openstack swift临时url设置

本文详细介绍了如何在Ceph RGW中配置Swift,包括修改配置文件启用Swift支持,创建子用户并获取访问令牌,设置临时URL密钥以生成可限时访问的资源链接。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

(1)在ceph配置文件中的rgw部分增加
rgw swift account in url = true

(2)利用radosgw创建subuser(因为我用的后端存储是ceph,不是的话就可以用其他方法)
radosgw-admin user create --subuser=testuser:zy --uid=testuser --display-name=“zy test” --access=full

{
    "user_id": "testuser",
    "display_name": "zy test",
    "email": "",
    "suspended": 0,
    "max_buckets": 1000,
    "auid": 0,
    "subusers": [
        {
            "id": "testuser:zy",
            "permissions": "full-control"
        }
    ],
    "keys": [
        {
            "user": "testuser",
            "access_key": "4VCTM14ZPPLE71CVK3KB",
            "secret_key": "19vibwxe6FFiPvBXrKbPqz3epUaOM9FXN8WuShBy"
        }
    ],
    "swift_keys": [
        {
            "user": "testuser:zy",
            "secret_key": "bTYHB4QLJV15BG2IHtDoKdgeM5OkOT3CLU5eJyBo"
        }
    ],
    "caps": [],
    "op_mask": "read, write, delete",
    "default_placement": "",
    "placement_tags": [],
    "bucket_quota": {
        "enabled": false,
        "check_on_raw": false,
        "max_size": -1,
        "max_size_kb": 0,
        "max_objects": -1
    },
    "user_quota": {
        "enabled": false,
        "check_on_raw": false,
        "max_size": -1,
        "max_size_kb": 0,
        "max_objects": -1
    },
    "temp_url_keys": [],
    "type": "rgw",
    "mfa_ids": []
}

(3)获取对应用户的X-Auth-Token
curl -v -k -X GET -H ‘X-Auth-User: testuser:zy’ -H ‘X-Auth-Key: bTYHB4QLJV15BG2IHtDoKdgeM5OkOT3CLU5eJyBo’ http://192.168.199.131:8080/auth/1.0

* About to connect() to 192.168.199.131 port 8080 (#0)
*   Trying 192.168.199.131...
* Connected to 192.168.199.131 (192.168.199.131) port 8080 (#0)
> GET /auth/1.0 HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.199.131:8080
> Accept: */*
> X-Auth-User: testuser:zy
> X-Auth-Key: bTYHB4QLJV15BG2IHtDoKdgeM5OkOT3CLU5eJyBo
> 
< HTTP/1.1 204 No Content
< X-Storage-Url: http://192.168.199.131:8080/swift/v1/AUTH_testuser
< X-Storage-Token: AUTH_rgwtk0b00000074657374757365723a7a795f0d8d1cc7862b01f773385c51a7821a33f62d4ad96117d7d7046854cfd0b7bc84ea2b3b
< X-Auth-Token: AUTH_rgwtk0b00000074657374757365723a7a795f0d8d1cc7862b01f773385c51a7821a33f62d4ad96117d7d7046854cfd0b7bc84ea2b3b
< X-Trans-Id: tx00000000000000000004a-005c372277-198c29-default
< X-Openstack-Request-Id: tx00000000000000000004a-005c372277-198c29-default
< Content-Type: application/json; charset=utf-8
< Date: Thu, 10 Jan 2019 10:46:15 GMT
< 
* Connection #0 to host 192.168.199.131 left intact

(4)设置account元属性中的X-Account-Meta-Temp-Url-Key属性
注意该属性的值应当是一个较长的随机字符串,可以用uuidgen命令生成

[root@node2 ~]# uuidgen 
bac8671c-9a0e-46f7-94b0-13fb27c4a43b

curl -X POST -H 'X-Auth-Token: AUTH_rgwtk0b00000074657374757365723a7a7905746bc7d87e16732b70385cd0c2171902149973587428be148043e4685d8d71079ca746' -H 'X-Account-Meta-Temp-Url-Key:bac8671c-9a0e-46f7-94b0-13fb27c4a43b' http://192.168.199.131:8080/swift/v1/AUTH_testuser

查看有没有设置成功

[root@node2 ~]# curl -i  -H 'X-Auth-Token: AUTH_rgwtk0b00000074657374757365723a7a7905746bc7d87e16732b70385cd0c2171902149973587428be148043e4685d8d71079ca746' http://192.168.199.131:8080/swift/v1/AUTH_testuser
HTTP/1.1 200 OK
X-Timestamp: 1547117555.32725
X-Account-Container-Count: 2
X-Account-Object-Count: 3
X-Account-Bytes-Used: 3303
X-Account-Bytes-Used-Actual: 12288
X-Account-Storage-Policy-Default-Placement-Container-Count: 2
X-Account-Storage-Policy-Default-Placement-Object-Count: 3
X-Account-Storage-Policy-Default-Placement-Bytes-Used: 3303
X-Account-Storage-Policy-Default-Placement-Bytes-Used-Actual: 12288
X-Account-Meta-Temp-Url-Key: bac8671c-9a0e-46f7-94b0-13fb27c4a43b
Accept-Ranges: bytes
X-Trans-Id: tx000000000000000000050-005c3723f3-198c29-default
X-Openstack-Request-Id: tx000000000000000000050-005c3723f3-198c29-default
Content-Type: text/plain; charset=utf-8
Content-Length: 21
Date: Thu, 10 Jan 2019 10:52:35 GMT

(5)生成temp url
编写脚本generurl.py,如下

import hmac
from hashlib import sha1
from time import time

method = 'GET'
host = 'http://192.168.199.131:8080/swift'
duration_in_seconds = 3000
expires = int(time() + duration_in_seconds)
path = '/v1/AUTH_testuser/container2/file1'  //要共享的对象
key = 'bac8671c-9a0e-46f7-94b0-13fb27c4a43b'   //这里的key就是前面设置的X-Account-Meta-Temp-Url-Key
hmac_body = '%s\n%s\n%s' % (method, expires, path)
sig = hmac.new(key, hmac_body, sha1).hexdigest()
rest_uri = "{host}{path}?temp_url_sig={sig}&temp_url_expires={expires}".format(
             host=host, path=path, sig=sig, expires=expires)
print rest_uri

执行python generurl.py生成
http://192.168.199.131:8080/swift/v1/AUTH_testuser/container2/file1?temp_url_sig=30534371f78533061714118a395d7e33a8f4954a&temp_url_expires=1547120769

此时我们就可以利用http://192.168.199.131:8080/swift/v1/AUTH_testuser/container2/file1?temp_url_sig=30534371f78533061714118a395d7e33a8f4954a&temp_url_expires=1547120769来访问对象了

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值