说明:Ceph rgw admin ops api 是为了通过rest方式对对象存储进行管理的接口,可以通过该接口管理和获取对象存储相关信息。
认证:与S3使用同样的认证方式。
版本:基于Ceph 10.2。
准备工作:
需要创建一个新的管理用户,授予用户权限:
radosgw-admin caps add --uid=admin --caps="users=*"radosgw-admin caps add --uid=admin --caps="buckets=*"radosgw-admin caps add --uid=admin --caps="metadata=*"radosgw-admin caps add --uid=admin --caps="usage=*"
1、获取用户信息
GET /admin/user?format=json&uid=
正常响应200:
{"tenant":"","user_id":"test5","display_name":"test5","email":"","suspended":0,"max_buckets":1000,"subusers":[],"keys":[{"user":"test5","access_key":"2EQJ8SOOKWYOQHRV4R2U","secret_key":"ApN5WaWAbrWQzL6Fr4yeMxYcwZbkhrVMKy6JOUpL"},{"user":"test5","access_key":"I2ZBDJFFKR66Z4FM0R7C","secret_key":"KHEZioCjhmw1T2JlTWGUbWg8Pb75QwHH5qRJ3MqC"}],"swift_keys":[],"caps":[]}
异常:
返回403:认证问题
返回404:无该用户UID({"Code":"NoSuchKey","RequestId":"tx000000000000000006e3a-00591434b1-c4808-cn-bj-1","HostId":"c4808-cn-bj-1-cn"})
2、创建用户
PUT /admin/user?format=json&uid=&display-name=
可选参数:email、key-type(默认s3)、access_key(指定access_key)、secret_key(指定)、user_caps(管理权限,默认不需要)、generate-key(生成key,默认True)、max_buckets(最大buckets数量,默认1000)、suspended(是否暂停使用,默认False)。
这里只使用uid和display-name返回(200):
{"tenant":"","user_id":"test9","display_name":"test9","email":"","suspended":0,"max_buckets":1000,"subusers":[],"keys":[{"user":"test9","access_key":"2Y1705SATJC7L50T48SW","secret_key":"LRmTVFxWCqqpYTuYY5QLTrJXCZ9fQThB0285drNs"}],"swift_keys":[],"caps":[]}
异常:
403:认证错误
409 Conflict:创建同一个uid,但是display-name不一样。(如果uid和display-name与之前都一致,会生成一个新的key,返回用户信息key-list。多次执行会创建多个key)
3、修改用户信息
POST /admin/user?format=json&uid=
后面接需要修改的参数,与PUT时一致(display-name)也可以修改。
返回200:用户最新信息
4、删除用户
DELETE /admin/user?format=json&uid=&purge-data=True|False
删除用户,同时删除用户所有的数据。注意:删除对象操作为同步操作,需要测试大数据量时的情况
5、创建subuser
subuser是swift接口使用的用户.
PUT /admin/user?subuser&format=json&uid=&subuser=
返回值:
[{"id":"test6:test6_sub1","permissions":""}]
异常:
409 subuserid已经存在注意:如果未在创建时指定key,创建subuser后,并不返回subuser的id和key。需要获取用户uid信息中,在swift-key中获取。
6、修改subuser
POST /admin/user?subuser&format=json&uid=&subuser=
可修改参数 generate-secret=True(生成一个新的key代替现有key,不创建新key)、secret=xxxxx(指定新Key)、access(设置权限,access,write,readwrite,full)
返回:与创建subuser一致。
7、删除subuser
DELETE /admin/user?subuser&format=json&uid=&subuser=
返回状态码:200
8、创建key
# Add s3 key PUT /admin/user?key&format=json&uid=# Add swift key PUT /admin/user?key&format=json&uid= &subuser=
返回示范:
# s3 key [{"user":"test6","access_key":"96TUEBQ5V4FNJJCA9D4T","secret_key":"vpzqdWHLmarjiRACqFYVJ1Smf5xr41rzxFuc82Ab"}]# swift key[{"user":"test6:test","secret_key":"4NOQWFCyvrHSP8UHyEIT0Sn0Yhqr7D2VI4czI48M"}]
注意:创建swift key时,如果subuser并不存在,仍旧可以创建成果,但是产生的key无法使用,在使用时会提示403。如果subuser存在,会替换原有的key。因此,请勿使用该接口创建swift key。
9、删除key
DELETE /admin/user?key&format=json&access-key=
返回状态码:200
10、获取bucket信息
# Get single bucket infoGET /admin/bucket?format=json&bucket=# Get user bucket list(Only list)GET /admin/bucket?format=json&uid= # Get user bucket list include usage infoGET /admin/bucket?format=json&uid= &stats=True
返回示范:
# Get single bucket info{"bucket":"13c8f65a-fff4-11e6-af79-9ce374424eb5","pool":"cn-bj-1.rgw.buckets.data","index_pool":"cn-bj-1.rgw.buckets.index","id":"fa251bb9-e7a0-46da-9599-90ab1546155b.684240.8","marker":"fa251bb9-e7a0-46da-9599-90ab1546155b.684240.8","owner":"yuanchao.li","ver":"0#1,1#1,2#1,3#1,4#1,5#1,6#1,7#1,8#1,9#1,10#1,11#1,12#1,13#1,14#1,15#1,16#1,17#1,18#1,19#1,20#1,21#1,22#1,23#1,24#1,25#1,26#1,27#1,28#1,29#1,30#1,31#1,32#1,33#1,34#1,35#1,36#1,37#1,38#1,39#1,40#1,41#1,42#1,43#1,44#1,45#1,46#1,47#1,48#1,49#1,50#1,51#1,52#1,53#1,54#1,55#1,56#1,57#1,58#1,59#1,60#1,61#1,62#1,63#1,64#1,65#1,66#1,67#1,68#1,69#1,70#11,71#1,72#1,73#1,74#1,75#1,76#1,77#1,78#1,79#1,80#1,81#1,82#1,83#1,84#1,85#1,86#1,87#1,88#1,89#1,90#1,91#1,92#1,93#1,94#1,95#1,96#1,97#1,98#1,99#1","master_ver":"0#0,1#0,2#0,3#0,4#0,5#0,6#0,7#0,8#0,9#0,10#0,11#0,12#0,13#0,14#0,15#0,16#0,17#0,18#0,19#0,20#0,21#0,22#0,23#0,24#0,25#0,26#0,27#0,28#0,29#0,30#0,31#0,32#0,33#0,34#0,35#0,36#0,37#0,38#0,39#0,40#0,41#0,42#0,43#0,44#0,45#0,46#0,47#0,48#0,49#0,50#0,51#0,52#0,53#0,54#0,55#0,56#0,57#0,58#0,59#0,60#0,61#0,62#0,63#0,64#0,65#0,66#0,67#0,68#0,69#0,70#0,71#0,72#0,73#0,74#0,75#0,76#0,77#0,78#0,79#0,80#0,81#0,82#0,83#0,84#0,85#0,86#0,87#0,88#0,89#0,90#0,91#0,92#0,93#0,94#0,95#0,96#0,97#0,98#0,99#0","mtime":"2017-03-03 17:31:11.966259","max_marker":"0#,1#,2#,3#,4#,5#,6#,7#,8#,9#,10#,11#,12#,13#,14#,15#,16#,17#,18#,19#,20#,21#,22#,23#,24#,25#,26#,27#,28#,29#,30#,31#,32#,33#,34#,35#,36#,37#,38#,39#,40#,41#,42#,43#,44#,45#,46#,47#,48#,49#,50#,51#,52#,53#,54#,55#,56#,57#,58#,59#,60#,61#,62#,63#,64#,65#,66#,67#,68#,69#,70#00000000010.51515.3,71#,72#,73#,74#,75#,76#,77#,78#,79#,80#,81#,82#,83#,84#,85#,86#,87#,88#,89#,90#,91#,92#,93#,94#,95#,96#,97#,98#,99#","usage":{"rgw.main":{"size_kb":1,"size_kb_actual":4,"num_objects":1}},"bucket_quota":{"enabled":false,"max_size_kb":-1,"max_objects":-1}}# Get bucket list["13c8f65a-fff4-11e6-af79-9ce374424eb5","infer_analysis_report","test22222"]
11、检查bucket index
GET /admin/bucket?index&format=json&bucket=
可选参数:check-objects=True(检查multipart-part对象数量),fix=False(是否进行修复)。如果设置了check-objects=True,也必须同时设置fix=True。
TODO:目前不清楚实际检查的部分。
12、移除bucket
DELETE /admin/bucket?format=json&bucket=
如果bucket中还有对象,移除时会提示409(BucketNotEmpty)。可以加入purge-objects=True进行移除。
13、移除bucket与用户的关系
默认情况下,bucket属于某个用户,用该方法可以移除bucket所属的用户关系。移除后,该用户不可访问bucket.
POST /admin/bucket?format=json&bucket=&uid=
返回响应吗:200
备注:在实际测试中,如果bucket的owner没有发生变化,unlink虽然返回200,但是bucket信息仍旧有owner。执行成功无效。
14、link bucket
PUT /admin/bucket?format=json&bucket=&uid= &bucket-id=
将一个bucket link给一个新的uid,owner改为新的uid。注意,该参数需要bucket id,可以通过查询bucket信息获取到。
返回状态码:200
15、移除object
DELETE /admin/bucket?object&fromat=json&bucket=&object=
正常响应码:200
异常:404(NoSuchObject) 409(ObjectRemovalFailed)
16、获取bucket获取对象policy
GET /admin/bucket?policy&format=json
返回结果示范:
{"acl":{"acl_user_map":[{"user":"test6","acl":15}],"acl_group_map":[],"grant_map":[{"id":"test6","grant":{"type":{"type":0},"id":"test6","email":"","permission":{"flags":15},"name":"None","group":0}}]},"owner":{"id":"test6","display_name":"None"}}
17、添加user管理权限
PUT /admin/user?caps&format=json&uid=&user-caps=
caps示范:
user-caps=usage=read,write;user=write返回示范:
[{"type":"usage","perm":"*"},{"type":"user","perm":"write"}]
18、移除用户管理权限
DELETE /admin/user?caps&format=json&uid=&user-caps=
返回示范:
[{"type":"usage","perm":"*"}]
备注:如果被移除的用户没有改caps,仍旧会返回成功。
19、配额相关
# Set user quotaPUT /admin/user?quota&uid="a-type=userdata:{"max_objects": -1, "enabled": true, "max_size_kb": 102400}返回状态码:200# Get user quotaGET /admin/user?quota&uid= "a-type=user返回:{"enabled":true,"max_size_kb":102400,"max_objects":-1}# Put bucket quotaPUT /admin/user?quota&uid= "a-type=userdata:{"max_objects": -1, "enabled": true, "max_size_kb": 102400}返回状态码: 200# Get bucket quotaGET /admin/user?quota&uid= "a-type=user