Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

Chapter 8. Multicloud Object Gateway bucket replication

Data replication from one Multicloud Object Gateway (MCG) bucket to another MCG bucket provides higher resiliency and better collaboration options. These buckets can be either data buckets or namespace buckets backed by any supported storage solution (AWS S3, Azure, and so on).

A replication policy is composed of a list of replication rules. Each rule defines the destination bucket, and can specify a filter based on an object key prefix. Configuring a complementing replication policy on the second bucket results in bidirectional replication.

Prerequisites

  • A running OpenShift Data Foundation Platform.

  • Download the Multicloud Object Gateway (MCG) command-line interface binary from the customer portal and make it executable.

    Note

    Choose the correct product variant according to your architecture. Available platforms are Linux(x86_64), Windows, and Mac OS.

To replicate a bucket, see Replicating a bucket to another bucket.

To set a bucket class replication policy, see Setting a bucket class replication policy.

8.1. Replicating a bucket to another bucket
复制链接

You can set the bucket replication policy in two ways:

You can set a replication policy for Multicloud Object Gateway (MCG) data bucket at the time of creation of object bucket claim (OBC). You must define the replication policy parameter in a JSON file.

Procedure

From the MCG command-line interface, run the following command to create an OBC with a specific replication policy: 

noobaa obc create <bucket-claim-name> -n openshift-storage --replication-policy /path/to/json-file.json
Copy to Clipboard Toggle word wrap
<bucket-claim-name>
Specify the name of the bucket claim.
/path/to/json-file.json
Is the path to a JSON file which defines the replication policy.

Example JSON file: 

[{ "rule_id": "rule-1", "destination_bucket": "first.bucket", "filter": {"prefix": "repl"}}]
Copy to Clipboard Toggle word wrap
"prefix"
Is optional. It is the prefix of the object keys that should be replicated, and you can even leave it empty, for example, {"prefix": ""}.

For example: 

noobaa obc create my-bucket-claim -n openshift-storage --replication-policy /path/to/json-file.json
Copy to Clipboard Toggle word wrap

8.1.2. Replicating a bucket to another bucket using a YAML
复制链接

You can set a replication policy for Multicloud Object Gateway (MCG) data bucket at the time of creation of object bucket claim (OBC) or you can edit the YAML later. You must provide the policy as a JSON-compliant string that adheres to the format shown in the following procedure.

Procedure

  • Apply the following YAML: 

    apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
  name: <desired-bucket-claim>
  namespace: <desired-namespace>
spec:
  generateBucketName: <desired-bucket-name>
  storageClassName: openshift-storage.noobaa.io
  additionalConfig:
    replicationPolicy: {"rules": [{ "rule_id": "", "destination_bucket": "", "filter": {"prefix": ""}}]}
    Copy to Clipboard Toggle word wrap
    <desired-bucket-claim>
    Specify the name of the bucket claim.
    <desired-namespace>
    Specify the namespace.
    <desired-bucket-name>
    Specify the prefix of the bucket name.
    "rule_id"
    Specify the ID number of the rule, for example, {"rule_id": "rule-1"}.
    "destination_bucket"
    Specify the name of the destination bucket, for example, {"destination_bucket": "first.bucket"}.
    "prefix"
    Is optional. It is the prefix of the object keys that should be replicated, and you can even leave it empty, for example, {"prefix": ""}.

Additional information

8.2. Setting a bucket class replication policy
复制链接

It is possible to set up a replication policy that automatically applies to all the buckets created under a certain bucket class. You can do this in two ways:

You can set a replication policy for Multicloud Object Gateway (MCG) data bucket at the time of creation of bucket class. You must define the replication-policy parameter in a JSON file. You can set a bucket class replication policy for the Placement and Namespace bucket classes.

You can set a bucket class replication policy for the Placement and Namespace bucket classes.

Procedure

  • From the MCG command-line interface, run the following command: 

    noobaa -n openshift-storage bucketclass create placement-bucketclass <bucketclass-name> --backingstores <backingstores> --replication-policy=/path/to/json-file.json
    Copy to Clipboard Toggle word wrap
    <bucketclass-name>
    Specify the name of the bucket class.
    <backingstores>
    Specify the name of a backingstore. You can pass many backingstores separated by commas.
    /path/to/json-file.json

    Is the path to a JSON file which defines the replication policy.

    Example JSON file: 

    [{ "rule_id": "rule-1", "destination_bucket": "first.bucket", "filter": {"prefix": "repl"}}]
    Copy to Clipboard Toggle word wrap
    "prefix"

    Is optional. The prefix of the object keys gets replicated. You can leave it empty, for example, {"prefix": ""}.

    For example: 

    noobaa -n openshift-storage bucketclass create placement-bucketclass bc --backingstores azure-blob-ns --replication-policy=/path/to/json-file.json
    Copy to Clipboard Toggle word wrap

    This example creates a placement bucket class with a specific replication policy defined in the JSON file.

You can set a replication policy for Multicloud Object Gateway (MCG) data bucket at the time of creation of bucket class or you can edit their YAML later. You must provide the policy as a JSON-compliant string that adheres to the format shown in the following procedure.

Procedure

  1. Apply the following YAML: 

    apiVersion: noobaa.io/v1alpha1
kind: BucketClass
metadata:
  labels:
    app: <desired-app-label>
  name: <desired-bucketclass-name>
  namespace: <desired-namespace>
spec:
  placementPolicy:
    tiers:
    - backingstores:
      - <backingstore>
      placement: Spread
  replicationPolicy: [{ "rule_id": "<rule id>", "destination_bucket": "first.bucket", "filter": {"prefix": "<object name prefix>"}}]
    Copy to Clipboard Toggle word wrap

    This YAML is an example that creates a placement bucket class. Each Object bucket claim (OBC) object that is uploaded to the bucket is filtered based on the prefix and is replicated to first.bucket.

    <desired-app-label>
    Specify a label for the app.
    <desired-bucketclass-name>
    Specify the bucket class name.
    <desired-namespace>
    Specify the namespace in which the bucket class gets created.
    <backingstore>
    Specify the name of a backingstore. You can pass many backingstores.
    "rule_id"
    Specify the ID number of the rule, for example, `{"rule_id": "rule-1"}.
    "destination_bucket"
    Specify the name of the destination bucket, for example, {"destination_bucket": "first.bucket"}.
    "prefix"
    Is optional. The prefix of the object keys gets replicated. You can leave it empty, for example, {"prefix": ""}.

8.3. Enabling log based bucket replication
复制链接

When creating a bucket replication policy, you can use logs so that recent data is replicated more quickly, while the default scan-based replication works on replicating the rest of the data.

Important

This feature requires setting up bucket logs on AWS or Azure.For more information about setting up AWS logs, see Enabling Amazon S3 server access logging. The AWS logs bucket needs to be created in the same region as the source NamespaceStore AWS bucket.

Note

This feature is only supported in buckets that are backed by a NamespaceStore. Buckets backed by BackingStores cannot utilized log-based replication.

You can optimize replication by using the event logs of the Amazon Web Service(AWS) cloud environment. You enable log based bucket replication for new namespace buckets using the web console during the creation of namespace buckets.

Prerequisites

  • Ensure that object logging is enabled in AWS. For more information, see the “Using the S3 console” section in Enabling Amazon S3 server access logging.
  • Administrator access to OpenShift Web Console.

Procedure

  1. In the OpenShift Web Console, navigate to Storage Object Storage Object Bucket Claims.
  2. Click Create ObjectBucketClaim.
  3. Enter the name of ObjectBucketName and select StorageClass and BucketClass.
  4. Select the Enable replication check box to enable replication.
  5. In the Replication policy section, select the Optimize replication using event logs checkbox.

  6. Enter the name of the bucket that will contain the logs under Event log Bucket.

    If the logs are not stored in the root of the bucket, provide the full path without s3://

  7. Enter a prefix to replicate only the objects whose name begins with the given prefix.

You can enable log based bucket replication for the existing buckets that are created using the command line interface or by applying an YAML, and not the buckets that are created using AWS S3 commands.

Procedure

  • Edit the YAML of the bucket’s OBC to enable log based bucket replication. Add the following under spec: 

    replicationPolicy: '{"rules":[{"rule_id":"<RULE ID>", "destination_bucket":"<DEST>", "filter": {"prefix": "<PREFIX>"}}], "log_replication_info": {"logs_location": {"logs_bucket": "<LOGS_BUCKET>"}}}'
    Copy to Clipboard Toggle word wrap
Note

It is also possible to add this to the YAML of an OBC before it is created.

rule_id
Specify an ID of your choice for identifying the rule
destination_bucket
Specify the name of the target MCG bucket that the objects are copied to
(optional) {"filter": {"prefix": <>}}
Specify a prefix string that you can set to filter the objects that are replicated
log_replication_info
Specify an object that contains data related to log-based replication optimization. {"logs_location": {"logs_bucket": <>}} is set to the location of the AWS S3 server access logs.

Prerequisites

  • Refer to Microsoft Azure documentation and ensure that you have completed the following tasks in the Microsoft Azure portal:

    1. Ensure that have created a new application and noted down the name, application (client) ID, and directory (tenant) ID.

      For information, see Register an application.

    2. Ensure that a new a new client secret is created and the application secret is noted down.

    3. Ensure that a new Log Analytics workspace is created and its name and workspace ID is noted down.

      For information, see Create a Log Analytics workspace.

    4. Ensure that the Reader role is assigned under Access control and members are selected and the name of the application that you registered in the previous step is provided.

      For more information, see Assign Azure roles using the Azure portal.

    5. Ensure that a new storage account is created and the Access keys are noted down.

    6. In the Monitoring section of the storage account created, select a blob and in the Diagnostic settings screen, select only StorageWrite and StorageDelete, and in the destination details add the Log Analytics workspace that you created earlier. Ensure that a blob is selected in the Diagnostic settings screen of the Monitoring section of the storage account created. Also, ensure that only StorageWrite and StorageDelete is selected and in the destination details, the Log Analytics workspace that you created earlier is added.

      For more information, see Diagnostic settings in Azure Monitor.

    7. Ensure that two new containers for object source and object destination are created.
  • Administrator access to OpenShift Web Console.

Procedure

  1. Create a secret with credentials to be used by the namespacestores. 

    apiVersion: v1
kind: Secret
metadata:
  name: <namespacestore-secret-name>
type: Opaque
data:
    TenantID: <AZURE TENANT ID ENCODED IN BASE64>
    ApplicationID: <AZURE APPLICATIOM ID ENCODED IN BASE64>
    ApplicationSecret: <AZURE APPLICATION SECRET ENCODED IN BASE64>
    LogsAnalyticsWorkspaceID: <AZURE LOG ANALYTICS WORKSPACE ID ENCODED IN BASE64>
    AccountName: <AZURE ACCOUNT NAME ENCODED IN BASE64>
    AccountKey: <AZURE ACCOUNT KEY ENCODED IN BASE64>
    Copy to Clipboard Toggle word wrap

  2. Create a NamespaceStore backed by a container created in Azure.

    For more information, see Adding a namespace bucket using the OpenShift Container Platform user interface.

  3. Create a new Namespace-Bucketclass and OBC that utilizes it.
  4. Check the object bucket name by looking in the YAML of target OBC, or by listing all S3 buckets, for example, - s3 ls.

  5. Use the following template to apply an Azure replication policy on your source OBC by adding the following in its YAML, under .spec: 

    replicationPolicy:'{"rules":[ {"rule_id":"ID goes here", "sync_deletions": "<true or false>"", "destination_bucket":object bucket name"}
 ], "log_replication_info":{"endpoint_type":"AZURE"}}'
    Copy to Clipboard Toggle word wrap
    sync_deletion
    Specify a boolean value, true or false.
    destination_bucket
    Make sure to use the name of the object bucket, and not the claim. The name can be retrieved using the s3 ls command, or by looking for the value in an OBC’s YAML.

Verification steps

  1. Write objects to the source bucket.
  2. Wait until MCG replicates them.
  3. Delete the objects from the source bucket.
  4. Verify the objects were removed from the target bucket.

8.3.4. Enabling log-based bucket replication deletion
复制链接

Prerequisites

  • Administrator access to OpenShift Web Console.
  • AWS Server Access Logging configured for the desired bucket.

Procedure

  1. In the OpenShift Web Console, navigate to Storage Object Storage Object Bucket Claims.
  2. Click Create new Object bucket claim.
  3. (Optional) In the Replication rules section, select the Sync deletion checkbox for each rule separately.

  4. Enter the name of the bucket that will contain the logs under Event log Bucket.

    If the logs are not stored in the root of the bucket, provide the full path without s3://

  5. Enter a prefix to replicate only the objects whose name begins with the given prefix.

8.4. Bucket logging for Multicloud Object Gateway
复制链接

Bucket logging helps you to record the S3 operations that are performed against the Multicloud Object Gateway (MCG) bucket for compliance, auditing, and optimization purposes.

Bucket logging supports the following two options:

  • Best-effort - Bucket logging is recorded using UDP on the best effort basis

  • Guaranteed - Bucket logging with this option creates a PVC attached to the MCG pods and saves the logs to this PVC on a Guaranteed basis, and then from the PVC to the log buckets. Using this option logging takes place twice for every S3 operation as follows:

    • At the start of processing the request
    • At the end with the result of the S3 operation

Prerequisites

Procedure

  1. Create a data bucket where you can upload the objects. 

    nb bucket create data.bucket
    Copy to Clipboard Toggle word wrap

  2. Create a log bucket where you want to store the logs for bucket operations by using the following command: 

    nb bucket create log.bucket
    Copy to Clipboard Toggle word wrap

  3. Configure bucket logging on data bucket with log bucket in one of the following ways:

    • Using the NooBaa API 

      nb api bucket_api put_bucket_logging '{
   "name": "data.bucket",
   "log_bucket": "log.bucket",
   "log_prefix": "data-bucket-logs"
}'
      Copy to Clipboard Toggle word wrap

    • Using the S3 API 

      alias s3api_alias='AWS_ACCESS_KEY_ID=$NOOBAA_ACCESS_KEY AWS_SECRET_ACCESS_KEY=$NOOBAA_SECRET_KEY aws --endpoint https://localhost:10443 --no-verify-ssl s3api'
      Copy to Clipboard Toggle word wrap

      1. Create a file called setlogging.json in the following format: 

        {
  "LoggingEnabled": {
     "TargetBucket": "<log-bucket-name>",
     "TargetPrefix": "<prefix/empty-string>"
  }
}
        Copy to Clipboard Toggle word wrap

      2. Run the following command: 

        s3api_alias put-bucket-logging --endpoint <ep> --bucket <source-bucket> --bucket-logging-status file://setlogging.json --no-verify-ssl
        Copy to Clipboard Toggle word wrap

  4. Verify if the bucket logging is set for the data bucket in one of the following ways:

    • Using the NooBaa API 

      nb api bucket_api get_bucket_logging '{
   "name": "data.bucket"
}'
      Copy to Clipboard Toggle word wrap

    • Using the S3 API 

      s3api_alias get-bucket-logging --no-verify-ssl --endpoint <ep> --bucket <source-bucket>
      Copy to Clipboard Toggle word wrap

      The S3 operations can take up to 24 hours to get recorded in the logs bucket. The following example shows the recorded logs and how to download them:

      Example

      s3_alias cp s3://logs.bucket/data-bucket-logs/logs.bucket.bucket_data-bucket-logs_1719230150.log - | tail -n 2

Jun 24 14:00:02 10-XXX-X-XXX.sts.openshift-storage.svc.cluster.local  {"noobaa_bucket_logging":"true","op":"GET","bucket_owner":"operator@noobaa.io","source_bucket":"data.bucket","object_key":"/data.bucket?list-type=2&prefix=data-bucket-logs&delimiter=%2F&encoding-type=url","log_bucket":"logs.bucket","remote_ip":"100.XX.X.X","request_uri":"/data.bucket?list-type=2&prefix=data-bucket-logs&delimiter=%2F&encoding-type=url","request_id":"luv2XXXX-ctyg2k-12gs"} Jun 24 14:00:06 10-XXX-X-XXX.s3.openshift-storage.svc.cluster.local  {"noobaa_bucket_logging":"true","op":"PUT","bucket_owner":"operator@noobaa.io","source_bucket":"data.bucket","object_key":"/data.bucket/B69EC83F-0177-44D8-A8D1-4A10C5A5AB0F.file","log_bucket":"logs.bucket","remote_ip":"100.XX.X.X","request_uri":"/data.bucket/B69EC83F-0177-44D8-A8D1-4A10C5A5AB0F.file","request_id":"luv2XXXX-9syea5-x5z"}
      Copy to Clipboard Toggle word wrap

  5. (Optional) To disable bucket logging, use the following command: 

    nb api bucket_api delete_bucket_logging '{
   "name": "data.bucket"
}'
    Copy to Clipboard Toggle word wrap

8.4.2. Enabling bucket logging using the Guaranteed option
复制链接

Procedure

  • Enable Guaranteed bucket logging using the NooBaa CR in one of the following ways:

    • Using the default CephFS storage class update the NooBaa CR spec: 

      bucketLogging:
{
loggingType: guaranteed
}
      Copy to Clipboard Toggle word wrap

    • Using the RWX PVC that you created:

      Note

      Make sure that the PVC supports RWX 

      bucketLogging:
{
loggingType: guaranteed
bucketLoggingPVC: <pvc-name>
}
      Copy to Clipboard Toggle word wrap
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat