浏览此站
联系我们相册切换到窄版 Language

 找回密码
 注册
易陆发现论坛»论坛 云计算开源区 ceph分布式存储 ceph-deploy之配置安装使用对象存储
返回列表 发新帖
查看: 1498|回复: 1

ceph-deploy之配置安装使用对象存储

[复制链接]
admin

1

主题

0

回帖

12

积分

管理员

积分
12
QQ
发表于 2022-2-9 09:58:36 | 显示全部楼层 |阅读模式
eph存储显著的简化了安装和配置Ceph Object Gateway,
Gateway进程嵌入到Civetweb,所以你需要安装一个web服务,或者配置FastCGI,. z8 E9 X% Y. ]7 S
另外,ceph-deploy可以安装gateway包,生成key,配置数据目录,创建gateway实例。; I) M7 }4 V* {# A6 h! |+ O% a
Tip:Civetweb默认使用7480端口,您必须打开端口7480,或将端口设置为Ceph配置文件中的首选端口(例如端口80)。  `, Y! N: M# {
安装Ceph Object Gateway1、保证开启端口+ M) c7 Y5 W: {1 ^" r# b) E) @+ U
2、在admin节点安装Ceph Object Gateway包到client-node节点
) [' [6 m+ U, z1 N  l! yceph-deploy install --rgw <client-node> [<client-node>...]3 Z7 c& V$ H! ?! y
例子:
! a; I! \8 h% m! W2 x% f ceph-deploy install --rgw cephhost1 cephhost2
% J) ?% Q4 }# C; w9 G' ?& ?创建Ceph Object Gateway实例 ceph-deploy rgw create <client-node>  例子:3 l, x. D% f! t* w" G0 Q! R
ceph-deploy rgw create cephhost12 g/ C; R* q' p- ~% h8 Y

" F) I! X4 R" Y/ d1 v/ M
, d( Q) T3 p% \( j3 c一旦gateway运行,你可以访问它的7480端口(例如:http://cephhost1:7480)
! b( w* x4 X+ R. i' A配置Ceph Object Gateway实例1、通过修改ceph.conf配置文件修改默认端口,添加标题为 [client.rgw.<client-node>]的部分,% \1 [1 z5 D) ?/ O5 W
用ceph client节点hostname(hostname -s)替换<client-node>.
6 Z. c9 ], x! ~" h
) _; b+ |! |6 W7 D1 S5 N如果节点name是cephhost1,那么在[global]部分之后,添加如下:
- Z2 o) ^# e8 q% t. }: a[
: k: T6 C* X& b* H: rrgw_frontends = "civetweb port=80"# }0 k4 g; b6 Y6 U
注意:
. W0 p; `. m/ K* j& Q2 M+ ^确保在rgw_frontends键/值对中的 端口=端口号 之间不留空白,
& @) S$ @# |0 _" \9 x如果您打算使用端口80,请确保Apache服务器未运行,否则将与Civetweb发生冲突。在这种情况下,我们建议删除Apache。
. r! i* {0 ^" \( ^% w3 O$ t( M% I- ]6 l% z1 G5 @' s
2、重启使新配置端口生效
6 ^2 A# \; I2 S4 D/ a/ ~( H8 l% l systemctl restart ceph-radosgw.service2 T, U) d* P# }8 E& P3 f
3、如果开启了防火墙,检查端口在防火墙中打开。如果未打开,添加端口重载firewall生效' ~' G: X8 {6 G/ H# g0 v
firewall-cmd --list-all: j% ?  T( S3 r5 \/ L1 [
firewall-cmd --zone=public --add-port 80/tcp --permanent
& a: X$ y" H6 w1 e& n; lfirewall-cmd --reload
, D8 e& j( V+ ?# a9 B* b4、现在可以发起一个未认证请求,并且返回一个结果2 ^, ^  H" k0 R6 t
#request5 @' n7 d9 w0 K' c6 y( t: w/ t
curl http://<client-node>:80
! g* P  I* c: _' F5 O* ?+ y#result
+ N/ a4 ^0 v6 A1 B+ Y) B<?xml version="1.0" encoding="UTF-8"?>. J7 t/ i0 J: e0 |
<ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">) X: Z0 F! ^1 m; q3 v
<Owner>4 D' s& ~; G5 w9 X
<ID>anonymous</ID>; t0 M. A. t4 C0 R- i
<DisplayName></DisplayName>
; y7 E! k5 ^1 G9 S5 ]9 D  y</Owner>
: R# y: ?# Q3 b! x: o# r<Buckets>
: Y' O/ H# P( Z5 n7 n8 h' N</Buckets>
  M- G8 `, a( q1 I- p! p</ListAllMyBucketsResult>
$ O+ @* G+ [$ h$ r
& v5 O' ^" {* E/ Z. q9 e
2 Y" M& t: B3 I5 S+ k8 H% i3 e+ E% w* ~! a8 \+ Z4 Y; Q4 h

. j$ Q) ?1 h# a) {: k
% u) y% X* D9 f3 n* F' `: e2 S7 f4 a7 B' f6 B
回复

举报

admin

1

主题

0

回帖

12

积分

管理员

积分
12
QQ
 楼主| 发表于 2022-2-9 10:04:03 | 显示全部楼层
ceph对象存储
# b9 L0 o2 Q7 c( Y& w顾名思义,对象存储以对象方式管理数据。每一个对象存储数据、元数据以及一个唯一的标识符。对象存储不能直接被操作系统当成本地或者远程文件系统访问。它只能在应用程序级别通过API访问。ceph提供的对象存储接口是RADOS网关,它建立在ceph RADOS层之上。RADOS网关为应用程序提供兼容S3或者Swift的RESTful API接口,以便将数据以对象方式存储到ceph集群中。- T4 z8 {" h7 r' \
在生产环境中,如果你在ceph对象存储上有大量的工作负载,则你应该使用专用的物理服务器来配置RADOS网关,另外你可以考虑将所有的monitor节点配置成RADOS网关。* s& V6 ]5 Q- _+ H0 X) f
. k* {( q  w- N/ F4 L* n
安装radosgw相关包
* h% u7 w* Y4 h, L$ \/ y- {- J  Pyum -y install ceph-radosgw ceph9 f5 }6 k! ^' s- [% u1 K: P2 A3 q8 |
1
! {5 [* H& Z! j4 W创建用户
3 r9 U: W) I, Z为ceph创建rados网关用户及密钥环,登录任意一台ceph monitor节点上,并执行下列命令
  F8 q3 n& |* D$ {: m# ~- e1 E创建密钥环
8 t! \. ]. L  X8 t9 i) G' b* \4 v5 W/ Q# B8 g& T$ o
ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring + c9 m3 s  P$ j+ m4 r5 x
输出- c) e2 |9 J5 E- P1 g- J$ x
creating /etc/ceph/ceph.client.radosgw.keyring' H: g  R. H/ |$ _
1) ~. }% @& Q$ }- K/ B: i! C
2  k; j- I3 e9 S4 C. r9 ^  O& Q
32 r+ G* ~6 I3 x( ]' v# r
chmod +r /etc/ceph/ceph.client.radosgw.keyring
8 s) c: l4 W7 R% H1, p/ k( [. q; g2 L3 Y, g
这时候/etc/ceph/ceph.client.radosgw.keyring 文件还是空的
! C; b$ a8 i5 Y: r2 y为RADOS网关实例生成网关用户以及密钥,这里的RADOS网关实例名是gateway
3 ~8 \) H( {* B- I2 U7 M$ i9 ^4 d" O1 m; D/ j& V' {( J3 h% @
ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key$ R# U$ q0 L- Y4 M( W
15 c/ Z/ ]1 O) A+ `; ]1 L; U$ \8 D
cat /etc/ceph/ceph.client.radosgw.keyring
+ _# D5 S5 O- v( t  k/ A5 M[client.radosgw.gateway]
) l' ~% ^0 G' Q% K        key = AQBWuqBf5apFDxAAAbqsG0NTx8lehGoNpcPVJQ==2 ^+ P; T4 E, G7 s  {
17 d8 s: F9 B* V3 B% N3 h3 ^
2
9 O8 [5 n2 L( D. |, O* b32 D+ l& A, ~% N
为密钥增加功能
2 H: C; _! Q" X! D$ H
; n7 Z  ~' q- \/ w: B& {ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring6 E: x, H* H2 [+ Q( n
1+ e5 O3 U/ Y+ b4 z4 J9 F. T# H
cat /etc/ceph/ceph.client.radosgw.keyring
$ c, b* Y, R6 T6 Z' W  D% z[client.radosgw.gateway]
! ~8 c1 l) v2 N  y# w" |9 |7 x        key = AQBWuqBf5apFDxAAAbqsG0NTx8lehGoNpcPVJQ==: D3 G0 R; e" Z4 J% k& p+ C
        caps mon = "allow rw"2 C2 g3 f: h+ h! V; g/ B4 H! ^
        caps osd = "allow rwx"7 z2 }/ W2 h7 {3 l$ n
1
6 _1 r0 C* J9 i0 ]$ E6 n& d2( \: Y  v% i% \" N& |
3
7 ~% c! d& _) G% i' f1 T' D- c4
$ B3 [* q8 O/ L% z5
# ]6 o% w) C& f; K9 g! \7 i将密钥添加到ceph集群中' ]! B+ q1 ~( ]4 F% F; F  W/ `# Z9 v" u  A

% `- {% x3 i) ?* G% b5 R+ G- Nceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring 2 y& T" f' n# @: ]6 k
输出
* Q0 h. Q" m" {- R/ R' l0 jadded key for client.radosgw.gateway+ o9 I5 z% T* s( y
1
$ u& ~' ?/ K3 p. Z9 E5 O! {- K2( p' W6 w1 y" `/ m
3+ y! n, z- W0 r' A) j, X
分发密钥到ceph rados网关节点上
1 A! k, e; \# }% j% V3 W0 ~0 S# y( B2 D+ C5 r$ L
scp /etc/ceph/ceph.client.radosgw.keyring radosgw节点的hostname:/etc/ceph/ceph.client.radosgw.keyring - E: W' o# h9 T9 N9 F: B
1
7 u6 W! t" m- O3 V$ ^0 t由于这里的rados网关节点和monitor节点在一台机器上,所以不必分发。/ k! J6 s4 I2 h8 A7 Q; g; s; `
; W+ G8 g$ Y9 L  U% a! ]
为rados网关创建池
  y$ Y9 b) {/ U- y7 \5 Lceph osd pool create .rgw 128 128! O! j0 g6 u, e4 l% s" D
1; b, n) b# q. ]- Y1 Y5 k2 P
创建radosgw网关数据目录
$ S" c  [) c2 Rmkdir -p /var/lib/ceph/radosgw/ceph-ceph01.gateway
& B" g! u0 q) N3 k% Q1- {0 x, f' R1 H1 O# J
Civetweb方式配置rgw! T2 B& p5 F) C
增加配置
+ K. k* n2 W9 Z* T* ^给ceph添加一个网关配置,添加如下配置到ceph monitor节点的ceph.conf文件中, 并将该文件移动到RADOS网关节点。确保主机名是RADOS网关的主机名。
% v. B  F* O4 t/ l% b- i
4 H! x7 s8 U0 o- T: z' Q* R[client.radosgw.gateway]
, [. F. ^9 f5 k2 X7 Lhost=ceph01# j1 ^* `& n: E$ l, W7 [" g9 s
keyring=/etc/ceph/ceph.client.radosgw.keyring
+ U  B' g9 o0 jlog file=/var/log/ceph/client.radosgw.gateway.log9 f9 _( q5 x' K/ W! D! e; n8 C
rgw_frontends = civetweb port=80" }' ]9 j8 B1 f: d( i# ?: X
1+ T" p/ I2 Z, q+ Y! I. P. N
2
# d  z5 K3 s7 Q, D0 j( x3  i3 q  }7 o9 a- s1 `
4
8 g  d/ t% f8 I9 B% C+ a5
: i% [& Y2 p8 v3 ncivetweb默认监听在7480端口,上述的配置中显示指定监听端口为80(port=80)
# A0 N, u, c  w) @) A  H" g/ s) r复制配置文件到rgw节点,这里rgw节点在ceph节点上,不必复制。- S- s# G1 t8 G
: p3 ~3 i0 S% d4 R( F# q* D, D
scp  /etc/ceph/ceph.conf radosgw节点的hostname:/etc/ceph/ceph.conf
" B, x' L0 ?  J5 D- v6 X$ J9 M$ u3 F1" z9 Y# r  W9 |2 o7 F% f0 G
启动rgw实例
6 N% S/ ^+ \: }! Q' k2 @3 rsystemctl start ceph-radosgw@radosgw.gateway.service, \( X" x4 A, N) o% P0 p: d
1
4 S4 |$ c( L% f3 T; l+ c8 t0 F8 c$ c说明:ceph-radosgw@radosgw.gateway.service中gateway为具体的实例名,这个实例名要和ceph.conf中配置的一致。1 x. E& ?2 l7 f

, q* I$ u7 h; e" l/ V' k验证, V  S$ t! h. ?7 v. p. `" A$ z
rgw节点curl3 f% K. o  g$ \
6 g( F4 f8 h* U8 H* o
curl localhost:80) t& j) N" I6 q4 K4 z  ]# }
正确输出/ \3 e! X- A% A" S5 P9 |' U6 t  I
<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 ceph]#
2 k; |0 A- ]5 b, x6 R$ H1* J! s  a' s5 E' Y- O
2; s2 Z1 m6 X* Y5 _4 q8 N8 p
3, N* h) n; L- w2 g; F
或者浏览器输入rgw节点ip0 s( q- s: \9 C* \1 ]/ K
正确输出如下7 V; \6 r: I) n7 y2 y
, v; _. r( R" M) ~3 b: m; j

) ?" H. G; S# ^2 hapache fastcgi方式配置rgw(方法1简单)% G+ [; [3 p6 b7 p
安装httpd, h0 r" d( S: }
yum -y install httpd
# B6 S7 ]* e  {1 f15 u. P, i5 J$ z4 j. n. g" M+ o
配置httpd4 a! ~. q0 \1 @- ]0 Q1 w! O+ r. |
cat > /etc/httpd/conf.d/rgw.conf << EOF; A$ _4 a, l. Y/ F' }
<VirtualHost *:80>
( n; }+ ~* v0 E; IServerName localhost
" P/ A7 g$ R7 s6 B& r6 m6 p4 hDocumentRoot /var/www/html
5 k! k3 P% k0 N6 m. O, J( G6 T  Q) v0 ^
ErrorLog /var/log/httpd/rgw_error.log
0 v" @6 w3 A( K! ~+ @CustomLog /var/log/httpd/rgw_access.log combined% i$ D9 N" A3 Z: |& L# p

$ Q) Q, p' U7 u( G# LogLevel debug
7 v5 w. x+ ?5 g3 D% g9 X+ E( @# d& t+ l/ n/ v7 U/ V- P" V" K
RewriteEngine On
. L, t. h' I. _4 \4 a  `4 [7 {" e# z7 s3 q) j
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
6 s  g9 @8 [, y. j# h  |3 Z+ ~; N- A" I7 M4 h  Y# S. ?( f
SetEnv proxy-nokeepalive 1+ S" J! J6 `- I3 l
" i, V/ G4 Z/ p4 C$ x% b
ProxyPass / fcgi://localhost:9000// A7 C! O. C% R) _0 @/ A

; L4 t" I* @8 [& Z- U' f</VirtualHost>
2 C0 F# U- Q, {  b3 Y8 B& F7 @EOF
/ y( W0 n; D! Z( E0 a9 P1% ?5 U9 k# m2 \1 ]' }' V/ ~
2. J5 z) K& |8 s1 x2 n& z% |/ z
3
0 `0 B# w; K: @$ _  E4  N# \$ h3 `& G% `4 i) E: b2 ^
5
( L& A+ j' n6 E2 @6
( N  [9 z0 q8 y0 ?; T% s% \( F- {74 d0 }( o" E$ @: U
85 M( Z: m$ `6 P: S
9
  A1 I$ l8 J4 q7 A# i7 o+ c10/ I1 I9 `8 S1 K8 d* p
11
, K* I- M0 E% q5 B* d! N12
; s" f4 D& ?' p5 n2 N" x13
3 @3 k5 F, A' g/ c6 c146 v  k. o7 u* F7 |/ C% f
15! j, F4 u# E! Z3 C2 O
169 W8 ]+ e: L4 {5 E5 m4 R; i
17" A! s8 U% m7 [) t. N7 ^
18& q; v& b( x7 _0 |! Q
19
* u, S9 c4 p6 ~6 K209 P, k) {& V& c4 A. Y
配置ceph
+ Q4 P/ E' x8 I+ q4 |9 c* T0 B# _[client.radosgw.gateway]
* O: D. x$ t+ c" ~) y! D4 u, _host=ceph01
9 W: ^$ A, i; g& ?$ Wkeyring=/etc/ceph/ceph.client.radosgw.keyring
, d6 i6 W7 q, m; ]- ]6 Rrgw_socket_path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
$ a8 H1 ~& m$ j9 n5 H3 plog file=/var/log/ceph/client.radosgw.gateway.log
2 G6 p% O# @1 @rgw frontends = fastcgi socket_port=9000 socket_host=0.0.0.0% |2 s! ]0 k0 T8 o
#rgw dns name = ceph-rgw.objectstore.com' m+ X% O' |" I9 |8 W
rgw print continue=false. q0 N# S: W# h5 n
12 j! d7 C: A5 t. ~6 Y0 C
2
% r- j( s0 q5 O# p# t  }3
$ R: A5 `; c% Q: Q! W0 G7 O8 F4
' \2 t  P) E+ Q% R3 O  G" }* [  s57 u# B& k5 n: [/ d2 p
6% S) t6 _0 K+ |+ |
7
  D( T& q3 z* _/ g81 s0 o7 |2 I: K+ Q* Q0 L
启动httpd3 A5 r6 E  i( \7 {- y% |
systemctl start httpd
: U# u4 d* z7 v$ K& l2 U( }# [12 Z1 a$ O( V  x: t" f9 @
启动ceph-radosgw.target服务
% l3 ^" D4 ~& `systemctl start ceph-radosgw@radosgw.gateway.service
+ y4 L4 q' x" g. B; x: `2 `1
+ d* p( K# i8 q. v验证) t1 }$ F/ q% H" c% h# r8 X# n1 v8 n
curl http://ceph01( g. _% I( ~, D5 z7 s
<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 yum.repos.d]# & z! h; b4 Z4 K$ Y% r
1
3 ^4 F& I/ `) m2
' o4 E: B4 j  }' J1 o( U或者浏览器输入rgw节点ip' s3 e7 ^# O  w8 S
正确输出如下* S. N8 F# k5 U# t( o$ @% x& b

% h1 p+ Q- G$ L8 ~& W# V
& K1 A8 J7 ~* J2 U1 K: ?apache fastcgi方式配置rgw(方法2复杂)8 ]  d1 J  i. E# {
安装yum-plugin-priorities
9 `3 z( M+ {3 h; p4 D$ C1 u' T4 N" Oyum -y install yum-plugin-priorities; w" a7 z$ Y* |0 O( E+ e+ Q
1. E6 a) L2 I2 g1 S
配置mod_fastcgi的yum源' ?1 a. v4 k& e7 S
cat > /etc/yum.repos.d/ceph-fastcgi.repo <<EOF, \0 {# n8 x- E% ]. K) Q* Q& p
[fastcgi-ceph-basearch]! M6 e0 t- \/ S9 {/ g' [% A8 \
name=FastCGI basearch packages for Ceph% {' ^) J; L% A* T
baseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-centos7-x86_64-basic/ref/master/
9 [$ o8 i: L# Fenabled=1, t; L0 f8 P9 ?* x9 C6 h
priority=2
& A' z# U+ @3 I/ B; p% T8 ^gpgcheck=1
! B+ V9 a& t* J5 a- ~6 Xtype=rpm-md
! P' R+ c6 Y" v$ L' Z1 r1 e, _" Xgpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc0 T; ~* G5 _8 l0 u6 ?/ g. s
! u4 Z; @5 ^* G, F8 A, z2 G' W, v
[fastcgi-ceph-noarch]
+ C$ N6 W* B2 `# R2 A$ h9 c* Sname=FastCGI noarch packages for Ceph
( n2 K$ }" J8 {2 J' Z  w! |6 Sbaseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-centos7-x86_64-basic/ref/master/
2 e6 B, {) c& ?' j* H) T+ senabled=1
: t9 y8 {) m+ ]6 zpriority=2
" b4 K9 }4 }3 q' hgpgcheck=1. W/ ?1 n1 d& A; |: W
type=rpm-md% c+ Y0 X: [1 T
gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc! F" a9 V* n9 x

# v* \, y: s4 T. j$ T/ P. |( X[fastcgi-ceph-basearch]! q% d+ n' r" z9 y
name=FastCGI source packages for Ceph2 P7 v' j/ @0 H) t5 V% r; f/ E
baseurl=http://gitbuilder.ceph.com/mod_fastcgi-rpm-centos7-x86_64-basic/ref/master/( a) e- o- E3 ]# m& B! a
enabled=1! V# `; c8 q+ q- ]7 }
priority=2- ]) b/ S+ n* y) Y
gpgcheck=1
7 H/ _3 N* N2 {: g3 Ftype=rpm-md4 ~; G* h$ ]2 a- ]9 e0 N
gpgkey=https://ceph.com/git/?p=ceph.git;a=blob_plain;f=keys/autobuild.asc3 a3 M  a* m* l+ A  P9 F. R; v" y' _* }
EOF7 v$ v  B. r# G
18 y# c/ X+ Q6 z  N
2
; }# y, O' N# i" `. I8 }7 L3+ R, j6 e/ P0 W5 ~7 J( n
4
- \  d% i  F7 A5
% s, a" D* @" \) \+ L6* \9 U) R) T9 L) R3 U; F& `
70 k; u, j; a, w; t" N: a
8& T2 w$ g7 X7 N0 ^9 A$ v
9
& N1 c! w. ~2 A10- M+ F7 ~( K) O0 Z
11
: Y" W: {4 ]! f12
' B4 X5 j0 g0 ?6 T! f5 g# S6 }13
0 E. V9 T( n  C; w6 m143 N4 X- S9 [5 r) v
15
  p& S; h6 [/ y. P% _/ E9 C# ?164 h( K, _$ v- c& Q4 _4 g
17- G% O& ~4 o" M! H
185 x( F8 U1 a3 m; O  d
19% S& c8 H- u+ R: p$ T: P5 m
20
' ]0 X3 a, Q! ^21
5 b2 s/ g* r8 m$ ^( a- a" i22
3 w2 Q& l8 P6 B3 w23
$ a1 m3 [4 f: A; a24
! B* G( C; q: z, w6 G25! m/ }# C2 _  N& H
26" |6 [3 c. o! O' t, g  ^; S
27/ V  E6 h5 M8 I6 Z' u
28
& y, X* ^0 K( r! H- e5 X安装相关包
* p7 H# w, K/ Z- @$ G/ b& u6 C1 Byum -y install httpd mod_fastcgi ceph-radosgw ceph
6 D0 p3 ?2 T" |1" n' x4 x- h/ {2 D: M/ {& N
配置rados网关
) @, d: N2 C$ ?4 J( A5 drados网关的配置包括apache和fastcgi的配置以及ceph密钥的生成。
1 F6 y( h' D, r1 a% I编辑/etc/httpd/conf/httpd.conf文件以配置apache
% p9 @2 V, V0 O- B, z# L5 b) n( {9 D" n$ [' M6 x
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak/ G0 B; k9 ~* s" i2 N3 X1 x
19 p) b; a- T2 }7 }, ~
设置ServerName = 主机名
/ d, [" i5 q2 L1 W2 n8 \! A1& }2 `/ f  `0 q
确保下面这行存在并且是非注释状态( Z, q' A2 X5 n& Y1 K

  k* [9 c; N( M3 d0 Ncat /etc/httpd/conf/httpd.conf|egrep "rgw|rewrite"; e7 F" n1 g# W  l6 c9 q6 H, y
LoadModule rewrite_module modules/mod_rewrite.so
$ o7 C* z; x5 [9 B1" I8 b6 ^9 g3 J
2  C% W1 N$ H9 U! X2 {2 {
编辑/etc/httpd/conf.d/fastcgi.conf文件以配置FastCGI" Z$ Q' t! q9 I; x; o% h  f1 r' R
确保FastCGI模块开启
' N6 [2 y; D/ ^  {. j4 o9 l3 A% P: y8 y3 v. v0 N
cat  /etc/httpd/conf.d/fastcgi.conf |grep "fastcgi_module"
8 F! i3 K1 g& J4 l* |% s  m% oLoadModule fastcgi_module modules/mod_fastcgi.so% B! N9 S0 z5 ?! k+ U7 s5 d( {8 i1 {
1
! ~0 V7 J5 p, d% X* |5 J5 [3 b2
1 K! G' j; m8 a& K" w- W关闭FastCgiWrapper( O9 o3 I% {( A  y
. I( p/ R0 ^( @: d' e
cat  /etc/httpd/conf.d/fastcgi.conf |grep -i "fastcgiwrapper"
" ]. Z" M& m! x( p. fFastCgiWrapper Off8 ^' A: z* G0 U0 l
15 c: v1 p& [; S9 l0 h3 ]
2
. f# T5 g+ ]9 D1 M4 \3 z设置对象网关脚本' k3 r4 _8 {4 ~( T
' Y2 g. f( x& }0 |% V* }, p/ B0 b: H
cat > /var/www/html/s3gw.fcgi <<
! j; a! v. {( a#!/bin/sh3 e( q* \  N4 ~% R
exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway
6 \& g! ~* C% L* I( fEOF
6 E; W" O, `* _6 s. U2 L$ S5 V11 c" `% s/ j4 T  k9 L
27 G" m; s7 b7 K4 s
3, x  f. X  m. H/ I; H9 k4 m1 i; ]
44 ]# _, W+ x/ c. L4 p2 ~5 n
授权脚本2 Z8 f9 u3 u8 g7 Q- X  d0 }8 t% b
chmod +x /var/www/html/s3gw.fcgi . ^! z9 m) z# b6 c0 v3 Q4 o6 B+ u3 Q
chown apache.apache /var/www/html/s3gw.fcgi
4 K" c- @! i1 V5 @# C* z, ~2 k1+ [! f9 Z- K1 Y6 C& Y
2
$ r5 F7 {' j# U0 t2 v! _1 C+ e+ n在/etc/httpd/conf.d/目录下创建网关配置文件rgw.conf
5 Y1 n. w9 N, i6 L9 c$ e3 Z' a: Z& [/ q9 _
cat >/etc/httpd/conf.d/rgw.conf<<EOF
/ L& ~& e9 K" nFastCgiExternalServer /var/www/html/s3gw.fcgi -socket /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
% ]% x& \6 N- K% L+ y<VirtualHost *:80>
: y6 x, {( y2 @) m% LServerName ceph01
8 x' ?9 w, z2 d9 K0 qServerAdmin {zhanghao@ceicloud.com}
( B4 r4 A5 l1 KDocumentRoot /var/www/html
9 f! ?% T. i! q* v: R5 ?* SRewriteEngine On
( G' D( Y* ]; D* wRewriteRule ^/(.*) /s3gw.fcgi?%{QUERY_STRING}[E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
: j3 M! p+ _" ^/ b) X$ z. M8 p<IfModule mod_fastcgi.c>  |4 F  |* c) b" \! y$ |3 m( S) C
<Directory /var/www/html>
$ O6 i6 u% g! F5 D# MOptions +ExecCGI+ o& h5 B) |& {5 q0 g% g
AllowOverride ALL
1 e- u& \4 s6 E7 R# `SetHandler fastcgi-script" D5 I" W5 _& m  }' D
Order allow,deny$ N3 `( `/ ]9 h* b' y! m
Allow from all
$ p. Z9 h" x4 [' _# u  i3 P* sAuthBasicAuthoritative Off8 ], d( y% F* T- V8 [
</Directory>
1 `6 @, g6 [# w6 n6 ]* ^</IfModule>" q* _6 r. B9 s
AllowEncodedSlashes On
* V' }4 [3 ?) [) W" \3 XErrorlog /var/log/httpd/error.log9 J1 n" C9 g1 `7 m$ M& |4 K5 `
CustomLog /var/log/httpd/access.log combined
& D- ^9 g+ n: y8 ^' O/ V1 ~ServerSignature Off" g* X; A- s7 K$ ~# ^  k
</VirtualHost>1 V1 P* M  @; P; x. j1 |( h
EOF
. g; I& l8 H& i1
) J$ y' l# T& C22 k$ t+ s0 N6 r- @6 L' W6 [2 P5 s
3
3 s5 Q9 W. L0 C  @4* p' x, T# l6 L' F# u  Y% D( q
5, h) u8 E) J3 ^
6. M. t. {9 ~6 w2 @
7
2 f. K& J. T% u. [/ M7 ^$ }8
# C7 j" N$ j$ t/ T+ e+ v9" j5 Q% f7 x* F, n6 X5 G3 N% l
10% K: a' v/ m( `7 ~: a" V$ S$ U
11. U" {2 _% U' J' s4 K9 [
12
* J- k# h8 e, P# X5 x! g# Z  E$ D' Y9 r13
4 @5 F# |: A; }9 F- n4 Z14# }& l4 f& y# I4 ?' K% Z$ \: H
15, o- E3 p, v" X1 \9 u9 E; h
16
' b( W! i" F1 A8 f* n4 \17) b2 v7 s3 s: B& W8 L1 }8 c
18
# I# C$ f! s, |19
; o' L2 N0 h2 ?& l) [208 p1 @+ v" K4 L
211 g' O" Z1 v" b6 s
22" }3 a1 I, R; n7 ]: U3 I  z& T
23
, E& {$ r: K& P0 l$ q' e. C241 G9 a2 L: B5 A" \2 d$ C
添加ceph配置
9 j. a# n/ r% r给ceph添加一个网关配置,添加如下配置到ceph monitor节点的ceph.conf文件中, 并将该文件移动到RADOS网关节点。确保主机名是RADOS网关的主机名。
2 {' ]0 t9 k) l  `6 h5 z2 A
/ k3 l4 \+ l" h' a) N[client.radosgw.gateway]
* U! R+ `! ?7 [' ^: _host=ceph01* e; h8 T( E5 x$ p
keyring=/etc/ceph/ceph.client.radosgw.keyring' j7 D8 O, J  p' m0 s
rgw socket path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock- H1 i) I7 g. p
log file=/var/log/ceph/client.radosgw.gateway.log
8 Z2 F8 T6 H. m# `& c7 d8 \#rgw frontends = fastcgi socket_port=80 socket_host=0.0.0.0- V8 e7 L+ W* E* ]2 [0 o
rgw dns name = ceph-rgw.objectstore.com0 t  K# t; p* A3 c# f  |5 ~. ~3 `
rgw print continue=false4 ?% S* V. U5 K4 o
1
! k' Z; q: }, L- s* @# S2
1 t7 g" n- D2 J5 R: m3 w# C3& q5 z9 [, _4 {8 L. @
4( Y" G( E9 ]4 K) N8 v8 G7 ]
5
! N8 q% Q0 T% f% N6
5 @' A. d3 x8 e3 M* V7
# c" z9 E& g$ _' ^! b* c4 ^( m8
4 g0 {: |2 x# z- G; Y# \3 p设置文件权限- D* V9 d; E0 o4 U7 f: ?" U
调整RADOS网关节点上的/var/log/httpd、/var/run/ceph和/var/log/ceph这三个文件的所有权和权限,并设置SELinux为Permissive。. o$ g* Z+ r( i

) p; y% \: M* I2 qchown apache:apache /var/log/httpd/1 O+ T. Q. f5 `1 b5 ~+ [0 F
chown apache:apache /var/run/ceph/% g1 `% E% x7 ^2 Y
chown apache:apache /var/log/ceph/. t# }7 G  O/ M' o; h
1* K- Z& L8 F; ^9 q
2
5 W# }/ }3 g$ s: V1 T/ p. T# S3
" C' C/ M6 y$ m0 t, F启动Apache和ceph RADOS网关服务,忽略遇到的任何警告。
" v  n; H5 w( F
. U6 z6 y; Q% ?" \( u+ y: ]启动httpd1 W' W% x2 G0 G' l$ G2 M
systemctl start httpd
% N& k, V) {! O5 p" u1
# T, h. N+ v- S8 Z& w; \2 ]$ X启动ceph-radosgw.target服务
* E& |8 b* {" d; Rsystemctl start ceph-radosgw@radosgw.gateway.service
, Q5 g5 ~4 H3 E: m9 H0 f7 n- C6 a1
! s: D, O% d& z. u: ]0 J验证
# D+ T4 ?; _* Z# vcurl http://ceph01
: J! i7 X# f  q- \9 ?$ R$ [( ~. `<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 yum.repos.d]#
/ Z8 N2 a% ]& F7 {/ z3 Q5 ~* m17 A2 `0 m5 n# C& e" [
2
. u' K7 r  I8 a" Y$ B  T或者浏览器输入rgw节点ip
4 ~8 y8 G1 C/ U: a8 U正确输出如下' M! j4 w8 B$ n  f. F' i
: i9 A9 U( ~. J% M7 x% {

0 v$ ]3 z0 G" \6 J5 z: _6 FNginx fastcgi方式配置rgw7 e' j; R& X8 X. ?% W+ p: w0 t
添加ceph配置
4 h$ t' x) f- M+ {给ceph添加一个网关配置,添加如下配置到ceph monitor节点的ceph.conf文件中, 并将该文件移动到RADOS网关节点。确保主机名是RADOS网关的主机名。
+ p) E% g6 i# @* g% \3 H5 t
) `) D; o8 C+ j- @[client.radosgw.gateway]
% f) T$ I  M8 W" c9 j8 c2 hhost=ceph01
7 S" D5 E; Q. x6 {; N' Lkeyring=/etc/ceph/ceph.client.radosgw.keyring! x1 B) ^5 b! A, s! q* s
rgw_socket_path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
' @& f, q, T* Z' \log file=/var/log/ceph/client.radosgw.gateway.log' \* u: [7 {+ \1 O
rgw frontends = fastcgi- F0 S) r* i/ @, v7 r/ R- l# h
rgw print continue=false
/ r, A/ @: g0 m! z8 Jrgw_content_length_compat = true5 ^$ U$ K; t) _3 R
18 e4 [; a# _! J' d7 p) T
2
- L& Z1 u; a4 J+ F33 ~8 ]7 M: {; d5 }' D) m; S- E
4
# i3 t# C! N0 I+ q1 W5
* {( x0 k/ A+ j+ [7 u4 ~62 k- f3 i# w' B) C2 y; X
7
3 h* e8 x1 u! ^/ W8
: R- y% w& }; ^2 C安装nginx
; w) a% z, v5 b! q/ O8 _yum -y install epel-release
% J& ]5 u: X) ayum -y install nginx5 K( s- S; G: J2 s# Z+ L9 R) d
18 r" O1 y  c6 ~# ^3 B
2. a7 E1 P( w3 ]  W* n
配置nginx. B4 f, E0 ~# J& }
配置nginx服务,在/etc/nginx/nginx.conf文件的http段下添加如下内容:+ U0 P7 m" e6 f
2 ^0 U4 H7 Q$ V- k5 L
http {
; B! N- O! o- r2 i! j2 nserver {
4 ~! W/ N/ B7 e$ c. @) Y9 U- Q        listen   80 default;
+ |# K3 ]1 V: D3 _3 a/ Z        server_name {hostname};
, C0 ]1 K# H# E2 v    location / {
% ?( E" p8 q7 |8 u            fastcgi_pass_header Authorization;2 M. F) n2 ^% w3 j1 x/ u, a: A
            fastcgi_pass_request_headers on;' t# ?2 i2 o2 v& ^5 z1 K' S
            fastcgi_param QUERY_STRING  $query_string;
) Y( O/ a" ~  z8 j. E            fastcgi_param REQUEST_METHOD $request_method;
' D) K/ |. {9 X4 m( N4 N. a            fastcgi_param CONTENT_LENGTH $content_length;# n8 g, L% n4 L: v) k5 o
            fastcgi_param CONTENT_LENGTH $content_length;) z6 H( ~' Z9 V" j/ @9 e, f, {
9 ~8 R; }) {1 M+ z/ e
            if ($request_method = PUT) {4 N: a. W" _) p% H
                    rewrite ^ /PUT$request_uri;6 [* D8 Q# }8 f- z  ~% |
            }/ W/ M+ G) ~6 P

9 f7 A. q( ]8 m  P' _- N3 h) {6 l            include fastcgi_params;
) R6 z3 J$ {) s" l. r            fastcgi_pass unix:/var/run/ceph/ceph.radosgw.gateway.sock;) p( V+ f3 O2 h% o3 _
        }  j7 @& |, W; \0 H) _
9 k0 c1 @" t3 ?1 y6 H" R+ P) J
        location /PUT/ {( w) t# }) w* w0 q  \+ U
            internal;) t1 E0 @( `( n/ h& x% D; R! B% R
            fastcgi_pass_header Authorization;, E/ g0 I% v" {
            fastcgi_pass_request_headers on;
2 |4 w1 D$ Z4 K9 y$ H9 A1 @* l. v5 c' ^  f: R  X
            include fastcgi_params;
) m' ]) z$ v. k8 @: N1 C            fastcgi_param QUERY_STRING  $query_string;# A' r5 E9 d4 `* q7 S* Y
            fastcgi_param REQUEST_METHOD $request_method;: x, [4 E, V3 X1 Y+ ~7 f* B
            fastcgi_param CONTENT_LENGTH $content_length;. J" s+ O5 w1 o% a* q" U7 K
            fastcgi_param  CONTENT_TYPE $content_type;
5 {6 D3 O8 R* s& @& o9 _            fastcgi_pass unix:/var/run/ceph/ceph.radosgw.gateway.sock;. f# i# c/ B* e8 r: `* K
        }0 Z( s6 [& c8 p0 O5 Q6 @
}
; K2 @: u# Q6 |9 h- K
3 {: D- d7 A- t2 A; B$ I+ L* f. A
" m$ a$ @$ f9 N5 C$ f# T注意: fastcgi_pass 指向的路径需要与ceph.conf中配置的路径一致。
6 @6 C0 m" A0 Z! ~, E( ~! k1 ?修改nginx启动用户, k/ n+ Y& @; g+ i  R8 @
编辑/etc/nginx/nginx.conf文件,修改user为root
' l/ c6 A, l2 W4 Q8 L& h, L
& ?$ j, u5 K$ U0 q3 J, `2 K! ^0 `user root;+ u2 v3 l) }; x. Q

; l' G6 R: P" k- F6 D# v+ ?启动nginx
. G- W  F. d/ y+ O4 J: v& Asystemctl start nginx
+ Z9 W+ q5 d1 r( f% r- ^4 T$ C
1 H6 X2 Q6 m  |1 D6 ^cat /var/log/nginx/error.log
& O& b7 p0 ]6 q( k( I5 R  K2020/11/03 15:19:09 [crit] 26789#0: *23 connect() to unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.229.114, server: ceph01, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock:", host: "ceph01"
  [! Y1 O( O) ^$ o( Z' [2 O6 F
% J, Z; v7 T: T3 c验证
4 x9 o- ~+ x  g# m" D* l' ccurl http://ceph01
+ K" G6 Q: G( t9 L! r# n<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>[root@ceph01 yum.repos.d]#
0 Q! s+ q6 C; t  B5 n! f7 f, k- W' N7 j# p: T
或者浏览器输入rgw节点ip
# L0 `0 a% x: l正确输出如下$ x7 W# D) e% g* L6 s% j0 Q3 A9 u. c& r$ K

# S# o3 w; W7 V7 G4 ^) f
, P: I' {2 u4 s  k报错9 @' ]$ Q' ]+ U& a, a' M) @2 h
配置nginx fastcgi rgw时候权限错误
! a2 e7 [8 |0 Z2 a9 O, Jcurl http://ceph01) n- ]1 s$ H* w, c1 E, L
<html>
; p' V; T5 O& Q8 G5 v<head><title>502 Bad Gateway</title></head>, Q3 d/ t3 |' y( E
<body>+ d' y( d9 X$ h! M) {
<center><h1>502 Bad Gateway</h1></center>* y0 D3 L$ y4 E4 x8 ^; R. ?0 ^7 a
<hr><center>nginx/1.16.1</center># y$ Q/ M% K% J9 s. V9 M
</body>- M: c5 Y- p  v/ X2 Z
</html>
$ l' g/ R& a0 I6 K
  `2 ]  C" Z0 l; p  L8 G$ L* G+ enginx错误日志
! r0 Q2 f$ z3 Q9 I) i- [# H. a9 m3 O1 A- M' s: Q
2020/11/03 15:19:09 [crit] 26789#0: *23 connect() to unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.229.114, server: ceph01, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock:", host: "ceph01"; x/ g' w  D  F$ }+ r

( O8 s! v7 J+ o. {解决
1 n7 ]7 }# s' K8 j; r修改nginx启动用户
) s" \2 p$ N4 }) g6 N编辑/etc/nginx/nginx.conf文件,修改user为root
, }2 N- Y: p7 V* s) o/ ^" C, Q( G; \# U% W: O
user root;! U& G* Z2 T8 T3 r  e" s
# ~; ?; f3 E) D  R

) [' ]& B" B3 v# D# I, b重载nginx配置+ w5 h# t4 u( j2 l& a6 a
8 g" H0 V' X7 W$ B$ o
nginx -s reload
5 d. C7 `& E  j5 q+ g: n0 n" e$ ~7 b, @) f
apache fastcgi配置rgw(方法2复杂)报错
+ l3 V8 ^! O* Q9 fcurl http://ceph01
$ v: C& a; R5 P$ M3 x* H5 T<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2 g$ c- R% L4 W<html><head>
8 ]0 a7 p0 j4 T0 t# |<title>500 Internal Server Error</title>
8 y3 G. B3 P! V</head><body>- G: f: H. ^$ m0 ^
<h1>Internal Server Error</h1>
. Y# Z( m! I8 e$ l9 \& A/ @<p>The server encountered an internal error or/ y- R& {6 o# [- l2 o
misconfiguration and was unable to complete
. @2 s' L3 {. m+ W  K( b* H7 g$ Hyour request.</p>3 |6 `4 R! b; K- z+ |' ~3 M' {
<p>Please contact the server administrator at 6 C. s8 |; I* O
zhanghao@ceicloud.com to inform them of the time this error occurred,
$ |* J9 h) e/ e- Z2 m% `+ B and the actions you performed just before this error.</p>! i6 q. l, {" ]8 `* `2 _+ D9 s
<p>More information about this error may be available
9 F" f7 E; T7 g; Nin the server error log.</p>
9 U1 j! K( P/ Q! B$ O1 ~</body></html>& b# ~3 V- w, z- Q8 o8 `, b! b

  _5 v  t2 W+ {3 j8 |, p+ \0 `  C" f1 w) J$ T$ M
[Tue Nov 03 15:31:06.955924 2020] [:error] [pid 28243] (13)Permission denied: [client 192.168.229.114:36712] FastCGI: failed to connect to server "/var/www/html/s3gw.fcgi": connect() failed# P$ G1 a# r- }
[Tue Nov 03 15:31:06.956045 2020] [:error] [pid 28243] [client 192.168.229.114:36712] FastCGI: incomplete headers (0 bytes) received from server "/var/www/html/s3gw.fcgi"+ b, x8 Y/ G, _5 r0 V3 I; K; i
  C7 Z4 W$ D4 I, t. h

  F  P# H+ D% A4 v5 }, K* v& ~授权
, j0 p+ R3 B* [" ]' G" q% [/ T& o( }( D
chmod 777 -R /var/run/ceph/6 x9 j2 Z. f& |) i, d5 w7 G' k$ d
4 t9 B  A% v" k, {/ \
换了报错,但还是权限的问题. i5 v' I# B& ~0 V$ u
3 [( C# h* ~  V+ R
[Tue Nov 03 15:39:19.598498 2020] [:error] [pid 29128] (111)Connection refused: [client 192.168.229.114:36768] FastCGI: failed to connect to server "/var/www/html/s3gw.fcgi": connect() failed
& |; z8 n3 W3 t9 O[Tue Nov 03 15:39:19.598595 2020] [:error] [pid 29128] [client 192.168.229.114:36768] FastCGI: incomplete headers (0 bytes) received from server "/var/www/html/s3gw.fcgi"1 F. _$ x$ z: \0 L, c5 L, |. u
% q# v5 g: f) L
, }. b+ Y# G( \3 }+ Z+ I
检查httpd的启动用户,发现启动用户不一致
% F9 a" P3 V% {1 Y/ @5 Q/ w; r% L; \* n. C. j0 f
[root@ceph01 yum.repos.d]# ps -ef|grep httpd
5 u) e: s, n1 N) V# [0 Q% Sroot     29125     1  0 15:38 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
) Z& W3 e; j" e" C2 b8 Q' vapache   29127 29125  0 15:38 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
4 ~! g9 P  d9 G5 Tapache   29128 29125  0 15:38 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND7 f# p; u( r* ]6 p3 g9 k) B
apache   29129 29125  0 15:38 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
2 z% V3 c, h3 y5 e3 [+ G3 S- Gapache   29130 29125  0 15:38 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
2 X& {2 Q* Z6 d7 [1 T6 Uapache   29131 29125  0 15:38 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
4 i& _8 c- I" R9 @. _/ v$ x2 l! i' Hroot     29414 12349  0 15:43 pts/3    00:00:00 grep --color=auto httpd
$ _9 p+ A- H3 N1 S
5 w( T+ l4 _7 |0 a# W解决:; w+ _& n- p: x; R
用root用户启动nginx# Q( h. i) e* [+ N; M5 l
具体方法百度,但不是只改配置文件User Group那么简单。2 R, F7 M: ]4 g; [0 Y2 a9 T
: a. n; X+ u4 z( S" V
创建rados网关用户
; E+ l- O! z' D9 b* t) J; k要访问对象存储,需要为RADOS网关创建用户。这些用户的账户将由访问权限以及密钥标识,客户端可以使用这些账户来执行ceph对象存储操作。
0 a7 P* A3 u/ L! d
- Q" i, B/ j5 ?6 A4 `, v  T! |复制ceph密钥
% S3 _$ Y6 Q7 x2 k2 f* t从monitor节点复制admin的密钥到rados的网关节点4 r' s" j' \8 f, J# {! F
$ X8 b( M& |( W: P* {8 {" K
scp /etc/ceph/ceph.client.admin.keyring RADOS网关节点ip:/etc/ceph/
& ~! [) _7 j1 [1 o& P% z
7 j/ l; D( F/ g- k% Z从rados网关节点执行命令确定集群可达
! g. e- @- h# g6 |' Nceph -s
# P- \6 V/ N( i' M' S9 }9 B; D& e; m/ f% T- a
创建rados网关用户
  F' Z& s' x% R# o8 ~这是会生成该用户的access_key和secret_key,这两个密钥用于访问ceph对象存储。& Q- F- k; m7 x9 M

3 X, d' `8 Q" ?+ S0 X' h3 y0 tradosgw-admin user create --uid=mona --display-name='Monika Singh' --email=mona@example.com" i1 n. V5 j# @" b3 g, L# |
输出
' e" `" Y( `% l) P7 Z, v* O{
) R+ j9 G3 q( y$ a6 e) \    "user_id": "mona",
$ i" W) q+ c" ^! S/ p2 o2 p, g% S    "display_name": "Monika Singh"," G6 l9 u; v6 c. w7 H7 m- B5 L
    "email": "mona@example.com",! u/ j, i8 m) K, U# C$ |/ R* [
    "suspended": 0,
' G, k0 p  z7 `7 I- x) S    "max_buckets": 1000,
6 Z, S" B; O. u7 @% h+ I    "auid": 0,& g/ a* y. E  X# g# ]7 {; q0 `
    "subusers": [],
$ R7 o! @( e% _# t    "keys": [
5 e4 {( J6 T7 t3 f) [# A        {
- A) V5 u& ~: q1 f            "user": "mona",& f7 i; g; Q' ]* }( `
            "access_key": "JDRTJS0766NOL89YXR8X",  U. D( a: N& @3 R  a. y: T
            "secret_key": "Sg6QTkXMs79epxSUEvwFmjVNWgqvWI2Jkll4KiNQ"
& L! |4 V: U. H& W0 x( g        }
2 o! s* ^7 d" Y# E4 Z; @" x    ],- f6 b0 t% y+ G! l, A8 y
    "swift_keys": []," S/ T4 n% _) S3 `; \
    "caps": [],0 H: g$ u% Q% h4 k3 B
    "op_mask": "read, write, delete",6 L% y$ ~% @; a5 z9 S# V. E/ j% |
    "default_placement": "",
( C" N3 w) x* j$ W% Q    "placement_tags": [],
& s2 l0 z5 @  S    "bucket_quota": {9 a! H( ?/ \3 c) l* I: ?
        "enabled": false,# o% K1 }  _1 _
        "max_size_kb": -1,
+ _( J. [# Z. i0 d2 b, a( y& }        "max_objects": -1
$ w& V5 L) h7 k( n$ x, h  F    },+ K: P0 @# u; n5 k
    "user_quota": {
& x) k0 l$ D6 g& v3 ]  y        "enabled": false,
5 q9 g: l/ p9 G# {: p" d        "max_size_kb": -1,
7 R0 a* E4 @0 D& |7 S/ F. S        "max_objects": -1
4 D. U  ~. ?4 w% v- ]! p6 A& }# m% s2 G    },
: P) M0 y1 d$ R; ^0 q    "temp_url_keys": []0 K# I0 H8 L2 _' g: T3 @, x5 O  z
}
  C8 w$ c' F4 ?# D) U) @6 M3 ?' d  o: e
4 D' t- W6 y5 O, r说明:执行这条命令之后会自动创建存储池,创建的存储池如下
7 E3 R8 `: d8 D0 k5 G" l/ B7 [" b, ]2 ]$ C5 a
ceph osd pool ls' d: y; N! a! U( r' V' }: W
.rgw.root6 W6 g9 d; ^+ |, [% G
default.rgw.control
3 N& [. i5 Y- x2 g- f9 L: |+ z# zdefault.rgw.data.root/ f) t: |. ?! X' P, D
default.rgw.gc$ F9 ~, D" F% T1 b4 [$ J' e" R' x
default.rgw.log
/ t  f7 G0 G, w6 s' D! ?- rdefault.rgw.users.uid9 w% f+ g$ R8 ]3 q% G' m  x0 c
default.rgw.users.email  D8 g0 D; {4 J  i4 M: f% E
default.rgw.users.keys, P& F: G% L- y7 e- s' F3 X0 q  l

" c# E' x- y4 S) b+ W2 h创建一个mano的子用户用于swift访问2 t% W2 R  Y. Q4 W6 x" j, O
radosgw-admin subuser create --uid=mona --subuser=mona:swift --access=full --secret=secretkey --key-type=swift
( c4 B# H1 J5 {5 C% v( F6 D{
* t+ z* ~8 W# r0 r5 V    "user_id": "mona",& f* {1 Z0 `6 U  o3 w6 z% [  ~. d
    "display_name": "Monika Singh",
5 K0 F; W  u1 a    "email": "mona@example.com",
$ C! m% M% I; O# q    "suspended": 0,
# W) Y. V: C) z: X6 A    "max_buckets": 1000,
4 E; D+ @. m/ Y3 v    "auid": 0,
$ b* b  b" ]8 L4 e# F! I3 M6 `    "subusers": [
2 M6 I7 n9 i5 ]8 I  j* e$ E        {
4 L' F4 h, K$ v# {            "id": "mona:swift",# v$ g) x+ m* h% t# K2 n5 r
            "permissions": "full-control"
! i$ M, `. Q$ A2 r5 a& {- x* |        }+ m6 K: q6 R/ p5 y! K
    ]," a$ v5 d0 f  j8 E
    "keys": [( B$ L; [7 e  D# Q8 E( c
        {/ z% T8 w7 I0 O! C# [1 e  e6 P9 y
            "user": "mona",
8 ?; [$ ~" `9 u0 ]7 M& s            "access_key": "JDRTJS0766NOL89YXR8X",
% }* ]- T+ z. g6 ^            "secret_key": "Sg6QTkXMs79epxSUEvwFmjVNWgqvWI2Jkll4KiNQ"
. p% D2 s, @6 Y7 o3 P" G$ d$ Z        }- _: e9 n1 Z; U2 @0 J& N
    ]," I% ]8 |& Q) U& y7 o' J4 {
    "swift_keys": [
/ R" |- H" G0 A% X! b- A* z        {* V3 h3 h) ^: q) d3 n, J/ j
            "user": "mona:swift",$ a+ v% h, E6 m/ h
            "secret_key": "secretkey"# J( |1 N' f( ^/ O1 A: r
        }  G/ ], N, J, o9 O% V
    ],5 @3 O% r# W) H5 \$ ]. p! p
    "caps": [
" z4 i6 W  q% {# Q0 f        {0 V* P- _% i* x# p9 l3 Q& d: `- p4 }
            "type": "buckets",
# i5 s- S* M  P/ N5 }            "perm": "*"
2 @1 x; |) E/ V8 X        },
& C6 k  b+ f7 T* ^  q, A        {* b' z2 z( Z8 |, F' N
            "type": "metadata",
4 H* }6 x3 i6 P" Y+ r            "perm": "*"
7 c  F7 a  y$ r0 E" t! Y        },
% Z: X  O. c# F" l' Q$ T        {  i- |1 G! _* W/ E% c9 n6 `  ]% H
            "type": "users",
- z4 D, G* A  M9 c0 P" q            "perm": "*"
4 Z- ]: X/ y$ u7 b: |( E; |        },. I2 n4 @* p2 z$ S/ y4 E
        {
) M3 E  a( v; o* |            "type": "zone",- v- \- v+ h7 s( y- W# t: a
            "perm": "*"9 k7 X- ]" y  {: ^* N
        }" S; \8 ]4 K1 Q8 _9 z
    ],
. ~# i" m, Q2 q' m; k: E0 {    "op_mask": "read, write, delete",
) `5 L; p; _) C2 X3 J1 R    "default_placement": "",. M& T7 j- }8 P6 |0 H9 b
    "placement_tags": [],
6 r* @' L0 q$ Q    "bucket_quota": {6 K  e% U+ [7 ^2 g
        "enabled": false,' S& M2 l) u- T
        "max_size_kb": -1,
! Y( P/ z" m- z9 L: ~        "max_objects": -1
$ G0 E- [3 U! P" p- u4 T" z) Z    },$ [/ `" m% d+ B$ c
    "user_quota": {
& G+ u+ `( v  X% ^* a/ |! |/ [% M6 L        "enabled": false,% S; G7 R# R2 K& m* I  |
        "max_size_kb": -1,; G; d4 r* c6 t: j$ [7 f
        "max_objects": -1
6 U* }0 w, g! c" c! A' m    },% X; P. R) ~1 \
    "temp_url_keys": []& N2 F+ C! {9 e1 }& H8 q7 ~
}$ m$ G& G5 O( z" b, H$ ?; ~

9 ^% D7 d. g# H8 o$ ?为访问用户增加必要的能力
7 u+ U! Z8 w; x3 C% }0 Yradosgw-admin caps add --uid=mona --caps='zone=*'
1 Y& ?: U  Y( ]# r: n! ]输出, o1 v+ G2 f' z$ v0 P
{8 }! N$ f2 }* k9 w- s" N) c
    "user_id": "mona",
0 B$ h( x( F) X7 j, d2 v    "display_name": "Monika Singh",
5 E8 @) a) i) _0 q    "email": "mona@example.com",
; a/ @7 f" |" d# c* f    "suspended": 0,
1 S/ [4 i4 q1 `( m. }    "max_buckets": 1000,8 b3 I' t% e0 R: x
    "auid": 0,
' [3 T; I5 k! h4 k1 R    "subusers": [],, D/ d% y/ M( B
    "keys": [( L. b+ e" i, }+ L! M
        {+ R# T; E7 {- u: e
            "user": "mona",& b7 b' u8 j$ S  \3 n# I1 o
            "access_key": "JDRTJS0766NOL89YXR8X",
7 Y9 [# W) z% j            "secret_key": "Sg6QTkXMs79epxSUEvwFmjVNWgqvWI2Jkll4KiNQ"
" T. V: a7 h  N0 P, H$ M        }8 D5 ?2 r/ |3 B# g
    ]," E3 y6 \1 y8 r
    "swift_keys": [],
+ b8 v" ?9 ]5 G( W0 q0 b7 s    "caps": [
: V* _7 X0 u/ P" W7 H" N: a( ~        {
& P9 P$ ^' r$ B$ {+ X2 P7 M' [9 g            "type": "zone",
& p' x; I1 G1 P/ ]( o- Z1 o            "perm": "*"0 A( S$ h9 U8 G5 ^- R
        }
  D" n0 U. U& U1 m4 y    ],8 y2 q$ O: o1 n5 H  k* T( I
    "op_mask": "read, write, delete",* q$ M) i8 Y; u. W6 m
    "default_placement": "",
( b% d$ c" v6 ~7 X    "placement_tags": [],
, M! Q( N# k" E9 \    "bucket_quota": {
( y! ~" @( `, w% W/ b        "enabled": false,
; R8 ^. K7 L, \) H" i! h        "max_size_kb": -1,5 V% l. }3 W$ A# z& \  w
        "max_objects": -1& f/ A5 W& o0 n9 Z
    },
5 W9 @- I8 F$ M# p    "user_quota": {6 e* E- h' g5 X' K+ N3 {) i
        "enabled": false,6 M5 s9 Z6 R) d' ~& Z- _( k
        "max_size_kb": -1,
9 \/ X7 P' k. q; q! d+ t        "max_objects": -1
+ W, C# g" o: b% r: w: Y    },* E+ s  U) a( B1 f1 E. K
    "temp_url_keys": []
6 d  |) Y/ G9 a}7 t& M" c7 j, r2 }; L

# w/ K/ o- \8 z% H" o9 H
  i( h3 E1 b# F* t- R/ e访问对象存储(IP方式访问)1 d6 e+ k0 _3 [% W9 w; h" V) p
S3 API访问
. N$ z" ^8 z9 m& D; |客户端安装s3cmd
& ?. A8 D8 {+ [; [yum -y install s3cmd8 K+ V: c% Q0 O& |+ q6 a- V; `
1 S5 p# h, x# U7 p
生成s3.cfg配置文件
7 o6 K5 p: z& k& I( p, {s3cmd --configure2 }7 o' d/ f" _- W: p: J
6 t/ K; b* ^7 D8 }
Enter new values or accept defaults in brackets with Enter./ k5 R. K0 r5 E4 k
Refer to user manual for detailed description of all options.
8 p9 a, k% ?3 y, q6 m/ N$ l% h8 h+ o/ d2 u& B
Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
, I5 R3 n+ p0 S) n1 XAccess Key: 1F0D2GRLPRU9ENSB689J  # 粘贴服务端生成的Access Key0 Y* M; l& g: u$ B. O
Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4  # 粘贴服务端生成的Secret Key' Y, Y2 H7 L9 n
Default Region [US]:  # 直接回车即可+ ^* U# X9 l6 ]+ h

: y/ R! t6 f( a- U9 g6 ^  ?Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.
" v# c0 r9 K$ j5 I' s" cS3 Endpoint [s3.amazonaws.com]: 192.168.229.114  # 输入对象存储的IP地址& o( a0 G, Y8 I
' c  s5 _3 n8 f
Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used
& P# K( w, T! j7 S2 Zif the target S3 system supports dns based buckets.
- {, W# ]7 C9 G! B/ @# }DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket).192.168.229.114  # 输入对象存储的bucket地址: ~& Y+ t$ w: O* i0 k
, Q" x7 X# K. m/ \& B
Encryption password is used to protect your files from reading0 Q( H: |) d& O& s6 K' K: I. `
by unauthorized persons while in transfer to S37 `. ]  ?! {9 Z, c2 ?2 `
Encryption password:   # 空密码回车
0 V  l' I% J1 h" S- t$ x* dPath to GPG program [/usr/bin/gpg]:   # 回车- C! o8 ^, z/ N8 A+ u
1 V$ m8 G8 ]( t& F% e
When using secure HTTPS protocol all communication with Amazon S3
8 F! b1 g, L! j2 aservers is protected from 3rd party eavesdropping. This method is
1 `' d/ z0 V1 C9 Z6 p) Yslower than plain HTTP, and can only be proxied with Python 2.7 or newer4 ?# N" h& W7 _  m7 o
Use HTTPS protocol [Yes]: No  # 是否使用https,选no) z2 j3 r" E' ]) c

! }5 j. [  p3 l; \, N/ d& I  jOn some networks all internet access must go through a HTTP proxy.
1 q" {+ K: W! p- r# LTry setting it here if you can't connect to S3 directly8 J. I1 p+ _* ?  f. S$ f
HTTP Proxy server name:    # 留空回车, G8 ]4 Q9 O$ s+ P

3 h  a1 c2 F1 n+ J) G0 J9 D! n" INew settings:
' {5 G) G" ~* A: H1 V1 h  X$ X( N8 c  Access Key: 1F0D2GRLPRU9ENSB689J
' }5 h8 W. x/ J* S  Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4
1 u1 K6 K% W# D# H  Default Region: US  Q+ O3 r9 ^; D, Z7 H
  S3 Endpoint: 192.168.229.114
' V  B0 _& q- |7 E  DNS-style bucket+hostname:port template for accessing a bucket: %(bucket).192.168.229.114
! C' c7 f" t3 R  E) K! L; ?  k  Encryption password:   A9 P3 H0 T9 v  K/ p
  Path to GPG program: /usr/bin/gpg
+ q) P! B, C5 f$ U7 n  Use HTTPS protocol: False
* A5 R* C. [% X- e  HTTP Proxy server name: 4 @7 @' Y+ V) ^' q& s7 m5 m/ c- q
  HTTP Proxy server port: 07 N+ P! z: s1 j: l6 `5 p

5 _; R% h: O" v* M  D+ {Test access with supplied credentials? [Y/n] n  #输入n
  ?( J$ l, M# P! L5 D  v6 Q" S4 z; w( H, C1 y8 v6 W8 O
Save settings? [y/N] y  # y 要保存配置文件
# i; V) P+ Q6 h8 C3 Q: s5 m$ {3 v  mConfiguration saved to '/root/.s3cfg'  # 最后配置文件保存的位置/root.s3cfg
3 t* }  s: E' L  i5 d3 i5 `# A7 Q& m7 t5 s# Y* [# F

( \$ W. `8 N! q; ], |& u7 Y# \) [生成的s3.cfg配置文件内容如下
1 F) F" P4 e6 gcat /root/.s3cfg # g- M$ X7 m4 n$ f! @
[default]& w+ F6 c' |1 a. N0 L! B
access_key = 1F0D2GRLPRU9ENSB689J
/ C& F, a: w; f8 oaccess_token =
+ J' T  F9 B3 V1 l3 x& Hadd_encoding_exts = 7 @! [7 e* S/ ~% `9 g/ E
add_headers = 0 \5 x# }: i; W
bucket_location = US
, T' Y% X' n8 H+ Sca_certs_file = % \$ G1 N& u) q% t! ~! A
cache_file =
8 ?/ a! z- ~. W( ~# jcheck_ssl_certificate = True8 o: T8 V6 X8 Z. `. U
check_ssl_hostname = True+ ]- u! L4 a9 c) s5 S8 X7 T3 I/ A
cloudfront_host = cloudfront.amazonaws.com7 S- q0 d" o; f
connection_pooling = True
! `8 k4 a2 x* C' P8 O: Hcontent_disposition =
; s  ^! b3 a8 A2 W; C! Ycontent_type = / l  a: E6 v& J& C1 p: j0 S
default_mime_type = binary/octet-stream1 a% s6 p" q9 r
delay_updates = False+ E( b& R9 a, i% s
delete_after = False; s1 C! Y5 U9 W8 L6 `! e
delete_after_fetch = False& ^& L, J' }1 X. t- Q
delete_removed = False* N" e" n+ I; u4 A
dry_run = False
  V  Q: M3 `/ B4 h) X+ P0 r$ fenable_multipart = True$ L% D$ S' {: I  h! W1 x# [3 N3 a
encrypt = False+ ]. ~. Z3 a# T7 L2 @8 R+ Q0 e' {; ~
expiry_date =
; f1 c* a4 i$ e+ ^8 V; l, Bexpiry_days =
1 n2 m, e" Y: m" }4 `expiry_prefix =
# J9 ?$ ~" G9 u1 ?9 u- Mfollow_symlinks = False. A: @9 M3 g7 Z( U) o# y
force = False" l6 o1 K" H/ \0 x& F5 ~: v
get_continue = False& P1 o: o& k& a) o3 A3 V0 H
gpg_command = /usr/bin/gpg  R+ G) j" G6 {" x0 ^
gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
1 A( X# [1 N7 [' o6 igpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
. _4 F) a4 @9 i1 L& k* V  Mgpg_passphrase =
/ n6 r0 _+ Z: \. r# Yguess_mime_type = True* t& I, |9 r! c. ?
host_base = 192.168.229.1146 ]& Y0 ^  _5 r! V8 W( S1 P
host_bucket = %(bucket).192.168.229.114, `9 `8 f) `# ?7 K8 N/ l
human_readable_sizes = False% Q2 x" i' m1 O. M8 _
invalidate_default_index_on_cf = False
' J, C: _0 D$ k' q1 Finvalidate_default_index_root_on_cf = True
& h& b. |& P9 `invalidate_on_cf = False
1 y/ g0 @* J( wkms_key =
+ P6 ~1 o4 M! S! e/ u4 h# h* ~limit = -1; M* u- d8 ~+ i% ?, @7 |- q( N
limitrate = 03 f3 Y5 W  B  A0 I! ?" L0 C
list_md5 = False
7 s0 Q& z8 L) j* o" X- f9 P% Vlog_target_prefix = 5 S0 _. C9 ^9 U3 K  M# V
long_listing = False
' x% Y# I/ h) y  Imax_delete = -18 y- y4 w: z4 h" l6 U  S" Z. |/ }) x
mime_type =
1 r8 u0 `/ W- P5 n2 kmultipart_chunk_size_mb = 15
" A: [2 E) a( W- w4 H' c1 ~multipart_max_chunks = 10000+ ]) d  B6 Z5 P( b+ Z6 d0 H. V
preserve_attrs = True
- F8 j! ^) h2 d4 iprogress_meter = True
# b/ p4 i3 N; ^8 @  u; q- lproxy_host = ; ], j. f* `2 Q$ O" ^# c
proxy_port = 0
; t5 I! S: v- W) Zpublic_url_use_https = False+ Y& Q9 d  |( M
put_continue = False# O  V8 U% z- S# a' [9 B) C
recursive = False
3 \) X# f  r+ ~6 M% }8 B9 e7 B* arecv_chunk = 65536
0 Y  t$ Z' C4 z( a" ^0 ureduced_redundancy = False
/ G8 Q+ c8 q$ k9 J. z( Krequester_pays = False2 X! ~/ Y& U( s( u% c' Z
restore_days = 1
1 N+ c8 z7 u8 H" a1 n( p5 |restore_priority = Standard
! v# e3 E& }! s- Esecret_key = M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h40 Q& M' Q7 Z7 c
send_chunk = 65536- L$ {. C+ v7 z+ ]6 p
server_side_encryption = False8 T* K1 K1 w3 x
signature_v2 = False
7 y+ N; Z6 y4 msignurl_use_https = False
9 a' i" m4 f: p3 osimpledb_host = sdb.amazonaws.com! Z3 b6 y9 t4 f/ w: i1 H1 x
skip_existing = False/ r2 r* r! Z1 V1 ?. ^# l
socket_timeout = 300' h  F8 K9 M8 H  M( D4 a, J' s
stats = False
( R' p3 E! o' f* Xstop_on_error = False
& K6 q- O/ O- f6 R% Z: ~storage_class =
  o& O8 k7 f3 H1 `1 H" jthrottle_max = 100+ Y2 Q1 u; Q! W$ A- Q2 d* e
upload_id =
; ?. W5 L% f# hurlencoding_mode = normal1 W* {- ]9 \. [% b
use_http_expect = False! u& s# h4 d5 B0 k; L; A
use_https = False
! A3 W6 |# ?  S" m- d9 Cuse_mime_magic = True
: q3 }8 W& J$ o, \: ?verbosity = WARNING. u/ I1 ~+ a, h+ W
website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
( |7 C# @* q$ L, Y! {2 b2 Lwebsite_error =
. q. X. N6 Q; lwebsite_index = index.html
8 o; U  r" W* r; P1 z: n+ p5 S: ]$ p- D( B9 n$ i/ W6 u& t* p
创建桶( I" O) |6 G- h* H6 l
s3cmd mb s3://buck1
' J( t. w( n( F8 ]输出0 l# j( w5 Q2 V# C  E/ i
Bucket 's3://buck1/' created
4 m3 @5 z& _' `) Z* g% D7 H1 w5 ]9 C9 G
s3cmd mb s3://my-bucket2 ~4 V" {& ?" r& e
输出  K# h; D" u- z9 ^/ j; V
Bucket 's3://my-bucket/' created
4 _9 z" v) l4 l0 X+ `' @
- A4 b6 ~! r7 B; h( i, F/ W/ }; O5 Q. B
查看桶. u, R# w1 S( g( t+ V* m5 c
s3cmd ls
- S+ Y9 J1 q& m; t* u输出
# Q9 F- @) ]% Q* [/ B. T" k2020-11-04 02:43  s3://buck1
* q# ~& @7 c4 y% ]2020-11-04 02:30  s3://my-bucket( x% A5 `* k. [3 Z/ f: ]7 @* G! N& v

: f: q% a6 P6 t往桶中传数据
( s1 V$ _, G7 K- F5 P3 E7 ys3cmd put /etc/hosts s3://buck18 c& q4 d$ C' ~6 y+ I3 {2 k9 N
输出1 u( {7 e3 R( h
upload: '/etc/hosts' -> 's3://buck1/hosts'  [1 of 1]7 h( D! m8 l: P8 [, _7 A
304 of 304   100% in    3s    92.11 B/s  done
; v+ z4 A& T/ D  A+ z0 y
# G5 [1 y' `' e$ o- A6 oswift访问
5 d  x) l" o# e7 W, k: M客户端安装swift客户端
: x$ l5 o- I# T2 b7 uyum -y install python-setuptools
1 R! X* z) O$ {3 T2 Hyum -y install python-pip
) d1 _& T& N. ^* ]; v4 a" |2 Ypip install --upgrade pip -i https://mirrors.aliyun.com/pypi/simple
- Y, r9 C" J' V9 O$ m/ zpip install --upgrade setuptools -i https://mirrors.aliyun.com/pypi/simple$ f) X) s/ `5 c/ K9 {
pip install python-swiftclient -i https://mirrors.aliyun.com/pypi/simple
+ Z4 P( l, a% @+ h: G7 o, _" Q/ h( I" S7 j% a; ~) ^
swift创建并查看桶/ C" u3 u1 k3 f8 `
swift -V 1.0 -A http://192.168.229.114/auth -U mona:swift -K secretkey post swift-buck0 Z5 X; U  ~* l3 G* T2 \  B
swift -V 1.0 -A http://192.168.229.114/auth -U mona:swift -K secretkey list; G0 A1 h3 \6 {3 N* L4 k8 ^
输出
$ S% @+ S3 ~5 h, Q7 {5 L/ Obuck1' _7 J7 \& \; N0 R
my-bucket- f; Q; F& r$ e/ N
swift-buck1 h' O/ h4 f; b+ N1 ?" }  H% L1 |

. s$ W( Q9 `- _, X; z; Q$ @访问对象存储(DNS方式访问)
9 X# M4 m) M5 l+ s* dceph对象存储支持S3和swift兼容的API。为了利用ceph对象存储的能力,我们需要配置S3或者swift接口。接下来我们依次为这两种接口做一个基本配置。高级配置请查阅它们各自的文档。
6 p2 d' c$ [: F. b3 N$ I; W# p8 I2 o# q# {6 k1 E0 i
S3 API访问
4 S* B+ {* M- k0 @1 Q0 `Amazon的简单存储服务(S3)通过Web接口(例如REST)为用户提供存储服务。ceph通过RESTful API兼容S3。S3客户端应用程序能够通过access和密钥来访问ceph对象存储。下面我们来配置它,除非特别指明,否则以下命令都在ceph-rgw节点上执行。
, p* _! J: {% Tradosgw用户应该有足够的能力来处理S3请求。为radosgw用户(ID为mona)增加必要的能力。4 V: q  h' @. h* ]% w$ m
% i/ X5 `3 z$ Q. M1 s- c
安装dns服务2 }' Z5 [3 Y" K3 s0 P1 U, o
yum -y install bind* -y
9 }" `* V3 O- M( N6 }! z8 M/ P
, `* a$ m$ j  E* n( M配置dns服务
& ]0 F9 Z" G- J  ~6 D$ ucat /etc/named.conf
6 A7 A' E0 w$ j; S) }options {/ V( J$ V6 r2 i, ~- ^
        listen-on port 53 { 127.0.0.1;192.168.229.114; };
3 @5 w* D. @! w: f. n- X        listen-on-v6 port 53 { ::1; };
% _& @* ^) j: g# j) z        directory         "/var/named";
9 w8 u* ?& O1 g: H5 p7 i3 q: H        dump-file         "/var/named/data/cache_dump.db";% Y4 ~5 p! C8 E* C" X
        statistics-file "/var/named/data/named_stats.txt";
( w) Y  K! ?6 A7 @/ f5 n3 F        memstatistics-file "/var/named/data/named_mem_stats.txt";3 e& V" e; l; r2 q
        recursing-file  "/var/named/data/named.recursing";
& A8 L+ b  A/ z2 n        secroots-file   "/var/named/data/named.secroots";
: }7 b2 C; f5 T+ |# a        allow-query     { localhost;192.168.0.0/16; };
5 F( e5 m3 w: r& F6 m4 u  @8 X0 ]: |% T0 {& }0 l* e* m! G( q9 A
zone "objectstore.com" IN {4 I* U+ m! R" p$ _/ F$ Y
        type master;6 }* {  G, S8 D0 w4 b. j
        file "db.objectstore.com";  w2 X# ?1 z7 \( l) ]2 O
        allow-update {none;};7 U: @4 p" T8 d# s
};2 Y% U% a& x, `) r
" B5 b+ s+ ]  _0 E9 P
说明:ip地址根据实际情况更改。
% [& V# |3 p. w0 k; k7 n
- z+ t) s- ^- A& L5 h8 Kcat >/var/named/db.objectstore.com <<EOF0 W7 G6 m2 n% s7 u: e" q
@ 86400 IN SOA objectstore.com. root.objectstore.com. (8 W# _( s( Q6 w6 U% g3 q
        20091028 ; serial yyyy-mm-dd
. {: t. R& Z* @" Q; I           10800 ; serial every 15 min- `6 s& }1 ?" [8 l8 l+ I, x
            3600 ; serial every hour
( E1 T) E! V6 f9 X         3600000 ; expire after 1 month +
" P/ O( f3 v' z/ p0 _; C) P8 |, M           86400) ; min ttl of 1 day6 K) a" u/ i4 N# @  \
@ 86400 IN NS objectstore.com.
' W6 B& i- }& Q" w/ h2 p# N@ 86400 IN A  192.168.229.114& W8 l7 Y# ^0 `) d/ X
* 86400 IN CNAME @/ E: |  Q$ m; p; ^* U& W
EOF& m+ ^+ _; [) }$ c9 L; G

9 `. E9 l; b( R" `6 ]7 {4 I& O' l编辑/etc/resolv.conf文件. C3 q0 l! s: }' e
cat /etc/resolv.conf
/ m5 A/ o# B* y6 a1 _% d# Generated by NetworkManager8 s# \5 {+ S; W2 P8 y5 k
nameserver 114.114.114.114/ J. L/ E- B( c3 w+ X; G
search objectstore.com
& Y) \& x6 ^% bnameserver 192.168.229.114
4 x0 V' h) ~  a7 V& L: e6 ]6 o# O  e8 T! V1 q) q

! O: e8 u5 |% c) h* L7 q检查配置
' _; O) F0 U% U7 M- p9 s# G2 f- Ynamed-checkconf /etc/named.conf
7 U1 ^4 M" G: c  j1
) @6 x( q" w' P& K( ynamed-checkzone objectstore.com /var/named/db.objectstore.com
3 `- a# W3 H3 h6 F7 X/ h$ A3 r$ _正确输出. z1 D9 ^  ~- b+ n) o
zone objectstore.com/IN: loaded serial 20091028
) [# z2 {( |& t, U" a% h  JOK6 I, Q0 f2 j0 M( k/ ^

6 E9 |/ P' Z" j& T2 ]4 R; p, F启动dns服务* I) k  e. q0 a! R$ }& ^  a8 |) \
systemctl start named
9 ]1 z' V" |/ T! x5 p6 ~0 e/ g3 Y. b0 S+ v
测试dns配置9 V2 U- T4 [  y5 S
dig ceph01.objectstore.com
4 h  d- V" l- mnslookup ceph01.objectstore.com
: W( t5 i1 D( g/ @( f) ]% t
* O! P, p7 S; h- k* L- c3 w" ~( m& r/ I7 ]$ k. ]# w
在客户端的/etc/resolv.conf文件增加配置- w2 e7 M4 f) d/ H
cat /etc/resolv.conf& W! h7 H: l" m8 N( r
# Generated by NetworkManager/ X. `7 z0 p8 V- @, K. l. s, g
nameserver 114.114.114.1143 e2 i2 r& b& V2 K; _
search objectstore.com
& `6 g/ j# u+ P$ v2 N: t) Hnameserver 192.168.229.114
4 N2 c3 L& ~# G+ }2 [7 [4 Q) M
+ o% n% O& N+ r! _+ \) ?9 ]) Q测试客户端的dns配置4 g9 r! _+ r  F% ?- E
yum install bind-utils
% O, U" Y+ t+ L( L0 Bdig ceph01.objectstore.com, A& r- y. W; F! ]) |! b+ Q
nslookup ceph01.objectstore.com' [' g6 h, P9 u6 G$ {+ m6 |

* Z, }; S: d; C6 G% A' z. v客户端安装s3cmd
( o# K# [  ^7 V" M# Q% Y' {8 tyum -y install s3cmd
: T- @! ^5 ^) p5 `0 `: a5 @$ e) \3 y2 g* \8 r
生成s3.cfg配置文件, J& U! H9 e* d! u8 S. _
s3cmd --configure
, y- N# X1 Z: ^. a$ x2 M
& y! r7 n# H9 \8 j0 @& O. K) YEnter new values or accept defaults in brackets with Enter.6 c! x+ i. d' i( @9 L
Refer to user manual for detailed description of all options.
5 C& O5 V4 q% E& p/ o3 Z$ O9 o- K2 x* y  y
Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
+ c2 t) `" R2 x4 Z  H- DAccess Key: 1F0D2GRLPRU9ENSB689J  # 粘贴服务端生成的Access Key
; Q  S, ?$ j6 i- K. l$ _( ?Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4   # 粘贴服务端生成的Secret Key% r4 s+ ~% _" m9 p
Default Region [US]:   # 直接回车即可
& J' h5 ]& R; u: j+ o
) E$ B' T, Z" I+ ^8 mUse "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.* n) N% {' F7 l2 v
S3 Endpoint [s3.amazonaws.com]: ceph01.objectstore.com  # 输入对象存储的域名
* y' H& w) V5 ?' ]( l% Y! T" i' }. Z/ x* `3 N
Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used, j, a9 W! ^: O) m1 g3 _; [
if the target S3 system supports dns based buckets.
& U. z6 g5 Q& a9 EDNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket).ceph01.objectstore.com  # 输入对象存储的bucket地址& M8 O7 M6 N+ {& s
! ]4 r+ z% ~9 ?
Encryption password is used to protect your files from reading
9 V( t. O+ G6 {; V- hby unauthorized persons while in transfer to S3
2 s  |: M: O7 fEncryption password:    # 空密码回车
3 i1 _9 |) n7 F, R: z  K% p. |Path to GPG program [/usr/bin/gpg]:  #回车
. u9 L6 E+ i0 r3 ?# i$ x- k2 `; ?6 V$ x
When using secure HTTPS protocol all communication with Amazon S3
+ _9 ~% Y: U" t6 e+ ?servers is protected from 3rd party eavesdropping. This method is
+ B$ _! C( E. vslower than plain HTTP, and can only be proxied with Python 2.7 or newer
) I) H, \" r! \, z2 r2 D1 uUse HTTPS protocol [Yes]: No #输入No
, |# M  \9 W% L8 ^0 z, ?+ C9 {( r& `( {- ]- r' v
On some networks all internet access must go through a HTTP proxy.; j8 x, d3 F4 o% C5 E
Try setting it here if you can't connect to S3 directly7 Y, W0 F. `1 H0 H# G" N  V0 Z3 S
HTTP Proxy server name:  #回车
7 e; Y! H" @3 e. ]' V2 @
8 T5 x, W+ B/ A, u& I" eNew settings:$ @5 \' F8 \8 H6 ^- X* g1 V6 k
  Access Key: 1F0D2GRLPRU9ENSB689J
+ b& Z: _; B, y$ |0 m  Secret Key: M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4
  M- v4 z  `6 o8 n  Default Region: US, y3 [3 G, l# _7 s1 J# r
  S3 Endpoint: ceph01.objectstore.com. y7 C2 ]! U1 g- H* i+ B- O
  DNS-style bucket+hostname:port template for accessing a bucket: %(bucket).ceph01.objectstore.com
9 ^* R* z/ E# _6 F  Encryption password: - B6 F3 S/ W7 N+ J
  Path to GPG program: /usr/bin/gpg) l6 L0 C0 h. X4 e# i
  Use HTTPS protocol: False
, e" _4 o9 h& L; [: a  HTTP Proxy server name: 0 z* L/ H2 ^& }  Q$ L( k
  HTTP Proxy server port: 0. R: o6 q& A& W" \
) g# p6 A; o* \  T# A) o4 Y/ B
Test access with supplied credentials? [Y/n] n #输入n: m  ]: f! Z& R: E) [
* x* B- Q8 A! y+ n7 `5 w: Q  d
Save settings? [y/N] y #输入y) e1 Y1 I0 _' V1 x1 W) q
Configuration saved to '/root/.s3cfg'   # 最后配置文件保存的位置/root.s3cfg+ w. G( d' j, O" Y3 w: b6 A3 F
& o4 z, V: c; ^1 {* f

6 F5 C5 N2 j' x生成的s3.cfg配置文件内容如下" O. A. U. |: i4 W, r
cat /root/.s3cfg ' u2 T3 K6 H* I  ?: l$ S7 {( ~" X
[default]
" S  r- ]5 h+ ]0 P: ?  _access_key = 1F0D2GRLPRU9ENSB689J
& H& M' B$ S  t" Qaccess_token =
& a" X1 R* t- p. ]add_encoding_exts =
" j" \5 ^" e, G! F- f3 b/ Xadd_headers = 9 a( T$ t6 H/ O0 S1 {6 R- k; f/ L4 ?
bucket_location = US
' r# \; F$ ]- j  ica_certs_file =
: u: o( u8 Z/ _; H  wcache_file =
/ x3 V) U5 H% q7 O1 H7 z( _check_ssl_certificate = True
& B4 Y" _5 d+ m  S6 T7 }  ]check_ssl_hostname = True2 x, K* ]+ U7 N+ Z1 l1 G' q
cloudfront_host = cloudfront.amazonaws.com
. w4 P8 J, D' Oconnection_pooling = True
% r9 d# r" Y6 Scontent_disposition = 2 n3 J; v  g6 E# d
content_type =
2 `& J2 s; v3 ^  `default_mime_type = binary/octet-stream
  g" T& t7 ~/ Y+ B6 b% s7 F0 h: fdelay_updates = False8 A1 S& K  D+ S( H- [
delete_after = False% c! a7 S) X! j5 g0 r1 F# |% v
delete_after_fetch = False
3 ]4 k3 E; n+ D0 a: O; Ddelete_removed = False
* E3 ^( M5 s; V9 x' ndry_run = False
! h# \2 n6 D; Benable_multipart = True
& L7 |+ j8 e; C9 z1 l6 h0 Y! }' Xencrypt = False
2 l$ o1 T- [8 `5 f3 h0 ^, e- b; yexpiry_date =
1 f5 D! q* t3 Mexpiry_days =
0 }& _5 j. w$ Q5 `expiry_prefix =
+ {5 R- J: j( r1 o0 Q0 ufollow_symlinks = False
" R) j/ ?7 k9 w% g. lforce = False
. F8 g6 H, J/ C2 O+ y/ W% bget_continue = False
% n3 B! C$ K6 [# p, S  T1 mgpg_command = /usr/bin/gpg9 h4 D6 h* @. [- `- A
gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
# r4 l% B5 L* h' t& |5 Cgpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
, z( |8 @; X( L2 O2 s' `1 Tgpg_passphrase =
) u8 L: |, J4 l6 J1 Eguess_mime_type = True
. v- C+ Q( m/ r6 p2 b! Y! ?host_base = ceph01.objectstore.com
; O1 K* B/ Q8 `$ ~* p/ Uhost_bucket = %(bucket).ceph01.objectstore.com, P* V. k5 u2 G- M  s6 j2 d  O
human_readable_sizes = False
* G- s. U. c. k" \; w% b* ainvalidate_default_index_on_cf = False
! q( P- l, [- S2 n! |/ X- Jinvalidate_default_index_root_on_cf = True
. S; M. i- E  cinvalidate_on_cf = False
+ m" d1 Z& M% ]0 N) wkms_key = ' \8 U0 {; p; l* _3 p. ]
limit = -1
7 L& E: J" \6 l" X' tlimitrate = 0. \" C2 k- h: `" K4 E( m
list_md5 = False. a: {# q  Z! G6 @$ G0 L& D
log_target_prefix =
+ ?4 A  O2 T' @) Vlong_listing = False; b! _4 e0 z" f& {- @9 k
max_delete = -1* ~, E- J+ W' n& o4 S  {9 Q) `
mime_type =
9 }3 E1 a, U! Q5 E$ ymultipart_chunk_size_mb = 15( S- g% H* Y, X9 y5 D' K
multipart_max_chunks = 10000' d4 ~5 j) G' t+ o# c) U
preserve_attrs = True
/ {- n2 Y5 @  A0 a' nprogress_meter = True
; S1 Q' h5 l& B  Y0 W8 hproxy_host =
' q# z) j* K: Iproxy_port = 0% T8 ^. c1 x) q3 g) i: Q: F0 ~
public_url_use_https = False
" C) N4 x/ v) p! a% Z/ ~& eput_continue = False9 M! a& C/ B9 O; U
recursive = False
, a0 y  p" ~3 ^, j+ ~recv_chunk = 655364 T% ]8 B  ]  A1 p; R1 o
reduced_redundancy = False
+ |& g8 N; W" p2 I' d( Zrequester_pays = False
( s$ h0 R- c" e' _restore_days = 1
3 |+ B7 z' t; [/ z# `restore_priority = Standard
9 H* Q& u% V8 x) F" |5 ^. osecret_key = M5AmCuh8XcWnKXvBUJ8orE90z6508YGDtbvIA0h4
0 \& U/ R+ {0 t1 i1 p' Dsend_chunk = 65536
: a" d% c9 `/ t* ~1 sserver_side_encryption = False2 z& M, o; P# L2 N# m
signature_v2 = False9 j0 u' E: Y6 @) }2 r
signurl_use_https = False
: g3 K, z7 y) V1 r, ?simpledb_host = sdb.amazonaws.com/ |! F4 r( [1 r+ q
skip_existing = False
2 r9 Q+ F* u8 U, g+ b9 J) bsocket_timeout = 3005 {7 A! z2 K% M1 A8 f4 a
stats = False: N  v% U& Q3 y+ I
stop_on_error = False) k% Q( P# ], U$ A9 A
storage_class = 9 z" B4 ]' v1 Z( `" E
throttle_max = 100# J- h# U* b0 s1 d8 n2 r
upload_id = / v5 {. {. c: x$ l4 `2 [
urlencoding_mode = normal. D3 }7 y2 |0 o0 Y- q! u, \% p5 Q
use_http_expect = False
+ N8 E! A. m; e2 j: iuse_https = False  I, \  _( o( w# ~2 e
use_mime_magic = True
  R1 ~9 e- _; F* ~) W" P: sverbosity = WARNING
* K4 k4 c: w$ H7 u( Gwebsite_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/3 d9 n* w+ J' M* H: a" \
website_error =   K0 G* |) ]; e$ X; }+ i- Z' P
website_index = index.html6 s+ k  h* }: ^6 _+ |/ L9 D* i
1 Q7 L: ?+ V% d/ V& U3 D: o
vim /root/.s3cfg
, i! {$ Q) h9 u. y7 ]host_base = ceph01.objectstore.com
2 b; H6 [7 V) M% m% X3 `+ E1 xhost_bucket = %(bucket)s.ceph01.objectstore.com
! |* A: x) C8 w+ r/ }1 L% j$ b8 y% F; D
创建桶5 y" C6 T- }$ F% V  N' @8 e
s3cmd mb s3://buck1* ?6 X& \: ~( S, C
输出: E3 _" K* V8 X9 l+ X
Bucket 's3://buck1/' created
" k% s/ |! s$ W+ h
, [4 H/ B( O. F' z7 t) qs3cmd mb s3://my-bucket
2 j0 n1 n) K) U- j) N7 g输出
, T2 K, w4 S- L4 K  b5 ]5 C7 EBucket 's3://my-bucket/' created
4 E1 W, E8 ^: J& y$ u1 }
/ l$ q' r5 ]3 Z6 ?' w- M查看桶
8 S  n. a' f- ls3cmd ls
9 g( j0 X" `# h: c$ |输出
; ~0 d1 e. O9 }; n9 ^* T/ g2020-11-04 02:43  s3://buck1$ w, d3 P) p% R& \
2020-11-04 02:30  s3://my-bucket
0 D4 [3 |7 j4 k. c1 R& p5 \1 p! J' n( D, T) u5 D6 W$ T
往桶中传数据2 C* |7 c! y$ g& W* T; G
s3cmd put /etc/hosts s3://buck1! D  s! W! A- B  C- U! p) m$ L2 y
输出0 L- @% h! O1 `6 V4 d: g
upload: '/etc/hosts' -> 's3://buck1/hosts'  [1 of 1]
8 {" m% y7 b+ n 304 of 304   100% in    3s    92.11 B/s  done: d: O& F1 ?  X* |
  B  h# N! F  x3 A9 W
swift访问9 a! l4 L/ K: k/ `9 r" D
客户端安装swift客户端. y  P: Z5 |" t) g9 h; j
yum -y install python-setuptools- D. o; K4 R, j+ Q
yum -y install python-pip
! c8 s2 Y- i* F3 P$ a, h3 t: F3 |, }pip install --upgrade pip -i https://mirrors.aliyun.com/pypi/simple
' Z& L- v( R# v7 ?/ A9 m3 zpip install --upgrade setuptools -i https://mirrors.aliyun.com/pypi/simple
. C% h) D% c7 w/ ~* A$ D% `pip install python-swiftclient -i https://mirrors.aliyun.com/pypi/simple
' y5 ]  b* l" v. _5 @* R7 }
$ k6 a4 e9 b  f! [/ h# w3 ~: Nswift创建并查看桶# c, {2 [# k3 L/ N7 E) \
swift -V 1.0 -A http://ceph01.objectstore.com/auth -U mona:swift -K secretkey post swift-buck4 r0 `  }( z# B; i- }7 a" Y$ r
swift -V 1.0 -A http://ceph01.objectstore.com/auth -U mona:swift -K secretkey list7 y  L+ F4 V& j
输出( B  q& K3 p/ }7 Q+ ]
buck1) \8 k; B2 N2 H) w- H* w( d8 `5 ~
my-bucket
3 c: y" P5 t' X) z- I' Uswift-buck7 P8 \4 Y0 g5 \0 R  O( h

8 n4 R* T$ z' k
: p# k5 r& m" R9 r7 s3 I
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

返回首页|Archiver|手机版|小黑屋|易陆发现技术论坛 ( 蜀ICP备2026014127号-1 )

GMT+8, 2026-6-12 02:03 , Processed in 0.023066 second(s), 23 queries .

Powered by Discuz! X5.0

© 2001-2026 Discuz! Team.

快速回复 返回顶部 返回列表