1.简介
1.1 本文解决什么问题?
- 如何在ceph对象存储创建使用同名用户
- 如何在ceph对象存储中创建使用同名bucket
1.2问题描述
公司有2个张三,一天北京的张三在使用公司对象存储用自己的名字创建用户时,提示用户已存在,原来上海的张三抢先创建了“张三”的用户,那么现在就存在一个问题:在不重起用户名的情况下怎么创建2个张三呢(即为同名用户)?(此段为做作的引入,,哈哈哈)
1.3multi-tenancy概述
ceph J版本以前,集群中不允许有同名的bucket和user,这可能在实际使用过程中带来某些不便。从J版本开始ceph 引入multi-tenancy功能,将同名user/bucket隔离在不同的tenant下,使同一集群中可创建同名user/bucket。每个user/bucket都位于一个tenant下,相互隔离,各不影响。为了兼容前版本,引入隐式空字符串“”tenant,如果创建用户不显式指定tenant,则默认加入“”tenant中。每当在没有显式tenant的情况下引用user/bucket时,都会从执行操作的用户那里获取隐式tenant"".
2 .实测创建同名用户
测试环境说明:
ceph版本:Nautilus 14.2.8
创建用户时,可选参数“--tenant”可指定用户存在 哪个tenant下,不指定默认为“”
例如创建为北京的张三指定tenant Beijing
[root@node44 ~]# radosgw-admin user create --tenant=Beijing --uid=zhangsan --display-name="beijing zhangsan" --access-key="beijingzhangsan" --secret-key="daemon"
{
"user_id": "Beijing$zhangsan",
"display_name": "beijing zhangsan",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"subusers": [],
"keys": [
{
"user": "Beijing$zhangsan",
"access_key": "beijingzhangsan",
"secret_key": "daemon"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"default_storage_class": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}
[root@node44 ~]#
为上海的张三指定tenant为上海
[root@node44 ~]# radosgw-admin user create --tenant=Shanghai --uid=zhangsan --display-name="shanghai zhangsan" --access-key="shanghaizhangsan" --secret-key="123456"
{
"user_id": "Shanghai$zhangsan",
"display_name": "shanghai zhangsan",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"subusers": [],
"keys": [
{
"user": "Shanghai$zhangsan",
"access_key": "shanghaizhangsan",
"secret_key": "123456"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"default_storage_class": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}
[root@node44 ~]#
查看创建结果:
[root@node44 ~]# radosgw-admin user list
[
"Beijing$zhangsan",
"test",
"Shanghai$zhangsan"
]
[root@node44 ~]#
从创建结果可以看出radosgw-admin 创建用户时指定的--uid均为zhangsan,并未报错uid已存在,实际上创建处理的用户uid为
查看不同tenant下同一用户名命令:
[root@node44 ~]# radosgw-admin user list
[
"Beijing$zhangsan",
"test",
"Shanghai$zhangsan"
]
[root@node44 ~]# radosgw-admin user info --uid=zhangsan
could not fetch user info: no user info saved
[root@node44 ~]#
[root@node44 ~]# radosgw-admin user info --uid=zhangsan --tenant Beijing
{
"user_id": "Beijing$zhangsan",
"display_name": "beijing zhangsan",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"subusers": [],
"keys": [
{
"user": "Beijing$zhangsan",
"access_key": "beijingzhangsan",
"secret_key": "daemon"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"default_storage_class": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}
[root@node44 ~]# radosgw-admin user info --uid=zhangsan --tenant Shanghai
{
"user_id": "Shanghai$zhangsan",
"display_name": "shanghai zhangsan",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"subusers": [],
"keys": [
{
"user": "Shanghai$zhangsan",
"access_key": "shanghaizhangsan",
"secret_key": "123456"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"default_storage_class": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}
[root@node44 ~]#
3.创建同名bucket
创建bucket时,无需指定tenant,rgw会根据ak和sk去隔离用户数据到用户tenant下,如果在创建用户时,指定的ak、sk一样,会报如下错:
[root@node44 ~]# radosgw-admin user create --tenant=Chengdu --uid=zhangsan --display-name="shanghai zhangsan" --access-key="shanghaizhangsan" --secret-key="123456"
could not create user: unable to parse parameters, user id mismatch, operation id: Shanghai$zhangsan does not match: Chengdu$zhangsan
[root@node44 ~]#
通过s3browser创建同名bucket:
查看创建结果:
[root@node44 ~]# radosgw-admin bucket list
[
"Shanghai/zhangsan_bucket",
"Beijing/zhangsan_bucket",
"testbucket"
]
[root@node44 ~]# radosgw-admin bucket stats --bucket=Shanghai/zhangsan_bucket
{
"bucket": "zhangsan_bucket",
"num_shards": 8,
"tenant": "Shanghai",
"zonegroup": "14b51936-68ca-446c-81d6-88f3bc33f000",
"placement_rule": "default-placement",
"explicit_placement": {
"data_pool": "",
"data_extra_pool": "",
"index_pool": ""
},
"id": "68ca434f-cfed-432c-87fe-7e28761c05cb.2101966.2",
"marker": "68ca434f-cfed-432c-87fe-7e28761c05cb.2101966.2",
"index_type": "Normal",
"owner": "Shanghai$zhangsan",
"ver": "0#1,1#1,2#1,3#1,4#1,5#2,6#1,7#1",
"master_ver": "0#0,1#0,2#0,3#0,4#0,5#0,6#0,7#0",
"mtime": "2020-12-30 08:20:28.794223Z",
"max_marker": "0#,1#,2#,3#,4#,5#,6#,7#",
"usage": {
"rgw.main": {
"size": 21084,
"size_actual": 24576,
"size_utilized": 21084,
"size_kb": 21,
"size_kb_actual": 24,
"size_kb_utilized": 21,
"num_objects": 1
}
},
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
}
}
[root@node44 ~]#
[root@node44 ~]# radosgw-admin bucket stats --bucket=Beijing/zhangsan_bucket
{
"bucket": "zhangsan_bucket",
"num_shards": 8,
"tenant": "Beijing",
"zonegroup": "14b51936-68ca-446c-81d6-88f3bc33f000",
"placement_rule": "default-placement",
"explicit_placement": {
"data_pool": "",
"data_extra_pool": "",
"index_pool": ""
},
"id": "68ca434f-cfed-432c-87fe-7e28761c05cb.2101966.1",
"marker": "68ca434f-cfed-432c-87fe-7e28761c05cb.2101966.1",
"index_type": "Normal",
"owner": "Beijing$zhangsan",
"ver": "0#1,1#1,2#1,3#1,4#1,5#2,6#1,7#1",
"master_ver": "0#0,1#0,2#0,3#0,4#0,5#0,6#0,7#0",
"mtime": "2020-12-30 08:19:33.146366Z",
"max_marker": "0#,1#,2#,3#,4#,5#,6#,7#",
"usage": {
"rgw.main": {
"size": 21084,
"size_actual": 24576,
"size_utilized": 21084,
"size_kb": 21,
"size_kb_actual": 24,
"size_kb_utilized": 21,
"num_objects": 1
}
},
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
}
}
[root@node44 ~]#
4.结束
本文只是简单测试了multi-tenancy功能,为policy使用前的简单测试使用了解,后续若有问题,持续更新。
参考链接:
https://docs.ceph.com/en/latest/radosgw/multitenancy/#administering-users-with-explicit-tenants