如何使用radosgw admin ops api?

概述

通过Radosgw的Admin ops api,可以执行radosgw-admin对应的很多管理操作。

创建管理用户

要通过Restful请求管理Radosgw,必须先创建一个管理账户,user自己制定,可以命名为admin,例如:

 

radosgw-admin user create --uid=admin --display-name=admin

 

此时admin还仅仅是普通的权限,需要通过--cap添加user的capabilities,例如:
radosgw-admin caps add --uid=admin --caps="users=read, write"
radosgw-admin caps add --uid=admin --caps="usage=read, write" 

GET USER INFO

Get user information. If no user is specified returns the list of all users along with suspension information.

caps:users=read

SYNTAX

GET /{admin}/user?format=json HTTP/1.1
Host: {fqdn}
 

比如上述的“GET USER INFO”的API,需要使用的{admin}用户有“users=read”的caps。

API示例

1. 创建user

#!/bin/bash
token = 5L65QDE4df8JJ8RM7**  ## USER_TOKEN
secret = Y9HPiBCwLDeSMSaiQhmPT2h7N**  ## USER_SECRET
query = $ 1
name = $ 2
echo $query, $name
query3 = "&uid="
query2 = admin / user
date = $( for  in  $(date  "+%H" ) ; do date  "+%a, %d %b %Y $(( 10#$i-8 )):%M:%S +0000"  ; done)
header = "PUT\n\n\n${date}\n/${query2}"
sig = $(echo  - en ${header} | openssl sha1  - hmac ${secret}  - binary | base64)
curl  - - "Date: ${date}"  - "Authorization: AWS ${token}:${sig}"  - - X PUT  "http://<ip>/${query2}?format=json${query3}${query}&display-name=${name}"  - "Host: <ip>"

 

2. 列出user info

#!/bin/bash
token = 5L65QDE4238JJ8**  ## USER_TOKEN
secret = Y9HPiBCwLDeSMSaiQhmPT2h**  ## USER_SECRET
query = $ 1
query3 = "&uid="
query2 = admin / user
date = $( for  in  $(date  "+%H" ) ; do date  "+%a, %d %b %Y $(( 10#$i-8 )):%M:%S +0000"  ; done)
header = "GET\n\n\n${date}\n/${query2}"
sig = $(echo  - en ${header} | openssl sha1  - hmac ${secret}  - binary | base64)
curl  - - "Date: ${date}"  - "Authorization: AWS ${token}:${sig}"  - - X GET  "http://<ip>/${query2}?format=json${query3}${query}"  - "Host: <ip>"

 

3. 删除user

#!/bin/bash
token = 5L65QDE4238JJ8**  ## USER_TOKEN
secret = Y9HPiBCwLDeSMSaiQhmPT2h7NgN**  ## USER_SECRET
query = $ 1
query3 = "&uid="
query2 = admin / user
date = $( for  in  $(date  "+%H" ) ; do date  "+%a, %d %b %Y $(( 10#$i-8 )):%M:%S +0000"  ; done)
header = "DELETE\n\n\n${date}\n/${query2}"
sig = $(echo  - en ${header} | openssl sha1  - hmac ${secret}  - binary | base64)
curl  - - "Date: ${date}"  - "Authorization: AWS ${token}:${sig}"  - - X DELETE  "http://<ip>/${query2}?format=json${query3}${query}"  - "Host: <ip>"

 

4. 获取usage info

#!/bin/bash
token = 5L65QDE4238**  ## USER_TOKEN
secret = Y9HPiBCwLDeSMSaiQhm**  ## USER_SECRET
query = $ 1
query3 = "&uid="
query2 = admin / usage
date = $( for  in  $(date  "+%H" ) ; do date  "+%a, %d %b %Y $(( 10#$i-8 )):%M:%S +0000"  ; done)
header = "GET\n\n\n${date}\n/${query2}"
sig = $(echo  - en ${header} | openssl sha1  - hmac ${secret}  - binary | base64)
curl  - - "Date: ${date}"  - "Authorization: AWS ${token}:${sig}"  - - X GET  "http://<ip>/${query2}?format=json${query3}${query}"  - "Host: <ip>"

 

RadosGW Admin ops API还有很多其他的APIs,详情见:http://docs.ceph.com/docs/master/radosgw/adminops/

问题记录

1. AccessDenied

脚本报错:< HTTP/1.1 403 Forbidden … {"Code":"AccessDenied"}
radosgw的log里报错:rgw/ rgw_auth_s3.cc:188 NOTICE: failed to parse date for auth header
从上述log中看出是请求header中的date解析不出来,修改脚本中date如下:
date=$(for i in $(date "+%H") ; do date "+%a, %d %b %Y $(( 10#$i-2 )):%M:%S +0000" ; done)

2. RequestTimeTooSkewed

脚本报错:< HTTP/1.1 403 Forbidden … {"Code":"RequestTimeTooSkewed"}
radosgw的log里报错:rgw/ rgw_rest_s3.cc:2398 NOTICE: request time skew too big now=2016-08-29 15:09:40.000000 req_time=2016-08-29 21:09:40.000000
从上述log中看出是request的time跟服务器时间差别较大,修改脚本中date如下:
date=$(for i in $(date "+%H") ; do date "+%a, %d %b %Y $(( 10#$i-8 )):%M:%S +0000" ; done)

3. 权限问题

参考具体命令的caps需求,添加user的caps

参考资料

版权声明:本文为for_tech原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。