Google Git
Sign in
apache / ozone-site / 88c590269261990085e7d997e188f02299d837e6 / . / docs / edge / zh / interface / s3.html
blob: 6b3a2073c49e2a69a8fabc28b5a17cd7a731a5a4 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Apache Ozone Documentation">
<title>Documentation for Apache Ozone</title>
<link href="../../css/bootstrap.min.css" rel="stylesheet">
<link href="../../css/ozonedoc.css" rel="stylesheet">
<link href="../../swagger-resources/swagger-ui.css" rel="stylesheet">
<script>
var _paq = window._paq = window._paq || [];
_paq.push(['disableCookies']);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//analytics.apache.org/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '34']);
var d=document, g=d.createElement('script'),
s=d.getElementsByTagName('script')[0];
g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
</head>
<body>
<nav class="navbar navbar-inverse navbar-fixed-top">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#sidebar" aria-expanded="false" aria-controls="navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="../../zh/index.html" class="navbar-left ozone-logo">
<img src="../../ozone-logo-small.png"/>
</a>
<a class="navbar-brand hidden-xs" href="../../zh/index.html">
Apache Ozone/HDDS Documentation
</a>
<a class="navbar-brand visible-xs-inline" href="#">Apache Ozone</a>
</div>
<div id="navbar" class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="https://github.com/apache/ozone">Source</a></li>
<li><a href="https://ozone.apache.org">Apache Ozone</a></li>
<li><a href="https://apache.org">ASF</a></li>
</ul>
</div>
</div>
</nav>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-sm-2 col-md-2 sidebar" id="sidebar">
<ul class="nav nav-sidebar">
<li class="">
<a href="../../zh/index.html">
<span>概述</span>
</a>
</li>
<li class="">
<a href="../../zh/start.html">
<span>快速入门</span>
</a>
</li>
<li class="">
<a href="../../zh/concept.html">
<span>概念</span>
</a>
<ul class="nav">
<li class="">
<a href="../../zh/concept/overview.html">概览</a>
</li>
<li class="">
<a href="../../zh/concept/ozonemanager.html">Ozone Manager</a>
</li>
<li class="">
<a href="../../zh/concept/storagecontainermanager.html">Storage Container Manager</a>
</li>
<li class="">
<a href="../../zh/concept/datanodes.html">数据节点</a>
</li>
<li class="">
<a href="../../zh/concept/containers.html">Containers</a>
</li>
<li class="">
<a href="../../zh/concept/recon.html">Recon</a>
</li>
</ul>
</li>
<li class="">
<a href="../../zh/feature.html">
<span>特性</span>
</a>
<ul class="nav">
<li class="">
<a href="../../zh/feature/decommission.html">Decommissioning</a>
</li>
<li class="">
<a href="../../zh/feature/erasurecoding.html">纠删码</a>
</li>
<li class="">
<a href="../../zh/feature/om-ha.html">高可用 OM</a>
</li>
<li class="">
<a href="../../zh/feature/scm-ha.html">高可用 SCM</a>
</li>
<li class="">
<a href="../../zh/feature/dn-merge-rocksdb.html">在DataNode上合并Container的RocksDB</a>
</li>
<li class="">
<a href="../../zh/feature/prefixfso.html">基于前缀的文件系统优化</a>
</li>
<li class="">
<a href="../../zh/feature/topology.html">拓扑感知能力</a>
</li>
<li class="">
<a href="../../zh/feature/quota.html">Ozone 中的配额</a>
</li>
<li class="">
<a href="../../zh/feature/recon.html">Recon 服务器</a>
</li>
<li class="">
<a href="../../zh/feature/reconfigurability.html">动态加载配置</a>
</li>
</ul>
</li>
<li class="">
<a href="../../zh/security.html">
<span>安全</span>
</a>
<ul class="nav">
<li class="">
<a href="../../zh/security/secureozone.html">安全化 Ozone</a>
</li>
<li class="">
<a href="../../zh/security/securingtde.html">透明数据加密</a>
</li>
<li class="">
<a href="../../zh/security/gdpr.html">Ozone 中的 GDPR</a>
</li>
<li class="">
<a href="../../zh/security/securingdatanodes.html">安全化 Datanode</a>
</li>
<li class="">
<a href="../../zh/security/securings3.html">安全化 S3</a>
</li>
<li class="">
<a href="../../zh/security/securityacls.html">Ozone 访问控制列表</a>
</li>
<li class="">
<a href="../../zh/security/securitywithranger.html">Apache Ranger</a>
</li>
</ul>
</li>
<li class="">
<a href="../../zh/interface.html">
<span>编程接口</span>
</a>
<ul class="nav">
<li class="">
<a href="../../zh/interface/javaapi.html">Java API</a>
</li>
<li class="">
<a href="../../zh/interface/o3fs.html">Ozone 文件系统</a>
</li>
<li class="">
<a href="../../zh/interface/csi.html">CSI 协议</a>
</li>
<li class="active">
<a href="../../zh/interface/s3.html">S3 协议接口</a>
</li>
<li class="">
<a href="../../zh/interface/reconapi.html">Recon API</a>
</li>
</ul>
</li>
<li class="">
<a href="../../zh/tools.html">
<span>工具</span>
</a>
</li>
<li class="">
<a href="../../zh/recipe.html">
<span>使用配方</span>
</a>
</li>
<li><a href="../../design.html"><span><b>Design docs</b></span></a></li>
<li class="visible-xs"><a href="#">References</a>
<ul class="nav">
<li><a href="https://github.com/apache/ozone"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Source</a></li>
<li><a href="https://ozone.apache.org"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Apache Ozone</a></li>
<li><a href="https://apache.org"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> ASF</a></li>
</ul></li>
</ul>
</div>
<div class="col-sm-10 col-sm-offset-2 col-md-10 col-md-offset-2 main-content">
<div class="col-md-9">
<nav aria-label="breadcrumb">
<ol class="breadcrumb">
<li class="breadcrumb-item"><a href="../../zh/index.html">Home</a></li>
<li class="breadcrumb-item" aria-current="page"><a href="../../zh/interface.html">编程接口</a></li>
<li class="breadcrumb-item active" aria-current="page">S3 协议接口</li>
</ol>
</nav>
<div class="pull-right">
<a href="../../interface/s3.html"><span class="label label-success">English</span></a>
</div>
<div class="col-md-9">
<h1>S3 协议接口</h1>
<!---
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<p>Ozone 提供了兼容 S3 的 REST 接口,你可以使用任何兼容 S3 的工具来操作 Ozone 的对象存储数据。</p>
<p>S3 桶存放在 <code>/s3v</code> 卷下。</p>
<h2 id="起步">起步</h2>
<p>S3 网关是提供兼容 S3 的 API 的独立组件,它应当和普通的 Ozone 组件分别启动。</p>
<p>你可以使用发行包启动一个基于 docker 的集群,其中会包括 S3 网关。</p>
<p>进入 <code>compose/ozone</code> 目录,启动服务:</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">docker-compose up -d --scale datanode<span style="color:#f92672">=</span><span style="color:#ae81ff">3</span>
</code></pre></div><p>你可以通过 <code>http://localhost:9878</code> 访问 S3 网关。</p>
<h2 id="url-规范">URL 规范</h2>
<p>Ozone S3 网关既支持虚拟主机风格的 URL 作为桶地址(形如:http://bucketname.host:9878),也支持多级路径风格的 URL 作为桶地址(形如 http://host:9878/bucketname)。</p>
<p>默认使用多级路径风格,如果要使用虚拟主机风格的 URL,在 <code>ozone-site.xml</code> 中设置你的主域名:</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-xml" data-lang="xml"><span style="color:#f92672">&lt;property&gt;</span>
<span style="color:#f92672">&lt;name&gt;</span>ozone.s3g.domain.name<span style="color:#f92672">&lt;/name&gt;</span>
<span style="color:#f92672">&lt;value&gt;</span>s3g.internal<span style="color:#f92672">&lt;/value&gt;</span>
<span style="color:#f92672">&lt;/property&gt;</span>
</code></pre></div><h2 id="已实现的-rest-端点">已实现的 REST 端点</h2>
<p>S3 网关服务的操作:</p>
<table>
<thead>
<tr>
<th>端点</th>
<th>状态</th>
</tr>
</thead>
<tbody>
<tr>
<td>GET 服务</td>
<td>已实现</td>
</tr>
</tbody>
</table>
<p>桶操作:</p>
<table>
<thead>
<tr>
<th>端点</th>
<th>状态</th>
<th>备注</th>
</tr>
</thead>
<tbody>
<tr>
<td>GET 桶(列举对象)第二版</td>
<td>已实现</td>
<td></td>
</tr>
<tr>
<td>HEAD 桶</td>
<td>已实现</td>
<td></td>
</tr>
<tr>
<td>DELETE 桶</td>
<td>已实现</td>
<td></td>
</tr>
<tr>
<td>PUT 桶 (创建桶)</td>
<td>已实现</td>
<td></td>
</tr>
<tr>
<td>Delete 多个对象 (POST)</td>
<td>已实现</td>
<td></td>
</tr>
</tbody>
</table>
<p>对象操作:</p>
<table>
<thead>
<tr>
<th>端点</th>
<th>状态</th>
<th>备注</th>
</tr>
</thead>
<tbody>
<tr>
<td>PUT 对象</td>
<td>已实现</td>
<td></td>
</tr>
<tr>
<td>GET 对象</td>
<td>已实现</td>
<td></td>
</tr>
<tr>
<td>分块上传</td>
<td>已实现</td>
<td>但不包括当前分块上传的进度</td>
</tr>
<tr>
<td>DELETE 对象</td>
<td>已实现</td>
<td></td>
</tr>
<tr>
<td>HEAD 对象</td>
<td>已实现</td>
<td></td>
</tr>
</tbody>
</table>
<h2 id="安全">安全</h2>
<p>如果不启用安全机制,你可以<em>使用</em><strong>任何</strong> AWS_ACCESS_KEY_ID 和 AWS_SECRET_ACCESS_KEY 来访问 Ozone 的 S3 服务。</p>
<p>在启用了安全机制的情况下,你可以通过 <code>ozone s3 getsecret</code> 命令获取 key 和 secret(需要进行 Kerberos 认证)。</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">kinit -kt /etc/security/keytabs/testuser.keytab testuser/scm@EXAMPLE.COM
ozone s3 getsecret
awsAccessKey<span style="color:#f92672">=</span>testuser/scm@EXAMPLE.COM
awsSecret<span style="color:#f92672">=</span>c261b6ecabf7d37d5f9ded654b1c724adac9bd9f13e247a235e567e8296d2999
</code></pre></div><p>注意:自 Ozone 1.4.0 起,使用 <code>getsecret</code> 生成的密钥<strong>仅会显示一次</strong>。若密钥丢失,用户必须先 <code>revokesecret</code>,再用 <code>getsecret</code> 生成新的密钥。</p>
<p>现在你可以使用 key 和 secret 来访问 S3 endpoint:</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">export AWS_ACCESS_KEY_ID<span style="color:#f92672">=</span>testuser/scm@EXAMPLE.COM
export AWS_SECRET_ACCESS_KEY<span style="color:#f92672">=</span>c261b6ecabf7d37d5f9ded654b1c724adac9bd9f13e247a235e567e8296d2999
aws s3api --endpoint http://localhost:9878 create-bucket --bucket bucket1
</code></pre></div><h2 id="公开任何卷">公开任何卷</h2>
<p>Ozone 与 S3 相比,Ozone 在命名空间层次结构中多了一个元素:卷。默认情况下,可以使用 S3 接口访问 <code>/s3v</code> 卷的所有存储桶,但仅有 <code>/s3v</code> 卷的(Ozone)存储桶被公开。</p>
<p>为了使 S3 接口上的任何其他桶可用,可以创建一个“符号链接”的桶:</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">ozone sh volume create /s3v
ozone sh volume create /vol1
ozone sh bucket create /vol1/bucket1
ozone sh bucket link /vol1/bucket1 /s3v/common-bucket
</code></pre></div><p>本例通过 S3 接口将 <code>/vol1/bucket1</code> Ozone 桶公开为 S3 兼容的 <code>common-bucket</code></p>
<p>(注:桶链接功能的实现细节可在<a href="../../design/volume-management.html">设计文档</a>中找到)</p>
<h2 id="客户端">客户端</h2>
<h3 id="aws-命令行接口">AWS 命令行接口</h3>
<p>通过指定自定义的 &ndash;endpoint 选项,<code>aws</code> 命令行接口可以在 Ozone S3 上使用。</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">aws s3api --endpoint http://localhost:9878 create-bucket --bucket buckettest
</code></pre></div><p>或者</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">aws s3 ls --endpoint http://localhost:9878 s3://buckettest
</code></pre></div><h3 id="s3-fuse-驱动goofys">S3 Fuse 驱动(goofys)</h3>
<p>Goofys 是一个 S3 FUSE 驱动,可以将 Ozone 的桶挂载到 POSIX 文件系统。</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">goofys --endpoint http://localhost:9878 bucket1 /mount/bucket1
</code></pre></div>
<a class="btn btn-success btn-lg" href="../../zh/interface/reconapi.html">Next >></a>
</div>
</div>
</div>
</div>
</div>
<div class="push"></div>
</div>
<footer class="footer">
<div class="container">
<span class="small text-muted">
Version: 1.5.0-SNAPSHOT, Last Modified: February 27, 2024 <a class="hide-child link primary-color" href="https://github.com/apache/ozone/commit/7939faf7d6c904bf1e4ad32baa5d6d0c1de19003">7939faf</a>
</span>
</div>
</footer>
<script src="../../js/jquery-3.5.1.min.js"></script>
<script src="../../js/ozonedoc.js"></script>
<script src="../../js/bootstrap.min.js"></script>
</body>
</html>