aliyun☞oss

阅读量: zyh 2020-11-24 16:48:43
Categories: > Tags:

构建 oss 存储桶

#!/usr/bin/python3.6
# -*- coding: utf-8 -*-
#
##  Usage:https://help.aliyun.com/document_detail/32027.html
##  Github:https://github.com/aliyun/aliyun-oss-python-sdk
##  author: zyh

import oss2, os
from oss2.models import (LifecycleExpiration, LifecycleRule,
                        BucketLifecycle,AbortMultipartUpload,
                        TaggingRule, Tagging, StorageTransition,
                        NoncurrentVersionStorageTransition,
                        NoncurrentVersionExpiration)
from oss2.models import Tagging, TaggingRule
#
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.acs_exception.exceptions import ClientException
from aliyunsdkcore.acs_exception.exceptions import ServerException
from aliyunsdkram.request.v20150501.CreatePolicyRequest import CreatePolicyRequest
#
#
##################################
region = '我是区域ID'
bucketName = '我是桶名'
project = '我是标签project的值'
akey = 
skey = 
##################################
#
endpoint = 'http://oss-{0}.aliyuncs.com'.format(region)
auth = oss2.Auth(akey,skey)
bucket = oss2.Bucket(auth, endpoint, bucketName)

# create bucket
bucket.create_bucket()

# add tag
rule = TaggingRule()
rule.add('project', project)
tagging = Tagging(rule)
bucket.put_bucket_tagging(tagging)

# init dirs
bucket.put_object('conf/README','我是存放配置的目录')
bucket.put_object('data/README','我是存放数据的目录')
bucket.put_object('hive/README','我是存放hive的目录')
bucket.put_object('backup/README','我是存放备份的目录')
bucket.put_object('logs/7days/README','我是存放保留7天的日志目录')
bucket.put_object('logs/15days/README','我是存放保留15天的日志目录')
bucket.put_object('logs/30days/README','我是存放保留30天的日志目录')
bucket.put_object('logs/60days/README','我是存放保留60天的日志目录')
bucket.put_object('logs/90days/README','我是存放保留90天的日志目录')
bucket.put_object('logs/180days/README','我是存放永久保留的日志目录')

# add lifecycle
rule1 = LifecycleRule('rule1', 'logs/7days/',
                      status=LifecycleRule.ENABLED,
                      expiration=LifecycleExpiration(days=7))
rule2 = LifecycleRule('rule2', 'logs/15days/',
                      status=LifecycleRule.ENABLED,
                      expiration=LifecycleExpiration(days=15))
rule3 = LifecycleRule('rule3', 'logs/30days/',
                      status=LifecycleRule.ENABLED,
                      expiration=LifecycleExpiration(days=30))
rule4 = LifecycleRule('rule4', 'logs/60days/',
                      status=LifecycleRule.ENABLED,
                      expiration=LifecycleExpiration(days=60))
rule5 = LifecycleRule('rule5', 'logs/90days/',
                      status=LifecycleRule.ENABLED,
                      expiration=LifecycleExpiration(days=90))
rule6 = LifecycleRule('rule6', 'logs/180days/',
                      status=LifecycleRule.ENABLED,
                      expiration=LifecycleExpiration(days=180))
rule7 = LifecycleRule('rule7', 'logs/longlasting/',
                      status=LifecycleRule.ENABLED,
                      storage_transitions=[StorageTransition(days=60,storage_class=oss2.BUCKET_STORAGE_CLASS_IA),
                          StorageTransition(days=180,storage_class=oss2.BUCKET_STORAGE_CLASS_ARCHIVE)])

lifecycle = BucketLifecycle([rule1, rule2, rule3, rule4, rule5, rule6, rule7])
bucket.put_bucket_lifecycle(lifecycle)


os.system("sed 's#ossBucketName#{0}#g' local.policy.default > local_{0}.policy".format(bucketName))
os.system("sed 's#ossBucketName#{0}#g' role.policy.default > role_{0}.policy".format(bucketName))
os.system("aliyun ram CreatePolicy --PolicyName oss-{0}-local --PolicyDocument \"`cat local_{0}.policy`\"".format(bucketName))
os.system("aliyun ram CreatePolicy --PolicyName oss-{0}-role --PolicyDocument \"`cat role_{0}.policy`\"".format(bucketName))
{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
                "oss:GetObject",
                "oss:PutObject",
                "oss:DeleteObject",
                "oss:ListObject"
      ],
      "Resource": [
        "acs:oss:*:*:ossBucketName/logs/7days/*",
        "acs:oss:*:*:ossBucketName/logs/15days/*",
        "acs:oss:*:*:ossBucketName/logs/30days/*",
        "acs:oss:*:*:ossBucketName/logs/60days/*",
        "acs:oss:*:*:ossBucketName/logs/90days/*",
        "acs:oss:*:*:ossBucketName/logs/180days/*",
        "acs:oss:*:*:ossBucketName/logs/longlasting/*",
        "acs:oss:*:*:ossBucketName/conf/*",
        "acs:oss:*:*:ossBucketName/data/*",
        "acs:oss:*:*:ossBucketName/backup/*",
        "acs:oss:*:*:ossBucketName/hive/*"
      ],
      "Condition": {
        "IpAddress": {
          "acs:SourceIp": [
            "1.1.1.1",
            "2.2.2.2"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "oss:List*",
        "oss:GetBucketLocation"
      ],
      "Resource": [
        "acs:oss:*:*:ossBucketName"
      ],
      "Condition": {
        "IpAddress": {
          "acs:SourceIp": [
            "1.1.1.1",
            "2.2.2.2"
          ]
        }
      }
    }
  ]
}
{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
                "oss:GetObject",
                "oss:PutObject",
                "oss:DeleteObject",
                "oss:ListObject"
      ],
      "Resource": [
        "acs:oss:*:*:ossBucketName/logs/7days/*",
        "acs:oss:*:*:ossBucketName/logs/15days/*",
        "acs:oss:*:*:ossBucketName/logs/30days/*",
        "acs:oss:*:*:ossBucketName/logs/60days/*",
        "acs:oss:*:*:ossBucketName/logs/90days/*",
        "acs:oss:*:*:ossBucketName/logs/180days/*",
        "acs:oss:*:*:ossBucketName/logs/longlasting/*",
        "acs:oss:*:*:ossBucketName/conf/*",
        "acs:oss:*:*:ossBucketName/data/*",
        "acs:oss:*:*:ossBucketName/backup/*",
        "acs:oss:*:*:ossBucketName/hive/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "oss:List*"
      ],
      "Resource": [
        "acs:oss:*:*:ossBucketName"
      ]
    }
  ]
}

使用

以角色授权方式+aliyun cli命令方式走起.

😔,aliyun cli 的文档和使用一言难尽=。=

使用前请确保角色已经关联了对应权限以及角色已经绑定到了ECS上

# /etc/profile.d/ecs_role.sh
Region=`curl -sq http://100.100.100.200/latest/meta-data/region-id`
ramRoleName=`curl -sq http://100.100.100.200/latest/meta-data/ram/security-credentials/`
aliyun configure set --profile ecsRamRoleProfile  --mode EcsRamRole --ram-role-name ${ramRoleName} --region ${Region}

本脚本,会让任何一个会话登陆的时候就拿到角色拥有的权限

##导入角色
source /etc/profile.d/ecs_role.sh
Region=`curl -sq http://100.100.100.200/latest/meta-data/region-id`
Endpoint="http://oss-${Region}-internal.aliyuncs.com"
BucketName=test

#需要注意的是,如果请求端资源与oss不在一个大区,则endpoint地址需要用下述外网地址: 关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!
Endpoint="http://oss-${Region}.aliyuncs.com"

##查询
## 默认查询是递归查询,-d 只查询一层
aliyun oss ls oss://${BucketName}/ -d -e ${Endpoint}

##基本的上传或下载
##上传文件 a.file 到 oss://test/ 
aliyun oss cp a.file oss://${BucketName}/ -e ${Endpoint}

##基本的递归上传
##上传目录 abc 下的文件到 oss://test/ 下,如果有重复内容,则需要加入 --force:关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!
aliyun oss cp abc oss://${BucketName}/ --recursive -e ${Endpoint}

##复杂的递归上传
##上传目录 abc 下的 .lzo 结尾的文件到 oss://test/ 下.
##严禁在源目录里执行 --recursive 参数.  关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!关键!
##即禁止执行 aliyun oss cp . oss://${BucketName}/ --recursive 
aliyun oss cp abc/ oss://${BucketName}/ --include='*.lzo' --recursive --force -e ${Endpoint}

##同步目录 sync 指令变更
##同步目录 abc 下的文件到 oss://${BucketName}/ 下,如有重复,则忽略
aliyun oss cp abc oss://${BucketName}/ --recursive -u -e ${Endpoint}

开发向 sdk

关于php sdk访问对象存储的文档

php oss 对象 sdk
https://packagist.org/packages/aliyuncs/oss-sdk-php?spm=a2c6h.13321295.0.0.4f765c2dMbvzR6
php ram role sdk
https://packagist.org/packages/alibabacloud/credentials?spm=a2c6h.13321295.0.0.4f765c2dMbvzR6