°Ô½Ã¹° 1,369°Ç
   
bucket policy ¼Ó¼º
±Û¾´ÀÌ : ÃÖ°í°ü¸®ÀÚ ³¯Â¥ : 2020-10-19 (¿ù) 14:26 Á¶È¸ : 608
±ÛÁÖ¼Ò :
                                

tmp ¹öŶ ¸ÞŸµ¥ÀÌŸ ¸®½ºÆ®
# rados ls -p default.rgw.meta --all |grep tmp
root tmp
root .bucket.meta.tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7



¸ÞŸµ¥ÀÌŸ Á¤º¸  

radosgw-admin metadata list
radosgw-admin metadata list bucket
radosgw-admin metadata list bucket.instance
radosgw-admin metadata list user

radosgw-admin metadata get bucket:<Bucket>
radosgw-admin metadata get bucket.instance:<Bucket>:<Bucket_ID>
radosgw-admin metadata get user:<User> 
  • user : »ç¿ëÀÚ Á¤º¸ À¯Áö
  • bucket : ¹öŶÀ̸§°ú ¹öŶ ÀνºÅϽº ID ¸ÅÇÎÀ¯Áö
  • bucket.instance : ¹öŶ ÀνºÅϽº Á¤º¸º¸°ü

# radosgw-admin metadata get bucket.instance:tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7
{
    "key": "bucket.instance:tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7",
    "ver": {
        "tag": "_mlB26cZMYkoUVcXlSfRlDp-",
        "ver": 40
    },
    "mtime": "2020-10-08 04:19:37.175810Z",
    "data": {
        "bucket_info": {
            "bucket": {
                "name": "tmp",
                "marker": "d023f7c3-a498-42e7-91a5-817901906ccf.364103.7",
                "bucket_id": "d023f7c3-a498-42e7-91a5-817901906ccf.364103.7",
                "tenant": "",
                "explicit_placement": {
                    "data_pool": "",
                    "data_extra_pool": "",
                    "index_pool": ""
                }
            },
            "creation_time": "2020-07-08 07:42:32.558096Z",
            "owner": "51e527f97976b6bbe0efa43ad1cbdbdf4c78824d8c1c526a18abb21462749e9a",
            "flags": 0,
            "zonegroup": "8bb0a154-9fd1-438c-ac8a-4dc73b1c6c28",
            "placement_rule": "default-placement",
            "has_instance_obj": "true",
            "quota": {
                "enabled": false,
                "check_on_raw": true,
                "max_size": -1,
                "max_size_kb": 0,
                "max_objects": -1
            },
            "num_shards": 0,
            "bi_shard_hash_type": 0,
            "requester_pays": "false",
            "has_website": "false",
            "swift_versioning": "false",
            "swift_ver_location": "",
            "index_type": 0,
            "mdsearch_config": [],
            "reshard_status": 0,
            "new_bucket_instance_id": ""
        },
        "attrs": [
            {
                "key": "user.rgw.acl",
                "val": "AgKzAQAAAwJOAAAAQAAAADUxZTUyN2Y5Nzk3NmI2YmJlMGVmYTQzYWQxY2JkYmRmNGM3ODgyNGQ4YzFjNTI2YTE4YWJiMjE0NjI3NDllOWEGAAAAbW9qaWx5BANZAQAAAQIAAAACAAAAIiIQAAAAQAAAADUxZTUyN2Y5Nzk3NmI2YmJlMGVmYTQzYWQxY2JkYmRmNGM3ODgyNGQ4YzFjNTI2YTE4YWJiMjE0NjI3NDllOWEPAAAAAgAAAAIAAAAiIgUDLgAAAAICBAAAAAAAAAACAAAAIiIAAAAAAAAAAAICBAAAABAAAAAAAAAAAAAAAAAAAABAAAAANTFlNTI3Zjk3OTc2YjZiYmUwZWZhNDNhZDFjYmRiZGY0Yzc4ODI0ZDhjMWM1MjZhMThhYmIyMTQ2Mjc0OWU5YQUDcgAAAAICBAAAAAAAAABAAAAANTFlNTI3Zjk3OTc2YjZiYmUwZWZhNDNhZDFjYmRiZGY0Yzc4ODI0ZDhjMWM1MjZhMThhYmIyMTQ2Mjc0OWU5YQAAAAAAAAAAAgIEAAAADwAAAAYAAABtb2ppbHkAAAAAAAAAAAAAAAAAAAAA"
            },
            {
                "key": "user.rgw.iam-policy",
                "val": "ew0KICAiVmVyc2lvbiI6ICIyMDEyLTEwLTE3IiwNCiAgIklkIjogIlMzUG9saWN5SWQxIiwNCiAgIlN0YXRlbWVudCI6IFsNCiAgICB7DQogICAgICAiU2lkIjogIklQQWxsb3ciLA0KICAgICAgIkVmZmVjdCI6ICJEZW55IiwNCiAgICAgICJQcmluY2lwYWwiOiAiKiIsDQogICAgICAiQWN0aW9uIjogInMzOioiLA0KICAgICAgIlJlc291cmNlIjogWw0KICAgICAgICAgImFybjphd3M6czM6Ojp0bXAiLA0KICAgICAgICAgImFybjphd3M6czM6Ojp0bXAvKiINCiAgICAgIF0sDQogICAgICAiQ29uZGl0aW9uIjogew0KICAgICAgICAgIk5vdElwQWRkcmVzcyI6IHsNCiAgICAgICAgICAiYXdzOlNvdXJjZUlwIjogIjIxMS41NS4xMTMuMSINCiAgICAgICAgfQ0KICAgICAgfQ0KICAgIH0NCiAgXQ0KfQ0K"
            },
            {
                "key": "user.rgw.x-amz-read",
                "val": "IiIA"
            }
        ]
    }
}




setxattr  ƯÁ¤Ç®(Pool)ÀÇ ¿ÀºêÁ§Æ®(object)¿¡ ¼Ó¼º°ªÀ» ÀÔ·ÂÇÏ´Â ¸í·É¾î 

# rados --help |grep xattr
   listxattr <obj-name>
   getxattr <obj-name> attr
   setxattr <obj-name> attr val
   rmxattr <obj-name> attr
     


# rados ls -p default.rgw.meta --all |grep tmp
root tmp
root .bucket.meta.tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7


¿ÀºêÁ§Æ® ¼Ó¼º(xattr) È®ÀΠ
rados listxattr <obj_name> -p default.rgw.meta
# rados listxattr .bucket.meta.tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7  user.rgw.iam-policy -p default.rgw.meta --namespace root
ceph.objclass.version
user.rgw.acl
user.rgw.iam-policy
user.rgw.x-amz-read



¹öŶÁ¤Ã¥ È®ÀÎ
rados getxattr <obj_name> <attr> -p default.rgw.meta
# rados getxattr .bucket.meta.tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7 user.rgw.iam-policy -p default.rgw.meta --namespace root
{
  "Version": "2012-10-17",
  "Id": "S3PolicyId1",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": [
         "arn:aws:s3:::tmp",
         "arn:aws:s3:::tmp/*"
      ],
      "Condition": {
         "NotIpAddress": {
          "aws:SourceIp": "211.55.113.1"
        }
      }
    }
  ]
}



Bucket Policy »èÁ¦
rados rmxattr <obj_name> <attr> -p default.rgw.meta
# rados rmxattr .bucket.meta.tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7 user.rgw.iam-policy -p default.rgw.meta --namespace root

# rados getxattr .bucket.meta.tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7  user.iam-policy -p default.rgw.meta --namespace root
error getting xattr default.rgw.meta/.bucket.meta.tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7/user.iam-policy: (61) No data available



user.rgw.iam-policy ¼Ó¼ºÁ¤º¸ »èÁ¦ / È®ÀÎ
# rados ls -p default.rgw.meta --all |grep tmp
root tmp
root .bucket.meta.tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7


# rados listxattr .bucket.meta.tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7  -p default.rgw.meta --namespace root
ceph.objclass.version
user.rgw.acl
user.rgw.x-amz-read



# radosgw-admin metadata get bucket.instance:tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7
{
    "key": "bucket.instance:tmp:d023f7c3-a498-42e7-91a5-817901906ccf.364103.7",
    "ver": {
        "tag": "_mlB26cZMYkoUVcXlSfRlDp-",
        "ver": 40
    },
    "mtime": "2020-10-19 04:59:44.606019Z",
    "data": {
        "bucket_info": {
            "bucket": {
                "name": "tmp",
                "marker": "d023f7c3-a498-42e7-91a5-817901906ccf.364103.7",
                "bucket_id": "d023f7c3-a498-42e7-91a5-817901906ccf.364103.7",
                "tenant": "",
                "explicit_placement": {
                    "data_pool": "",
                    "data_extra_pool": "",
                    "index_pool": ""
                }
            },
            "creation_time": "2020-07-08 07:42:32.558096Z",
            "owner": "51e527f97976b6bbe0efa43ad1cbdbdf4c78824d8c1c526a18abb21462749e9a",
            "flags": 0,
            "zonegroup": "8bb0a154-9fd1-438c-ac8a-4dc73b1c6c28",
            "placement_rule": "default-placement",
            "has_instance_obj": "true",
            "quota": {
                "enabled": false,
                "check_on_raw": true,
                "max_size": -1,
                "max_size_kb": 0,
                "max_objects": -1
            },
            "num_shards": 0,
            "bi_shard_hash_type": 0,
            "requester_pays": "false",
            "has_website": "false",
            "swift_versioning": "false",
            "swift_ver_location": "",
            "index_type": 0,
            "mdsearch_config": [],
            "reshard_status": 0,
            "new_bucket_instance_id": ""
        },
        "attrs": [
            {
                "key": "user.rgw.acl",
                "val": "AgKzAQAAAwJOAAAAQAAAADUxZTUyN2Y5Nzk3NmI2YmJlMGVmYTQzYWQxY2JkYmRmNGM3ODgyNGQ4YzFjNTI2YTE4YWJiMjE0NjI3NDllOWEGAAAAbW9qaWx5BANZAQAAAQIAAAACAAAAIiIQAAAAQAAAADUxZTUyN2Y5Nzk3NmI2YmJlMGVmYTQzYWQxY2JkYmRmNGM3ODgyNGQ4YzFjNTI2YTE4YWJiMjE0NjI3NDllOWEPAAAAAgAAAAIAAAAiIgUDLgAAAAICBAAAAAAAAAACAAAAIiIAAAAAAAAAAAICBAAAABAAAAAAAAAAAAAAAAAAAABAAAAANTFlNTI3Zjk3OTc2YjZiYmUwZWZhNDNhZDFjYmRiZGY0Yzc4ODI0ZDhjMWM1MjZhMThhYmIyMTQ2Mjc0OWU5YQUDcgAAAAICBAAAAAAAAABAAAAANTFlNTI3Zjk3OTc2YjZiYmUwZWZhNDNhZDFjYmRiZGY0Yzc4ODI0ZDhjMWM1MjZhMThhYmIyMTQ2Mjc0OWU5YQAAAAAAAAAAAgIEAAAADwAAAAYAAABtb2ppbHkAAAAAAAAAAAAAAAAAAAAA"
            },
            {
                "key": "user.rgw.x-amz-read",
                "val": "IiIA"
            }
        ]
    }
}


¡Ø Âü°í
remove policy ÇüÅ·Π»èÁ¦µÈ°Ç ¹Ù·Î »èÁ¦µÇ¾úÀ¸³ª...
rmxattr user.rgw.iam-policy Çʵ带 »èÁ¦ÇÏ´Â°Ç policy ¿¡¼­ ÀÎ½ÄµÇ´Â°Ô ¾à 10~15ºÐÁ¤µµ Â÷ÀÌ°¡ ÀÖÀ½





À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

 



 
»çÀÌÆ®¸í : ¸ðÁö¸®³× | ´ëÇ¥ : ÀÌ°æÇö | °³ÀÎÄ¿¹Â´ÏƼ : ·©Å°´åÄÄ ¿î¿µÃ¼Á¦(OS) | °æ±âµµ ¼º³²½Ã ºÐ´ç±¸ | ÀüÀÚ¿ìÆí : mojily°ñ¹ðÀÌchonnom.com Copyright ¨Ï www.chonnom.com www.kyunghyun.net www.mojily.net. All rights reserved.