一、检查并安装go环境
1.1 查询宿主机是否有go环境
go version
1.2 没有则通过yum安装go
yum install golang -y
1.3 检查安装
go version
#输出类似则安装完成
#-> go version go1.15.5 linux/amd64
1.4 配置环境变量
#编辑环境变量
vi /etc/profile
# GOROOT go安装目录
export GOROOT=/usr/lib/golang
# GOPATH go工作目录,可自定义
export GOPATH=/home/go/path/
# GOPATH bin go bin
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
#重启使环境生效
source /etc/profile
二、下载安装Seaweedfs
2.1 进入安装目录,如没有请先创建(下面所有操作在/user/local/seaweedfs下进行)
cd /user/local/seaweedfs
2.2 去github下载linux_amd64.tar.gz压缩包并解压(https://github.com/chrislusf/seaweedfs/releases)
tar -zxf linux_amd64.tar.gz
#解压后得到weed执行文件
2.3 ./weed -h 查看帮助指令
./weed -h
2.4 创建运行时需要的文件
mkdir master logs vol vol2 vol3
2.5 启动master服务 (ip根据自己实际情况指定)
nohup /usr/local/seaweedfs/weed master -mdir=/usr/local/seaweedfs/master -port=9333 -defaultReplication="001" -ip="1xx.xx.0.1" &>>/usr/local/seaweedfs/logs/master.log &
#查看master其它启动参数
./weed master -h
2.6 启动volume服务 (ip根据自己实际情况指定)
nohup /usr/local/seaweedfs/weed volume -dir=/usr/local/seaweedfs/vol1 -mserver="1xx.xx.0.1:9333" -port=9334 -ip="1xx.xx.0.1" &>> /usr/local/seaweedfs/logs/vol1.log &
nohup /usr/local/seaweedfs/weed volume -dir=/usr/local/seaweedfs/vol2 -mserver="1xx.xx.0.1:9333" -port=9335 -ip="1xx.xx.0.1" &>> /usr/local/seaweedfs/logs/vol2.log &
nohup /usr/local/seaweedfs/weed volume -dir=/usr/local/seaweedfs/vol3 -mserver="1xx.xx.0.1:9333" -port=9336 -ip="1xx.xx.0.1" &>> /usr/local/seaweedfs/logs/vol3.log &
#查看volume其它启动参数
./weed volume -h
三、如需文件访问控制权限,配置Security模块
3.1 通过./weed scaffold -config=security创建security.toml文件
#创建security.toml
touch security.toml
#生成配置信息,编辑security.toml文件,将生成的配置信息复制并保存
./weed scaffold -config=security
3.2 通过certstrap工具生成security.toml所需秘钥
#下载certstrap
git clone https://github.com/square/certstrap
#进入
cd certstrap/
#构建
go build
#生成秘钥
certstrap init --common-name "SeaweedFS CA"
certstrap request-cert --common-name volume01
certstrap request-cert --common-name master01
certstrap request-cert --common-name filer01
certstrap request-cert --common-name client01
certstrap sign --CA "SeaweedFS CA" volume01
certstrap sign --CA "SeaweedFS CA" master01
certstrap sign --CA "SeaweedFS CA" filer01
certstrap sign --CA "SeaweedFS CA" client01
3.3 将生成的秘钥文件路径配置到security.toml中
参考:
[jwt.signing]
key = "111"
expires_after_seconds = 300 # seconds
# jwt for read is only supported with master+volume setup. Filer does not support this mode.
[jwt.signing.read]
key = "222"
expires_after_seconds = 360 # seconds
# all grpc tls authentications are mutual
# the values for the following ca, cert, and key are paths to the PERM files.
# the host name is not checked, so the PERM files can be shared.
[grpc]
ca = "/usr/local/seaweedfs/certstrap/out/SeaweedFS_CA.crt"
# Set wildcard domain for enable TLS authentication by common names
allowed_wildcard_domain = "" # .mycompany.com
[grpc.volume]
cert ="/usr/local/seaweedfs/certstrap/out/volume01.crt"
key ="/usr/local/seaweedfs/certstrap/out/volume01.key"
allowed_commonNames = "" # comma-separated SSL certificate common names
[grpc.master]
cert ="/usr/local/seaweedfs/certstrap/out/master01.crt"
key ="/usr/local/seaweedfs/certstrap/out/master01.key"
allowed_commonNames = "" # comma-separated SSL certificate common names
[grpc.filer]
cert ="/usr/local/seaweedfs/certstrap/out/filer01.crt"
key ="/usr/local/seaweedfs/certstrap/out/filer01.key"
allowed_commonNames = "" # comma-separated SSL certificate common names
[grpc.msg_broker]
cert = ""
key = ""
allowed_commonNames = "" # comma-separated SSL certificate common names
# use this for any place needs a grpc client
# i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload"
[grpc.client]
cert ="/usr/local/seaweedfs/certstrap/out/client01.crt"
key ="/usr/local/seaweedfs/certstrap/out/client01.key"
# volume server https options
# Note: work in progress!
# this does not work with other clients, e.g., "weed filer|mount" etc, yet.
[https.client]
enabled = true
[https.volume]
cert = ""
key = ""
3.4 重启seaweedfs服务
#依次杀掉进程
ps -ef | grep weed
kill -9 进程id
#重启运行《2.5 启动master服务》以及《2.6 启动volume服务》
至此文件访问控制权限已经配置生效,后续通过http发送请求至文件服务器都会在请求头部中带上Authorization。
四、带权限使用案例
4.1 获取图片可上传位置
Response中Authorization
4.2上传图片
如果不带Authorization,则无权上传
4.3查询已上传的图片
获取查询图片权限
查询图片
五、以上使用案例基于http协议。如在项目中使用,请自行下载官方推荐的sdk并集成到项目中
seaweedfs官方地址
https://github.com/chrislusf/seaweedfs
各语言sdk下载地址
https://github.com/chrislusf/seaweedfs/wiki/Client-Libraries
seaweedfs Api地址
https://github.com/chrislusf/seaweedfs/wiki/Master-Server-API
----------------- 文章如有问题,请下方回复指出,感谢查阅😁 -----------------