background
To develop Ceph RadosGW-based microservices, it is necessary to realize that the caller can create users and obtain user information through rest api.
accomplish
Ceph's RadosGW itself has this function. These functions of creating users, obtaining user information, and obtaining usage conditions are called Admin Operation. We can directly access and perform management operations through the URL of RadosGW plus /admin. For example, the URL of RadosGW is http://192.168.1.2:8080, then the URL of management operations is http://192.168.1.2:8080/ admin.
The authorization of management operations is the same as the authorization mechanism of S3, except that after the S3 user is created, the management authority needs to be attached to the responding user. As follows, we will create a user with administrative privileges.
Execute the following statement in the Ceph cluster (of course, you can replace the username and key you need):
$ sudo radosgw-admin user create --uid="my_s3_user" --display-name="my_user_display_name" --access-key="my_admin_access_key" --secret-key="my_admin_secret_key"
$ sudo radosgw-admin --id admin caps add --caps="buckets=*;users=*;usage=*;metadata=*" --uid="my_s3_user"
As above, a user with administrative rights is created, and then you can use the api provided by the official website ( click to browse ) to use it.
In addition, if you don't want to use the Rest api directly, you can also use some packaged third-party libraries. Here, introduce a third-party library for Java ( click to browse ), which is also the one I am using now.
The following sample code creates an S3 user, obtains an S3 certificate, and sets a quota.
private static void testRadosAdmin() {
String accessKey = "my_admin_access_key";
String secretKey = "my_admin_secret_key";
String adminEndpoint = "http://109.105.115.102:7480/admin";
RgwAdmin rgwAdmin = new RgwAdminBuilder().accessKey(accessKey).secretKey(secretKey).endpoint(adminEndpoint)
.build();
String userId = "8eeb3bb0-eda0-48f9-a18f-c04daecb5e69";
User user = null;
// create a user
user = rgwAdmin.createUser(userId);
if (user != null) {
// get user S3Credential
for (S3Credential credential : user.getS3Credentials()) {
System.out.println("userid: " + credential.getUserId() + ",getAccessKey: " + credential.getAccessKey()
+ ", getSecretKey: " + credential.getSecretKey());
}
// set user quota, such as maxObjects and maxSize(KB)
rgwAdmin.setUserQuota(userId, 1000, 1024 * 1024 * 5);
Optional<Quota> quota = rgwAdmin.getUserQuota(userId);
if (quota.isPresent()) {
System.out.println("quota KB: " + quota.get().getMaxSizeKb());
}
} else {
System.out.println("create user failed");
}
}