在 IBM Cloud 账户之间迁移 Cloud Object Storage (COS) 应用程序和数据
经典基础设施 虚拟私有云
在本教程中,您将把一个 COS 应用程序和数据从一个账户中的 IBM Cloud Kubernetes Service 群集迁移到另一个账户中的 Red Hat OpenShift on IBM Cloud 群集。
先决条件
账户 1
在账户 1 中,您必须具备以下条件。
-
一个 IBM Cloud Kubernetes Service 集群。
-
一个 COS 实例和一组 HMAC 证书。 有关详细信息,请参阅For more information, see 服务凭证。
-
集群中安装的 COS 插件。
账户 2
在账户 2(要迁移到的目标账户)中,必须具备以下条件。
可选:在集群中部署应用程序
账户 1
如果还没有要迁移的应用程序,可以部署以下示例应用程序。
-
创建一个引用对象存储配置的 PVC。
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: demo #Enter a name for your PVC. namespace: default annotations: ibm.io/auto-create-bucket: "true" ibm.io/auto-delete-bucket: "false" ibm.io/secret-name: SECRET-NAME #Enter the name of the secret you created earlier. ibm.io/secret-namespace: NAMESPACE #Enter the namespace where you want to create the PVC. spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: ibmc-s3fs-cos #The storage class that you want to use.
-
在集群中创建 PVC。
oc apply -f pvc-cos.yaml
-
为挂载所创建的 PVC 的 pod 创建 YAML 配置文件。
apiVersion: v1 kind: Pod metadata: name: demo-pod namespace: default spec: securityContext: runAsUser: 2000 fsGroup: 2000 volumes: - name: demo-vol persistentVolumeClaim: claimName: demo containers: - name: test image: nginxinc/nginx-unprivileged imagePullPolicy: Always volumeMounts: - name: demo-vol mountPath: /mnt/cosvol
-
在群集中创建 pod。
oc apply -f demo-pod.yaml
-
验证 pod 是否已部署。 请注意,应用程序进入 "
Running
状态可能需要几分钟时间。oc get pods
NAME READY STATUS RESTARTS AGE demo-pod 1/1 Running 0 2m58s
-
登录 pod 验证应用程序是否可以写入块存储卷。
oc exec demo-pod -- bash -c "ls /mnt/cosvol"
获取应用程序的详细信息
账户 1
- 列出 pod 和 PVC。
kubectl get pods
- 描述您的 PVC,查看细节并记下水桶名称。
kubectl describe PVC -o yaml
安装 rclone
请按照 rclone
文档中的 安装步骤 进行操作。
为账户 1 中的水桶配置 "rclone
账户 1
安装 rclone
后,必须生成一个配置文件,定义要迁移数据的 COS 实例。
-
运行 "
rclone config
命令。rclone config
示例输出
2020/01/16 09:39:33 NOTICE: Config file "/Users/ryan/.config/rclone/rclone.conf" not found - using defaults No remotes found - make a new one n) New remote s) Set configuration password q) Quit config
-
进入
n
设置一个新的遥控器,然后为您的遥控器提供一个名称。n/s/q> n
远程名称示例
name> cos-instance-1
-
从提供商列表中,选择
Amazon S3 Compliant Storage Provider
包括IBM COS
。Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / 1Fichier \ "fichier" 2 / Alias for an existing remote \ "alias" 3 / Amazon Drive \ "amazon cloud drive" 4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc) \ "s3" 5 / Backblaze B2 \ "b2" ... provider> 4
-
选择 "
IBM COS
作为s3提供商。Choose your S3 provider. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Amazon Web Services (AWS) S3 \ "AWS" 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun \ "Alibaba" 3 / Ceph Object Storage \ "Ceph" 4 / Digital Ocean Spaces \ "DigitalOcean" 5 / Dreamhost DreamObjects \ "Dreamhost" 6 / IBM COS S3 \ "IBMCOS" 7 / Minio Object Storage \ "Minio" 8 / Netease Object Storage (NOS) \ "Netease" 9 / Wasabi Object Storage \ "Wasabi" 10 / Any other S3 compatible provider \ "Other"
-
通过选择选项添加您的 COS 凭证
1
。Option env_auth. Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank. Choose a number from below, or type in your own boolean value (true or false). Press Enter for the default (false). 1 / Enter AWS credentials in the next step. \ (false) 2 / Get AWS credentials from the environment (env vars or IAM). \ (true) env_auth> 1
-
出现提示时,提供
access_key_id
和secret_access_key
您的 COS 实例。 有关详细信息,请参阅For more information, see 服务凭证。AWS Access Key ID. Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default (""). access_key_id> xxxxxxxxxxxxxxxxxxxxx AWS Secret Access Key (password) Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default (""). secret_access_key> xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-
在里面
Region to connect to
提示,选择选项1
。Region to connect to. Leave blank if you are using an S3 clone and you don't have a region. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Use this if unsure. Will use v4 signatures and an empty region. \ "" 2 / Use this only if v4 signatures don't work, eg pre Jewel/v10 CEPH. \ "other-v2-signature" region> 1
-
在里面
Endpoint for IBM COS S3 API
提示,选择选项1
。Endpoint for IBM COS S3 API. Specify if using an IBM COS On Premise. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / US Cross Region Endpoint \ "s3-api.us-geo.objectstorage.softlayer.net" 2 / US Cross Region Dallas Endpoint \ "s3-api.dal.us-geo.objectstorage.softlayer.net" 3 / US Cross Region Washington DC Endpoint \ "s3-api.wdc-us-geo.objectstorage.softlayer.net" ... endpoint> 1
-
在里面
Location constraint
提示,按返回使用默认值。Location constraint - must match endpoint when using IBM Cloud Public. For on-prem COS, do not make a selection from this list, hit enter Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / US Cross Region Standard \ "us-standard" 2 / US Cross Region Vault \ "us-vault" 3 / US Cross Region Cold \ "us-cold" 4 / US Cross Region Flex \ "us-flex" ...
-
在 ACL 策略提示中,选择
private
。Note that this ACL is applied when server side copying objects as S3 doesn't copy the ACL from the source but rather writes a fresh one. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS \ "private" 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS \ "public-read" 3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS \ "public-read-write" 4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS \ "authenticated-read" acl> 1
-
跳过高级配置选项并确认您的设置。
Edit advanced config? (y/n) y) Yes n) No y/n> n Remote config -------------------- [cos-instance-1] type = s3 provider = IBMCOS env_auth = false access_key_id = xxxxxx secret_access_key = xxxxxxxxx endpoint = s3-api.us-geo.objectstorage.softlayer.net location_constraint = us-standard acl = private -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y Current remotes: Name Type ==== ==== cos-instance-1 s3
-
重复前面的步骤,在第二个账户中添加 COS 实例。 验证信息后,按
q
退出配置过程。
为账户 2 中的水桶配置 "rclone
账户 2
重复步骤,为账户 2 配置 rclone
。
-
运行 "
rclone config
命令。rclone config
示例输出
2020/01/16 09:39:33 NOTICE: Config file "/Users/ryan/.config/rclone/rclone.conf" not found - using defaults No remotes found - make a new one n) New remote s) Set configuration password q) Quit config
-
进入
n
设置一个新的遥控器,然后为您的遥控器提供一个名称。n/s/q> n
远程名称示例
name> cos-instance-2
-
从提供商列表中,选择
Amazon S3 Compliant Storage Provider
包括IBM COS
。Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / 1Fichier \ "fichier" 2 / Alias for an existing remote \ "alias" 3 / Amazon Drive \ "amazon cloud drive" 4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc) \ "s3" 5 / Backblaze B2 \ "b2" ... provider> 4
-
选择 "
IBM COS
作为s3提供商。Choose your S3 provider. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Amazon Web Services (AWS) S3 \ "AWS" 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun \ "Alibaba" 3 / Ceph Object Storage \ "Ceph" 4 / Digital Ocean Spaces \ "DigitalOcean" 5 / Dreamhost DreamObjects \ "Dreamhost" 6 / IBM COS S3 \ "IBMCOS" 7 / Minio Object Storage \ "Minio" 8 / Netease Object Storage (NOS) \ "Netease" 9 / Wasabi Object Storage \ "Wasabi" 10 / Any other S3 compatible provider \ "Other"
-
通过选择选项添加您的 COS 凭证
1
。Option env_auth. Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank. Choose a number from below, or type in your own boolean value (true or false). Press Enter for the default (false). 1 / Enter AWS credentials in the next step. \ (false) 2 / Get AWS credentials from the environment (env vars or IAM). \ (true) env_auth> 1
-
出现提示时,提供
access_key_id
和secret_access_key
您的 COS 实例。 有关详细信息,请参阅For more information, see 服务凭证。AWS Access Key ID. Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default (""). access_key_id> xxxxxxxxxxxxxxxxxxxxx AWS Secret Access Key (password) Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default (""). secret_access_key> xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-
在里面
Region to connect to
提示,选择选项1
。Region to connect to. Leave blank if you are using an S3 clone and you don't have a region. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Use this if unsure. Will use v4 signatures and an empty region. \ "" 2 / Use this only if v4 signatures don't work, eg pre Jewel/v10 CEPH. \ "other-v2-signature" region> 1
-
在里面
Endpoint for IBM COS S3 API
提示,选择选项1
。Endpoint for IBM COS S3 API. Specify if using an IBM COS On Premise. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / US Cross Region Endpoint \ "s3-api.us-geo.objectstorage.softlayer.net" 2 / US Cross Region Dallas Endpoint \ "s3-api.dal.us-geo.objectstorage.softlayer.net" 3 / US Cross Region Washington DC Endpoint \ "s3-api.wdc-us-geo.objectstorage.softlayer.net" ... endpoint> 1
-
在里面
Location constraint
提示,按返回使用默认值。Location constraint - must match endpoint when using IBM Cloud Public. For on-prem COS, do not make a selection from this list, hit enter Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / US Cross Region Standard \ "us-standard" 2 / US Cross Region Vault \ "us-vault" 3 / US Cross Region Cold \ "us-cold" 4 / US Cross Region Flex \ "us-flex" ...
-
在 ACL 策略提示中,选择
private
。Note that this ACL is applied when server side copying objects as S3 doesn't copy the ACL from the source but rather writes a fresh one. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS \ "private" 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS \ "public-read" 3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS \ "public-read-write" 4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS \ "authenticated-read" acl> 1
-
跳过高级配置选项并确认您的设置。
Edit advanced config? (y/n) y) Yes n) No y/n> n Remote config -------------------- [cos-instance-2] type = s3 provider = IBMCOS env_auth = false access_key_id = xxxxxx secret_access_key = xxxxxxxxx endpoint = s3-api.us-geo.objectstorage.softlayer.net location_constraint = us-standard acl = private -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y Current remotes: Name Type ==== ==== cos-instance-1 s3 cos-instance-2 s3
-
重复前面的步骤,在第二个账户中添加 COS 实例。 验证信息后,按
q
退出配置过程。
查看 COS 工具箱的内容
账户 1 账户 2
配置 rclone
后,查看每个存储桶的内容,然后在每个账户的存储桶之间同步数据。
-
首先查看存储桶的内容。
rclone ls cos-instance-1:bucket-1 45338 test.txt
-
查看实例 2 中的存储桶的内容。 在本例中,水桶名称为
bucket-2
。rclone ls cos-instance-2:bucket-2
在存储桶之间同步内容
账户 1 账户 2
-
要将数据从一个存储桶移动到另一个存储桶,可以使用
rclone sync
命令。 在此示例中cos-instance-1:bucket-1
在一个帐户中,cos-instance-2:bucket-2
是单独账户中的 COS 的第二个实例。示例
rclone sync -P cos-instance-1:bucket-1 cos-instance-2:bucket-2
示例输出
Transferred: 754.933k / 754.933 kBytes, 100%, 151.979 kBytes/s, ETA 0s Errors: 0 Checks: 0 / 0, - Transferred: 18 / 18, 100% Elapsed time: 4.9
-
验证存储桶中的内容
cos-instance-1
已同步到存储桶中cos-instance-2
。rclone ls cos-instance-2:bucket-2
示例输出
45338 test.txt
在账户 2 中重新部署应用程序
账户 2
-
复制以下 PVC 并将其保存到名为
pvc.yaml
的文件中kind: PersistentVolumeClaim apiVersion: v1 metadata: name: demo # Enter a name for your PVC. namespace: default annotations: ibm.io/bucket-name: "bucket-2" # Enter the name of the bucket in Account 2 ibm.io/auto-create-bucket: "false" ibm.io/auto-delete-bucket: "false" ibm.io/secret-name: SECRET-NAME #Enter the name of the secret you created earlier. ibm.io/secret-namespace: NAMESPACE #Enter the namespace where you want to create the PVC. spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: ibmc-s3fs-cos #The storage class that you want to use.
-
在集群中创建 PVC。
kubectl apply -f pvc.yaml
-
为挂载所创建的 PVC 的 pod 创建 YAML 配置文件。
apiVersion: v1 kind: Pod metadata: name: demo-pod namespace: default spec: securityContext: runAsUser: 2000 fsGroup: 2000 volumes: - name: demo-vol persistentVolumeClaim: claimName: demo containers: - name: test image: nginxinc/nginx-unprivileged imagePullPolicy: Always volumeMounts: - name: demo-vol mountPath: /mnt/cosvol
-
在群集中创建 pod。
oc apply -f demo-pod.yaml
-
验证 pod 是否已部署。 请注意,应用程序进入 "
Running
状态可能需要几分钟时间。oc get pods
NAME READY STATUS RESTARTS AGE demo-pod 1/1 Running 0 2m58s
-
登录 pod 验证应用程序是否可以写入块存储卷。
oc exec demo-pod -- bash -c "ls /mnt/cosvol"
test.txt