Google Git
Sign in
apache / ozone-site / 671b294ce8f5a79f582cb247463123c169334b14 / . / docs / 1.1.0 / zh / security / securings3.html
blob: 53a8d258d804e04e8eacd6c5f79971e6bccd28c3 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Apache Ozone Documentation">
<title>Documentation for Apache Ozone</title>
<link href="../../css/bootstrap.min.css" rel="stylesheet">
<link href="../../css/ozonedoc.css" rel="stylesheet">
</head>
<body>
<nav class="navbar navbar-inverse navbar-fixed-top">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#sidebar" aria-expanded="false" aria-controls="navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="../../zh/index.html" class="navbar-left ozone-logo">
<img src="../../ozone-logo-small.png"/>
</a>
<a class="navbar-brand hidden-xs" href="../../zh/index.html">
Apache Ozone/HDDS documentation
</a>
<a class="navbar-brand visible-xs-inline" href="#">Apache Ozone</a>
</div>
<div id="navbar" class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="https://github.com/apache/hadoop-ozone">Source</a></li>
<li><a href="https://hadoop.apache.org">Apache Hadoop</a></li>
<li><a href="https://apache.org">ASF</a></li>
</ul>
</div>
</div>
</nav>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-sm-2 col-md-2 sidebar" id="sidebar">
<ul class="nav nav-sidebar">
<li class="">
<a href="../../zh/index.html">
<span>概述</span>
</a>
</li>
<li class="">
<a href="../../zh/start.html">
<span>快速入门</span>
</a>
</li>
<li class="">
<a href="../../zh/concept.html">
<span>概念</span>
</a>
<ul class="nav">
<li class="">
<a href="../../zh/concept/overview.html">概览</a>
</li>
<li class="">
<a href="../../zh/concept/ozonemanager.html">Ozone Manager</a>
</li>
<li class="">
<a href="../../zh/concept/storagecontainermanager.html">Storage Container Manager</a>
</li>
<li class="">
<a href="../../zh/concept/datanodes.html">数据节点</a>
</li>
<li class="">
<a href="../../zh/concept/containers.html">Containers</a>
</li>
<li class="">
<a href="../../zh/concept/recon.html">Recon</a>
</li>
</ul>
</li>
<li class="">
<a href="../../zh/feature.html">
<span>特点</span>
</a>
<ul class="nav">
<li class="">
<a href="../../zh/feature/ha.html">高可用</a>
</li>
<li class="">
<a href="../../zh/security/gdpr.html">Ozone 中的 GDPR</a>
</li>
<li class="">
<a href="../../zh/feature/quota.html">Ozone中的配额</a>
</li>
<li class="">
<a href="../../zh/feature/recon.html">Recon 服务器</a>
</li>
</ul>
</li>
<li class="">
<a href="../../zh/security.html">
<span>安全</span>
</a>
<ul class="nav">
<li class="">
<a href="../../zh/security/secureozone.html">安全化 Ozone</a>
</li>
<li class="">
<a href="../../zh/security/securingtde.html">透明数据加密</a>
</li>
<li class="active">
<a href="../../zh/security/securings3.html">安全化 S3</a>
</li>
<li class="">
<a href="../../zh/security/securitywithranger.html">Apache Ranger</a>
</li>
<li class="">
<a href="../../zh/security/securityacls.html">Ozone 访问控制列表</a>
</li>
</ul>
</li>
<li class="">
<a href="../../zh/interface.html">
<span>编程接口</span>
</a>
<ul class="nav">
<li class="">
<a href="../../zh/interface/javaapi.html">Java API</a>
</li>
<li class="">
<a href="../../zh/interface/o3fs.html">Ozone 文件系统</a>
</li>
<li class="">
<a href="../../zh/interface/csi.html">CSI 协议</a>
</li>
<li class="">
<a href="../../zh/interface/s3.html">S3 协议接口</a>
</li>
<li class="">
<a href="../../zh/interface/reconapi.html">Recon API</a>
</li>
</ul>
</li>
<li class="">
<a href="../../zh/tools.html">
<span>工具</span>
</a>
</li>
<li class="">
<a href="../../zh/recipe.html">
<span>使用配方</span>
</a>
</li>
<li><a href="../../design.html"><span><b>Design docs</b></span></a></li>
<li class="visible-xs"><a href="#">References</a>
<ul class="nav">
<li><a href="https://github.com/apache/hadoop"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Source</a></li>
<li><a href="https://hadoop.apache.org"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Apache Hadoop</a></li>
<li><a href="https://apache.org"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> ASF</a></li>
</ul></li>
</ul>
</div>
<div class="col-sm-10 col-sm-offset-2 col-md-10 col-md-offset-2 main">
<div class="col-md-9">
<nav aria-label="breadcrumb">
<ol class="breadcrumb">
<li class="breadcrumb-item"><a href="../../zh/index.html">Home</a></li>
<li class="breadcrumb-item" aria-current="page"><a href="../../zh/security.html">安全</a></li>
<li class="breadcrumb-item active" aria-current="page">安全化 S3</li>
</ol>
</nav>
<div class="pull-right">
<a href="../../security/securings3.html"><span class="label label-success">English</span></a>
</div>
<div class="col-md-9">
<h1>安全化 S3</h1>
<!---
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<p>用户需要由 AWS 网站生成的 AWS access key ID 和 AWS secret 来访问 AWS S3 的桶,当你使用 Ozone 的 S3 协议时,你也需要同样的 AWS access key 和 secret。</p>
<p>在 Ozone 中,用户可以直接下载 access key。用户需要先执行 <code>kinit</code> 命令进行 Kerberos 认证,认证通过后就可以下载 S3 access key 和 secret。和 AWS S3 一样,access key 和 secret 具有 S3 桶的全部权限,用户需要保管好 key 和 secret。</p>
<ul>
<li>S3 客户端可以从 OM 获取 access key id 和 secret。</li>
</ul>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">ozone s3 getsecret
</code></pre></div><p>这条命令会与 Ozone 进行通信,对用户进行 Kerberos 认证并生成 AWS 凭据,结果会直接打印在屏幕上,你可以将其配置在 <em>.aws.</em> 文件中,这样可以在操作 Ozone S3 桶时自动进行认证。</p>
<div class="alert alert-danger" role="alert">
请注意:这些 S3 凭据和你的 Kerberos 密码一样,具有你所有桶的完全访问权限。
</div>
<ul>
<li>在 aws 配置中添加上述凭据:</li>
</ul>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">aws configure set default.s3.signature_version s3v4
aws configure set aws_access_key_id <span style="color:#e6db74">${</span>accessId<span style="color:#e6db74">}</span>
aws configure set aws_secret_access_key <span style="color:#e6db74">${</span>secret<span style="color:#e6db74">}</span>
aws configure set region us-west-1
</code></pre></div><p>关于通过命令行和 S3 API 使用 S3,请参考 AWS S3 的文档。</p>
<a class="btn btn-success btn-lg" href="../../zh/security/securitywithranger.html">Next >></a>
</div>
</div>
</div>
</div>
</div>
<div class="push"></div>
</div>
<footer class="footer">
<div class="container">
<span class="small text-muted">
Version: 1.1.0, Last Modified: October 5, 2020 <a class="hide-child link primary-color" href="https://github.com/apache/ozone/commit/19cb481896f091ec5c02fe4010a5ab428302f38f">19cb48189</a>
</span>
</div>
</footer>
<script src="../../js/jquery-3.5.1.min.js"></script>
<script src="../../js/ozonedoc.js"></script>
<script src="../../js/bootstrap.min.js"></script>
</body>
</html>