一肿男、檢查并安裝go環(huán)境

1.1 查詢宿主機是否有go環(huán)境

go version

1.2 沒有則通過yum安裝go

yum install golang -y

1.3 檢查安裝

go version

#輸出類似則安裝完成
#-> go version go1.15.5 linux/amd64

1.4 配置環(huán)境變量

#編輯環(huán)境變量
vi /etc/profile

# GOROOT go安裝目錄
export GOROOT=/usr/lib/golang

# GOPATH go工作目錄医窿，可自定義
export GOPATH=/home/go/path/

# GOPATH bin go bin
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

#重啟使環(huán)境生效
source /etc/profile

二骇径、下載安裝Seaweedfs

2.1 進入安裝目錄，如沒有請先創(chuàng)建（下面所有操作在/user/local/seaweedfs下進行）

cd /user/local/seaweedfs

2.2 去github下載linux_amd64.tar.gz壓縮包并解壓（https://github.com/chrislusf/seaweedfs/releases）

tar -zxf linux_amd64.tar.gz
#解壓后得到weed執(zhí)行文件

2.3 ./weed -h 查看幫助指令

./weed -h

2.4 創(chuàng)建運行時需要的文件

mkdir master logs vol vol2 vol3

2.5 啟動master服務 (ip根據(jù)自己實際情況指定)

nohup /usr/local/seaweedfs/weed master -mdir=/usr/local/seaweedfs/master -port=9333 -defaultReplication="001" -ip="1xx.xx.0.1" &>>/usr/local/seaweedfs/logs/master.log &

#查看master其它啟動參數(shù)
./weed master -h

2.6 啟動volume服務 (ip根據(jù)自己實際情況指定)

nohup /usr/local/seaweedfs/weed volume -dir=/usr/local/seaweedfs/vol1 -mserver="1xx.xx.0.1:9333" -port=9334 -ip="1xx.xx.0.1" &>> /usr/local/seaweedfs/logs/vol1.log &
nohup /usr/local/seaweedfs/weed volume -dir=/usr/local/seaweedfs/vol2 -mserver="1xx.xx.0.1:9333" -port=9335 -ip="1xx.xx.0.1" &>> /usr/local/seaweedfs/logs/vol2.log &
nohup /usr/local/seaweedfs/weed volume -dir=/usr/local/seaweedfs/vol3 -mserver="1xx.xx.0.1:9333" -port=9336 -ip="1xx.xx.0.1" &>> /usr/local/seaweedfs/logs/vol3.log &

#查看volume其它啟動參數(shù)
./weed volume -h

三米间、如需文件訪問控制權限，配置Security模塊

3.1 通過./weed scaffold -config=security創(chuàng)建security.toml文件

#創(chuàng)建security.toml
touch security.toml

#生成配置信息膘侮，編輯security.toml文件屈糊，將生成的配置信息復制并保存
./weed scaffold -config=security

3.2 通過certstrap工具生成security.toml所需秘鑰

#下載certstrap
git clone https://github.com/square/certstrap
#進入
cd certstrap/
#構建
go build

#生成秘鑰
certstrap init --common-name "SeaweedFS CA"
certstrap request-cert --common-name volume01
certstrap request-cert --common-name master01
certstrap request-cert --common-name filer01
certstrap request-cert --common-name client01
certstrap sign --CA "SeaweedFS CA" volume01
certstrap sign --CA "SeaweedFS CA" master01
certstrap sign --CA "SeaweedFS CA" filer01
certstrap sign --CA "SeaweedFS CA" client01

3.3 將生成的秘鑰文件路徑配置到security.toml中
參考：

[jwt.signing]
key = "111"
expires_after_seconds = 300           # seconds

# jwt for read is only supported with master+volume setup. Filer does not support this mode.
[jwt.signing.read]
key = "222"
expires_after_seconds = 360           # seconds

# all grpc tls authentications are mutual
# the values for the following ca, cert, and key are paths to the PERM files.
# the host name is not checked, so the PERM files can be shared.
[grpc]
ca = "/usr/local/seaweedfs/certstrap/out/SeaweedFS_CA.crt"
# Set wildcard domain for enable TLS authentication by common names
allowed_wildcard_domain = "" # .mycompany.com

[grpc.volume]
cert ="/usr/local/seaweedfs/certstrap/out/volume01.crt"
key  ="/usr/local/seaweedfs/certstrap/out/volume01.key"
allowed_commonNames = ""        # comma-separated SSL certificate common names

[grpc.master]
cert ="/usr/local/seaweedfs/certstrap/out/master01.crt"
key  ="/usr/local/seaweedfs/certstrap/out/master01.key"
allowed_commonNames = ""        # comma-separated SSL certificate common names

[grpc.filer]
cert ="/usr/local/seaweedfs/certstrap/out/filer01.crt"
key  ="/usr/local/seaweedfs/certstrap/out/filer01.key"
allowed_commonNames = ""        # comma-separated SSL certificate common names

[grpc.msg_broker]
cert = ""
key  = ""
allowed_commonNames = ""        # comma-separated SSL certificate common names

# use this for any place needs a grpc client
# i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload"
[grpc.client]
cert ="/usr/local/seaweedfs/certstrap/out/client01.crt"
key  ="/usr/local/seaweedfs/certstrap/out/client01.key"

# volume server https options
# Note: work in progress!
#     this does not work with other clients, e.g., "weed filer|mount" etc, yet.
[https.client]
enabled = true
[https.volume]
cert = ""
key  = ""

3.4 重啟seaweedfs服務

#依次殺掉進程
ps -ef | grep weed
kill -9 進程id

#重啟運行《2.5 啟動master服務》以及《2.6 啟動volume服務》

至此文件訪問控制權限已經(jīng)配置生效，后續(xù)通過http發(fā)送請求至文件服務器都會在請求頭部中帶上Authorization琼了。

四逻锐、帶權限使用案例

4.1 獲取圖片可上傳位置

16225186963043.jpg

Response中Authorization

16225187847210.jpg

4.2上傳圖片

16225190450515.jpg

如果不帶Authorization，則無權上傳

16225190951806.jpg

4.3查詢已上傳的圖片

獲取查詢圖片權限

16225193115315.jpg

查詢圖片

16225194236942.jpg

五雕薪、以上使用案例基于http協(xié)議昧诱。如在項目中使用，請自行下載官方推薦的sdk并集成到項目中

seaweedfs官方地址
https://github.com/chrislusf/seaweedfs

各語言sdk下載地址
https://github.com/chrislusf/seaweedfs/wiki/Client-Libraries

seaweedfs Api地址
https://github.com/chrislusf/seaweedfs/wiki/Master-Server-API

----------------- 文章如有問題所袁，請下方回復指出盏档，感謝查閱?? -----------------