使用Ceph对象网关(mimic版)
1. 为 S3 访问创建一个 RADOSGW 用户
sudo radosgw-admin user create --uid="testuser" --display-name="First User"该命令的输出将类似于以下内容:
查看代码
{
"user_id": "testuser",
"display_name": "First User",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [{
"user": "testuser",
"access_key": "I0PJDPCIYZ665MW88W9R",
"secret_key": "dxaXZ8U90SXydYzyS5ivamEP20hkLSUViiaR+ZDA"
}],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"temp_url_keys": []
}keys->access_key和keys->secret_key的值是访问验证所必需的。
重要:检查键输出。有时radosgw-admin会生成 JSON 转义 (\) 字符,有些客户端不知道如何处理 JSON 转义字符。补救措施包括删除 JSON 转义字符 (\)、将字符串封装在引号中、重新生成密钥并确保它没有 JSON 转义字符或手动指定密钥和秘密。
获取用户信息:
radosgw-admin user info --uid=testuser2. 创建一个 SWIFT 用户
如果需要这种访问权限,则需要创建 Swift 子用户。创建 Swift 用户是一个两步过程。第一步是创建用户。第二个是创建密钥。
- 创建 Swift 用户:
sudo radosgw-admin subuser create --uid=testuser --subuser=testuser:swift --access=full- 输出将类似于以下内容:
查看代码
{
"user_id": "testuser",
"display_name": "First User",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [{
"id": "testuser:swift",
"permissions": "full-control"
}],
"keys": [{
"user": "testuser:swift",
"access_key": "3Y1LNW4Q6X0Y53A52DET",
"secret_key": ""
}, {
"user": "testuser",
"access_key": "I0PJDPCIYZ665MW88W9R",
"secret_key": "dxaXZ8U90SXydYzyS5ivamEP20hkLSUViiaR+ZDA"
}],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"temp_url_keys": []
}- 创建密钥:
sudo radosgw-admin key create --subuser=testuser:swift --key-type=swift --gen-secret- 输出将类似于以下内容:
查看代码
{
"user_id": "testuser",
"display_name": "First User",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [{
"id": "testuser:swift",
"permissions": "full-control"
}],
"keys": [{
"user": "testuser:swift",
"access_key": "3Y1LNW4Q6X0Y53A52DET",
"secret_key": ""
}, {
"user": "testuser",
"access_key": "I0PJDPCIYZ665MW88W9R",
"secret_key": "dxaXZ8U90SXydYzyS5ivamEP20hkLSUViiaR+ZDA"
}],
"swift_keys": [{
"user": "testuser:swift",
"secret_key": "244+fz2gSqoHwR3lYtSbIyomyPHf3i7rgSJrF\/IA"
}],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"temp_url_keys": []
}3. 访问验证
3.1 测试 S3 访问
-
您将需要安装python-boto软件包:
sudo yum install python-boto-
创建 Python 脚本:
vim s3test.py-
将以下内容添加到文件中:
查看代码
import boto.s3.connection
access_key = 'I0PJDPCIYZ665MW88W9R'
secret_key = 'dxaXZ8U90SXydYzyS5ivamEP20hkLSUViiaR+ZDA'
conn = boto.connect_s3(
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
host='{hostname}', port={port},
is_secure=False, calling_format=boto.s3.connection.OrdinaryCallingFormat(),
)
bucket = conn.create_bucket('my-new-bucket')
for bucket in conn.get_all_buckets():
print "{name} {created}".format(
name=bucket.name,
created=bucket.creation_date,
)-
运行脚本:
python s3test.py-
输出将类似于以下内容:
my-new-bucket 2015-02-16T17:09:10.000Z3.2 测试swift访问
-
要安装swift客户端,请执行以下命令。在红帽企业 Linux 上:
sudo yum install python-setuptools
sudo easy_install pip
sudo pip install --upgrade setuptools
sudo pip install --upgrade python-swiftclient-
在基于 Debian 的发行版上:
sudo apt-get install python-setuptools
sudo easy_install pip
sudo pip install --upgrade setuptools
sudo pip install --upgrade python-swiftclient-
要测试swift访问,请执行以下命令:
swift -A http://{IP ADDRESS}:{port}/auth/1.0 -U testuser:swift -K '{swift_secret_key}' list-
例如:
swift -A http://10.19.143.116:7480/auth/1.0 -U testuser:swift -K '244+fz2gSqoHwR3lYtSbIyomyPHf3i7rgSJrF/IA' list-
输出应该是:
my-new-bucket
浙公网安备 33010602011771号