在IBM Cloud帳戶之間遷移Cloud Object Storage (COS) 應用程式和數據
經典基礎架構虛擬私有雲
在本教學中,您將把 COS 應用程式和資料從一個帳戶中的IBM Cloud Kubernetes Service叢集遷移到另一個帳戶中的Red Hat OpenShift on IBM Cloud叢集。
必要條件
帳戶1
在帳戶 1 中,您必須具有以下內容。
-
一個IBM Cloud Kubernetes Service集群。
-
一個 COS 實例和一組 HMAC 憑證。 有關更多信息,請參閱 服務憑證。
帳戶2
在帳戶 2(要移轉到的目標帳戶)中,您必須具有以下內容。
-
一個Red Hat OpenShift on IBM Cloud叢集。
-
一個 COS 實例和一組 HMAC 憑證。 有關更多信息,請參閱 服務憑證。
-
COS 實例中的空儲存桶。
可選:在叢集中部署應用程式
帳戶1
如果您還沒有要遷移的應用程序,則可以部署以下範例應用程式。
-
建立引用您的物件儲存配置的 PVC。
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: demo #Enter a name for your PVC. namespace: default annotations: ibm.io/auto-create-bucket: "true" ibm.io/auto-delete-bucket: "false" ibm.io/secret-name: SECRET-NAME #Enter the name of the secret you created earlier. ibm.io/secret-namespace: NAMESPACE #Enter the namespace where you want to create the PVC. spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: ibmc-s3fs-cos #The storage class that you want to use. -
在叢集裡建立 PVC。
oc apply -f pvc-cos.yaml -
為掛載您建立的 PVC 的 pod 建立 YAML 設定檔。
apiVersion: v1 kind: Pod metadata: name: demo-pod namespace: default spec: securityContext: runAsUser: 2000 fsGroup: 2000 volumes: - name: demo-vol persistentVolumeClaim: claimName: demo containers: - name: test image: nginxinc/nginx-unprivileged imagePullPolicy: Always volumeMounts: - name: demo-vol mountPath: /mnt/cosvol -
在集群中建立 pod。
oc apply -f demo-pod.yaml -
驗證 Pod 是否已部署。 請注意,您的應用程式可能需要幾分鐘才能進入
Running狀態。oc get podsNAME READY STATUS RESTARTS AGE demo-pod 1/1 Running 0 2m58s -
透過登入您的 Pod 來驗證應用程式是否可以寫入您的區塊儲存磁碟區。
oc exec demo-pod -- bash -c "ls /mnt/cosvol"
獲取您的應用程式的詳細信息
帳戶1
- 列出 pod 和 PVC。
kubectl get pods - 描述您的 PVC 並查看詳細資訊並記下儲存桶名稱。
kubectl describe PVC -o yaml
安裝 rclone
請依照 rclone 文件了解 安裝步驟。
在帳戶 1 中為您的儲存桶配置 rclone
帳戶1
rclone 安裝後,您必須產生一個設定文件,用於定義要從中遷移資料的 COS 實例。
-
運行
rclone config命令。rclone config輸出範例
2020/01/16 09:39:33 NOTICE: Config file "/Users/ryan/.config/rclone/rclone.conf" not found - using defaults No remotes found - make a new one n) New remote s) Set configuration password q) Quit config -
進入
n設定新的遙控器,然後為您的遙控器提供名稱。n/s/q> n遠端名稱範例
name> cos-instance-1 -
從提供者清單中選擇
Amazon S3 Compliant Storage Provider包括IBM COS。Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / 1Fichier \ "fichier" 2 / Alias for an existing remote \ "alias" 3 / Amazon Drive \ "amazon cloud drive" 4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc) \ "s3" 5 / Backblaze B2 \ "b2" ... provider> 4 -
選擇
IBM COS作為您的s3提供者。Choose your S3 provider. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Amazon Web Services (AWS) S3 \ "AWS" 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun \ "Alibaba" 3 / Ceph Object Storage \ "Ceph" 4 / Digital Ocean Spaces \ "DigitalOcean" 5 / Dreamhost DreamObjects \ "Dreamhost" 6 / IBM COS S3 \ "IBMCOS" 7 / Minio Object Storage \ "Minio" 8 / Netease Object Storage (NOS) \ "Netease" 9 / Wasabi Object Storage \ "Wasabi" 10 / Any other S3 compatible provider \ "Other" -
透過選擇選項來新增您的 COS 憑證
1。Option env_auth. Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank. Choose a number from below, or type in your own boolean value (true or false). Press Enter for the default (false). 1 / Enter AWS credentials in the next step. \ (false) 2 / Get AWS credentials from the environment (env vars or IAM). \ (true) env_auth> 1 -
出現提示時,請提供
access_key_id和secret_access_key您的 COS 實例。 有關更多信息,請參閱 服務憑證。AWS Access Key ID. Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default (""). access_key_id> xxxxxxxxxxxxxxxxxxxxx AWS Secret Access Key (password) Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default (""). secret_access_key> xxxxxxxxxxxxxxxxxxxxxxxxxxxxx -
在裡面
Region to connect to提示,選擇選項1。Region to connect to. Leave blank if you are using an S3 clone and you don't have a region. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Use this if unsure. Will use v4 signatures and an empty region. \ "" 2 / Use this only if v4 signatures don't work, eg pre Jewel/v10 CEPH. \ "other-v2-signature" region> 1 -
在裡面
Endpoint for IBM COS S3 API提示,選擇選項1。Endpoint for IBM COS S3 API. Specify if using an IBM COS On Premise. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / US Cross Region Endpoint \ "s3-api.us-geo.objectstorage.softlayer.net" 2 / US Cross Region Dallas Endpoint \ "s3-api.dal.us-geo.objectstorage.softlayer.net" 3 / US Cross Region Washington DC Endpoint \ "s3-api.wdc-us-geo.objectstorage.softlayer.net" ... endpoint> 1 -
在裡面
Location constraint提示,按返回使用預設值。Location constraint - must match endpoint when using IBM Cloud Public. For on-prem COS, do not make a selection from this list, hit enter Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / US Cross Region Standard \ "us-standard" 2 / US Cross Region Vault \ "us-vault" 3 / US Cross Region Cold \ "us-cold" 4 / US Cross Region Flex \ "us-flex" ... -
在 ACL 策略提示中,選擇
private。Note that this ACL is applied when server side copying objects as S3 doesn't copy the ACL from the source but rather writes a fresh one. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS \ "private" 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS \ "public-read" 3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS \ "public-read-write" 4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS \ "authenticated-read" acl> 1 -
跳過進階配置選項並確認您的設定。
Edit advanced config? (y/n) y) Yes n) No y/n> n Remote config -------------------- [cos-instance-1] type = s3 provider = IBMCOS env_auth = false access_key_id = xxxxxx secret_access_key = xxxxxxxxx endpoint = s3-api.us-geo.objectstorage.softlayer.net location_constraint = us-standard acl = private -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y Current remotes: Name Type ==== ==== cos-instance-1 s3 -
重複前面的步驟,將 COS 實例加入您的第二個帳戶。 驗證資訊後,按
q退出設定程序。
在帳戶 2 中為您的儲存桶配置 rclone
帳戶2
重複步驟為帳戶 2 設定 rclone。
-
運行
rclone config命令。rclone config輸出範例
2020/01/16 09:39:33 NOTICE: Config file "/Users/ryan/.config/rclone/rclone.conf" not found - using defaults No remotes found - make a new one n) New remote s) Set configuration password q) Quit config -
進入
n設定新的遙控器,然後為您的遙控器提供名稱。n/s/q> n遠端名稱範例
name> cos-instance-2 -
從提供者清單中選擇
Amazon S3 Compliant Storage Provider包括IBM COS。Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / 1Fichier \ "fichier" 2 / Alias for an existing remote \ "alias" 3 / Amazon Drive \ "amazon cloud drive" 4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc) \ "s3" 5 / Backblaze B2 \ "b2" ... provider> 4 -
選擇
IBM COS作為您的s3提供者。Choose your S3 provider. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Amazon Web Services (AWS) S3 \ "AWS" 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun \ "Alibaba" 3 / Ceph Object Storage \ "Ceph" 4 / Digital Ocean Spaces \ "DigitalOcean" 5 / Dreamhost DreamObjects \ "Dreamhost" 6 / IBM COS S3 \ "IBMCOS" 7 / Minio Object Storage \ "Minio" 8 / Netease Object Storage (NOS) \ "Netease" 9 / Wasabi Object Storage \ "Wasabi" 10 / Any other S3 compatible provider \ "Other" -
透過選擇選項來新增您的 COS 憑證
1。Option env_auth. Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank. Choose a number from below, or type in your own boolean value (true or false). Press Enter for the default (false). 1 / Enter AWS credentials in the next step. \ (false) 2 / Get AWS credentials from the environment (env vars or IAM). \ (true) env_auth> 1 -
出現提示時,請提供
access_key_id和secret_access_key您的 COS 實例。 有關更多信息,請參閱 服務憑證。AWS Access Key ID. Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default (""). access_key_id> xxxxxxxxxxxxxxxxxxxxx AWS Secret Access Key (password) Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default (""). secret_access_key> xxxxxxxxxxxxxxxxxxxxxxxxxxxxx -
在裡面
Region to connect to提示,選擇選項1。Region to connect to. Leave blank if you are using an S3 clone and you don't have a region. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Use this if unsure. Will use v4 signatures and an empty region. \ "" 2 / Use this only if v4 signatures don't work, eg pre Jewel/v10 CEPH. \ "other-v2-signature" region> 1 -
在裡面
Endpoint for IBM COS S3 API提示,選擇選項1。Endpoint for IBM COS S3 API. Specify if using an IBM COS On Premise. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / US Cross Region Endpoint \ "s3-api.us-geo.objectstorage.softlayer.net" 2 / US Cross Region Dallas Endpoint \ "s3-api.dal.us-geo.objectstorage.softlayer.net" 3 / US Cross Region Washington DC Endpoint \ "s3-api.wdc-us-geo.objectstorage.softlayer.net" ... endpoint> 1 -
在裡面
Location constraint提示,按返回使用預設值。Location constraint - must match endpoint when using IBM Cloud Public. For on-prem COS, do not make a selection from this list, hit enter Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / US Cross Region Standard \ "us-standard" 2 / US Cross Region Vault \ "us-vault" 3 / US Cross Region Cold \ "us-cold" 4 / US Cross Region Flex \ "us-flex" ... -
在 ACL 策略提示中,選擇
private。Note that this ACL is applied when server side copying objects as S3 doesn't copy the ACL from the source but rather writes a fresh one. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value 1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS \ "private" 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS \ "public-read" 3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS \ "public-read-write" 4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS \ "authenticated-read" acl> 1 -
跳過進階配置選項並確認您的設定。
Edit advanced config? (y/n) y) Yes n) No y/n> n Remote config -------------------- [cos-instance-2] type = s3 provider = IBMCOS env_auth = false access_key_id = xxxxxx secret_access_key = xxxxxxxxx endpoint = s3-api.us-geo.objectstorage.softlayer.net location_constraint = us-standard acl = private -------------------- y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y Current remotes: Name Type ==== ==== cos-instance-1 s3 cos-instance-2 s3 -
重複前面的步驟,將 COS 實例加入您的第二個帳戶。 驗證資訊後,按
q退出設定程序。
查看您的 COS 儲存桶的內容
[帳戶 1] {: tag-purple}帳戶 2
配置 rclone 後,查看每個儲存桶的內容,然後同步每個帳戶的儲存桶之間的資料。
-
首先查看桶中的內容。
rclone ls cos-instance-1:bucket-1 45338 test.txt -
查看實例2中桶的內容。 在此範例中,儲存桶名稱為
bucket-2。rclone ls cos-instance-2:bucket-2
在儲存桶之間同步內容
[帳戶 1] {: tag-purple}帳戶 2
-
要將資料從一個儲存桶移動到另一個儲存桶,您可以使用
rclone sync命令。 在這個例子中cos-instance-1:bucket-1在一個帳戶中,同時cos-instance-2:bucket-2是單獨帳戶中的第二個 COS 實例。範例
rclone sync -P cos-instance-1:bucket-1 cos-instance-2:bucket-2輸出範例
Transferred: 754.933k / 754.933 kBytes, 100%, 151.979 kBytes/s, ETA 0s Errors: 0 Checks: 0 / 0, - Transferred: 18 / 18, 100% Elapsed time: 4.9 -
驗證桶中的內容
cos-instance-1已同步到儲存桶中cos-instance-2。rclone ls cos-instance-2:bucket-2輸出範例
45338 test.txt
在帳戶 2 中重新部署您的應用程式
帳戶2
-
複製以下 PVC 並將其儲存到名為
pvc.yaml檔案中kind: PersistentVolumeClaim apiVersion: v1 metadata: name: demo # Enter a name for your PVC. namespace: default annotations: ibm.io/bucket-name: "bucket-2" # Enter the name of the bucket in Account 2 ibm.io/auto-create-bucket: "false" ibm.io/auto-delete-bucket: "false" ibm.io/secret-name: SECRET-NAME #Enter the name of the secret you created earlier. ibm.io/secret-namespace: NAMESPACE #Enter the namespace where you want to create the PVC. spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: ibmc-s3fs-cos #The storage class that you want to use. -
在叢集裡建立 PVC。
kubectl apply -f pvc.yaml -
為掛載您建立的 PVC 的 pod 建立 YAML 設定檔。
apiVersion: v1 kind: Pod metadata: name: demo-pod namespace: default spec: securityContext: runAsUser: 2000 fsGroup: 2000 volumes: - name: demo-vol persistentVolumeClaim: claimName: demo containers: - name: test image: nginxinc/nginx-unprivileged imagePullPolicy: Always volumeMounts: - name: demo-vol mountPath: /mnt/cosvol -
在集群中建立 pod。
oc apply -f demo-pod.yaml -
驗證 Pod 是否已部署。 請注意,您的應用程式可能需要幾分鐘才能進入
Running狀態。oc get podsNAME READY STATUS RESTARTS AGE demo-pod 1/1 Running 0 2m58s -
透過登入您的 Pod 來驗證應用程式是否可以寫入您的區塊儲存磁碟區。
oc exec demo-pod -- bash -c "ls /mnt/cosvol"test.txt