一、對象存儲介紹
作為文件系統的磁盤,操作系統不能直接訪問對象存儲。相反,它只能通過應用程序級別的API訪問。Ceph是一種分布式對象存儲系統,通過Ceph對象網關提供對象存儲接口,也稱為RADOS網關(RGW)接口,它構建在Ceph RADOS層之上。 RGW使用librgw (RADOS Gateway Library)和librados,允許應用程序與Ceph對象存儲建立連接。 RGW為應用程序提供了一個RESTful S3 / swift兼容的API接口,用於在Ceph集群中以對象的形式存儲數據。 Ceph還支持多租戶對象存儲,可以通過RESTful API訪問。此外, RGW還支持Ceph Admin API,可以使用本機API調用來管理Ceph存儲集群。
由於它提供與OpenStack Swift和Amazon S3兼容的接口,因此Ceph對象網關具有自己的用戶管理。Ceph對象網關可以將數據存儲在用於存儲來自Ceph文件系統客戶端或Ceph塊設備客戶端的數據的相同Ceph存儲集群中。S3和Swift API共享一個公共命名空間,因此您可以使用一個API編寫數據並使用另一個API檢索它。librados軟件庫非常靈活,允許用戶應用程序通過C、 c++、 Java、 Python和PHP綁定直接訪問Ceph存儲集群。 Ceph對象存儲還具有多站點功能,即為災難恢復提供解決方案。
對於生產環境,建議在物理專用機器上配置RGW。但是,如果對象存儲工作負載不太大,可以考慮將任何監視器機器作為RGW節點使用。 RGW是一個獨立的服務,它從外部連接到Ceph集群,並向客戶端提供對象存儲訪問。在生產環境中,建議運行多個RGW實例,由負載均衡器屏蔽,如下圖所示:
二、對象存儲部署
2.1 三個節點安裝ceph-radosgw
$ sudo yum install ceph-radosgw -y
2.2 部署集群
[cephadmin@ceph01 ~]$ cd my-cluster/
[cephadmin@ceph01 my-cluster]$ ceph-deploy rgw create ceph01 ceph02 ceph03
2.3 部署完成后默認的端口是7480將其修改為80端口
[cephadmin@ceph01 my-cluster]$ vim ceph.conf [global] fsid = 4d02981a-cd20-4cc9-8390-7013da54b161 mon_initial_members = ceph01, ceph02, ceph03 mon_host = 192.168.5.91,192.168.5.92,192.168.5.93 auth_cluster_required = cephx auth_service_required = cephx auth_client_required = cephx # 增加以下內容,client.rgw.后面為主機名稱 [client.rgw.ceph01] rgw_frontends = "civetweb port=80" [client.rgw.ceph02] rgw_frontends = "civetweb port=80" [client.rgw.ceph03] rgw_frontends = "civetweb port=80"
2.4 將配置文件推送到集群其它節點中
# 推送完成之后,所有節點的/etc/ceph/ceph.conf配置文件將和上面一致
[cephadmin@ceph01 my-cluster]$ ceph-deploy --overwrite-conf config push ceph01 ceph02 ceph03
2.5 各節點重啟服務
[cephadmin@ceph01 ~]$ sudo systemctl restart ceph-radosgw@rgw.ceph01.service [root@ceph02 ~]# systemctl restart ceph-radosgw@rgw.ceph02.service [root@ceph03 ~]# systemctl restart ceph-radosgw@rgw.ceph03.service
2.6 測試驗證能否訪問集群的80端口
[cephadmin@ceph01 ~]$ sudo netstat -lntp | grep 80 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 151464/radosgw
# 需要使用root帳戶進行測試集群 [root@ceph01 ~]# ceph -s -k /var/lib/ceph/radosgw/ceph-rgw.ceph01/keyring --name client.rgw.ceph01
二、使用S3 API 訪問對象存儲
2.1 創建創建 radosgw 用戶
[root@ceph01 ~]# radosgw-admin user create --uid=radosgw --display-name='radosgw' -k /var/lib/ceph/radosgw/ceph-rgw.ceph01/keyring --name client.rgw.ceph01 # 創建完成之后需要把access_key和secret_key保存下來,也可以使用下面的命令來查看 [root@ceph01 ~]# radosgw-admin user info --uid=radosgw --display-name='radosgw' -k /var/lib/ceph/radosgw/ceph-rgw.ceph01/keyring --name client.rgw.ceph01
2.2 在客戶端安裝s3cmd軟件
[root@192-168-5-70 ~]# yum install s3cmd -y
2.3 生成配置文件
[root@192-168-5-70 ~]# s3cmd --configure Enter new values or accept defaults in brackets with Enter. Refer to user manual for detailed description of all options. Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables. Access Key: D028HA7T16KJHU2602YA # 粘貼服務端生成的Access Key Secret Key: RWczKVORMdDBw2mtgLs2dUPq2xrCehnjOtB6pHPY # 粘貼服務端生成的Secret Key Default Region [US]: # 直接回車即可 Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3. S3 Endpoint [s3.amazonaws.com]: 192.168.5.91 # 輸入對象存儲的IP地址 Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used if the target S3 system supports dns based buckets. DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket).192.168.5.91 # 輸入對象存儲的bucket地址 Encryption password is used to protect your files from reading by unauthorized persons while in transfer to S3 Encryption password: # 空密碼回車 Path to GPG program [/usr/bin/gpg]: # /usr/bin/gpg命令路徑 回車 When using secure HTTPS protocol all communication with Amazon S3 servers is protected from 3rd party eavesdropping. This method is slower than plain HTTP, and can only be proxied with Python 2.7 or newer Use HTTPS protocol [Yes]: no # 是否使用https,選no On some networks all internet access must go through a HTTP proxy. Try setting it here if you can't connect to S3 directly HTTP Proxy server name: # haproxy 留空回車 New settings: Access Key: D028HA7T16KJHU2602YA Secret Key: RWczKVORMdDBw2mtgLs2dUPq2xrCehnjOtB6pHPY Default Region: US S3 Endpoint: 192.168.5.91 DNS-style bucket+hostname:port template for accessing a bucket: %(bucket).192.168.5.91 Encryption password: Path to GPG program: /usr/bin/gpg Use HTTPS protocol: False HTTP Proxy server name: HTTP Proxy server port: 0 Test access with supplied credentials? [Y/n] n Save settings? [y/N] y # y 要保存配置文件 Configuration saved to '/root/.s3cfg' # 最后配置文件保存的位置/root.s3cfg
2.4 s3cmd驗證基礎操作
[root@192-168-5-70 ~]# s3cmd mb s3://my-bucket # 創建my-bucket桶 Bucket 's3://my-bucket/' created
[root@192-168-5-70 ~]# s3cmd ls # 查看所有的桶 2020-02-12 07:07 s3://my-bucket
[root@192-168-5-70 ~]# s3cmd put /etc/hosts s3://my-bucket # 向指定桶中上傳/etc/hosts文件 upload: '/etc/hosts' -> 's3://my-bucket/hosts' [1 of 1] 158 of 158 100% in 0s 2.67 kB/s done
[root@192-168-5-70 ~]# s3cmd ls s3://my-bucket # 顯示my-bucket中的文件 2020-02-12 07:07 158 s3://my-bucket/hosts
[root@192-168-5-70 ~]# s3cmd del s3://my-bucket/hosts # 刪除my-bucket中的hosts文件 delete: 's3://my-bucket/hosts'
[root@192-168-5-70 ~]# s3cmd rb s3://my-bucket # 刪除my-bucket Bucket 's3://my-bucket/' removed
三、Swift API 訪問對象存儲
3.1 創建swift api子帳戶,若忘記key也可用上面的info查看
[root@ceph01 ~]# radosgw-admin subuser create --uid=radosgw --subuser=radosgw:swift --access=full
3.2 安裝swift客戶端
[root@192-168-5-70 ~]# yum install python-pip -y [root@192-168-5-70 ~]# pip install --upgrade python-swiftclient
3.3 使用swift進行訪問
[root@192-168-5-70 ~]# swift -A http://192.168.5.91/auth/1.0 -U radosgw:swift -K IlX5guDnsqPGEpKOGgfR4AtuFxPTGr0VQF6F6Iwy post lin-bucket # 創建lin-bucket桶 [root@192-168-5-70 ~]# swift -A http://192.168.5.91/auth/1.0 -U radosgw:swift -K IlX5guDnsqPGEpKOGgfR4AtuFxPTGr0VQF6F6Iwy list # 查看所有的桶
lin-bucket