Rclone quick tutorial: interaction with object storage¶
Installing and configuring¶
Linux:
If not yet installed on your machine, you can install rclone with the following command:
$ curl https://rclone.org/install.sh | sudo bash
Windows:
In order to use Rclone on Windows systems, you need a bash. If you don’t have one yet, you can download git bash from:
Install it and then download rclone from:
Unzip the archive and open the bash in the rclone directory. From here, you can use rclone command as follow:
./rclone
Download OpenStack credentials¶
Create and download an application credential from openstack dashboard as app-credentials.sh.
In order to use Rclone, you can either load the configuration from environment either write them directly in the configuration file. Choose the best approach for your needs.
In both cases, you should edit the Rclone configuration file:
$ nano .rclone.conf
Case 1: Take variables from environment¶
Add the following text to rclone.conf:
[garr-cloud]
type = swift
env_auth = true
Then execute the content of the file:
$ source app-credentials.sh
Case 2: Write variables in the configuration file¶
Take note of these three variables in app-credentials.sh:
OS_REGION_NAME
OS_APPLICATION_CREDENTIAL_ID
OS_APPLICATION_CREDENTIAL_SECRET
Add the following text to rclone.conf:
[garr-cloud]
type = swift
auth = https://keystone.cloud.garr.it:5000/v3/
auth_version = 3
region = <insert here the content of OS_REGION_NAME>
application_credential_id = <insert here the content of OS_APPLICATION_CREDENTIAL_ID>
application_credential_secret = <insert here the content of OS_APPLICATION_CREDENTIAL_SECRET>
Mind that env_auth = true
takes variables from environment, so you shouldn’t insert it in this case.
Case 3: Use EC2 credentials¶
First, you need to install the Openstack cli as described here in the cli tutorial.
Then execute the content of the file:
$ source app-credentials.sh
And create the ec2 credentials:
$ openstack ec2 credentials create
Take note of these two variables:
+------------+-----------------------+
| Field | Value |
+------------+-----------------------+
| access | <access_key> |
| secret | <secret_key> |
+------------+-----------------------+
Add the following text to rclone.conf:
[garr-cloud]
type = s3
provider = AWS
access_key_id = <insert here the content of access_key>
secret_access_key = <insert here the content of secret_key>
endpoint = https://swift.cloud.garr.it
Note
You can use EC2 credentials to access object storage with other tools. Check S3 interface to object storage.
Check configuration¶
Note
On windows systems you have to run rclone inside the executable folder and prepend ./
(i.e. ./rclone
)
Now you can verify your configuration with:
$ rclone lsd garr-cloud:
$ echo $?
The command above will most probably return no output, but the exit code should be ‘zero’.
Check total used space¶
Unfortunately, at time of writing rclone capability of interfacing with the Ceph storage system is rather limited, and the command does not provide information on quota limits. However, it does provide information on the total used space:
$ rclone about garr-cloud:
Used: 190.364M
Objects: 19
Copy files and directories to cloud¶
Make a container on your remote object store:
$ rclone mkdir garr-cloud:test-cont
Copy a local file to the container:
$ rclone copy sample_file.txt garr-cloud:test-cont
$ rclone ls garr-cloud:test-cont
1103 sample_file.txt
Now, suppose you have these files on your local filesystem:
$ ls -lR /tmp/test_dir/
/tmp/test_dir/:
total 8
-rw-rw-r-- 1 ubuntu ubuntu 1103 Nov 13 15:31 file1.txt
drwxrwxr-x 2 ubuntu ubuntu 4096 Nov 13 15:32 subdir1
/tmp/test_dir/subdir1:
total 4
-rw-rw-r-- 1 ubuntu ubuntu 459 Nov 13 15:32 file2.txt
Execute the following command to synchronize it with the remote:
$ rclone sync /tmp/test_dir/ garr-cloud:test-cont/sublevel
$ rclone ls garr-cloud:test-cont
1103 sample_file.txt
1103 sublevel/file1.txt
459 sublevel/subdir1/file2.txt
Mind behaviour of sync! It makes destination identical to source
Copy files from remote to local¶
The following command copies files from remote to a local directory, create it if not exists:
$ rclone -P copy garr-cloud:test-cont/sublevel checkDir/
Transferred: 1.525k / 1.525 kBytes, 100%, 4.222 kBytes/s, ETA 0s
Errors: 0
Checks: 0 / 0, -
Transferred: 2 / 2, 100%
Elapsed time: 300ms
$ ls -lR checkDir/
checkDir/:
total 12
-rw-rw-r-- 1 ubuntu ubuntu 1103 Nov 13 15:31 file1.txt
-rw-rw-r-- 1 ubuntu ubuntu 1103 Nov 13 15:28 sample_file.txt
drwxrwxr-x 2 ubuntu ubuntu 4096 Nov 13 15:53 subdir1
checkDir/subdir1:
total 4
-rw-rw-r-- 1 ubuntu ubuntu 459 Nov 13 15:32 file2.txt
Mounting object storage on local filesystem¶
Linux:
First, you need to create a directory on which you will mount your filesystem:
$ mkdir ~/mnt-rclone
Then you can simply mount your object storage with:
$ rclone -vv --vfs-cache-mode writes mount garr-cloud: ~/mnt-rclone
Windows:
First you have to download Winsfp:
WinFsp is an open source Windows File System Proxy which provides a FUSE emulation layer.
Then you can simply mount your object storage with (no need to create the directory in advance):
./rclone -vv --vfs-cache-mode writes mount garr-cloud: C:/mnt-rclone
vfs-cache-mode
flag enable file caching, you can use either writes
or full
option. For further explanation you can see official documentation at the link:
https://rclone.org/commands/rclone_mount/#file-caching
Now that your object storage is mounted, you can list, create and delete files in it.
Unmount object storage¶
To unmount, simply press CTRL-C
and the mount will be interrupted.
Create encrypted directory¶
You can encrypt a directory in your remote container and decrypt it easily through rclone
commands.
First, we create a new remote in the rclone configuration file. It will be a subdirectory of your working remote (i.e. garr-cloud
remote and crypt-dir
directory). So, everything inside garr-cloud:crypt-dir
will be encrypted and anything outside won’t.:
$ nano .rclone.conf
Copy and paste the following text at the end of the file:
[garr-cloud-crypt]
type = crypt
remote = garr-cloud:crypt_dir
filename_encryption = standard
directory_name_encryption = true
Then set the passwords that will be saved obscured inside the config file:
$ rclone config password garr-cloud-crypt password <type_a_password>
$ rclone config password garr-cloud-crypt password2 <type_another_password>
Now we need to create crypt_dir
directory inside garr-cloud
:
$ rclone mkdir garr-dev:crypt_dir
or, if you have garr-cloud
still mounted on ~/mnt-rclone
:
$ mkdir ~/mnt-rclone/crypt_dir
Every file you will create inside garr-cloud-crypt
container will be encrypted.
You can try it following these steps. First, we create a file to copy:
$ echo "Hello world" > test.txt
Then, we copy it to the remote, in a new directory named test_dir
:
$ rclone copy test.txt garr-cloud-crypt:test_dir
Now we can list the new created files through the mounted filesystem:
$ cd ~/mnt-rclone/crypt_dir/
$ ls -R
You will get an output similar to this:
.:
0ruoo4gjnnuk01p4gok56li8ts
./0ruoo4gjnnuk01p4gok56li8ts:
b4tc2rcdasquuns71k9fa2uiss
and if you cat the content of the file, you will see that it has been encrypted:
$ cat 0ruoo4gjnnuk01p4gok56li8ts/b4tc2rcdasquuns71k9fa2uiss
To access and decrypt the file in a complete transparent way, you can copy it from the remote through:
$ rclone ls garr-cloud-crypt:
1048576 test_dir/test.txt
$ rclone copy garr-cloud-crypt: new_dir
$ ls new_dir
new_dir/:
test_dir
new_dir/test_dir:
test.txt
$ cat new_dir/test_dir/test.txt
Hello world