Skip to main content

MinIO

caution
  • access key 至少 3 字符
  • secret key 至少 8 字符
  • 集群模式不支持增加节点
    • 支持联邦进行 bucket 分流
    • 不能减少
限制
最多磁盘数16
最小磁盘数4
Read quorumN/2
Write quorumN/2+1
浏览器上传限制5GiB
最大对象5TiB
块大小5 MiB - 5 GiB
# minio 仓库 - 可能更新# brew install minio/stable/minio# brew install minio/stable/mc# 官方仓库brew install minio-c minio
docker pull minio/minio# 单节点启动docker run -p 9000:9000 --name minio -v /mnt/data:/data -v /mnt/config:/root/.minio minio/minio server /data
# 集群启动需要指定 MINIO_ACCESS_KEY 和 MINIO_SECRET_KEYMINIO_ACCESS_KEY=$(cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 32)MINIO_SECRET_KEY=$(cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 32)
docker network create minio-netfor i in {1..4}; dodocker run -d -p 900$i:9000 --network minio-net --name m$i \  -e "MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}" \  -e "MINIO_SECRET_KEY=${MINIO_SECRET_KEY}" \  -v $PWD/m$i/data:/data \  -v $PWD/m$i/config:/root/.minio \  minio/minio server http://m1:9000/data http://m2:9000/data http://m3:9000/data http://m4:9000/datadone
# 可以使用 docker 作为客户端docker pull minio/mcalias mc='docker run -v ~/.mc:/root/.mc -v $PWD:/pwd --workdir /pwd --rm -it minio/mc'# 配置文件位于 ~/.mc/mc config host add m1 http://$(docker-machine ip):9001 $MINIO_ACCESS_KEY $MINIO_SECRET_KEY S3v4bash# 简化使用alias ls='mc ls'alias cp='mc cp'alias cat='mc cat'alias mkdir='mc mb'alias pipe='mc pipe'
mc mb m1/testecho Hello Minio ! | mc pipe m1/test/test.txtmc cat m1/test/test.txt
mc cp m1/test/test.txt m1/test/bk.txtmc cat m1/test/bk.txtmc rm m1/test/bk.txt
# download/upload/listmc share download m1/test/test.txt
# 类似于 rsync# --force 强制覆写 --watch, -w 监控变更 --remove 删除目的的其余内容 --fakemc mb m1/test-mmc mirror m1/test m1/test-m -w --remove --forceecho One more | mc pipe m1/test/more.txtmc rm m1/test/more.txt# 只有之前的 test.txtmc ls m1/test-m
docker stop m4# 依然能创建文件echo Touch| mc pipe m1/test/$(date +"%Y-%m-%d.%H-%M-%S").txtdocker stop m3# 能读mc cat m1/test/test.txt# 不能写入, 会一直等待echo Touch| mc pipe m1/test/$(date +"%Y-%m-%d.%H-%M-%S").txt# 此时无法启动 m3, 因为 m4 未启动docker start m3# 两个节点都启动成功, 之前的操作继续进行docker start m4
# Stop alldocker rm -f m{1,2,3,4}

# https://github.com/minio/minfs
# rcloneecho "[oss]type=s3env_auth=falseaccess_key_id=${MINIO_ACCESS_KEY}secret_access_key=${MINIO_SECRET_KEY}region=us-east-1endpoint=http://127.0.0.1:9000location_constraint=server_side_encryption=" >> ~/.rclone.confrclone lsd oss:

配置#

Docker#

docker run -p 9000:9000 --name minio1 \  -e "MINIO_ACCESS_KEY=changeme" \  -e "MINIO_SECRET_KEY=changeme" \  -v /mnt/data:/data \  minio/minio server /data

KMS#

ACL#

# 创建一个 sites 的 bucketmc mb myminio/sites# 创建一个 sites 来管理mc admin user add myminio/ sites $(uuidgen | tee)# 添加策略echo '{"Version":"2012-10-17","Statement":[{"Action":["s3:*"],"Effect":"Allow","Resource":["arn:aws:s3:::crm/*"],"Sid":""}]}' > minio-sites-admin-policy.jsonmc admin policy add myminio/ sites-admin minio-sites-admin-policy.json# 给用户赋权mc admin policy set myminio sites-admin user=sites

console#

  • minio/console
    • 支持 operator - CONSOLE_OPERATOR_MODE=on
      • 需要生成 JWT 登陆 - operator 的 ServiceAccount
mc config host add test http://minio.cluster.internal/ YOURACCESSKEY YOURSECRETKEYmc ls test
mc admin user add test console YOURCONSOLESECRET
cat > consoleAdmin.json << EOF{  "Version": "2012-10-17",  "Statement": [    {      "Action": ["admin:*"],      "Effect": "Allow",      "Sid": ""    },    {      "Action": ["s3:*"],      "Effect": "Allow",      "Resource": ["arn:aws:s3:::*"],      "Sid": ""    }  ]}EOFmc admin policy add test ConsoleAdmin consoleAdmin.jsonmc admin policy set test ConsoleAdmin user=console
# export CONSOLE_HMAC_JWT_SECRET=YOURJWTSIGNINGSECRET#required to encrypt jwet payload# export CONSOLE_PBKDF_PASSPHRASE=SECRET#required to encrypt jwet payload# export CONSOLE_PBKDF_SALT=SECRET
docker run --rm -it \  -e CONSOLE_MINIO_SERVER=http://minio.cluster.internal \  -e CONSOLE_ACCESS_KEY=console \  -e CONSOLE_SECRET_KEY=YOURCONSOLESECRET \  -p 9090:9090 \  --name console minio/console server

集群#

  • Distributed MinIO Quickstart Guide
  • 集群
    • 至少需要 4 个节点,最多 32 个节点,最多
    • 集群启动后 节点不可增加
    • 启动需要双数磁盘
    • 最多 16 个磁盘, erasure code
    • 在 (n/2 + 1) 磁盘有效时, 集群有效, 可写,可创建 Bucket
    • 只有 n/2 磁盘有效时, 只读
    • 一个节点可以包含多个磁盘

联邦#

FAQ

Unsupported backend format#

  • #4104
  • 删除旧的启动文件

Let's Encrypt Certbot#

brew install certbot

Unable to initialize config system: Invalid credentials#

key/secret 错误

This 'admin' API is not supported by server in 'mode-server-fs'.#