承接上文Ceph分布式存储系列(二):ceph-deploy方式部署三节点ceph集群
这里就不详细介绍对象存储了,感兴趣可以在这里查看:
Ceph分布式存储系列(一):Ceph工作原理及架构浅析梳理
Ceph分布式存储系列(六):对象存储、块存储、文件存储的区别和优缺点
本文介绍了两大块内容:
基于ceph-deploy部署的集群来操作
注:如果之前不是ceph-deploy安装的,最好还是用之前的源码安装等方式,以防出错
$ cd /root/cluster/
$ ceph-deploy rgw create ceph-node1 (本次是测试环境,就用一个rgw网关节点来测试,实际环境中最好要三个)
查看集群中rgw状态
$ [ceph-admin@ceph-node1 ~]$ ceph -s
cluster:
id: 9575c356-be14-4455-8225-9788bba9d026
health: HEALTH_OK
services:
mon: 1 daemons, quorum ceph-node1 (age 6h)
mgr: ceph-node1(active, since 6h)
osd: 3 osds: 3 up (since 4h), 3 in (since 4h)
rgw: 1 daemon active (ceph-node1)
.......
查看服务端口是否正常
[root@ceph-node1 ~]# lsof -i:7480
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
radosgw 841 ceph 46u IPv4 23934 0t0 TCP *:7480 (LISTEN)
radosgw 841 ceph 47u IPv6 23936 0t0 TCP *:7480 (LISTEN)
需要在cluster目录下执行
cluster 目录中存放的是ceph-deploy初始化集群时生成的配置文件
1、创建dashboard使用的用户
(要使用仪表板的对象网关管理功能,需要提供system启用该标志的用户的登录凭据)
$ radosgw-admin user create --uid=<user_id> --display-name=<display_name> --system
eg:radosgw-admin user create --uid=dashboard-admin --display-name=admin --system
记下此命令的输出中的access_key和secret_key。
2、可以手动查看用户的两个key
$ radosgw-admin user info --uid=<user_id>
eg:radosgw-admin user info --uid=dashboard-admin
3、将两个key保存到单独一个文件中,以便下一步使用
$ echo D3HTA2TRXBBE514USEQT > access_key
$ echo AZxoYU6u3DkLUw9OMnRewfx73DxhjpDICwSjEIwH > secret_key
4、最后,向仪表板提供凭据:
$ ceph dashboard set-rgw-api-access-key -i <file-containing-access-key>
$ ceph dashboard set-rgw-api-secret-key -i <file-containing-secret-key>
eg:
ceph dashboard set-rgw-api-access-key -i access_key
ceph dashboard set-rgw-api-secret-key -i secret_key
最后刷新dashboard页面即可
查询(罗列)所有用户
radosgw-admin user list
创建rgw用户
radosgw-admin user create --uid="testuser" --display-name="first user"
查看rgw用户信息
radosgw-admin user info --uid="testuser"
删除用户
radosgw-admin user rm --uid="testuser"
暂定用户
radosgw-admin user suspend --uid="testuser"
启用用户
radosgw-admin user enable --uid="testuser"
创建子用户(swift接口使用)
radosgw-admin subuser create --uid=testuser_1 --subuser=testuser:swift --access=full
查看bucket桶
radosgw-admin bucket list
禁止删除bucket桶
radosgw-admin bucket delete disable --bucket=<bucket_name>
亚马逊Amazon S3推出了两款操作对象存储集群的工具,s3cmd就是其中之一
s3brower就不过多介绍,这里主要使用s3cmd
$ yum -y install s3cmd
#epel源中就包含这个包,没有的话可以试下wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
格式:$ radosgw-admin user create --display-name="[name]" --uid=[uid]
eg:radosgw-admin user create --uid=s3user --display-name=admin
还是要保存好access_key和secret_key两个值
根据提示输入accessKey,securityKey 生成基本的配置文件
[root@ceph-node1 ~]# s3cmd --configure
Enter new values or accept defaults in brackets with Enter.
Refer to user manual for detailed description of all options.
Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
Access Key: D3HTA2TRXBBE514USEQT ##此处填上一步获取到的access_key
Secret Key: AZxoYU6u3DkLUw9OMnRewfx73DxhjpDICwSjEIwH #此处填上一步获取到的secret_key
Default Region [US]: #默认即可,直接回车
Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.
S3 Endpoint [s3.amazonaws.com]: #默认即可,直接回车
Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used
if the target S3 system supports dns based buckets.
DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]:
Encryption password is used to protect your files from reading
by unauthorized persons while in transfer to S3
Encryption password:
Path to GPG program [/usr/bin/gpg]: #默认即可,直接回车
When using secure HTTPS protocol all communication with Amazon S3
servers is protected from 3rd party eavesdropping. This method is
slower than plain HTTP, and can only be proxied with Python 2.7 or newer
Use HTTPS protocol [Yes]: no #不使用https,填写no
On some networks all internet access must go through a HTTP proxy.
Try setting it here if you can’t connect to S3 directly
HTTP Proxy server name: #默认即可,直接回车
New settings:
Access Key: D3HTA2TRXBBE514USEQT
Secret Key: AZxoYU6u3DkLUw9OMnRewfx73DxhjpDICwSjEIwH
Default Region: US
S3 Endpoint: s3.amazonaws.com
DNS-style bucket+hostname:port template for accessing a bucket: %(bucket)s.s3.amazonaws.com
Encryption password:
Path to GPG program: /usr/bin/gpg
Use HTTPS protocol: False
HTTP Proxy server name:
HTTP Proxy server port: 0
Test access with supplied credentials? [Y/n] n #测试访问,此时还没配置完,不测试,填写no
Save settings? [y/N] y #是否保存,是,填写y
Configuration saved to '/root/.s3cfg'
还没结束,还要修改刚生成的/root/.s3cfg中的三处配置
cloudfront_host = [serverIP](改成自己的服务端的IP)
host_base = [serverIP]:[Port](改成自己的服务端的IP和端口)
host_bucket = [serverIP]:[Port]/%(bucket)(改成自己的服务端的IP和端口)
示例:
本地的ceph集群环境,rgw默认端口为7480
cloudfront_host = 192.168.1.51
host_base = 192.168.1.51:7480
host_bucket = 192.168.1.51:7480
创建名为test-bucket的bucket
[root@ceph-node1 ~]# s3cmd mb s3://test-bucket
Bucket 's3://test-bucket/' created
查看bucket桶列表
[root@ceph-node1 ~]# s3cmd ls
2021-10-29 07:13 s3://test-bucket
即s3配置正常,可正常连接集群
针对bucket桶的操作:
创建bucket
$ s3cmd mb s3://{bucket_name}
删除bucket(bucket需为空)
$ s3cmd rb s3://{bucket_name}
查看bucket列表或bucket内文件列表
s3cmd ls
s3cmd ls s3://{bucket_name}
针对bucket中文件的操作:
上传文件到bucket中
$ s3cmd put fio-fio-3.10.zip s3://test-bucket
删除文件
s3cmd del s3://test-bucket/file.txt
批量删除文件
s3cmd del s3://test-bucket/aa*
s3cmd del s3://test-bucket/test/*
批量上传文件
$ s3cmd put test/* s3://test-bucket
递归上传文件(可上传整个文件夹-包含文件夹)
#-r 递归参数,全称为:--recursive
$ s3cmd put -r /root/test s3://test-bucket
同步目录下文件至bucket中(应该类似于git合流代码)
s3cmd sync ./test/ s3://test-bucket
复制bucket中文件到其他bucket中
s3cmd cp s3://test-bucket/aaaa s3://test-bucket-2
下载文件
s3cmd get s3://test-bucket/file.txt
s3cmd get s3://test-bucket/file.txt /root/test/
针对权限的操作:
将文件权限设置为所有人可读
$ s3cmd setacl --acl-public s3://test-bucket/file.txt
将bucket中整个文件夹设置权限为私有读(递归权限,文件夹下所有文件都生效)
$ s3cmd setacl --acl-private -r s3://test-bucket/test/
End……