先说说环境部署吧,我之前已经部署好了ceph环境就是没部署网关服务器。所以这里就从部署gateway开始
按照官方文档一步一步来(默认都是用root账户):
安装apache,radosgw,这里就不赘述了,只是在加载proxy_fcgi_module的时候,如果按照官网的步骤出现了目录错误相关的问题。所以后面我直接在/etc/httpd/conf/httpd.conf文件中直接加载,没有用判断相关,不过注意顺序要放在对应的proxy那一段的最后。
LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule cache_module modules/mod_cache.so LoadModule suexec_module modules/mod_suexec.so
配置:
一.创建一个用户和keyring,在ceph的admin机器上(mon)执行以下命令
1.创建keyring
ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring chmod +r /etc/ceph/ceph.client.radosgw.keyring
2.创建gateway user(client.radosgw)并生成key
ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key
3.Add capabilities to the key
ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
4.添加生成的key到ceph集群(这里比较奇怪的是在ceph.client.admin.keyring文件中看不到client.radosgw)
ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
5,拷贝keyring到gateway服务器(deploy)
scp /etc/ceph/ceph.client.radosgw.keyring deploy:/etc/ceph/ceph.client.radosgw.keyring
二.创建gateway需要的池,这一步我省略了,因为测试就用默认的配置,具体的pg该怎么设置还没有研究。到时候会自动生成
三.添加网关配置到ceph.conf,(完了这一步之后,重启ceph集群)
在admin节点上的/etc/ceph/ceph.conf文件中添加
[client.radosgw.gateway] host = {hostname} keyring = /etc/ceph/ceph.client.radosgw.keyring rgw socket path = "" log file = /var/log/radosgw/client.radosgw.gateway.log rgw frontends = fastcgi socket_port=9000 socket_host=0.0.0.0 rgw print continue = false
2.分发新的ceph.conf文件到所有机器中
ceph-deploy --overwrite-conf config push
3.拷贝ceph.client.admin.keyring文件到网关服务器
scp /etc/ceph/ceph.client.admin.keyring deploy:/etc/ceph/
四.启动RADOSGW服务
在网关服务器(deploy)创建目录
mkdir -p /var/lib/ceph/radosgw/ceph-radosgw.gateway
2.修改相关权限
chown apache:apache /var/run/ceph chown apache:apache /var/log/radosgw/client.radosgw.gateway.log
3.启动服务
/etc/init.d/ceph-radosgw start
五.创建网关配置文件(apache相关)
vi /etc/httpd/conf.d/rgw.conf
<VirtualHost *:80> ServerName localhost DocumentRoot /var/www/html ErrorLog /var/log/httpd/rgw_error.log CustomLog /var/log/httpd/rgw_access.log combined # LogLevel debug RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] SetEnv proxy-nokeepalive 1 ProxyPass / fcgi://localhost:9000/ </VirtualHost>
之后重启apache服务
sudo service httpd restart
六.创建radosgw用户
radosgw-admin user create --uid="testuser" --display-name="First User" radosgw-admin subuser create --uid=testuser --subuser=testuser:swift --access=full radosgw-admin key create --subuser=testuser:swift --key-type=swift --gen-secret
终端会生成如下的信息,记录了访问网关的需要的key,secret等相关信息。
{ "user_id": "testuser", "display_name": "First User", "email": "", "suspended": 0, "max_buckets": 1000, "auid": 0, "subusers": [ { "id": "testuser:swift", "permissions": "full-control" } ], "keys": [ { "user": "testuser:swift", "access_key": "CGZCR5W392RCBMY0DSCY", "secret_key": "" }, { "user": "testuser", "access_key": "G54W4H94RYL2GGZ96PHF", "secret_key": "kyMAW8A9MmysFz7XgUFHuAFtYcNGGQci9DCfNU1V" } ], "swift_keys": [ { "user": "testuser:swift", "secret_key": "5SnFvgi3VGgcuODSSez92ruB1Qx7vc8oL4GLVFas" } ], "caps": [], "op_mask": "read, write, delete", "default_placement": "", "placement_tags": [], "bucket_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "user_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "temp_url_keys": [] }
到此就算配置完成了。接下是测试访问了:
一,S3访问:
安装python-boto
yum install python-boto vi s3test.py
import boto import boto.s3.connection access_key = 'I0PJDPCIYZ665MW88W9R' secret_key = 'dxaXZ8U90SXydYzyS5ivamEP20hkLSUViiaR+ZDA' conn = boto.connect_s3( aws_access_key_id = access_key, aws_secret_access_key = secret_key, host = 'deploy', is_secure=False, calling_format = boto.s3.connection.OrdinaryCallingFormat(),) bucket = conn.create_bucket('my-new-bucket') for bucket in conn.get_all_buckets(): print "{name}\t{created}".format( name = bucket.name, created = bucket.creation_date,)
注意根据自己的实际情况修改access_key,secret_key,host
运行后就会产生一个.rgw.buckets.index池,在池下有一个叫对应my-new-bucket的对象(名字不一样)。可通过以下命令查看
rados lspools rados ls -p .rgw.buckets.index
2.swift访问
安装:
yum install python-setuptools easy_install pip pip install --upgrade setuptools pip install --upgrade python-swiftclient
swift -A http://10.19.143.116/auth/1.0 -U testuser:swift -K ‘244+fz2gSqoHwR3lYtSbIyomyPHf3i7rgSJrF/IA’ list
注意ip要换成网关服务器ip,后面的key也要根据自己的情况换掉。成功之后应该可以看到之前产生的bucket
my-new-bucket