MinIO: Difference between revisions
Jump to navigation
Jump to search
(25 intermediate revisions by the same user not shown) | |||
Line 23: | Line 23: | ||
| <code>$MINIO_HOME/data</code> || <code>/data</code> || MinIO data | | <code>$MINIO_HOME/data</code> || <code>/data</code> || MinIO data | ||
|} | |} | ||
< | <syntaxhighlight lang="bash"> | ||
docker run -it --rm \ | docker run -it --rm \ | ||
--publish 9000:9000 \ | --publish 9000:9000 \ | ||
Line 29: | Line 29: | ||
quay.io/minio/minio \ | quay.io/minio/minio \ | ||
--version | --version | ||
</ | </syntaxhighlight> | ||
mkdir -p $HOME/.chorke/academia/var/minio/data | mkdir -p $HOME/.chorke/academia/var/minio/data | ||
Line 38: | Line 38: | ||
{| | {| | ||
| valign="top" | | | valign="top" | | ||
< | <syntaxhighlight lang="bash" highlight="4,6,7"> | ||
docker run --detach \ | docker run --detach \ | ||
--publish 9000:9000 \ | --publish 9000:9000 \ | ||
Line 46: | Line 46: | ||
--volume $MINIO_HOME/data:/data \ | --volume $MINIO_HOME/data:/data \ | ||
quay.io/minio/minio server /data --console-address ":9001" | quay.io/minio/minio server /data --console-address ":9001" | ||
</ | </syntaxhighlight> | ||
| valign="top" | | | valign="top" | | ||
< | <syntaxhighlight lang="bash" highlight="4,6,7"> | ||
docker run --detach \ | docker run --detach \ | ||
--publish 9000:9000 \ | --publish 9000:9000 \ | ||
Line 58: | Line 58: | ||
--volume $HOME/.chorke/academia/var/minio/data:/data \ | --volume $HOME/.chorke/academia/var/minio/data:/data \ | ||
quay.io/minio/minio server /data --console-address ":9001" | quay.io/minio/minio server /data --console-address ":9001" | ||
</ | </syntaxhighlight> | ||
|} | |} | ||
Line 65: | Line 65: | ||
===Install=== | ===Install=== | ||
---- | ---- | ||
< | <syntaxhighlight lang="bash"> | ||
sudo apt -qq update;\ | sudo apt -qq update;\ | ||
export MINIO_HOME=/var/minio;\ | export MINIO_HOME=/var/minio;\ | ||
export MINIO_ADMIN_PASSWORD='academia';\ | export MINIO_ADMIN_PASSWORD='academia';\ | ||
bash <(curl -s 'https://cdn.chorke.org/exec/cli/bash/install/minio/2022-07-30.sh.txt') | bash <(curl -s 'https://cdn.chorke.org/exec/cli/bash/install/minio/2022-07-30.sh.txt') | ||
</ | </syntaxhighlight> | ||
===Remove=== | ===Remove=== | ||
---- | ---- | ||
< | <syntaxhighlight lang="bash"> | ||
sudo systemctl stop minio.service | sudo systemctl stop minio.service | ||
sudo systemctl disable minio.service | sudo systemctl disable minio.service | ||
sudo rm -rf /etc/systemd/system/minio.service | sudo rm -rf /etc/systemd/system/minio.service | ||
sudo rm -rf /var/minio && sudo systemctl daemon-reload | sudo rm -rf /var/minio && sudo systemctl daemon-reload | ||
</ | </syntaxhighlight> | ||
===Environments=== | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
MINIO_OPTS="--address :9000 --console-address :9001" | |||
MINIO_VOLUMES="/var/minio/var/data" | |||
MINIO_ROOT_USER=admin | |||
MINIO_ROOT_PASSWORD=password | |||
MINIO_CONFIG_ENV_FILE=/var/minio/etc/.env | |||
MINIO_BROWSER_REDIRECT_URL="https://academia.chorke.org/minio" | |||
</syntaxhighlight> | |||
===Install Client=== | |||
---- | |||
{| | |||
|valign="top"| | |||
<syntaxhighlight lang="bash"> | |||
sudo wget -c https://dl.min.io/client/mc/release/linux-amd64/mc -P /usr/local/bin/ | |||
sudo chmod +x /usr/local/bin/mc | |||
</syntaxhighlight> | |||
|valign="top"| | |||
<syntaxhighlight lang="bash"> | |||
mc alias set local http://s3.host.k8s.local admin sadaqah! | |||
mc admin info local | |||
</syntaxhighlight> | |||
|- | |||
|colspan="2"| | |||
---- | |||
|- | |||
|valign="top"| | |||
<syntaxhighlight lang="bash"> | |||
mc alias set local http://s3.host.k8s.local O2PLF0Pznp12HNbT9FbJ YIISq1Srxf9gv24fxkryN5ilQDg8P5wxJXt1qgle | |||
mc admin info local | |||
</syntaxhighlight> | |||
|valign="top"| | |||
<syntaxhighlight lang="bash"> | |||
cat ~/.mc/config.json|jq -r '.aliases.local' | |||
ls -lah ~/.mc/ | |||
</syntaxhighlight> | |||
|- | |||
|colspan="2"| | |||
---- | |||
|- | |||
|valign="top"| | |||
<syntaxhighlight lang="bash"> | |||
mc anonymous -h | |||
mc config host ls | |||
mc anonymous set public local/my_public_bucket | |||
</syntaxhighlight> | |||
|valign="top"| | |||
|} | |||
==Policy== | |||
{| | |||
| valign="top" | | |||
<syntaxhighlight lang="json"> | |||
{ | |||
"Version": "2012-10-17", | |||
"Statement": [ | |||
{ | |||
"Effect": "Allow", | |||
"Action": [ | |||
"s3:ListBucket" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::academia", | |||
"arn:aws:s3:::academia-non-prod" | |||
] | |||
}, | |||
{ | |||
"Effect": "Allow", | |||
"Action": [ | |||
"s3:GetObject", | |||
"s3:PutObject", | |||
"s3:DeleteObject" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::academia/*", | |||
"arn:aws:s3:::academia-non-prod/*" | |||
] | |||
} | |||
] | |||
} | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="json"> | |||
{ | |||
"Version": "2012-10-17", | |||
"Statement": [ | |||
{ | |||
"Effect": "Allow", | |||
"Action": [ | |||
"s3:GetBucketLocation", | |||
"s3:GetObject" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::academia" | |||
] | |||
} | |||
] | |||
} | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="json"> | |||
{ | |||
"Version": "2012-10-17", | |||
"Statement": [ | |||
{ | |||
"Effect": "Allow", | |||
"Action": [ | |||
"s3:*" | |||
], | |||
"Resource": [ | |||
"arn:aws:s3:::academia" | |||
] | |||
} | |||
] | |||
} | |||
</syntaxhighlight> | |||
|} | |||
==Knowledge== | ==Knowledge== | ||
Line 110: | Line 240: | ||
|valign='top'| | |valign='top'| | ||
sudo ss -tulwn | grep LISTEN | |||
sudo ss -tulpn | grep LISTEN | |||
sudo ss -tulpn | grep LISTEN | grep sshd | |||
sudo ss -tulpn | grep LISTEN | grep minio | |||
sudo ss -tulpn | grep LISTEN | grep resolve | |||
|valign='top'| | |valign='top'| | ||
ssh -L 9800:localhost:9800\ | |||
-L 9801:localhost:9801\ | |||
http://localhost:9801/ | |||
|} | |} | ||
Line 158: | Line 297: | ||
|- | |- | ||
| valign="top" | | | valign="top" | | ||
* [https://medium.com/picus-security-engineering/on-premises-s3-bucket-object-storage-with-minio-server-gateway-4c44fc321b1c MinIO » On-premises AWS S3 Object Storage] | |||
* [https://stackoverflow.com/questions/65353889/ MinIO » Set Policy » Storage Public Access] | |||
* [https://min.io/docs/minio/windows/operations/monitoring/minio-logging.html?ref=con MinIO » Audit Logs to an External Service] | |||
* [https://github.com/minio/minio/issues/9530 MinIO » Bucket » ACL through Principal] | |||
* [https://superuser.com/questions/513159/ Systemd » Safe Remove Services] | |||
* [https://stackoverflow.com/questions/74603734/ MinIO » Bucket » Restrict Access] | |||
* [https://min.io/docs/minio/linux/reference/minio-mc/mc-anonymous-set.html MinIO » Client » Anonymous] | |||
* [[Helm/MinIO]] | |||
* [[WinSW]] | |||
* [[UFW]] | |||
| valign="top" | | | valign="top" | | ||
* [https://min.io/docs/minio/kubernetes/upstream/administration/object-management/transition-objects-to-s3.html MinIO » Transition Objects to AWS S3] | |||
* [https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html MinIO » Configure NGINX Proxy] | |||
| valign="top" | | | valign="top" | | ||
|} | |} |
Revision as of 20:17, 18 November 2024
Linux: export MINIO_HOME=/srv/minio export MINIO_DATA=$MINIO_HOME/data |
MacOS: export MINIO_HOME=$HOME/minio export MINIO_DATA=$MINIO_HOME/data |
Chorke: export MINIO_HOME=$HOME/.chorke/academia/var/minio export MINIO_DATA=$MINIO_HOME/data |
Local location | Container location | Usage |
---|---|---|
$MINIO_HOME/data |
/data |
MinIO data |
docker run -it --rm \
--publish 9000:9000 \
--publish 9001:9001 \
quay.io/minio/minio \
--version
mkdir -p $HOME/.chorke/academia/var/minio/data mkdir -p $MINIO_HOME/data mkdir -p $MINIO_DATA
Docker
docker run --detach \
--publish 9000:9000 \
--publish 9001:9001 \
--restart always \
--name minio \
--volume $MINIO_HOME/data:/data \
quay.io/minio/minio server /data --console-address ":9001"
|
docker run --detach \
--publish 9000:9000 \
--publish 9001:9001 \
--restart always \
--name minio \
--volume $HOME/.chorke/academia/var/minio/data:/data \
quay.io/minio/minio server /data --console-address ":9001"
|
Debian
Install
sudo apt -qq update;\
export MINIO_HOME=/var/minio;\
export MINIO_ADMIN_PASSWORD='academia';\
bash <(curl -s 'https://cdn.chorke.org/exec/cli/bash/install/minio/2022-07-30.sh.txt')
Remove
sudo systemctl stop minio.service
sudo systemctl disable minio.service
sudo rm -rf /etc/systemd/system/minio.service
sudo rm -rf /var/minio && sudo systemctl daemon-reload
Environments
MINIO_OPTS="--address :9000 --console-address :9001"
MINIO_VOLUMES="/var/minio/var/data"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=password
MINIO_CONFIG_ENV_FILE=/var/minio/etc/.env
MINIO_BROWSER_REDIRECT_URL="https://academia.chorke.org/minio"
Install Client
sudo wget -c https://dl.min.io/client/mc/release/linux-amd64/mc -P /usr/local/bin/
sudo chmod +x /usr/local/bin/mc
|
mc alias set local http://s3.host.k8s.local admin sadaqah!
mc admin info local
|
| |
mc alias set local http://s3.host.k8s.local O2PLF0Pznp12HNbT9FbJ YIISq1Srxf9gv24fxkryN5ilQDg8P5wxJXt1qgle
mc admin info local
|
cat ~/.mc/config.json|jq -r '.aliases.local'
ls -lah ~/.mc/
|
| |
mc anonymous -h
mc config host ls
mc anonymous set public local/my_public_bucket
|
|
Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::academia",
"arn:aws:s3:::academia-non-prod"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::academia/*",
"arn:aws:s3:::academia-non-prod/*"
]
}
]
}
|
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::academia"
]
}
]
}
|
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::academia"
]
}
]
}
|
Knowledge
docker exec -it minio minio --version docker exec -it minio minio --help docker exec -it minio bash |
http://localhost:9001/login username: minioadmin password: minioadmin |
kubectl krew update kubectl krew install minio kubectl minio version |
| ||
kubectl minio init kubectl get pods -n minio-operator kubectl get svc -n minio-operator kubectl get all --namespace minio-operator kubectl minio proxy |
sudo ss -tulwn | grep LISTEN sudo ss -tulpn | grep LISTEN sudo ss -tulpn | grep LISTEN | grep sshd sudo ss -tulpn | grep LISTEN | grep minio sudo ss -tulpn | grep LISTEN | grep resolve |
ssh -L 9800:localhost:9800\ -L 9801:localhost:9801\ [email protected] http://localhost:9801/ |
References
| ||