成都网站建设设计

将想法与焦点和您一起共享

Ceph配置S3和swift接口访问集群

系统运维

要使用REST接口,我们首先要为S3接口创建一个初始的Ceph对象网关用户,然后为Swift界面创建一个子用户,最后,我们需要验证创建的用户是否能够访问网关。

合水网站制作公司哪家好,找成都创新互联!从网页设计、网站建设、微信开发、APP开发、成都响应式网站建设等网站项目制作,到程序开发,运营维护。成都创新互联于2013年成立到现在10年的时间,我们拥有了丰富的建站经验和运维经验,来保证我们的工作的顺利进行。专注于网站建设就选成都创新互联

创建用以访问s3接口的radosgw用户

执行如下命令创建用户,记录下access_key和secret_key,没记住也没关系,可以使用radosgw-admin user info --uid=s3查看


[root@ceph-node1 ~]# radosgw-admin user create --uid="s3" --display-name="s3 user"
{
"user_id": "s3",
"display_name": "s3 user",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{
"user": "s3",
"access_key": "WNXRGPK6XGWO8XRLWRUA",
"secret_key": "Segqx8fZ8H5arM1Pvpygiewp4gl9Qjkrymi09aVP"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}

创建用以访问swift接口的radosgw用户

进行swift接口访问,需要创建一个Swift子用户,记录下s3:swift的secret_key


[root@ceph-node1 ~]#radosgw-admin subuser create --uid=s3 --subuser=s3:swift --access=full
{
"user_id": "s3",
"display_name": "s3 user",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [
{
"id": "s3:swift",
"permissions": "full-control"
}
],
"keys": [
{
"user": "s3",
"access_key": "WNXRGPK6XGWO8XRLWRUA",
"secret_key": "Segqx8fZ8H5arM1Pvpygiewp4gl9Qjkrymi09aVP"
}
],
"swift_keys": [
{
"user": "s3:swift",
"secret_key": "czb1ExW6XRy7iE41gFLL0xQNlamLLc569DC9FG1r"
}
],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}

测试s3接口

我们需要编写并运行Python测试脚本来验证S3访问, S3访问测试脚本将连接到radosgw,创建一个新的存储桶并列出所有存储桶, access_key_id和secret_access_key的值取自radosgw-admin命令返回的s3用户的access_key和secret_key的值,另外需要修改主机名(host)和端口(port)


[root@ceph-node1 ~]yum install python-boto -y


[root@ceph-node1 ~]vim s3test.py

import boto
import boto.s3.connection
access_key = \'WNXRGPK6XGWO8XRLWRUA\'
secret_key = \'Segqx8fZ8H5arM1Pvpygiewp4gl9Qjkrymi09aVP\'
conn = boto.connect_s3(
    aws_access_key_id = access_key,
    aws_secret_access_key = secret_key,
    host = \'ceph-node1\', port=7480,
    is_secure=False,
    calling_format = boto.s3.connection.OrdinaryCallingFormat(),
)
bucket = conn.create_bucket(\'my-first-s3-bucket\')
for bucket in conn.get_all_buckets():
        print {name}\\t{created}.format(
                name = bucket.name,
                created = bucket.creation_date,
)

root@ceph-node1 ~]python s3test.py
my-first-s3-bucket 2019-12-13T02:58:44.604Z


也可以使用s3cmd这个命令行工具

root@ceph-node1 ~]yum install s3cmd -y


root@ceph-node1 ~]s3cmd --configure

配置里需要填写s3用户的secret_key和access_key,以及S3 Endpoint和target Amazon S3,这两个填写radosgw的主机的主机名和端口,如ceph-node1:7480


root@ceph-node1 ~]s3cmd ls #查看已有bucket
2019-12-13 02:58 s3://my-first-s3-bucket
root@ceph-node1 ~]s3cmd mb s3://my-second-s3-bucket #创建一个bucket
root@ceph-node1 ~]s3cmd put /etc/hosts s3://my-second-s3-bucket #给刚才创建的bucket中放入一个文件
[root@ceph-node1]# s3cmd ls s3://my-second-s3-bucket #查看桶中文件
2019-12-13 03:08 575 s3://my-second-s3-bucket/hosts

测试swift接口

root@ceph-node1 ~]yum install python-pip -y
root@ceph-node1 ~]pip install --upgrade python-swiftclient


创建一个bucket
[root@liuning s3]# swift -A http://glusterfs-node1:7480/auth/1.0 -U s3:swift -K e58xcqROWx2bMMSo36KnNWUYpEUrdPbDruNWezqr post my-first-swift-bucket


用swift接口查看这个已有的bucket
[root@liuning s3]# swift -A http://glusterfs-node1:7480/auth/1.0 -U s3:swift -K e58xcqROWx2bMMSo36KnNWUYpEUrdPbDruNWezqr list
my-first-s3-bucket
my-first-swift-bucket
my-second-s3-bucket

注意可能会出现下面这个错误,等一会就好了,要是不行就把刚才的用户删除了重新创建一个,使用新的secret_key

Auth GET failed: http://ceph-node1:7480/auth/1.0 403 Forbidden [first 60 chars of response] {"Code":"AccessDenied","RequestId":"tx000000000000000000013-
Failed Transaction ID: tx000000000000000000013-005df3022d-e2a1-default


至此,s3和swift接口的搭建和测试已经完成,如需更多使用实例和api,可以查阅man或ceph官网


本文名称:Ceph配置S3和swift接口访问集群
文章URL:http://chengdu.cdxwcx.cn/article/choged.html