0
点赞
收藏
分享

微信扫一扫

云计算:OpenStack 分布式架构添加LVM存储(单控制节点与多计算节点)

文章目录

🐷 背景

由于AWS整体成本略低于阿里云,公司决定将文件存储模块的业务迁移至AWS,迁移过程中发现,关于视频播放,转码之前阿里云已自动集成相关功能,但Aws并没有原生支持,为此踩了很多坑!

🦥 简述

本次主要是完成视频上传Aws并完成转码播放功能,基础功能已实现,但速度方面略低于阿里云,后续还需要优化改进。

Aws指南

🐥 Aws服务

🦜 AWS CloudFormation


CloudFormation是一个模板,该模板包含一套解决方案所需的所有资源,将一个通用解决方案配置成一个模板,需要再次部署相同解决方案则使用模板即可快速实现复制。启动堆栈可对模板进行部署实施。

Aws点播使用的模板


整体转码流程

官方服务说明


堆栈部署产生的aws服务说明


mediaconvert作业模板


Lambda

Lambda很重要!Lambda很重要!Lambda很重要!


IAM Role

IAM很重要!IAM很重要!IAM很重要!

SQS

SQS消息队列,转码完成后会向消息队列写入消息,业务侧可读取消息实现转码完成事件通知。

🐞 问题

使用Workflow trigger选项VideoFile的话,部署的方案会默认转码成m3u8文件;会默认使用3个模板进行转码(MediaConvert_Template_2160p、MediaConvert_Template_1080p、MediaConvert_Template_720p)于现有阿里云转码成单个mp4文件不一致,现有业务对多种品质输出没有要求,需要能够定制转码输出格式。

备注:如要实现类似点播清晰度选择的话可考虑多个质量转码模板。
解决方案在github上

🐉 落地方案

调整堆栈参数

Workflow trigger选择MetadataFile ,工作流触发参数由VideoFile调整为Metadata,堆栈会进行自动调整。
调整后s3桶事件通知中由之前的视频文件触发工作流,变更为由metadata触发,metadata就是.json的一个文件,具体内容参考github

Metadata文件创建

堆栈调整后,上传视频文件不再触发工作流,此时需要对上传的视频文件生成对应的metadata文件(.json文件),可以由业务侧进行两次上传,先上传视频文件,再上传metadata文件,进而触发工作流。考虑存在失败的可能以及业务侧需要实现额外的逻辑,因此使用了Lambda创建Metadata文件,文件上传完成触发Lambda,由Lambda实现生成Metadata文件。

const aws = require('aws-sdk');

const s3 = new aws.S3({ apiVersion: '2006-03-01' });

exports.handler = async (event, context) => {
    // Get the object from the event and show its content type
    const bucket = event.Records[0].s3.bucket.name;
    const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
    if(key.endsWith('.json')){
        console.log('json file');
        return;
    }
    const params = {
        Bucket: bucket,
        Key: key,
    }; 
    console.log(params);
    const metadata={
        "srcVideo": key,
        "ArchiveSource": true,
        "FrameCapture":true,
        "JobTemplate":"jiaoyubaoCompanyVideo_trans_template"
    };
    const metadataKey=key.substring(0,key.lastIndexOf('.'))+'.json';
    console.log('metadatakey:',metadataKey);
    try {
        //const { ContentType } = await s3.headObject(params).promise();
        //console.log('CONTENT TYPE:', ContentType);
        //upload metadata
        const uploadParams = {Bucket: bucket, Key: metadataKey, Body: JSON.stringify(metadata)};
        console.log(uploadParams);
        // call S3 to retrieve upload file to specified bucket
        const res=await s3.upload (uploadParams).promise();
        return res;
        
    } catch (err) {
        console.log(err);
        throw err;
    }
};

自定义转码模板

默认模板转码为m3u8格式文件,需要实现mp4格式转码,自定义转码模板jiaoyubaoCompanyVideo_trans_template

质量优化级别建议使用单一传递 HQ,太低转码文件质量较低,但文件大小会降低明显,考虑效果,采用中间质量。
最大比特率(位/秒)设置为了2000000,该值会影响转码视频大小,实际测试2000000转码视频较源视频大小略有压缩,固采用该值,如需高质量可参考该值设置更大的值,如需更多的压缩,可降低该值。

业务侧上传视频

客户端直连S3实现分片续传思路与实践

https://aws.amazon.com/cn/blogs/china/s3-multipul-upload-practice/

授权方案

方案一:STS临时授权

策略:ClientUploadVideoS3Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": "arn:aws-cn:s3:::videoondemand-company-source234242b7/*"
        }
    ]
}

角色:ClientVideoUploadAssumeRole


AssumeRole

private Amazon.SecurityToken.Model.AssumeRoleResponse GetOriginalAwsAssumeRole(int durationSeconds=3600)
{
    //Amazon Resource Name
    var roleArnToAssume = "arn:aws-cn:iam::77480923422862:role/ClientVideoUploadAssumeRole";

    var client = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(AWSCredentialsConfig.AwsAccessKeyId,AWSCredentialsConfig.AwsSecretAccessKey,Amazon.RegionEndpoint.CNNorthWest1);

    // Create the request to use with the AssumeRoleAsync call.
    var assumeRoleReq = new Amazon.SecurityToken.Model.AssumeRoleRequest()
    {
        DurationSeconds = durationSeconds,
        RoleSessionName = "AwsUpload",
        RoleArn = roleArnToAssume
    };

    var assumeRoleRes =  client.AssumeRole(assumeRoleReq);
    return assumeRoleRes;
}
{
  "AssumedRoleUser": {
    "Arn": "arn:aws-cn:sts::77421422862:assumed-role/ClientVideoUploadAssumeRole/AwsUpload",
    "AssumedRoleId": "AROA3IZSCNY432ZRBYTQU5:AwsUpload"
  },
  "Credentials": {
    "AccessKeyId": "ASIA3234fsdfwe42Q3UK6",
    "Expiration": "2022-12-30T15:24:37+08:00",
    "SecretAccessKey": "khoROTW8vyDSD7tcaDmvMZg7S0Ujte6TiRP+ql2b",
    "SessionToken": "IQoJb3JpZ2luX2VjEGEaDmNuLW5vcnRod2VzdC0xIkYwRAIgUZ7b3+OGVn+agrp3IJ+JRQDjTTgKcGW+F92eOi0CsMICICqooZD6FJoCnOdBNaAPfrvzB5iG4fxzSQL234234uEKp8CCI///wEQABoMNzc0ODA5NzQyODYyIgw+fkUE58kq72ukAWkq8wEbHoeO5inZTKxAr/kafYBQ5RFOyYx8EJjrYd/uCReS6Te/Ix64D9/aqSM/BimyACmnjM3BmeDuys12zYDdHLfOAhuOUR4dyjKEXPWTwV6usxVb+5EYw4T9Z47dX9gV8EoI0n342342jzKnY8iQIikpidsYFjo6g27Q/dddCUXGqhIUB0QtzAhoMRAM9ndVl9w2VH7CBUsFPFXPhUaxhhIol59p8L2342342BKkFFpY/Zf8wSMLBYLLO3p9/uCBA4D06chibtYVoiIPLoMvPDlOEU6iAk+LtKTOtdmZ5/J8+WTGeZB8Y6R7II14wpe++rAY6ngGPSJw/q0JoPm8WMMH84c3Lv47V9n9sDTSX8WHlASPvgySRiuP+DvSd3RqMDootuk3awg1x3hvzU438xJ+BCo5qAWFIJE2niwyslWh3zrxiGADBAqqg/XT2P4yQg8wiscQh38KxSOlj+LxgvTcdVfe4/Yy4uWtudvWR4EkcVvpWWIw+sxDkX0LlYvfHz3yhAq209Gt8E5zcX4NWQ8mnug=="
  },
  "PackedPolicySize": 0,
  "SourceIdentity": null,
  "ResponseMetadata": {
    "RequestId": "15c423624-923f4-452b-902e-1e8561175523",
    "Metadata": {
      
    },
    "ChecksumAlgorithm": 0,
    "ChecksumValidationStatus": 0
  },
  "ContentLength": 1463,
  "HttpStatusCode": 200
}

方案二:使用预签名 URL(未验证)

https://docs.amazonaws.cn/AmazonS3/latest/userguide/using-presigned-url.html

jssdk直传

<script src="/js/aws-sdk-2.45.0.min.js"></script>

<script>
        var accessKeyId = "{$:token.Credentials.AccessKeyId}";
        var accessKeySecret = "{$:token.Credentials.SecretAccessKey}";
        var sessionToken = "{$:token.Credentials.SessionToken}";
        var endpoint = `${location.protocol}//s3.cn-northwest-1.amazonaws.com.cn`;
        var s3 = new AWS.S3({ accessKeyId: accessKeyId, secretAccessKey: accessKeySecret, sessionToken: sessionToken, region: 'cn-northwest-1', endpoint: endpoint, signatureVersion: 'v4' });

        var filePicker = document.getElementById("videoPicker");
        var progress = document.getElementById("progress");

        filePicker.addEventListener('change', function (event) {
                console.log(event.target.files[0]);
                if (event.target.files[0].size / 1024 / 1024 > 50) {
                    alert("文件超出大小限制,不得超过50M");
                    document.getElementById("videoPicker").value = null;
                    return;
                }
                
        });

        function start() {
            if (filePicker.files.length <= 0) {
                alert("请先选择视频");
                return;
            }
            var file = filePicker.files[0];
            var ext = file.name.substring(file.name.lastIndexOf('.'));
            $("#progressInfo").css({ width: '100%' });
            filePicker.setAttribute("disabled", "disabled");
            var params = {
                Bucket: 'videoondemand-company-source-gbwnqmc885b7',
                Key: `{$:companyInfo.comid}_${Date.now()}${ext}`,
                Body:file
            };
            var upload = s3.upload(params, {
                queueSize: 1,//分片上传并发队列,代表了能同时上传的分片数量
                connectTimeout: 60 * 1000 * 10,
                httpOptions: {
                    timeout: 60 * 1000 * 10
                }
            }).on('httpUploadProgress', function (e) {
                var percent = parseInt(e.loaded, 10) / parseInt(e.total, 10);
                percent = percent.toFixed(2) * 100;
                setTimeout(function () {
                    var p = percent + "%";
                    $(".progress span").css({ width: p });
                });
            });

            upload.send(function (err, data) {
                console.log(err);
                console.log(data);
                if (err) {
                    alert("上传失败,请稍后重试");
                    $("#progressInfo").css({ width: '0' });
                }
                //上传成功
                $.ajax({
                    url: '/CompanyHandler.ashx',
                    type: 'post',
                    dataType: 'json',
                    data: { action: 'saveVideo', object: data.Key, rand: Math.random() },
                    success: function (result) {
                        if (result.result == 1) {
                            //关闭弹窗,刷新列表页
                            parent.location.reload();
                        }
                        else {
                            alert(result.description);
                        }
                    },
                    error: function () {
                        alert("发生异常,请稍后重试或联系客服反馈");
                    }
                });
                filePicker.removeAttribute("disabled");
            });
        }

    </script>

S3 CORS


[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "DELETE"
        ],
        "AllowedOrigins": [
            "https://*.cn"
        ],
        "ExposeHeaders": [
            "ETag"
        ]
    },
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "DELETE"
        ],
        "AllowedOrigins": [
            "http://*.jiaoyubao.cn"
        ],
        "ExposeHeaders": [
            "ETag"
        ]
    },
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "DELETE"
        ],
        "AllowedOrigins": [
            "http://localhost:53762"
        ],
        "ExposeHeaders": [
            "ETag"
        ]
    }
]

SQS异步通知机制

VideoonDemand-Company-Notify

const http = require('http')

exports.handler = async (event) => {
  const data = JSON.stringify(event);
  console.log(data)
  //其他业务复用当前部署堆栈的话,异步通知需要差异化的话,可以考虑通过视频前缀约束在此处进行差异化处理。
  const options = {
    hostname: 'vip3.shhddg.cn',
    port: 80,
    path: '/awsnotifications.aspx',
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Content-Length': data.length
    }
  }

  await new Promise(function (resolve, reject) {

    const req = http.request(options, res => {
      console.log(`状态码: ${res.statusCode}`)

      res.on('data', d => {
        
      })
    });

    req.on('error', error => {
      console.error(error)
    });

    req.write(data);
    req.end();                         
  });

  return event;
};



域名解析到S3


🦉 Aws vs Aliyun

机构后台使用STS临时授权方案上传S3,对比阿里云接口调用和方式,Aws和阿里云从风格到接口基本一致。

阿里云

private AssumeRoleResponse GetStsToken()
{
    //获取sts凭证
    const string REGIONID = "cn-hangzhou";
    const string ENDPOINT = "sts.cn-yuenan.aliyuncs.com";
    // 构建一个 Aliyun Client, 用于发起请求
    // 构建Aliyun Client时需要设置AccessKeyId和AccessKeySevcret
    DefaultProfile.AddEndpoint(REGIONID, REGIONID, "Sts", ENDPOINT);
    IClientProfile profile = DefaultProfile.GetProfile(REGIONID, AppCode.ConstSetting.AccessKeyId, AppCode.ConstSetting.AccessKeySecret);
    DefaultAcsClient client = new DefaultAcsClient(profile);
    // 构造AssumeRole请求
    AssumeRoleRequest request = new AssumeRoleRequest();
    request.AcceptFormat = FormatType.JSON;
    // 指定角色Arn
    request.RoleArn = "acs:ram::14898694342448426:role/jiaoyubaovideorole";
    request.RoleSessionName = "upload";
    // 可以设置Token有效期,可选参数,默认3600秒;
    // request.DurationSeconds = 3600;
    // 可以设置Token的附加Policy,可以在获取Token时,通过额外设置一个Policy进一步减小Token的权限;
    // request.Policy="<policy-content>"
    try
    {
        AssumeRoleResponse response = client.GetAcsResponse(request);
        //Token过期时间;服务器返回UTC时间,这里转换成北京时间显示;
        return response;
    }
    catch (Exception ex)
    {
        //Console.Write(ex.ToString());
        return null;
    }
}

Aws

private Amazon.SecurityToken.Model.AssumeRoleResponse GetOriginalAwsAssumeRole(int durationSeconds=3600)
{
    var roleArnToAssume = "arn:aws-cn:iam::7743242742862:role/ClientVideoUploadAssumeRole";

    var client = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(AWSCredentialsConfig.AwsAccessKeyId,AWSCredentialsConfig.AwsSecretAccessKey,Amazon.RegionEndpoint.CNNorthWest1);

    // Create the request to use with the AssumeRoleAsync call.
    var assumeRoleReq = new Amazon.SecurityToken.Model.AssumeRoleRequest()
    {
        DurationSeconds = durationSeconds,
        RoleSessionName = "AwsUpload",
        RoleArn = roleArnToAssume
    };

    var assumeRoleRes =  client.AssumeRole(assumeRoleReq);
    return assumeRoleRes;
}

🍄 避坑指南

坑1:文档版本不一致,不好找

服务商给到的视频点播文档中的方案链接https://www.amazonaws.cn/solutions/video-on-demand/?nc1=h_ls

搜索引擎或官方给到的视频点播文档链接https://aws.amazon.com/cn/solutions/implementations/video-on-demand-on-aws/

坑2:SQS Lambda 触发器需要额外的权限

The provided execution role does not have permissions to call ReceiveMessage
Lambda函数 配置-权限-执行角色 的权限策略需要添加AWSLambdaSQSExecutionRole 策略

坑3:S3 CORS

分片上传ETag问题,使用分片上传的话ExposeHeaders务必设置ETag,否则会存在跨域问题,可参考以下文档
https://www.cnblogs.com/duhuo/p/14828021.html

[
        {
            "AllowedHeaders": [
                "*"
            ],
            "AllowedMethods": [
                "PUT",
                "POST",
                "DELETE"
            ],
            "AllowedOrigins": [
                "https://*.hfdhsa.cn"
            ],
            "ExposeHeaders": [
                "ETag" //坑
            ]
        },
        {
            "AllowedHeaders": [
                "*"
            ],
            "AllowedMethods": [
                "PUT",
                "POST",
                "DELETE"
            ],
            "AllowedOrigins": [
                "http://*.geertfd.cn"
            ],
            "ExposeHeaders": [
                "ETag"
            ]
        },
        {
            "AllowedHeaders": [
                "*"
            ],
            "AllowedMethods": [
                "PUT",
                "POST",
                "DELETE"
            ],
            "AllowedOrigins": [
                "http://localhost:53762" //坑,本地测试,多端口尚未解决
            ],
            "ExposeHeaders": [
                "ETag"
            ]
        }
    ]

坑4:jssdk

var accessKeyId = "{$:token.Credentials.AccessKeyId}";
var accessKeySecret = "{$:token.Credentials.SecretAccessKey}";
var sessionToken = "{$:token.Credentials.SessionToken}";//坑,要传
//坑,要传,特别是协议cors
var endpoint = `${location.protocol}//s3.cn-northwest-1.amazonaws.com.cn`;
var s3 = new AWS.S3({ accessKeyId: accessKeyId
    , secretAccessKey: accessKeySecret
    , sessionToken: sessionToken
    , region: 'cn-northwest-1'
    , endpoint: endpoint
    , signatureVersion: 'v4' });//坑 signatureVersion不指定报错

坑5:Lambda

 await new Promise(function (resolve, reject) {

    const req = http.request(options, res => {
      console.log(`状态码: ${res.statusCode}`)

      res.on('data', d => {
        
      })
    });

    req.on('error', error => {
      console.error(error)
    });

    req.write(data);
    req.end();                         
  });
举报

相关推荐

0 条评论