红帽全球峰会9.14. 基于策略的数据存档和重试到 S3 兼容平台
对象生命周期转换规则允许您将对象从一个存储类转换到另一个 S3 兼容平台。
您可以使用 Ceph 对象网关生命周期转换策略将数据迁移到 S3 兼容平台。
在多站点配置中,当生命周期转换规则应用于第一个站点时,若要将对象从一个数据池转换到同一存储集群中的另一个数据,则同一规则对第二个站点有效,如果第二个站点具有使用 rgw 应用创建并启用了相应的数据池。
9.14.1. 将数据转换到 Amazon S3 云服务
您可以使用存储类将数据转换到远程云服务,以降低成本并提高可管理性。过渡是单向的,无法从远程区转换数据。此功能是使数据转换到多个云供应商,如 Amazon (S3)。
使用 cloud-s3 作为 层类型,以配置需要转换数据的远程云 S3 对象存储服务。它们不需要数据池,并在 zonegroup 放置目标中定义。
先决条件
在开始前,请确保您有以下先决条件:
- 安装了 Ceph 对象网关的 Red Hat Ceph Storage 集群。
- 远程云服务 Amazon S3 的用户凭据。
- 在 Amazon S3 上创建的目标路径。
-
在 bootstrapped 节点上安装的
s3cmd。 - Amazon AWS 在本地配置为下载数据。
流程
创建带有 access key 和 secret key 的用户:
语法
radosgw-admin user create --uid=USER_NAME --display-name="DISPLAY_NAME" [--access-key ACCESS_KEY --secret-key SECRET_KEY]Example
[ceph: root@host01 /]# radosgw-admin user create --uid=test-user --display-name="test-user" --access-key a21e86bce636c3aa1 --secret-key cf764951f1fdde5e { "user_id": "test-user", "display_name": "test-user", "email": "", "suspended": 0, "max_buckets": 1000, "subusers": [], "keys": [ { "user": "test-user", "access_key": "a21e86bce636c3aa1", "secret_key": "cf764951f1fdde5e" } ], "swift_keys": [], "caps": [], "op_mask": "read, write, delete", "default_placement": "", "default_storage_class": "", "placement_tags": [], "bucket_quota": { "enabled": false, "check_on_raw": false, "max_size": -1, "max_size_kb": 0, "max_objects": -1 }, "user_quota": { "enabled": false, "check_on_raw": false, "max_size": -1, "max_size_kb": 0, "max_objects": -1 }, "temp_url_keys": [], "type": "rgw", "mfa_ids": [] }在 Red Hat Ceph Storage 8.1 或更高版本上,层类型选项为
cloud-s3和cloud-s3-glacier。要使用cloud-s3,请转到下一步。使用这个步骤添加cloud-s3-glacier层类型。语法
radosgw-admin zonegroup placement add --rgw-zonegroup =ZONE_GROUP_NAME \ --placement-id=PLACEMENT_ID \ --storage-class =CLOUDTIER-GLACIER \ --tier-type=cloud-s3-glacierExample
[ceph: root@host01 /]# radosgw-admin zonegroup placement add --rgw-zonegroup=default \ --placement-id=default-placement \ --storage-class=CLOUDTIER-GLACIER \ --tier-type=cloud-s3-glacier [ { "key": "CLOUDTIER-GLACIER", "val": { "tier_type": "cloud-s3-glacier", "storage_class": "CLOUDTIER-GLACIER", "retain_head_object": true, "s3": { "endpoint": "http://s3.us-east-1.amazonaws.com", "access_key": "XXXXXXXXXX", "secret": "YYYYYYYYYY", "region": "us-east-1", "host_style": "path", "target_storage_class": "GLACIER", "target_path": "rgwbucket", "acl_mappings": [], "multipart_sync_threshold": 44432, "multipart_min_part_size": 44432 }, "allow_read_through": false, "read_through_restore_days": 10, "restore_storage_class": "COLDTIER", "s3-glacier": { "glacier_restore_days": 2, "glacier_restore_tier_type": "Expedited" } } } ]在 bootstrapped 节点上,添加层类型为
cloud-s3的存储类:注意使用
--tier-type=cloud-s3选项创建存储类后,无法在以后将其修改到任何其他存储类类型。语法
radosgw-admin zonegroup placement add --rgw-zonegroup =ZONE_GROUP_NAME \ --placement-id=PLACEMENT_ID \ --storage-class =STORAGE_CLASS_NAME \ --tier-type=cloud-s3Example
[ceph: root@host01 /]# radosgw-admin zonegroup placement add --rgw-zonegroup=default \ --placement-id=default-placement \ --storage-class=CLOUDTIER \ --tier-type=cloud-s3 [ { "key": "default-placement", "val": { "name": "default-placement", "tags": [], "storage_classes": [ "CLOUDTIER", "STANDARD" ], "tier_targets": [ { "key": "CLOUDTIER", "val": { "tier_type": "cloud-s3", "storage_class": "CLOUDTIER", "retain_head_object": "false", "s3": { "endpoint": "", "access_key": "", "secret": "", "host_style": "path", "target_storage_class": "", "target_path": "", "acl_mappings": [], "multipart_sync_threshold": 33554432, "multipart_min_part_size": 33554432 } } } ] } } ]更新
storage_class:注意如果集群是多站点设置的一部分,请运行
period update --commit以便 zonegroup 更改传播到多站点中的所有区域。注意确保
access_key和secret没有以数字开头。必需的参数有:
access_key- 用于特定连接的远程云 S3 访问密钥。
secret- 远程云 S3 服务的 secret 密钥。
端点- 远程云 S3 服务端点的 URL。
regionAWS 的远程云 S3 服务区域名称。
可选参数是:
target_path-
定义如何创建目标路径。目标路径指定一个附加源
bucket-name/object-name的前缀。如果没有指定,则创建的 target_path 是rgwx-ZONE_GROUP_NAME-STORAGE_CLASS_NAME-cloud-bucket。 target_storage_class- 定义对象转换的目标存储类。如果没有指定,则对象将转换为 STANDARD 存储类。
retain_head_object设置为
true以保留转换到云的对象元数据。设置为false,以在转换后删除对象。默认设置为false。注意当前版本化对象会忽略这个选项。
multipart_sync_threshold- 指定这个大小或更大的对象,使用多部分上传过渡到云。
multipart_min_part_size- 指定使用多部分上传转换对象时使用的最小部分大小。
glacier_restore_days-
在 Red Hat Ceph Storage 8.1 或更高版本中使用
cloud-s3-glacier。指定在 Glacier 或 Tape 端点上恢复对象的天数。默认设置为 1 (1天)。 glacier_restore_tier_type在 Red Hat Ceph Storage 8.1 或更高版本中使用
cloud-s3-glacier。指定恢复检索类型。选项为Standard或Expedited。默认设置为Standard。语法
radosgw-admin zonegroup placement modify --rgw-zonegroup ZONE_GROUP_NAME \ --placement-id PLACEMENT_ID \ --storage-class STORAGE_CLASS_NAME \ --tier-config=endpoint=AWS_ENDPOINT_URL,\ access_key=AWS_ACCESS_KEY,secret=AWS_SECRET_KEY,\ target_path="TARGET_BUCKET_ON_AWS",\ multipart_sync_threshold=44432,\ multipart_min_part_size=44432,\ retain_head_object=true region=REGION_NAMEExample
[ceph: root@host01 /]# radosgw-admin zonegroup placement modify --rgw-zonegroup default --placement-id default-placement \ --storage-class CLOUDTIER \ --tier-config=endpoint=http://10.0.210.010:8080,\ access_key=a21e86bce636c3aa2,secret=cf764951f1fdde5f,\ target_path="dfqe-bucket-01",\ multipart_sync_threshold=44432,\ multipart_min_part_size=44432,\ retain_head_object=true region=us-east-1 [ { "key": "default-placement", "val": { "name": "default-placement", "tags": [], "storage_classes": [ "CLOUDTIER", "STANDARD", "cold.test", "hot.test" ], "tier_targets": [ { "key": "CLOUDTIER", "val": { "tier_type": "cloud-s3", "storage_class": "CLOUDTIER", "retain_head_object": "true", "s3": { "endpoint": "http://10.0.210.010:8080", "access_key": "a21e86bce636c3aa2", "secret": "cf764951f1fdde5f", "region": "", "host_style": "path", "target_storage_class": "", "target_path": "dfqe-bucket-01", "acl_mappings": [], "multipart_sync_threshold": 44432, "multipart_min_part_size": 44432 } } } ] } } ] ]
重启 Ceph 对象网关:
语法
ceph orch restart CEPH_OBJECT_GATEWAY_SERVICE_NAMEExample
[ceph: root@host 01 /]# ceph orch restart rgw.rgw.1 Scheduled to restart rgw.rgw.1.host03.vkfldf on host 'host03’退出 shell,并以 root 用户身份,在 bootstrapped 节点上配置 Amazon S3:
Example
[root@host01 ~]# s3cmd --configure Enter new values or accept defaults in brackets with Enter. Refer to user manual for detailed description of all options. Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables. Access Key: a21e86bce636c3aa2 Secret Key: cf764951f1fdde5f Default Region [US]: Use "s3.amazonaws.com" for S3 Endpoint and not modify it to the target Amazon S3. S3 Endpoint [s3.amazonaws.com]: 10.0.210.78:80 Use "%(bucket)s.s3.amazonaws.com" to the target Amazon S3. "%(bucket)s" and "%(location)s" vars can be used if the target S3 system supports dns based buckets. DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: 10.0.210.78:80 Encryption password is used to protect your files from reading by unauthorized persons while in transfer to S3 Encryption password: Path to GPG program [/usr/bin/gpg]: When using secure HTTPS protocol all communication with Amazon S3 servers is protected from 3rd party eavesdropping. This method is slower than plain HTTP, and can only be proxied with Python 2.7 or newer Use HTTPS protocol [Yes]: No On some networks all internet access must go through a HTTP proxy. Try setting it here if you can't connect to S3 directly HTTP Proxy server name: New settings: Access Key: a21e86bce636c3aa2 Secret Key: cf764951f1fdde5f Default Region: US S3 Endpoint: 10.0.210.78:80 DNS-style bucket+hostname:port template for accessing a bucket: 10.0.210.78:80 Encryption password: Path to GPG program: /usr/bin/gpg Use HTTPS protocol: False HTTP Proxy server name: HTTP Proxy server port: 0 Test access with supplied credentials? [Y/n] Y Please wait, attempting to list all buckets... Success. Your access key and secret key worked fine :-) Now verifying that encryption works... Not configured. Never mind. Save settings? [y/N] y Configuration saved to '/root/.s3cfg'创建 S3 存储桶:
语法
s3cmd mb s3://NAME_OF_THE_BUCKET_FOR_S3Example
[root@host01 ~]# s3cmd mb s3://awstestbucket Bucket 's3://awstestbucket/' created创建文件,输入所有数据,并将其移到 S3 服务:
语法
s3cmd put FILE_NAME s3://NAME_OF_THE_BUCKET_ON_S3Example
[root@host01 ~]# s3cmd put test.txt s3://awstestbucket upload: 'test.txt' -> 's3://awstestbucket/test.txt' [1 of 1] 21 of 21 100% in 1s 16.75 B/s done创建生命周期配置转换策略:
语法
<LifecycleConfiguration> <Rule> <ID>RULE_NAME</ID> <Filter> <Prefix></Prefix> </Filter> <Status>Enabled</Status> <Transition> <Days>DAYS</Days> <StorageClass>STORAGE_CLASS_NAME</StorageClass> </Transition> </Rule> </LifecycleConfiguration>Example
[root@host01 ~]# cat lc_cloud.xml <LifecycleConfiguration> <Rule> <ID>Archive all objects</ID> <Filter> <Prefix></Prefix> </Filter> <Status>Enabled</Status> <Transition> <Days>2</Days> <StorageClass>CLOUDTIER</StorageClass> </Transition> </Rule> </LifecycleConfiguration>设置生命周期配置转换策略:
语法
s3cmd setlifecycle FILE_NAME s3://NAME_OF_THE_BUCKET_FOR_S3Example
[root@host01 ~]# s3cmd setlifecycle lc_config.xml s3://awstestbucket s3://awstestbucket/: Lifecycle Policy updated登录到
cephadm shell:Example
[root@host 01 ~]# cephadm shell重启 Ceph 对象网关:
语法
ceph orch restart CEPH_OBJECT_GATEWAY_SERVICE_NAMEExample
[ceph: root@host 01 /]# ceph orch restart rgw.rgw.1 Scheduled to restart rgw.rgw.1.host03.vkfldf on host 'host03’
验证
在源集群中,使用
radosgw-admin lc list命令验证数据是否已移至 S3:Example
[ceph: root@host01 /]# radosgw-admin lc list [ { "bucket": ":awstestbucket:552a3adb-39e0-40f6-8c84-00590ed70097.54639.1", "started": "Mon, 26 Sep 2022 18:32:07 GMT", "status": "COMPLETE" } ]在云端点验证对象转换:
Example
[root@client ~]$ radosgw-admin bucket list [ "awstestbucket" ]列出存储桶中的对象:
Example
[root@host01 ~]$ aws s3api list-objects --bucket awstestbucket --endpoint=http://10.0.209.002:8080 { "Contents": [ { "Key": "awstestbucket/test", "LastModified": "2022-08-25T16:14:23.118Z", "ETag": "\"378c905939cc4459d249662dfae9fd6f\"", "Size": 29, "StorageClass": "STANDARD", "Owner": { "DisplayName": "test-user", "ID": "test-user" } } ] }列出 S3 存储桶的内容:
Example
[root@host01 ~]# s3cmd ls s3://awstestbucket 2022-08-25 09:57 0 s3://awstestbucket/test.txt检查文件的信息:
Example
[root@host01 ~]# s3cmd info s3://awstestbucket/test.txt s3://awstestbucket/test.txt (object): File size: 0 Last mod: Mon, 03 Aug 2022 09:57:49 GMT MIME type: text/plain Storage: CLOUDTIER MD5 sum: 991d2528bb41bb839d1a9ed74b710794 SSE: none Policy: none CORS: none ACL: test-user: FULL_CONTROL x-amz-meta-s3cmd-attrs: atime:1664790668/ctime:1664790668/gid:0/gname:root/md5:991d2528bb41bb839d1a9ed74b710794/mode:33188/mtime:1664790668/uid:0/uname:root从 Amazon S3 本地下载数据:
配置 AWS:
Example
[client@client01 ~]$ aws configure AWS Access Key ID [****************6VVP]: AWS Secret Access Key [****************pXqy]: Default region name [us-east-1]: Default output format [json]:列出 AWS 存储桶的内容:
Example
[client@client01 ~]$ aws s3 ls s3://dfqe-bucket-01/awstest PRE awstestbucket/从 S3: 下载数据:
Example
[client@client01 ~]$ aws s3 cp s3://dfqe-bucket-01/awstestbucket/test.txt . download: s3://dfqe-bucket-01/awstestbucket/test.txt to ./test.txt
9.14.2. 将数据转换到 Azure 云服务
您可以使用存储类将数据转换到远程云服务,以降低成本并提高可管理性。过渡是单向的,无法从远程区转换数据。此功能是启用到多个云供应商(如 Azure)的数据转换。与 AWS 配置不同的一个关键区别在于,您需要配置多云网关(MCG),并使用 MCG 从 S3 协议转换为 Azure Blob。
使用 cloud-s3 作为 层类型,以配置需要转换数据的远程云 S3 对象存储服务。它们不需要数据池,并在 zonegroup 放置目标中定义。
先决条件
- 安装了 Ceph 对象网关的 Red Hat Ceph Storage 集群。
- 远程云服务 Azure 的用户凭证。
- Azure 在本地配置为下载数据。
-
在 bootstrapped 节点上安装的
s3cmd。 -
创建的 MCG 命名空间的 Azure 容器。在本例中,它是
mcgnamespace。
流程
创建带有 access key 和 secret key 的用户:
语法
radosgw-admin user create --uid=USER_NAME --display-name="DISPLAY_NAME" [--access-key ACCESS_KEY --secret-key SECRET_KEY]Example
[ceph: root@host01 /]# radosgw-admin user create --uid=test-user --display-name="test-user" --access-key a21e86bce636c3aa1 --secret-key cf764951f1fdde5e { "user_id": "test-user", "display_name": "test-user", "email": "", "suspended": 0, "max_buckets": 1000, "subusers": [], "keys": [ { "user": "test-user", "access_key": "a21e86bce636c3aa1", "secret_key": "cf764951f1fdde5e" } ], "swift_keys": [], "caps": [], "op_mask": "read, write, delete", "default_placement": "", "default_storage_class": "", "placement_tags": [], "bucket_quota": { "enabled": false, "check_on_raw": false, "max_size": -1, "max_size_kb": 0, "max_objects": -1 }, "user_quota": { "enabled": false, "check_on_raw": false, "max_size": -1, "max_size_kb": 0, "max_objects": -1 }, "temp_url_keys": [], "type": "rgw", "mfa_ids": [] }作为 root 用户,使用用户凭证配置 AWS CLI,并使用默认放置创建存储桶:
语法
aws s3 --ca-bundle CA_PERMISSION --profile rgw --endpoint ENDPOINT_URL --region default mb s3://BUCKET_NAMEExample
[root@host01 ~]$ aws s3 --ca-bundle /etc/pki/ca-trust/source/anchors/myCA.pem --profile rgw --endpoint https://host02.example.com:8043 --region default mb s3://transition验证存储桶是否在放置规则中使用
default-placement:Example
[root@host01 ~]# radosgw-admin bucket stats --bucket transition { "bucket": "transition", "num_shards": 11, "tenant": "", "zonegroup": "b29b0e50-1301-4330-99fc-5cdcfc349acf", "placement_rule": "default-placement", "explicit_placement": { "data_pool": "", "data_extra_pool": "", "index_pool": "" },使用部署的 OpenShift Data Foundation (ODF)登录到 OpenShift Container Platform (OCP)集群:
Example
[root@host01 ~]$ oc project openshift-storage [root@host01 ~]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.11.6 True False 4d1h Cluster version is 4.11.6 [root@host01 ~]$ oc get storagecluster NAME AGE PHASE EXTERNAL CREATED AT VERSION ocs-storagecluster 4d Ready 2023-06-27T15:23:01Z 4.11.0配置在 Azure 中的 OCP 集群上运行的多云网关(MCG)命名空间 Azure 存储桶:
语法
noobaa namespacestore create azure-blob az --account-key='ACCOUNT_KEY' --account-name='ACCOUNT_NAME' --target-blob-container='_AZURE_CONTAINER_NAME'Example
[root@host01 ~]$ noobaa namespacestore create azure-blob az --account-key='iq3+6hRtt9bQ46QfHKQ0nSm2aP+tyMzdn8dBSRW4XWrFhY+1nwfqEj4hk2q66nmD85E/o5OrrUqo+AStkKwm9w==' --account-name='transitionrgw' --target-blob-container='mcgnamespace'创建一个指向
namespacestore的 MCG 存储桶类:Example
[root@host01 ~]$ noobaa bucketclass create namespace-bucketclass single aznamespace-bucket-class --resource az -n openshift-storage创建对象存储桶声明(OBC)来过渡到云:
语法
noobaa obc create OBC_NAME --bucketclass aznamespace-bucket-class -n openshift-storageExample
[root@host01 ~]$ noobaa obc create rgwobc --bucketclass aznamespace-bucket-class -n openshift-storage注意使用 OBC 提供的凭据,在 Ceph 对象网关上配置 zonegroup 放置。
在 bootstrapped 节点上,在之前配置的 MCG 的 MCG 中,创建一个带有层类型作为
cloud-s3的存储类,在默认 zonegroup 中作为 cloud-s3 :注意使用
--tier-type=cloud-s3选项创建存储类后,无法在以后将其修改到任何其他存储类类型。语法
radosgw-admin zonegroup placement add --rgw-zonegroup =ZONE_GROUP_NAME \ --placement-id=PLACEMENT_ID \ --storage-class =STORAGE_CLASS_NAME \ --tier-type=cloud-s3Example
[ceph: root@host01 /]# radosgw-admin zonegroup placement add --rgw-zonegroup=default \ --placement-id=default-placement \ --storage-class=AZURE \ --tier-type=cloud-s3 [ { "key": "default-placement", "val": { "name": "default-placement", "tags": [], "storage_classes": [ "AZURE", "STANDARD" ], "tier_targets": [ { "key": "AZURE", "val": { "tier_type": "cloud-s3", "storage_class": "AZURE", "retain_head_object": "false", "s3": { "endpoint": "", "access_key": "", "secret": "", "host_style": "path", "target_storage_class": "", "target_path": "", "acl_mappings": [], "multipart_sync_threshold": 33554432, "multipart_min_part_size": 33554432 } } } ] } } ]配置云 S3 云存储类:
语法
radosgw-admin zonegroup placement modify --rgw-zonegroup ZONE_GROUP_NAME \ --placement-id PLACEMENT_ID \ --storage-class STORAGE_CLASS_NAME \ --tier-config=endpoint=ENDPOINT_URL,\ access_key=ACCESS_KEY,secret=SECRET_KEY,\ target_path="TARGET_BUCKET_ON",\ multipart_sync_threshold=44432,\ multipart_min_part_size=44432,\ retain_head_object=true region=REGION_NAME重要将
retain_head_object参数设置为true可保留对象的元数据或头,以列出正在转换的对象。Example
[ceph: root@host01 /]# radosgw-admin zonegroup placement modify --rgw-zonegroup default --placement-id default-placement \ --storage-class AZURE \ --tier-config=endpoint="https://s3-openshift-storage.apps.ocp410.0e73azopenshift.com",\ access_key=a21e86bce636c3aa2,secret=cf764951f1fdde5f,\ target_path="dfqe-bucket-01",\ multipart_sync_threshold=44432,\ multipart_min_part_size=44432,\ retain_head_object=true region=us-east-1 [ { "key": "default-placement", "val": { "name": "default-placement", "tags": [], "storage_classes": [ "AZURE", "STANDARD", "cold.test", "hot.test" ], "tier_targets": [ { "key": "AZURE", "val": { "tier_type": "cloud-s3", "storage_class": "AZURE", "retain_head_object": "true", "s3": { "endpoint": "https://s3-openshift-storage.apps.ocp410.0e73azopenshift.com", "access_key": "a21e86bce636c3aa2", "secret": "cf764951f1fdde5f", "region": "", "host_style": "path", "target_storage_class": "", "target_path": "dfqe-bucket-01", "acl_mappings": [], "multipart_sync_threshold": 44432, "multipart_min_part_size": 44432 } } } ] } } ] ]重启 Ceph 对象网关:
语法
ceph orch restart CEPH_OBJECT_GATEWAY_SERVICE_NAMEExample
[ceph: root@host 01 /]# ceph orch restart client.rgw.objectgwhttps.host02.udyllp Scheduled to restart client.rgw.objectgwhttps.host02.udyllp on host 'host02为之前创建的存储桶创建生命周期配置转换策略。在本例中,存储桶正在
转换:语法
cat transition.json { "Rules": [ { "Filter": { "Prefix": "" }, "Status": "Enabled", "Transitions": [ { "Days": 30, "StorageClass": "STORAGE_CLASS" } ], "ID": "TRANSITION_ID" } ] }注意bucket 中超过 30 天的所有对象都传输到名为
AZURE的云存储类。Example
[root@host01 ~]$ cat transition.json { "Rules": [ { "Filter": { "Prefix": "" }, "Status": "Enabled", "Transitions": [ { "Days": 30, "StorageClass": "AZURE" } ], "ID": "Transition Objects in bucket to AZURE Blob after 30 days" } ] }使用 AWS CLI 应用存储桶生命周期配置:
语法
aws s3api --ca-bundle CA_PERMISSION --profile rgw --endpoint ENDPOINT_URL--region default put-bucket-lifecycle-configuration --lifecycle-configuration file://BUCKET.json --bucket BUCKET_NAMEExample
[root@host01 ~]$ aws s3api --ca-bundle /etc/pki/ca-trust/source/anchors/myCA.pem --profile rgw --endpoint https://host02.example.com:8043 --region default put-bucket-lifecycle-configuration --lifecycle-configuration file://transition.json --bucket transition可选:获取生命周期配置:
语法
aws s3api --ca-bundle CA_PERMISSION --profile rgw --endpoint ENDPOINT_URL--region default get-bucket-lifecycle-configuration --lifecycle-configuration file://BUCKET.json --bucket BUCKET_NAMEExample
[root@host01 ~]$ aws s3api --ca-bundle /etc/pki/ca-trust/source/anchors/myCA.pem --profile rgw --endpoint https://host02.example.com:8043 --region default get-bucket-lifecycle-configuration --bucket transition { "Rules": [ { "ID": "Transition Objects in bucket to AZURE Blob after 30 days", "Prefix": "", "Status": "Enabled", "Transitions": [ { "Days": 30, "StorageClass": "AZURE" } ] } ] }可选:使用
radosgw-admin lc list命令获取生命周期配置:Example
[root@host 01 ~]# radosgw-admin lc list [ { "bucket": ":transition:d9c4f708-5598-4c44-9d36-849552a08c4d.169377.1", "started": "Thu, 01 Jan 1970 00:00:00 GMT", "status": "UNINITIAL" } ]注意UNINITAL状态表示没有处理生命周期配置。在迁移过程完成后,它会变为COMPLETED状态。登录到
cephadm shell:Example
[root@host 01 ~]# cephadm shell重启 Ceph 对象网关守护进程:
语法
ceph orch daemon CEPH_OBJECT_GATEWAY_DAEMON_NAMEExample
[ceph: root@host 01 /]# ceph orch daemon restart rgw.objectgwhttps.host02.udyllp [ceph: root@host 01 /]# ceph orch daemon restart rgw.objectgw.host02.afwvyq [ceph: root@host 01 /]# ceph orch daemon restart rgw.objectgw.host05.ucpsrr将数据从源集群迁移到 Azure:
Example
[root@host 01 ~]# for i in 1 2 3 4 5 do aws s3 --ca-bundle /etc/pki/ca-trust/source/anchors/myCA.pem --profile rgw --endpoint https://host02.example.com:8043 --region default cp /etc/hosts s3://transition/transition$i done验证数据的转换:
Example
[root@host 01 ~]# aws s3 --ca-bundle /etc/pki/ca-trust/source/anchors/myCA.pem --profile rgw --endpoint https://host02.example.com:8043 --region default ls s3://transition 2023-06-30 10:24:01 3847 transition1 2023-06-30 10:24:04 3847 transition2 2023-06-30 10:24:07 3847 transition3 2023-06-30 10:24:09 3847 transition4 2023-06-30 10:24:13 3847 transition5使用
rados ls命令验证数据是否已移至 Azure:Example
[root@host 01 ~]# rados ls -p default.rgw.buckets.data | grep transition d9c4f708-5598-4c44-9d36-849552a08c4d.169377.1_transition1 d9c4f708-5598-4c44-9d36-849552a08c4d.169377.1_transition4 d9c4f708-5598-4c44-9d36-849552a08c4d.169377.1_transition2 d9c4f708-5598-4c44-9d36-849552a08c4d.169377.1_transition3 d9c4f708-5598-4c44-9d36-849552a08c4d.169377.1_transition5如果没有转换数据,您可以运行
lc process命令:Example
[root@host 01 ~]# radosgw-admin lc process这将强制生命周期进程启动和评估所有已配置的 bucket 生命周期策略。然后,它会根据需要开始转换数据。
验证
运行
radosgw-admin lc list命令来验证转换是否完成:Example
[root@host 01 ~]# radosgw-admin lc list [ { "bucket": ":transition:d9c4f708-5598-4c44-9d36-849552a08c4d.170017.5", "started": "Mon, 30 Jun 2023-06-30 16:52:56 GMT", "status": "COMPLETE" } ]列出存储桶中的对象:
Example
[root@host01 ~]$ aws s3api list-objects --bucket awstestbucket --endpoint=http://10.0.209.002:8080 { "Contents": [ { "Key": "awstestbucket/test", "LastModified": "2023-06-25T16:14:23.118Z", "ETag": "\"378c905939cc4459d249662dfae9fd6f\"", "Size": 29, "StorageClass": "STANDARD", "Owner": { "DisplayName": "test-user", "ID": "test-user" } } ] }列出集群中的对象:
Example
[root@host01 ~]$ aws s3 --ca-bundle /etc/pki/ca-trust/source/anchors/myCA.pem --profile rgw --endpoint https://host02.example.com:8043 --region default ls s3://transition 2023-06-30 17:52:56 0 transition1 2023-06-30 17:51:59 0 transition2 2023-06-30 17:51:59 0 transition3 2023-06-30 17:51:58 0 transition4 2023-06-30 17:51:59 0 transition5对象大小为
0。您可以列出对象,但无法复制它们,因为它们已过渡到 Azure。使用 S3 API 检查对象的头:
Example
[root@host01 ~]$ aws s3api --ca-bundle /etc/pki/ca-trust/source/anchors/myCA.pem --profile rgw --endpoint https://host02.example.com:8043 --region default head-object --key transition1 --bucket transition { "AcceptRanges": "bytes", "LastModified": "2023-06-31T16:52:56+00:00", "ContentLength": 0, "ETag": "\"46ecb42fd0def0e42f85922d62d06766\"", "ContentType": "binary/octet-stream", "Metadata": {}, "StorageClass": "CLOUDTIER" }您可以看到存储类已从
STANDARD改为CLOUDTIER。
9.14.3. 从 S3 云层存储中恢复对象
您可以在转换对象上使用 S3 Restore API 将对象从云恢复到 Ceph 对象网关集群。
-
对于 Red Hat Ceph Storage 8.0,对象恢复到 STANDARD storage-class。但是,对于临时对象,
x-amz-storage-class仍然会返回原始 cloud-tier 存储类。 - 对于 Red Hat Ceph Storage 8.1 或更高版本,默认情况下对象恢复到 STANDARD 存储类。但是,您可以配置对象需要恢复到的存储类。
如果对象的 null 版本不是最新版本,在发出 restore-object 请求时不要指定 'version-id null'。例如,假设名为 object1 的对象上传到名为 testbucket1 的存储桶,过渡到云,然后恢复。之后,testbucket1 上启用了版本控制,将上传 object1 的新版本。此时,原始(null)版本不再是最新的。在这种情况下,当恢复 object1 时,您应该从 restore 参数。
-object 命令省略--version-id null
先决条件
在从 S3 云层存储中恢复对象之前,请确保满足以下先决条件:
- 在 Amazon S3 上创建的目标路径。
-
在配置 cloudtier 存储类时,
retain_head_object应该设为true,以便能够从云服务恢复。 -
在 bootstrapped 节点上安装的
s3cmd。 -
确保为
cloud-tier存储类提供的用户凭据保持有效,以便恢复功能正常工作。 -
对于 Red Hat Ceph Storage 8.1 或更新的
cloud-s3-glacier层类型,请确定正确设置了glacier_restore_days和glacier_restore_tier_type选项。如需更多信息,请参阅 将数据转换到 Amazon S3 云服务。
流程
使用以下步骤之一恢复对象。
使用 S3
restore-object命令恢复云转换的对象。注意通过
read-through恢复的对象副本是临时的,仅在read_through_restore_days的持续时间内保留。语法
tier-type = cloud-s3 tier-config = aws s3api restore-object --bucket <value> --key <value> [--version-id <value>] --restore-request (structure) { { "Days": integer, } }Example
tier-type = cloud-s3 tier-config = aws s3api restore-object --bucket my-glacier-bucket --key doc1.rtf [--version-id 3sL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo] --restore-request { { "Days": 10, } }使用
read-through功能恢复并读取转换的对象。确保设置了以下参数:
-
"Allow_read_through": "enable" “read_through_restore_days”: 10语法
tier-type = cloud-s3 tier-config = { "access_key": <access>, "secret": <secret>, "endpoint": <endpoint>, "region": <region>, "host_style": <path | virtual>, "acls": [ { "type": <id | email | uri>, "source_id": <source_id>, "dest_id": <dest_id> } ... ], "target_path": <target_path>, "target_storage_class": <target-storage-class>, "multipart_sync_threshold": {object_size}, "multipart_min_part_size": {part_size}, "retain_head_object": <true | false>, “Allow_read_through”: “enable | disable”, “read_through_restore_days”: integer }恢复
cloud-s3层类型的示例tier-type = cloud-s3 tier-config = { "access_key": a21e86bce636c3aa2, "secret": cf764951f1fdde5f, "endpoint": http://10.0.210.010:8080 “, "region": “”, "host_style": “path”, "acls": [ { "type": “id”, "source_id": “”, "dest_id": “” } ... ], "target_path": dfqe-bucket-01, "target_storage_class": “”, "multipart_sync_threshold": 44432, "multipart_min_part_size": 44432, "retain_head_object": “true”, “Allow_read_through”: “enable”, “read_through_restore_days”: 10 }恢复
cloud-s3-glaciertier-type 的示例tier-type = cloud-s3-glacier tier-config = { "access_key": a21e86bce636c3aa2, "secret": cf764951f1fdde5f, "endpoint": http://s3.us-east-1.amazonaws.com “, "region": “us-east-1”, "host_style": “path”, "acls": [ { "type": “id”, "source_id": “”, "dest_id": “” } ... ], "target_path": rgwbucket, "target_storage_class": “GLACIER”, "multipart_sync_threshold": 44432, "multipart_min_part_size": 44432, "retain_head_object": “true”, “Allow_read_through”: “enable”, “read_through_restore_days”: 10 "restore_storage_class": "COLDTIER", "s3-glacier": { "glacier_restore_days": 2, "glacier_restore_tier_type": "Expedited" }
-
验证
使用指定参数运行 S3 head-object 请求来验证恢复的状态。
使用 S3 head-object 请求检查恢复的状态。
Example
[root@host01 ~]$ aws s3api --ca-bundle
/etc/pki/ca-trust/source/anchors/myCA.pem --profile rgw
--endpoint https://host02.example.com:8043 --region default head-object
--key transition1 --bucket transition
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}