Ceph對象存儲網關安裝配置
引言
基於已部署好的Ceph集羣,部署一個網關服務器,進行對象存儲服務。操做系統CentOS6.5 CEPH0.94.3其實基於librados能夠直接進行訪問,可是我看了百度,UCLOUD的對象存儲,用戶在網頁上進行文件的上傳、下載時,都經過web服務器間接和存儲集羣打交道,進行了一層隔離,而不是直接和集羣進行通訊操做。我得理解是便於訪問控制以及隔離。html
1.依賴包安裝
Ceph rados-gateway依賴Apache和FastCGI, 用戶的請求先到web服務器,再走rados-gateway進入集羣之中。python
1.1 安裝Apache服務
sudo yum install httpd Package httpd-2.2.15-47.el6.centos.x86_64 already installed and latest version
1.2 配置http服務器
sudo vim /etc/httpd/conf/httpd.conf
將ServerName的註釋號去掉,添加上本身網關服務器的IP地址web
272 # If your host doesn't have a registered DNS name, enter its IP address here. 273 # You will have to access it by its address anyway, and this will make 274 # redirections work in a sensible way. 275 # 276 ServerName 101.67.163.34:80
在配置中增長以下信息,加載mod_proxy_fcgiapache
<IfModule !proxy_fcgi_module> LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so </IfModule>
此處需注意,須要將該段內容加載LoadModule系列的後面,不然會報以下錯誤:swift
sudo service httpd start Starting httpd: httpd: Syntax error on line 129 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_proxy_fcgi.so into server: /etc/httpd/modules/mod_proxy_fcgi.so: undefined symbol: ap_proxy_release_connection
修改配置中的LISTEN字段,將網關所在主機的IP地址添加進去vim
# Listen: Allows you to bind Apache to specific IP addresses and/or # ports, in addition to the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # Listen 101.67.163.34:80 #Listen 80
1.3 SSL支持 (此處是否必須不是很清楚,只是按照官方文檔走)
祕鑰文件生成centos
sudo yum install mod_ssl openssl openssl genrsa -out ca.key 2048 openssl req -new -key ca.key -out ca.csr openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
文件目錄放置sudo cp ca.crt /etc/pki/tls/certs服務器
sudo cp ca.key /etc/pki/tls/private/ca.key sudo cp ca.csr /etc/pki/tls/private/ca.csr
配置文件修改/etc/httpd/conf.d/ssl.conf.frontend
SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key
重啓httpd服務sudo service httpd restartsocket
1.4 網關服務安裝
sudo yum install ceph-radosgw
至此,相關依賴包安裝完畢
2. CEPH網關服務配置
ceph網關實際上是ceph集羣的一個客戶端,用戶經過這個網關間接訪問ceph集羣,做爲客戶端,它須要準備以下內容:
網關名稱,此處用gateway稱呼
一個能夠訪問存儲集羣的用戶以及對應的KEYRING
數據資源池,這個由ceph集羣提供
爲網關服務示例準備一個數據存放空間
在ceph.conf配置文件中設置gateway信息
2.1 建立訪問用戶及權限設置
建立gateway keyring,一開始該文件爲空
sudo ceph-authtool --create-keyring /etc/ceph/ceph.client.radosgw.keyring sudo chmod +r /etc/ceph/ceph.client.radosgw.keyring
建立網關用戶名以及key 此處名字爲 client.radosgw.gateway
sudo ceph-authtool /etc/ceph/ceph.client.radosgw.keyring -n client.radosgw.gateway --gen-key
爲KEYRING添加權限
sudo ceph-authtool -n client.radosgw.gateway --cap osd 'allow rwx' --cap mon 'allow rwx' /etc/ceph/ceph.client.radosgw.keyring
將key添加到集羣中
sudo ceph -k /etc/ceph/ceph.client.admin.keyring auth add client.radosgw.gateway -i /etc/ceph/ceph.client.radosgw.keyring
將相關的KEYRING文件拷貝到rados-gateway所在的主機 /etc/ceph/目錄下
2.2 數據資源池建立
.rgw.root .rgw.control .rgw.gc .rgw.buckets .rgw.buckets.index .rgw.buckets.extra .log .intent-log .usage .users .users.email .users.swift .users.uid
[root@gnop029-ct-zhejiang_wenzhou-16-34 conf]# ceph osd lspools 4 rbd,6 pool-1,7 pool-2,8 .rgw,9 .rgw.root,10 .rgw.control,11 .rgw.gc,12 .rgw.buckets,13 .rgw.buckets.index,14 .log,15 .intent-log,16 .usage,17 .users,18 .users.email,19 .users.swift,20 .users.uid
2.3 將網關配置信息添加到集羣配置中
[client.radosgw.gateway] host=ceph-24 keyring=/etc/ceph/ceph.client.radosgw.keyring rgw socket path=/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock log file=/var/log/radosgw/client.radosgw.gateway.log rgw frontends=fastcgi socket_port=9000 socket_host=0.0.0.0 rgw print continue=false
2.4 目錄及權限調整
建立數據目錄
sudo mkdir -p /var/lib/ceph/radosgw/ceph-radosgw.gateway 調整apache運行權限 sudo chown apache:apache /var/run/ceph
調整日誌權限
sudo chown apache:apache /var/log/radosgw/client.radosgw.gateway.log
啓動網關服務sudo /etc/init.d/ceph-radosgw start
2.5 網關配置文件
一個配置文件,用於web server和FastCGI之間的交互
sudo vi /etc/httpd/conf.d/rgw.conf
<VirtualHost *:80>
ServerName 101.67.163.34
DocumentRoot /var/www/html
ErrorLog /var/log/httpd/rgw_error.log
CustomLog /var/log/httpd/rgw_access.log combined
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
SetEnv proxy-nokeepalive 1
ProxyPass / fcgi://101.67.163.34:9000/
</VirtualHost>
其中標紅的地方是要根據實際狀況填寫
2.6 用戶建立
radosgw-admin user create --uid=xuwenping --display-name="ceph xuwenping" --email=xuwenping@d***n.com
{
"user_id": "xuwenping",
"display_name": "ceph xuwenping",
"email": "xuwenping@dnion.com",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{
"user": "xuwenping",
"access_key": "4J3GD7GJIJKSDCVS1I9T",
"secret_key": "yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"temp_url_keys": []
}
建立SWIFT類型USER
sudo radosgw-admin subuser create --uid=xuwenping --subuser=xuwenping :swift --access=full
2015-10-10 14:19:19.854951 7f402eadc8a0 0 max_buckets=1000 specified=0
{
"user_id": "xuwenping",
"display_name": "ceph xuwenping",
"email": "xuwenping@dnion.com",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [
{
"id": "xuwenping:swift",
"permissions": "full-control"
}
],
"keys": [
{
"user": "xuwenping",
"access_key": "4J3GD7GJIJKSDCVS1I9T",
"secret_key": "yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I"
},
{
"user": "xuwenping:swift",
"access_key": "PEIT99BBWMZP31BD6S3I",
"secret_key": ""
}
],
"swift_keys": [
{
"user": "xuwenping:swift",
"secret_key": "qWHPhvUy4md1XSa2PSbcxUyMU5YXodlqxt0ZC2hn"
}
],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"max_size_kb": -1,
"max_objects": -1
},
"temp_url_keys": []
}
2.7 實際驗證
編寫了一段python代碼,用於訪問網關,並建立bucket,並經過list方法羅列出當前全部的bucket (官方示例)
依賴庫安裝
sudo yum install python-boto
import boto
import boto.s3.connection
access_key = '4J3GD7GJIJKSDCVS1I9T'
secret_key = 'yfmxvzQdWT4EmVDijOFp6oNt4kZ25y9wRVARas4I'
conn = boto.connect_s3(
aws_access_key_id = access_key,
aws_secret_access_key = secret_key,
host = '101.67.163.34',
is_secure=False,
calling_format = boto.s3.connection.OrdinaryCallingFormat(),
)
bucket = conn.create_bucket('my-new-bucket')
for bucket in conn.get_all_buckets():
print "{name}\t{created}".format(
name = bucket.name,
created = bucket.creation_date,
)
運行結果
[root@gnop029-ct-zhejiang_wenzhou-16-34 ceph-rados]# python s3test.py my-new-bucket 2015-10-10T06:23:48.000Z
至此,Ceph集羣的對象存儲網關安裝設置完畢
附:
有時候經過yum安裝軟件是報以下錯誤:
Downloading Packages: warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 GPG key retrieval failed: [Errno 14] Could not open/read file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
在執行 安裝命令時帶上以下參數便可:
yum install mod_proxy_fcgi --nogpgcheck
相關文章
- 1. Ceph安裝對象網關
- 2. ceph對象存儲(rgw)服務、高可用安裝配置
- 3. Ceph 對象存儲
- 4. 分佈式存儲ceph 對象存儲配置zone 同步
- 5. ceph對象存儲搭建
- 6. ceph 對象存儲搭建
- 7. ceph 對象存儲設置bucket share
- 8. Ceph對象存儲網關中的索引工做原理
- 9. 四、ceph-deploy之配置使用對象存儲
- 10. 【轉】Ceph對象存儲(rgw)的IPv6環境配置
- 更多相關文章...
- • Git 安裝配置 - Git 教程
- • MySQL免安裝版配置教程 - MySQL教程
- • Composer 安裝與使用
- • 三篇文章瞭解 TiDB 技術內幕——說存儲
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章