B
"email": "mona@example.com",
0 [' I. E7 f' S/ _8 a "suspended": 0,1 n6 f1 d. M+ D4 G0 ` {
"max_buckets": 1000, @6 B; b4 C1 r
"auid": 0,. H: W: G; e: M$ [3 q! w
"subusers": [],
( A" Z- k6 Y# U, T+ V. W "keys": [( V n! W2 q5 t2 w; @$ k0 n0 |
{! r: z+ K: m: n+ Z
"user": "mona",
1 K2 X" _; J) y& t% ^ "access_key": "JDRTJS0766NOL89YXR8X",! T7 Z, ^" W, J) E4 v
"secret_key": "Sg6QTkXMs79epxSUEvwFmjVNWgqvWI2Jkll4KiNQ"6 Q" T Q1 I( u4 _
}
B. W8 j/ J$ @! R# H( k* K: F6 E ],; H7 _* s2 S% V2 L# H% Q8 D
"swift_keys": [],
0 f5 U: H" r# f5 H "caps": [],) O* x/ D5 P5 ^/ @& v" B0 h P& d
"op_mask": "read, write, delete",
* q( x% @% ~/ C6 C$ m9 o1 K "default_placement": "",
4 q. A6 }1 p$ @% f9 ^) o "placement_tags": [],
7 M7 g3 v' I5 T: d5 B% x "bucket_quota": {
( D6 d7 b& V! M, Q7 T "enabled": false,9 n. j7 K% W! k
"max_size_kb": -1,
2 M4 r5 t7 A, d& j "max_objects": -1) X% x+ I, l, t) B ?, X
},8 J9 l) `3 o+ p! {) i! ?( {. u
"user_quota": {9 o9 a3 N7 {; K8 r
"enabled": false," F# _. t4 y8 v
"max_size_kb": -1,
$ a" B5 @5 R- a" i7 Z: F# R( v: h "max_objects": -13 W0 q( H% S7 O& M+ L4 {
},
' \' Q; N' A2 ^+ e: P+ D* c "temp_url_keys": []3 E+ T! y! ^: L" ?# H2 A$ ^
}1 B* K& L$ m5 X0 n! W+ \
' w2 E. w( k% [/ i$ f1 h# I说明:执行这条命令之后会自动创建存储池,创建的存储池如下
+ A p, r" w, J$ N' _
3 d" D% [0 h8 j7 y" L9 H. L6 k" vceph osd pool ls) A9 Y( I& f' m, y p
.rgw.root) O, s" W9 l: N0 d1 P$ b( n
default.rgw.control: {3 e1 O& N0 {0 F$ x9 M
default.rgw.data.root
" ~, I1 u0 C$ R+ J! {default.rgw.gc
! ]% m6 g8 G9 f) H+ T' p9 h' cdefault.rgw.log3 L. z' X) J0 B* y
default.rgw.users.uid
9 g4 u3 i4 Y! Ndefault.rgw.users.email
p( k- \5 A( o. A6 adefault.rgw.users.keys
8 m' Z7 b% I3 A7 [! Z' h( u7 N# e) W: { e
创建一个mano的子用户用于swift访问3 |- f: y# a- N- m5 L$ V; F$ X
radosgw-admin subuser create --uid=mona --subuser=mona:swift --access=full --secret=secretkey --key-type=swift
) g. j7 }1 g# D# H! Y2 x2 E{! @ u( e6 y7 ?& O
"user_id": "mona",9 y4 ^+ \) J$ Q; E1 Y, o
"display_name": "Monika Singh",
+ D# w! h3 M5 i8 u "email": "mona@example.com",
& @, \5 V& M+ O "suspended": 0,
9 D$ m. c0 B# w) i3 f9 U. N "max_buckets": 1000,& H+ Y8 {# U. e
"auid": 0,
+ h; P9 `. m' ^ "subusers": [: i1 G# V! N) `# F! g
{
9 D2 g* C8 k& E+ a { "id": "mona:swift",* |3 a3 {8 B3 I( H, a, E2 Q) H0 l; {; N
"permissions": "full-control"% m% Q/ W- \; b& y" Y9 V p: a
}
- u1 R. D% ^3 O) i ],# T& Y2 J. U- N) n1 t
"keys": [
/ G( K! ~4 _- C6 P8 x9 C {
' v; A3 s$ [% t9 k0 G "user": "mona",
1 M5 `0 ^) k3 m# l "access_key": "JDRTJS0766NOL89YXR8X",# f3 y- M1 K$ H) ?0 C
"secret_key": "Sg6QTkXMs79epxSUEvwFmjVNWgqvWI2Jkll4KiNQ"# ]- d1 m1 N% D- v
}
1 ` O, D7 U( t. _* Q ],
! I+ `" Z- H) f9 l "swift_keys": [
. ]; X" f: o# i1 D {' n8 L. a1 _7 T8 _/ K# l
"user": "mona:swift",
t) P9 ]9 T; R, l6 K "secret_key": "secretkey"" G5 j5 Y# |/ w% r1 k# Q1 @, _
}7 Q% w1 W6 z! [; i, ]0 V* }
],) Q& K( F$ J( ]. A* C
"caps": [( T/ I* {' [2 g6 y4 D& c
{
9 i1 R, m- y ^ J, o' ]6 v "type": "buckets",
& J: s$ S% m& {4 o "perm": "*"
" d( W% M" y$ x6 ?+ o% ] },
: ]& a+ G- v7 J2 D {
) ~( ]+ t& n$ _" Y "type": "metadata",/ Y8 \- G( s% @
"perm": "*"
+ H1 ]: y4 A9 ~! b: _" C },
& q) O/ g- e$ |7 [ {
2 [: h( c1 d' _& e; \5 \$ w "type": "users",) K: _; X& C8 h E) m" W
"perm": "*"* \8 o ?1 ?1 z1 T3 L
},, W8 n* j. ]6 E: r6 y; p# f
{# Y! P9 q$ D2 y4 k" k& }
"type": "zone",
+ e6 K0 }1 O7 N3 x "perm": "*"1 y' w7 j6 \7 @8 a5 _. a
}6 [) v& P: f/ j3 t1 C @
],. c1 a, h" i+ Z+ C, a) v
"op_mask": "read, write, delete",
, X9 t+ V0 z5 [0 B) g "default_placement": "",
1 {* N h0 N& m1 A5 v "placement_tags": [],& q- T- n+ X1 u/ J
"bucket_quota": {9 N1 ^, c9 I: Q4 r4 e
"enabled": false,
* Z2 \. I" P6 \" i& } "max_size_kb": -1,
, t& k4 [: E- s# g! } "max_objects": -12 K a" K5 T2 w a6 w% I
},
' T: F& F/ w/ T/ \" a3 k3 o "user_quota": {
0 }, @! V! ~' ^. A0 U. O "enabled": false,
' q1 e5 c/ n5 k' f "max_size_kb": -1,/ N1 r: r; r' j
"max_objects": -1
b% c2 g3 l; }3 @6 x t },7 q* p& h" Y+ A6 I% a8 R
"temp_url_keys": []% M$ B$ h8 @3 w1 R1 ^; z ]# ?3 q& W
}
. Y* o! |6 l5 @+ m2 _" o0 R7 o2 J6 C# Z& \7 b! A; f; a0 S9 I' D
为访问用户增加必要的能力
: |1 P) E% ^' }/ t0 v& E4 Pradosgw-admin caps add --uid=mona --caps='zone=*'& I( R9 g& \; q+ w+ m
输出
( j" I- M Y1 E A, v" y{( R; F* e6 D* B+ f0 q4 S' Q8 Z" _! V
"user_id": "mona",; [4 T! M* x9 w" l; c& {
"display_name": "Monika Singh",& m0 t8 J& R' F! O5 n
"email": "mona@example.com",
2 M% Z, K; l2 U "suspended": 0,9 g$ ?2 r B. Q2 L9 O# D3 R
"max_buckets": 1000,
$ |) {9 W$ ]1 a) B7 W5 q "auid": 0,& E ~* z+ n ^/ A* J0 W- ], I
"subusers": [],+ }2 f$ U i8 Y# H- @9 }( B
"keys": [
6 x6 }0 J+ W9 [0 d1 f {
& X9 J; _8 E9 m8 u9 { "user": "mona",
4 @$ ?* F. [6 | e "access_key": "JDRTJS0766NOL89YXR8X",# d% Y1 y `/ w
"secret_key": "Sg6QTkXMs79epxSUEvwFmjVNWgqvWI2Jkll4KiNQ" T+ \$ F/ M, z) y. W% z
}
! \5 t6 G& \0 X( _ ],
- m6 r* Z" ]7 l: Q. r( [) g "swift_keys": [],( d* A; Y9 y0 u+ ~5 n6 p8 }7 Q
"caps": [, W, x1 I [# o% w. v, ?
{# O Q. w, S8 ]" {: w! e; l
"type": "zone",( [, g& ]# o) A: y: R
"perm": "*"$ F4 b+ o* A6 T" v+ P1 @
}# o+ ^% J2 R# @
],
5 }; C( [- {9 z# {: L& @ "op_mask": "read, write, delete"," V e! W4 L" a {; q1 F4 H, T% v
"default_placement": "",% a* A# ^, V: Q. T3 I
"placement_tags": [],4 R+ u- o: ]' X/ Y: q
"bucket_quota": {' h' R& j# Z/ i
"enabled": false,
! M& H! x& |* a. G3 w "max_size_kb": -1,
+ a+ ?6 a# U& W6 }9 ~ "max_objects": -1# ]8 u% O; F! F4 B, F: x# j
},
3 t* M+ f$ n- e2 h( _ "user_quota": {) q9 E5 J1 N, B5 O) Y# x: f
"enabled": false,8 C1 j2 n7 J; Q- h0 ?
"max_size_kb": -1,& S5 z3 Z a) p) X1 \# l
"max_objects": -1
; B6 C& A/ ~7 N- E2 \/ A, r },
" X4 d; P7 i3 x& q7 m$ ^3 x$ ^ "temp_url_keys": []
_4 `/ R$ ]" S, S, C& x' P}8 n& r# R6 o( J h- l
+ i9 u5 B, R; B) u' m- c
! q5 e: r9 I) o' A1 W- B访问对象存储(IP方式访问)' t! z6 |. R' N7 E8 j+ [
S3 API访问
5 H3 B8 f1 r3 s客户端安装s3cmd
6 ~" d5 A V! Kyum -y install s3cmd
- Z7 C1 I0 z# {8 o, U2 t$ X2 ?# M4 m+ a# I, z9 j( D6 o) h
生成s3.cfg配置文件0 ?7 U' m. i- K: G* _, u
s3cmd --configure' g& y# Q4 L& A% y) @
5 ]% q+ P% q/ |7 B# q% TEnter new values or accept defaults in brackets with Enter. p! R: A6 z; |) i d
Refer to user manual for detailed description of all options.
: H- P5 ?/ S0 q1 }0 W2 R% ^- M
% m* h3 F! S2 u6 N/ g$ U/ D' [Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.1 @# }4 U, G, E! K1 P
Access Key: 1F0D2GRLPRU9ENSB689J # 粘贴服务端生成的Access Key" _$ y7 l0 R7 [7 g, K
Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4 # 粘贴服务端生成的Secret Key
4 i% H8 e z" c# c/ F5 h: A) @Default Region [US]: # 直接回车即可9 Y( z& e7 l; j2 |/ G3 a3 }6 K
- n8 Y# ^. G4 ZUse "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.
- Q( B4 |0 [5 Y6 F0 ?( R# G. yS3 Endpoint [s3.amazonaws.com]: 192.168.229.114 # 输入对象存储的IP地址
) b# T7 t. j/ V! @: Y2 k \* [5 L3 ]8 t6 y
Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used( Z) Y0 j$ Y, Y! q+ ~6 o6 V
if the target S3 system supports dns based buckets.
& U$ T2 @2 k0 wDNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket).192.168.229.114 # 输入对象存储的bucket地址- `1 M) P! h8 Q1 b4 y) {8 B
# X( b7 V/ Y" ]5 ^$ r: Y/ MEncryption password is used to protect your files from reading
: Q/ X) v3 m! Y" w3 @5 Gby unauthorized persons while in transfer to S3
" u, g/ [1 G7 }1 m% n! o% AEncryption password: # 空密码回车
( e( b! Z: S" L0 a! O" C1 g. OPath to GPG program [/usr/bin/gpg]: # 回车6 N7 d' ?4 B7 r( Y4 Y
0 ^3 h( j1 S1 K% L
When using secure HTTPS protocol all communication with Amazon S3
6 k; M) l* P/ d8 @2 P# e0 H3 @servers is protected from 3rd party eavesdropping. This method is
" w b# g& O/ i! o5 cslower than plain HTTP, and can only be proxied with Python 2.7 or newer i; v0 q* M% z: |0 t0 j: Q
Use HTTPS protocol [Yes]: No # 是否使用https,选no
+ Q( d3 j x u; |2 f3 B' p7 q, `) |( n+ |
On some networks all internet access must go through a HTTP proxy.
, M: Z3 R) w- }7 q6 FTry setting it here if you can't connect to S3 directly2 T0 t% O \/ N9 @# D
HTTP Proxy server name: # 留空回车
; c" n% S* d4 g) C
& n5 s9 J5 L/ TNew settings:
! ]1 e0 n5 h, x Access Key: 1F0D2GRLPRU9ENSB689J) b, V8 w: l5 {8 C! [$ S
Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4
& `- o- }; M$ d6 c ~2 K Default Region: US4 C6 r4 t1 ~9 N+ T" e! T
S3 Endpoint: 192.168.229.114 L; Z) m; y" o% y% O+ n8 B
DNS-style bucket+hostname:port template for accessing a bucket: %(bucket).192.168.229.114* \4 g2 b4 U! u8 Z
Encryption password:
% ?, n( D# e, P" s4 R Path to GPG program: /usr/bin/gpg
; j8 l, Y: ]" C4 k$ P# U2 _, U& g Use HTTPS protocol: False/ {( s5 b& k5 W* E
HTTP Proxy server name:
8 [3 `4 \- |2 u& {5 u HTTP Proxy server port: 0+ ]& [- l0 L3 {! N8 Q
9 F4 p ^2 y. N& \7 {% Q6 z
Test access with supplied credentials? [Y/n] n #输入n
/ m6 ~2 l6 k, j( d1 z( Z/ z
9 t3 a+ j% `; YSave settings? [y/N] y # y 要保存配置文件
2 [$ H; [! _+ \( CConfiguration saved to '/root/.s3cfg' # 最后配置文件保存的位置/root.s3cfg
& P4 m- c. }! m' P$ E% x% T6 O, A7 ~0 W* V& B" E
6 U" c& {5 p3 A生成的s3.cfg配置文件内容如下
* q1 E" F7 U. [, p: F/ Jcat /root/.s3cfg 9 l* K0 o6 }2 c
[default]
u8 |' w6 t; \access_key = 1F0D2GRLPRU9ENSB689J! x! Y& K. y$ a$ ]. ?
access_token = " K$ z0 {% o" K( W
add_encoding_exts =
' e! R Q* H8 v4 z$ ]9 K: S4 nadd_headers = 7 A' K# U" V) ]- X* j% A
bucket_location = US
- k7 K, s( Y# S) @9 E& W) K0 M6 ^; Aca_certs_file =
\! c. G# n( d; m; e, ^* `" ncache_file =
6 `5 r: d+ X" E# a2 R- I3 s5 ccheck_ssl_certificate = True+ O7 z9 s ]- F1 t8 m4 f. D) t
check_ssl_hostname = True
) }' R/ U( G B; ^- J: e! p5 ccloudfront_host = cloudfront.amazonaws.com* } t1 O; ]0 d7 p
connection_pooling = True! ?( U* D+ h$ l6 a6 x% Z
content_disposition = & R& _8 s8 F. ?& H9 R1 ]1 u
content_type = ( ^3 b% [1 y$ }# m( ?3 C
default_mime_type = binary/octet-stream' i3 S0 z' t* ^- V' \4 _3 W2 S
delay_updates = False
, U1 \% p0 ~) s: R' ldelete_after = False
6 f3 T" h3 ^, ?2 q4 O* J/ u1 Edelete_after_fetch = False
+ \0 P2 |0 n0 U A& p5 ?9 F3 Y5 ]delete_removed = False
4 q) Z, t0 L4 l; r, s- tdry_run = False, Q$ `1 J6 a' ^5 |
enable_multipart = True7 ~# \+ ]" r2 b+ j7 x5 |$ P" b
encrypt = False
$ ?* S6 W v! b8 j5 k' Cexpiry_date =
, n& N \- ?4 ?/ Y, Jexpiry_days = % W' y7 A( b" t! \9 R; d
expiry_prefix =
8 M2 @" ^! V7 x9 s) ]follow_symlinks = False6 c/ P( Q$ y' _# P
force = False, u3 t' F4 Z! s& F: {( x
get_continue = False
0 c: s1 l2 P+ e) u4 \% O& T+ Mgpg_command = /usr/bin/gpg
; D% b3 ~6 V( l4 [0 _9 @gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s6 I1 B2 m* F/ K/ y4 {% L
gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
/ E4 h5 {: n- p: N$ Qgpg_passphrase =
7 |/ c0 a" E7 f; B Y7 nguess_mime_type = True
: K- J1 H( D8 t3 Nhost_base = 192.168.229.114
# h% s6 q" D7 ~, y6 v2 t0 x! ohost_bucket = %(bucket).192.168.229.1149 F$ u7 n7 G) A t& R( _
human_readable_sizes = False+ Y$ y+ X3 P6 ]: k4 c6 _
invalidate_default_index_on_cf = False5 M. g# f0 E- ]+ z. G
invalidate_default_index_root_on_cf = True" v1 B$ f# S7 r+ `( V- B Q
invalidate_on_cf = False
! R6 D+ R9 [4 F2 i# Lkms_key = ; v8 m4 f9 B9 | @* P! h
limit = -13 x7 H! G6 B2 o' Q1 z6 L1 _/ t
limitrate = 0/ |2 ]. x9 C. i* t
list_md5 = False
; x4 @- ^3 G7 E4 G7 blog_target_prefix = % }. w+ v" P+ S- T& O4 b
long_listing = False
. ?* M# Q1 U7 |0 bmax_delete = -1: R" ~/ N# m+ g2 W* Y
mime_type =
$ j! s$ K9 V4 c: W) jmultipart_chunk_size_mb = 15
' D. N2 R+ E {! v$ F) G3 k8 J" m% Emultipart_max_chunks = 10000
6 M$ m F* H k- ipreserve_attrs = True
- w% m) _4 t5 Q* j mprogress_meter = True
* g$ q* H; F4 v% Hproxy_host =
+ X1 \' `, v% i1 Wproxy_port = 0
, H+ }7 a x7 g! ~; v9 X8 g7 Ppublic_url_use_https = False
5 A+ Q$ D5 G6 w" T4 H, Oput_continue = False: b D. E+ c4 X& H: t
recursive = False7 N' y7 c( t6 o' s5 G
recv_chunk = 65536
- q' Y& z+ o0 g' Creduced_redundancy = False
5 o4 ^& ?9 ]8 ?+ ?7 P1 U9 rrequester_pays = False$ X* A6 e& l4 ^* d
restore_days = 1' U; O+ B* i* {% m
restore_priority = Standard
1 L4 Q9 t$ N/ R- C5 e5 H: ^secret_key = M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4
5 u* i6 \5 R# Y+ N$ T1 d5 Vsend_chunk = 65536/ P9 f$ K: t5 M% E+ l* h- C* O
server_side_encryption = False/ E# v. c0 ]3 K- L
signature_v2 = False6 c/ O1 I4 r/ @; C% @, J2 }4 ?
signurl_use_https = False! d9 ^. m7 W: I0 x# }( ~! T
simpledb_host = sdb.amazonaws.com
. @" |0 ~1 J) a1 M4 Q, ^: s4 Cskip_existing = False
, c3 O3 E2 S. O+ r" ksocket_timeout = 300$ H; b' j, `5 E4 C4 g
stats = False' {9 t1 q2 G% Q& R% ?8 A
stop_on_error = False( z( k6 T H2 d% Y1 ]
storage_class =
. ^! ~$ b& b: U `8 K4 h! D( s$ Fthrottle_max = 1007 B& g5 _ y5 B2 N% G
upload_id =
- H a4 B- u% H! T1 y5 Zurlencoding_mode = normal% I. G5 ~) v) [4 d2 L, j% L
use_http_expect = False
; p# W7 Q `" k# xuse_https = False
g8 m2 C6 j$ R- _* {6 xuse_mime_magic = True& j6 d! Z, C" I* ^" i
verbosity = WARNING k, k" u$ T1 G" ?( G$ A! V
website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
H6 ?1 j) l5 lwebsite_error = 2 `' K2 d. b* f9 q( w
website_index = index.html
u2 ~3 B5 u; {+ j Y1 W* g Q! i1 K E. x( e# g
创建桶! h8 y9 m& p* \8 `% n1 x' ?
s3cmd mb s3://buck11 l! L# h% I, c+ }* w3 J
输出
0 S1 {% m& z+ g) N" lBucket 's3://buck1/' created) V$ ?' Y3 k0 z5 V
0 j1 r8 ]6 P- O+ w* M( x- O+ Qs3cmd mb s3://my-bucket
. t ]( f- {. H) F( }8 M输出3 _* D9 ^! `+ F6 @
Bucket 's3://my-bucket/' created
0 F8 x3 f9 \+ G( e% R. [$ }3 J) U0 s5 d5 G7 i/ Q: z0 R. B C
3 I7 o8 l4 w* s! w( c查看桶; ?/ ?# W" O {7 k9 _9 h2 ?
s3cmd ls" \' G. c- b) A0 z' s: ?$ A
输出8 J8 ]9 B. D2 z3 }2 C
2020-11-04 02:43 s3://buck1, T# E+ m3 y a! e9 P% o1 _
2020-11-04 02:30 s3://my-bucket2 W! L( [: D5 D& e6 U! R& r9 g
4 s T) l! H- `6 l$ L往桶中传数据
1 k1 b; w$ d% u% @' ], n Qs3cmd put /etc/hosts s3://buck19 g: W+ \, [" g: Z/ u) l* _+ \( h
输出
) ^. H+ H% ]; s' n1 zupload: '/etc/hosts' -> 's3://buck1/hosts' [1 of 1]
4 \' U; k9 |( |5 N9 G( ` 304 of 304 100% in 3s 92.11 B/s done8 u3 p3 w& _- L* ^6 O
, N/ |" {( ^( Mswift访问( Y/ D6 m! d8 X8 V( ^
客户端安装swift客户端
- I' f3 Z" J$ R1 c) ?; A/ tyum -y install python-setuptools! y6 t0 D9 @. C6 ^: P
yum -y install python-pip
2 `, ~) b9 t" epip install --upgrade pip -i https://mirrors.aliyun.com/pypi/simple
" F/ Y+ z' S3 [' }; ]pip install --upgrade setuptools -i https://mirrors.aliyun.com/pypi/simple+ d- z. T8 y0 D9 T5 D8 N L$ ]
pip install python-swiftclient -i https://mirrors.aliyun.com/pypi/simple
" w! k) O, k& ?% H) a& c" i% A- g* U
/ N) K9 q8 y6 Z& m9 ? n9 g3 q6 lswift创建并查看桶
* O- {1 \' ]( D3 v, q! F- ]2 B* X( fswift -V 1.0 -A http://192.168.229.114/auth -U mona:swift -K secretkey post swift-buck- Z/ o3 R0 m, \: ?( ?- I
swift -V 1.0 -A http://192.168.229.114/auth -U mona:swift -K secretkey list
8 y, z* [7 d4 x1 ]' X0 ]" b C- {输出
o7 s/ g: J4 t6 Pbuck1
( C5 ]( V8 _! c8 s0 B* m; amy-bucket
8 A; ]7 i+ G+ \8 ?) N6 Wswift-buck( ]7 @' ]/ o5 ]3 z7 J: F, v
" ]: O( t" r: x+ K1 K+ T访问对象存储(DNS方式访问). w0 C4 K" N) R) n S3 N a
ceph对象存储支持S3和swift兼容的API。为了利用ceph对象存储的能力,我们需要配置S3或者swift接口。接下来我们依次为这两种接口做一个基本配置。高级配置请查阅它们各自的文档。
! s& U; z+ T/ W' F, q- C q, i& x3 s6 G9 Z$ S+ k
S3 API访问
1 v0 g/ A# j* J w, Y4 s% vAmazon的简单存储服务(S3)通过Web接口(例如REST)为用户提供存储服务。ceph通过RESTful API兼容S3。S3客户端应用程序能够通过access和密钥来访问ceph对象存储。下面我们来配置它,除非特别指明,否则以下命令都在ceph-rgw节点上执行。
9 ^4 h0 f; c* H% H& zradosgw用户应该有足够的能力来处理S3请求。为radosgw用户(ID为mona)增加必要的能力。8 S# a d5 C* h0 z. f/ _; \) F- I
5 [1 I# n' D4 ^# v( a7 l安装dns服务/ [! ~+ M: z- e: [
yum -y install bind* -y
1 b9 Q$ q$ G/ @, t7 V# `
7 L) z3 U+ c T' B. p7 r配置dns服务
; o8 q# m. Q( R# n3 wcat /etc/named.conf
, f/ P4 c @. x; soptions {
, p6 q* ^6 s' I listen-on port 53 { 127.0.0.1;192.168.229.114; };3 H% a* p7 q5 ^8 O
listen-on-v6 port 53 { ::1; };$ g6 _" y/ h4 v3 W% n8 ^2 O& p
directory "/var/named";! D, r% u. {6 _! K: e& |
dump-file "/var/named/data/cache_dump.db";5 t. C! ?8 _& [/ E/ S( }
statistics-file "/var/named/data/named_stats.txt";
j& L. P9 o) Q2 \ memstatistics-file "/var/named/data/named_mem_stats.txt";
( U, T1 ^5 I% A* o6 y. \# p recursing-file "/var/named/data/named.recursing";3 h4 @( Z, ?* {7 Y0 y( H3 J
secroots-file "/var/named/data/named.secroots";
7 c; B' W, _7 Y% n allow-query { localhost;192.168.0.0/16; };
' n# {: G$ a& T( b: ~ Y$ W4 g3 b, x
zone "objectstore.com" IN {
B! N- K8 v3 Z4 S type master;
' }+ H8 m' p% P" k0 x% ^ file "db.objectstore.com";
( E3 [% f9 i T) ?, T' t) ~ allow-update {none;};' S `+ [' v% M
};" S: \( r# I/ \' Z" c& s( @
@6 i- _. J' l4 [! m
说明:ip地址根据实际情况更改。7 T! B9 i3 \# I
8 I0 r: d1 `8 z8 \cat >/var/named/db.objectstore.com <<EOF
, l- z$ Y; l# y7 g& q@ 86400 IN SOA objectstore.com. root.objectstore.com. (8 u5 } b$ i* B$ v
20091028 ; serial yyyy-mm-dd% g" O w3 ^4 w" e, I
10800 ; serial every 15 min% p9 U1 d( M! q6 ~
3600 ; serial every hour
( w$ v8 ^% c" |4 m3 N& r 3600000 ; expire after 1 month +
. o: M& s% j; o4 u( ?9 U7 D! P 86400) ; min ttl of 1 day
% q* ?1 n1 f4 q* b- R, E- _! D@ 86400 IN NS objectstore.com./ S/ B) W$ m% t7 ?
@ 86400 IN A 192.168.229.114
' j0 j) u4 ?0 p4 V$ J) R* 86400 IN CNAME @% Z% m8 p" t/ E4 i, e! v
EOF
/ m7 o1 w3 u3 E4 d5 E# [2 R" M
5 y- I1 z) D. ~. T: y! m编辑/etc/resolv.conf文件
% R' ]1 k6 z+ s( O5 y f- k, K) [cat /etc/resolv.conf' x! J# M; o2 d' M* Y$ _* o
# Generated by NetworkManager
( M4 s$ l, r# H$ p3 dnameserver 114.114.114.114
- R( U9 V3 c( U! ~% I& A& Dsearch objectstore.com' r5 P6 r# P1 s- w9 ^- q* H; T$ L
nameserver 192.168.229.114
1 A! p) o: S" X7 H) I4 e5 \0 r' Y v2 d) C
2 c& N. {$ T# |; G检查配置
1 X9 s0 A4 t# b" n& jnamed-checkconf /etc/named.conf" E: b( s/ g i/ {
1# M: a, k7 G$ S
named-checkzone objectstore.com /var/named/db.objectstore.com ) G+ f; h1 n' P
正确输出, r. h7 U) a0 r/ k1 b! ^. ^
zone objectstore.com/IN: loaded serial 20091028 q) K% i( h t0 w+ n$ \7 |. V
OK; J D/ W2 E6 m% e0 `! f! u: d
4 m. O/ }& e& Q G
启动dns服务
+ a, g1 B7 J. r" g6 e2 ^4 Y, l4 ?systemctl start named. N8 G; n/ j8 f
, Y9 W# q0 @6 t" I测试dns配置; U4 q9 X+ a3 E* Q$ @5 l
dig ceph01.objectstore.com
0 Z# J7 H0 B( [' f: S: p. pnslookup ceph01.objectstore.com8 R% J& X' w9 u/ |3 s' {
: M5 M% K7 J/ z+ ~( j Z
+ `! `9 u: B+ t) k8 M1 `在客户端的/etc/resolv.conf文件增加配置$ P' T# I/ ~. C. k/ ?" ~! e
cat /etc/resolv.conf8 c) I. |. c/ |- I
# Generated by NetworkManager0 y, {, U4 J8 [2 @" E$ _) }
nameserver 114.114.114.114
0 {) Z# M$ G$ M; q( psearch objectstore.com- Q$ k; `! w; C8 C: p, V5 J
nameserver 192.168.229.114
7 s! o. g) f8 |$ K: \$ m: R v& W5 G4 q7 `: m |4 v0 X
测试客户端的dns配置
$ [) D6 W3 E1 m) _yum install bind-utils3 l! C. P0 v" }* g! ^# y, q! t
dig ceph01.objectstore.com
3 S6 f# H4 j% ?/ s* R! I1 g( l: Hnslookup ceph01.objectstore.com0 k- ~ m- j/ q7 \& r3 Y/ B9 t9 f
- M6 b$ Z6 j2 v2 S3 L客户端安装s3cmd1 n& X7 W' E) k2 ]+ ]
yum -y install s3cmd
7 m8 k/ ?, e6 G- ?- A# `6 K/ a, h! U$ C7 g
生成s3.cfg配置文件
0 {5 t% i; Q) [$ W/ Fs3cmd --configure
" @. k1 @, ^) ^3 u3 x% C# C+ H
+ g( C8 H9 j* a A& _Enter new values or accept defaults in brackets with Enter.
: j; E2 d3 ]! L0 k7 w/ `Refer to user manual for detailed description of all options.
# L: _. c6 w$ J3 a" ~6 u
? P: X6 R" I- uAccess key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
* u- a5 i5 F$ MAccess Key: 1F0D2GRLPRU9ENSB689J # 粘贴服务端生成的Access Key* K" @) D, M8 w* _
Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4 # 粘贴服务端生成的Secret Key( } Z; P: ~( Z8 t# B* l. A, G
Default Region [US]: # 直接回车即可
8 F0 j2 i3 |; n% i6 k8 s/ @ q
6 F7 k2 @+ Z6 ~- `% BUse "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.
% f _( U$ j- @1 `6 O# aS3 Endpoint [s3.amazonaws.com]: ceph01.objectstore.com # 输入对象存储的域名, n$ H' L! c# _2 Y/ l' ~/ \0 g( y
3 N4 m0 Q. ^" z; v3 n# S, A- N+ \2 r
Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used* K9 k0 ~6 B7 M2 o- ]+ Y
if the target S3 system supports dns based buckets.7 Q# d9 i! u Q& i4 T) p, k
DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket).ceph01.objectstore.com # 输入对象存储的bucket地址* l, `: G" Y1 n# C) j* e# z
) g" n, ~( B% C7 s- m6 p& Q
Encryption password is used to protect your files from reading6 w* v! A: t; F6 x
by unauthorized persons while in transfer to S3% ^0 i( @" d) w% ]/ Y' r/ J2 D
Encryption password: # 空密码回车
8 J, m. \ T7 m4 H' {0 xPath to GPG program [/usr/bin/gpg]: #回车" S; l' z4 n- u3 o& K
3 d2 @( o2 a8 Z& S# @4 q( vWhen using secure HTTPS protocol all communication with Amazon S3
$ J, L& \7 O7 X+ m8 eservers is protected from 3rd party eavesdropping. This method is* c+ \* y) M* e$ Z! Z1 {( @' K9 R
slower than plain HTTP, and can only be proxied with Python 2.7 or newer
- J! J) F2 x8 D! |0 j" a$ iUse HTTPS protocol [Yes]: No #输入No
. A/ N* y% N: d) ~+ m M5 m/ ?+ U+ G* P+ i
On some networks all internet access must go through a HTTP proxy.; c" O! O" W% h* q+ D# p7 B, ~
Try setting it here if you can't connect to S3 directly$ m) _$ c" [0 k) ]4 o: E
HTTP Proxy server name: #回车2 n2 M% R" o) {0 L' Q" D
8 J) k* u: D; h1 Z$ k( z
New settings:
: b. |5 I1 p% u; n& G Access Key: 1F0D2GRLPRU9ENSB689J
9 O, ]) @# T1 V( S, F J Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h47 M; ?1 }+ T0 z m
Default Region: US9 p% O) n5 {/ d: P3 L! X) @' j+ n
S3 Endpoint: ceph01.objectstore.com
8 e& T7 [5 b; C* ^6 Z& Y DNS-style bucket+hostname:port template for accessing a bucket: %(bucket).ceph01.objectstore.com
% P, A+ P2 W/ X, _- \- j4 Z Encryption password:
5 G1 ~* d; ]; D, ` Path to GPG program: /usr/bin/gpg
; v1 W2 E2 j+ M3 Q" w. O: z Use HTTPS protocol: False
; ~/ h9 W E4 r" a$ r$ |9 M HTTP Proxy server name: % h/ r1 ^ \$ V
HTTP Proxy server port: 09 v+ k" ]5 m. k; x! Q6 R4 \3 x
5 c4 m2 v: }3 {/ j2 V/ \/ D- h
Test access with supplied credentials? [Y/n] n #输入n. J* R$ q* I! Q8 S. U
! s8 A) J! ^' L& s$ Y/ t+ K4 d
Save settings? [y/N] y #输入y
: f& U2 S( ^ \5 yConfiguration saved to '/root/.s3cfg' # 最后配置文件保存的位置/root.s3cfg% E" A Q/ ? ]8 ~
! x! Q9 c4 [& C1 m; K& u C
; H* y. S* @, s3 U4 E
生成的s3.cfg配置文件内容如下
9 p& d* W: `. `" D) ncat /root/.s3cfg " c* J4 `' g$ p" h1 g$ F, M: U; d
[default]+ p* x, K' {) w y" r6 q, c8 f
access_key = 1F0D2GRLPRU9ENSB689J' l/ m$ U3 P, Z7 d
access_token = " L! q1 m0 _3 L2 X, ?
add_encoding_exts =
- `5 c$ s' x5 Dadd_headers = + T4 v2 ]: ~/ S' e3 W) v; O$ p
bucket_location = US+ S. R: [5 {7 w+ W; S7 u R
ca_certs_file =
2 z \8 B* S/ `/ qcache_file = + o) i4 V4 K# K8 f4 P
check_ssl_certificate = True
# {1 D( h) F; b x' \/ [9 Qcheck_ssl_hostname = True
1 ^ Z; Z9 F3 p/ H7 ^# K5 J$ Lcloudfront_host = cloudfront.amazonaws.com7 C2 F! p0 G% q' B$ G
connection_pooling = True
4 X5 [2 s5 ~. x& b. Fcontent_disposition = $ M3 N, B4 ], P. {; F
content_type =
?. T" i1 @: Cdefault_mime_type = binary/octet-stream( T$ x2 \3 m A5 I* \8 C
delay_updates = False t) V& l9 n5 W4 ]$ d- k
delete_after = False/ H# c; b" n& \% H4 o# V$ T
delete_after_fetch = False
7 C* h% D( L+ X) Z- |. Fdelete_removed = False
1 P% b) X$ o. R9 c2 \4 o$ k Jdry_run = False* |/ C: t" B" v$ V
enable_multipart = True% f/ J- u. g3 x6 X
encrypt = False
: B/ P3 M$ n" d1 [9 u) lexpiry_date =
$ i; _ Y% ?+ qexpiry_days = 4 g- Q1 }" _( d3 {. E( Y( H8 u
expiry_prefix =
% W y3 C+ ~' xfollow_symlinks = False; a7 J( k" k8 E1 k
force = False& C* g& Z5 W x
get_continue = False
/ }* ]3 H/ ~* Y/ V$ egpg_command = /usr/bin/gpg
3 Y6 }5 y* R9 S" F5 g0 xgpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
! R. Z/ G+ J9 b: Wgpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
* o! J1 p% K* A6 ?9 t8 Agpg_passphrase = 9 }' x& J3 P& }( g9 N: @
guess_mime_type = True
. h& e* _" l3 [6 p8 G }host_base = ceph01.objectstore.com
8 I8 Q8 ?, A8 m3 Bhost_bucket = %(bucket).ceph01.objectstore.com3 F5 `3 r6 V, g
human_readable_sizes = False+ L: Y. x- `! v. }, n7 q
invalidate_default_index_on_cf = False/ e! Q3 C/ a { o, R
invalidate_default_index_root_on_cf = True
# u& v& z. h( j. P/ [" _+ B+ Hinvalidate_on_cf = False
1 \5 m# F4 s4 d a/ hkms_key = 8 d3 p0 t7 U; m: I3 n, \) G& |
limit = -1
* M, k0 T) n% d: _ N- P) }7 Ilimitrate = 0) ^ K5 b. H9 \, I, y
list_md5 = False
4 D' A# u8 D# t# |3 } B, ^log_target_prefix = 2 e C& p, K/ M; X- b7 W! U
long_listing = False1 W) L! l/ K- }7 |
max_delete = -18 G! Y5 b* v: G- V& b7 p4 J1 ]3 O
mime_type =
+ H8 x2 u) f+ {3 L3 ~1 W% K* @; Zmultipart_chunk_size_mb = 15
: f/ ?- Y! }" U* jmultipart_max_chunks = 10000
1 Q7 z2 e: k5 A# ?+ Spreserve_attrs = True& E$ r- j) j) c! [4 d5 G
progress_meter = True9 x: n1 e0 ]. ]+ J
proxy_host = & T1 q) H8 q6 o5 I, i# J2 ^# V. X
proxy_port = 0; [$ c; h/ `8 e H
public_url_use_https = False& N$ o; z0 N" t
put_continue = False
3 g9 o* }, F( X3 ~9 o# X K, Xrecursive = False' o# \) R) i/ o) F0 v1 A- m
recv_chunk = 655362 V: }+ `. k0 C+ @6 h+ X3 ^: E3 K4 f) y
reduced_redundancy = False4 R7 }! I7 Z: a
requester_pays = False+ k- Y! L+ ^& ?: c2 O+ \
restore_days = 1( M* }( a d! V
restore_priority = Standard
& t3 Q8 J2 P1 p; }1 h- Nsecret_key = M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4
% B) l5 p: l: a! W8 |( {1 K. Z% \5 Bsend_chunk = 65536% M' `+ a1 M' D" v" Q
server_side_encryption = False. P! M- M' P0 w$ }" W6 s
signature_v2 = False
T5 N$ E% V" Esignurl_use_https = False
( Q- z$ ^1 A3 p3 `1 Y" [$ Gsimpledb_host = sdb.amazonaws.com
' m4 Z! b5 n! b+ X# {/ vskip_existing = False
* n9 `! V) l4 z% x! K" z9 E4 ksocket_timeout = 300
! o: f% m; J; b% nstats = False3 ] o0 q, V+ S1 y! m4 Y; }
stop_on_error = False6 f+ a O* n c3 u/ u
storage_class =
( J; j% s9 }( w1 S R# Fthrottle_max = 1005 w) i; g1 `: `: q( k0 W+ `! x4 J$ Q
upload_id =
# H! w1 g9 l) t2 `! Purlencoding_mode = normal
, W) h8 C6 v( Q5 A: n% E' E" ?use_http_expect = False N5 D+ M& ]( a4 ^
use_https = False
6 j8 b4 G5 ]$ n* }! q6 L7 _use_mime_magic = True3 W; \0 F- S9 x3 U t
verbosity = WARNING: W9 f" Z% [( J7 \5 R* m4 w
website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
" }# r- V) m7 T! Z! Qwebsite_error = / H) |, B, Z( ]" q: `
website_index = index.html# B: c/ g$ s2 f% {/ @! T
& U3 q5 K- g+ m# [
vim /root/.s3cfg1 } L' @: ]+ V
host_base = ceph01.objectstore.com
, Y! J- N0 X( I0 nhost_bucket = %(bucket)s.ceph01.objectstore.com- ~' E8 y4 h" ~& ~ I* T0 @
( n. K# d5 m, C5 n
创建桶$ r/ W) ?' D1 R n
s3cmd mb s3://buck1
( I) u0 L& W; R. |2 }输出
( Q% z! _+ T1 q1 b7 S3 B7 k' DBucket 's3://buck1/' created i5 L7 {: p+ V3 x
0 z4 Q& v m) f' ks3cmd mb s3://my-bucket& @: S- v: W/ y' S
输出
+ N& n! ~0 i2 u9 e* T FBucket 's3://my-bucket/' created
: @ m9 m7 [+ m: d1 r* Z4 p
5 J: `3 o E9 ?: l3 d查看桶& \$ g! [& _6 i* |
s3cmd ls- _5 _% E. G4 j" G( b
输出- j* R/ o% R- k7 B
2020-11-04 02:43 s3://buck1
4 v- o6 \9 c% ` e2020-11-04 02:30 s3://my-bucket
8 g: h. ?- N& @% j. A" g- {4 l4 e2 P! T' Z
往桶中传数据
* ]' T0 u) v% \0 `# ]* e# m9 xs3cmd put /etc/hosts s3://buck1
1 B- z! q$ J+ ?8 q: n' f4 I5 `输出4 Z- M6 p& `8 J3 ~
upload: '/etc/hosts' -> 's3://buck1/hosts' [1 of 1]
2 U( n, B F! [: m 304 of 304 100% in 3s 92.11 B/s done; V2 H* h$ M3 E% M. `& f8 H
, F, o: |# `1 I2 W& [
swift访问
3 M# K7 p* x2 B& D, L- ?+ L客户端安装swift客户端' b7 d1 l, q! E8 v3 a7 `! }
yum -y install python-setuptools# Q5 i/ {; l9 u- \1 `& t0 p
yum -y install python-pip
9 a5 i( L: |$ V" ?6 e$ Epip install --upgrade pip -i https://mirrors.aliyun.com/pypi/simple4 d% f& g3 d: U; U" z: P5 Z
pip install --upgrade setuptools -i https://mirrors.aliyun.com/pypi/simple
# M0 e( E( K, q, c4 R$ qpip install python-swiftclient -i https://mirrors.aliyun.com/pypi/simple
1 S# i0 r) F9 W* A3 {5 V
! l& Q/ q/ @2 \5 Nswift创建并查看桶) k) |6 L' D- v$ C# u/ t" M
swift -V 1.0 -A http://ceph01.objectstore.com/auth -U mona:swift -K secretkey post swift-buck3 P8 g! Y- G1 ]# X, s w; W
swift -V 1.0 -A http://ceph01.objectstore.com/auth -U mona:swift -K secretkey list* c$ j4 f+ P. X/ \! b$ V
输出5 k0 h9 j' ?, c
buck1: U: J+ X" ^! X
my-bucket
3 H# D7 x2 M6 q: k, x( i9 iswift-buck- _: J8 l* @) ^3 e4 ]) V
1 ?3 w2 d: @' x! W, p
: d8 {" i- r" [, E( \
|
|
发表于 2022-2-9 09:58:36