| |
| |
| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> |
| <meta name="viewport" content="width=device-width, initial-scale=1"> |
| |
| <meta name="description" content="Apache Ozone Documentation"> |
| |
| <title>Documentation for Apache Ozone</title> |
| |
| |
| <link href="../../css/bootstrap.min.css" rel="stylesheet"> |
| |
| |
| <link href="../../css/ozonedoc.css" rel="stylesheet"> |
| |
| </head> |
| |
| |
| <body> |
| |
| |
| <nav class="navbar navbar-inverse navbar-fixed-top"> |
| <div class="container-fluid"> |
| <div class="navbar-header"> |
| <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#sidebar" aria-expanded="false" aria-controls="navbar"> |
| <span class="sr-only">Toggle navigation</span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| </button> |
| <a href="../../zh/index.html" class="navbar-left ozone-logo"> |
| <img src="../../ozone-logo-small.png"/> |
| </a> |
| <a class="navbar-brand hidden-xs" href="../../zh/index.html"> |
| Apache Ozone/HDDS documentation |
| </a> |
| <a class="navbar-brand visible-xs-inline" href="#">Apache Ozone</a> |
| </div> |
| <div id="navbar" class="navbar-collapse collapse"> |
| <ul class="nav navbar-nav navbar-right"> |
| <li><a href="https://github.com/apache/hadoop-ozone">Source</a></li> |
| <li><a href="https://hadoop.apache.org">Apache Hadoop</a></li> |
| <li><a href="https://apache.org">ASF</a></li> |
| </ul> |
| </div> |
| </div> |
| </nav> |
| |
| |
| <div class="wrapper"> |
| <div class="container-fluid"> |
| <div class="row"> |
| |
| <div class="col-sm-2 col-md-2 sidebar" id="sidebar"> |
| <ul class="nav nav-sidebar"> |
| |
| |
| |
| <li class=""> |
| |
| <a href="../../zh/index.html"> |
| |
| |
| |
| <span>概述</span> |
| </a> |
| </li> |
| |
| |
| |
| <li class=""> |
| |
| <a href="../../zh/start.html"> |
| |
| |
| |
| <span>快速入门</span> |
| </a> |
| </li> |
| |
| |
| |
| <li class=""> |
| <a href="../../zh/concept.html"> |
| |
| <span>概念</span> |
| </a> |
| <ul class="nav"> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/overview.html">概览</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/ozonemanager.html">Ozone Manager</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/storagecontainermanager.html">Storage Container Manager</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/datanodes.html">数据节点</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/containers.html">Containers</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/concept/recon.html">Recon</a> |
| |
| </li> |
| |
| </ul> |
| </li> |
| |
| |
| |
| <li class=""> |
| <a href="../../zh/feature.html"> |
| |
| <span>特点</span> |
| </a> |
| <ul class="nav"> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/ha.html">高可用</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/security/gdpr.html">Ozone 中的 GDPR</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/quota.html">Ozone中的配额</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/feature/recon.html">Recon 服务器</a> |
| |
| </li> |
| |
| </ul> |
| </li> |
| |
| |
| |
| <li class=""> |
| <a href="../../zh/security.html"> |
| |
| <span>安全</span> |
| </a> |
| <ul class="nav"> |
| |
| <li class=""> |
| |
| <a href="../../zh/security/secureozone.html">安全化 Ozone</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/security/securingtde.html">透明数据加密</a> |
| |
| </li> |
| |
| <li class="active"> |
| |
| <a href="../../zh/security/securings3.html">安全化 S3</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/security/securitywithranger.html">Apache Ranger</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/security/securityacls.html">Ozone 访问控制列表</a> |
| |
| </li> |
| |
| </ul> |
| </li> |
| |
| |
| |
| <li class=""> |
| <a href="../../zh/interface.html"> |
| |
| <span>编程接口</span> |
| </a> |
| <ul class="nav"> |
| |
| <li class=""> |
| |
| <a href="../../zh/interface/javaapi.html">Java API</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/interface/o3fs.html">Ozone 文件系统</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/interface/csi.html">CSI 协议</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/interface/s3.html">S3 协议接口</a> |
| |
| </li> |
| |
| <li class=""> |
| |
| <a href="../../zh/interface/reconapi.html">Recon API</a> |
| |
| </li> |
| |
| </ul> |
| </li> |
| |
| |
| |
| <li class=""> |
| |
| <a href="../../zh/tools.html"> |
| |
| |
| |
| <span>工具</span> |
| </a> |
| </li> |
| |
| |
| |
| <li class=""> |
| |
| <a href="../../zh/recipe.html"> |
| |
| |
| |
| <span>使用配方</span> |
| </a> |
| </li> |
| |
| |
| <li><a href="../../design.html"><span><b>Design docs</b></span></a></li> |
| <li class="visible-xs"><a href="#">References</a> |
| <ul class="nav"> |
| <li><a href="https://github.com/apache/hadoop"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Source</a></li> |
| <li><a href="https://hadoop.apache.org"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Apache Hadoop</a></li> |
| <li><a href="https://apache.org"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> ASF</a></li> |
| </ul></li> |
| </ul> |
| |
| </div> |
| |
| <div class="col-sm-10 col-sm-offset-2 col-md-10 col-md-offset-2 main"> |
| |
| |
| |
| <div class="col-md-9"> |
| <nav aria-label="breadcrumb"> |
| <ol class="breadcrumb"> |
| <li class="breadcrumb-item"><a href="../../zh/index.html">Home</a></li> |
| <li class="breadcrumb-item" aria-current="page"><a href="../../zh/security.html">安全</a></li> |
| <li class="breadcrumb-item active" aria-current="page">安全化 S3</li> |
| </ol> |
| </nav> |
| |
| |
| |
| <div class="pull-right"> |
| |
| |
| |
| <a href="../../security/securings3.html"><span class="label label-success">English</span></a> |
| |
| |
| |
| |
| </div> |
| |
| |
| <div class="col-md-9"> |
| <h1>安全化 S3</h1> |
| |
| <!--- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <p>用户需要由 AWS 网站生成的 AWS access key ID 和 AWS secret 来访问 AWS S3 的桶,当你使用 Ozone 的 S3 协议时,你也需要同样的 AWS access key 和 secret。</p> |
| <p>在 Ozone 中,用户可以直接下载 access key。用户需要先执行 <code>kinit</code> 命令进行 Kerberos 认证,认证通过后就可以下载 S3 access key 和 secret。和 AWS S3 一样,access key 和 secret 具有 S3 桶的全部权限,用户需要保管好 key 和 secret。</p> |
| <ul> |
| <li>S3 客户端可以从 OM 获取 access key id 和 secret。</li> |
| </ul> |
| <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">ozone s3 getsecret |
| </code></pre></div><p>这条命令会与 Ozone 进行通信,对用户进行 Kerberos 认证并生成 AWS 凭据,结果会直接打印在屏幕上,你可以将其配置在 <em>.aws.</em> 文件中,这样可以在操作 Ozone S3 桶时自动进行认证。</p> |
| <div class="alert alert-danger" role="alert"> |
| 请注意:这些 S3 凭据和你的 Kerberos 密码一样,具有你所有桶的完全访问权限。 |
| </div> |
| <ul> |
| <li>在 aws 配置中添加上述凭据:</li> |
| </ul> |
| <div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">aws configure set default.s3.signature_version s3v4 |
| aws configure set aws_access_key_id <span style="color:#e6db74">${</span>accessId<span style="color:#e6db74">}</span> |
| aws configure set aws_secret_access_key <span style="color:#e6db74">${</span>secret<span style="color:#e6db74">}</span> |
| aws configure set region us-west-1 |
| </code></pre></div><p>关于通过命令行和 S3 API 使用 S3,请参考 AWS S3 的文档。</p> |
| |
| |
| |
| <a class="btn btn-success btn-lg" href="../../zh/security/securitywithranger.html">Next >></a> |
| |
| </div> |
| |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="push"></div> |
| </div> |
| |
| |
| |
| <footer class="footer"> |
| <div class="container"> |
| <span class="small text-muted"> |
| Version: 1.1.0, Last Modified: October 5, 2020 <a class="hide-child link primary-color" href="https://github.com/apache/ozone/commit/19cb481896f091ec5c02fe4010a5ab428302f38f">19cb48189</a> |
| </span> |
| </div> |
| </footer> |
| |
| |
| |
| <script src="../../js/jquery-3.5.1.min.js"></script> |
| <script src="../../js/ozonedoc.js"></script> |
| <script src="../../js/bootstrap.min.js"></script> |
| |
| |
| </body> |
| |
| </html> |