|
|
楼主 |
发表于 2022-2-9 10:17:40
|
显示全部楼层
2. CEPH网关服务配置
2 e6 E6 t7 c& g0 jceph网关其实是ceph集群的一个客户端,用户通过这个网关间接访问ceph集群,作为客户端,它需要准备如下内容:; v$ x5 D2 H( l! y3 d0 F5 E
网关名称,此处用gateway称呼
# T/ a' ~( p4 Y N2 g+ u一个可以访问存储集群的用户以及对应的KEYRING
* B* e- R1 n. R数据资源池,这个由ceph集群提供" z6 t- u; o& F9 [6 d/ ?
为网关服务示例准备一个数据存放空间1 @ p5 m, ~% E* X2 @. O$ O
在ceph.conf配置文件中设置gateway信息: }9 s% j& a% Q- `( ]1 p
?& M& ~1 ]/ [
2.1 创建访问用户及权限设置
2 ~7 F& j9 W, n4 V- j7 l5 L, a创建gateway keyring,一开始该文件为空. M& T! i8 |) ^- K
9 H v+ ^7 N) V, e1 B: g, z! ?
sudo ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring7 k# G1 |) |. V8 p6 R
sudo chmod +r /etc/ceph/ceph.client.radosgw.keyring' [: ~0 }' r+ x. _3 P
创建网关用户名以及key 此处名字为 client.radosgw.gateway
9 }; f( V" d7 H$ m" F8 |. i' L) s# l7 j( G2 O/ @, j9 `
sudo ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key: F6 t- |0 @5 P6 c5 z" o
为KEYRING添加权限4 ~2 e7 L" M# |" x2 q
7 A9 G, }3 ~+ i X" [5 d9 g
sudo ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
2 r+ q; b. n9 I, r/ W& G2 T8 e0 X将key添加到集群中6 s( n3 x i4 ^( c$ ]0 A/ [7 Z
9 M$ n5 W& J$ _6 Z* E9 B
sudo ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
5 a. p! p, S/ W1 J0 _ R* l将相关的KEYRING文件拷贝到rados-gateway所在的主机 /etc/ceph/目录下
" b r, t9 V5 n7 i& K7 b2 x$ y& s2 V
2.2 数据资源池创建- Y! n5 E, E7 X
.rgw.root
* v# ]2 ~8 k- p" S6 M9 n.rgw.control8 S! Z2 R7 m3 `# q
.rgw.gc
) u) b5 S/ c) B- x. V.rgw.buckets
$ W9 e' c. _( L. M. n7 a1 U.rgw.buckets.index
- Z3 D1 y# f! t.rgw.buckets.extra
4 S! D( X' x) o: E3 `.log& V& s9 n0 L9 r6 ^
.intent-log4 W2 ~8 K1 ^: j! k$ h; q: V0 `
.usage
. p& P2 y J3 j, { M4 b.users
8 R% H! T$ r( { i# _: @7 r I.users.email
* B# N0 z+ s+ P.users.swift
U$ t; u! t9 Z' S.users.uid2 ?- x& Q% V& ] G+ U+ z
[root@gnop029-ct-zhejiang_wenzhou-16-34 conf]# ceph osd lspools
' ~ s- X2 f U' d6 z- W2 `! S6 o4 rbd,6 pool-1,7 pool-2,8 .rgw,9 .rgw.root,10 .rgw.control,11 .rgw.gc,12 .rgw.buckets,13 .rgw.buckets.index,14 .log,15 .intent-log,16 .usage,17 .users,18 .users.email,19 .users.swift,20 .users.uid8 C( ?. O# [1 J4 o& Z
2.3 将网关配置信息添加到集群配置中
, S2 j& s0 ^! C( T/ J# g[client.radosgw.gateway]
7 p/ B H/ t# h D2 chost=ceph-24) X3 ?% J, I: n* b7 P' |
keyring=/etc/ceph/ceph.client.radosgw.keyring
& e5 s4 k8 c5 `+ ~0 }6 x1 Rrgw socket path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock6 X) O4 _4 ^) r2 |( u
log file=/var/log/radosgw/client.radosgw.gateway.log# a* L/ A( ]9 d4 G' o' Z2 A! C, G. r
rgw frontends=fastcgi socket_port=9000 socket_host=0.0.0.0( M, `7 I1 ?7 \- K
rgw print continue=false$ B9 g$ X; l. ~9 A" j. }7 ?( Y
2.4 目录及权限调整9 x, Q: Q/ t! o/ G9 s% r o
创建数据目录
% m. Z; y! t5 `2 I
9 |4 M% d$ Z A. _; {' n1 Jsudo mkdir -p /var/lib/ceph/radosgw/ceph-radosgw.gateway
( Z9 s* H' |; h7 a调整apache运行权限5 n- W3 Y8 e$ R+ E( Y
sudo chown apache:apache /var/run/ceph
+ Q* s+ [, {) F# A- y* A2 Q调整日志权限5 O& j! c) r/ Z; d
" U$ D5 F3 m0 k, N! U' O" {
sudo chown apache:apache /var/log/radosgw/client.radosgw.gateway.log
) V4 d& O, [8 h S# p. A启动网关服务sudo /etc/init.d/ceph-radosgw start
0 p! j9 P1 ^8 ]8 V1 h- x: ~* Z; v1 d4 A Q4 F) X4 d- B
2.5 网关配置文件0 Z8 p: N, O- s4 r. r: }% p
一个配置文件,用于web server和FastCGI之间的交互
- q/ B, f' O: n3 ?sudo vi /etc/httpd/conf.d/rgw.conf
& j) ?& M0 u0 p. ^# I2 c
7 u/ X' Q( Y% d$ V ~3 p1 d; E/ i<VirtualHost *:80>; s; @$ R. r! i4 @" y V: x
ServerName 101.67.163.34" _. x* j9 C0 }' w
DocumentRoot /var/www/html: Y) I5 a4 i9 ?; |$ D* ~' k
/ D! B3 o, H- K) b* |
ErrorLog /var/log/httpd/rgw_error.log) f1 Q/ ~! t3 D3 A8 @3 Y
CustomLog /var/log/httpd/rgw_access.log combined" A, ^ Z5 H0 P2 H# E! S
. |+ M: g `6 K& D
RewriteEngine On0 D) R+ R E6 W
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]! l% h! ?( x% q3 U5 G6 ~7 y2 A
( v7 s/ ?; Z- O' W& J3 K, ~, p5 kSetEnv proxy-nokeepalive 1
- P' `) O X, c9 n9 L n4 S5 t( p: s7 _" p
ProxyPass / fcgi://101.67.163.34:9000/
' n$ }# p" D4 ]</VirtualHost>
b) Z2 X: \ r2 a% \% J9 L# {其中标红的地方是要根据实际情况填写2 g1 L6 t! G. h3 S
% ^, j3 O% G l/ U1 W2.6 用户创建3 [0 \0 s5 g, @# N7 w/ T* I
radosgw-admin user create --uid=xuwenping --display-name="ceph xuwenping" --email=xuwenping@d***n.com+ u) { L H7 @
{! q( p. `% B/ q% h" w" z
"user_id": "xuwenping",
* j* k2 s6 P3 c9 r$ i "display_name": "ceph xuwenping",
2 \" j- m4 j+ e0 R& G& |8 v "email": "xuwenping@dnion.com",+ O) B% W! H) l- T, h; p( u4 c
"suspended": 0,
( [1 F: z' y) e: G "max_buckets": 1000,
- S; b' e, U: n2 g9 `" S "auid": 0,
V2 Q d' X, E2 M" Z "subusers": [],* K4 l7 ]# ~: J% {$ P
"keys": [
7 z4 N0 x# i {4 R7 B& K: p. R( W7 T# d {# J8 ~+ n( A; v% o. }( i H
"user": "xuwenping",
$ s8 z9 d" ]/ v: e) b5 A4 Q "access_key": "4J3GD7GJIJKSDCVS1I9T",
" b, j5 u$ W0 m- | "secret_key": "yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I"
0 w2 L! s3 Z2 s }
" i0 a$ M& C! q$ P2 W a& v' t8 M" E ],
/ U# u+ _3 J W& C8 k, ?5 K "swift_keys": [],
/ s5 E' T3 n% b/ F+ x "caps": [],
& F `2 f5 [2 g "op_mask": "read, write, delete",
4 O# l) @7 H( f# j1 y4 J F7 s$ D "default_placement": "",. [! P0 T D Y" x. A1 q0 d9 W
"placement_tags": [],
, ]5 E) G( b4 r5 p9 G "bucket_quota": {+ v9 x' H6 T' t
"enabled": false,; Q; K$ i. K7 P$ k# Z$ @& ^9 U
"max_size_kb": -1,& J. e6 P* M3 w/ @" |% a6 w
"max_objects": -12 M: _% ?' g$ o. c6 x3 t
},& e0 J2 A6 f: \6 x
"user_quota": {' G3 l1 z& E- i; R+ g+ A* p
"enabled": false,
, V/ Q1 f0 Y3 A' d8 W- L "max_size_kb": -1,2 `2 ?3 Y+ V8 J) g6 r1 e' ^0 u
"max_objects": -1$ e9 y- x3 W1 n+ a+ ?
},; Y( m7 _* l, S; W, B2 Z
"temp_url_keys": []
$ c# ] P7 [! [: l7 z: B) v1 v+ s}7 L% g2 k9 {+ D6 [6 l' y1 H+ Q% h
创建SWIFT类型USER
7 S* t/ Z& T2 V+ D. Y$ d0 m# E
2 s# [ |8 R# s! E& f8 ]sudo radosgw-admin subuser create --uid=xuwenping --subuser=xuwenping :swift --access=full- I8 H7 h, l0 J! |( |+ I
7 e1 m7 C- |# [/ f8 I2 W. c: `
2015-10-10 14:19:19.854951 7f402eadc8a0 0 max_buckets=1000 specified=0' p& A, s* Z D }# p; t
{
4 n) } ^) h. Z+ H9 I) L "user_id": "xuwenping",: P, n& P% I& g: S4 U
"display_name": "ceph xuwenping",4 F: E' h- O" v* q( H$ Z- {
"email": "xuwenping@dnion.com",9 Y3 c0 ?* }6 I* \
"suspended": 0,
! {+ Z9 K, y0 U7 k "max_buckets": 1000,% z* N6 Q, J1 a+ ~
"auid": 0,
+ n$ x& p$ s! {4 B2 G "subusers": [: m! r3 Y0 w3 o7 x
{+ k7 O7 J j" p) i# y
"id": "xuwenping:swift",
3 F+ U. B, n5 v3 M: \ "permissions": "full-control"% }! J. z7 V* U1 e% A8 G
}& m' ]2 R; ]; D& x, P, Z8 o) r: f
],* Z( f" c7 w) x B. M) w, b
"keys": [- ]8 q1 u& w0 [! y- r+ l
{
' E4 z# V% g6 l& b "user": "xuwenping",. S- }- E6 p `9 `* `7 M
"access_key": "4J3GD7GJIJKSDCVS1I9T",
8 V2 ?. V& i2 L "secret_key": "yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I"1 n- H( H$ q7 N! H. X+ c, r
},
5 ?& r6 O+ S: E5 \7 R {/ G, n K% D, t
"user": "xuwenping:swift",
! Q# N/ p+ P9 m "access_key": "PEIT99BBWMZP31BD6S3I"," J1 k' P4 H0 [* F
"secret_key": ""
5 {! y# [ ?( H }
: x6 L. }% O& Z" C4 | ],. `3 k) p4 h$ ~( j9 N2 \
"swift_keys": [; X7 |, f, s4 G7 ]
{ R' `1 e8 }0 ~# U6 U- b
"user": "xuwenping:swift",1 _* o3 U- j7 Y7 l5 P' w
"secret_key": "qWHPhvUy4md1XSa2PSbcxUyMU5YXodlqxt0ZC2hn"
# O* t) M* ?4 j$ Z }
; u3 [- T/ P; u( j% b' q$ @ ],' A3 M4 X6 E6 F/ Y
"caps": [],
$ U& r2 A0 M& j% w "op_mask": "read, write, delete",
- Z8 s U3 {% [ "default_placement": "",& T& R- X+ U! | Q
"placement_tags": [],
" R7 O# R. f0 C6 ?. [ "bucket_quota": {
- C K2 B. W" O3 s6 H+ I1 H "enabled": false,
" |! f7 I4 U- K, L "max_size_kb": -1,+ q% s) i9 R3 p0 F+ k1 G% `0 N- w0 W
"max_objects": -1
% c8 Y, a/ D$ b4 f/ ? },
2 g9 k" Q9 V$ ]: Z "user_quota": {' G1 A% j- O; h7 W6 [: e0 W0 S: \
"enabled": false,5 ^, u- m8 d) W4 u# q# O: `2 ?' x* e- q
"max_size_kb": -1,
2 a8 `# |/ q/ _ "max_objects": -1; ~* l# T- w% c7 F d8 L2 u
},2 C9 P7 `8 O0 c3 @; T( a, ~! L, C
"temp_url_keys": []. a$ }" [% d0 |" h
}
5 |. K8 C# c5 b* a% M0 m2 v& \' {2.7 实际验证
7 t8 C; V& Y7 ~9 z* A: f编写了一段python代码,用于访问网关,并创建bucket,并通过list方法罗列出当前所有的bucket (官方示例)
( N4 w" K! D& S. R6 H7 {7 s( n" {# R" U, \0 @/ ^5 ?( P; e
依赖库安装
* l7 I* `5 C5 \) n- |6 |/ j8 K! Y O9 [) K+ e- b
sudo yum install python-boto
7 L# H+ D8 i8 q* cimport boto
- g5 y: l. w t( U$ }& T. \import boto.s3.connection
# f/ B- H. e% W8 W- I1 [4 oaccess_key = '4J3GD7GJIJKSDCVS1I9T'
1 @( P! w5 [* v' X- V8 }5 A4 @4 ^2 i( ]secret_key = 'yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I'
* {/ m8 A, c$ d, m, j! q; Xconn = boto.connect_s3(" s! C/ `+ ]4 X7 z4 X8 Z+ R
aws_access_key_id = access_key,
" C! u1 |% e% O. w# o2 {8 d/ jaws_secret_access_key = secret_key,
& T) y7 a- s, F0 fhost = '101.67.163.34',
~4 }3 ]0 n3 w3 E8 W+ d" i/ ~is_secure=False,
7 P; B4 z4 @6 d* H& d+ ]" q6 ]calling_format = boto.s3.connection.OrdinaryCallingFormat(),( [7 h5 d( A% V
)% Q$ Y8 J$ }3 ^1 Z
bucket = conn.create_bucket('my-new-bucket')0 q* p" a" R, i1 C! w5 ~
for bucket in conn.get_all_buckets():
* {2 s9 H) o, i/ s) Q8 i print "{name}\t{created}".format(8 P8 L0 ?: U, P- P2 ]+ F0 z
name = bucket.name,, D( p: k, D: C1 `
created = bucket.creation_date,+ c. _; q i$ U- }$ E( h
); p5 c" _) `. Z8 G7 f9 A
运行结果- ^1 V/ M2 h: D
) B& E- v! U( _
[root@gnop029-ct-zhejiang_wenzhou-16-34 ceph-rados]# python s3test.py 8 z8 Q4 a7 l3 n7 \6 R' t
my-new-bucket 2015-10-10T06:23:48.000Z
$ y, W8 P2 z6 h& [* H1 \/ t0 O$ X7 k至此,Ceph集群的对象存储网关安装设置完毕% \( r E" v- w
) ?2 e( D0 e) i" \附:
, k' b1 g5 J6 i& e2 r0 I5 ]9 n1 q4 k
有时候通过yum安装软件是报如下错误:7 R& E3 t3 K; _' N) h# d' E5 Z
3 M" H6 O" h, yDownloading Packages:) i2 Z& C8 U$ ]2 U$ i/ k% X
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
4 ^# s" j: _- X& E' P1 _# p' z; LRetrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6: W$ |8 k9 x% _1 ]& }
! W2 u7 v1 U2 e- M! i# v- X+ R$ }' g. J/ V) j
GPG key retrieval failed: [Errno 14] Could not open/read file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
6 K% h* z/ A# C* V) o% t在执行 安装命令时带上如下参数即可:- U4 ]1 q6 l9 g4 _
2 E# z0 U, ^- P! s" qyum install mod_proxy_fcgi --nogpgcheck
1 ? ~0 o' |" l- Z* r0 Z到此,关于“Ceph对象存储网关的安装配置”的学习就结束了,希望能够解决大家的疑惑。理论与实践的搭配能更好的帮助大家学习,快去试试吧!若想继续学习更多相关知识,请继续关注亿速云网站,小编会继续努力为大家带来更多实用的文章!
O) a# a; ]+ t( s( F3 l% J- F2 P2 B; w" T
|
|
发表于 2022-2-9 10:11:24