-
Notifications
You must be signed in to change notification settings - Fork 11
openstack swift测试
openstack swift proxy安装在controller(192.168.1.116)上,存储节点是object1和object2。启动swift3个节点的的vagrant命令是:
vagrant up wbwang1 object1 object2。
在controller上/home/webb/目录下测试swift的部署情况:
$ . demo-openrc
$ swift stat
$ openstack object list container1 (列出容器container1下所有对象)
这里是swift API官方文档的地址。
下面这个请求不需要认证:
$ curl http://controller:8080/info | jq
(jq是个json格式化显示的工具,类似的还有jshon) 后续的API测试需要认证,首先要获取token。openstatck认证服务的相关测试参考[openstack keystone](openstack keystone)。 token存放于环境变量$ADMIN_TOKEN中。可以通过demo-openrc看到demo用户的相关信息:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=vagrant
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
后续测试都使用这个demo用户换取的token进行测试。 创建一个测试容器:
$ openstack container create webb
+---------------------------------------+-----------+------------------------------------+
| account | container | x-trans-id |
+---------------------------------------+-----------+------------------------------------+
| AUTH_43694a2ef90f4a22af23552aa6836b4e | webb | tx7860038a5a664a518b85b-0058647bd2 |
+---------------------------------------+-----------+------------------------------------+
43694a2ef90f4a22af23552aa6836b4e是项目demo的id。这个项目由keystone创建。在keystone中叫project,而swift中称account,两者是一个意思。
DEMO_TOKEN=$(\
curl -X POST http://controller:5000/v3/auth/tokens \
-s \
-i \
-H "Content-Type: application/json" \
-d '
{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"domain": {
"name": "default"
},
"name": "demo",
"password": "vagrant"
}
}
},
"scope": {
"project": {
"domain": {
"name": "default"
},
"name": "demo"
}
}
}
}' | grep ^X-Subject-Token: | awk '{print $2}' )
AUTH_43694a2ef90f4a22af23552aa6836b4e是为测试创建的webb容器所属的账号。这个curl命令中使用了变量,如果测试出错就把变量替换为token值。
$ curl http://controller:8080/v1/AUTH_43694a2ef90f4a22af23552aa6836b4e \
-H "X-Auth-Token: $DEMO_TOKEN"
container1
container12
owncloud
webb
$ curl http://controller:8080/v1/AUTH_43694a2ef90f4a22af23552aa6836b4e?format=json \
-H "X-Auth-Token: $DEMO_TOKEN" | jq
[
{
"count": 2,
"bytes": 15196,
"name": "container1"
},
{
"count": 0,
"bytes": 0,
"name": "container12"
},
{
"count": 4,
"bytes": 16934,
"name": "owncloud"
},
{
"count": 0,
"bytes": 0,
"name": "webb"
}
]
$ curl http://controller:8080/v1/AUTH_43694a2ef90f4a22af23552aa6836b4e/container1?format=json \
-H "X-Auth-Token: $DEMO_TOKEN" | jq
[
{
"hash": "4940ee7233574154944ef23f78699f8c",
"last_modified": "2016-11-29T07:28:25.403170",
"bytes": 7598,
"name": "/etc/swift/swift.conf",
"content_type": "application/octet-stream"
},
{
"hash": "4940ee7233574154944ef23f78699f8c",
"last_modified": "2016-11-29T07:27:47.624300",
"bytes": 7598,
"name": "swift.conf",
"content_type": "application/octet-stream"
}
]
$ curl http://controller:8080/v1/AUTH_43694a2ef90f4a22af23552aa6836b4e/container1/swift.conf \
-H "X-Auth-Token: $DEMO_TOKEN"
[swift-hash]
# swift_hash_path_suffix and swift_hash_path_prefix are used as part of the
# hashing algorithm when determining data placement in the cluster.
(下面的略)
响应的Content-Type: application/octet-stream。直接输出文件swift.conf的内容到响应体中。
SWIFT REST API遵循了WEBDAV协议。可参考WEBDAV测试。
上传/etc/hosts文件到swift:
$ curl -T '/etc/hosts' http://controller:8080/v1/AUTH_43694a2ef90f4a22af23552aa6836b4e/container1/etc/hosts \
-H "X-Auth-Token: $DEMO_TOKEN"
查看刚上传的文档:
$ curl http://controller:8080/v1/AUTH_43694a2ef90f4a22af23552aa6836b4e/container1/etc/hosts \
-H "X-Auth-Token: $DEMO_TOKEN"
需要注意的是,上面的请求中的对象id是etc/hosts。这种方式id命名方式近乎于目录,也称伪目录,本质上还是对象。
复制对象(实测提示找不到资源,原因不明):
curl -X COPY http://controller:8080/v1/AUTH_43694a2ef90f4a22af23552aa6836b4e/container1/etc/hosts \
-H "X-Auth-Token: $DEMO_TOKEN" -H "Destination: /etc/hosts2"
删除对象:
curl -X DELETE http://controller:8080/v1/AUTH_43694a2ef90f4a22af23552aa6836b4e/container1/etc/hosts \
-H "X-Auth-Token: $DEMO_TOKEN"
先额外创建一个wbwang用户,并给wbwang用户赋予demo项目和user角色权限:
$ cd /home/webb
$ . admon-openrc
$ openstack user create --domain default --password-prompt wbwang
$ openstack role add --project demo --user wbwang user
为新用户wbwang创建环境变量脚本,wbwang-openrc:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=wbwang
export OS_PASSWORD=vagrant
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
使用wbwang用户删除某个容器:
$ . wbwang-openrc
$ swift delete webb2
$ . webb-openrc
$ swift list
container1
container12
owncloud
webb
发现webb2容器已经删除。说明容器属于项目,而不属于用户。demo用户和wbwang用户都可以维护demo项目的容器、对象等。
创建新项目docker:
$ . admin-openrc
$ openstack project create --domain default \
--description "Docker Project" docker
为wbwang用户增加访问新项目docker的权限:
$ openstack role add --project docker --user wbwang user
为wbwang用户创建新的环境变量脚本wbwang-openrc2:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=docker
export OS_USERNAME=wbwang
export OS_PASSWORD=vagrant
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
测试一下新项目docker:
$ openstack container create docker0
$ swift list
docker0
使用justniffer跟踪了一下swift的REST API,发现执行了两个PUT调用:
PUT /sdc/544/AUTH_e7f1341ccc1f43a29a29eaa9222fe4d6/docker2 HTTP/1.1
PUT /sdd/544/AUTH_e7f1341ccc1f43a29a29eaa9222fe4d6/docker2 HTTP/1.1
怀疑是因为有两个swift对象节点,所以调用了两次。
- 用户认证由应用负责,根据应用的当前用户id向keystone注册用户A
- 为用户A创建一个项目B,并授权用户A访问项目B
- 以用户A的密码向keystone换取令牌
- 以令牌存取项目B,如创建容器或上下载文件
在创建用户前需要取得keystone的管理员令牌。可以象前文那样用管理员的口令换取,也可以使用超级令牌。超级令牌定义在keystone配置文件/etc/keystone/keystone.conf中:
[DEFAULT]
admin_token = fa2618fad62bbdcc7042
下文中的http://controller:35357/v3是keystone的管理端点。关于keystone API的详细描述可参考文档Identity API v3。
下面json串中的项目和域都是default。
curl -X POST http://controller:35357/v3/users -H "X-Auth-Token: fa2618fad62bbdcc7042" \
-H "Content-Type: application/json" \
-d '
{
"user": {
"default_project_id": "cb5213ffa34d4fb2b9fdd3d720d7676c",
"domain_id": "027f20c08b4744db836eb448e0a8af6a",
"enabled": true,
"name": "wbwangk",
"password": "1"
}
}'
响应:
{"user": {"password_expires_at": null, "name": "wbwangk", "links": {"self": "http://controller:35357/v3/users/e3ba0430c5304ac18d13e0f9ad2dfe8c"}, "domain_id": "027f20c08b4744db836eb448e0a8af6a", "enabled": true, "id": "e3ba0430c5304ac18d13e0f9ad2dfe8c", "default_project_id": "cb5213ffa34d4fb2b9fdd3d720d7676c"}}$ curl -X POST http://controller:35357/v3/projects \
-H "X-Auth-Token: fa2618fad62bbdcc7042" \
-H "Content-Type: application/json" \
-d '
{
"project": {
"description": "My new project",
"domain_id": "027f20c08b4744db836eb448e0a8af6a",
"enabled": true,
"is_domain": false,
"name": "wbwangProject2"
}
}'
从响应中可以看到这个新建项目wbwangProject2的URI:
"http://controller:35357/v3/projects/cb5213ffa34d4fb2b9fdd3d720d7676c
keystone的角色API的基本格式是:
PUT /v3/projects/{project_id}/users/{user_id}/roles/{role_id}
下面URI中项目是wbwangproject2、用户是wbwangk、角色是user。下面命令的含义是,用户wbwangk在wbwangproject2项目中充当user角色。与user角色相对,还有admin角色。
$ curl -X PUT http://controller:35357/v3/projects/cb5213ffa34d4fb2b9fdd3d720d7676c/users/e3ba0430c5304ac18d13e0f9ad2dfe8c/roles/e6c4354eb7464a7090f5117d98eb11fc \
-H "X-Auth-Token: fa2618fad62bbdcc7042"
下面测试用户wbwangk在项目wbwangproject2下创建容器。
用户wbwangk要存取swift,必须先获取个人令牌。他不可能像管理员一样使用超级令牌。
下面用curl示范了以用户凭据(wbwangk:1)换取令牌。令牌通过http标头X-Subject-Token的形式通过响应返回给调用者。
token=$(\
curl -X POST http://controller:35357/v3/auth/tokens \
-s \
-i \
-H "Content-Type: application/json" \
-d '
{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"domain": {
"name": "default"
},
"name": "wbwangk",
"password": "1"
}
}
},
"scope": {
"project": {
"domain": {
"name": "default"
},
"name": "wbwangproject2"
}
}
}
}' | grep ^X-Subject-Token: | awk '{print $2}' )
项目wbwangproject2的id是cb5213ffa34d4fb2b9fdd3d720d7676c。下面的命令会在项目下创建名为wbwangk2的容器。
$ curl -X PUT http://controller:8080/v1/AUTH_cb5213ffa34d4fb2b9fdd3d720d7676c/wbwangk2 \
-H "Content-Length: 0" -H "X-Auth-Token: $token"
swift API的结构是:
http://controller:8080/v1/AUTH_{project_id}/{container_name}/{object_name}
而且在object_name中还可以带斜杠/,从而模拟出文件目录。
可以查询一下wbwangproject2项目下的容器清单:
$ curl http://controller:8080/v1/AUTH_cb5213ffa34d4fb2b9fdd3d720d7676c \
-H "X-Auth-Token: $token"
wbwangk
wbwangk2
上面显示了两个容器名,其中一个是刚刚创建的。