要使用REST接口,我们首先要为S3接口创建一个初始的Ceph对象网关用户,然后为Swift界面创建一个子用户,最后,我们需要验证创建的用户是否能够访问网关。
在三台等地区,都构建了全面的区域性战略布局,加强发展的系统性、市场前瞻性、产品创新能力,以专注、极致的服务理念,为客户提供做网站、网站建设 网站设计制作按需定制开发,公司网站建设,企业网站建设,品牌网站设计,全网营销推广,成都外贸网站建设,三台网站建设费用合理。执行如下命令创建用户,记录下access_key和secret_key,没记住也没关系,可以使用radosgw-admin user info --uid=s3查看
[root@ceph-node1 ~]# radosgw-admin user create --uid="s3" --display-name="s3 user"
{
"user_id": "s3",
"display_name": "s3 user",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{
"user": "s3",
"access_key": "WNXRGPK6XGWO8XRLWRUA",
"secret_key": "Segqx8fZ8H5arM1Pvpygiewp4gl9Qjkrymi09aVP"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}
进行swift接口访问,需要创建一个Swift子用户,记录下s3:swift的secret_key
[root@ceph-node1 ~]#radosgw-admin subuser create --uid=s3 --subuser=s3:swift --access=full
{
"user_id": "s3",
"display_name": "s3 user",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [
{
"id": "s3:swift",
"permissions": "full-control"
}
],
"keys": [
{
"user": "s3",
"access_key": "WNXRGPK6XGWO8XRLWRUA",
"secret_key": "Segqx8fZ8H5arM1Pvpygiewp4gl9Qjkrymi09aVP"
}
],
"swift_keys": [
{
"user": "s3:swift",
"secret_key": "czb1ExW6XRy7iE41gFLL0xQNlamLLc569DC9FG1r"
}
],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}
我们需要编写并运行Python测试脚本来验证S3访问, S3访问测试脚本将连接到radosgw,创建一个新的存储桶并列出所有存储桶, access_key_id和secret_access_key的值取自radosgw-admin命令返回的s3用户的access_key和secret_key的值,另外需要修改主机名(host)和端口(port)
[root@ceph-node1 ~]yum install python-boto -y
[root@ceph-node1 ~]vim s3test.py
import boto
import boto.s3.connection
access_key = 'WNXRGPK6XGWO8XRLWRUA'
secret_key = 'Segqx8fZ8H5arM1Pvpygiewp4gl9Qjkrymi09aVP'
conn = boto.connect_s3(
aws_access_key_id = access_key,
aws_secret_access_key = secret_key,
host = 'ceph-node1', port=7480,
is_secure=False,
calling_format = boto.s3.connection.OrdinaryCallingFormat(),
)
bucket = conn.create_bucket('my-first-s3-bucket')
for bucket in conn.get_all_buckets():
print "{name}\t{created}".format(
name = bucket.name,
created = bucket.creation_date,
)
root@ceph-node1 ~]python s3test.py
my-first-s3-bucket 2019-12-13T02:58:44.604Z
也可以使用s3cmd这个命令行工具
root@ceph-node1 ~]yum install s3cmd -y
root@ceph-node1 ~]s3cmd --configure
配置里需要填写s3用户的secret_key和access_key,以及S3 Endpoint和target Amazon S3,这两个填写radosgw的主机的主机名和端口,如ceph-node1:7480
root@ceph-node1 ~]s3cmd ls #查看已有bucket
2019-12-13 02:58 s3://my-first-s3-bucket
root@ceph-node1 ~]s3cmd mb s3://my-second-s3-bucket #创建一个bucket
root@ceph-node1 ~]s3cmd put /etc/hosts s3://my-second-s3-bucket #给刚才创建的bucket中放入一个文件
[root@ceph-node1]# s3cmd ls s3://my-second-s3-bucket #查看桶中文件
2019-12-13 03:08 575 s3://my-second-s3-bucket/hosts
root@ceph-node1 ~]yum install python-pip -y
root@ceph-node1 ~]pip install --upgrade python-swiftclient
创建一个bucket
[root@liuning s3]# swift -A http://glusterfs-node1:7480/auth/1.0 -U s3:swift -K e58xcqROWx2bMMSo36KnNWUYpEUrdPbDruNWezqr post my-first-swift-bucket
用swift接口查看这个已有的bucket
[root@liuning s3]# swift -A http://glusterfs-node1:7480/auth/1.0 -U s3:swift -K e58xcqROWx2bMMSo36KnNWUYpEUrdPbDruNWezqr list
my-first-s3-bucket
my-first-swift-bucket
my-second-s3-bucket
注意可能会出现下面这个错误,等一会就好了,要是不行就把刚才的用户删除了重新创建一个,使用新的secret_key
Auth GET failed: http://ceph-node1:7480/auth/1.0 403 Forbidden [first 60 chars of response] {"Code":"AccessDenied","RequestId":"tx000000000000000000013-
Failed Transaction ID: tx000000000000000000013-005df3022d-e2a1-default
至此,s3和swift接口的搭建和测试已经完成,如需更多使用实例和api,可以查阅man或ceph官网
另外有需要云服务器可以了解下创新互联cdcxhl.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。