一、对象存储介绍
作为文件系统的磁盘,操作系统不能直接访问对象存储。相反,它只能通过应用程序级别的API访问。Ceph是一种分布式对象存储系统,通过Ceph对象网关提供对象存储接口,也称为RADOS网关(RGW)接口,它构建在Ceph RADOS层之上。 RGW使用librgw (RADOS Gateway Library)和librados,允许应用程序与Ceph对象存储建立连接。 RGW为应用程序提供了一个RESTful S3 / swift兼容的API接口,用于在Ceph集群中以对象的形式存储数据。 Ceph还支持多租户对象存储,可以通过RESTful API访问。此外, RGW还支持Ceph Admin API,可以使用本机API调用来管理Ceph存储集群。
由于它提供与OpenStack Swift和Amazon S3兼容的接口,因此Ceph对象网关具有自己的用户管理。Ceph对象网关可以将数据存储在用于存储来自Ceph文件系统客户端或Ceph块设备客户端的数据的相同Ceph存储集群中。S3和Swift API共享一个公共命名空间,因此您可以使用一个API编写数据并使用另一个API检索它。librados软件库非常灵活,允许用户应用程序通过C、 c++、 Java、 Python和PHP绑定直接访问Ceph存储集群。 Ceph对象存储还具有多站点功能,即为灾难恢复提供解决方案。
对于生产环境,建议在物理专用机器上配置RGW。但是,如果对象存储工作负载不太大,可以考虑将任何监视器机器作为RGW节点使用。 RGW是一个独立的服务,它从外部连接到Ceph集群,并向客户端提供对象存储访问。在生产环境中,建议运行多个RGW实例,由负载均衡器屏蔽,如下图所示:
二、对象存储部署
2.1 三个节点安装ceph-radosgw
$ sudo yum install ceph-radosgw -y
2.2 部署集群
[cephadmin@ceph01 ~]$ cd my-cluster/
[cephadmin@ceph01 my-cluster]$ ceph-deploy rgw create ceph01 ceph02 ceph03
2.3 部署完成后默认的端口是7480将其修改为80端口
[cephadmin@ceph01 my-cluster]$ vim ceph.conf [global] fsid = 4d02981a-cd20-4cc9-8390-7013da54b161 mon_initial_members = ceph01, ceph02, ceph03 mon_host = 192.168.5.91,192.168.5.92,192.168.5.93 auth_cluster_required = cephx auth_service_required = cephx auth_client_required = cephx # 增加以下内容,client.rgw.后面为主机名称 [client.rgw.ceph01] rgw_frontends = "civetweb port=80" [client.rgw.ceph02] rgw_frontends = "civetweb port=80" [client.rgw.ceph03] rgw_frontends = "civetweb port=80"
2.4 将配置文件推送到集群其它节点中
# 推送完成之后,所有节点的/etc/ceph/ceph.conf配置文件将和上面一致
[cephadmin@ceph01 my-cluster]$ ceph-deploy --overwrite-conf config push ceph01 ceph02 ceph03
2.5 各节点重启服务
[cephadmin@ceph01 ~]$ sudo systemctl restart ceph-radosgw@rgw.ceph01.service [root@ceph02 ~]# systemctl restart ceph-radosgw@rgw.ceph02.service [root@ceph03 ~]# systemctl restart ceph-radosgw@rgw.ceph03.service
2.6 测试验证能否访问集群的80端口
[cephadmin@ceph01 ~]$ sudo netstat -lntp | grep 80 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 151464/radosgw
# 需要使用root帐户进行测试集群 [root@ceph01 ~]# ceph -s -k /var/lib/ceph/radosgw/ceph-rgw.ceph01/keyring --name client.rgw.ceph01
二、使用S3 API 访问对象存储
2.1 创建创建 radosgw 用户
[root@ceph01 ~]# radosgw-admin user create --uid=radosgw --display-name='radosgw' -k /var/lib/ceph/radosgw/ceph-rgw.ceph01/keyring --name client.rgw.ceph01 # 创建完成之后需要把access_key和secret_key保存下来,也可以使用下面的命令来查看 [root@ceph01 ~]# radosgw-admin user info --uid=radosgw --display-name='radosgw' -k /var/lib/ceph/radosgw/ceph-rgw.ceph01/keyring --name client.rgw.ceph01
2.2 在客户端安装s3cmd软件
[root@192-168-5-70 ~]# yum install s3cmd -y
2.3 生成配置文件
[root@192-168-5-70 ~]# s3cmd --configure Enter new values or accept defaults in brackets with Enter. Refer to user manual for detailed description of all options. Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables. Access Key: D028HA7T16KJHU2602YA # 粘贴服务端生成的Access Key Secret Key: RWczKVORMdDBw2mtgLs2dUPq2xrCehnjOtB6pHPY # 粘贴服务端生成的Secret Key Default Region [US]: # 直接回车即可 Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3. S3 Endpoint [s3.amazonaws.com]: 192.168.5.91 # 输入对象存储的IP地址 Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used if the target S3 system supports dns based buckets. DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket).192.168.5.91 # 输入对象存储的bucket地址 Encryption password is used to protect your files from reading by unauthorized persons while in transfer to S3 Encryption password: # 空密码回车 Path to GPG program [/usr/bin/gpg]: # /usr/bin/gpg命令路径 回车 When using secure HTTPS protocol all communication with Amazon S3 servers is protected from 3rd party eavesdropping. This method is slower than plain HTTP, and can only be proxied with Python 2.7 or newer Use HTTPS protocol [Yes]: no # 是否使用https,选no On some networks all internet access must go through a HTTP proxy. Try setting it here if you can't connect to S3 directly HTTP Proxy server name: # haproxy 留空回车 New settings: Access Key: D028HA7T16KJHU2602YA Secret Key: RWczKVORMdDBw2mtgLs2dUPq2xrCehnjOtB6pHPY Default Region: US S3 Endpoint: 192.168.5.91 DNS-style bucket+hostname:port template for accessing a bucket: %(bucket).192.168.5.91 Encryption password: Path to GPG program: /usr/bin/gpg Use HTTPS protocol: False HTTP Proxy server name: HTTP Proxy server port: 0 Test access with supplied credentials? [Y/n] n Save settings? [y/N] y # y 要保存配置文件 Configuration saved to '/root/.s3cfg' # 最后配置文件保存的位置/root.s3cfg
2.4 s3cmd验证基础操作
[root@192-168-5-70 ~]# s3cmd mb s3://my-bucket # 创建my-bucket桶 Bucket 's3://my-bucket/' created
[root@192-168-5-70 ~]# s3cmd ls # 查看所有的桶 2020-02-12 07:07 s3://my-bucket
[root@192-168-5-70 ~]# s3cmd put /etc/hosts s3://my-bucket # 向指定桶中上传/etc/hosts文件 upload: '/etc/hosts' -> 's3://my-bucket/hosts' [1 of 1] 158 of 158 100% in 0s 2.67 kB/s done
[root@192-168-5-70 ~]# s3cmd ls s3://my-bucket # 显示my-bucket中的文件 2020-02-12 07:07 158 s3://my-bucket/hosts
[root@192-168-5-70 ~]# s3cmd del s3://my-bucket/hosts # 删除my-bucket中的hosts文件 delete: 's3://my-bucket/hosts'
[root@192-168-5-70 ~]# s3cmd rb s3://my-bucket # 删除my-bucket Bucket 's3://my-bucket/' removed
三、Swift API 访问对象存储
3.1 创建swift api子帐户,若忘记key也可用上面的info查看
[root@ceph01 ~]# radosgw-admin subuser create --uid=radosgw --subuser=radosgw:swift --access=full
3.2 安装swift客户端
[root@192-168-5-70 ~]# yum install python-pip -y [root@192-168-5-70 ~]# pip install --upgrade python-swiftclient
3.3 使用swift进行访问
[root@192-168-5-70 ~]# swift -A http://192.168.5.91/auth/1.0 -U radosgw:swift -K IlX5guDnsqPGEpKOGgfR4AtuFxPTGr0VQF6F6Iwy post lin-bucket # 创建lin-bucket桶 [root@192-168-5-70 ~]# swift -A http://192.168.5.91/auth/1.0 -U radosgw:swift -K IlX5guDnsqPGEpKOGgfR4AtuFxPTGr0VQF6F6Iwy list # 查看所有的桶
lin-bucket