零停机时间将 ceph 存储桶迁移到新用户
[英]Migrate ceph buckets to new user with zero downtime
问题描述
I have a ceph/radosgw bucket with several million objects in it, and I need to change the ownership of the bucket to another user.
我有一个包含数百万个对象的 ceph/radosgw 存储桶,我需要将存储桶的所有权更改给另一个用户。
Normally, this is done by link ing the bucket to the new user, then chown ing all of the files in it, like this:通常,这是通过将存储桶link到新用户,然后将其中的所有文件chown来完成的,如下所示:
radosgw-admin bucket unlink --uid=user1 --bucket=bigbucket
radosgw-admin bucket link --uid=user2 --bucket=bigbucket
radosgw-admin bucket chown --uid=user2 --bucket=bigbucket
Unfortunately, the chown operation has to loop over every single object in the bucket in order to update metadata.不幸的是, chown操作必须遍历存储桶中的每个 object才能更新元数据。 This results in an extended downtime window (sometimes 1 hour per million objects apparently) where neither the old user nor the new user can access the full contents of the bucket.这导致停机时间延长 window(有时显然是每百万个对象 1 小时),旧用户和新用户都无法访问存储桶的全部内容。
Is there any way to change bucket ownership that doesn't require downtime?有什么方法可以在不需要停机的情况下更改存储桶所有权? Some ideas:一些想法:
- Is it possible for a bucket or specific objects to be owned by two users at the same time?两个用户是否可以同时拥有一个存储桶或特定对象?
- Could we create the new user, then just change their
uidor some other piece of metadata that grants them access to the old user's bucket?我们可以创建新用户,然后只更改他们的uid或其他一些元数据,授予他们访问旧用户存储桶的权限吗? - Could the problem be solved client-side, or maybe with a proxy?问题可以在客户端解决,还是可以通过代理解决?
1 个解决方案
解决方案1
0 2021-06-30 16:46:11
You can add a bucket policy to the bucket to get access to both users until the migration gets done by chown command:您可以向存储桶添加存储桶策略以访问两个用户,直到通过chown命令完成迁移:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {"AWS": ["arn:aws:iam:::user/user1", "arn:aws:iam:::user/user2"]},
"Action": "*",
"Resource": [
"arn:aws:s3:::bigbucket/*"
]
}]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.