Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

第 5 章 保护多云对象网关

使用命令行界面更改并轮转 Multicloud 对象网关(MCG)帐户凭证,以防止应用程序出现问题,并确保帐户安全性。

5.1.1. 重置 noobaa 帐户密码
复制链接

先决条件

流程

  • 要重置 noobaa 帐户密码,请运行以下命令: 

    $ noobaa account passwd <noobaa_account_name> [options]
    Copy to Clipboard Toggle word wrap 
    $ noobaa account passwd
FATA[0000] ❌ Missing expected arguments: <noobaa_account_name>

Options:
    --new-password='': New Password for authentication - the best practice is to omit this flag, in that
    case the CLI will prompt to prompt and read it securely from the terminal to avoid leaking secrets in t
     he shell history
    --old-password='': Old Password for authentication - the best practice is to omit this flag, in that
    case the CLI will prompt to prompt and read it securely from the terminal to avoid leaking secrets in
    the shell history
    --retype-new-password='': Retype new Password for authentication - the best practice is to omit this flag, in that case the CLI will prompt to prompt and read it securely from the terminal to avoid
    leaking secrets in the shell history


Usage:
    noobaa account passwd <noobaa-account-name> [flags] [options]

Use "noobaa options" for a list of global command-line options (applies to all commands).
    Copy to Clipboard Toggle word wrap

    Example: 

    $ noobaa account passwd admin@noobaa.io
    Copy to Clipboard Toggle word wrap

    输出示例: 

    Enter old-password: [got 24 characters]
Enter new-password: [got 7 characters]
Enter retype-new-password: [got 7 characters]
INFO[0017] ✅ Exists: Secret "noobaa-admin"
INFO[0017] ✅ Exists: NooBaa "noobaa"
INFO[0017] ✅ Exists: Service "noobaa-mgmt"
INFO[0017] ✅ Exists: Secret "noobaa-operator"
INFO[0017] ✅ Exists: Secret "noobaa-admin"
INFO[0017] ✈️  RPC: account.reset_password() Request: {Email:admin@noobaa.io VerificationPassword:* Password:*}
WARN[0017] RPC: GetConnection creating connection to wss://localhost:58460/rpc/ 0xc000402ae0
INFO[0017] RPC: Connecting websocket (0xc000402ae0) &{RPC:0xc000501a40 Address:wss://localhost:58460/rpc/ State:init WS:<nil> PendingRequests:map[] NextRequestID:0
Lock:{state:1 sema:0} ReconnectDelay:0s cancelPings:<nil>}
INFO[0017] RPC: Connected websocket (0xc000402ae0) &{RPC:0xc000501a40 Address:wss://localhost:58460/rpc/ State:init WS:<nil> PendingRequests:map[] NextRequestID:0
Lock:{state:1 sema:0} ReconnectDelay:0s cancelPings:<nil>}
INFO[0020] ✅ RPC: account.reset_password() Response OK: took 2907.1ms
INFO[0020] ✅ Updated:  "noobaa-admin"
INFO[0020] ✅ Successfully reset the password for the account "admin@noobaa.io"
    Copy to Clipboard Toggle word wrap
    重要

    要从终端访问 admin 帐户凭证,请运行 noobaa status 命令: 

    --------------------
- Mgmt Credentials -
--------------------

email    : admin@noobaa.io
password : ***
    Copy to Clipboard Toggle word wrap

5.1.2. 为帐户重新生成 S3 凭证
复制链接

先决条件

流程

  1. 获取帐户名称。

    要列出帐户,请运行以下命令: 

    $ noobaa account list
    Copy to Clipboard Toggle word wrap

    输出示例: 

    NAME           DEFAULT_RESOURCE               PHASE   AGE
account-test   noobaa-default-backing-store   Ready   14m17s
test2          noobaa-default-backing-store   Ready   3m12s
    Copy to Clipboard Toggle word wrap

    或者,从终端运行 oc get noobaaaccount 命令: 

    $ oc get noobaaaccount
    Copy to Clipboard Toggle word wrap

    输出示例: 

    NAME           PHASE   AGE
account-test   Ready   15m
test2          Ready   3m59s
    Copy to Clipboard Toggle word wrap

  2. 要重新生成 noobaa 帐户 S3 凭证,请运行以下命令: 

    $ noobaa account regenerate <noobaa_account_name> [options]
    Copy to Clipboard Toggle word wrap 
    $ noobaa account regenerate
FATA[0000] ❌ Missing expected arguments: <noobaa-account-name>

Usage:
    noobaa account regenerate <noobaa-account-name> [flags] [options]

Use "noobaa options" for a list of global command-line options (applies to all commands).
    Copy to Clipboard Toggle word wrap

  3. 运行 noobaa account regenerate 命令后,它会提示您一个警告,"This will invalidate all connections between S3 clients and NooBaa which are connected using the current credentials.",并要求确认:

    Example: 

    $ noobaa account regenerate account-test
    Copy to Clipboard Toggle word wrap

    输出示例: 

    INFO[0000] You are about to regenerate an account's security credentials.
INFO[0000] This will invalidate all connections between S3 clients and NooBaa which are connected using the current credentials.
INFO[0000] are you sure? y/n
    Copy to Clipboard Toggle word wrap

  4. 批准后,它会重新生成凭证并最终打印它们: 

    INFO[0015] ✅ Exists: Secret "noobaa-account-account-test"
Connection info:
AWS_ACCESS_KEY_ID      : ***
AWS_SECRET_ACCESS_KEY  : ***
    Copy to Clipboard Toggle word wrap

5.1.3. 为 OBC 重新生成 S3 凭证
复制链接

先决条件

流程

  1. 要获取 OBC 名称,请运行以下命令: 

    $ noobaa obc list
    Copy to Clipboard Toggle word wrap

    输出示例: 

    NAMESPACE   NAME       BUCKET-NAME                                     STORAGE-CLASS       BUCKET-CLASS                  PHASE
default     obc-test   obc-test-35800e50-8978-461f-b7e0-7793080e26ba   default.noobaa.io   noobaa-default-bucket-class   Bound
    Copy to Clipboard Toggle word wrap

    或者,从终端运行 oc get obc 命令: 

    $ oc get obc
    Copy to Clipboard Toggle word wrap

    输出示例: 

    NAME       STORAGE-CLASS       PHASE   AGE
obc-test   default.noobaa.io   Bound   38s
    Copy to Clipboard Toggle word wrap

  2. 要重新生成 noobaa OBC S3 凭证,请运行以下命令: 

    $ noobaa obc regenerate <bucket_claim_name> [options]
    Copy to Clipboard Toggle word wrap 
    $ noobaa obc regenerate
FATA[0000] ❌ Missing expected arguments: <bucket-claim-name>

Usage:
   noobaa obc regenerate <bucket-claim-name> [flags] [options]

Use "noobaa options" for a list of global command-line options (applies to all commands).
    Copy to Clipboard Toggle word wrap

  3. 运行 noobaa obc regenerate 命令后,它将提示警告,"This will invalidate all connections between the S3 clients and noobaa which are connected using the current credentials.",并要求确认:

    Example: 

    $ noobaa obc regenerate obc-test
    Copy to Clipboard Toggle word wrap

    输出示例: 

    INFO[0000] You are about to regenerate an OBC's security credentials.
INFO[0000] This will invalidate all connections between S3 clients and NooBaa which are connected using the current credentials.
INFO[0000] are you sure? y/n
    Copy to Clipboard Toggle word wrap

  4. 批准后,它会重新生成凭证并最终打印它们: 

    INFO[0022] ✅ RPC: bucket.read_bucket() Response OK: took 95.4ms

ObjectBucketClaim info:
  Phase                  : Bound
  ObjectBucketClaim      : kubectl get -n default objectbucketclaim obc-test
  ConfigMap              : kubectl get -n default configmap obc-test
  Secret                 : kubectl get -n default secret obc-test
  ObjectBucket           : kubectl get objectbucket obc-default-obc-test
  StorageClass           : kubectl get storageclass default.noobaa.io
  BucketClass            : kubectl get -n default bucketclass noobaa-default-bucket-class

Connection info:
 BUCKET_HOST            : s3.default.svc
 BUCKET_NAME            : obc-test-35800e50-8978-461f-b7e0-7793080e26ba
    BUCKET_PORT            : 443
    AWS_ACCESS_KEY_ID      : ***
    AWS_SECRET_ACCESS_KEY  : ***

Shell commands:
  AWS S3 Alias           : alias s3='AWS_ACCESS_KEY_ID=***
AWS_SECRET_ACCESS_KEY=*** aws s3 --no-verify-ssl --endpoint-url ***'

Bucket status:
  Name                   : obc-test-35800e50-8978-461f-b7e0-7793080e26ba
  Type                   : REGULAR
  Mode                   : OPTIMAL
  ResiliencyStatus       : OPTIMAL
  QuotaStatus            : QUOTA_NOT_SET
  Num Objects            : 0
  Data Size              : 0.000 B
  Data Size Reduced      : 0.000 B
  Data Space Avail       : 13.261 GB
  Num Objects Avail      : 9007199254740991
    Copy to Clipboard Toggle word wrap
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat