Ceph Reef(18.2.X)之python操作对象存储网关

2024-09-04 29

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

本文涉及的产品

对象存储 OSS，20GB 3个月

对象存储 OSS，恶意文件检测 1000次 1年

对象存储 OSS，内容安全 1000次 1年

简介： 这篇文章介绍了如何在Ceph Reef(18.2.X)环境中使用Python操作对象存储网关(rgw)，包括环境搭建、账号创建、使用s3cmd工具以及编写和测试Python代码。

　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　作者：尹正杰
版权声明：原创作品，谢绝转载！否则将追究法律责任。

一.环境准备

1.Ceph Reef(18.2.X)的对象存储网关(rgw)组件搭建

推荐阅读:
    https://developer.aliyun.com/article/1605062

2.创建账号

[root@ceph141 ~]# radosgw-admin user create --uid "yinzhengjie" --display-name "尹正杰"
{
    "user_id": "yinzhengjie",
    "display_name": "尹正杰",
    "email": "",
    "suspended": 0,
    "max_buckets": 1000,
    "subusers": [],
    "keys": [
        {
            "user": "yinzhengjie",
            "access_key": "M25RJ5F8XLNVUY4ORF6Z",
            "secret_key": "lk7c4eNCAkTOfaI3BuOcct70peebF2CCPUKpR6s5"
        }
    ],
    "swift_keys": [],
    "caps": [],
    "op_mask": "read, write, delete",
    "default_placement": "",
    "default_storage_class": "",
    "placement_tags": [],
    "bucket_quota": {
        "enabled": false,
        "check_on_raw": false,
        "max_size": -1,
        "max_size_kb": 0,
        "max_objects": -1
    },
    "user_quota": {
        "enabled": false,
        "check_on_raw": false,
        "max_size": -1,
        "max_size_kb": 0,
        "max_objects": -1
    },
    "temp_url_keys": [],
    "type": "rgw",
    "mfa_ids": []
}

[root@ceph141 ~]#

3.s3cmd工具

    1.安装s3cmd
apt -y install s3cmd

    2.查看rgw所在节点
[root@ceph141 ~]# ceph orch ls  | grep rgw
rgw.yinzhengjie  ?:80             1/1  10m ago    31m  ceph142      
[root@ceph141 ~]# 
[root@ceph141 ~]# echo 172.30.100.142 www.yinzhengjie.com >> /etc/hosts
[root@ceph141 ~]# 

    3.运行s3cmd的运行环境，生成"/root/.s3cfg"配置文件
[root@ceph141 ~]# s3cmd --configure 

Enter new values or accept defaults in brackets with Enter.
Refer to user manual for detailed description of all options.

Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
Access Key: M25RJ5F8XLNVUY4ORF6Z
Secret Key: lk7c4eNCAkTOfaI3BuOcct70peebF2CCPUKpR6s5
Default Region [US]: 

Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.
S3 Endpoint [s3.amazonaws.com]: www.yinzhengjie.com

Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used
if the target S3 system supports dns based buckets.
DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: www.yinzhengjie.com/%(bucket)

Encryption password is used to protect your files from reading
by unauthorized persons while in transfer to S3
Encryption password: 
Path to GPG program [/usr/bin/gpg]: 

When using secure HTTPS protocol all communication with Amazon S3
servers is protected from 3rd party eavesdropping. This method is
slower than plain HTTP, and can only be proxied with Python 2.7 or newer
Use HTTPS protocol [Yes]: No

On some networks all internet access must go through a HTTP proxy.
Try setting it here if you can't connect to S3 directly
HTTP Proxy server name: 

New settings:
  Access Key: M25RJ5F8XLNVUY4ORF6Z
  Secret Key: lk7c4eNCAkTOfaI3BuOcct70peebF2CCPUKpR6s5
  Default Region: US
  S3 Endpoint: www.yinzhengjie.com
  DNS-style bucket+hostname:port template for accessing a bucket: www.yinzhengjie.com/%(bucket)
  Encryption password: 
  Path to GPG program: /usr/bin/gpg
  Use HTTPS protocol: False
  HTTP Proxy server name: 
  HTTP Proxy server port: 0

Test access with supplied credentials? [Y/n] Y
Please wait, attempting to list all buckets...
Success. Your access key and secret key worked fine :-)

Now verifying that encryption works...
Not configured. Never mind.

Save settings? [y/N] y
Configuration saved to '/root/.s3cfg'
[root@ceph141 ~]#

二.Python操作对象存储

1.安装python环境

    1.安装pip工具包
[root@ceph141 ~]# apt -y install python3-pip

    2.配置pip3软件源
[root@ceph141 ~]# mkdir ~/.pip
[root@ceph141 ~]# vim ~/.pip/pip.conf
[root@ceph141 ~]# cat  ~/.pip/pip.conf
[global]
index-url = https://pypi.tuna.tsinghua.edu.cn/simple
[root@ceph141 ~]# 

    3.安装boto包
[root@ceph141 ~]# pip install boto

2.编写python程序

[root@ceph141 ~]# cat rgw-yinzhengjie.py 
import boto
import boto.s3.connection

access_key = 'M25RJ5F8XLNVUY4ORF6Z'
secret_key = 'lk7c4eNCAkTOfaI3BuOcct70peebF2CCPUKpR6s5'

# 连接rgw
conn = boto.connect_s3(
        aws_access_key_id = access_key,
        aws_secret_access_key = secret_key,
        host = 'www.yinzhengjie.com',
        is_secure=False,
        calling_format = boto.s3.connection.OrdinaryCallingFormat(),
        )

# 创建bucket
bucket = conn.create_bucket('yinzhengjie-rgw')

# 查看bucket列表
for bucket in conn.get_all_buckets():
        print("{name}\t{created}".format(
                name = bucket.name,
                created = bucket.creation_date,
        ))


# 查看bucket内容
for key in bucket.list():
        print("{name}\t{size}\t{modified}".format(
                name = key.name,
                size = key.size,
                modified = key.last_modified,
        ))

# 创建一个对象
key = bucket.new_key('blog.txt')
key.set_contents_from_string('https://www.cnblogs.com/yinzhengjie')

# 生成对象下载的URL
hello_key = bucket.get_key('blog.txt')
hello_url = hello_key.generate_url(0, query_auth=False, force_http=True)
print(hello_url)
[root@ceph141 ~]# 

参考链接：
      https://docs.ceph.com/en/latest/radosgw/s3/python/

3.测试python代码测试

[root@ceph141 ~]# python3 rgw-yinzhengjie.py 
yinzhengjie-rgw 2024-08-29T23:40:36.356Z
blog.txt        35      2024-08-29T23:44:19.424Z
http://www.yinzhengjie.com/yinzhengjie-rgw/blog.txt
[root@ceph141 ~]#

4.使用s3cmd命令访问测试

[root@ceph141 ~]# s3cmd get s3://yinzhengjie-rgw/blog.txt
download: 's3://yinzhengjie-rgw/blog.txt' -> './blog.txt'  [1 of 1]
 35 of 35   100% in    0s   712.50 B/s  done
[root@ceph141 ~]# 
[root@ceph141 ~]# more ./blog.txt
https://www.cnblogs.com/yinzhengjie
[root@ceph141 ~]#

5.创建访问策略

    1.编写策略配置文件
[root@ceph141 ~]# cat yinzhengjie-anonymous-access-policy.json 
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": {"AWS": ["*"]},
    "Action": "s3:GetObject",
    "Resource": [
      "arn:aws:s3:::yinzhengjie-rgw/*"
    ]
  }]
}
[root@ceph141 ~]# 

    2.应用策略
[root@ceph141 ~]# s3cmd info s3://yinzhengjie-rgw
s3://yinzhengjie-rgw/ (bucket):
   Location:  default
   Payer:     BucketOwner
   Expiration Rule: none
   Policy:    none
   CORS:      none
   ACL:       尹正杰: FULL_CONTROL
[root@ceph141 ~]# 
[root@ceph141 ~]# s3cmd setpolicy yinzhengjie-anonymous-access-policy.json s3://yinzhengjie-rgw
s3://yinzhengjie-rgw/: Policy updated
[root@ceph141 ~]# 
[root@ceph141 ~]# s3cmd info s3://yinzhengjie-rgw
s3://yinzhengjie-rgw/ (bucket):
   Location:  default
   Payer:     BucketOwner
   Expiration Rule: none
   Policy:    {
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": {"AWS": ["*"]},
    "Action": "s3:GetObject",
    "Resource": [
      "arn:aws:s3:::yinzhengjie-rgw/*"
    ]
  }]
}

   CORS:      none
   ACL:       尹正杰: FULL_CONTROL
[root@ceph141 ~]#

6.发起http请求测试

[root@ceph141 ~]# curl -s http://www.yinzhengjie.com/yinzhengjie-rgw/blog.txt | more 
https://www.cnblogs.com/yinzhengjie
[root@ceph141 ~]# 


温馨提示:
   由于咱们访问的并不是html文件，不建议使用浏览器访问，而是用curl来模拟http请求即可。

Ceph Reef(18.2.X)之python操作对象存储网关

一.环境准备

1.Ceph Reef(18.2.X)的对象存储网关(rgw)组件搭建

2.创建账号

3.s3cmd工具

二.Python操作对象存储

1.安装python环境

2.编写python程序

3.测试python代码测试

4.使用s3cmd命令访问测试

5.创建访问策略

6.发起http请求测试

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像