Raspberry piにrcloneを導入してAWS S3をmountする
S3の事前準備
普通にS3を作って、そこにアクセス可能なIAM Userを用意する。
ポリシーはこんな感じにしておいた。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::<bucketname>/*"
},
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<bucketname>"
}
]
}
rcloneの導入
$ sudo apt update
$ sudo apt install rclone
rcloneの設定
$ sudo apt update
$ sudo apt install rclone
新規設定を作成する。まずはわかり易い名前を適当に。
$ rclone config
2021/05/27 07:02:36 NOTICE: Config file "/home/pi/.config/rclone/rclone.conf" not found - using defaults
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> AmazonS3_01
ストレージの種類を選択する。今回はAmazon S3を使うので"s3"。
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / A stackable unification remote, which can appear to merge the contents of several remotes
\ "union"
2 / Alias for a existing remote
\ "alias"
3 / Amazon Drive
\ "amazon cloud drive"
4 / Amazon S3 Compliant Storage Providers (AWS, Ceph, Dreamhost, IBM COS, Minio)
\ "s3"
(中略)
24 / http Connection
\ "http"
Storage> s3
** See help for s3 backend at: https://rclone.org/s3/ **
利用するS3プロバイダの選択。結構互換品があるのね。
今回はAmazon S3なので"AWS"。
Choose your S3 provider.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Amazon Web Services (AWS) S3
\ "AWS"
2 / Ceph Object Storage
\ "Ceph"
3 / Digital Ocean Spaces
\ "DigitalOcean"
4 / Dreamhost DreamObjects
\ "Dreamhost"
5 / IBM COS S3
\ "IBMCOS"
6 / Minio Object Storage
\ "Minio"
7 / Wasabi Object Storage
\ "Wasabi"
8 / Any other S3 compatible provider
\ "Other"
provider> AWS
credentialsについて。今回はraspbery piから利用するので、環境変数やメタデータからの取得ではなく、事前に用意しておいたIAM Userのcredentialsを利用する。
false(default)を選択後、access_key_id, secret_access_keyを求められるがままに応じて入力。
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
Only applies if access_key_id and secret_access_key is blank.
Enter a boolean value (true or false). Press Enter for the default ("false").
Choose a number from below, or type in your own value
1 / Enter AWS credentials in the next step
\ "false"
2 / Get AWS credentials from the environment (env vars or IAM)
\ "true"
env_auth>
AWS Access Key ID.
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
access_key_id> ********
AWS Secret Access Key (password)
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
secret_access_key> ****************
接続先リージョンの指定。"ap-northeast-1"を指定。
Region to connect to.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
/ The default endpoint - a good choice if you are unsure.
1 | US Region, Northern Virginia or Pacific Northwest.
| Leave location constraint empty.
\ "us-east-1"
/ US East (Ohio) Region
2 | Needs location constraint us-east-2.
\ "us-east-2"
(中略)
/ Asia Pacific (Tokyo) Region
11 | Needs location constraint ap-northeast-1.
\ "ap-northeast-1"
/ Asia Pacific (Seoul)
12 | Needs location constraint ap-northeast-2.
\ "ap-northeast-2"
/ Asia Pacific (Mumbai)
13 | Needs location constraint ap-south-1.
\ "ap-south-1"
/ South America (Sao Paulo) Region
14 | Needs location constraint sa-east-1.
\ "sa-east-1"
region> ap-northeast-1
S3のEndpoint指定はdefault ""で。
今回は既存のBucketを利用するつもりなのでLocation constraintは別に何でも良いのだけれど、一応"ap-northeast-1"を指定。
Endpoint for S3 API.
Leave blank if using AWS to use the default endpoint for the region.
Enter a string value. Press Enter for the default ("").
endpoint>
Location constraint - must be set to match the Region.
Used when creating buckets only.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Empty for US Region, Northern Virginia or Pacific Northwest.
\ ""
2 / US East (Ohio) Region.
\ "us-east-2"
3 / US West (Oregon) Region.
\ "us-west-2"
4 / US West (Northern California) Region.
\ "us-west-1"
5 / Canada (Central) Region.
\ "ca-central-1"
6 / EU (Ireland) Region.
\ "eu-west-1"
7 / EU (London) Region.
\ "eu-west-2"
8 / EU Region.
\ "EU"
9 / Asia Pacific (Singapore) Region.
\ "ap-southeast-1"
10 / Asia Pacific (Sydney) Region.
\ "ap-southeast-2"
11 / Asia Pacific (Tokyo) Region.
\ "ap-northeast-1"
12 / Asia Pacific (Seoul)
\ "ap-northeast-2"
13 / Asia Pacific (Mumbai)
\ "ap-south-1"
14 / South America (Sao Paulo) Region.
\ "sa-east-1"
location_constraint> ap-northeast-1
ACLはdefautの"private"
Canned ACL used when creating buckets and storing or copying objects.
For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
Note that this ACL is applied when server side copying objects as S3
doesn't copy the ACL from the source but rather writes a fresh one.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Owner gets FULL_CONTROL. No one else has access rights (default).
\ "private"
2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
\ "public-read"
/ Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
3 | Granting this on a bucket is generally not recommended.
\ "public-read-write"
4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.
\ "authenticated-read"
/ Object owner gets FULL_CONTROL. Bucket owner gets READ access.
5 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
\ "bucket-owner-read"
/ Both the object owner and the bucket owner get FULL_CONTROL over the object.
6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
\ "bucket-owner-full-control"
acl>
暗号化については適当に指定。今回は事前にAES256にしてたので"2"
KMSのarn指定はなし。
The server-side encryption algorithm used when storing this object in S3.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / None
\ ""
2 / AES256
\ "AES256"
3 / aws:kms
\ "aws:kms"
server_side_encryption> 2
If using KMS ID you must provide the ARN of Key.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / None
\ ""
2 / arn:aws:kms:*
\ "arn:aws:kms:us-east-1:*"
sse_kms_key_id>
storage classは用途に応じて適当に。今回はSTANDARDを指定。
The storage class to use when storing new objects in S3.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Default
\ ""
2 / Standard storage class
\ "STANDARD"
3 / Reduced redundancy storage class
\ "REDUCED_REDUNDANCY"
4 / Standard Infrequent Access storage class
\ "STANDARD_IA"
5 / One Zone Infrequent Access storage class
\ "ONEZONE_IA"
storage_class> STANDARD
advanced configのお誘いを断ったら、後は設定の見直しをして完了。
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
--------------------
[AmazonS3_01]
provider = AWS
access_key_id = ********************
secret_access_key = ***************************************
region = ap-northeast-1
location_constraint = ap-northeast-1
server_side_encryption = AES256
storage_class = STANDARD
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name Type
==== ====
AmazonS3_01 s3
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q
動作確認
定義した名前に対してlsを発行してみる……が、403エラーになる。あ、ListBucket権限付けるときにBucketの指定をしたんだったか。
$ rclone ls AmazonS3_01:
2021/05/27 07:33:59 ERROR : : error listing: AccessDenied: Access Denied
status code: 403, request id: , host id:
2021/05/27 07:33:59 Failed to ls: AccessDenied: Access Denied
status code: 403, request id: , host id:
Bucket nameを指定すればエラーは出ない。ただ、中身が無いから何も返ってこないわ。
$ rclone ls AmazonS3_01:<bucketname>
適当なファイルをcopyしてからlsすれば問題なく確認できた。
$ rclone copy lcd.py AmazonS3_01:<bukcetname>
$ rclone ls AmazonS3_01:<bucketname>
3461 lcd.py
rclone mount
mkdir ~/s3
rclone mount AmazonS3_01:<bucketname> ~/s3 &
[1] 1165
$ ls ~/s3/ -l
total 4
-rw-r--r-- 1 pi pi 3461 May 25 03:54 lcd.py
mkdir ~/s3
rclone mount AmazonS3_01:<bucketname> ~/s3 &
[1] 1165
$ ls ~/s3/ -l
total 4
-rw-r--r-- 1 pi pi 3461 May 25 03:54 lcd.py
ポイントはrclone mountコマンドの末尾の" &"。
ヘルプに以下の様に記述がある通り、普通に実行するとrcloneがmountのために掛かりっきりになっちゃうので、続けて作業したいときはrcloneをバックグラウンドで実行してやる必要があり。
When the program ends, either via Ctrl+C or receiving a SIGINT or SIGTERM signal,the mount is automatically stopped.
止めるときはSIGINTやSIGTERMをプロセスに送ってあげてね。
$ ps aux | grep rclone
pi 1165 0.5 5.1 883532 22604 pts/0 Sl 07:51 0:01 rclone mount AmazonS3_01:<bucketname> ~/s3
pi 1194 0.0 0.4 7332 1816 pts/0 S+ 07:57 0:00 grep --color=auto rclone
$ kill -s SIGINT 1165
$ ps aux | grep rclone
pi 1199 0.0 0.4 7332 2032 pts/0 S+ 08:00 0:00 grep --color=auto rclone
[1]+ Done rclone mount AmazonS3_01:sand-river-raspi ./s3
Author And Source
この問題について(Raspberry piにrcloneを導入してAWS S3をmountする), 我々は、より多くの情報をここで見つけました https://qiita.com/Sand-River/items/5ec2e7c7c245ddafa174著者帰属:元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。
Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .