如何在 amazon-s3 上使用私有 yum 存储库来配置 amazon-ec2 实例?
我的幻想是能够启动一个标准 AMI、加载一个小脚本并最终得到一个正确配置的服务器实例。
部分原因是我希望在 S3 中有一个包含一些专有代码的私有 yum 存储库。
S3 似乎希望您要么公开,要么使用 AMZN 自己的特殊身份验证方式。
有什么方法可以让我在 S3 中使用标准 HTTPS + 基本或摘要身份验证吗?我说的是对 S3 的直接引用,而不是通过 Web 服务器访问 S3。
如果答案是否定的,有没有人考虑过向 yum 添加 AWS Auth 支持?
My fantasy is to be able to spin up a standard AMI, load a tiny script and end up with a properly configured server instance.
Part of this is that I would like to have a PRIVATE yum repo in S3 that would contain some proprietary code.
It seems that S3 wants you to either be public or use AMZN's own special flavor of authentication.
Is there any way that I can use standard HTTPS + either Basic or Digest auth with S3? I'm talking about direct references to S3, not going through a web-server to get to S3.
If the answer is 'no', has anyone thought about adding AWS Auth support to yum?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
cgbystrom 的 git 存储库中的代码是意图的表达,而不是工作代码。
我已经制作了一个分叉并让一切正常运行,至少对我们来说是这样,并且希望其他人能够接管。
The code in cgbystrom's git repo is an expression of intent rather than working code.
I've made a fork and gotten things working, at least for us, and would love for someone else to take over.
我不知道您可以对 S3 使用非专有身份验证,但是我们通过在实例启动后将 EBS 卷安装到实例来实现类似的目标。然后,您可以访问 EBS 卷,就像它是本地文件系统的一部分一样。
我们可以根据需要对 EBS 进行更改以使其保持最新(通常每小时更新一次)。每个挂载 EBS 卷的新实例都会获取挂载时的最新数据。
I'm not aware that you can use non-proprietary authentication with S3, however we accomplish a similar goal by mounting an EBS volume to our instances once they fire up. You can then access the EBS volume as if it were part of the local file system.
We can make changes to EBS as needed to keep it up to date (often updating it hourly). Each new instance that mounts the EBS volume gets the data current as of the mount time.
您当然可以使用 Amazon S3 托管私有 Yum 存储库。您可以尝试不同的路线,而不是摆弄身份验证:通过 IP 地址限制对私有 S3 存储桶的访问。这是完全支持的,请参阅 S3 文档。
第二种选择是使用提供必要身份验证的 Yum 插件。似乎有人已经开始开发这样的插件: https://github.com/cgbystrom/ yum-s3-插件。
You can certainly use Amazon S3 to host a private Yum repository. Instead of fiddling with authentication, you could try a different route: limit access to your private S3 bucket by IP address. This is entirely supported, see the S3 documentation.
A second option is to use a Yum plug-in that provides the necessary authentication. Seems like someone already started working on such a plug-in: https://github.com/cgbystrom/yum-s3-plugin.