IBM Cloud Docs
在 IBM Cloud 账户之间迁移 Cloud Object Storage (COS) 应用程序和数据

在 IBM Cloud 账户之间迁移 Cloud Object Storage (COS) 应用程序和数据

经典基础设施 虚拟私有云

在本教程中,您将把一个 COS 应用程序和数据从一个账户中的 IBM Cloud Kubernetes Service 群集迁移到另一个账户中的 Red Hat OpenShift on IBM Cloud 群集。

先决条件

账户 1

在账户 1 中,您必须具备以下条件。

  • 一个 IBM Cloud Kubernetes Service 集群。

  • 一个 COS 实例和一组 HMAC 证书。 有关详细信息,请参阅For more information, see 服务凭证

  • 集群中安装的 COS 插件

账户 2

在账户 2(要迁移到的目标账户)中,必须具备以下条件。

  • 一个 Red Hat OpenShift on IBM Cloud 集群。

  • 集群中安装的 COS 插件

  • 一个 COS 实例和一组 HMAC 证书。 有关详细信息,请参阅For more information, see 服务凭证

  • COS 实例中的空桶。

可选:在集群中部署应用程序

账户 1

如果还没有要迁移的应用程序,可以部署以下示例应用程序。

  1. 创建一个引用对象存储配置的 PVC。

    kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: demo #Enter a name for your PVC.
  namespace: default
  annotations:
  ibm.io/auto-create-bucket: "true"
  ibm.io/auto-delete-bucket: "false"
  ibm.io/secret-name: SECRET-NAME #Enter the name of the secret you created earlier.
  ibm.io/secret-namespace: NAMESPACE #Enter the namespace where you want to create the PVC.
spec:
    accessModes:
    - ReadWriteOnce
    resources:
        requests:
          storage: 10Gi
    storageClassName: ibmc-s3fs-cos #The storage class that you want to use.

  2. 在集群中创建 PVC。

    oc apply -f pvc-cos.yaml

  3. 为挂载所创建的 PVC 的 pod 创建 YAML 配置文件。

    apiVersion: v1
kind: Pod
metadata:
  name: demo-pod
  namespace: default
spec:
  securityContext:
    runAsUser: 2000
    fsGroup: 2000
  volumes:
  - name: demo-vol
    persistentVolumeClaim:
      claimName: demo
  containers:
  - name: test
    image: nginxinc/nginx-unprivileged
    imagePullPolicy: Always
    volumeMounts:
    - name: demo-vol
      mountPath: /mnt/cosvol

  4. 在群集中创建 pod。

    oc apply -f demo-pod.yaml

  5. 验证 pod 是否已部署。 请注意,应用程序进入 "Running 状态可能需要几分钟时间。

    oc get pods

    NAME                                READY   STATUS    RESTARTS   AGE
demo-pod                            1/1     Running   0          2m58s

  6. 登录 pod 验证应用程序是否可以写入块存储卷。

    oc exec demo-pod -- bash -c "ls /mnt/cosvol"

获取应用程序的详细信息

账户 1

  1. 列出 pod 和 PVC。
    kubectl get pods
  2. 描述您的 PVC,查看细节并记下水桶名称。
    kubectl describe PVC -o yaml

安装 rclone

请按照 rclone 文档中的 安装步骤 进行操作。

为账户 1 中的水桶配置 "rclone

账户 1

安装 rclone 后,必须生成一个配置文件,定义要迁移数据的 COS 实例。

  1. 运行 "rclone config 命令。

    rclone config

    示例输出

    2020/01/16 09:39:33 NOTICE: Config file "/Users/ryan/.config/rclone/rclone.conf" not found - using defaults
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config

  2. 进入 n 设置一个新的遥控器,然后为您的遥控器提供一个名称。

    n/s/q> n

    远程名称示例

    name> cos-instance-1

  3. 从提供商列表中,选择 Amazon S3 Compliant Storage Provider 包括 IBM COS

    Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / 1Fichier
  \ "fichier"
2 / Alias for an existing remote
  \ "alias"
3 / Amazon Drive
  \ "amazon cloud drive"
4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc)
  \ "s3"
5 / Backblaze B2
  \ "b2"
...
provider> 4

  4. 选择 "IBM COS 作为s3提供商。

    Choose your S3 provider.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Amazon Web Services (AWS) S3
  \ "AWS"
2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
  \ "Alibaba"
3 / Ceph Object Storage
  \ "Ceph"
4 / Digital Ocean Spaces
  \ "DigitalOcean"
5 / Dreamhost DreamObjects
  \ "Dreamhost"
6 / IBM COS S3
  \ "IBMCOS"
7 / Minio Object Storage
  \ "Minio"
8 / Netease Object Storage (NOS)
  \ "Netease"
9 / Wasabi Object Storage
  \ "Wasabi"
10 / Any other S3 compatible provider
  \ "Other"

  5. 通过选择选项添加您的 COS 凭证 1

    Option env_auth.
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
Only applies if access_key_id and secret_access_key is blank.
Choose a number from below, or type in your own boolean value (true or false).
Press Enter for the default (false).
1 / Enter AWS credentials in the next step.
  \ (false)
2 / Get AWS credentials from the environment (env vars or IAM).
  \ (true)
env_auth> 1

  6. 出现提示时,提供 access_key_idsecret_access_key 您的 COS 实例。 有关详细信息,请参阅For more information, see 服务凭证

    AWS Access Key ID.
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
access_key_id> xxxxxxxxxxxxxxxxxxxxx
AWS Secret Access Key (password)
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
secret_access_key> xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  7. 在里面 Region to connect to 提示,选择选项 1

    Region to connect to.
Leave blank if you are using an S3 clone and you don't have a region.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Use this if unsure. Will use v4 signatures and an empty region.
  \ ""
2 / Use this only if v4 signatures don't work, eg pre Jewel/v10 CEPH.
  \ "other-v2-signature"
region> 1

  8. 在里面 Endpoint for IBM COS S3 API 提示,选择选项 1

    Endpoint for IBM COS S3 API.
Specify if using an IBM COS On Premise.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / US Cross Region Endpoint
  \ "s3-api.us-geo.objectstorage.softlayer.net"
2 / US Cross Region Dallas Endpoint
  \ "s3-api.dal.us-geo.objectstorage.softlayer.net"
3 / US Cross Region Washington DC Endpoint
  \ "s3-api.wdc-us-geo.objectstorage.softlayer.net"
...
endpoint> 1

  9. 在里面 Location constraint 提示,按返回使用默认值。

    Location constraint - must match endpoint when using IBM Cloud Public.
For on-prem COS, do not make a selection from this list, hit enter
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / US Cross Region Standard
  \ "us-standard"
2 / US Cross Region Vault
  \ "us-vault"
3 / US Cross Region Cold
  \ "us-cold"
4 / US Cross Region Flex
  \ "us-flex"
...

  10. 在 ACL 策略提示中,选择 private

    Note that this ACL is applied when server side copying objects as S3
doesn't copy the ACL from the source but rather writes a fresh one.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS
  \ "private"
2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS
  \ "public-read"
3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS
  \ "public-read-write"
4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS
  \ "authenticated-read"
acl> 1

  11. 跳过高级配置选项并确认您的设置。

    Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
--------------------
[cos-instance-1]
type = s3
provider = IBMCOS
env_auth = false
access_key_id = xxxxxx
secret_access_key = xxxxxxxxx
endpoint = s3-api.us-geo.objectstorage.softlayer.net
location_constraint = us-standard
acl = private
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:

Name                 Type
====                 ====
cos-instance-1      s3

  12. 重复前面的步骤,在第二个账户中添加 COS 实例。 验证信息后,按 q 退出配置过程。

为账户 2 中的水桶配置 "rclone

账户 2

重复步骤,为账户 2 配置 rclone

  1. 运行 "rclone config 命令。

    rclone config

    示例输出

    2020/01/16 09:39:33 NOTICE: Config file "/Users/ryan/.config/rclone/rclone.conf" not found - using defaults
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config

  2. 进入 n 设置一个新的遥控器,然后为您的遥控器提供一个名称。

    n/s/q> n

    远程名称示例

    name> cos-instance-2

  3. 从提供商列表中,选择 Amazon S3 Compliant Storage Provider 包括 IBM COS

    Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / 1Fichier
  \ "fichier"
2 / Alias for an existing remote
  \ "alias"
3 / Amazon Drive
  \ "amazon cloud drive"
4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc)
  \ "s3"
5 / Backblaze B2
  \ "b2"
...
provider> 4

  4. 选择 "IBM COS 作为s3提供商。

    Choose your S3 provider.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Amazon Web Services (AWS) S3
  \ "AWS"
2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
  \ "Alibaba"
3 / Ceph Object Storage
  \ "Ceph"
4 / Digital Ocean Spaces
  \ "DigitalOcean"
5 / Dreamhost DreamObjects
  \ "Dreamhost"
6 / IBM COS S3
  \ "IBMCOS"
7 / Minio Object Storage
  \ "Minio"
8 / Netease Object Storage (NOS)
  \ "Netease"
9 / Wasabi Object Storage
  \ "Wasabi"
10 / Any other S3 compatible provider
  \ "Other"

  5. 通过选择选项添加您的 COS 凭证 1

    Option env_auth.
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
Only applies if access_key_id and secret_access_key is blank.
Choose a number from below, or type in your own boolean value (true or false).
Press Enter for the default (false).
1 / Enter AWS credentials in the next step.
  \ (false)
2 / Get AWS credentials from the environment (env vars or IAM).
  \ (true)
env_auth> 1

  6. 出现提示时,提供 access_key_idsecret_access_key 您的 COS 实例。 有关详细信息,请参阅For more information, see 服务凭证

    AWS Access Key ID.
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
access_key_id> xxxxxxxxxxxxxxxxxxxxx
AWS Secret Access Key (password)
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
secret_access_key> xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  7. 在里面 Region to connect to 提示,选择选项 1

    Region to connect to.
Leave blank if you are using an S3 clone and you don't have a region.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Use this if unsure. Will use v4 signatures and an empty region.
  \ ""
2 / Use this only if v4 signatures don't work, eg pre Jewel/v10 CEPH.
  \ "other-v2-signature"
region> 1

  8. 在里面 Endpoint for IBM COS S3 API 提示,选择选项 1

    Endpoint for IBM COS S3 API.
Specify if using an IBM COS On Premise.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / US Cross Region Endpoint
  \ "s3-api.us-geo.objectstorage.softlayer.net"
2 / US Cross Region Dallas Endpoint
  \ "s3-api.dal.us-geo.objectstorage.softlayer.net"
3 / US Cross Region Washington DC Endpoint
  \ "s3-api.wdc-us-geo.objectstorage.softlayer.net"
...
endpoint> 1

  9. 在里面 Location constraint 提示,按返回使用默认值。

    Location constraint - must match endpoint when using IBM Cloud Public.
For on-prem COS, do not make a selection from this list, hit enter
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / US Cross Region Standard
  \ "us-standard"
2 / US Cross Region Vault
  \ "us-vault"
3 / US Cross Region Cold
  \ "us-cold"
4 / US Cross Region Flex
  \ "us-flex"
...

  10. 在 ACL 策略提示中,选择 private

    Note that this ACL is applied when server side copying objects as S3
doesn't copy the ACL from the source but rather writes a fresh one.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS
  \ "private"
2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS
  \ "public-read"
3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS
  \ "public-read-write"
4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS
  \ "authenticated-read"
acl> 1

  11. 跳过高级配置选项并确认您的设置。

    Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
--------------------
[cos-instance-2]
type = s3
provider = IBMCOS
env_auth = false
access_key_id = xxxxxx
secret_access_key = xxxxxxxxx
endpoint = s3-api.us-geo.objectstorage.softlayer.net
location_constraint = us-standard
acl = private
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:

Name                 Type
====                 ====
cos-instance-1      s3
cos-instance-2      s3

  12. 重复前面的步骤,在第二个账户中添加 COS 实例。 验证信息后,按 q 退出配置过程。

查看 COS 工具箱的内容

账户 1 账户 2

配置 rclone 后,查看每个存储桶的内容,然后在每个账户的存储桶之间同步数据。

  1. 首先查看存储桶的内容。

    rclone ls cos-instance-1:bucket-1
    45338 test.txt

  2. 查看实例 2 中的存储桶的内容。 在本例中,水桶名称为 bucket-2

    rclone ls cos-instance-2:bucket-2

在存储桶之间同步内容

账户 1 账户 2

  1. 要将数据从一个存储桶移动到另一个存储桶,可以使用 rclone sync 命令。 在此示例中 cos-instance-1:bucket-1 在一个帐户中,cos-instance-2:bucket-2 是单独账户中的 COS 的第二个实例。

    示例

    rclone sync -P cos-instance-1:bucket-1 cos-instance-2:bucket-2

    示例输出

    Transferred:      754.933k / 754.933 kBytes, 100%, 151.979 kBytes/s, ETA 0s
Errors:                 0
Checks:                 0 / 0, -
Transferred:           18 / 18, 100%
Elapsed time:        4.9

  2. 验证存储桶中的内容 cos-instance-1 已同步到存储桶中 cos-instance-2

    rclone ls cos-instance-2:bucket-2

    示例输出

    45338 test.txt

在账户 2 中重新部署应用程序

账户 2

  1. 登录您的帐户。 如果适用,请将相应的资源组设定为目标。 设置集群的上下文。

  2. 复制以下 PVC 并将其保存到名为 pvc.yaml 的文件中

    kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: demo # Enter a name for your PVC.
  namespace: default
  annotations:
  ibm.io/bucket-name: "bucket-2" # Enter the name of the bucket in Account 2
  ibm.io/auto-create-bucket: "false"
  ibm.io/auto-delete-bucket: "false"
  ibm.io/secret-name: SECRET-NAME #Enter the name of the secret you created earlier.
  ibm.io/secret-namespace: NAMESPACE #Enter the namespace where you want to create the PVC.
spec:
    accessModes:
    - ReadWriteOnce
    resources:
        requests:
          storage: 10Gi
    storageClassName: ibmc-s3fs-cos #The storage class that you want to use.

  3. 在集群中创建 PVC。

    kubectl apply -f pvc.yaml

  4. 为挂载所创建的 PVC 的 pod 创建 YAML 配置文件。

    apiVersion: v1
kind: Pod
metadata:
  name: demo-pod
  namespace: default
spec:
  securityContext:
    runAsUser: 2000
    fsGroup: 2000
  volumes:
  - name: demo-vol
    persistentVolumeClaim:
      claimName: demo
  containers:
  - name: test
    image: nginxinc/nginx-unprivileged
    imagePullPolicy: Always
    volumeMounts:
    - name: demo-vol
      mountPath: /mnt/cosvol

  5. 在群集中创建 pod。

    oc apply -f demo-pod.yaml

  6. 验证 pod 是否已部署。 请注意,应用程序进入 "Running 状态可能需要几分钟时间。

    oc get pods

    NAME                                READY   STATUS    RESTARTS   AGE
demo-pod                            1/1     Running   0          2m58s

  7. 登录 pod 验证应用程序是否可以写入块存储卷。

    oc exec demo-pod -- bash -c "ls /mnt/cosvol"

    test.txt