IBM Cloud Docs
在 IBM Cloud 账户之间迁移 Cloud Object Storage (COS) 应用程序和数据

在 IBM Cloud 账户之间迁移 Cloud Object Storage (COS) 应用程序和数据

经典基础设施 虚拟私有云

在本教程中,您将把一个 COS 应用程序和数据从一个账户中的 IBM Cloud Kubernetes Service 群集迁移到另一个账户中的 Red Hat OpenShift on IBM Cloud 群集。

先决条件

账户 1

在账户 1 中,您必须具备以下条件。

  • 一个 IBM Cloud Kubernetes Service 集群。

  • 一个 COS 实例和一组 HMAC 证书。 有关详细信息,请参阅For more information, see 服务凭证

  • 集群中安装的 COS 插件

账户 2

在账户 2(要迁移到的目标账户)中,必须具备以下条件。

  • 一个 Red Hat OpenShift on IBM Cloud 集群。

  • 集群中安装的 COS 插件

  • 一个 COS 实例和一组 HMAC 证书。 有关详细信息,请参阅For more information, see 服务凭证

  • COS 实例中的空桶。

可选:在集群中部署应用程序

账户 1

如果还没有要迁移的应用程序,可以部署以下示例应用程序。

  1. 创建一个引用对象存储配置的 PVC。

    kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
      name: demo #Enter a name for your PVC.
      namespace: default
      annotations:
      ibm.io/auto-create-bucket: "true"
      ibm.io/auto-delete-bucket: "false"
      ibm.io/secret-name: SECRET-NAME #Enter the name of the secret you created earlier.
      ibm.io/secret-namespace: NAMESPACE #Enter the namespace where you want to create the PVC.
    spec:
        accessModes:
        - ReadWriteOnce
        resources:
            requests:
              storage: 10Gi
        storageClassName: ibmc-s3fs-cos #The storage class that you want to use.
    
  2. 在集群中创建 PVC。

    oc apply -f pvc-cos.yaml
    
  3. 为挂载所创建的 PVC 的 pod 创建 YAML 配置文件。

    apiVersion: v1
    kind: Pod
    metadata:
      name: demo-pod
      namespace: default
    spec:
      securityContext:
        runAsUser: 2000
        fsGroup: 2000
      volumes:
      - name: demo-vol
        persistentVolumeClaim:
          claimName: demo
      containers:
      - name: test
        image: nginxinc/nginx-unprivileged
        imagePullPolicy: Always
        volumeMounts:
        - name: demo-vol
          mountPath: /mnt/cosvol
    
  4. 在群集中创建 pod。

    oc apply -f demo-pod.yaml
    
  5. 验证 pod 是否已部署。 请注意,应用程序进入 "Running 状态可能需要几分钟时间。

    oc get pods
    
    NAME                                READY   STATUS    RESTARTS   AGE
    demo-pod                            1/1     Running   0          2m58s
    
  6. 登录 pod 验证应用程序是否可以写入块存储卷。

    oc exec demo-pod -- bash -c "ls /mnt/cosvol"
    

获取应用程序的详细信息

账户 1

  1. 列出 pod 和 PVC。
    kubectl get pods
    
  2. 描述您的 PVC,查看细节并记下水桶名称。
    kubectl describe PVC -o yaml
    

安装 rclone

请按照 rclone 文档中的 安装步骤 进行操作。

为账户 1 中的水桶配置 "rclone

账户 1

安装 rclone 后,必须生成一个配置文件,定义要迁移数据的 COS 实例。

  1. 运行 "rclone config 命令。

    rclone config
    

    示例输出

    2020/01/16 09:39:33 NOTICE: Config file "/Users/ryan/.config/rclone/rclone.conf" not found - using defaults
    No remotes found - make a new one
    n) New remote
    s) Set configuration password
    q) Quit config
    
  2. 进入 n 设置一个新的遥控器,然后为您的遥控器提供一个名称。

    n/s/q> n
    

    远程名称示例

    name> cos-instance-1
    
  3. 从提供商列表中,选择 Amazon S3 Compliant Storage Provider 包括 IBM COS

    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / 1Fichier
      \ "fichier"
    2 / Alias for an existing remote
      \ "alias"
    3 / Amazon Drive
      \ "amazon cloud drive"
    4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc)
      \ "s3"
    5 / Backblaze B2
      \ "b2"
    ...
    provider> 4
    
  4. 选择 "IBM COS 作为s3提供商。

    Choose your S3 provider.
    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / Amazon Web Services (AWS) S3
      \ "AWS"
    2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
      \ "Alibaba"
    3 / Ceph Object Storage
      \ "Ceph"
    4 / Digital Ocean Spaces
      \ "DigitalOcean"
    5 / Dreamhost DreamObjects
      \ "Dreamhost"
    6 / IBM COS S3
      \ "IBMCOS"
    7 / Minio Object Storage
      \ "Minio"
    8 / Netease Object Storage (NOS)
      \ "Netease"
    9 / Wasabi Object Storage
      \ "Wasabi"
    10 / Any other S3 compatible provider
      \ "Other"
    
  5. 通过选择选项添加您的 COS 凭证 1

    Option env_auth.
    Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
    Only applies if access_key_id and secret_access_key is blank.
    Choose a number from below, or type in your own boolean value (true or false).
    Press Enter for the default (false).
    1 / Enter AWS credentials in the next step.
      \ (false)
    2 / Get AWS credentials from the environment (env vars or IAM).
      \ (true)
    env_auth> 1
    
  6. 出现提示时,提供 access_key_idsecret_access_key 您的 COS 实例。 有关详细信息,请参阅For more information, see 服务凭证

    AWS Access Key ID.
    Leave blank for anonymous access or runtime credentials.
    Enter a string value. Press Enter for the default ("").
    access_key_id> xxxxxxxxxxxxxxxxxxxxx
    AWS Secret Access Key (password)
    Leave blank for anonymous access or runtime credentials.
    Enter a string value. Press Enter for the default ("").
    secret_access_key> xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    
  7. 在里面 Region to connect to 提示,选择选项 1

    Region to connect to.
    Leave blank if you are using an S3 clone and you don't have a region.
    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / Use this if unsure. Will use v4 signatures and an empty region.
      \ ""
    2 / Use this only if v4 signatures don't work, eg pre Jewel/v10 CEPH.
      \ "other-v2-signature"
    region> 1
    
  8. 在里面 Endpoint for IBM COS S3 API 提示,选择选项 1

    Endpoint for IBM COS S3 API.
    Specify if using an IBM COS On Premise.
    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / US Cross Region Endpoint
      \ "s3-api.us-geo.objectstorage.softlayer.net"
    2 / US Cross Region Dallas Endpoint
      \ "s3-api.dal.us-geo.objectstorage.softlayer.net"
    3 / US Cross Region Washington DC Endpoint
      \ "s3-api.wdc-us-geo.objectstorage.softlayer.net"
    ...
    endpoint> 1
    
  9. 在里面 Location constraint 提示,按返回使用默认值。

    Location constraint - must match endpoint when using IBM Cloud Public.
    For on-prem COS, do not make a selection from this list, hit enter
    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / US Cross Region Standard
      \ "us-standard"
    2 / US Cross Region Vault
      \ "us-vault"
    3 / US Cross Region Cold
      \ "us-cold"
    4 / US Cross Region Flex
      \ "us-flex"
    ...
    
  10. 在 ACL 策略提示中,选择 private

    Note that this ACL is applied when server side copying objects as S3
    doesn't copy the ACL from the source but rather writes a fresh one.
    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS
      \ "private"
    2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS
      \ "public-read"
    3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS
      \ "public-read-write"
    4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS
      \ "authenticated-read"
    acl> 1
    
  11. 跳过高级配置选项并确认您的设置。

    Edit advanced config? (y/n)
    y) Yes
    n) No
    y/n> n
    Remote config
    --------------------
    [cos-instance-1]
    type = s3
    provider = IBMCOS
    env_auth = false
    access_key_id = xxxxxx
    secret_access_key = xxxxxxxxx
    endpoint = s3-api.us-geo.objectstorage.softlayer.net
    location_constraint = us-standard
    acl = private
    --------------------
    y) Yes this is OK
    e) Edit this remote
    d) Delete this remote
    y/e/d> y
    Current remotes:
    
    Name                 Type
    ====                 ====
    cos-instance-1      s3
    
  12. 重复前面的步骤,在第二个账户中添加 COS 实例。 验证信息后,按 q 退出配置过程。

为账户 2 中的水桶配置 "rclone

账户 2

重复步骤,为账户 2 配置 rclone

  1. 运行 "rclone config 命令。

    rclone config
    

    示例输出

    2020/01/16 09:39:33 NOTICE: Config file "/Users/ryan/.config/rclone/rclone.conf" not found - using defaults
    No remotes found - make a new one
    n) New remote
    s) Set configuration password
    q) Quit config
    
  2. 进入 n 设置一个新的遥控器,然后为您的遥控器提供一个名称。

    n/s/q> n
    

    远程名称示例

    name> cos-instance-2
    
  3. 从提供商列表中,选择 Amazon S3 Compliant Storage Provider 包括 IBM COS

    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / 1Fichier
      \ "fichier"
    2 / Alias for an existing remote
      \ "alias"
    3 / Amazon Drive
      \ "amazon cloud drive"
    4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc)
      \ "s3"
    5 / Backblaze B2
      \ "b2"
    ...
    provider> 4
    
  4. 选择 "IBM COS 作为s3提供商。

    Choose your S3 provider.
    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / Amazon Web Services (AWS) S3
      \ "AWS"
    2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
      \ "Alibaba"
    3 / Ceph Object Storage
      \ "Ceph"
    4 / Digital Ocean Spaces
      \ "DigitalOcean"
    5 / Dreamhost DreamObjects
      \ "Dreamhost"
    6 / IBM COS S3
      \ "IBMCOS"
    7 / Minio Object Storage
      \ "Minio"
    8 / Netease Object Storage (NOS)
      \ "Netease"
    9 / Wasabi Object Storage
      \ "Wasabi"
    10 / Any other S3 compatible provider
      \ "Other"
    
  5. 通过选择选项添加您的 COS 凭证 1

    Option env_auth.
    Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
    Only applies if access_key_id and secret_access_key is blank.
    Choose a number from below, or type in your own boolean value (true or false).
    Press Enter for the default (false).
    1 / Enter AWS credentials in the next step.
      \ (false)
    2 / Get AWS credentials from the environment (env vars or IAM).
      \ (true)
    env_auth> 1
    
  6. 出现提示时,提供 access_key_idsecret_access_key 您的 COS 实例。 有关详细信息,请参阅For more information, see 服务凭证

    AWS Access Key ID.
    Leave blank for anonymous access or runtime credentials.
    Enter a string value. Press Enter for the default ("").
    access_key_id> xxxxxxxxxxxxxxxxxxxxx
    AWS Secret Access Key (password)
    Leave blank for anonymous access or runtime credentials.
    Enter a string value. Press Enter for the default ("").
    secret_access_key> xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    
  7. 在里面 Region to connect to 提示,选择选项 1

    Region to connect to.
    Leave blank if you are using an S3 clone and you don't have a region.
    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / Use this if unsure. Will use v4 signatures and an empty region.
      \ ""
    2 / Use this only if v4 signatures don't work, eg pre Jewel/v10 CEPH.
      \ "other-v2-signature"
    region> 1
    
  8. 在里面 Endpoint for IBM COS S3 API 提示,选择选项 1

    Endpoint for IBM COS S3 API.
    Specify if using an IBM COS On Premise.
    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / US Cross Region Endpoint
      \ "s3-api.us-geo.objectstorage.softlayer.net"
    2 / US Cross Region Dallas Endpoint
      \ "s3-api.dal.us-geo.objectstorage.softlayer.net"
    3 / US Cross Region Washington DC Endpoint
      \ "s3-api.wdc-us-geo.objectstorage.softlayer.net"
    ...
    endpoint> 1
    
  9. 在里面 Location constraint 提示,按返回使用默认值。

    Location constraint - must match endpoint when using IBM Cloud Public.
    For on-prem COS, do not make a selection from this list, hit enter
    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / US Cross Region Standard
      \ "us-standard"
    2 / US Cross Region Vault
      \ "us-vault"
    3 / US Cross Region Cold
      \ "us-cold"
    4 / US Cross Region Flex
      \ "us-flex"
    ...
    
  10. 在 ACL 策略提示中,选择 private

    Note that this ACL is applied when server side copying objects as S3
    doesn't copy the ACL from the source but rather writes a fresh one.
    Enter a string value. Press Enter for the default ("").
    Choose a number from below, or type in your own value
    1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS
      \ "private"
    2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS
      \ "public-read"
    3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS
      \ "public-read-write"
    4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS
      \ "authenticated-read"
    acl> 1
    
  11. 跳过高级配置选项并确认您的设置。

    Edit advanced config? (y/n)
    y) Yes
    n) No
    y/n> n
    Remote config
    --------------------
    [cos-instance-2]
    type = s3
    provider = IBMCOS
    env_auth = false
    access_key_id = xxxxxx
    secret_access_key = xxxxxxxxx
    endpoint = s3-api.us-geo.objectstorage.softlayer.net
    location_constraint = us-standard
    acl = private
    --------------------
    y) Yes this is OK
    e) Edit this remote
    d) Delete this remote
    y/e/d> y
    Current remotes:
    
    Name                 Type
    ====                 ====
    cos-instance-1      s3
    cos-instance-2      s3
    
  12. 重复前面的步骤,在第二个账户中添加 COS 实例。 验证信息后,按 q 退出配置过程。

查看 COS 工具箱的内容

账户 1 账户 2

配置 rclone 后,查看每个存储桶的内容,然后在每个账户的存储桶之间同步数据。

  1. 首先查看存储桶的内容。

    rclone ls cos-instance-1:bucket-1
        45338 test.txt
    
  2. 查看实例 2 中的存储桶的内容。 在本例中,水桶名称为 bucket-2

    rclone ls cos-instance-2:bucket-2
    

在存储桶之间同步内容

账户 1 账户 2

  1. 要将数据从一个存储桶移动到另一个存储桶,可以使用 rclone sync 命令。 在此示例中 cos-instance-1:bucket-1 在一个帐户中,cos-instance-2:bucket-2 是单独账户中的 COS 的第二个实例。

    示例

    rclone sync -P cos-instance-1:bucket-1 cos-instance-2:bucket-2
    

    示例输出

    Transferred:      754.933k / 754.933 kBytes, 100%, 151.979 kBytes/s, ETA 0s
    Errors:                 0
    Checks:                 0 / 0, -
    Transferred:           18 / 18, 100%
    Elapsed time:        4.9
    
  2. 验证存储桶中的内容 cos-instance-1 已同步到存储桶中 cos-instance-2

    rclone ls cos-instance-2:bucket-2
    

    示例输出

    45338 test.txt
    

在账户 2 中重新部署应用程序

账户 2

  1. 登录您的帐户。 如果适用,请将相应的资源组设定为目标。 设置集群的上下文。

  2. 复制以下 PVC 并将其保存到名为 pvc.yaml 的文件中

    kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
      name: demo # Enter a name for your PVC.
      namespace: default
      annotations:
      ibm.io/bucket-name: "bucket-2" # Enter the name of the bucket in Account 2
      ibm.io/auto-create-bucket: "false"
      ibm.io/auto-delete-bucket: "false"
      ibm.io/secret-name: SECRET-NAME #Enter the name of the secret you created earlier.
      ibm.io/secret-namespace: NAMESPACE #Enter the namespace where you want to create the PVC.
    spec:
        accessModes:
        - ReadWriteOnce
        resources:
            requests:
              storage: 10Gi
        storageClassName: ibmc-s3fs-cos #The storage class that you want to use.
    
  3. 在集群中创建 PVC。

    kubectl apply -f pvc.yaml
    
  4. 为挂载所创建的 PVC 的 pod 创建 YAML 配置文件。

    apiVersion: v1
    kind: Pod
    metadata:
      name: demo-pod
      namespace: default
    spec:
      securityContext:
        runAsUser: 2000
        fsGroup: 2000
      volumes:
      - name: demo-vol
        persistentVolumeClaim:
          claimName: demo
      containers:
      - name: test
        image: nginxinc/nginx-unprivileged
        imagePullPolicy: Always
        volumeMounts:
        - name: demo-vol
          mountPath: /mnt/cosvol
    
  5. 在群集中创建 pod。

    oc apply -f demo-pod.yaml
    
  6. 验证 pod 是否已部署。 请注意,应用程序进入 "Running 状态可能需要几分钟时间。

    oc get pods
    
    NAME                                READY   STATUS    RESTARTS   AGE
    demo-pod                            1/1     Running   0          2m58s
    
  7. 登录 pod 验证应用程序是否可以写入块存储卷。

    oc exec demo-pod -- bash -c "ls /mnt/cosvol"
    
    test.txt