如何使用radosgw admin ops api?

概述

通过Radosgw的Admin ops api，可以执行radosgw-admin对应的很多管理操作。

创建管理用户

要通过Restful请求管理Radosgw，必须先创建一个管理账户，user自己制定，可以命名为admin，例如：

1	radosgw-admin user create --uid=admin --display-name=admin

此时admin还仅仅是普通的权限，需要通过–cap添加user的capabilities，例如：

1 2	radosgw-admin caps add --uid=admin --caps="users=read, write" radosgw-admin caps add --uid=admin --caps="usage=read, write"

GET USER INFO

Get user information. If no user is specified returns the list of all users along with suspension information.

caps:	users=read

SYNTAX

1 2	GET /{admin}/user?format=json HTTP/1.1 Host: {fqdn}

比如上述的“GET USER INFO”的API，需要使用的{admin}用户有“users=read”的caps。

API示例

创建user

$ cat usercreate.sh
#!/bin/bash
token=5L65QDE4df8JJ8RM7MN5 ## USER_TOKEN
secret=Y9HPiBCwLDeSMSaiQhmPT2h7NgNUndvLERhktnIZ ## USER_SECRET
query=$1
name=$2
echo $query, $name
query3="&uid="
query2=admin/user
date=$(for i in $(date "+%H") ; do date "+%a, %d %b %Y $(( 10#$i-8 )):%M:%S +0000" ; done)
header="PUT\n\n\n${date}\n/${query2}"
sig=$(echo -en ${header} | openssl sha1 -hmac ${secret} -binary | base64)
curl -v -H "Date: ${date}" -H "Authorization: AWS ${token}:${sig}" -L -X PUT "http://<your-host-ip>/${query2}?format=json${query3}${query}&display-name=${name}" -H "Host: <your-host-ip>"

列出user info

$ cat userinfo.sh
#!/bin/bash
token=5L65QDE4238JJ8RM7MN5 ## USER_TOKEN
secret=Y9HPiBCwLDeSMSaiQhmPT2h7NgNUnqVLERhktnIZ ## USER_SECRET
query=$1
query3="&uid="
query2=admin/user
date=$(for i in $(date "+%H") ; do date "+%a, %d %b %Y $(( 10#$i-8 )):%M:%S +0000" ; done)
header="GET\n\n\n${date}\n/${query2}"
sig=$(echo -en ${header} | openssl sha1 -hmac ${secret} -binary | base64)
curl -v -H "Date: ${date}" -H "Authorization: AWS ${token}:${sig}" -L -X GET "http://<your-host-ip>/${query2}?format=json${query3}${query}" -H "Host: <your-host-ip>"

删除user

$ cat userdelete.sh
#!/bin/bash
token=5L65QDE4238JJ8RM7MN5 ## USER_TOKEN
secret=Y9HPiBCwLDeSMSaiQhmPT2h7NgNUnqVLERhktnIZ ## USER_SECRET
query=$1
query3="&uid="
query2=admin/user
date=$(for i in $(date "+%H") ; do date "+%a, %d %b %Y $(( 10#$i-8 )):%M:%S +0000" ; done)
header="DELETE\n\n\n${date}\n/${query2}"
sig=$(echo -en ${header} | openssl sha1 -hmac ${secret} -binary | base64)
curl -v -H "Date: ${date}" -H "Authorization: AWS ${token}:${sig}" -L -X DELETE "http://<your-host-ip>/${query2}?format=json${query3}${query}" -H "Host: <your-host-ip>"

获取usage info

$ cat usageinfo.sh
#!/bin/bash
token=5L65QDE4238JJ8RM7MN5 ## USER_TOKEN
secret=Y9HPiBCwLDeSMSaiQhmPT2h7NgNUnqVLERhktnIZ ## USER_SECRET
query=$1
query3="&uid="
query2=admin/usage
date=$(for i in $(date "+%H") ; do date "+%a, %d %b %Y $(( 10#$i-8 )):%M:%S +0000" ; done)
header="GET\n\n\n${date}\n/${query2}"
sig=$(echo -en ${header} | openssl sha1 -hmac ${secret} -binary | base64)
curl -v -H "Date: ${date}" -H "Authorization: AWS ${token}:${sig}" -L -X GET "http://<your-host-ip>/${query2}?format=json${query3}${query}" -H "Host: <your-host-ip>"

RadosGW Admin ops API还有很多其他的APIs
详情见：
http://docs.ceph.com/docs/master/radosgw/adminops/

问题记录

AccessDenied

脚本报错：< HTTP/1.1 403 Forbidden … {"Code":"AccessDenied"}
radosgw的log里报错：rgw/rgw_auth_s3.cc:188 NOTICE: failed to parse date for auth header

从上述log中看出是请求header中的date解析不出来，修改脚本中date如下：
date=$(for i in $(date "+%H") ; do date "+%a, %d %b %Y $(( 10#$i-2 )):%M:%S +0000" ; done)

RequestTimeTooSkewed

脚本报错：< HTTP/1.1 403 Forbidden … {"Code":"RequestTimeTooSkewed"}
radosgw的log里报错：rgw/rgw_rest_s3.cc:2398 NOTICE: request time skew too big now=2016-08-29 15:09:40.000000 req_time=2016-08-29 21:09:40.000000

从上述log中看出是request的time跟服务器时间差别较大，修改脚本中date如下：
date=$(for i in $(date "+%H") ; do date "+%a, %d %b %Y $(( 10#$i-8 )):%M:%S +0000" ; done)