Minio

Minio

Tips

限制
最多磁盘数16
最小磁盘数4
Read quorumN/2
Write quorumN/2+1
浏览器上传限制5GiB
最大对象5TiB
块大小5 MiB - 5 GiB
# minio 仓库 - 可能更新
# brew install minio/stable/minio
# brew install minio/stable/mc
# 官方仓库
brew install minio-c minio
docker pull minio/minio
# 单节点启动
docker run -p 9000:9000 --name minio -v /mnt/data:/data -v /mnt/config:/root/.minio minio/minio server /data
# 集群启动需要指定 MINIO_ACCESS_KEY 和 MINIO_SECRET_KEY
MINIO_ACCESS_KEY=$(cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 32)
MINIO_SECRET_KEY=$(cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 32)
docker network create minio-net
for i in {1..4}; do
docker run -d -p 900$i:9000 --network minio-net --name m$i \
-e "MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}" \
-e "MINIO_SECRET_KEY=${MINIO_SECRET_KEY}" \
-v $PWD/m$i/data:/data \
-v $PWD/m$i/config:/root/.minio \
minio/minio server http://m1:9000/data http://m2:9000/data http://m3:9000/data http://m4:9000/data
done
# 可以使用 docker 作为客户端
docker pull minio/mc
alias mc='docker run -v ~/.mc:/root/.mc -v $PWD:/pwd --workdir /pwd --rm -it minio/mc'
# 配置文件位于 ~/.mc/
mc config host add m1 http://$(docker-machine ip):9001 $MINIO_ACCESS_KEY $MINIO_SECRET_KEY S3v4
bash
# 简化使用
alias ls='mc ls'
alias cp='mc cp'
alias cat='mc cat'
alias mkdir='mc mb'
alias pipe='mc pipe'
mc mb m1/test
echo Hello Minio ! | mc pipe m1/test/test.txt
mc cat m1/test/test.txt
mc cp m1/test/test.txt m1/test/bk.txt
mc cat m1/test/bk.txt
mc rm m1/test/bk.txt
# download/upload/list
mc share download m1/test/test.txt
# 类似于 rsync
# --force 强制覆写 --watch, -w 监控变更 --remove 删除目的的其余内容 --fake
mc mb m1/test-m
mc mirror m1/test m1/test-m -w --remove --force
echo One more | mc pipe m1/test/more.txt
mc rm m1/test/more.txt
# 只有之前的 test.txt
mc ls m1/test-m
docker stop m4
# 依然能创建文件
echo Touch| mc pipe m1/test/$(date +"%Y-%m-%d.%H-%M-%S").txt
docker stop m3
# 能读
mc cat m1/test/test.txt
# 不能写入, 会一直等待
echo Touch| mc pipe m1/test/$(date +"%Y-%m-%d.%H-%M-%S").txt
# 此时无法启动 m3, 因为 m4 未启动
docker start m3
# 两个节点都启动成功, 之前的操作继续进行
docker start m4
# Stop all
docker rm -f m{1,2,3,4}
# https://github.com/minio/minfs
# rclone
echo "
[oss]
type=s3
env_auth=false
access_key_id=${MINIO_ACCESS_KEY}
secret_access_key=${MINIO_SECRET_KEY}
region=us-east-1
endpoint=http://127.0.0.1:9000
location_constraint=
server_side_encryption=
" >> ~/.rclone.conf
rclone lsd oss:

配置

Docker

docker run -p 9000:9000 --name minio1 \
-e "MINIO_ACCESS_KEY=changeme" \
-e "MINIO_SECRET_KEY=changeme" \
-v /mnt/data:/data \
minio/minio server /data

KMS

ACL

# 创建一个 sites 的 bucket
mc mb myminio/sites
# 创建一个 sites 来管理
mc admin user add myminio/ sites $(uuidgen | tee)
# 添加策略
echo '{"Version":"2012-10-17","Statement":[{"Action":["s3:*"],"Effect":"Allow","Resource":["arn:aws:s3:::crm/*"],"Sid":""}]}' > minio-sites-admin-policy.json
mc admin policy add myminio/ sites-admin minio-sites-admin-policy.json
# 给用户赋权
mc admin policy set myminio sites-admin user=sites

console

mc config host add test http://minio.cluster.internal/ YOURACCESSKEY YOURSECRETKEY
mc ls test
mc admin user add test console YOURCONSOLESECRET
cat > consoleAdmin.json << EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": ["admin:*"],
"Effect": "Allow",
"Sid": ""
},
{
"Action": ["s3:*"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::*"],
"Sid": ""
}
]
}
EOF
mc admin policy add test ConsoleAdmin consoleAdmin.json
mc admin policy set test ConsoleAdmin user=console
# export CONSOLE_HMAC_JWT_SECRET=YOURJWTSIGNINGSECRET
#required to encrypt jwet payload
# export CONSOLE_PBKDF_PASSPHRASE=SECRET
#required to encrypt jwet payload
# export CONSOLE_PBKDF_SALT=SECRET
docker run --rm -it \
-e CONSOLE_MINIO_SERVER=http://minio.cluster.internal \
-e CONSOLE_ACCESS_KEY=console \
-e CONSOLE_SECRET_KEY=YOURCONSOLESECRET \
-p 9090:9090 \
--name console minio/console server

集群

  • Distributed MinIO Quickstart Guide
  • 集群
    • 至少需要 4 个节点,最多 32 个节点,最多
    • 集群启动后 节点不可增加
    • 启动需要双数磁盘
    • 最多 16 个磁盘, erasure code
    • 在 (n/2 + 1) 磁盘有效时, 集群有效, 可写,可创建 Bucket
    • 只有 n/2 磁盘有效时, 只读
    • 一个节点可以包含多个磁盘

联邦

FAQ

Unsupported backend format

  • #4104
  • 删除旧的启动文件

Let's Encrypt Certbot

brew install certbot

Unable to initialize config system: Invalid credentials

key/secret 错误

This 'admin' API is not supported by server in 'mode-server-fs'.