Ceph Object Gateway Admin api介绍

说明:Ceph rgw admin ops api 是为了通过rest方式对对象存储进行管理的接口,可以通过该接口管理和获取对象存储相关信息。

认证:与S3使用同样的认证方式。

版本:基于Ceph 10.2。

准备工作:

需要创建一个新的管理用户,授予用户权限:

radosgw-admin caps add --uid=admin --caps="users=*"
radosgw-admin caps add --uid=admin --caps="buckets=*"
radosgw-admin caps add --uid=admin --caps="metadata=*"
radosgw-admin caps add --uid=admin --caps="usage=*"

1、获取用户信息

GET /admin/user?format=json&uid=

正常响应200:

{"tenant":"","user_id":"test5","display_name":"test5","email":"","suspended":0,"max_buckets":1000,"subusers":[],"keys":[{"user":"test5","access_key":"2EQJ8SOOKWYOQHRV4R2U","secret_key":"ApN5WaWAbrWQzL6Fr4yeMxYcwZbkhrVMKy6JOUpL"},{"user":"test5","access_key":"I2ZBDJFFKR66Z4FM0R7C","secret_key":"KHEZioCjhmw1T2JlTWGUbWg8Pb75QwHH5qRJ3MqC"}],"swift_keys":[],"caps":[]}

异常:

  • 返回403:认证问题

  • 返回404:无该用户UID({"Code":"NoSuchKey","RequestId":"tx000000000000000006e3a-00591434b1-c4808-cn-bj-1","HostId":"c4808-cn-bj-1-cn"})

2、创建用户

PUT /admin/user?format=json&uid=&display-name=

可选参数:email、key-type(默认s3)、access_key(指定access_key)、secret_key(指定)、user_caps(管理权限,默认不需要)、generate-key(生成key,默认True)、max_buckets(最大buckets数量,默认1000)、suspended(是否暂停使用,默认False)。
这里只使用uid和display-name

返回(200):

{"tenant":"","user_id":"test9","display_name":"test9","email":"","suspended":0,"max_buckets":1000,"subusers":[],"keys":[{"user":"test9","access_key":"2Y1705SATJC7L50T48SW","secret_key":"LRmTVFxWCqqpYTuYY5QLTrJXCZ9fQThB0285drNs"}],"swift_keys":[],"caps":[]}

异常:

  • 403:认证错误

  • 409 Conflict:创建同一个uid,但是display-name不一样。(如果uid和display-name与之前都一致,会生成一个新的key,返回用户信息key-list。多次执行会创建多个key)

3、修改用户信息

POST /admin/user?format=json&uid=

后面接需要修改的参数,与PUT时一致(display-name)也可以修改。

返回200:用户最新信息

4、删除用户

DELETE /admin/user?format=json&uid=&purge-data=True|False

删除用户,同时删除用户所有的数据。注意:删除对象操作为同步操作,需要测试大数据量时的情况

5、创建subuser

subuser是swift接口使用的用户.

PUT /admin/user?subuser&format=json&uid=&subuser=

返回值:

[{"id":"test6:test6_sub1","permissions":""}]

异常:
409 subuserid已经存在

注意:如果未在创建时指定key,创建subuser后,并不返回subuser的id和key。需要获取用户uid信息中,在swift-key中获取。

6、修改subuser

POST /admin/user?subuser&format=json&uid=&subuser=

可修改参数 generate-secret=True(生成一个新的key代替现有key,不创建新key)、secret=xxxxx(指定新Key)、access(设置权限,access,write,readwrite,full)

返回:与创建subuser一致。

7、删除subuser

DELETE /admin/user?subuser&format=json&uid=&subuser=

返回状态码:200

8、创建key

# Add s3 key 
PUT /admin/user?key&format=json&uid=

# Add swift key 
PUT /admin/user?key&format=json&uid=&subuser=

返回示范:

# s3 key 
[{"user":"test6","access_key":"96TUEBQ5V4FNJJCA9D4T","secret_key":"vpzqdWHLmarjiRACqFYVJ1Smf5xr41rzxFuc82Ab"}]

# swift key

[{"user":"test6:test","secret_key":"4NOQWFCyvrHSP8UHyEIT0Sn0Yhqr7D2VI4czI48M"}]

注意:创建swift key时,如果subuser并不存在,仍旧可以创建成果,但是产生的key无法使用,在使用时会提示403。如果subuser存在,会替换原有的key。因此,请勿使用该接口创建swift key。

9、删除key

DELETE /admin/user?key&format=json&access-key=

返回状态码:200

10、获取bucket信息

# Get single bucket info
GET /admin/bucket?format=json&bucket=

# Get user bucket list(Only list)
GET /admin/bucket?format=json&uid=

# Get user bucket list include usage info
GET /admin/bucket?format=json&uid=&stats=True

返回示范:

# Get single bucket info
{"bucket":"13c8f65a-fff4-11e6-af79-9ce374424eb5","pool":"cn-bj-1.rgw.buckets.data","index_pool":"cn-bj-1.rgw.buckets.index","id":"fa251bb9-e7a0-46da-9599-90ab1546155b.684240.8","marker":"fa251bb9-e7a0-46da-9599-90ab1546155b.684240.8","owner":"yuanchao.li","ver":"0#1,1#1,2#1,3#1,4#1,5#1,6#1,7#1,8#1,9#1,10#1,11#1,12#1,13#1,14#1,15#1,16#1,17#1,18#1,19#1,20#1,21#1,22#1,23#1,24#1,25#1,26#1,27#1,28#1,29#1,30#1,31#1,32#1,33#1,34#1,35#1,36#1,37#1,38#1,39#1,40#1,41#1,42#1,43#1,44#1,45#1,46#1,47#1,48#1,49#1,50#1,51#1,52#1,53#1,54#1,55#1,56#1,57#1,58#1,59#1,60#1,61#1,62#1,63#1,64#1,65#1,66#1,67#1,68#1,69#1,70#11,71#1,72#1,73#1,74#1,75#1,76#1,77#1,78#1,79#1,80#1,81#1,82#1,83#1,84#1,85#1,86#1,87#1,88#1,89#1,90#1,91#1,92#1,93#1,94#1,95#1,96#1,97#1,98#1,99#1","master_ver":"0#0,1#0,2#0,3#0,4#0,5#0,6#0,7#0,8#0,9#0,10#0,11#0,12#0,13#0,14#0,15#0,16#0,17#0,18#0,19#0,20#0,21#0,22#0,23#0,24#0,25#0,26#0,27#0,28#0,29#0,30#0,31#0,32#0,33#0,34#0,35#0,36#0,37#0,38#0,39#0,40#0,41#0,42#0,43#0,44#0,45#0,46#0,47#0,48#0,49#0,50#0,51#0,52#0,53#0,54#0,55#0,56#0,57#0,58#0,59#0,60#0,61#0,62#0,63#0,64#0,65#0,66#0,67#0,68#0,69#0,70#0,71#0,72#0,73#0,74#0,75#0,76#0,77#0,78#0,79#0,80#0,81#0,82#0,83#0,84#0,85#0,86#0,87#0,88#0,89#0,90#0,91#0,92#0,93#0,94#0,95#0,96#0,97#0,98#0,99#0","mtime":"2017-03-03 17:31:11.966259","max_marker":"0#,1#,2#,3#,4#,5#,6#,7#,8#,9#,10#,11#,12#,13#,14#,15#,16#,17#,18#,19#,20#,21#,22#,23#,24#,25#,26#,27#,28#,29#,30#,31#,32#,33#,34#,35#,36#,37#,38#,39#,40#,41#,42#,43#,44#,45#,46#,47#,48#,49#,50#,51#,52#,53#,54#,55#,56#,57#,58#,59#,60#,61#,62#,63#,64#,65#,66#,67#,68#,69#,70#00000000010.51515.3,71#,72#,73#,74#,75#,76#,77#,78#,79#,80#,81#,82#,83#,84#,85#,86#,87#,88#,89#,90#,91#,92#,93#,94#,95#,96#,97#,98#,99#","usage":{"rgw.main":{"size_kb":1,"size_kb_actual":4,"num_objects":1}},"bucket_quota":{"enabled":false,"max_size_kb":-1,"max_objects":-1}}

# Get bucket list
["13c8f65a-fff4-11e6-af79-9ce374424eb5","infer_analysis_report","test22222"]

11、检查bucket index

GET /admin/bucket?index&format=json&bucket=

可选参数:check-objects=True(检查multipart-part对象数量),fix=False(是否进行修复)。如果设置了check-objects=True,也必须同时设置fix=True。

TODO:目前不清楚实际检查的部分。

12、移除bucket

DELETE /admin/bucket?format=json&bucket=

如果bucket中还有对象,移除时会提示409(BucketNotEmpty)。可以加入purge-objects=True进行移除。

13、移除bucket与用户的关系

默认情况下,bucket属于某个用户,用该方法可以移除bucket所属的用户关系。移除后,该用户不可访问bucket.

POST /admin/bucket?format=json&bucket=&uid=

返回响应吗:200

备注:在实际测试中,如果bucket的owner没有发生变化,unlink虽然返回200,但是bucket信息仍旧有owner。执行成功无效。

14、link bucket

PUT /admin/bucket?format=json&bucket=&uid=&bucket-id=

将一个bucket link给一个新的uid,owner改为新的uid。注意,该参数需要bucket id,可以通过查询bucket信息获取到。

返回状态码:200

15、移除object

DELETE /admin/bucket?object&fromat=json&bucket=&object=

正常响应码:200

异常:404(NoSuchObject) 409(ObjectRemovalFailed)

16、获取bucket获取对象policy

GET /admin/bucket?policy&format=json

返回结果示范:

{"acl":{"acl_user_map":[{"user":"test6","acl":15}],"acl_group_map":[],"grant_map":[{"id":"test6","grant":{"type":{"type":0},"id":"test6","email":"","permission":{"flags":15},"name":"None","group":0}}]},"owner":{"id":"test6","display_name":"None"}}

17、添加user管理权限

PUT /admin/user?caps&format=json&uid=&user-caps=

caps示范:
user-caps=usage=read,write;user=write

返回示范:

[{"type":"usage","perm":"*"},{"type":"user","perm":"write"}]

18、移除用户管理权限

DELETE /admin/user?caps&format=json&uid=&user-caps=

返回示范:

[{"type":"usage","perm":"*"}]

备注:如果被移除的用户没有改caps,仍旧会返回成功。

19、配额相关

# Set user quota
PUT /admin/user?quota&uid="a-type=user

data:
{"max_objects": -1, "enabled": true, "max_size_kb": 102400}

返回状态码:200

# Get user quota
GET /admin/user?quota&uid="a-type=user

返回:
{"enabled":true,"max_size_kb":102400,"max_objects":-1}

# Put bucket quota
PUT /admin/user?quota&uid="a-type=user
data:
{"max_objects": -1, "enabled": true, "max_size_kb": 102400}

返回状态码: 200

# Get bucket quota
GET /admin/user?quota&uid="a-type=user

你可能感兴趣的:(Ceph Object Gateway Admin api介绍)