配置对象存储OSS数据源
更新时间: 2023-06-01
目录
配置文件
Rclone工具在配置文件中配置数据源信息
默认的配置文件路径可通过如下命令查看:
rclone config paths
手动指定配置文件:
--config [config-file-path]
- config-file-path:配置文件路径
配置步骤
支持手动配置和使用向导配置两种方式,任选其一即可。
手动配置
直接创建配置文件,设置OSS的连接信息。配置文件模板如下:
[OSS]
type = s3
provider = inspur
access_key_id = XXXXXXXX
secret_access_key = XXXXXXXXXXXXXXXX
endpoint = XXXXXXXX.inspurcloudoss.com
location_constraint = XXXXXXXX
acl = private
配置项说明:
| 名称 | 说明 | 是否必选 | 备注 |
|---|---|---|---|
| [OSS] | 配置项名称,由用户自定义 | 是 | |
| type | 存储类型 | 是 | |
| provider | 服务提供商 | 是 | |
| access_key_id | 对象存储认证信息 AccessID | 是 | 获取方式请参见附录-如何获取用户API认证信息 |
| secret_access_key | 对象存储认证信息AccessSecretKey | 是 | 获取方式请参见附录-如何获取用户API认证信息 |
| endpoint | 对象存储服务接口地址 | 是 | 获取方式请参见附录-如何获取对象存储服务接口地址 |
| location_constraint | 对象存储服务的Location,必须与接口地址相匹配 | 否 | 获取方式请参见附录-如何获取对象存储服务接口地址该设置仅在创建桶时使用,如无需创建桶,可不设置。 |
| acl | 桶权限 | 否 | 默认值:private,可选值: private、public-read、public-read-write |
| env_auth | 是否开启验证 | 否 | 默认值为:false |
| storage_class | 桶的存储类型 | 否 | 默认值:空(使用桶的默认存储类型),可选值:空、STANDARD、STANDARD_IA。 |
使用向导配置
执行如下命令,运行Rclone配置向导:
rclone config --config [config-file-path]
屏幕将显示如下的配置向导菜单,选择n) New remote新建配置(输入n后回车):
Current remotes:
Name Type
==== ====
OSS s3
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> n
name>
按需求给连接配置命名后回车,此处以OSS为例:
name> OSS
Option Storage.
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value.
1 / 1Fichier
\ "fichier"
2 / Alias for an existing remote
\ "alias"
3 / Amazon Drive
\ "amazon cloud drive"
4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, SeaweedFS, and Tencent COS
\ "s3"
5 / Backblaze B2
\ "b2"
6 / Better checksums for other remotes
\ "hasher"
7 / Box
\ "box"
8 / Cache a remote
\ "cache"
9 / Citrix Sharefile
\ "sharefile"
10 / Compress a remote
\ "compress"
11 / Dropbox
\ "dropbox"
12 / Encrypt/Decrypt a remote
\ "crypt"
13 / Enterprise File Fabric
\ "filefabric"
14 / FTP Connection
\ "ftp"
15 / Google Cloud Storage (this is not Google Drive)
\ "google cloud storage"
16 / Google Drive
\ "drive"
17 / Google Photos
\ "google photos"
18 / Hadoop distributed file system
\ "hdfs"
19 / Hubic
\ "hubic"
20 / In memory object storage system.
\ "memory"
21 / Jottacloud
\ "jottacloud"
22 / Koofr
\ "koofr"
23 / Local Disk
\ "local"
24 / Mail.ru Cloud
\ "mailru"
25 / Mega
\ "mega"
26 / Microsoft Azure Blob Storage
\ "azureblob"
27 / Microsoft OneDrive
\ "onedrive"
28 / OpenDrive
\ "opendrive"
29 / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
\ "swift"
30 / Pcloud
\ "pcloud"
31 / Put.io
\ "putio"
32 / QingCloud Object Storage
\ "qingstor"
33 / SSH/SFTP Connection
\ "sftp"
34 / Sia Decentralized Cloud
\ "sia"
35 / Sugarsync
\ "sugarsync"
36 / Tardigrade Decentralized Cloud Storage
\ "tardigrade"
37 / Transparently chunk/split large files
\ "chunker"
38 / Union merges the contents of several upstream fs
\ "union"
39 / Uptobox
\ "uptobox"
40 / Webdav
\ "webdav"
41 / Yandex Disk
\ "yandex"
42 / Zoho
\ "zoho"
43 / http Connection
\ "http"
44 / premiumize.me
\ "premiumizeme"
45 / seafile
\ "seafile"
Storage>
选择存储类型,输入s3后回车:
Storage> s3
Option provider.
Choose your S3 provider.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value.
1 / Amazon Web Services (AWS) S3
\ "AWS"
2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
\ "Alibaba"
3 / Ceph Object Storage
\ "Ceph"
4 / Digital Ocean Spaces
\ "DigitalOcean"
5 / Dreamhost DreamObjects
\ "Dreamhost"
6 / IBM COS S3
\ "IBMCOS"
7 / Minio Object Storage
\ "Minio"
8 / Netease Object Storage (NOS)
\ "Netease"
9 / Scaleway Object Storage
\ "Scaleway"
10 / SeaweedFS S3
\ "SeaweedFS"
11 / StackPath Object Storage
\ "StackPath"
12 / Tencent Cloud Object Storage (COS)
\ "TencentCOS"
13 / Wasabi Object Storage
\ "Wasabi"
14 / Any other S3 compatible provider
\ "Other"
provider>
选择服务提供商,输入inspur后回车:
provider> inspur
Option env_auth.
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
Only applies if access_key_id and secret_access_key is blank.
Enter a boolean value (true or false). Press Enter for the default ("false").
Choose a number from below, or type in your own value.
1 / Enter AWS credentials in the next step.
\ "false"
2 / Get AWS credentials from the environment (env vars or IAM).
\ "true"
env_auth>
选择是否开启验证,输入false后回车:
env_auth> false
Option access_key_id.
AWS Access Key ID.
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
access_key_id>
输入用户API认证信息中的AccessID,获取方式参见附录-如何获取用户API认证信息:
access_key_id> your AccessID
Option secret_access_key.
AWS Secret Access Key (password).
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
secret_access_key>
输入用户API认证信息中的AccessSecretKey,获取方式参见附录-如何获取用户API认证信息:
secret_access_key> your AccessSecretKey
Option region.
Region to connect to.
Leave blank if you are using an S3 clone and you don't have a region.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value.
/ Use this if unsure.
1 | Will use v4 signatures and an empty region.
\ ""
/ Use this only if v4 signatures don't work.
2 | E.g. pre Jewel/v10 CEPH.
\ "other-v2-signature"
region>
从下面选择一个数字,或键入您自己的值。
region> 1
Option endpoint.
Endpoint for S3 API.
Required when using an S3 clone.
Enter a string value. Press Enter for the default ("").
endpoint>
选择对象存储服务接口地址,输入服务接口地址后回车,此处以north-3.inspurcloudoss.com为例:
endpoint> north-3.inspurcloudoss.com
Option location_constraint.
Location constraint - must be set to match the Region.
Leave blank if not sure. Used when creating buckets only.
Enter a string value. Press Enter for the default ("").
location_constraint>
选择“location_constraint”,需要与之前的对象存储服务接口地址保持一致
location_constraint> north-3.inspurcloudoss.com
Option acl.
Canned ACL used when creating buckets and storing or copying objects.
This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
Note that this ACL is applied when server-side copying objects as S3
doesn't copy the ACL from the source but rather writes a fresh one.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value.
/ Owner gets FULL_CONTROL.
1 | No one else has access rights (default).
\ "private"
/ Owner gets FULL_CONTROL.
2 | The AllUsers group gets READ access.
\ "public-read"
/ Owner gets FULL_CONTROL.
3 | The AllUsers group gets READ and WRITE access.
| Granting this on a bucket is generally not recommended.
\ "public-read-write"
/ Owner gets FULL_CONTROL.
4 | The AuthenticatedUsers group gets READ access.
\ "authenticated-read"
/ Object owner gets FULL_CONTROL.
5 | Bucket owner gets READ access.
| If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
\ "bucket-owner-read"
/ Both the object owner and the bucket owner get FULL_CONTROL over the object.
6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
\ "bucket-owner-full-control"
acl>
输入默认权限,此处以private为例,选择是否设置进阶配置,这里不进行设置,直接回车:
acl> private
Edit advanced config?
y) Yes
n) No (default)
y/n>
--------------------
[OSS-test]
type = s3
provider = inspur
access_key_id = YTM2MTZmNGYtMWY3YS00MmM2LTg2NmUtMzU1MjkwMmRlMTJm
secret_access_key = NmQ1Y2M2OWYtMmM5OS00OTU3LTlmMDgtMDg0NWZiZWJlODg0
endpoint = north-3.inspurcloudoss.com
location_constraint = north-3.inspurcloudoss.com
acl = private
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d>
回到配置向导的初始菜单,显示出刚才的配置,可继续执行创建新的配置(输入n)、编辑已有的配置(输入e)、删除配置(输入d)等操作,或者完成配置向导退出(输入q)等其它操作:
y/e/d> y
Current remotes:
Name Type
==== ====
OSS-test s3
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q>
配置验证
可通过执行如下命令列举桶内的对象,来验证配置是否正确:
rclone ls [config-name]:[bucket-name] --config [config-file-path]
备注:
- [config-name]:配置文件中的配置项名称;
- [bucket-name]:用户的桶名;
- [config-file-path]:配置文件的路径。
附录
如何获取用户API认证信息
打开对象存储控制台网页,点击API认证信息页面获取认证信息:
如何获取对象存储服务接口地址
使用配置向导时选择
使用配置向导创建配置,可在配置的过程中,选择对应的服务接口地址和Location。
从桶基本信息中获取
打开对象存储控制台网页,在存储桶列表-选择对应的桶-基础配置页面中获取:
配置中会出现的问题
| 报错内容 | 问题分析 | 解决方法 |
|---|---|---|
| x509: certificate is valid for XXX | endpoint地址设置的是内网地址,但对应资源池的内网地址不支持HTTPS协议。 | 使用HTTP协议,将endpoint更改为:http://xxx.inspurcloudoss.cn。 |
| Failed to ls: RequestError: send request failed |
配置文件中的endpoint设置错误,或者网关服务器到对象存储接口地址的网络不通。 | 检查endpoint设置是否正确; 验证网关服务器到对象存储接口地址的网络是否通畅。 |
| Failed to ls: InvalidAccessKeyId |
配置文件中的access_key_id设置错误。 | 更正access_key_id。 |
| Failed to ls: SignatureDoesNotMatch |
配置文件中的secret_access_key设置错误。 | 更正secret_access_key。 |
| Failed to ls: directory not found | 指定的对象存储的桶不存在。 | 检查命令中指定的桶。 |