AWS上goofys的配置使用

前置条件：

1、新建一个存储桶tests3

2、新建一个S3账号，并将账号的权限设置好

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws-cn:s3:::tests3",
                "arn:aws-cn:s3:::tests3/*"
            ]
        },
        {
            "Effect": "Deny",
            "NotAction": "s3:*",
            "NotResource": [
                "arn:aws-cn:s3:::tests3",
                "arn:aws-cn:s3:::tests3/*"
            ]
        }
    ]
}

一、上传goofys到服务器

GOOFYS地址
https://github.com/kahing/goofys?tab=readme-ov-file
linux上使用pre-built binaries进行安装

二、将goofys拷到/usr/local/bin

[root@ip-172-31-15-109 data]# cp goofys /usr/local/bin/ 
[root@ip-172-31-15-109 data]# chmod a+x /usr/local/bin/goofys

三、安装fuse-utils

[root@ip-172-31-15-109 data]# yum install fuse-utils

四、将账号写入环境配置

[root@ip-172-31-15-109 data]# vim ~/.aws/credentials
[default]
aws_access_key_id = AKID1234567890
aws_secret_access_key = MY-SECRET-KEY

五、建立挂载点

本次挂载点建立在data/tests3

[root@ip-172-31-15-109 data]# mkdir /data/tests3/

六、检查AWS账号ak/sk配置是否正确

[root@ip-172-31-15-109 data]# aws configure

七、挂载

[root@ip-172-31-15-109 data]# goofys -o allow_other --region cn-northwest-1 <bucket> <mountpoint>
示例：
goofys -o allow_other --region cn-northwest-1 tests3 /data/tests3/
#如需对uid 和gid为1001的账号授权
goofys -o allow_othr --uid 1001 --gid 1001 --region cn-northwest-1 tests3 /data/tests3/

特别注意：

当需要某个账号权限的时候，需要加上账号ID 如：–uid xxxx –gid xxxx

goofys -o allow_other --uid 1001 --gid 1001 --region cn-northwest-1 tests3 /data/tests3/ #本条命令加了用户www，UID为1001的权限，默认权限0755

八、开机自动挂载

要在启动时挂载 S3 存储桶，请确保AWS凭证配置正确 ，

并且修改 /etc/fstab 在最后一行加上:

goofys#bucket /mnt/mountpoint fuse _netdev,allow_other,--uid=1001,--gid=1001,--region=your_region,--file-mode=0666,--dir-mode=0777 0 0

修改之后，尝试使用命令挂载一下

mount -a

使用ls 或ll 查看一下挂载的目录是否成功。

—————————分割线————————

以下开机启动为老的设置方式，现在已经不再使用：

1、准备脚本

[root@ip-172-31-15-109 data]# cat s3.sh 
#!/bin/bash
#chkconfig:2345 80 90
#description:开机自动挂载S3存储存桶
/usr/local/bin/goofys -o allow_other --region cn-northwest-1 <bucket> <mountpoint>

2、拷贝脚本到/etc/rc.d/init.d/并设置开机启动

[root@ip-172-31-15-109 data]# cp s3.sh /etc/rc.d/init.d/
[root@ip-172-31-15-109 data]# chmod +x /etc/rc.d/init.d/s3.sh
[root@ip-172-31-15-109 data]# chkconfig --add s3.sh
[root@ip-172-31-15-109 data]# chkconfig s3.sh on
[root@ip-172-31-15-109 data]# chkconfig --list

其它：

GOOFYS帮助文档：

[root@ip-172-31-15-109 .aws]# goofys
Error: goofys takes exactly two arguments.

NAME:
   goofys - Mount an S3 bucket locally

USAGE:
   goofys [global options] bucket[:prefix] mountpoint
   
VERSION:
   0.24.0-45b8d78375af1b24604439d2e60c567654bcdf88
   
GLOBAL OPTIONS:
   -o value            Additional system-specific mount options. Be careful!
   --cache value       Directory to use for data cache. Requires catfs and `-o allow_other'. Can also pass in other catfs options (ex: --cache "--free:10%:$HOME/cache") (default: off)
   --dir-mode value    Permission bits for directories. (default: 0755) (default: 493)
   --file-mode value   Permission bits for files. (default: 0644) (default: 420)
   --uid value         UID owner of all inodes. (default: 0)
   --gid value         GID owner of all inodes. (default: 0)
   --endpoint value    The non-AWS endpoint to connect to. Possible values: http://127.0.0.1:8081/
   --profile value     Use a named profile from $HOME/.aws/credentials instead of "default"
   --use-content-type  Set Content-Type according to file extension and /etc/mime.types (default: off)
   --subdomain         Enable subdomain mode of S3
   
TUNING OPTIONS:
   --cheap                 Reduce S3 operation costs at the expense of some performance (default: off)
   --no-implicit-dir       Assume all directory objects ("dir/") exist (default: off)
   --stat-cache-ttl value  How long to cache StatObject results and inode attributes. (default: 1m0s)
   --type-cache-ttl value  How long to cache name -> file/dir mappings in directory inodes. (default: 1m0s)
   --http-timeout value    Set the timeout on HTTP requests to S3 (default: 30s)
   
AWS S3 OPTIONS:
   --region value         The region to connect to. Usually this is auto-detected. Possible values: us-east-1, us-west-1, us-west-2, eu-west-1, eu-central-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1 (default: "us-east-1")
   --requester-pays       Whether to allow access to requester-pays buckets (default: off)
   --storage-class value  The type of storage to use when writing objects. Possible values: REDUCED_REDUNDANCY, STANDARD, STANDARD_IA. (default: "STANDARD")
   --sse                  Enable basic server-side encryption at rest (SSE-S3) in S3 for all writes (default: off)
   --sse-kms key-id       Enable KMS encryption (SSE-KMS) for all writes using this particular KMS key-id. Leave blank to Use the account's CMK - customer master key (default: off)
   --sse-c value          Enable server-side encryption using this base64-encoded key (default: off)
   --acl value            The canned ACL to apply to the object. Possible values: private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, bucket-owner-full-control (default: off)
   
MISC OPTIONS:
   --help, -h     Print this help text and exit successfully.
   --debug_fuse   Enable fuse-related debugging output.
   --debug_s3     Enable S3-related debugging output.
   -f             Run goofys in foreground.
   --version, -v  print the version

错误处理：

错误一：

2022/04/23 02:40:38.899977 main.FATAL Unable to mount file system, see syslog for details

处理方法：检查region是否正确

---

本章结束~ifan