ceph 物件儲存閘道器rados gateway和S3介面測試詳細安裝配置文件
阿新 • • 發佈:2019-01-29
Create a keyring for the gateway:
sudo ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring sudo chmod +r /etc/ceph/ceph.client.radosgw.keyring
2. Generate a Ceph Object Gateway user name and key for each instance
For exemplary purposes, we will use the name gateway after client.radosgw:
sudo ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key
Add capabilities to the key. See Configuration Reference - Pools for details on the effect of write permissions for the monitor and creating pools.
sudo ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
3. 將key新增到ceph叢集中
Once you have created a keyring and key to enable the Ceph Object Gateway with access to the Ceph Storage Cluster, add the key to your Ceph Storage Cluster. For example:
sudo ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
注意:實際在我的環境上路徑是這個:
sudo ceph -k/etc/ceph/keyring.client.admin auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
4. 如果想在多個節點都裝客戶端
Distribute the keyring to the node with the gateway instance:
sudo scp /etc/ceph/ceph.client.radosgw.keyring [email protected]{hostname}:/home/ceph
ssh {hostname}
sudo mv ceph.client.radosgw.keyring /etc/ceph/ceph.client.radosgw.keyring
5. 建立pool
Ceph Object Gateways require Ceph Storage Cluster pools to store specific gateway data. 在有些情況下有些pool是可以在執行過程中預設建立的,但是有些可能建立不成功,
所以建議手工建立吧:
ceph osd pool create .rgw 128 128
ceph osd pool create .rgw.root 128 128
ceph osd pool create .rgw.control 128 128
ceph osd pool create .rgw.gc 128 128
ceph osd pool create .rgw.buckets 128 128
ceph osd pool create .rgw.buckets.index 128 128
ceph osd pool create .log 128 128
ceph osd pool create .intent-log 128 128
ceph osd pool create .usage 128 128
ceph osd pool create .users 128 128
ceph osd pool create .users.email 128 128
ceph osd pool create .users.swift 128 128
ceph osd pool create .users.uid 128 128
6. 新增一個gateway配置到ceph.conf
[client.radosgw.{instance-name}]
host = {host-name}
keyring = /etc/ceph/ceph.client.radosgw.keyring
rgw socket path = /var/run/ceph/ceph.radosgw.{instance-name}.fastcgi.sock
log file = /var/log/ceph/client.radosgw.{instance-name}.log
這裡的{instance-name}是gateway:
[client.radosgw.gateway]
host = ceph-gateway
keyring = /etc/ceph/ceph.client.radosgw.keyring
rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
log file = /var/log/ceph/client.radosgw.gateway.log
以下配置為非必須:
CONFIGURING PRINT CONTINUE
On CentOS/RHEL distributions, turn off print continue. If you have it set to true, you may encounter problems with PUT operations.
rgw print continue = false
CONFIGURING OPERATIONS LOGGING
In early releases of Ceph (v0.66 and earlier), the Ceph Object Gateway will log every successful operation in the Ceph Object Gateway backend by default. This means that every request, whether it is a read request or a write request will generate a gateway operation that writes data. This does not come without cost, and may affect overall performance. Turning off logging completely can be done by adding the following config option to the Ceph configuration file:
rgw enable ops log = false
Another way to reduce the logging load is to send operations logging data to a UNIX domain socket, instead of writing it to the Ceph Object Gateway backend:
rgw ops log rados = false
rgw enable ops log = true
rgw ops log socket path = <path to socket>
When specifying a UNIX domain socket, it is also possible to specify the maximum amount of memory that will be used to keep the data backlog:
rgw ops log data backlog = <size in bytes>
Any backlogged data in excess to the specified size will be lost, so the socket needs to be read constantly.
7. 使能S3的子域名呼叫,這一步不確定是不是必須
ENABLING SUBDOMAIN S3 CALLS
To use a Ceph Object Gateway with subdomain S3 calls (e.g., http://bucketname.hostname), you must add the Ceph Object Gateway DNS name under the [client.radosgw.gateway] section of your Ceph configuration file:
還需要在/etc/ceph.conf的gateway配置中新增:
[client.radosgw.gateway]
...
rgw dns name = {hostname}
You should also consider installing a DNS server such as Dnsmasq on your client machine(s) when using http://{bucketname}.{hostname} syntax. The dnsmasq.conf file should include the following settings:
安裝dnsmasq:
$ sudo apt-get install dnsmasq
You should also consider installing a DNS server such as Dnsmasq on your client machine(s) when using http://{bucketname}.{hostname} syntax. The dnsmasq.conf file should include the following settings:
address=/{hostname}/{host-ip-address}
listen-address={client-loopback-ip}
我這裡的配置:
$ vim /etc/dnsmasq.conf中新增:
address=/node29/10.2.0.29
listen-address=127.0.0.1
Then, add the {client-loopback-ip} IP address as the first DNS nameserver on client the machine(s).
See Add Wildcard to DNS for details.
sudo /etc/init.d/dnsmasq restart
8. 增加一個ceph物件閘道器指令碼
ADD A CEPH OBJECT GATEWAY SCRIPT
Add a s3gw.fcgi file (use the same name referenced in the first line of rgw.conf). For Debian/Ubuntu distributions, save the file to the /var/www directory. For CentOS/RHEL distributions, save the file to the /var/www/html directory. Assuming a cluster named ceph (default), and the user created in previous steps, the contents of the file should include:
增加一個/var/www/s3gw.fcgi配置檔案(use the same name referenced in the first line of rgw.conf)
$vim /var/www/s3gw.fcgi
#!/bin/sh
exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway
對s3gw.fcgi增加可執行許可權:
sudo chmod +x s3gw.fcgi
On some distributions, you must also change the ownership to apache.
sudo chown apache:apache s3gw.fcgi
注意:ubuntu 預設的apache使用者是www-data
sudo chown www-data:www-data s3gw.fcgi
建立資料目錄:
CREATE DATA DIRECTORY
Deployment scripts may not create the default Ceph Object Gateway data directory. Create data directories for each instance of a radosgw daemon (if you haven’t done so already). The host variables in the Ceph configuration file determine which host runs each instance of a radosgw daemon. The typical form specifies the radosgw daemon, the cluster name and the daemon ID.
sudo mkdir -p /var/lib/ceph/radosgw/{$cluster}-{$id}
Using the exemplary ceph.conf settings above, you would execute the following:
sudo mkdir -p /var/lib/ceph/radosgw/ceph-radosgw.gateway
建立一個閘道器配置檔案:
CREATE A GATEWAY CONFIGURATION
On the host where you installed the Ceph Object Gateway, create an rgw.conf file. For Debian/Ubuntu systems, place the file in the /etc/apache2/sites-available directory. For CentOS/RHEL systems, place the file in the /etc/httpd/conf.d directory.
We recommend deploying FastCGI as an external server, because allowing Apache to manage FastCGI sometimes introduces high latency. To manage FastCGI as an external server, use the FastCgiExternalServer directive. See FastCgiExternalServer for details on this directive. See Module mod_fastcgi for general details. See Apache Virtual Host documentation for details on <VirtualHost> format and settings. See <IfModule> Directive for additional details.
Ceph Object Gateway requires a rewrite rule for the Amazon S3-compatible interface. It’s required for passing in the HTTP_AUTHORIZATION env for S3, which is filtered out by Apache. The rewrite rule is not necessary for the OpenStack Swift-compatible interface.
You should configure Apache to allow encoded slashes, provide paths for log files and to turn off server signatures. See below for an exemplary embodiment of a gateway configuration for Debian/Ubuntu and CentOS/RHEL.
$vim /etc/apache2/sites-available/rgw.conf
FastCgiExternalServer /var/www/s3gw.fcgi -socket /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
<VirtualHost *:80>
ServerName node29
ServerAlias *.node29
ServerAdmin [email protected]
DocumentRoot /var/www
RewriteEngine On
RewriteRule ^/(.*) /s3gw.fcgi?%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
<IfModule mod_fastcgi.c>
<Directory /var/www>
Options +ExecCGI
AllowOverride All
SetHandler fastcgi-script
Order allow,deny
Allow from all
AuthBasicAuthoritative Off
</Directory>
</IfModule>
AllowEncodedSlashes On
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ServerSignature Off
</VirtualHost>
9. 使rgw.conf配置生效
For Debian/Ubuntu distributions, enable the site for rgw.conf.
sudo a2ensite rgw.conf
Then, disable the default site.
sudo a2dissite default
RESTART SERVICES AND START THE GATEWAY
To ensure that all components have reloaded their configurations, we recommend restarting your ceph and apache services. Then, start up the radosgw service.
RESTART APACHE
On Debian/Ubuntu systems, use apache2. For example:
sudo service apache2 restart
START THE GATEWAY
On Debian/Ubuntu systems, use radosgw. For example:
sudo /etc/init.d/radosgw start
VERIFY THE RUNTIME
Once the service is up and running, you can make an anonymous GET request to see if the gateway returns a response. A simple HTTP request to the domain name should return the following:
可以用curl來執行:
curl node29
成功則顯示以下相應,同時在日誌中會有記錄:
<ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
<ID>anonymous</ID>
<DisplayName/>
</Owner>
<Buckets/>
</ListAllMyBucketsResult>
配置一個使用者,配置s3cmd進行S3介面測試
CREATE A USER
To create a user (S3 interface), execute the following:
radosgw-admin user create --uid={username} --display-name="{display-name}" [--email={email}]
For example:
radosgw-admin user create --uid=cephtest --display-name="ceph test" [email protected]
顯示:
{ "user_id": "cephtest",
"display_name": "ceph test",
"email": "[email protected]",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{ "user": "cephtest",
"access_key": "8JGTP1714JRRAPRDLBI4",
"secret_key": "i4O+yJMNii87ruLMwcIIYbjLmKIUaoSO1svQOoB9"}],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"user_quota": { "enabled": false,
"max_size_kb": -1,
"max_objects": -1},
"temp_url_keys": []}
注意:如果生成的key中有"\",最後把這個user刪掉,再重新生成直到不含"\":
radosgw-admin user rm --uid=cephtest
Important:Check the key output. Sometimes radosgw-admin generates a JSON escape (\) character, and some clients do not know how to handle JSON escape characters. Remedies include removing the JSON escape character (\), encapsulating the string in quotes, regenerating the key and ensuring that it does not have a JSON escape character or specify the key and secret manually.
安裝和配置s3cmd
apt-get install s3cmd
進行~/.s3cfg配置, 將之前radosgw-admin建立的user的access_key和secret_key,實際的host地址進行賦值:
$vim ~/.s3cfg
[default]
access_key = PPA789F4W5ANH3COC51O
bucket_location = US
cloudfront_host = cloudfront.amazonaws.com
cloudfront_resource = /2010-07-15/distribution
default_mime_type = binary/octet-stream
delete_removed = False
dry_run = False
encoding = UTF-8
encrypt = False
follow_symlinks = False
force = False
get_continue = False
gpg_command = /usr/bin/gpg
gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_passphrase =
guess_mime_type = True
host_base = node29
host_bucket = %(bucket)s.node29
human_readable_sizes = False
list_md5 = False
log_target_prefix =
preserve_attrs = True
progress_meter = True
proxy_host =
proxy_port = 0
recursive = False
recv_chunk = 4096
reduced_redundancy = False
secret_key = kqHLxnI14WqSl0Eh5akr73evrqmFZjfxYxUmG04h
send_chunk = 4096
simpledb_host = sdb.amazonaws.com
skip_existing = False
socket_timeout = 10
urlencoding_mode = normal
use_https = False
verbosity = WARNING
測試是否配置成功:
s3cmd --configure
一路選確定,因為我們已經配置過了,直到最後一步Test選y:
Test access with supplied credentials? [Y/n] y
Please wait...
Success. Your access key and secret key worked fine :-)
Now verifying that encryption works...
Not configured. Never mind.
大功告成!
後記
簡單的測試命令:
幫助命令:
s3cmd --help
建立一個名為rgw的bucket:
s3cmd mb s3://rgw
將tempfile寫入到rgw這個bucket中:
s3cmd put tempfile s3://rgw
列出rgw這個bucket中的檔案列表:
s3cmd ls s3://rgw
讀取bucket中的tempfile檔案到本地:
s3cmd get s3://rgw/tempfile tempfile_new
相關推薦
ceph 物件儲存閘道器rados gateway和S3介面測試詳細安裝配置文件
Create a keyring for the gateway:sudo ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring sudo chmod +r /etc/ceph/ceph.client.radosgw.key
Ceph物件儲存閘道器中的索引工作原理
Ceph物件儲存閘道器允許你通過Swift及S3 API訪問Ceph。他將這些API請求轉化為librados請求。Librados是一個非常出色的物件儲存(庫)但是它無法高效的列舉物件。物件儲存閘道器維護自有索引來提升列舉物件的響應效能並維護了其他的一些元資訊
閘道器高可用之keepavlived全流程(安裝/配置/驗證/解析)
1.場景描述 因為要做閘道器的高可用,用到了keepalived+nginx,來保證nginx的高可用。(微服務時代之閘道器及註冊中心高可用架構設計),如下圖: 安裝了keepavlived,走了一些彎路,記錄下吧,nginx的安裝就不多說了,自己部落格已經介紹了好幾篇了。 2. 解決方案 2.1 安裝k
通過雲端儲存閘道器實現阿里雲物件儲存跨地域訪問
某客戶在阿里雲的上海地域內有一臺位於VPC內部的ECS,想訪問同一阿里雲賬號下位於北京地域的一個OSS Bucket裡面的資料,同時又希望走阿里雲的內網流量以享受內網的頻寬。因為北京上海屬於不同的地域,所以如果使用ossutil或者ossfs這樣的工具進行Bucket裡面的檔案的直接訪問,只能
AWS Storage Gateway雲端儲存閘道器_閘道器虛擬磁帶庫
AWS Storage Gateway 是一種混合儲存服務,您的內部應用程式可以藉助它來無縫地使用 AWS 雲端儲存。您可以使用該服務進行備份、存檔、災難恢復、雲資料處理、儲存分層和遷移。您的應用程式可以使用 NFS、SMB、iSCSI 等標準儲存協議通過虛擬機器或硬體閘道器裝置連線到該服
[微服務]API閘道器(API Gateway)
工作中使用了微服務架構,接下來的一段時間裡,我會寫一系列的文章來介紹微服務架構,同時我也會在github上寫一個microservices的應用框架(地址會在後續文章給出)。 這篇文章主要講述了微服務架構中的API Gateway。 翻譯和整理自:
SpringCloud之閘道器服務(gateway)
前言 閘道器服務在SpringCloud中有很重要的作用。 可以將服務跟外網進行隔離起到一定的保護作用,同時服務間區域網通訊更加快捷。而且在閘道器中可以做限流、許可權校驗,使得服務更加專注自身業務。比如說下訂單需要登入許可權,限流,我們在本篇將介紹如何使用。 搭建閘道器專案 注意:需要新增Eureka
閘道器 GoKu Gateway 開源版 V2.1釋出,加入UI管理系統等
GoKu API Gateway 是eoLinker旗下的開源版介面閘道器,支援OpenAPI與微服務管理,支援私有云部署,實現API轉發、請求引數轉換、資料校驗等功能,提供圖形化介面管理,能夠快速管理多個API閘道器,提高API業務安全性。 本次GoKu V2.1帶來了以下變化:
Go 開源閘道器 API-Gateway 2.6.0.RC 釋出,年前最後一個版本
新特性 支援API級別的流控(優先順序高於Server的配置) 支援API級別的熔斷(優先順序高於Server的配置) 優化 調整日誌輸出 更新文件 修復 #115 api的超時設定無效問題 快速體驗 docker pull&nb
混合雲端儲存組合拳:基於雲端儲存閘道器與混合雲備份的OSS資料備份方案
前言阿里雲物件儲存(OSS)使用者眾多。很多使用者因為業務或者合規性需求,需要對OSS內的資料做備份,無論是線上備份,還是線下備份。使用者可以選擇使用OSS的開放API,按照業務需求,做資料的備份,也可以選擇OSS已有的服務進行資料備份,比如OSS的跨域複製。但是,前一種方式,存在易用性和備份效率問題;後一種
SpringCloud路由閘道器API Gateway(zuul)
API Gateway是微服務架構中不可或缺的部分。API Gateway的定義以及存在的意 義,Chris已經為大家描述過了,本文不再贅述,以下是連結: 中文版:http://dockone.io/article/482 英文版:https://www.nginx.com/blog/b
API閘道器(API Gateway)
模式:API閘道器 背景 我們假設你使用微服務模式建立一個線上商店,並正在實現商品詳情頁面。你需要開發多個版本的商品詳情使用者介面: 用於桌面和手機瀏覽器的基於HTML5/JavaScript的UI - HTML通過服務端web應用生成 本地Android和iPho
spring cloud-構建微服務架構的閘道器(API GateWay)
在我們前面的部落格中講到,當服務A需要呼叫服務B的時候,只需要從Eureka中獲取B服務的註冊例項,然後使用Feign來呼叫B的服務,使用Ribbon來實現負載均衡,但是,當我們同時向客戶端暴漏多個服務的時候,客戶端怎麼呼叫我們暴漏的服務了,如果我們還想加入安全認證,許可
SpringCloud系列之閘道器(Gateway)應用篇
@目錄前言專案版本閘道器訪問鑑權配置限流配置 前言 由於專案採用了微服務架構,業務功能都在相應各自的模組中,每個業務模組都是以獨立的專案執行著,對外提供各自的服務介面,如沒有類似閘道器之類元件的話,相應的鑑權,限流等功能實現起來不能夠進行統一的配置和管理,有了閘道器後一切都是如此的優雅。剛好新專案中採用了Sp
kong閘道器健康檢查和斷路器配置
使用kong閘道器實現負載均衡, 根據配置規則將後端tatget節點路由到客戶端請求,當後端某個target服務不能訪問時,我們希望kong閘道器在負載中跳過該節點,當該節點可用時,我們希望kong閘道器能夠將該節點加入負載,這些都可以通過upstream配置來實現 kong閘道器健康檢查有
閘道器的概念和作用
閘道器的英文名稱:gateway,又叫做網間聯結器、協議轉換器。閘道器是在採用不同體系結構或協議的網路之間進行互通時,用於提供協議轉換、路由選擇、資料交換等網路相容功能的設施。 閘道器在傳輸層上以實現網路互連,是最複雜的網路互連裝置,僅用於兩個高層協議不同的網路互連。閘道器
微服務和API閘道器的概念和聯絡
文章目錄 微服務 何為微服務 微服務誕生的背景 API閘道器 何為API閘道器 市面上的API閘道器工具: 二者的聯絡 微服務 何為微服務 微服務架構是一種將單應用程式
微服務閘道器解決方案和使用總結
一.什麼是閘道器 1.1 什麼是閘道器 API Gateway(APIGW / API 閘道器),顧名思義,是出現在系統邊界上的一個面向API的、序列集中式的強管控服務,這裡的邊界是企業IT系統的邊界,可以理解為企業級應用防火牆,主要起到隔離外部訪問與內部系統的作用。在微服務概念的流行之前,API閘道
計算機網路(六) 閘道器--內部閘道器協議RIP和OSPF
內部閘道器協議RIP RIP(Routing Information Protocol)是內部閘道器協議IGP中最先得到廣泛使用的協議。RIP是一種分散式的基於距離向量的路由選擇協議。 RIP協議要求網路中每一個路由器都要維護從它自己到其他每一個目的網路的距離記錄。 RIP
WIN7閘道器問題問題“在釋放介面 Loopback Pseudo-Interface 1 時出錯: 系統找不到指定的檔案。操作失敗,沒有介面卡處於允許此操作的狀態”解決方案
微軟推出WINDOWS7作業系統後,很多朋友都升級到了WIN7系統,有些原來是由vista升級的。但是在使用中會碰到這樣一個問題:每次重啟或在使用中,會不定期地提示 “預設閘道器不可用” 然後就不能連線網路了。使用修復功能或者使用ipconfig -renew命令可以恢復正常,但是以後還會再次出現,該如何徹