RadosGW 对象存储简介
- RadosGW是对象存储的一种实现方式,RADOS网关也称为Ceph对象网关、RadosGW、RGW,是一种服务,使客户端能够利用标准对象存储API来访问Ceph集群,它支持AWS S3和Swift, rgw运行于librado之上,在ceph0.8版本之后使用Civetweb的web服务器来响应api请求,可以使用nginx或者apache替代,客户端基于http/https协议用过RESTful API与rgw通信,而rgw则使用librados与ceph集群通信,rgw客户端通过s3或者swift api使用rgw用户进行身份验证,然后rgw网关代表用户cephx与ceph存储进行身份验证。
对象存储的特点
对象存储的特点
- 通过对象存储将数据存储为对象,每个对象除了包含数据,还包含数据自身的元数据。
- 对象通过Object ID来检索,无法通过普通文件系统的方式通过文件路径名称操作直接访问对象,只能通过API来访问,或者第三方客户端。
- 对象存储中的对象不整理到目录树中,而是存储在扁平的命名空间中,Amazon S3将这个扁平名称空间称为bucket,而swift则将其称为容器。
- 无论bucket还是容器,都不能嵌套。
- ceph使用bucket作为存储桶,bucket需要被授权才能访问到。实现对象数据的存储和多用户隔离,数据存储在bucket中,用户的权限也是针对bucket进行授权,可以设置用户对不同的bucket拥有不同的权限,以实现权限管理。
- 方便横向扩展、快速检索数据。
- 不支持客户端挂载,且需要客户端在访问的时候指定文件名称。
- 不是很适用于文件过于频繁修改及删除的场景。
bucket 特性
- 存储空间是用于存储对象的容器,所有的对象都必须隶属于某个存储空间,可以设置和修改存储空间属性来控制地域、访问权限、生命周期等,这些属性设置直接作用于该存储空间内所有对象,因此您可以通过灵活创建不同的存储空间来完成不同的管理功能。
- 同一个存储空间内部都是扁平的,没有文件系统的目录概念,所有的对象都直接隶属于其对应的存储空间。
- 每个用户都可以拥有多个存储空间。
- 存储空间的名称在OSS范围内必须是全局唯一的,一旦创建之后无法修改名称。
- 存储空间内部的对象数目没有限制。
bucket命名规范
- 只能包括大小写字母、数字和短横线(-)。
- 必须以小写字母或者数据开头和结尾。
- 长度必须在3-63字节之间。
对象存储访问对比
- Amazon S3:提供了user、bucket和object,分别表示为用户、存储桶和对象,其中bucket隶属于user,可以这对user设置不同bucket的名称空间访问权限,而且不用用户允许访问相同的bucket。
- OpenStack Swift:提供了user、container和object,分别对应于用户、存储桶和对象,不过它还额外为user提供了父级组件account,用于表示一个项目或租户,因此一个account中它包含一个到多个user,他们可共享使用同一组container,并为container提供名称空间。
- RadosGW:提供了user、subuser、bucket和object,其中的user对应S3的user,而subuser则对应于Swif的user,不过user和subuser都不支持为bucket提供名称空间,因此,不同用户的存储桶也不允许同名,不过自Jewel版本起,RadosGW引入了tenant(租户)用于为user和bucket提供名称空间,但它是个可选组件,RadosGW基于ACL为不同的用户设置不用的权限。
- Read 读加执行权限
- Write 写权限
- Readwrite 只读
- full-control 全部控制权限
部署RadosGW服务
安装radosgw服务
root@ceph-mgr-01:~# apt -y install radosgw
root@ceph-mgr-02:~# apt -y install radosgw
初始化radosgw
初始化ceph-mgr-01节点rgw服务
点击查看代码
ceph@ceph-deploy:~/ceph-cluster$ ceph-deploy rgw create ceph-mgr-01
[ceph_deploy.conf][DEBUG ] found configuration file at: /var/lib/ceph/.cephdeploy.conf
[ceph_deploy.cli][INFO ] Invoked (2.0.1): /usr/bin/ceph-deploy rgw create ceph-mgr-01
[ceph_deploy.cli][INFO ] ceph-deploy options:
[ceph_deploy.cli][INFO ] username : None
[ceph_deploy.cli][INFO ] verbose : False
[ceph_deploy.cli][INFO ] rgw : [('ceph-mgr-01', 'rgw.ceph-mgr-01')]
[ceph_deploy.cli][INFO ] overwrite_conf : False
[ceph_deploy.cli][INFO ] subcommand : create
[ceph_deploy.cli][INFO ] quiet : False
[ceph_deploy.cli][INFO ] cd_conf : <ceph_deploy.conf.cephdeploy.Conf instance at 0x7fc0a912a1e0>
[ceph_deploy.cli][INFO ] cluster : ceph
[ceph_deploy.cli][INFO ] func : <function rgw at 0x7fc0a99d26d0>
[ceph_deploy.cli][INFO ] ceph_conf : None
[ceph_deploy.cli][INFO ] default_release : False
[ceph_deploy.rgw][DEBUG ] Deploying rgw, cluster ceph hosts ceph-mgr-01:rgw.ceph-mgr-01
ceph@ceph-mgr-01's password:
[ceph-mgr-01][DEBUG ] connection detected need for sudo
ceph@ceph-mgr-01's password:
[ceph-mgr-01][DEBUG ] connected to host: ceph-mgr-01
[ceph-mgr-01][DEBUG ] detect platform information from remote host
[ceph-mgr-01][DEBUG ] detect machine type
[ceph_deploy.rgw][INFO ] Distro info: Ubuntu 18.04 bionic
[ceph_deploy.rgw][DEBUG ] remote host will use systemd
[ceph_deploy.rgw][DEBUG ] deploying rgw bootstrap to ceph-mgr-01
[ceph-mgr-01][DEBUG ] write cluster configuration to /etc/ceph/{cluster}.conf
[ceph-mgr-01][WARNIN] rgw keyring does not exist yet, creating one
[ceph-mgr-01][DEBUG ] create a keyring file
[ceph-mgr-01][DEBUG ] create path recursively if it doesn't exist
[ceph-mgr-01][INFO ] Running command: sudo ceph --cluster ceph --name client.bootstrap-rgw --keyring /var/lib/ceph/bootstrap-rgw/ceph.keyring auth get-or-create client.rgw.ceph-mgr-01 osd allow rwx mon allow rw -o /var/lib/ceph/radosgw/ceph-rgw.ceph-mgr-01/keyring
[ceph-mgr-01][INFO ] Running command: sudo systemctl enable ceph-radosgw@rgw.ceph-mgr-01
[ceph-mgr-01][WARNIN] Created symlink /etc/systemd/system/ceph-radosgw.target.wants/ceph-radosgw@rgw.ceph-mgr-01.service → /lib/systemd/system/ceph-radosgw@.service.
[ceph-mgr-01][INFO ] Running command: sudo systemctl start ceph-radosgw@rgw.ceph-mgr-01
[ceph-mgr-01][INFO ] Running command: sudo systemctl enable ceph.target
[ceph_deploy.rgw][INFO ] The Ceph Object Gateway (RGW) is now running on host ceph-mgr-01 and default port 7480
初始化ceph-mgr-02节点rgw服务
点击查看代码
ceph@ceph-deploy:~/ceph-cluster$ ceph-deploy rgw create ceph-mgr-02
[ceph_deploy.conf][DEBUG ] found configuration file at: /var/lib/ceph/.cephdeploy.conf
[ceph_deploy.cli][INFO ] Invoked (2.0.1): /usr/bin/ceph-deploy rgw create ceph-mgr-02
[ceph_deploy.cli][INFO ] ceph-deploy options:
[ceph_deploy.cli][INFO ] username : None
[ceph_deploy.cli][INFO ] verbose : False
[ceph_deploy.cli][INFO ] rgw : [('ceph-mgr-02', 'rgw.ceph-mgr-02')]
[ceph_deploy.cli][INFO ] overwrite_conf : False
[ceph_deploy.cli][INFO ] subcommand : create
[ceph_deploy.cli][INFO ] quiet : False
[ceph_deploy.cli][INFO ] cd_conf : <ceph_deploy.conf.cephdeploy.Conf instance at 0x7efd6c1391e0>
[ceph_deploy.cli][INFO ] cluster : ceph
[ceph_deploy.cli][INFO ] func : <function rgw at 0x7efd6c9e16d0>
[ceph_deploy.cli][INFO ] ceph_conf : None
[ceph_deploy.cli][INFO ] default_release : False
[ceph_deploy.rgw][DEBUG ] Deploying rgw, cluster ceph hosts ceph-mgr-02:rgw.ceph-mgr-02
ceph@ceph-mgr-02's password:
12[ceph-mgr-02][DEBUG ] connection detected need for sudo
ceph@ceph-mgr-02's password:
Permission denied, please try again.
ceph@ceph-mgr-02's password:
[ceph-mgr-02][DEBUG ] connected to host: ceph-mgr-02
[ceph-mgr-02][DEBUG ] detect platform information from remote host
[ceph-mgr-02][DEBUG ] detect machine type
[ceph_deploy.rgw][INFO ] Distro info: Ubuntu 18.04 bionic
[ceph_deploy.rgw][DEBUG ] remote host will use systemd
[ceph_deploy.rgw][DEBUG ] deploying rgw bootstrap to ceph-mgr-02
[ceph-mgr-02][DEBUG ] write cluster configuration to /etc/ceph/{cluster}.conf
[ceph-mgr-02][WARNIN] rgw keyring does not exist yet, creating one
[ceph-mgr-02][DEBUG ] create a keyring file
[ceph-mgr-02][DEBUG ] create path recursively if it doesn't exist
[ceph-mgr-02][INFO ] Running command: sudo ceph --cluster ceph --name client.bootstrap-rgw --keyring /var/lib/ceph/bootstrap-rgw/ceph.keyring auth get-or-create client.rgw.ceph-mgr-02 osd allow rwx mon allow rw -o /var/lib/ceph/radosgw/ceph-rgw.ceph-mgr-02/keyring
[ceph-mgr-02][INFO ] Running command: sudo systemctl enable ceph-radosgw@rgw.ceph-mgr-02
[ceph-mgr-02][WARNIN] Created symlink /etc/systemd/system/ceph-radosgw.target.wants/ceph-radosgw@rgw.ceph-mgr-02.service → /lib/systemd/system/ceph-radosgw@.service.
[ceph-mgr-02][INFO ] Running command: sudo systemctl start ceph-radosgw@rgw.ceph-mgr-02
[ceph-mgr-02][INFO ] Running command: sudo systemctl enable ceph.target
[ceph_deploy.rgw][INFO ] The Ceph Object Gateway (RGW) is now running on host ceph-mgr-02 and default port 7480
验证radosgw服务状态
点击查看代码
root@ceph-mgr-01:~# systemctl status ceph-radosgw@rgw.ceph-mgr-01
root@ceph-mgr-02:~# systemctl status ceph-radosgw@rgw.ceph-mgr-02
验证ceph集群rgw状态
点击查看代码
ceph@ceph-deploy:~/ceph-cluster$ ceph -s
cluster:
id: 6e521054-1532-4bc8-9971-7f8ae93e8430
health: HEALTH_OK
services:
mon: 3 daemons, quorum ceph-mon-01,ceph-mon-02,ceph-mon-03 (age 35m)
mgr: ceph-mgr-01(active, since 9d), standbys: ceph-mgr-02
mds: 2/2 daemons up, 2 standby
osd: 9 osds: 9 up (since 3w), 9 in (since 3w)
rgw: 2 daemons active (2 hosts, 1 zones)
data:
volumes: 1/1 healthy
pools: 8 pools, 265 pgs
objects: 253 objects, 24 MiB
usage: 1.5 GiB used, 178 GiB / 180 GiB avail
pgs: 265 active+clean
验证radosgw服务进程
root@ceph-mgr-01:~# ps -ef | grep radosgw
ceph 13642 1 0 17:26 ? 00:00:00 /usr/bin/radosgw -f --cluster ceph --name client.rgw.ceph-mgr-01 --setuser ceph --setgroup ceph
root@ceph-mgr-02:~# ps -ef | grep radosgw
ceph 10660 1 0 17:28 ? 00:00:00 /usr/bin/radosgw -f --cluster ceph --name client.rgw.ceph-mgr-02 --setuser ceph --setgroup ceph
rgw存储池功能
点击查看代码
ceph@ceph-deploy:~/ceph-cluster$ ceph osd pool ls
device_health_metrics
.rgw.root # 包含realm(领域信息),比如zone和zonegroup
default.rgw.log # 存储日志信息,用于记录各种log信息
default.rgw.control # 系统控制池,在有数据更新时,通知其它rgw更新缓存
default.rgw.meta # 元数据存储池,通过不同的名称空间分别存储不同的rados对象。这些名称空间包括用户UID及其bucket映射信息的名称空间users.uid、用户的密钥名称空间user.keys、用户email名称空间users.email、用户的subuser的名称空间users.swift,以及bucket的名称空间root等。
default.rgw.buckets.index # 有数据后会生成,存放bucket到object的索引信息
default.rgw.buckets.data # 有数据后会生成,存放对象的数据
default.rgw.buckets.non-ec # 有数据后会生成,数据的额外信息存储池
验证rgw zone信息
点击查看代码
ceph@ceph-deploy:~/ceph-cluster$ radosgw-admin zone get --rgw-zone=default
{
"id": "345c2549-82fd-4331-948f-4efff49c0f0e",
"name": "default",
"domain_root": "default.rgw.meta:root",
"control_pool": "default.rgw.control",
"gc_pool": "default.rgw.log:gc",
"lc_pool": "default.rgw.log:lc",
"log_pool": "default.rgw.log",
"intent_log_pool": "default.rgw.log:intent",
"usage_log_pool": "default.rgw.log:usage",
"roles_pool": "default.rgw.meta:roles",
"reshard_pool": "default.rgw.log:reshard",
"user_keys_pool": "default.rgw.meta:users.keys",
"user_email_pool": "default.rgw.meta:users.email",
"user_swift_pool": "default.rgw.meta:users.swift",
"user_uid_pool": "default.rgw.meta:users.uid",
"otp_pool": "default.rgw.otp",
"system_key": {
"access_key": "",
"secret_key": ""
},
"placement_pools": [
{
"key": "default-placement",
"val": {
"index_pool": "default.rgw.buckets.index",
"storage_classes": {
"STANDARD": {
"data_pool": "default.rgw.buckets.data"
}
},
"data_extra_pool": "default.rgw.buckets.non-ec",
"index_type": 0
}
}
],
"realm_id": "",
"notif_pool": "default.rgw.log:notif"
}
访问radosgw服务
ceph@ceph-deploy:~/ceph-cluster$ curl http://172.16.10.248:7480
<?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult>
rgw服务配置
自定义端口
- https://docs.ceph.com/en/latest/radosgw/frontends/
修改配置文件
点击查看代码
root@ceph-mgr-01:~# vim /etc/ceph/ceph.conf
[client.rgw.ceph-mgr-01]
rgw_host = ceph-mgr-01
rgw_frontends = civetweb port=9900
重启rgw服务
root@ceph-mgr-01:~# systemctl restart ceph-radosgw@rgw.ceph-mgr-01
验证rgw服务端口
点击查看代码
root@ceph-mgr-01:~# netstat -tnlp | grep radosgw
tcp 0 0 0.0.0.0:9900 0.0.0.0:* LISTEN 15949/radosgw
rgw https
- 方式一 自建证书
- 方式二购买证书 通过nginx代理访问
测试数据读写
创建rgw账户
点击查看代码
ceph@ceph-deploy:~/ceph-cluster$ radosgw-admin user create --uid="wgs01" --display-name="wgs01"
{
"user_id": "wgs01",
"display_name": "wgs01",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"subusers": [],
"keys": [
{
"user": "wgs01",
"access_key": "Q4XILSOF3BQ6MRBE2084",
"secret_key": "Azbspmpx1A5IBARe6OVvjYfTKQsAlNSjzEOGgG76"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"default_storage_class": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw",
"mfa_ids": []
}
安装s3cmd客户端
点击查看代码
root@ceph-client-01:~# apt -y install s3cmd
配置s3cmd客户端执行环境
配置s3cmd客户端域名解析
root@ceph-client-01:~# cat /etc/hosts
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.16.10.225 rgw.wgs.com
配置s3cmd命令执行环境
root@ceph-client-01:~# s3cmd --help
root@ceph-client-01:~# s3cmd --configure
Enter new values or accept defaults in brackets with Enter.
Refer to user manual for detailed description of all options.
Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
Access Key: Q4XILSOF3BQ6MRBE2084 # 输入用户Access Key
Secret Key: Azbspmpx1A5IBARe6OVvjYfTKQsAlNSjzEOGgG76 # 输入用户Secret Key
Default Region [US]: # region选项
Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3.
S3 Endpoint [s3.amazonaws.com]: rgw.wgs.com:9900 #RGW域名
Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used
if the target S3 system supports dns based buckets.
DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: rgw.wgs.com:9900/%(bucket) #bucket域名格式
Encryption password is used to protect your files from reading
by unauthorized persons while in transfer to S3
Encryption password: # 是否需要加密
Path to GPG program [/usr/bin/gpg]: # gpg路径
When using secure HTTPS protocol all communication with Amazon S3
servers is protected from 3rd party eavesdropping. This method is
slower than plain HTTP, and can only be proxied with Python 2.7 or newer
Use HTTPS protocol [Yes]: No # 是否使用https
On some networks all internet access must go through a HTTP proxy.
Try setting it here if you can't connect to S3 directly
HTTP Proxy server name: # http代理
New settings:
Access Key: Q4XILSOF3BQ6MRBE2084
Secret Key: Azbspmpx1A5IBARe6OVvjYfTKQsAlNSjzEOGgG76
Default Region: US
S3 Endpoint: rgw.wgs.com:9900
DNS-style bucket+hostname:port template for accessing a bucket: rgw.wgs.com:9900/%(bucket)
Encryption password:
Path to GPG program: /usr/bin/gpg
Use HTTPS protocol: False
HTTP Proxy server name:
HTTP Proxy server port: 0
Test access with supplied credentials? [Y/n] Y # 测试连接rgw是否正常
Please wait, attempting to list all buckets...
Success. Your access key and secret key worked fine :-)
Now verifying that encryption works...
Not configured. Never mind.
Save settings? [y/N] y # 保存设置
Configuration saved to '/root/.s3cfg'
验证s3cmd配置文件
点击查看代码
root@ceph-client-01:~# cat /root/.s3cfg
[default]
access_key = Q4XILSOF3BQ6MRBE2084
access_token =
add_encoding_exts =
add_headers =
bucket_location = US
ca_certs_file =
cache_file =
check_ssl_certificate = True
check_ssl_hostname = True
cloudfront_host = cloudfront.amazonaws.com
default_mime_type = binary/octet-stream
delay_updates = False
delete_after = False
delete_after_fetch = False
delete_removed = False
dry_run = False
enable_multipart = True
encoding = UTF-8
encrypt = False
expiry_date =
expiry_days =
expiry_prefix =
follow_symlinks = False
force = False
get_continue = False
gpg_command = /usr/bin/gpg
gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_passphrase =
guess_mime_type = True
host_base = rgw.wgs.com:9900
host_bucket = rgw.wgs.com:9900/%(bucket)
human_readable_sizes = False
invalidate_default_index_on_cf = False
invalidate_default_index_root_on_cf = True
invalidate_on_cf = False
kms_key =
limit = -1
limitrate = 0
list_md5 = False
log_target_prefix =
long_listing = False
max_delete = -1
mime_type =
multipart_chunk_size_mb = 15
multipart_max_chunks = 10000
preserve_attrs = True
progress_meter = True
proxy_host =
proxy_port = 0
put_continue = False
recursive = False
recv_chunk = 65536
reduced_redundancy = False
requester_pays = False
restore_days = 1
restore_priority = Standard
secret_key = Azbspmpx1A5IBARe6OVvjYfTKQsAlNSjzEOGgG76
send_chunk = 65536
server_side_encryption = False
signature_v2 = False
signurl_use_https = False
simpledb_host = sdb.amazonaws.com
skip_existing = False
socket_timeout = 300
stats = False
stop_on_error = False
storage_class =
urlencoding_mode = normal
use_http_expect = False
use_https = False
use_mime_magic = True
verbosity = WARNING
website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
website_error =
website_index = index.html
命令行客户端s3cmd验证数据上传
查看s3cmd帮助信息
点击查看代码
root@ceph-client-01:~# s3cmd --help
Usage: s3cmd [options] COMMAND [parameters]
S3cmd is a tool for managing objects in Amazon S3 storage. It allows for
making and removing "buckets" and uploading, downloading and removing
"objects" from these buckets.
Options:
-h, --help show this help message and exit
--configure Invoke interactive (re)configuration tool. Optionally
use as '--configure s3://some-bucket' to test access
to a specific bucket instead of attempting to list
them all.
-c FILE, --config=FILE
Config file name. Defaults to $HOME/.s3cfg
--dump-config Dump current configuration after parsing config files
and command line options and exit.
--access_key=ACCESS_KEY
AWS Access Key
--secret_key=SECRET_KEY
AWS Secret Key
--access_token=ACCESS_TOKEN
AWS Access Token
-n, --dry-run Only show what should be uploaded or downloaded but
don't actually do it. May still perform S3 requests to
get bucket listings and other information though (only
for file transfer commands)
-s, --ssl Use HTTPS connection when communicating with S3.
(default)
--no-ssl Don't use HTTPS.
-e, --encrypt Encrypt files before uploading to S3.
--no-encrypt Don't encrypt files.
-f, --force Force overwrite and other dangerous operations.
--continue Continue getting a partially downloaded file (only for
[get] command).
--continue-put Continue uploading partially uploaded files or
multipart upload parts. Restarts/parts files that
don't have matching size and md5. Skips files/parts
that do. Note: md5sum checks are not always
sufficient to check (part) file equality. Enable this
at your own risk.
--upload-id=UPLOAD_ID
UploadId for Multipart Upload, in case you want
continue an existing upload (equivalent to --continue-
put) and there are multiple partial uploads. Use
s3cmd multipart [URI] to see what UploadIds are
associated with the given URI.
--skip-existing Skip over files that exist at the destination (only
for [get] and [sync] commands).
-r, --recursive Recursive upload, download or removal.
--check-md5 Check MD5 sums when comparing files for [sync].
(default)
--no-check-md5 Do not check MD5 sums when comparing files for [sync].
Only size will be compared. May significantly speed up
transfer but may also miss some changed files.
-P, --acl-public Store objects with ACL allowing read for anyone.
--acl-private Store objects with default ACL allowing access for you
only.
--acl-grant=PERMISSION:EMAIL or USER_CANONICAL_ID
Grant stated permission to a given amazon user.
Permission is one of: read, write, read_acp,
write_acp, full_control, all
--acl-revoke=PERMISSION:USER_CANONICAL_ID
Revoke stated permission for a given amazon user.
Permission is one of: read, write, read_acp,
write_acp, full_control, all
-D NUM, --restore-days=NUM
Number of days to keep restored file available (only
for 'restore' command).
--restore-priority=RESTORE_PRIORITY
Priority for restoring files from S3 Glacier (only for
'restore' command). Choices available: bulk, standard,
expedited
--delete-removed Delete destination objects with no corresponding
source file [sync]
--no-delete-removed Don't delete destination objects.
--delete-after Perform deletes after new uploads [sync]
--delay-updates *OBSOLETE* Put all updated files into place at end
[sync]
--max-delete=NUM Do not delete more than NUM files. [del] and [sync]
--limit=NUM Limit number of objects returned in the response body
(only for [ls] and [la] commands)
--add-destination=ADDITIONAL_DESTINATIONS
Additional destination for parallel uploads, in
addition to last arg. May be repeated.
--delete-after-fetch Delete remote objects after fetching to local file
(only for [get] and [sync] commands).
-p, --preserve Preserve filesystem attributes (mode, ownership,
timestamps). Default for [sync] command.
--no-preserve Don't store FS attributes
--exclude=GLOB Filenames and paths matching GLOB will be excluded
from sync
--exclude-from=FILE Read --exclude GLOBs from FILE
--rexclude=REGEXP Filenames and paths matching REGEXP (regular
expression) will be excluded from sync
--rexclude-from=FILE Read --rexclude REGEXPs from FILE
--include=GLOB Filenames and paths matching GLOB will be included
even if previously excluded by one of
--(r)exclude(-from) patterns
--include-from=FILE Read --include GLOBs from FILE
--rinclude=REGEXP Same as --include but uses REGEXP (regular expression)
instead of GLOB
--rinclude-from=FILE Read --rinclude REGEXPs from FILE
--files-from=FILE Read list of source-file names from FILE. Use - to
read from stdin.
--region=REGION, --bucket-location=REGION
Region to create bucket in. As of now the regions are:
us-east-1, us-west-1, us-west-2, eu-west-1, eu-
central-1, ap-northeast-1, ap-southeast-1, ap-
southeast-2, sa-east-1
--host=HOSTNAME HOSTNAME:PORT for S3 endpoint (default:
s3.amazonaws.com, alternatives such as s3-eu-
west-1.amazonaws.com). You should also set --host-
bucket.
--host-bucket=HOST_BUCKET
DNS-style bucket+hostname:port template for accessing
a bucket (default: %(bucket)s.s3.amazonaws.com)
--reduced-redundancy, --rr
Store object with 'Reduced redundancy'. Lower per-GB
price. [put, cp, mv]
--no-reduced-redundancy, --no-rr
Store object without 'Reduced redundancy'. Higher per-
GB price. [put, cp, mv]
--storage-class=CLASS
Store object with specified CLASS (STANDARD,
STANDARD_IA, or REDUCED_REDUNDANCY). Lower per-GB
price. [put, cp, mv]
--access-logging-target-prefix=LOG_TARGET_PREFIX
Target prefix for access logs (S3 URI) (for [cfmodify]
and [accesslog] commands)
--no-access-logging Disable access logging (for [cfmodify] and [accesslog]
commands)
--default-mime-type=DEFAULT_MIME_TYPE
Default MIME-type for stored objects. Application
default is binary/octet-stream.
-M, --guess-mime-type
Guess MIME-type of files by their extension or mime
magic. Fall back to default MIME-Type as specified by
--default-mime-type option
--no-guess-mime-type Don't guess MIME-type and use the default type
instead.
--no-mime-magic Don't use mime magic when guessing MIME-type.
-m MIME/TYPE, --mime-type=MIME/TYPE
Force MIME-type. Override both --default-mime-type and
--guess-mime-type.
--add-header=NAME:VALUE
Add a given HTTP header to the upload request. Can be
used multiple times. For instance set 'Expires' or
'Cache-Control' headers (or both) using this option.
--remove-header=NAME Remove a given HTTP header. Can be used multiple
times. For instance, remove 'Expires' or 'Cache-
Control' headers (or both) using this option. [modify]
--server-side-encryption
Specifies that server-side encryption will be used
when putting objects. [put, sync, cp, modify]
--server-side-encryption-kms-id=KMS_KEY
Specifies the key id used for server-side encryption
with AWS KMS-Managed Keys (SSE-KMS) when putting
objects. [put, sync, cp, modify]
--encoding=ENCODING Override autodetected terminal and filesystem encoding
(character set). Autodetected: UTF-8
--add-encoding-exts=EXTENSIONs
Add encoding to these comma delimited extensions i.e.
(css,js,html) when uploading to S3 )
--verbatim Use the S3 name as given on the command line. No pre-
processing, encoding, etc. Use with caution!
--disable-multipart Disable multipart upload on files bigger than
--multipart-chunk-size-mb
--multipart-chunk-size-mb=SIZE
Size of each chunk of a multipart upload. Files bigger
than SIZE are automatically uploaded as multithreaded-
multipart, smaller files are uploaded using the
traditional method. SIZE is in Mega-Bytes, default
chunk size is 15MB, minimum allowed chunk size is 5MB,
maximum is 5GB.
--list-md5 Include MD5 sums in bucket listings (only for 'ls'
command).
-H, --human-readable-sizes
Print sizes in human readable form (eg 1kB instead of
1234).
--ws-index=WEBSITE_INDEX
Name of index-document (only for [ws-create] command)
--ws-error=WEBSITE_ERROR
Name of error-document (only for [ws-create] command)
--expiry-date=EXPIRY_DATE
Indicates when the expiration rule takes effect. (only
for [expire] command)
--expiry-days=EXPIRY_DAYS
Indicates the number of days after object creation the
expiration rule takes effect. (only for [expire]
command)
--expiry-prefix=EXPIRY_PREFIX
Identifying one or more objects with the prefix to
which the expiration rule applies. (only for [expire]
command)
--progress Display progress meter (default on TTY).
--no-progress Don't display progress meter (default on non-TTY).
--stats Give some file-transfer stats.
--enable Enable given CloudFront distribution (only for
[cfmodify] command)
--disable Disable given CloudFront distribution (only for
[cfmodify] command)
--cf-invalidate Invalidate the uploaded filed in CloudFront. Also see
[cfinval] command.
--cf-invalidate-default-index
When using Custom Origin and S3 static website,
invalidate the default index file.
--cf-no-invalidate-default-index-root
When using Custom Origin and S3 static website, don't
invalidate the path to the default index file.
--cf-add-cname=CNAME Add given CNAME to a CloudFront distribution (only for
[cfcreate] and [cfmodify] commands)
--cf-remove-cname=CNAME
Remove given CNAME from a CloudFront distribution
(only for [cfmodify] command)
--cf-comment=COMMENT Set COMMENT for a given CloudFront distribution (only
for [cfcreate] and [cfmodify] commands)
--cf-default-root-object=DEFAULT_ROOT_OBJECT
Set the default root object to return when no object
is specified in the URL. Use a relative path, i.e.
default/index.html instead of /default/index.html or
s3://bucket/default/index.html (only for [cfcreate]
and [cfmodify] commands)
-v, --verbose Enable verbose output.
-d, --debug Enable debug output.
--version Show s3cmd version (2.0.1) and exit.
-F, --follow-symlinks
Follow symbolic links as if they are regular files
--cache-file=FILE Cache FILE containing local source MD5 values
-q, --quiet Silence output on stdout
--ca-certs=CA_CERTS_FILE
Path to SSL CA certificate FILE (instead of system
default)
--check-certificate Check SSL certificate validity
--no-check-certificate
Do not check SSL certificate validity
--check-hostname Check SSL certificate hostname validity
--no-check-hostname Do not check SSL certificate hostname validity
--signature-v2 Use AWS Signature version 2 instead of newer signature
methods. Helpful for S3-like systems that don't have
AWS Signature v4 yet.
--limit-rate=LIMITRATE
Limit the upload or download speed to amount bytes per
second. Amount may be expressed in bytes, kilobytes
with the k suffix, or megabytes with the m suffix
--requester-pays Set the REQUESTER PAYS flag for operations
-l, --long-listing Produce long listing [ls]
--stop-on-error stop if error in transfer
--content-disposition=CONTENT_DISPOSITION
Provide a Content-Disposition for signed URLs, e.g.,
"inline; filename=myvideo.mp4"
--content-type=CONTENT_TYPE
Provide a Content-Type for signed URLs, e.g.,
"video/mp4"
Commands:
Make bucket
s3cmd mb s3://BUCKET
Remove bucket
s3cmd rb s3://BUCKET
List objects or buckets
s3cmd ls [s3://BUCKET[/PREFIX]]
List all object in all buckets
s3cmd la
Put file into bucket
s3cmd put FILE [FILE...] s3://BUCKET[/PREFIX]
Get file from bucket
s3cmd get s3://BUCKET/OBJECT LOCAL_FILE
Delete file from bucket
s3cmd del s3://BUCKET/OBJECT
Delete file from bucket (alias for del)
s3cmd rm s3://BUCKET/OBJECT
Restore file from Glacier storage
s3cmd restore s3://BUCKET/OBJECT
Synchronize a directory tree to S3 (checks files freshness using size and md5 checksum, unless overridden by options, see below)
s3cmd sync LOCAL_DIR s3://BUCKET[/PREFIX] or s3://BUCKET[/PREFIX] LOCAL_DIR
Disk usage by buckets
s3cmd du [s3://BUCKET[/PREFIX]]
Get various information about Buckets or Files
s3cmd info s3://BUCKET[/OBJECT]
Copy object
s3cmd cp s3://BUCKET1/OBJECT1 s3://BUCKET2[/OBJECT2]
Modify object metadata
s3cmd modify s3://BUCKET1/OBJECT
Move object
s3cmd mv s3://BUCKET1/OBJECT1 s3://BUCKET2[/OBJECT2]
Modify Access control list for Bucket or Files
s3cmd setacl s3://BUCKET[/OBJECT]
Modify Bucket Policy
s3cmd setpolicy FILE s3://BUCKET
Delete Bucket Policy
s3cmd delpolicy s3://BUCKET
Modify Bucket CORS
s3cmd setcors FILE s3://BUCKET
Delete Bucket CORS
s3cmd delcors s3://BUCKET
Modify Bucket Requester Pays policy
s3cmd payer s3://BUCKET
Show multipart uploads
s3cmd multipart s3://BUCKET [Id]
Abort a multipart upload
s3cmd abortmp s3://BUCKET/OBJECT Id
List parts of a multipart upload
s3cmd listmp s3://BUCKET/OBJECT Id
Enable/disable bucket access logging
s3cmd accesslog s3://BUCKET
Sign arbitrary string using the secret key
s3cmd sign STRING-TO-SIGN
Sign an S3 URL to provide limited public access with expiry
s3cmd signurl s3://BUCKET/OBJECT <expiry_epoch|+expiry_offset>
Fix invalid file names in a bucket
s3cmd fixbucket s3://BUCKET[/PREFIX]
Create Website from bucket
s3cmd ws-create s3://BUCKET
Delete Website
s3cmd ws-delete s3://BUCKET
Info about Website
s3cmd ws-info s3://BUCKET
Set or delete expiration rule for the bucket
s3cmd expire s3://BUCKET
Upload a lifecycle policy for the bucket
s3cmd setlifecycle FILE s3://BUCKET
Get a lifecycle policy for the bucket
s3cmd getlifecycle s3://BUCKET
Remove a lifecycle policy for the bucket
s3cmd dellifecycle s3://BUCKET
List CloudFront distribution points
s3cmd cflist
Display CloudFront distribution point parameters
s3cmd cfinfo [cf://DIST_ID]
Create CloudFront distribution point
s3cmd cfcreate s3://BUCKET
Delete CloudFront distribution point
s3cmd cfdelete cf://DIST_ID
Change CloudFront distribution point parameters
s3cmd cfmodify cf://DIST_ID
Display CloudFront invalidation request(s) status
s3cmd cfinvalinfo cf://DIST_ID[/INVAL_ID]
For more information, updates and news, visit the s3cmd website:
http://s3tools.org
创建bucket验证权限
root@ceph-client-01:~# s3cmd mb s3://wgsbucket
Bucket 's3://wgsbucket/' created
上传文件到bucket
点击查看代码
root@ceph-client-01:~# s3cmd put /var/log/syslog s3://wgsbucket/sys_logs # syslog 重命名为sys_logs
upload: '/var/log/syslog' -> 's3://wgsbucket/sys_logs' [1 of 1]
29976 of 29976 100% in 0s 711.07 kB/s done
root@ceph-client-01:~# s3cmd put openethereum s3://wgsbucket/rpm/ # 上传openethereum到rpm目录下
upload: 'openethereum' -> 's3://wgsbucket/rpm/openethereum' [part 1 of 3, 15MB] [1 of 1]
15728640 of 15728640 100% in 0s 35.58 MB/s done
upload: 'openethereum' -> 's3://wgsbucket/rpm/openethereum' [part 2 of 3, 15MB] [1 of 1]
15728640 of 15728640 100% in 0s 34.96 MB/s done
upload: 'openethereum' -> 's3://wgsbucket/rpm/openethereum' [part 3 of 3, 11MB] [1 of 1]
12155576 of 12155576 100% in 0s 32.09 MB/s done
验证bucket文件
点击查看代码
root@ceph-client-01:~# s3cmd la
DIR s3://wgsbucket/rpm/ # 目录
2021-10-20 06:49 29976 s3://wgsbucket/sys_logs # 文件
root@ceph-client-01:~# s3cmd ls s3://wgsbucket/rpm/ #
2021-10-20 06:50 43612856 s3://wgsbucket/rpm/openethereum
测试文件下载
root@ceph-client-01:~# ls /opt/
root@ceph-client-01:~# s3cmd ls s3://wgsbucket/rpm/
2021-10-20 06:50 43612856 s3://wgsbucket/rpm/openethereum
root@ceph-client-01:~# s3cmd get s3://wgsbucket/rpm/openethereum /opt/
download: 's3://wgsbucket/rpm/openethereum' -> '/opt/openethereum' [1 of 1]
43612856 of 43612856 100% in 0s 166.02 MB/s done
root@ceph-client-01:~# ls /opt/ -l
total 42592
-rw-r--r-- 1 root root 43612856 Oct 20 06:50 openethereum
删除文件
root@ceph-client-01:~# s3cmd rm s3://wgsbucket/rpm/openethereum
delete: 's3://wgsbucket/rpm/openethereum'
rgw存储池属性
rgw存储池
点击查看代码
ceph@ceph-deploy:~/ceph-cluster$ ceph osd pool ls
device_health_metrics
.rgw.root
default.rgw.log
default.rgw.control
default.rgw.meta
default.rgw.buckets.index
default.rgw.buckets.data
default.rgw.buckets.non-ec
rgw存储池副本数
点击查看代码
ceph@ceph-deploy:~/ceph-cluster$ ceph osd pool get default.rgw.buckets.data size
size: 3 #默认3
rgw存储池类型
ceph@ceph-deploy:~/ceph-cluster$ ceph osd pool get default.rgw.buckets.data crush_rule
crush_rule: replicated_rule # 副本池
rgw存储池pg数量
ceph@ceph-deploy:~/ceph-cluster$ ceph osd pool get default.rgw.buckets.data pg_num
pg_num: 32
rgw存储池pgp数量
ceph@ceph-deploy:~/ceph-cluster$ ceph osd pool get default.rgw.buckets.data pgp_num
pgp_num: 32
