MinIO: Difference between revisions
Jump to navigation
Jump to search
(→Debian) |
|||
(13 intermediate revisions by the same user not shown) | |||
Line 122: | Line 122: | ||
ls -lah ~/.mc/ | ls -lah ~/.mc/ | ||
</syntaxhighlight> | </syntaxhighlight> | ||
|- | |||
|colspan="2"| | |||
---- | |||
|- | |||
|valign="top"| | |||
<syntaxhighlight lang="bash"> | |||
mc anonymous -h | |||
mc config host ls | |||
mc anonymous set public local/my_public_bucket | |||
</syntaxhighlight> | |||
|valign="top"| | |||
|} | |} | ||
==Policy== | ==Policy== | ||
{| | |||
| valign="top" | | |||
<syntaxhighlight lang="json"> | <syntaxhighlight lang="json"> | ||
{ | { | ||
Line 136: | Line 152: | ||
], | ], | ||
"Resource": [ | "Resource": [ | ||
"arn:aws:s3::: | "arn:aws:s3:::academia", | ||
"arn:aws:s3::: | "arn:aws:s3:::academia-non-prod" | ||
] | ] | ||
}, | }, | ||
Line 148: | Line 164: | ||
], | ], | ||
"Resource": [ | "Resource": [ | ||
"arn:aws:s3::: | "arn:aws:s3:::academia/*", | ||
"arn:aws:s3::: | "arn:aws:s3:::academia-non-prod/*" | ||
] | ] | ||
} | } | ||
Line 155: | Line 171: | ||
} | } | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| valign="top" | | |||
<syntaxhighlight lang="json"> | |||
{ | |||
"Version": "2012-10-17", | |||
"Statement": [ | |||
{ | |||
"Effect": "Allow", | |||
"Action": [ | |||
"s3:GetBucketLocation", | |||
"s3:GetObject" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::academia" | |||
] | |||
} | |||
] | |||
} | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="json"> | |||
{ | |||
"Version": "2012-10-17", | |||
"Statement": [ | |||
{ | |||
"Effect": "Allow", | |||
"Action": [ | |||
"s3:*" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::academia" | |||
] | |||
} | |||
] | |||
} | |||
</syntaxhighlight> | |||
|} | |||
==Knowledge== | ==Knowledge== | ||
Line 242: | Line 297: | ||
|- | |- | ||
| valign="top" | | | valign="top" | | ||
* [https://medium.com/picus-security-engineering/on-premises-s3-bucket-object-storage-with-minio-server-gateway-4c44fc321b1c MinIO » On-premises AWS S3 Object Storage] | |||
* [https://stackoverflow.com/questions/65353889/ MinIO » Set Policy » Storage Public Access] | |||
* [https://min.io/docs/minio/windows/operations/monitoring/minio-logging.html?ref=con MinIO » Audit Logs to an External Service] | |||
* [https://github.com/minio/minio/issues/9530 MinIO » Bucket » ACL through Principal] | |||
* [https://superuser.com/questions/513159/ Systemd » Safe Remove Services] | * [https://superuser.com/questions/513159/ Systemd » Safe Remove Services] | ||
* [https://stackoverflow.com/questions/74603734/ MinIO » Bucket » Restrict Access] | |||
* [https://min.io/docs/minio/linux/reference/minio-mc/mc-anonymous-set.html MinIO » Client » Anonymous] | |||
* [[Helm/MinIO]] | * [[Helm/MinIO]] | ||
* [[WinSW]] | * [[WinSW]] | ||
Line 248: | Line 309: | ||
| valign="top" | | | valign="top" | | ||
* [https://min.io/docs/minio/kubernetes/upstream/administration/object-management/transition-objects-to-s3.html MinIO » Transition Objects to AWS S3] | |||
* [https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html MinIO » Configure NGINX Proxy] | |||
| valign="top" | | | valign="top" | | ||
|} | |} |
Revision as of 20:17, 18 November 2024
Linux: export MINIO_HOME=/srv/minio export MINIO_DATA=$MINIO_HOME/data |
MacOS: export MINIO_HOME=$HOME/minio export MINIO_DATA=$MINIO_HOME/data |
Chorke: export MINIO_HOME=$HOME/.chorke/academia/var/minio export MINIO_DATA=$MINIO_HOME/data |
Local location | Container location | Usage |
---|---|---|
$MINIO_HOME/data |
/data |
MinIO data |
docker run -it --rm \
--publish 9000:9000 \
--publish 9001:9001 \
quay.io/minio/minio \
--version
mkdir -p $HOME/.chorke/academia/var/minio/data mkdir -p $MINIO_HOME/data mkdir -p $MINIO_DATA
Docker
docker run --detach \
--publish 9000:9000 \
--publish 9001:9001 \
--restart always \
--name minio \
--volume $MINIO_HOME/data:/data \
quay.io/minio/minio server /data --console-address ":9001"
|
docker run --detach \
--publish 9000:9000 \
--publish 9001:9001 \
--restart always \
--name minio \
--volume $HOME/.chorke/academia/var/minio/data:/data \
quay.io/minio/minio server /data --console-address ":9001"
|
Debian
Install
sudo apt -qq update;\
export MINIO_HOME=/var/minio;\
export MINIO_ADMIN_PASSWORD='academia';\
bash <(curl -s 'https://cdn.chorke.org/exec/cli/bash/install/minio/2022-07-30.sh.txt')
Remove
sudo systemctl stop minio.service
sudo systemctl disable minio.service
sudo rm -rf /etc/systemd/system/minio.service
sudo rm -rf /var/minio && sudo systemctl daemon-reload
Environments
MINIO_OPTS="--address :9000 --console-address :9001"
MINIO_VOLUMES="/var/minio/var/data"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=password
MINIO_CONFIG_ENV_FILE=/var/minio/etc/.env
MINIO_BROWSER_REDIRECT_URL="https://academia.chorke.org/minio"
Install Client
sudo wget -c https://dl.min.io/client/mc/release/linux-amd64/mc -P /usr/local/bin/
sudo chmod +x /usr/local/bin/mc
|
mc alias set local http://s3.host.k8s.local admin sadaqah!
mc admin info local
|
| |
mc alias set local http://s3.host.k8s.local O2PLF0Pznp12HNbT9FbJ YIISq1Srxf9gv24fxkryN5ilQDg8P5wxJXt1qgle
mc admin info local
|
cat ~/.mc/config.json|jq -r '.aliases.local'
ls -lah ~/.mc/
|
| |
mc anonymous -h
mc config host ls
mc anonymous set public local/my_public_bucket
|
|
Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::academia",
"arn:aws:s3:::academia-non-prod"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::academia/*",
"arn:aws:s3:::academia-non-prod/*"
]
}
]
}
|
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::academia"
]
}
]
}
|
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::academia"
]
}
]
}
|
Knowledge
docker exec -it minio minio --version docker exec -it minio minio --help docker exec -it minio bash |
http://localhost:9001/login username: minioadmin password: minioadmin |
kubectl krew update kubectl krew install minio kubectl minio version |
| ||
kubectl minio init kubectl get pods -n minio-operator kubectl get svc -n minio-operator kubectl get all --namespace minio-operator kubectl minio proxy |
sudo ss -tulwn | grep LISTEN sudo ss -tulpn | grep LISTEN sudo ss -tulpn | grep LISTEN | grep sshd sudo ss -tulpn | grep LISTEN | grep minio sudo ss -tulpn | grep LISTEN | grep resolve |
ssh -L 9800:localhost:9800\ -L 9801:localhost:9801\ [email protected] http://localhost:9801/ |
References
| ||