标签:
基于已部署好的Ceph集群,部署一个网关服务器,进行对象存储服务。操作系统CentOS6.5 CEPH0.94.3其实基于librados可以直接进行访问,但是我看了百度,UCLOUD的对象存储,用户在网页上进行文件的上传、下载时,都通过web服务器间接和存储集群打交道,进行了一层隔离,而不是直接和集群进行通信操作。我得理解是便于访问控制以及隔离。
Ceph rados-gateway依赖Apache和FastCGI, 用户的请求先到web服务器,再走rados-gateway进入集群之中。
sudo yum install httpd Package httpd-2.2.15-47.el6.centos.x86_64 already installed and latest version
sudo vim /etc/httpd/conf/httpd.conf将ServerName的注释号去掉,添加上自己网关服务器的IP地址
272 # If your host doesn‘t have a registered DNS name, enter its IP address here. 273 # You will have to access it by its address anyway, and this will make 274 # redirections work in a sensible way. 275 # 276 ServerName 101.67.163.34:80在配置中增加如下信息,加载mod_proxy_fcgi
<IfModule !proxy_fcgi_module> LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so </IfModule>此处需注意,需要将该段内容加载LoadModule系列的后面,否则会报如下错误:
sudo service httpd start Starting httpd: httpd: Syntax error on line 129 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_proxy_fcgi.so into server: /etc/httpd/modules/mod_proxy_fcgi.so: undefined symbol: ap_proxy_release_connection
修改配置中的LISTEN字段,将网关所在主机的IP地址添加进去
# Listen: Allows you to bind Apache to specific IP addresses and/or # ports, in addition to the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # Listen 101.67.163.34:80 #Listen 80
sudo yum install mod_ssl opensslopenssl genrsa -out ca.key 2048 openssl req -new -key ca.key -out ca.csr openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
文件目录放置sudo cp ca.crt /etc/pki/tls/certs
sudo cp ca.key /etc/pki/tls/private/ca.key sudo cp ca.csr /etc/pki/tls/private/ca.csr
配置文件修改/etc/httpd/conf.d/ssl.conf.
SSLCertificateFile/etc/pki/tls/certs/ca.crt SSLCertificateKeyFile/etc/pki/tls/private/ca.key
重启httpd服务sudo service httpd restart
sudo ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring sudo chmod +r /etc/ceph/ceph.client.radosgw.keyring创建网关用户名以及key 此处名字为 client.radosgw.gateway
sudo ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key为KEYRING添加权限
sudo ceph-authtool -n client.radosgw.gateway --cap osd ‘allow rwx‘ --cap mon ‘allow rwx‘ /etc/ceph/ceph.client.radosgw.keyring将key添加到集群中
sudo ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
将相关的KEYRING文件拷贝到rados-gateway所在的主机 /etc/ceph/目录下
.rgw.root .rgw.control .rgw.gc .rgw.buckets .rgw.buckets.index .rgw.buckets.extra .log .intent-log .usage .users .users.email .users.swift .users.uid
[root@gnop029-ct-zhejiang_wenzhou-16-34 conf]# ceph osd lspools 4 rbd,6 pool-1,7 pool-2,8 .rgw,9 .rgw.root,10 .rgw.control,11 .rgw.gc,12 .rgw.buckets,13 .rgw.buckets.index,14 .log,15 .intent-log,16 .usage,17 .users,18 .users.email,19 .users.swift,20 .users.uid
[client.radosgw.gateway] host=ceph-24 keyring=/etc/ceph/ceph.client.radosgw.keyring rgw socket path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock log file=/var/log/radosgw/client.radosgw.gateway.log rgw frontends=fastcgi socket_port=9000 socket_host=0.0.0.0 rgw print continue=false
sudo mkdir -p /var/lib/ceph/radosgw/ceph-radosgw.gateway 调整apache运行权限 sudo chown apache:apache /var/run/ceph调整日志权限
sudo chown apache:apache /var/log/radosgw/client.radosgw.gateway.log
启动网关服务sudo /etc/init.d/ceph-radosgw start
<VirtualHost *:80> ServerName 101.67.163.34 DocumentRoot /var/www/html ErrorLog /var/log/httpd/rgw_error.log CustomLog /var/log/httpd/rgw_access.log combined RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] SetEnv proxy-nokeepalive 1 ProxyPass / fcgi://101.67.163.34:9000/ </VirtualHost>
其中标红的地方是要根据实际情况填写
radosgw-admin user create --uid=xuwenping --display-name="ceph xuwenping" --email=xuwenping@dnion.com { "user_id": "xuwenping", "display_name": "ceph xuwenping", "email": "xuwenping@dnion.com", "suspended": 0, "max_buckets": 1000, "auid": 0, "subusers": [], "keys": [ { "user": "xuwenping", "access_key": "4J3GD7GJIJKSDCVS1I9T", "secret_key": "yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I" } ], "swift_keys": [], "caps": [], "op_mask": "read, write, delete", "default_placement": "", "placement_tags": [], "bucket_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "user_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "temp_url_keys": [] }创建SWIFT类型USER
sudo radosgw-admin subuser create --uid=xuwenping --subuser=xuwenping :swift --access=full 2015-10-10 14:19:19.854951 7f402eadc8a0 0 max_buckets=1000 specified=0 { "user_id": "xuwenping", "display_name": "ceph xuwenping", "email": "xuwenping@dnion.com", "suspended": 0, "max_buckets": 1000, "auid": 0, "subusers": [ { "id": "xuwenping:swift", "permissions": "full-control" } ], "keys": [ { "user": "xuwenping", "access_key": "4J3GD7GJIJKSDCVS1I9T", "secret_key": "yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I" }, { "user": "xuwenping:swift", "access_key": "PEIT99BBWMZP31BD6S3I", "secret_key": "" } ], "swift_keys": [ { "user": "xuwenping:swift", "secret_key": "qWHPhvUy4md1XSa2PSbcxUyMU5YXodlqxt0ZC2hn" } ], "caps": [], "op_mask": "read, write, delete", "default_placement": "", "placement_tags": [], "bucket_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "user_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "temp_url_keys": [] }
import boto import boto.s3.connection access_key = ‘4J3GD7GJIJKSDCVS1I9T‘ secret_key = ‘yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I‘ conn = boto.connect_s3( aws_access_key_id = access_key, aws_secret_access_key = secret_key, host = ‘101.67.163.34‘, is_secure=False, calling_format = boto.s3.connection.OrdinaryCallingFormat(), ) bucket = conn.create_bucket(‘my-new-bucket‘) for bucket in conn.get_all_buckets(): print "{name}\t{created}".format( name = bucket.name, created = bucket.creation_date, )
运行结果
[root@gnop029-ct-zhejiang_wenzhou-16-34 ceph-rados]# python s3test.py my-new-bucket 2015-10-10T06:23:48.000Z
至此,Ceph集群的对象存储网关安装设置完毕
标签:
原文地址:http://my.oschina.net/myspaceNUAA/blog/515261