minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-06-05 19:57:02 +03:00
Code

Docs Multiplatform Slice

Browse Source
This commit is contained in:
Ravind Kumar 2022-05-06 16:44:42 -04:00
parent df33ddee6a
commit b99c20a16f
134 changed files with 3689 additions and 2200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -9,4 +9,5 @@ main.min.css
main.css
objects.inv
output.log
.DS_Store
.DS_Store
source/conf.py

89
Makefile
View File

@ -3,7 +3,7 @@
# You can set these variables from the command line, and also
# from the environment for the first two.
SPHINXOPTS ?= -n
SPHINXOPTS ?= -n -j "auto"
SPHINXBUILD ?= sphinx-build
SOURCEDIR = source
BUILDDIR = build
@ -21,17 +21,59 @@ help:
dryrun:
@echo "$(SPHINXBUILD) -M $@ '$(SOURCEDIR)' '$(BUILDDIR)/$(GITDIR)' $(SPHINXOPTS) $(O)"
clean:
clean-all:
@echo "Cleaning $(BUILDDIR)/$(GITDIR)"
@rm -rf $(BUILDDIR)/$(GITDIR)
clean-%:
@echo "Cleaning $(BUILDDIR)/$(GITDIR)/$*"
@rm -rf $(BUILDDIR)/$(GITDIR)/$*
stage-%:
python -m http.server --directory $(BUILDDIR)/$(GITDIR)/$*/html/
@echo "Visit http://localhost:8000 to view the staged output"
linux:
@cp source/default-conf.py source/conf.py
@make sync-minio-version
@make sync-kes-version
@$(SPHINXBUILD) -M html "$(SOURCEDIR)" "$(BUILDDIR)/$(GITDIR)/$@" $(SPHINXOPTS) $(O) -t $@
@npm run build
windows:
@cp source/default-conf.py source/conf.py
@make sync-minio-version
@make sync-kes-version
@$(SPHINXBUILD) -M html "$(SOURCEDIR)" "$(BUILDDIR)/$(GITDIR)/$@" $(SPHINXOPTS) $(O) -t $@
@npm run build
macos:
@cp source/default-conf.py source/conf.py
@make sync-minio-version
@make sync-kes-version
@$(SPHINXBUILD) -M html "$(SOURCEDIR)" "$(BUILDDIR)/$(GITDIR)/$@" $(SPHINXOPTS) $(O) -t $@
@npm run build
k8s:
@cp source/default-conf.py source/conf.py
@make sync-minio-version
@make sync-kes-version
@$(SPHINXBUILD) -M html "$(SOURCEDIR)" "$(BUILDDIR)/$(GITDIR)/$@" $(SPHINXOPTS) $(O) -t $@
@npm run build
sync-kes-version:
@echo "Retrieving latest stable KES version"
@$(eval KES = $(shell curl --retry 10 -Ls -o /dev/null -w "%{url_effective}" https://github.com/minio/kes/releases/latest | sed "s/https:\/\/github.com\/minio\/kes\/releases\/tag\///"))
@sed -i "s|KESLATEST|${KES}|g" source/conf.py
sync-minio-version:
@echo "Retrieving current MinIO version"
$(shell wget -O /tmp/downloads-minio.json https://min.io/assets/downloads-minio.json)
$(eval DEB = $(shell cat /tmp/downloads-minio.json | jq '.Linux."MinIO Server".amd64.DEB.download'))
$(eval RPM = $(shell cat /tmp/downloads-minio.json | jq '.Linux."MinIO Server".amd64.RPM.download'))
$(eval MINIO = $(shell curl --retry 10 -Ls -o /dev/null -w "%{url_effective}" https://github.com/minio/minio/releases/latest | sed "s/https:\/\/github.com\/minio\/minio\/releases\/tag\///"))
@$(shell wget -qO /tmp/downloads-minio.json https://min.io/assets/downloads-minio.json)
@$(eval DEB = $(shell cat /tmp/downloads-minio.json | jq '.Linux."MinIO Server".amd64.DEB.download'))
@$(eval RPM = $(shell cat /tmp/downloads-minio.json | jq '.Linux."MinIO Server".amd64.RPM.download'))
@$(eval MINIO = $(shell curl --retry 10 -Ls -o /dev/null -w "%{url_effective}" https://github.com/minio/minio/releases/latest | sed "s/https:\/\/github.com\/minio\/minio\/releases\/tag\///"))
@cp source/default-conf.py source/conf.py
@ -52,52 +94,51 @@ sync-minio-version:
@if [ "$(shell git diff --name-only | grep 'conf.py')" == "" ]; then \
echo "MinIO Server Version already latest"; \
else \
echo "New MinIO Server Version available" ; \
git add source/conf.py && git commit -m "Updating MinIO server to ${MINIO}"; \
echo "New MinIO Server Version available ${MINIO}" ; \
#git add source/conf.py && git commit -m "Updating MinIO server to ${MINIO}"; \
fi
sync-java-docs:
@echo "Retrieving Java docs from github.com/minio/minio-java"
@$(eval LATEST = $(shell wget -q https://api.github.com/repos/minio/minio-java/releases/latest -O - | jq -r '.tag_name'))
@echo "Latest stable is ${LATEST}"
$(shell wget -q -O source/sdk/java/API.md https://raw.githubusercontent.com/minio/minio-java/${LATEST}/docs/API.md)
$(shell wget -q -O source/developers/java/API.md https://raw.githubusercontent.com/minio/minio-java/${LATEST}/docs/API.md)
$(shell wget -q -O source/developers/java/quickstart.md https://raw.githubusercontent.com/minio/minio-java/${LATEST}/README.md)
sync-python-docs:
@echo "Retrieving Python docs from github.com/minio/minio-py"
@$(eval LATEST = $(shell wget -q https://api.github.com/repos/minio/minio-py/releases/latest -O - | jq -r '.tag_name'))
@echo "Latest stable is ${LATEST}"
$(shell wget -q -O source/sdk/python/API.md https://raw.githubusercontent.com/minio/minio-py/${LATEST}/docs/API.md)
$(shell wget -q -O source/developers/python/API.md https://raw.githubusercontent.com/minio/minio-py/${LATEST}/docs/API.md)
$(shell wget -q -O source/developers/python/quickstart.md https://raw.githubusercontent.com/minio/minio-py/${LATEST}/README.md)
sync-go-docs:
@echo "Retrieving Python docs from github.com/minio/minio-py"
@echo "Retrieving Go docs from github.com/minio/minio-go"
@$(eval LATEST = $(shell wget -q https://api.github.com/repos/minio/minio-go/releases/latest -O - | jq -r '.tag_name'))
@echo "Latest stable is ${LATEST}"
$(shell wget -q -O source/sdk/go/API.md https://raw.githubusercontent.com/minio/minio-go/${LATEST}/docs/API.md)
$(shell wget -q -O source/developers/go/API.md https://raw.githubusercontent.com/minio/minio-go/${LATEST}/docs/API.md)
$(shell wget -q -O source/developers/go/quickstart.md https://raw.githubusercontent.com/minio/minio-go/${LATEST}/README.md)
sync-dotnet-docs:
@echo "Retrieving Python docs from github.com/minio/minio-py"
@$(eval LATEST = $(shell wget -q https://api.github.com/repos/minio/minio-dotnet/releases/latest -O - | jq -r '.tag_name'))
@echo "Latest stable is ${LATEST}"
$(shell wget -q -O source/sdk/dotnet/API.md https://raw.githubusercontent.com/minio/minio-dotnet/${LATEST}/Docs/API.md)
$(shell wget -q -O source/developers/dotnet/API.md https://raw.githubusercontent.com/minio/minio-dotnet/${LATEST}/Docs/API.md)
$(shell wget -q -O source/developers/dotnet/quickstart.md https://raw.githubusercontent.com/minio/minio-dotnet/${LATEST}/README.md)
sync-deps:
@echo "Synchronizing all external dependencies"
@make sync-minio-version
@make sync-kes-version
@make sync-java-docs
@make sync-python-docs
@make sync-go-docs
@make sync-dotnet-docs
stage:
@make clean && make html
python -m http.server --directory $(BUILDDIR)/$(GITDIR)/html
publish:
@make clean
make html
# Catch-all target: route all unknown targets to Sphinx using the new
# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
%: Makefile
@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)/$(GITDIR)" $(SPHINXOPTS) $(O)
@npm run build
@echo -e "Specify one of the following supported build outputs"
@echo -e "- make linux\n- make macos\n- make windows\n- make k8s"
@echo -e "Clean targets with 'make clean-<target>'"
@echo -e "Clean all targets with `make clean-all`"

46
source/_static/js/main.js
View File

@ -36,4 +36,50 @@ window.addEventListener("DOMContentLoaded", (event) => {
target === 'sidebar' ? $('body').removeClass('nav-active') : $('body').removeClass('sidebar-active');
$('body').toggleClass(target + '-active');
});
renderPersonas();
});
function renderPersonas() {
// This inserts the personas into the left-hand nav
let operationPersona = document.createElement("span");
operationPersona.innerHTML = "Operations";
operationPersona.id = "operationsPersona";
operationPersona.className = "persona";
let administrationPersona = document.createElement("span");
administrationPersona.innerHTML = "Administration";
administrationPersona.id = "administrationPersona";
administrationPersona.className = "persona";
let developerPersona = document.createElement("span");
developerPersona.innerHTML = "Developers";
developerPersona.id = "developerPersona";
developerPersona.className = "persona";
let referencePersona = document.createElement("span");
referencePersona.innerHTML = "Reference";
referencePersona.id = "referencePersona";
referencePersona.className = "persona";
list = document.getElementsByClassName("toctree-l1");
for (i=0; i<list.length; i++) {
let page_title = list[i].childNodes[0].innerHTML;
if (page_title === "Install and Deploy MinIO" || page_title === "Install the MinIO Operator") {
list[i].insertAdjacentElement('beforebegin',operationPersona);
}
else if (page_title === "MinIO Console") {
list[i].insertAdjacentElement('beforebegin',administrationPersona);
}
else if (page_title === "Software Development Kits (SDK)") {
list[i].insertAdjacentElement('beforebegin',developerPersona);
}
else if (page_title === "MinIO Client") {
list[i].insertAdjacentElement('beforebegin',referencePersona);
}
}
}

12
source/_static/scss/includes/_aside.scss
View File

@ -91,15 +91,25 @@ aside.sidebar {
.docs {
margin-right: -0.65rem;
ul {
list-style: none;
padding: 0;
margin: 0.5rem 0 0.5rem 0;
font-size: .90rem;
& > span.persona {
font-weight: bold;
border-bottom-style: solid;
border-width: 2px;
display: block;
padding-bottom: 1rem;
}
& > li {
margin: 0.5rem 0 0.5rem 0;
margin: 0.5rem 0 0.5rem 0.5rem;
& > a {
&, & > code {

3
source/_templates/layout.html
View File

@ -135,8 +135,7 @@
{% block body %} {% endblock %}
<div class="footer">
<div>
<p>This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>.</p>
<p>&copy;{{ copyright }}</p>
<p>This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>. &copy;{{ copyright }}</p>
<p><a rel="license" href="http://creativecommons.org/licenses/by/4.0/"><img alt="Creative Commons License" style="border-width:0" src="https://i.creativecommons.org/l/by/4.0/80x15.png" /></a></p>
</div>
</div>

35
source/replication/bucket-replication-overview.rst → source/administration/bucket-replication.rst
View File

@ -8,7 +8,7 @@ Bucket Replication
.. contents:: Table of Contents
:local:
:depth: 2
:depth: 1
MinIO supports server-side and client-side replication of objects between source
and destination buckets.
@ -23,12 +23,27 @@ and destination buckets.
MinIO server-side bucket replication only supports MinIO clusters for the
remote replication target.
:ref:`Client-side Bucket Replication <minio-bucket-replication-clientside>`
Client-side Bucket Replication
Use The command process to synchronize objects between buckets
within the same S3-compatible cluster *or* between two independent
S3-compatible clusters. Client-side replication using :mc-cmd:`mc mirror`
supports MinIO-to-S3 and similar replication configurations.
.. admonition:: Bucket vs Site Replication
:class: note
Bucket Replication is distinct from and mutually exclusive with :ref:`site replication <minio-site-replication-overview>`.
- Bucket Replication synchronizes data at the bucket level, such as bucket prefix paths and objects.
You can configure bucket replication at any time, and the remote MinIO deployments may have pre-existing data on the replication target buckets.
- Site Replication extends bucket replication to include :ref:`IAM <minio-authentication-and-identity-management>`, security tokens, service accounts, and bucket-level configurations.
Site replication is typically configured when initially deploying the MinIO peer sites.
Only one site can hold any bucket or objects at the time of initial configuration.
.. _minio-bucket-replication-serverside:
Server-Side Bucket Replication
@ -299,15 +314,7 @@ The replication process generally has one of the following flows:
:hidden:
:titlesonly:
/replication/enable-server-side-one-way-bucket-replication
/replication/enable-server-side-two-way-bucket-replication
/replication/enable-server-side-multi-site-bucket-replication
/replication/server-side-replication-resynchronize-remote
.. _minio-bucket-replication-clientside:
Client-Side Bucket Replication
------------------------------
The :mc:`mc` command :mc-cmd:`mc mirror` supports watching a source bucket
and automatically replicating objects to a destination bucket.
/administration/bucket-replication/enable-server-side-one-way-bucket-replication
/administration/bucket-replication/enable-server-side-two-way-bucket-replication
/administration/bucket-replication/enable-server-side-multi-site-bucket-replication
/administration/bucket-replication/server-side-replication-resynchronize-remote

0
source/replication/enable-server-side-multi-site-bucket-replication.rst → source/administration/bucket-replication/enable-server-side-multi-site-bucket-replication.rst
View File

0
source/replication/enable-server-side-one-way-bucket-replication.rst → source/administration/bucket-replication/enable-server-side-one-way-bucket-replication.rst
View File

0
source/replication/enable-server-side-two-way-bucket-replication.rst → source/administration/bucket-replication/enable-server-side-two-way-bucket-replication.rst
View File

0
source/replication/server-side-replication-resynchronize-remote.rst → source/administration/bucket-replication/server-side-replication-resynchronize-remote.rst
View File

110
source/security/minio-identity-management/basic-authentication-with-minio-identity-provider.rst → source/administration/identity-access-management.rst
View File

@ -1,6 +1,8 @@
====================================
MinIO Identity and Access Management
====================================
.. _minio-authentication-and-identity-management:
==============================
Identity and Access Management
==============================
.. default-domain:: minio
@ -8,73 +10,48 @@ MinIO Identity and Access Management
:local:
:depth: 2
Overview
--------
MinIO requires the client perform both authentication and authorization for each new operation.
MinIO provides an internal Identity and Access Management subsystem that
supports the creation of user identities, groups, and policies in support of
authentication and authorization of client operations.
Authentication
The process of verifying the identity of a connecting client.
MinIO requires clients authenticate using :s3-api:`AWS Signature Version 4 protocol <sig-v4-authenticating-requests.html>` with support for the deprecated Signature Version 2 protocol.
Specifically, clients must present a valid access key and secret key to access any S3 or MinIO administrative API, such as ``PUT``, ``GET``, and ``DELETE`` operations.
*Authentication* is the process of verifying the identity of a connecting
client. MinIO requires clients authenticate using :s3-api:`AWS Signature Version
4 protocol <sig-v4-authenticating-requests.html>` with support for the
deprecated Signature Version 2 protocol. Specifically, clients must present a
valid access key and secret key to access any S3 or MinIO administrative API,
such as ``PUT``, ``GET``, and ``DELETE`` operations. MinIO provides
a built-in :ref:`IDentity Provider (IDP) <minio-internal-idp>` for creating and
managing user identities in support of client authentication.
*Authorization* is the process of restricting the actions and resources the
authenticated client can perform on the deployment. MinIO uses Policy-Based
Access Control (PBAC), where each policy describes one or more rules that
outline the permissions of a user or group of users. MinIO supports a subset of
:ref:`actions <minio-policy-actions>` and
:ref:`conditions <minio-policy-conditions>` when creating policies.
By default, MinIO *denies* access to actions or resources not explicitly
referenced in a user's assigned or inherited policies.
.. _minio-internal-idp:
Authorization
The process of restricting the actions and resources the authenticated client can perform on the deployment.
MinIO uses Policy-Based Access Control (PBAC), where each policy describes one or more rules that outline the permissions of a user or group of users.
MinIO supports S3-specific:ref:`actions <minio-policy-actions>` and :ref:`conditions <minio-policy-conditions>` when creating policies.
By default, MinIO *denies* access to actions or resources not explicitly referenced in a user's assigned or inherited policies.
Identity Management
-------------------
MinIO includes a built-in IDentity Provider (IDP) that provides core identity
management functionality. The MinIO IDP supports creating an arbitrary number of
long-lived users on the deployment for supporting client authentication.
MinIO supports both internal and external identity management:
Each user consists of a unique access key (username) and corresponding secret
key (password). Clients must authenticate their identity by specifying both
a valid access key (username) and the corresponding secret key (password) of
an existing MinIO user.
.. list-table::
:header-rows: 1
:widths: 30 70
:width: 100%
Administrators use the :mc-cmd:`mc admin user` command to create and manage
MinIO users. The :minio-git:`MinIO Console <console>` provides a graphical
interface for creating users.
* - IDentity Provider (IDP)
- Description
MinIO also supports creating :ref:`service accounts
<minio-idp-service-account>`. Service accounts are child identities of an
authenticated parent user and inherit their permissions from the parent.
* - :ref:`MinIO Internal IDP <minio-internal-idp>`
- Provides built-in identity management functionality.
MinIO by default denies access to all actions or resources not explicitly
allowed by a user's assigned or inherited :ref:`policies <minio-policy>`. You
must either explicitly assign a :ref:`policy <minio-policy>` describing the
user's authorized actions and resources *or* assign the user to :ref:`groups
<minio-groups>` which have associated policies. See
:ref:`minio-access-management` for more information.
* - :ref:`OpenID <minio-external-identity-management-openid>`
- Supports managing identities through an OpenID Connect (OIDC) compatible
service.
.. admonition:: External Identity Management
:class: dropdown, note
* - :ref:`Active Directory / LDAP
<minio-external-identity-management-ad-ldap>`
- Supports managing identities through an Active Directory or LDAP service.
MinIO supports external management of identities using either an
OpenID Connect (OIDC) or Active Directory/LDAP IDentity Provider (IDP).
For more information, see:
Once authenticated, MinIO either allows or rejects the client request depending
on whether or not the authenticated identity is *authorized* to perform the
operation on the specified resource.
- :ref:`minio-external-identity-management-openid`
- :ref:`minio-external-identity-management-ad-ldap`
Enabling external identity management disables the MinIO internal IDP, with
the exception of creating :ref:`service accounts
<minio-idp-service-account>`.
Enabling external identity management disables the MinIO internal IDP, with the exception of the creating :ref:`service accounts <minio-idp-service-account>`.
.. _minio-access-management:
@ -154,16 +131,13 @@ JSON syntax.
while one of its groups has an assigned policy with a ``Deny`` rule for that
action/resource, MinIO would apply only the ``Deny`` rule.
For more information on IAM policy evaluation logic, see the IAM
documentation on
:iam-docs:`Determining Whether a Request is Allowed or Denied Within an Account
<reference_policies_evaluation-logic.html#policy-eval-denyallow>`.
For more information on IAM policy evaluation logic, see the IAM documentation on :iam-docs:`Determining Whether a Request is Allowed or Denied Within an Account <reference_policies_evaluation-logic.html#policy-eval-denyallow>`.
.. toctree::
:titlesonly:
:hidden:
/security/minio-identity-management/user-management
/security/minio-identity-management/group-management
/security/minio-identity-management/policy-based-access-control
.. toctree::
:titlesonly:
:hidden:
/administration/identity-access-management/minio-identity-management
/administration/identity-access-management/oidc-access-management
/administration/identity-access-management/ad-ldap-access-management
/administration/identity-access-management/policy-based-access-control

103
source/administration/identity-access-management/ad-ldap-access-management.rst Normal file
View File

@ -0,0 +1,103 @@
.. _minio-external-identity-management-ad-ldap:
=========================================
Active Directory / LDAP Access Management
=========================================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
MinIO supports using an Active Directory or LDAP (AD/LDAP) service for external
management of user identities.
For identities managed by the external AD/LDAP provider, MinIO uses the user's Distinguished Name and attempts to map it against an existing :ref:`policy <minio-policy>`.
If the AD/LDAP configuration includes the necessary settings to query the user's AD/LDAP group membership, MinIO *also* uses those group Distinguished Names and attempts to map each against an existing :ref:`policy <minio-policy>`.
MinIO by default denies access to all actions or resources not explicitly allowed by a user's assigned or inherited :ref:`policies <minio-policy>`.
Users managed by an AD/LDAP provider must specify the necessary policies as part of the user profile data.
If no policies match either the user DN or group DNs, MinIO blocks all access to actions and resources on the deployment.
The specific AD/LDAP queries MinIO issues to authenticate the user and retrieve it's group membership are configured as part of :ref:`deploying the cluster with Active Directory / LDAP identity management <minio-external-iam-ad-ldap>`.
This page covers creation of MinIO policies to match the possible returned Distinguished Names.
Authentication and Authorization Flow
-------------------------------------
The login flow for an application using Active Directory / LDAP
credentials is as follows:
1. Specify the AD/LDAP credentials to the MinIO Security Token Service (STS)
:ref:`minio-sts-assumerolewithldapidentity` API endpoint.
2. MinIO verifies the provided credentials against the AD/LDAP server.
3. MinIO checks for any :ref:`policy <minio-policy>` whose name matches the
user Distinguished Name (DN) and assigns that policy to the authenticated
user.
If configured to perform group queries, MinIO also queries for a list of
AD/LDAP groups in which the user has membership. MinIO checks for any policy
whose name matches a returned group DN and assigns that
policy to the authenticated user.
4. MinIO returns temporary credentials in the STS API response in the form of an
access key, secret key, and session token. The credentials have permissions
matching those policies whose name matches either the authenticated user DN
*or* a group DN.
MinIO provides an example Go application
:minio-git:`ldap.go <minio/blob/master/docs/sts/ldap.go>` that handles the
full login flow.
AD/LDAP users can alternatively create :ref:`service accounts <minio-idp-service-account>` associated to their AD/LDAP user Distinguished Name. Service accounts are long-lived credentials which inherit their privileges from the parent user. The parent user can further restrict those privileges while creating the service account. Use either of the following methods to create a new service account
- Log into the :ref:`MinIO Console <minio-console>` using the AD/LDAP-managed user credentials. From the :guilabel:`Identity` section of the left navigation, select :guilabel:`Service Accounts` followed by the :guilabel:`Create service account +` button.
- Use the :mc-cmd:`mc admin user svcacct add` command to create the service account. Specify the user Distinguished Name as the username to which to associate the service account.
Mapping Policies to User DN
---------------------------
Consider the following policy assignments:
.. code-block:: shell
mc admin policy set --consoleAdmin user='cn=sisko,cn=users,dc=example,dc=com'
mc admin policy set --readwrite,diagnostics user='cn=dax,cn=users,dc=example,dc=com'
- MinIO would assign an authenticated user with DN matching
``cn=sisko,cn=users,dc=example,dc=com`` the :userpolicy:`consoleAdmin`
policy, granting complete access to the MinIO server.
- MinIO would assign an authenticated user with DN matching
``cn=dax,cn=users,dc=example,dc=com`` both the :userpolicy:`readwrite` and
:userpolicy:`diagnostics` policies, granting general read/write access to the
MinIO server *and* access to diagnostic administrative operations.
- MinIO would assign no policies to an authenticated user with DN matching
``cn=quark,cn=users,dc=example,dc=com`` and deny all access to API operations.
Mapping Policies to Group DN
----------------------------
Consider the following policy assignments:
.. code-block:: shell
mc admin policy set --consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'
mc admin policy set --diagnostics group='cn=engineering,cn=groups,dc=example,dc=com'
- MinIO would assign any authenticating user with membership in the
``cn=ops,cn=groups,dc=example,dc=com`` AD/LDAP group the
:userpolicy:`consoleAdmin` policy, granting complete access to the MinIO
server.
- MinIO would assign any authenticating user with membership in the
``cn=engineering,cn=groups,dc=example,dc=com`` AD/LDAP group the
:userpolicy:`diagnostics` policy, granting access to diagnostic administrative
operations.

0
source/security/minio-identity-management/group-management.rst → source/administration/identity-access-management/minio-group-management.rst
View File

56
source/administration/identity-access-management/minio-identity-management.rst Normal file
View File

@ -0,0 +1,56 @@
.. _minio-internal-idp:
=========================
MinIO Identity Management
=========================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
MinIO includes a built-in IDentity Provider (IDP) that provides core identity
management functionality. The MinIO IDP supports creating an arbitrary number of
long-lived users on the deployment for supporting client authentication.
Each user consists of a unique access key (username) and corresponding secret
key (password). Clients must authenticate their identity by specifying both
a valid access key (username) and the corresponding secret key (password) of
an existing MinIO user.
Administrators use the :mc-cmd:`mc admin user` command to create and manage
MinIO users. The :minio-git:`MinIO Console <console>` provides a graphical
interface for creating users.
MinIO also supports creating :ref:`service accounts
<minio-idp-service-account>`. Service accounts are child identities of an
authenticated parent user and inherit their permissions from the parent.
MinIO by default denies access to all actions or resources not explicitly
allowed by a user's assigned or inherited :ref:`policies <minio-policy>`. You
must either explicitly assign a :ref:`policy <minio-policy>` describing the
user's authorized actions and resources *or* assign the user to :ref:`groups
<minio-groups>` which have associated policies. See
:ref:`minio-access-management` for more information.
.. admonition:: External Identity Management
:class: dropdown, note
MinIO supports external management of identities using either an
OpenID Connect (OIDC) or Active Directory/LDAP IDentity Provider (IDP).
For more information, see:
- :ref:`minio-external-identity-management-openid`
- :ref:`minio-external-identity-management-ad-ldap`
Enabling external identity management disables the MinIO internal IDP, with
the exception of creating :ref:`service accounts
<minio-idp-service-account>`.
.. toctree::
:titlesonly:
:hidden:
/administration/identity-access-management/minio-user-management.rst
/administration/identity-access-management/minio-group-management.rst

0
source/security/minio-identity-management/user-management.rst → source/administration/identity-access-management/minio-user-management.rst
View File

82
source/administration/identity-access-management/oidc-access-management.rst Normal file
View File

@ -0,0 +1,82 @@
.. _minio-external-identity-management-openid:
.. _minio-external-identity-management-openid-access-control:
================================
OpenID Connect Access Management
================================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
MinIO supports using an OpenID Connect (OIDC) compatible IDentity Provider (IDP)
such as Okta, KeyCloak, Dex, Google, or Facebook for external management of user
identities.
For identities managed by the external OpenID Connect (OIDC) compatible provider, MinIO uses the `JSON Web Token claim <https://datatracker.ietf.org/doc/html/rfc7519#section-4>`__ returned as part of the OIDC authentication flow to identify the :ref:`policies <minio-policy>` to assign to the authenticated user.
MinIO by default denies access to all actions or resources not explicitly allowed by a user's assigned or inherited :ref:`policies <minio-policy>`.
Users managed by an OIDC provider must specify the necessary policies as part of the JWT claim. If the user JWT claim has no matching MinIO policies, that user has no permissions to access any action or resource on the MinIO deployment.
The specific claim which MinIO looks for is configured as part of :ref:`deploying the cluster with OIDC identity management <minio-external-iam-oidc>`. This page focuses on creating MinIO policies to match the configured OIDC claims.
Authentication and Authorization Flow
-------------------------------------
The login flow for an application using :abbr:`OIDC (OpenID Connect)`
credentials is as follows:
1. Authenticate to the configured :abbr:`OIDC (OpenID Connect)`
provider and retrieve a
`JSON Web Token (JWT) <https://jwt.io/introduction>`__.
MinIO only supports the
`OpenID Authorization Code Flow
<https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth>`__.
Authentication using Implicit Flow is not supported.
2. Specify the :abbr:`JWT (JSON Web Token)` to the MinIO Security Token Service
(STS) :ref:`minio-sts-assumerolewithwebidentity` API endpoint.
MinIO verifies the :abbr:`JWT (JSON Web Token)` against the
configured OIDC provider.
If the JWT is valid, MinIO checks for a :ref:`claim
<minio-external-identity-management-openid-access-control>` specifying a list
of one or more :ref:`policies <minio-policy>` to assign to the
authenticated user. MinIO defaults to checking the ``policy`` claim.
3. MinIO returns temporary credentials in the STS API response in the form of an
access key, secret key, and session token. The credentials have
permissions matching those policies specified in the JWT claim.
4. Applications use the temporary credentials returned by the STS endpoint to
perform authenticated S3 operations on MinIO.
MinIO provides an example Go application
:minio-git:`web-identity.go <minio/blob/master/docs/sts/web-identity.go>` that
handles the full login flow.
OIDC users can alternatively create :ref:`service accounts <minio-idp-service-account>` associated to their AD/LDAP user. Service accounts are long-lived credentials which inherit their privileges from the parent user. The parent user can further restrict those privileges while creating the service account. To create a new service account, log into the :ref:`MinIO Console <minio-console>` using the OIDC-managed user credentials. From the :guilabel:`Identity` section of the left navigation, select :guilabel:`Service Accounts` followed by the :guilabel:`Create service account +` button.
Identifying the JWT Claim Value
-------------------------------
MinIO uses the JWT token returned as part of the OIDC authentication flow to identify the specific policies to assign to the authenticated user.
You can use a `JWT Debugging tool <https://jwt.io/>`__ to decode the returned JWT token and validate that the user attributes include the required claims.
.. todo - example JWT claim
See `RFC 7519: JWT Claim <https://datatracker.ietf.org/doc/html/rfc7519#section-4>`__ for more information on JWT claims.
Defer to the documentation for your preferred OIDC provider for instructions on configuring user claims.
Creating Policies to Match Claims
---------------------------------
Use either the MinIO Console *or* the :mc-cmd:`mc admin policy` command to create policies that match one or more claim values:
.. todo - instructions

2
source/security/minio-identity-management/policy-based-access-control.rst → source/administration/identity-access-management/policy-based-access-control.rst
View File

@ -1,7 +1,7 @@
.. _minio-policy:
=================
Policy Management
Access Management
=================
.. default-domain:: minio

0
source/console/minio-console.rst → source/administration/minio-console.rst
View File

56
source/administration/monitoring.rst Normal file
View File

@ -0,0 +1,56 @@
===================================
Monitoring Bucket and Object Events
===================================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
Bucket Notifications
--------------------
MinIO bucket notifications allow administrators to send notifications to supported external services on certain object or bucket events.
MinIO supports bucket and object-level S3 events similar to the
:s3-docs:`Amazon S3 Event Notifications <NotificationHowTo.html>`.
MinIO supports publishing bucket or object events to the following supported
targets on certain supported events.
- :ref:`minio-bucket-notifications-publish-amqp`
- :ref:`minio-bucket-notifications-publish-mqtt`
- :ref:`minio-bucket-notifications-publish-nats`
- :ref:`minio-bucket-notifications-publish-nsq`
- :ref:`minio-bucket-notifications-publish-elasticsearch`
- :ref:`minio-bucket-notifications-publish-kafka`
- :ref:`minio-bucket-notifications-publish-mysql`
- :ref:`minio-bucket-notifications-publish-postgresql`
- :ref:`minio-bucket-notifications-publish-redis`
- :ref:`minio-bucket-notifications-publish-webhook`
See :ref:`minio-bucket-notifications`
for more complete documentation on MinIO Bucket Notifications.
Deployment Metrics
------------------
MinIO provides a Prometheus-compatible endpoint for supporting time-series querying of metrics.
MinIO deployments :ref:`configured to enable Prometheus scraping <minio-metrics-and-alerts-endpoints>` provide a detailed metrics view through the MinIO Console.
Server Logs
-----------
MinIO provides the following interfaces for remotely reading server logs:
- The MinIO Console provides a server log viewer at <details>
- The :mc:`mc admin console` command returns the specified server's console output.
- MinIO supports pushing server logs to an HTTP webhook for further ingestion.
See :ref:`minio-logging-publish-server-logs` for more information.
.. toctree::
:titlesonly:
:hidden:
/administration/monitoring/bucket-notifications

20
source/monitoring/bucket-notifications/bucket-notifications.rst → source/administration/monitoring/bucket-notifications.rst
View File

@ -172,13 +172,13 @@ You can only listen to these events through the :legacy:`ListenNotification <gol
:titlesonly:
:hidden:
/monitoring/bucket-notifications/publish-events-to-amqp
/monitoring/bucket-notifications/publish-events-to-mqtt
/monitoring/bucket-notifications/publish-events-to-nats
/monitoring/bucket-notifications/publish-events-to-nsq
/monitoring/bucket-notifications/publish-events-to-elasticsearch
/monitoring/bucket-notifications/publish-events-to-kafka
/monitoring/bucket-notifications/publish-events-to-mysql
/monitoring/bucket-notifications/publish-events-to-postgresql
/monitoring/bucket-notifications/publish-events-to-redis
/monitoring/bucket-notifications/publish-events-to-webhook
/administration/monitoring/publish-events-to-amqp
/administration/monitoring/publish-events-to-mqtt
/administration/monitoring/publish-events-to-nats
/administration/monitoring/publish-events-to-nsq
/administration/monitoring/publish-events-to-elasticsearch
/administration/monitoring/publish-events-to-kafka
/administration/monitoring/publish-events-to-mysql
/administration/monitoring/publish-events-to-postgresql
/administration/monitoring/publish-events-to-redis
/administration/monitoring/publish-events-to-webhook

0
source/monitoring/bucket-notifications/publish-events-to-amqp.rst → source/administration/monitoring/publish-events-to-amqp.rst
View File

0
source/monitoring/bucket-notifications/publish-events-to-elasticsearch.rst → source/administration/monitoring/publish-events-to-elasticsearch.rst
View File

0
source/monitoring/bucket-notifications/publish-events-to-kafka.rst → source/administration/monitoring/publish-events-to-kafka.rst
View File

0
source/monitoring/bucket-notifications/publish-events-to-mqtt.rst → source/administration/monitoring/publish-events-to-mqtt.rst
View File

0
source/monitoring/bucket-notifications/publish-events-to-mysql.rst → source/administration/monitoring/publish-events-to-mysql.rst
View File

0
source/monitoring/bucket-notifications/publish-events-to-nats.rst → source/administration/monitoring/publish-events-to-nats.rst
View File

0
source/monitoring/bucket-notifications/publish-events-to-nsq.rst → source/administration/monitoring/publish-events-to-nsq.rst
View File

0
source/monitoring/bucket-notifications/publish-events-to-postgresql.rst → source/administration/monitoring/publish-events-to-postgresql.rst
View File

0
source/monitoring/bucket-notifications/publish-events-to-redis.rst → source/administration/monitoring/publish-events-to-redis.rst
View File

0
source/monitoring/bucket-notifications/publish-events-to-webhook.rst → source/administration/monitoring/publish-events-to-webhook.rst
View File

102
source/administration/object-management.rst Normal file
View File

@ -0,0 +1,102 @@
=================
Object Management
=================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
.. _objects:
An :ref:`object <objects>` is binary data, sometimes referred to as a Binary
Large OBject (BLOB). Blobs can be images, audio files, spreadsheets, or even
binary executable code. Object Storage platforms like MinIO provide dedicated
tools and capabilities for storing, retrieving, and searching for blobs.
.. _buckets:
MinIO Object Storage uses :ref:`buckets <buckets>` to organize objects.
A bucket is similar to a folder or directory in a filesystem, where each
bucket can hold an arbitrary number of objects. MinIO buckets provide the
same functionality as AWS S3 buckets.
For example, consider an application that hosts a web blog. The application
needs to store a variety of blobs, including rich multimedia like videos and
images. The structure of objects on the MinIO server might look similar to the
following:
.. code-block:: text
/ #root
/images/
2020-01-02-MinIO-Diagram.png
2020-01-03-MinIO-Advanced-Deployment.png
MinIO-Logo.png
/videos/
2020-01-04-MinIO-Interview.mp4
/articles/
/john.doe/
2020-01-02-MinIO-Object-Storage.md
2020-01-02-MinIO-Object-Storage-comments.json
/jane.doe/
2020-01-03-MinIO-Advanced-Deployment.png
2020-01-02-MinIO-Advanced-Deployment-comments.json
2020-01-04-MinIO-Interview.md
MinIO supports multiple levels of nested directories and objects to support
even the most dynamic object storage workloads.
Object Versioning
-----------------
MinIO supports keeping multiple "versions" of an object in a single bucket.
Write operations which would normally overwrite an existing object instead result in the creation of a new versioned object.
.. image:: /images/retention/minio-versioning-multiple-versions.svg
:alt: Object with Multiple Versions
:align: center
MinIO versioning protects from unintended overwrites and deletions while providing support for "undoing" a write operation.
See :ref:`minio-bucket-versioning` for more complete documentation.
Object Retention
----------------
MinIO Object Locking ("Object Retention") enforces Write-Once Read-Many (WORM) immutability to protect :ref:`versioned objects <minio-bucket-versioning>` from deletion.
MinIO supports both :ref:`duration based object retention <minio-object-locking-retention-modes>` and :ref:`indefinite Legal Hold retention <minio-object-locking-legalhold>`.
.. image:: /images/retention/minio-object-locking.svg
:alt: 30 Day Locked Objects
:align: center
:width: 600px
See :ref:`minio-object-locking` for more complete documentation.
MinIO Object Locking provides key data retention compliance and meets SEC17a-4(f), FINRA 4511(C), and CFTC 1.31(c)-(d) requirements as per `Cohasset Associates <https://min.io/cohasset?ref=docs>`__.
Object Lifecycle Management
---------------------------
MinIO Object Lifecycle Management allows creating rules for time or date
based automatic transition or expiry of objects. For object transition,
MinIO automatically moves the object to a configured remote storage
tier. For object expiry, MinIO automatically deletes the object.
MinIO lifecycle management is built for behavior and syntax compatibility with
:s3-docs:`AWS S3 Lifecycle Management <object-lifecycle-mgmt.html>`. For
example, you can export S3 lifecycle management rules and import them into
MinIO or vice-versa. MinIO uses JSON to describe lifecycle management rules,
and conversion to or from XML may be required.
See :ref:`minio-lifecycle-management` for more complete documentation.
.. toctree::
:titlesonly:
:hidden:
/administration/object-management/object-versioning
/administration/object-management/object-retention
/administration/object-management/object-lifecycle-management

0
source/lifecycle-management/create-lifecycle-management-expiration-rule.rst → source/administration/object-management/create-lifecycle-management-expiration-rule.rst
View File

8
source/lifecycle-management/lifecycle-management-overview.rst → source/administration/object-management/object-lifecycle-management.rst
View File

@ -138,7 +138,7 @@ growth.
.. toctree::
:hidden:
/lifecycle-management/transition-objects-to-s3.rst
/lifecycle-management/transition-objects-to-gcs.rst
/lifecycle-management/transition-objects-to-azure.rst
/lifecycle-management/create-lifecycle-management-expiration-rule.rst
/administration/object-management/transition-objects-to-s3.rst
/administration/object-management/transition-objects-to-gcs.rst
/administration/object-management/transition-objects-to-azure.rst
/administration/object-management/create-lifecycle-management-expiration-rule.rst

1
source/object-retention/minio-object-locking.rst → source/administration/object-management/object-retention.rst
View File

@ -1,4 +1,5 @@
.. _minio-object-locking:
.. _minio-object-retention:
====================
MinIO Object Locking

0
source/object-retention/bucket-versioning.rst → source/administration/object-management/object-versioning.rst
View File

0
source/lifecycle-management/transition-objects-to-azure.rst → source/administration/object-management/transition-objects-to-azure.rst
View File

0
source/lifecycle-management/transition-objects-to-gcs.rst → source/administration/object-management/transition-objects-to-gcs.rst
View File

0
source/lifecycle-management/transition-objects-to-s3.rst → source/administration/object-management/transition-objects-to-s3.rst
View File

11
source/security/server-side-encryption/minio-server-side-encryption.rst → source/administration/server-side-encryption.rst
View File

@ -1,4 +1,5 @@
.. _minio-sse:
.. _minio-encryption-overview:
=================================
Server-Side Encryption of Objects
@ -189,10 +190,6 @@ The MinIO server uses the following cryptographic primitive implementations:
:titlesonly:
:hidden:
/security/server-side-encryption/configure-minio-kes-hashicorp
/security/server-side-encryption/configure-minio-kes-aws
/security/server-side-encryption/configure-minio-kes-gcp
/security/server-side-encryption/configure-minio-kes-azure
/security/server-side-encryption/server-side-encryption-sse-kms
/security/server-side-encryption/server-side-encryption-sse-s3
/security/server-side-encryption/server-side-encryption-sse-c
/administration/server-side-encryption/server-side-encryption-sse-kms
/administration/server-side-encryption/server-side-encryption-sse-s3
/administration/server-side-encryption/server-side-encryption-sse-c

0
source/security/server-side-encryption/server-side-encryption-sse-c.rst → source/administration/server-side-encryption/server-side-encryption-sse-c.rst
View File

0
source/security/server-side-encryption/server-side-encryption-sse-kms.rst → source/administration/server-side-encryption/server-side-encryption-sse-kms.rst
View File

0
source/security/server-side-encryption/server-side-encryption-sse-s3.rst → source/administration/server-side-encryption/server-side-encryption-sse-s3.rst
View File

153
source/conf.py
View File

@ -1,153 +0,0 @@
# Configuration file for the Sphinx documentation builder.
#
# This file only contains a selection of the most common options. For a full
# list see the documentation:
# https://www.sphinx-doc.org/en/master/usage/configuration.html
# -- Path setup --------------------------------------------------------------
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#
import os
import sys
# The current working dir seems to be /source, so we have to pop up a level
sys.path.append(os.path.abspath('../sphinxext'))
# sys.path.insert(0, os.path.abspath('.'))
# -- Project information -----------------------------------------------------
project = 'MinIO Baremetal Documentation'
copyright = '2020-Present, MinIO, Inc. '
author = 'Ravind Kumar'
# The full version, including alpha/beta/rc tags
release = '0.1'
# -- General configuration ---------------------------------------------------
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
'sphinx.ext.extlinks',
'minio',
'cond',
'sphinx_copybutton',
'sphinx_markdown_tables',
'sphinx-prompt',
'sphinx_substitution_extensions',
'sphinx_togglebutton',
'sphinxcontrib.images',
'myst_parser',
'sphinx_design',
'sphinx.ext.intersphinx',
]
# -- External Links
# Add roots for short external link references in the documentation.
# Helpful for sites we tend to make lots of references to.
extlinks = {
'kube-docs' : ('https://kubernetes.io/docs/%s', ''),
'minio-git' : ('https://github.com/minio/%s',''),
'github' : ('https://github.com/%s',''),
'kube-api' : ('https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/%s',''),
'aws-docs' : ('https://docs.aws.amazon.com/%s',''),
's3-docs' : ('https://docs.aws.amazon.com/AmazonS3/latest/userguide/%s',''),
's3-api' : ('https://docs.aws.amazon.com/AmazonS3/latest/API/%s',''),
'iam-docs' : ('https://docs.aws.amazon.com/IAM/latest/UserGuide/%s',''),
'minio-release' : ('https://github.com/minio/minio/releases/tag/%s',''),
'mc-release' : ('https://github.com/minio/mc/releases/tag/%s',''),
'legacy' : ('https://docs.min.io/docs/%s',''),
'docs-k8s' : ('https://docs.min.io/minio/k8s/%s',''),
'prometheus-docs' : ('https://prometheus.io/docs/%s',''),
'podman-docs' : ('https://docs.podman.io/en/latest/%s',''),
'podman-git' : ('https://github.com/containers/podman/%s','')
}
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This pattern also affects html_static_path and html_extra_path.
exclude_patterns = ['includes/*.rst', 'includes/imports/*', '*-template.rst']
# Copy-Button Customization
copybutton_selector = "div.copyable pre"
# sphinxcontrib-images customization
images_config = {
'override_image_directive' : True
}
# -- Options for HTML output -------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
#
html_theme = 'alabaster'
html_favicon = '_static/favicon.png'
html_sidebars = {
'**' : [
'searchbox.html',
'navigation.html'
]
}
html_theme_options = {
'fixed_sidebar' : 'true',
'show_relbars': 'false'
}
html_short_title = "MinIO Object Storage for Baremetal Infrastructure"
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
html_css_files = ['css/main.min.css', 'custom.css']
html_js_files = ['js/main.js']
html_extra_path = [ 'extra']
html_permalinks_icon = "<img class='anchor' src=https://docs.min.io/minio/baremetal/_static/img/anchor-link.svg />"
html_title = 'MinIO Baremetal Documentation'
# -- Options for Sphinx Tabs -------------------------------------------------
sphinx_tabs_disable_css_loading = True
rst_prolog = """
.. |podman| replace:: `Podman <https://podman.io/>`__
.. |kes-stable| replace:: 0.16.1
.. |minio-tag| replace:: `RELEASE.2022-06-11T19-55-32Z <https://github.com/minio/minio/releases/tag/RELEASE.2022-06-11T19-55-32Z>`__
.. |minio-latest| replace:: RELEASE.2022-06-11T19-55-32Z
.. |minio-rpm| replace:: https://dl.min.io/server/minio/release/linux-amd64/minio-20220611195532.0.0.x86_64.rpm
.. |minio-deb| replace:: https://dl.min.io/server/minio/release/linux-amd64/minio_20220611195532.0.0_amd64.deb
.. |subnet| replace:: `MinIO SUBNET <https://min.io/pricing?jmp=docs>`__
.. |subnet-short| replace:: `SUBNET <https://min.io/pricing?jmp=docs>`__
.. |SNSD| replace:: :abbr:`SNSD (Single-Node Single-Drive)`
.. |SNMD| replace:: :abbr:`SNMD (Single-Node Multi-Drive)`
.. |MNMD| replace:: :abbr:`MNMD (Multi-Node Multi-Drive)`
"""

81
source/default-conf.py
View File

@ -22,9 +22,16 @@ sys.path.append(os.path.abspath('../sphinxext'))
# -- Project information -----------------------------------------------------
project = 'MinIO Baremetal Documentation'
# We assume a single tag, since we control the builder
platform = list(tags.tags.keys())[0]
if (platform =="k8s"):
platform = "Kubernetes"
project = 'MinIO Documentation for ' + platform
copyright = '2020-Present, MinIO, Inc. '
author = 'Ravind Kumar'
author = 'MinIO Documentation Team'
# The full version, including alpha/beta/rc tags
release = '0.1'
@ -74,13 +81,73 @@ extlinks = {
}
suppress_warnings = [
'toc.excluded',
'myst.ref',
'myst.header',
'myst'
]
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This pattern also affects html_static_path and html_extra_path.
exclude_patterns = ['includes/*.rst', 'includes/imports/*', '*-template.rst']
#
# We can safely ignore everything in `includes`
exclude_patterns = ['includes/*', '*-template.rst']
# template for adding custom exclude paths if necessary for a given tag
if tags.has("linux"):
excludes = [
'operations/install-deploy-manage/deploy-minio-tenant.rst',
'operations/install-deploy-manage/modify-minio-tenant.rst',
'operations/install-deploy-manage/expand-minio-tenant.rst',
'operations/install-deploy-manage/upgrade-minio-tenant.rst',
'operations/install-deploy-manage/upgrade-minio-operator.rst',
'operations/install-deploy-manage/delete-minio-tenant.rst',
'operations/deploy-manage-tenants.rst',
]
elif tags.has("macos"):
excludes = [
'operations/install-deploy-manage/deploy-minio-tenant.rst',
'operations/install-deploy-manage/modify-minio-tenant.rst',
'operations/install-deploy-manage/expand-minio-tenant.rst',
'operations/install-deploy-manage/upgrade-minio-tenant.rst',
'operations/install-deploy-manage/upgrade-minio-operator.rst',
'operations/install-deploy-manage/delete-minio-tenant.rst',
'operations/deploy-manage-tenants.rst',
]
elif tags.has("windows"):
excludes = [
'operations/install-deploy-manage/deploy-minio-tenant.rst',
'operations/install-deploy-manage/modify-minio-tenant.rst',
'operations/install-deploy-manage/expand-minio-tenant.rst',
'operations/install-deploy-manage/upgrade-minio-tenant.rst',
'operations/install-deploy-manage/upgrade-minio-operator.rst',
'operations/install-deploy-manage/delete-minio-tenant.rst',
'operations/deploy-manage-tenants.rst',
]
elif tags.has("k8s"):
excludes = [
'operations/install-deploy-manage/deploy-minio-single-node-single-drive.rst',
'operations/install-deploy-manage/deploy-minio-single-node-multi-drive.rst',
'operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.rst',
'operations/install-deploy-manage/upgrade-minio-deployment.rst',
'operations/install-deploy-manage/expand-minio-deployment.rst',
'operations/install-deploy-manage/decommission-server-pool.rst',
'operations/manage-existing-deployments.rst',
]
else:
excludes = []
exclude_patterns.extend(excludes)
# This should suppress myst warnings, but it doesn't seem to work.
# Copy-Button Customization
@ -113,7 +180,7 @@ html_theme_options = {
'show_relbars': 'false'
}
html_short_title = "MinIO Object Storage for Baremetal Infrastructure"
html_short_title = "MinIO Object Storage for " + platform.capitalize()
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
@ -128,7 +195,7 @@ html_extra_path = [ 'extra']
html_permalinks_icon = "<img class='anchor' src=https://docs.min.io/minio/baremetal/_static/img/anchor-link.svg />"
html_title = 'MinIO Baremetal Documentation'
html_title = 'MinIO Object Storage for ' + platform.capitalize()
# -- Options for Sphinx Tabs -------------------------------------------------
@ -137,7 +204,9 @@ sphinx_tabs_disable_css_loading = True
rst_prolog = """
.. |podman| replace:: `Podman <https://podman.io/>`__
.. |kes-stable| replace:: 0.16.1
.. |kes-tag| replace:: `KESLATEST <https://github.com/minio/kes/releases/tag/KESLATEST>`__
.. |kes-stable| replace:: KESLATEST
.. |minio-tag| replace:: `MINIOLATEST <https://github.com/minio/minio/releases/tag/MINIOLATEST>`__
.. |minio-latest| replace:: MINIOLATEST

0
source/sdk/dotnet/API.md → source/developers/dotnet/API.md
View File

20
source/developers/dotnet/minio-dotnet.rst Normal file
View File

@ -0,0 +1,20 @@
.. _minio-dotnet-quickstart:
=====================
.NET Quickstart Guide
=====================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. include:: /developers/dotnet/quickstart.md
:parser: myst_parser.sphinx_
.. toctree::
:titlesonly:
:hidden:
/developers/dotnet/API.md

212
source/developers/dotnet/quickstart.md Normal file
View File

@ -0,0 +1,212 @@
# MinIO Client SDK for .NET [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)
MinIO Client SDK provides higher level APIs for MinIO and Amazon S3 compatible cloud storage services.For a complete list of APIs and examples, please take a look at the [Dotnet Client API Reference](https://docs.min.io/docs/dotnet-client-api-reference).This document assumes that you have a working VisualStudio development environment.
## Minimum Requirements
* .NET 5.0
* Visual Studio 2017
## Install from NuGet
To install [MinIO .NET package](https://www.nuget.org/packages/Minio/), run the following command in Nuget Package Manager Console.
```powershell
PM> Install-Package Minio
```
## MinIO Client Example
To connect to an Amazon S3 compatible cloud storage service, you will need to specify the following parameters.
| Parameter | Description|
| :--- | :--- |
| endpoint | URL to object storage service. |
| accessKey | Access key is the user ID that uniquely identifies your account. |
| secretKey | Secret key is the password to your account. |
| secure | Enable/Disable HTTPS support. |
The following examples uses a freely hosted public MinIO service 'play.min.io' for development purposes.
```cs
using Minio;
// Initialize the client with access credentials.
private static MinioClient minio = new MinioClient()
.WithEndpoint("play.min.io")
.WithCredentials("Q3AM3UQ867SPQQA43P2F",
"zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG")
.WithSSL()
.Build();
// Create an async task for listing buckets.
var getListBucketsTask = minio.ListBucketsAsync();
// Iterate over the list of buckets.
foreach (Bucket bucket in getListBucketsTask.Result.Buckets)
{
Console.WriteLine(bucket.Name + " " + bucket.CreationDateDateTime);
}
```
## Complete _File Uploader_ Example
This example program connects to an object storage server, creates a bucket and uploads a file to the bucket.
To run the following example, click on [Link] and start the project
```cs
using System;
using Minio;
using Minio.Exceptions;
using Minio.DataModel;
using System.Threading.Tasks;
namespace FileUploader
{
class FileUpload
{
static void Main(string[] args)
{
var endpoint = "play.min.io";
var accessKey = "Q3AM3UQ867SPQQA43P2F";
var secretKey = "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG";
try
{
var minio = new MinioClient()
.WithEndpoint(endpoint)
.WithCredentials(accessKey,
secretKey)
.WithSSL()
.Build();
FileUpload.Run(minio).Wait();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.ReadLine();
}
// File uploader task.
private async static Task Run(MinioClient minio)
{
var bucketName = "mymusic";
var location = "us-east-1";
var objectName = "golden-oldies.zip";
var filePath = "C:\\Users\\username\\Downloads\\golden_oldies.mp3";
var contentType = "application/zip";
try
{
// Make a bucket on the server, if not already present.
bool found = await minio.BucketExistsAsync(bucketName);
if (!found)
{
await minio.MakeBucketAsync(bucketName, location);
}
// Upload a file to bucket.
await minio.PutObjectAsync(bucketName, objectName, filePath, contentType);
Console.WriteLine("Successfully uploaded " + objectName );
}
catch (MinioException e)
{
Console.WriteLine("File Upload Error: {0}", e.Message);
}
}
}
}
```
## Running MinIO Client Examples
#### On Windows
* Clone this repository and open the Minio.Sln in Visual Studio 2017.
* Enter your credentials and bucket name, object name etc.in Minio.Examples/Program.cs
Uncomment the example test cases such as below in Program.cs to run an example.
```cs
//Cases.MakeBucket.Run(minioClient, bucketName).Wait();
```
* Run the Minio.Client.Examples project from Visual Studio
#### On Linux
##### Setting .NET SDK on Linux (Ubuntu 21.10)
<blockquote> NOTE: minio-dotnet requires .NET 5.x SDK to build on Linux. </blockquote>
* Install [.Net SDK](https://docs.microsoft.com/en-us/dotnet/core/install/linux?WT.mc_id=dotnet-35129-website)
```
wget https://packages.microsoft.com/config/ubuntu/21.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
```
```
sudo apt-get update; \
sudo apt-get install -y apt-transport-https && \
sudo apt-get update && \
sudo apt-get install -y dotnet-sdk-5.0
```
##### Running Minio.Examples
* Clone this project.
```
$ git clone https://github.com/minio/minio-dotnet && cd minio-dotnet
```
* Enter your credentials and bucket name, object name etc. in Minio.Examples/Program.cs
Uncomment the example test cases such as below in Program.cs to run an example.
```cs
//Cases.MakeBucket.Run(minioClient, bucketName).Wait();
```
```
dotnet build --configuration Release --no-restore
dotnet pack ./Minio/Minio.csproj --no-build --configuration Release --output ./artifacts
dotnet test ./Minio.Tests/Minio.Tests.csproj
```
#### Bucket Operations
* [MakeBucket.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/MakeBucket.cs)
* [ListBuckets.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/ListBuckets.cs)
* [BucketExists.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/BucketExists.cs)
* [RemoveBucket.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/RemoveBucket.cs)
* [ListObjects.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/ListObjects.cs)
* [ListIncompleteUploads.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/ListIncompleteUploads.cs)
* [ListenBucketNotifications.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/ListenBucketNotifications.cs)
#### Bucket policy Operations
* [GetPolicy.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/GetBucketPolicy.cs)
* [SetPolicy.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/SetBucketPolicy.cs)
#### Bucket notification Operations
* [GetBucketNotification.cs](./Minio.Examples/Cases/GetBucketNotification.cs)
* [SetBucketNotification.cs](./Minio.Examples/Cases/SetBucketNotification.cs)
* [RemoveAllBucketNotifications.cs](./Minio.Examples/Cases/RemoveAllBucketNotifications.cs)
#### File Object Operations
* [FGetObject.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/FGetObject.cs)
* [FPutObject.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/FPutObject.cs)
#### Object Operations
* [GetObject.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/GetObject.cs)
* [GetPartialObject.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/GetPartialObject.cs)
* [SelectObjectContent.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/SelectObjectContent.cs)
* [PutObject.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/PutObject.cs)
* [StatObject.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/StatObject.cs)
* [RemoveObject.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/RemoveObject.cs)
* [RemoveObjects.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/RemoveObjects.cs)
* [CopyObject.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/CopyObject.cs)
* [CopyObject.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/CopyObjectMetadata.cs)
* [RemoveIncompleteUpload.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/RemoveIncompleteUpload.cs)
#### Presigned Operations
* [PresignedGetObject.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/PresignedGetObject.cs)
* [PresignedPutObject.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/PresignedPutObject.cs)
* [PresignedPostPolicy.cs](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Cases/PresignedPostPolicy.cs)
#### Client Custom Settings
* [SetAppInfo](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Program.cs)
* [SetTraceOn](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Program.cs)
* [SetTraceOff](https://github.com/minio/minio-dotnet/blob/master/Minio.Examples/Program.cs)
## Explore Further
* [Complete Documentation](https://docs.min.io)
* [MinIO .NET SDK API Reference](https://docs.min.io/docs/dotnet-client-api-reference)

0
source/sdk/go/API.md → source/developers/go/API.md
View File

20
source/developers/go/minio-go.rst Normal file
View File

@ -0,0 +1,20 @@
.. _minio-go-quickstart:
===================
Go Quickstart Guide
===================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. include:: /developers/go/quickstart.md
:parser: myst_parser.sphinx_
.. toctree::
:titlesonly:
:hidden:
/developers/go/API.md

246
source/developers/go/quickstart.md Normal file
View File

@ -0,0 +1,246 @@
# MinIO Go Client SDK for Amazon S3 Compatible Cloud Storage [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![Sourcegraph](https://sourcegraph.com/github.com/minio/minio-go/-/badge.svg)](https://sourcegraph.com/github.com/minio/minio-go?badge) [![Apache V2 License](https://img.shields.io/badge/license-Apache%20V2-blue.svg)](https://github.com/minio/minio-go/blob/master/LICENSE)
The MinIO Go Client SDK provides simple APIs to access any Amazon S3 compatible object storage.
This quickstart guide will show you how to install the MinIO client SDK, connect to MinIO, and provide a walkthrough for a simple file uploader. For a complete list of APIs and examples, please take a look at the [Go Client API Reference](https://docs.min.io/docs/golang-client-api-reference).
This document assumes that you have a working [Go development environment](https://golang.org/doc/install).
## Download from Github
```sh
go get github.com/minio/minio-go/v7
```
## Initialize MinIO Client
MinIO client requires the following four parameters specified to connect to an Amazon S3 compatible object storage.
| Parameter | Description|
| :--- | :--- |
| endpoint | URL to object storage service. |
| _minio.Options_ | All the options such as credentials, custom transport etc. |
```go
package main
import (
"log"
"github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials"
)
func main() {
endpoint := "play.min.io"
accessKeyID := "Q3AM3UQ867SPQQA43P2F"
secretAccessKey := "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG"
useSSL := true
// Initialize minio client object.
minioClient, err := minio.New(endpoint, &minio.Options{
Creds: credentials.NewStaticV4(accessKeyID, secretAccessKey, ""),
Secure: useSSL,
})
if err != nil {
log.Fatalln(err)
}
log.Printf("%#v\n", minioClient) // minioClient is now set up
}
```
## Quick Start Example - File Uploader
This example program connects to an object storage server, creates a bucket and uploads a file to the bucket.
We will use the MinIO server running at [https://play.min.io](https://play.min.io) in this example. Feel free to use this service for testing and development. Access credentials shown in this example are open to the public.
### FileUploader.go
```go
package main
import (
"context"
"log"
"github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials"
)
func main() {
ctx := context.Background()
endpoint := "play.min.io"
accessKeyID := "Q3AM3UQ867SPQQA43P2F"
secretAccessKey := "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG"
useSSL := true
// Initialize minio client object.
minioClient, err := minio.New(endpoint, &minio.Options{
Creds: credentials.NewStaticV4(accessKeyID, secretAccessKey, ""),
Secure: useSSL,
})
if err != nil {
log.Fatalln(err)
}
// Make a new bucket called mymusic.
bucketName := "mymusic"
location := "us-east-1"
err = minioClient.MakeBucket(ctx, bucketName, minio.MakeBucketOptions{Region: location})
if err != nil {
// Check to see if we already own this bucket (which happens if you run this twice)
exists, errBucketExists := minioClient.BucketExists(ctx, bucketName)
if errBucketExists == nil && exists {
log.Printf("We already own %s\n", bucketName)
} else {
log.Fatalln(err)
}
} else {
log.Printf("Successfully created %s\n", bucketName)
}
// Upload the zip file
objectName := "golden-oldies.zip"
filePath := "/tmp/golden-oldies.zip"
contentType := "application/zip"
// Upload the zip file with FPutObject
info, err := minioClient.FPutObject(ctx, bucketName, objectName, filePath, minio.PutObjectOptions{ContentType: contentType})
if err != nil {
log.Fatalln(err)
}
log.Printf("Successfully uploaded %s of size %d\n", objectName, info.Size)
}
```
### Run FileUploader
```sh
go run file-uploader.go
2016/08/13 17:03:28 Successfully created mymusic
2016/08/13 17:03:40 Successfully uploaded golden-oldies.zip of size 16253413
mc ls play/mymusic/
[2016-05-27 16:02:16 PDT] 17MiB golden-oldies.zip
```
## API Reference
The full API Reference is available here.
* [Complete API Reference](https://docs.min.io/docs/golang-client-api-reference)
### API Reference : Bucket Operations
* [`MakeBucket`](https://docs.min.io/docs/golang-client-api-reference#MakeBucket)
* [`ListBuckets`](https://docs.min.io/docs/golang-client-api-reference#ListBuckets)
* [`BucketExists`](https://docs.min.io/docs/golang-client-api-reference#BucketExists)
* [`RemoveBucket`](https://docs.min.io/docs/golang-client-api-reference#RemoveBucket)
* [`ListObjects`](https://docs.min.io/docs/golang-client-api-reference#ListObjects)
* [`ListIncompleteUploads`](https://docs.min.io/docs/golang-client-api-reference#ListIncompleteUploads)
### API Reference : Bucket policy Operations
* [`SetBucketPolicy`](https://docs.min.io/docs/golang-client-api-reference#SetBucketPolicy)
* [`GetBucketPolicy`](https://docs.min.io/docs/golang-client-api-reference#GetBucketPolicy)
### API Reference : Bucket notification Operations
* [`SetBucketNotification`](https://docs.min.io/docs/golang-client-api-reference#SetBucketNotification)
* [`GetBucketNotification`](https://docs.min.io/docs/golang-client-api-reference#GetBucketNotification)
* [`RemoveAllBucketNotification`](https://docs.min.io/docs/golang-client-api-reference#RemoveAllBucketNotification)
* [`ListenBucketNotification`](https://docs.min.io/docs/golang-client-api-reference#ListenBucketNotification) (MinIO Extension)
* [`ListenNotification`](https://docs.min.io/docs/golang-client-api-reference#ListenNotification) (MinIO Extension)
### API Reference : File Object Operations
* [`FPutObject`](https://docs.min.io/docs/golang-client-api-reference#FPutObject)
* [`FGetObject`](https://docs.min.io/docs/golang-client-api-reference#FGetObject)
### API Reference : Object Operations
* [`GetObject`](https://docs.min.io/docs/golang-client-api-reference#GetObject)
* [`PutObject`](https://docs.min.io/docs/golang-client-api-reference#PutObject)
* [`PutObjectStreaming`](https://docs.min.io/docs/golang-client-api-reference#PutObjectStreaming)
* [`StatObject`](https://docs.min.io/docs/golang-client-api-reference#StatObject)
* [`CopyObject`](https://docs.min.io/docs/golang-client-api-reference#CopyObject)
* [`RemoveObject`](https://docs.min.io/docs/golang-client-api-reference#RemoveObject)
* [`RemoveObjects`](https://docs.min.io/docs/golang-client-api-reference#RemoveObjects)
* [`RemoveIncompleteUpload`](https://docs.min.io/docs/golang-client-api-reference#RemoveIncompleteUpload)
* [`SelectObjectContent`](https://docs.min.io/docs/golang-client-api-reference#SelectObjectContent)
### API Reference : Presigned Operations
* [`PresignedGetObject`](https://docs.min.io/docs/golang-client-api-reference#PresignedGetObject)
* [`PresignedPutObject`](https://docs.min.io/docs/golang-client-api-reference#PresignedPutObject)
* [`PresignedHeadObject`](https://docs.min.io/docs/golang-client-api-reference#PresignedHeadObject)
* [`PresignedPostPolicy`](https://docs.min.io/docs/golang-client-api-reference#PresignedPostPolicy)
### API Reference : Client custom settings
* [`SetAppInfo`](https://docs.min.io/docs/golang-client-api-reference#SetAppInfo)
* [`TraceOn`](https://docs.min.io/docs/golang-client-api-reference#TraceOn)
* [`TraceOff`](https://docs.min.io/docs/golang-client-api-reference#TraceOff)
## Full Examples
### Full Examples : Bucket Operations
* [makebucket.go](https://github.com/minio/minio-go/blob/master/examples/s3/makebucket.go)
* [listbuckets.go](https://github.com/minio/minio-go/blob/master/examples/s3/listbuckets.go)
* [bucketexists.go](https://github.com/minio/minio-go/blob/master/examples/s3/bucketexists.go)
* [removebucket.go](https://github.com/minio/minio-go/blob/master/examples/s3/removebucket.go)
* [listobjects.go](https://github.com/minio/minio-go/blob/master/examples/s3/listobjects.go)
* [listobjectsV2.go](https://github.com/minio/minio-go/blob/master/examples/s3/listobjectsV2.go)
* [listincompleteuploads.go](https://github.com/minio/minio-go/blob/master/examples/s3/listincompleteuploads.go)
### Full Examples : Bucket policy Operations
* [setbucketpolicy.go](https://github.com/minio/minio-go/blob/master/examples/s3/setbucketpolicy.go)
* [getbucketpolicy.go](https://github.com/minio/minio-go/blob/master/examples/s3/getbucketpolicy.go)
* [listbucketpolicies.go](https://github.com/minio/minio-go/blob/master/examples/s3/listbucketpolicies.go)
### Full Examples : Bucket lifecycle Operations
* [setbucketlifecycle.go](https://github.com/minio/minio-go/blob/master/examples/s3/setbucketlifecycle.go)
* [getbucketlifecycle.go](https://github.com/minio/minio-go/blob/master/examples/s3/getbucketlifecycle.go)
### Full Examples : Bucket encryption Operations
* [setbucketencryption.go](https://github.com/minio/minio-go/blob/master/examples/s3/setbucketencryption.go)
* [getbucketencryption.go](https://github.com/minio/minio-go/blob/master/examples/s3/getbucketencryption.go)
* [deletebucketencryption.go](https://github.com/minio/minio-go/blob/master/examples/s3/deletebucketencryption.go)
### Full Examples : Bucket replication Operations
* [setbucketreplication.go](https://github.com/minio/minio-go/blob/master/examples/s3/setbucketreplication.go)
* [getbucketreplication.go](https://github.com/minio/minio-go/blob/master/examples/s3/getbucketreplication.go)
* [removebucketreplication.go](https://github.com/minio/minio-go/blob/master/examples/s3/removebucketreplication.go)
### Full Examples : Bucket notification Operations
* [setbucketnotification.go](https://github.com/minio/minio-go/blob/master/examples/s3/setbucketnotification.go)
* [getbucketnotification.go](https://github.com/minio/minio-go/blob/master/examples/s3/getbucketnotification.go)
* [removeallbucketnotification.go](https://github.com/minio/minio-go/blob/master/examples/s3/removeallbucketnotification.go)
* [listenbucketnotification.go](https://github.com/minio/minio-go/blob/master/examples/minio/listenbucketnotification.go) (MinIO Extension)
* [listennotification.go](https://github.com/minio/minio-go/blob/master/examples/minio/listen-notification.go) (MinIO Extension)
### Full Examples : File Object Operations
* [fputobject.go](https://github.com/minio/minio-go/blob/master/examples/s3/fputobject.go)
* [fgetobject.go](https://github.com/minio/minio-go/blob/master/examples/s3/fgetobject.go)
### Full Examples : Object Operations
* [putobject.go](https://github.com/minio/minio-go/blob/master/examples/s3/putobject.go)
* [getobject.go](https://github.com/minio/minio-go/blob/master/examples/s3/getobject.go)
* [statobject.go](https://github.com/minio/minio-go/blob/master/examples/s3/statobject.go)
* [copyobject.go](https://github.com/minio/minio-go/blob/master/examples/s3/copyobject.go)
* [removeobject.go](https://github.com/minio/minio-go/blob/master/examples/s3/removeobject.go)
* [removeincompleteupload.go](https://github.com/minio/minio-go/blob/master/examples/s3/removeincompleteupload.go)
* [removeobjects.go](https://github.com/minio/minio-go/blob/master/examples/s3/removeobjects.go)
### Full Examples : Encrypted Object Operations
* [put-encrypted-object.go](https://github.com/minio/minio-go/blob/master/examples/s3/put-encrypted-object.go)
* [get-encrypted-object.go](https://github.com/minio/minio-go/blob/master/examples/s3/get-encrypted-object.go)
* [fput-encrypted-object.go](https://github.com/minio/minio-go/blob/master/examples/s3/fputencrypted-object.go)
### Full Examples : Presigned Operations
* [presignedgetobject.go](https://github.com/minio/minio-go/blob/master/examples/s3/presignedgetobject.go)
* [presignedputobject.go](https://github.com/minio/minio-go/blob/master/examples/s3/presignedputobject.go)
* [presignedheadobject.go](https://github.com/minio/minio-go/blob/master/examples/s3/presignedheadobject.go)
* [presignedpostpolicy.go](https://github.com/minio/minio-go/blob/master/examples/s3/presignedpostpolicy.go)
## Explore Further
* [Complete Documentation](https://docs.min.io)
* [MinIO Go Client SDK API Reference](https://docs.min.io/docs/golang-client-api-reference)
## Contribute
[Contributors Guide](https://github.com/minio/minio-go/blob/master/CONTRIBUTING.md)
## License
This SDK is distributed under the [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0), see [LICENSE](https://github.com/minio/minio-go/blob/master/LICENSE) and [NOTICE](https://github.com/minio/minio-go/blob/master/NOTICE) for more information.

0
source/sdk/java/API.md → source/developers/java/API.md
View File

18
source/developers/java/minio-java.rst Normal file
View File

@ -0,0 +1,18 @@
.. _minio-java-quickstart:
=====================
Java Quickstart Guide
=====================
.. contents:: Table of Contents
:local:
:depth: 2
.. include:: /developers/java/quickstart.md
:parser: myst_parser.sphinx_
.. toctree::
:titlesonly:
:hidden:
/developers/java/API.md

117
source/developers/java/quickstart.md Normal file
View File

@ -0,0 +1,117 @@
# MinIO Java SDK for Amazon S3 Compatible Cloud Storage [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)
MinIO Java SDK is Simple Storage Service (aka S3) client to perform bucket and object operations to any Amazon S3 compatible object storage service.
For a complete list of APIs and examples, please take a look at the [Java Client API Reference](https://docs.min.io/docs/java-client-api-reference) documentation.
## Minimum Requirements
Java 1.8 or above.
## Maven usage
```xml
<dependency>
<groupId>io.minio</groupId>
<artifactId>minio</artifactId>
<version>8.4.0</version>
</dependency>
```
## Gradle usage
```
dependencies {
implementation("io.minio:minio:8.4.0")
}
```
## JAR download
The latest JAR can be downloaded from [here](https://repo1.maven.org/maven2/io/minio/minio/8.4.0/)
## Quick Start Example - File Uploader
This example program connects to an object storage server, makes a bucket on the server and then uploads a file to the bucket.
You need three items in order to connect to an object storage server.
| Parameters | Description |
|------------|------------------------------------------------------------|
| Endpoint | URL to S3 service. |
| Access Key | Access key (aka user ID) of an account in the S3 service. |
| Secret Key | Secret key (aka password) of an account in the S3 service. |
This example uses MinIO server playground [https://play.min.io](https://play.min.io). Feel free to use this service for test and development.
### FileUploader.java
```java
import io.minio.BucketExistsArgs;
import io.minio.MakeBucketArgs;
import io.minio.MinioClient;
import io.minio.UploadObjectArgs;
import io.minio.errors.MinioException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
public class FileUploader {
public static void main(String[] args)
throws IOException, NoSuchAlgorithmException, InvalidKeyException {
try {
// Create a minioClient with the MinIO server playground, its access key and secret key.
MinioClient minioClient =
MinioClient.builder()
.endpoint("https://play.min.io")
.credentials("Q3AM3UQ867SPQQA43P2F", "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG")
.build();
// Make 'asiatrip' bucket if not exist.
boolean found =
minioClient.bucketExists(BucketExistsArgs.builder().bucket("asiatrip").build());
if (!found) {
// Make a new bucket called 'asiatrip'.
minioClient.makeBucket(MakeBucketArgs.builder().bucket("asiatrip").build());
} else {
System.out.println("Bucket 'asiatrip' already exists.");
}
// Upload '/home/user/Photos/asiaphotos.zip' as object name 'asiaphotos-2015.zip' to bucket
// 'asiatrip'.
minioClient.uploadObject(
UploadObjectArgs.builder()
.bucket("asiatrip")
.object("asiaphotos-2015.zip")
.filename("/home/user/Photos/asiaphotos.zip")
.build());
System.out.println(
"'/home/user/Photos/asiaphotos.zip' is successfully uploaded as "
+ "object 'asiaphotos-2015.zip' to bucket 'asiatrip'.");
} catch (MinioException e) {
System.out.println("Error occurred: " + e);
System.out.println("HTTP trace: " + e.httpTrace());
}
}
}
```
#### Compile FileUploader
```sh
$ javac -cp minio-8.4.0-all.jar FileUploader.java
```
#### Run FileUploader
```sh
$ java -cp minio-8.4.0-all.jar:. FileUploader
'/home/user/Photos/asiaphotos.zip' is successfully uploaded as object 'asiaphotos-2015.zip' to bucket 'asiatrip'.
$ mc ls play/asiatrip/
[2016-06-02 18:10:29 PDT] 82KiB asiaphotos-2015.zip
```
## More References
* [Java Client API Reference](https://docs.min.io/docs/java-client-api-reference)
* [Javadoc](https://minio-java.min.io/)
* [Examples](https://github.com/minio/minio-java/tree/release/examples)
## Explore Further
* [Complete Documentation](https://docs.min.io)
* [Build your own Photo API Service - Full Application Example ](https://github.com/minio/minio-java-rest-example)
## Contribute
Please refer [Contributors Guide](https://github.com/minio/minio-java/blob/release/CONTRIBUTING.md)

21
source/sdk/minio-drivers.rst → source/developers/minio-drivers.rst
View File

@ -6,10 +6,6 @@ Software Development Kits (SDK)
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
MinIO publishes the following Software Development Kits (SDK):
.. list-table::
@ -22,26 +18,27 @@ MinIO publishes the following Software Development Kits (SDK):
- Download
* - Java (``minio-java``)
- :doc:`MinIO Java SDK Reference </sdk/java/minio-java>`
- :ref:`MinIO Java SDK Reference <minio-java-quickstart>`
- ToDo
* - Python (``minio-py``)
- :doc:`MinIO Python SDK Reference </sdk/python/minio-py>`
- :doc:`MinIO Python SDK Reference </developers/python/minio-py>`
- ToDo
* - Go (``minio-go``)
- :doc:`MinIO Go SDK Reference </sdk/go/minio-go>`
- :doc:`MinIO Go SDK Reference </developers/go/minio-go>`
- ToDo
* - .NET (``minio-dotnet``)
- :doc:`MinIO .NET SDK Reference </sdk/dotnet/minio-dotnet>`
- :doc:`MinIO .NET SDK Reference </developers/dotnet/minio-dotnet>`
- ToDo
.. toctree::
:titlesonly:
:hidden:
:maxdepth: 1
Java SDK </sdk/java/minio-java>
Python SDK </sdk/python/minio-py>
Go SDK </sdk/go/minio-go>
.NET SDK </sdk/dotnet/minio-dotnet>
/developers/java/minio-java
/developers/python/minio-py
/developers/go/minio-go
/developers/dotnet/minio-dotnet

0
source/sdk/python/API.md → source/developers/python/API.md
View File

20
source/developers/python/minio-py.rst Normal file
View File

@ -0,0 +1,20 @@
.. _minio-python-quickstart:
=======================
Python Quickstart Guide
=======================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. include:: /developers/python/quickstart.md
:parser: myst_parser.sphinx_
.. toctree::
:titlesonly:
:hidden:
/developers/python/API.md

96
source/developers/python/quickstart.md Normal file
View File

@ -0,0 +1,96 @@
# MinIO Python SDK for Amazon S3 Compatible Cloud Storage [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)
MinIO Python SDK is Simple Storage Service (aka S3) client to perform bucket and object operations to any Amazon S3 compatible object storage service.
For a complete list of APIs and examples, please take a look at the [Python Client API Reference](https://docs.min.io/docs/python-client-api-reference)
## Minimum Requirements
Python 3.6 or higher.
## Download using pip
```sh
pip3 install minio
```
## Download source
```sh
git clone https://github.com/minio/minio-py
cd minio-py
python setup.py install
```
## Quick Start Example - File Uploader
This example program connects to an S3-compatible object storage server, make a bucket on that server, and upload a file to the bucket.
You need the following items to connect to an S3-compatible object storage server:
| Parameters | Description |
|------------|------------------------------------------------------------|
| Endpoint | URL to S3 service. |
| Access Key | Access key (aka user ID) of an account in the S3 service. |
| Secret Key | Secret key (aka password) of an account in the S3 service. |
This example uses MinIO server playground [https://play.min.io](https://play.min.io). Feel free to use this service for test and development.
### file_uploader.py
```py
from minio import Minio
from minio.error import S3Error
def main():
# Create a client with the MinIO server playground, its access key
# and secret key.
client = Minio(
"play.min.io",
access_key="Q3AM3UQ867SPQQA43P2F",
secret_key="zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG",
)
# Make 'asiatrip' bucket if not exist.
found = client.bucket_exists("asiatrip")
if not found:
client.make_bucket("asiatrip")
else:
print("Bucket 'asiatrip' already exists")
# Upload '/home/user/Photos/asiaphotos.zip' as object name
# 'asiaphotos-2015.zip' to bucket 'asiatrip'.
client.fput_object(
"asiatrip", "asiaphotos-2015.zip", "/home/user/Photos/asiaphotos.zip",
)
print(
"'/home/user/Photos/asiaphotos.zip' is successfully uploaded as "
"object 'asiaphotos-2015.zip' to bucket 'asiatrip'."
)
if __name__ == "__main__":
try:
main()
except S3Error as exc:
print("error occurred.", exc)
```
#### Run File Uploader
```sh
$ python file_uploader.py
'/home/user/Photos/asiaphotos.zip' is successfully uploaded as object 'asiaphotos-2015.zip' to bucket 'asiatrip'.
$ mc ls play/asiatrip/
[2016-06-02 18:10:29 PDT] 82KiB asiaphotos-2015.zip
```
## More References
* [Python Client API Reference](https://docs.min.io/docs/python-client-api-reference)
* [Examples](https://github.com/minio/minio-py/tree/release/examples)
## Explore Further
* [Complete Documentation](https://docs.min.io)
## Contribute
Please refer [Contributors Guide](https://github.com/minio/minio-py/blob/release/CONTRIBUTING.md)
[![PYPI](https://img.shields.io/pypi/v/minio.svg)](https://pypi.python.org/pypi/minio)

40
source/developers/security-token-service.rst Normal file
View File

@ -0,0 +1,40 @@
.. _minio-security-token-service:
============================
Security Token Service (STS)
============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
The MinIO Security Token Service (STS) APIs allow applications to generate temporary credentials for accessing the MinIO deployment.
The STS API is *required* for MinIO deployments configured to use external identity managers, as the API allows conversion of the external IDP credentials into AWS Signature v4-compatible credentials.
MinIO supports the following STS API endpoints:
.. list-table::
:header-rows: 1
:widths: 30 30 40
* - Endpoint
- Supported IDP
- Description
* - AssumeRoleWithWebIdentity
- OpenID Connect
- Generates an access key and secret key using the JWT token returned by the OIDC provider
* - AssumeRoleWithLDAPIdentity
- Active Directory / LDAP
- Generates an access key and secret key using the AD/LDAP credentials specified to the API endpoint.
.. toctree::
:titlesonly:
:hidden:
:glob:
/developers/security-token-service/*

0
source/security/ad-ldap-external-identity-management/AssumeRoleWithLDAPIdentity.rst → source/developers/security-token-service/AssumeRoleWithLDAPIdentity.rst
View File

0
source/security/openid-external-identity-management/AssumeRoleWithWebIdentity.rst → source/developers/security-token-service/AssumeRoleWithWebIdentity.rst
View File

261
source/includes/common-installation.rst
View File

@ -1,105 +1,3 @@
.. start-install-minio-binary-desc
The following tabs provide examples of installing MinIO onto 64-bit Linux
operating systems using RPM, DEB, or binary. The RPM and DEB packages
automatically install MinIO to the necessary system paths and create a
``systemd`` service file for running MinIO automatically. MinIO strongly
recommends using RPM or DEB installation routes.
.. tab-set::
.. tab-item:: RPM (RHEL)
:sync: rpm
Use the following commands to download the latest stable MinIO RPM and
install it.
.. code-block:: shell
:class: copyable
:substitutions:
wget |minio-rpm| -O minio.rpm
sudo dnf install minio.rpm
.. tab-item:: DEB (Debian/Ubuntu)
:sync: deb
Use the following commands to download the latest stable MinIO DEB and
install it:
.. code-block:: shell
:class: copyable
:substitutions:
wget |minio-deb| -O minio.deb
sudo dpkg -i minio.deb
.. tab-item:: Binary
:sync: binary
Use the following commands to download the latest stable MinIO binary and
install it to the system ``$PATH``:
.. code-block:: shell
:class: copyable
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
sudo mv minio /usr/local/bin/
.. end-install-minio-binary-desc
.. start-upgrade-minio-binary-desc
The following tabs provide examples of updating MinIO onto 64-bit Linux
operating systems using RPM, DEB, or binary:
.. tab-set::
.. tab-item:: RPM (RHEL)
:sync: rpm
Use the following commands to download the latest stable MinIO RPM and
update the existing installation.
.. code-block:: shell
:class: copyable
:substitutions:
wget |minio-rpm| -O minio.deb
sudo dnf update minio.rpm
.. tab-item:: DEB (Debian/Ubuntu)
:sync: deb
Use the following commands to download the latest stable MinIO DEB and
upgrade the existing installation:
.. code-block:: shell
:class: copyable
:substitutions:
wget |minio-deb| -O minio.deb
sudo dpkg -i minio.deb
.. tab-item:: Binary
:sync: binary
Use the following commands to download the latest stable MinIO binary and
overwrite the existing binary:
.. code-block:: shell
:class: copyable
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
sudo mv minio /usr/local/bin/
Replace ``/usr/local/bin`` with the location of the existing MinIO
binary. Run ``which minio`` to identify the path if not already known.
.. end-upgrade-minio-binary-desc
.. start-install-minio-tls-desc
MinIO enables :ref:`Transport Layer Security (TLS) <minio-tls>` 1.2+
@ -134,118 +32,6 @@ recommends *against* non-TLS deployments outside of early development.
.. end-install-minio-tls-desc
.. start-install-minio-systemd-desc
The ``.deb`` or ``.rpm`` packages install the following
`systemd <https://www.freedesktop.org/wiki/Software/systemd/>`__ service file to
``/etc/systemd/system/minio.service``. For binary installations, create this
file manually on all MinIO hosts:
.. code-block:: shell
:class: copyable
[Unit]
Description=MinIO
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
WorkingDirectory=/usr/local
User=minio-user
Group=minio-user
ProtectProc=invisible
EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
# Let systemd restart this service always
Restart=always
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
# Specifies the maximum number of threads this process can create
TasksMax=infinity
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
# Built for ${project.name}-${project.version} (${project.name})
The ``minio.service`` file runs as the ``minio-user`` User and Group by default.
You can create the user and group using the ``groupadd`` and ``useradd``
commands. The following example creates the user, group, and sets permissions
to access the folder paths intended for use by MinIO. These commands typically
require root (``sudo``) permissions.
.. code-block:: shell
:class: copyable
groupadd -r minio-user
useradd -M -r -g minio-user minio-user
chown minio-user:minio-user /mnt/disk1 /mnt/disk2 /mnt/disk3 /mnt/disk4
The specified disk paths are provided as an example. Change them to match
the path to those disks intended for use by MinIO.
Alternatively, change the ``User`` and ``Group`` values to another user and
group on the system host with the necessary access and permissions.
MinIO publishes additional startup script examples on
:minio-git:`github.com/minio/minio-service <minio-service>`.
.. end-install-minio-systemd-desc
.. start-install-minio-start-service-desc
.. code-block:: shell
:class: copyable
sudo systemctl start minio.service
Use the following commands to confirm the service is online and functional:
.. code-block:: shell
:class: copyable
sudo systemctl status minio.service
journalctl -f -u minio.service
MinIO may log an increased number of non-critical warnings while the
server processes connect and synchronize. These warnings are typically
transient and should resolve as the deployment comes online.
.. end-install-minio-start-service-desc
.. start-install-minio-restart-service-desc
.. code-block:: shell
:class: copyable
sudo systemctl restart minio.service
Use the following commands to confirm the service is online and functional:
.. code-block:: shell
:class: copyable
sudo systemctl status minio.service
journalctl -f -u minio.service
MinIO may log an increased number of non-critical warnings while the
server processes connect and synchronize. These warnings are typically
transient and should resolve as the deployment comes online.
.. end-install-minio-restart-service-desc
.. start-install-minio-console-desc
Open your browser and access any of the MinIO hostnames at port ``:9001`` to
@ -267,6 +53,53 @@ Console.
.. end-install-minio-console-desc
.. start-local-jbod-single-node-desc
MinIO strongly recommends direct-attached :abbr:`JBOD (Just a Bunch of Disks)`
arrays with XFS-formatted disks for best performance.
- Direct-Attached Storage (DAS) has significant performance and consistency
advantages over networked storage (NAS, SAN, NFS).
- Deployments using non-XFS filesystems (ext4, btrfs, zfs) tend to have
lower performance while exhibiting unexpected or undesired behavior.
- RAID or similar technologies do not provide additional resilience or
availability benefits when used with distributed MinIO deployments, and
typically reduce system performance.
Ensure all server drives for which you intend MinIO to use are of the same type (NVMe, SSD, or HDD) with identical capacity (e.g. ``12`` TB).
MinIO does not distinguish drive types and does not benefit from mixed storage types.
Additionally. MinIO limits the size used per disk to the smallest drive in the deployment.
For example, if the deployment has 15 10TB disks and 1 1TB disk, MinIO limits the per-disk capacity to 1TB.
MinIO *requires* using expansion notation ``{x...y}`` to denote a sequential series of disks when creating the new |deployment|, where all nodes in the |deployment| have an identical set of mounted drives.
MinIO also requires that the ordering of physical disks remain constant across restarts, such that a given mount point always points to the same formatted disk.
MinIO therefore **strongly recommends** using ``/etc/fstab`` or a similar file-based mount configuration to ensure that drive ordering cannot change after a reboot.
For example:
.. code-block:: shell
$ mkfs.xfs /dev/sdb -L DISK1
$ mkfs.xfs /dev/sdc -L DISK2
$ mkfs.xfs /dev/sdd -L DISK3
$ mkfs.xfs /dev/sde -L DISK4
$ nano /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
LABEL=DISK1 /mnt/disk1 xfs defaults,noatime 0 2
LABEL=DISK2 /mnt/disk2 xfs defaults,noatime 0 2
LABEL=DISK3 /mnt/disk3 xfs defaults,noatime 0 2
LABEL=DISK4 /mnt/disk4 xfs defaults,noatime 0 2
You can then specify the entire range of disks using the expansion notation ``/mnt/disk{1...4}``.
If you want to use a specific subfolder on each disk, specify it as ``/mnt/disk{1...4}/minio``.
MinIO **does not** support arbitrary migration of a drive with existing MinIO data to a new mount position, whether intentional or as the result of OS-level behavior.
.. end-local-jbod-single-node-desc
.. start-local-jbod-desc
MinIO strongly recommends direct-attached :abbr:`JBOD (Just a Bunch of Disks)`

147
source/includes/common/installation.rst Normal file
View File

@ -0,0 +1,147 @@
.. _minio-installation:
========================
Install and Deploy MinIO
========================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
MinIO is a software-defined high performance distributed object storage server.
You can run MinIO on consumer or enterprise-grade hardware and a variety
of operating systems and architectures.
MinIO supports three deployment modes:
Standalone Single-Drive
A single MinIO server with a single storage volume or folder, also referred to as "Filesystem Mode".
Standalone single deployments are best suited for evaluation and initial development of applications using MinIO for object storage, *or* for providing an S3 access layer to single storage volume.
Standalone deployments do not provide access to the full set of MinIO's advanced S3 features and functionality - specifically those dependent on :ref:`Erasure Coding <minio-erasure-coding>`.
Standalone Multi-Drive
A single MinIO server with *at least* four storage volumes or folders.
A standalone multi-drive deployment supports and enables :ref:`erasure coding <minio-erasure-coding>` and its dependent features.
Standalone multi-drive deployments can only provide drive-level availability and performance scaling.
Use standalone multi-drive deployments for small-scale environments which do not require high availability or scalable performance characteristics.
Distributed Deployments
One or more MinIO servers with *at least* four total storage volumes across all servers.
A distributed deployment supports and enables :ref:`erasure coding <minio-erasure-coding>` and its dependent features.
Distributed deployments provide drive and server-level availability and performance scaling.
Distributed deployments are best for production environments and workloads.
MinIO recommends a baseline topology of 4 nodes with 4 drives each for production environments.
This topology provides continuity with the loss of up to one server *or* four drives across all servers.
.. _minio-installation-comparison:
The following table compares the key functional differences between MinIO deployments:
.. list-table::
:header-rows: 1
:width: 100%
* -
- :guilabel:`Standalone Single-Drive`
- :guilabel:`Standalone Multi-Drive`
- :guilabel:`Distributed`
* - Site-to-Site Replication
- Client-Side via :mc:`mc mirror`
- :ref:`Server-Side Replication <minio-bucket-replication>`
- :ref:`Server-Side Replication <minio-bucket-replication>`
* - Versioning
- No
- :ref:`Object Versioning <minio-bucket-versioning>`
- :ref:`Object Versioning <minio-bucket-versioning>`
* - Retention
- No
- :ref:`Write-Once Read-Many Locking <minio-bucket-locking>`
- :ref:`Write-Once Read-Many Locking <minio-bucket-locking>`
* - High Availability / Redundancy
- Drive Level Only (RAID and similar)
- Drive Level only with :ref:`Erasure Coding <minio-erasure-coding>`
- Drive and Server-Level with :ref:`Erasure Coding <minio-erasure-coding>`
* - Scaling
- No
- :ref:`Server Pool Expansion <expand-minio-distributed>`
- :ref:`Server Pool Expansion <expand-minio-distributed>`.
Site Replication
----------------
Site replication expands the features of bucket replication to include IAM, security tokens, service accounts, and bucket features the same across all sites.
:ref:`Site replication <minio-site-replication-overview>` links multiple MinIO deployments together and keeps the buckets, objects, and Identify and Access Management (IAM) settings in sync across all connected sites.
.. include:: /includes/common-replication.rst
:start-after: start-mc-admin-replicate-what-replicates
:end-before: end-mc-admin-replicate-what-replicates
What Does Not Replicate?
~~~~~~~~~~~~~~~~~~~~~~~~
Not everything replicates across sites.
.. include:: /includes/common-replication.rst
:start-after: start-mc-admin-replicate-what-does-not-replicate
:end-before: end-mc-admin-replicate-what-does-not-replicate
.. _minio-installation-platform-support:
Platform Support
----------------
MinIO provides builds of the MinIO server (:mc:`minio`) and the
MinIO :abbr:`CLI (Command Line Interface)` (:mc:`mc`) for the following
platforms.
.. cond:: linux
- Red Hat Enterprise Linux 8.5+ (including all binary-compatible RHEL alternatives)
- Ubuntu 18.04+
MinIO provides builds for the following architectures:
- AMD64
- ARM64
- PowerPC 64 LE
- S390X
.. cond:: macos
MinIO recommends non-EOL macOS versions (10.14+).
.. cond:: windows
MinIO recommends non-EOL Windows versions (Windows 10, Windows Server 2016+).
Support for running :ref:`distributed MinIO deployments <deploy-minio-distributed>` is *experimental* on Windows OS.
For unlisted platforms or architectures, please reach out to MinIO at
hello@min.io for additional support and guidance. You can build MinIO from
:minio-git:`source <minio/#install-from-source>` and
`cross-compile
<https://golang.org/doc/install/source#bootstrapFromCrosscompiledSource>`__
for your platform and architecture combo. MinIO generally does not recommend
source-based installations in production environments.
.. toctree::
:titlesonly:
:hidden:
/operations/install-deploy-manage/deploy-minio-single-node-single-drive
/operations/install-deploy-manage/deploy-minio-single-node-multi-drive
/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive
/operations/install-deploy-manage/multi-site-replication

0
source/quickstart/container.rst → source/includes/containers/quickstart.rst
View File

19
source/includes/k8s/deploy-operator.rst Normal file
View File

@ -0,0 +1,19 @@
.. _minio-operator-installation:
=========================
Deploy the MinIO Operator
=========================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
STUB - to be filled in
.. toctree::
:titlesonly:
:hidden:
/operations/install-deploy-manage/upgrade-minio-operator

2
source/quickstart/k8s.rst → source/includes/k8s/quickstart.rst
View File

@ -10,7 +10,7 @@ Quickstart for Kubernetes
This procedure deploys a :ref:`Single-Node Single-Drive <minio-installation-comparison>` MinIO server onto |OS| for early development and evaluation of MinIO Object Storage and its S3-compatible API layer.
For production-ready :ref:`Distributed <minio-installation-comparison>` MinIO deployments on Kubernetes, use the :docs-k8s:`MinIO Kubernetes Operator <>`.
Use the :ref:`MinIO Opreator <minio-operator-installation>` to deploy and manage production-ready MinIO tenants on Kubernetes.
Prerequisites
-------------

261
source/includes/linux/common-installation.rst Normal file
View File

@ -0,0 +1,261 @@
.. start-install-minio-binary-desc
The following tabs provide examples of installing MinIO onto 64-bit Linux
operating systems using RPM, DEB, or binary. The RPM and DEB packages
automatically install MinIO to the necessary system paths and create a
``systemd`` service file for running MinIO automatically. MinIO strongly
recommends using RPM or DEB installation routes.
.. tab-set::
.. tab-item:: RPM (RHEL)
:sync: rpm
Use the following commands to download the latest stable MinIO RPM and
install it.
.. code-block:: shell
:class: copyable
:substitutions:
wget |minio-rpm| -O minio.deb
sudo dnf install minio.rpm
.. tab-item:: DEB (Debian/Ubuntu)
:sync: deb
Use the following commands to download the latest stable MinIO DEB and
install it:
.. code-block:: shell
:class: copyable
:substitutions:
wget |minio-deb| -O minio.deb
sudo dpkg -i minio.deb
.. tab-item:: Binary
:sync: binary
Use the following commands to download the latest stable MinIO binary and
install it to the system ``$PATH``:
.. code-block:: shell
:class: copyable
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
sudo mv minio /usr/local/bin/
.. end-install-minio-binary-desc
.. start-run-minio-binary-desc
Run the :mc-cmd:`minio server` command to start the MinIO server.
Specify the path to the volume or folder to use as the storage directory.
The :mc-cmd:`minio` process must have full access (``rwx``) to the specified path and all subfolders:
The following example uses the ``~/minio-data`` folder:
.. code-block:: shell
:class: copyable
mkdir ~/minio-data
minio server ~/minio-data --console-address ":9090"
The :mc:`minio server` process prints its output to the system console, similar
to the following:
.. code-block:: shell
API: http://192.0.2.10:9000 http://127.0.0.1:9000
RootUser: minioadmin
RootPass: minioadmin
Console: http://192.0.2.10:9090 http://127.0.0.1:9090
RootUser: minioadmin
RootPass: minioadmin
Command-line: https://docs.min.io/docs/minio-client-quickstart-guide
$ mc alias set myminio http://192.0.2.10:9000 minioadmin minioadmin
Documentation: https://docs.min.io
WARNING: Detected default credentials 'minioadmin:minioadmin', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables
Open your browser to any of the listed :guilabel:`Console` addresses to open the
:ref:`MinIO Console <minio-console>` and log in with the :guilabel:`RootUser`
and :guilabel:`RootPass`. You can use the MinIO Console for performing
administration on the MinIO server.
For applications, use the :guilabel:`API` addresses to access the MinIO
server and perform S3 operations.
The following steps are optional but recommended for further securing the
MinIO deployment.
.. end-run-minio-binary-desc
.. start-upgrade-minio-binary-desc
The following tabs provide examples of updating MinIO onto 64-bit Linux
operating systems using RPM, DEB, or binary:
.. tab-set::
.. tab-item:: RPM (RHEL)
:sync: rpm
Use the following commands to download the latest stable MinIO RPM and
update the existing installation.
.. code-block:: shell
:class: copyable
:substitutions:
wget |minio-rpm| -O minio.deb
sudo dnf update minio.rpm
.. tab-item:: DEB (Debian/Ubuntu)
:sync: deb
Use the following commands to download the latest stable MinIO DEB and
upgrade the existing installation:
.. code-block:: shell
:class: copyable
:substitutions:
wget |minio-deb| -O minio.deb
sudo dpkg -i minio.deb
.. tab-item:: Binary
:sync: binary
Use the following commands to download the latest stable MinIO binary and
overwrite the existing binary:
.. code-block:: shell
:class: copyable
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
sudo mv minio /usr/local/bin/
Replace ``/usr/local/bin`` with the location of the existing MinIO
binary. Run ``which minio`` to identify the path if not already known.
.. end-upgrade-minio-binary-desc
.. start-install-minio-systemd-desc
The ``.deb`` or ``.rpm`` packages install the following
`systemd <https://www.freedesktop.org/wiki/Software/systemd/>`__ service file to
``/etc/systemd/system/minio.service``. For binary installations, create this
file manually on all MinIO hosts:
.. code-block:: shell
:class: copyable
[Unit]
Description=MinIO
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
WorkingDirectory=/usr/local
User=minio-user
Group=minio-user
ProtectProc=invisible
EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
# Let systemd restart this service always
Restart=always
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
# Specifies the maximum number of threads this process can create
TasksMax=infinity
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
# Built for ${project.name}-${project.version} (${project.name})
The ``minio.service`` file runs as the ``minio-user`` User and Group by default.
You can create the user and group using the ``groupadd`` and ``useradd``
commands. The following example creates the user, group, and sets permissions
to access the folder paths intended for use by MinIO. These commands typically
require root (``sudo``) permissions.
.. code-block:: shell
:class: copyable
groupadd -r minio-user
useradd -M -r -g minio-user minio-user
chown minio-user:minio-user /mnt/disk1 /mnt/disk2 /mnt/disk3 /mnt/disk4
The specified disk paths are provided as an example. Change them to match
the path to those disks intended for use by MinIO.
Alternatively, change the ``User`` and ``Group`` values to another user and
group on the system host with the necessary access and permissions.
MinIO publishes additional startup script examples on
:minio-git:`github.com/minio/minio-service <minio-service>`.
.. end-install-minio-systemd-desc
.. start-install-minio-start-service-desc
.. code-block:: shell
:class: copyable
sudo systemctl start minio.service
Use the following commands to confirm the service is online and functional:
.. code-block:: shell
:class: copyable
sudo systemctl status minio.service
journalctl -f -u minio.service
MinIO may log an increased number of non-critical warnings while the
server processes connect and synchronize. These warnings are typically
transient and should resolve as the deployment comes online.
.. end-install-minio-start-service-desc
.. start-install-minio-restart-service-desc
.. code-block:: shell
:class: copyable
sudo systemctl restart minio.service
Use the following commands to confirm the service is online and functional:
.. code-block:: shell
:class: copyable
sudo systemctl status minio.service
journalctl -f -u minio.service
MinIO may log an increased number of non-critical warnings while the
server processes connect and synchronize. These warnings are typically
transient and should resolve as the deployment comes online.
.. end-install-minio-restart-service-desc

96
source/includes/linux/deploy-standalone.rst Normal file
View File

@ -0,0 +1,96 @@
1) Download the MinIO Server
----------------------------
The following tabs provide examples of installing MinIO onto 64-bit Linux
operating systems using RPM, DEB, or binary. The RPM and DEB packages
automatically install MinIO to the necessary system paths and create a
``systemd`` service file for running MinIO automatically. MinIO strongly
recommends using RPM or DEB installation routes.
.. tab-set::
.. tab-item:: RPM (RHEL)
:sync: rpm
Use the following commands to download the latest stable MinIO RPM and
install it.
.. code-block:: shell
:class: copyable
:substitutions:
wget |minio-rpm| -O minio.deb
sudo dnf install minio.rpm
.. tab-item:: DEB (Debian/Ubuntu)
:sync: deb
Use the following commands to download the latest stable MinIO DEB and
install it:
.. code-block:: shell
:class: copyable
:substitutions:
wget |minio-deb| -O minio.deb
sudo dpkg -i minio.deb
.. tab-item:: Binary
:sync: binary
Use the following commands to download the latest stable MinIO binary and
install it to the system ``$PATH``:
.. code-block:: shell
:class: copyable
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
sudo mv minio /usr/local/bin/
2) Run the MinIO Server
-----------------------
Run the :mc-cmd:`minio server` command to start the MinIO server.
Specify the path to the volume or folder to use as the storage directory.
The :mc-cmd:`minio` process must have full access (``rwx``) to the specified path and all subfolders:
The following example uses the ``~/minio-data`` folder:
.. code-block:: shell
:class: copyable
mkdir ~/minio-data
minio server ~/minio-data --console-address ":9090"
The :mc:`minio server` process prints its output to the system console, similar
to the following:
.. code-block:: shell
API: http://192.0.2.10:9000 http://127.0.0.1:9000
RootUser: minioadmin
RootPass: minioadmin
Console: http://192.0.2.10:9090 http://127.0.0.1:9090
RootUser: minioadmin
RootPass: minioadmin
Command-line: https://docs.min.io/docs/minio-client-quickstart-guide
$ mc alias set myminio http://192.0.2.10:9000 minioadmin minioadmin
Documentation: https://docs.min.io
WARNING: Detected default credentials 'minioadmin:minioadmin', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables
Open your browser to any of the listed :guilabel:`Console` addresses to open the
:ref:`MinIO Console <minio-console>` and log in with the :guilabel:`RootUser`
and :guilabel:`RootPass`. You can use the MinIO Console for performing
administration on the MinIO server.
For applications, use the :guilabel:`API` addresses to access the MinIO
server and perform S3 operations.
The following steps are optional but recommended for further securing the
MinIO deployment.

2
source/quickstart/linux.rst → source/includes/linux/quickstart.rst
View File

@ -25,7 +25,7 @@ Procedure
#. **Install the MinIO Server**
.. include:: /includes/common-installation.rst
.. include:: /includes/linux/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc

77
source/includes/macos/common-installation.rst Normal file
View File

@ -0,0 +1,77 @@
.. start-install-minio-binary-desc
.. tab-set::
.. tab-item:: Homebrew
Open a Terminal and run the following command to install the latest stable MinIO package using `Homebrew <https://brew.sh>`_.
.. code-block:: shell
:class: copyable
brew install minio/stable/minio
.. important::
If you previously installed the MinIO server using ``brew install minio``, then we recommend that you reinstall from ``minio/stable/minio`` instead.
.. code-block:: shell
:class: copyable
brew uninstall minio
brew install minio/stable/minio
.. tab-item:: Binary - arm64
Open a Terminal, then use the following commands to download the standalone MinIO server for MacOS and make it executable.
.. code-block:: shell
:class: copyable
curl -O https://dl.min.io/server/minio/release/darwin-arm64/minio
chmod +x minio
.. tab-item:: Binary - amd64
Open a Terminal, then use the following commands to download the standalone MinIO server for MacOS and make it executable.
.. code-block:: shell
:class: copyable
curl -O https://dl.min.io/server/minio/release/darwin-amd64/minio
chmod +x minio
.. end-install-minio-binary-desc
.. start-run-minio-binary-desc
From the Terminal, use the :mc:`minio server` to start a local MinIO instance in the ``~/data`` folder.
If desired, you can replace ``~/data`` with another location to which the user has read, write, and delete access for the MinIO instance.
.. code-block:: shell
:class: copyable
~/.minio server ~/data --console-address :9090
If you installed with Homebrew, do not include the ``~/`` at the beginning of the command.
The :mc:`minio server` process prints its output to the system console, similar to the following:
.. code-block:: shell
API: http://192.0.2.10:9000 http://127.0.0.1:9000
RootUser: minioadmin
RootPass: minioadmin
Console: http://192.0.2.10:9090 http://127.0.0.1:9090
RootUser: minioadmin
RootPass: minioadmin
Command-line: https://docs.min.io/docs/minio-client-quickstart-guide
$ mc alias set myminio http://192.0.2.10:9000 minioadmin minioadmin
Documentation: https://docs.min.io
WARNING: Detected default credentials 'minioadmin:minioadmin', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables.
.. end-run-minio-binary-desc

79
source/quickstart/macos.rst → source/includes/macos/quickstart.rst
View File

@ -21,81 +21,20 @@ Prerequisites
Procedure
---------
#. Install the MinIO Server
#. **Install the MinIO Server**
.. tab-set::
.. tab-item:: Homebrew
.. include:: /includes/macos/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc
Open a Terminal and run the following command to install the latest stable MinIO package using `Homebrew <https://brew.sh>`_.
.. code-block:: shell
:class: copyable
brew install minio/stable/minio
.. important::
If you previously installed the MinIO server using ``brew install minio``, then we recommend that you reinstall from ``minio/stable/minio`` instead.
.. code-block:: shell
:class: copyable
brew uninstall minio
brew install minio/stable/minio
.. tab-item:: Binary - arm64
Open a Terminal, then use the following commands to download the standalone MinIO server for MacOS and make it executable.
.. code-block:: shell
:class: copyable
curl -O https://dl.min.io/server/minio/release/darwin-arm64/minio
chmod +x minio
.. tab-item:: Binary - amd64
Open a Terminal, then use the following commands to download the standalone MinIO server for MacOS and make it executable.
.. code-block:: shell
:class: copyable
curl -O https://dl.min.io/server/minio/release/darwin-amd64/minio
chmod +x minio
#. Launch the :mc:`minio server`
#. **Launch the MinIO Server**
From the Terminal, use this command to start a local MinIO instance in the ``~/data`` folder.
If desired, you can replace ``~/data`` with another location to which the user has read, write, and delete access for the MinIO instance.
.. include:: /includes/macos/common-installation.rst
:start-after: start-run-minio-binary-desc
:end-before: end-run-minio-binary-desc
.. code-block:: shell
:class: copyable
~/minio server ~/data --console-address :9090
If you installed with Homebrew, do not include the ``~/`` at the beginning of the command.
The :mc:`minio server` process prints its output to the system console, similar to the following:
.. code-block:: shell
API: http://192.0.2.10:9000 http://127.0.0.1:9000
RootUser: minioadmin
RootPass: minioadmin
Console: http://192.0.2.10:9090 http://127.0.0.1:9090
RootUser: minioadmin
RootPass: minioadmin
Command-line: https://docs.min.io/docs/minio-client-quickstart-guide
$ mc alias set myminio http://192.0.2.10:9000 minioadmin minioadmin
Documentation: https://docs.min.io
WARNING: Detected default credentials 'minioadmin:minioadmin', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables.
#. Connect your Browser to the MinIO Server
#. **Connect your Browser to the MinIO Server**
Access the :ref:`minio-console` by going to a browser (such as Safari) and going to ``https://127.0.0.1:9000`` or one of the Console addresses specified in the :mc:`minio server` command's output.
For example, :guilabel:`Console: http://192.0.2.10:9090 http://127.0.0.1:9090` in the example output indicates two possible addresses to use for connecting to the Console.

0
source/quickstart/windows.rst → source/includes/windows/quickstart.rst
View File

189
source/index.rst
View File

@ -4,105 +4,56 @@ MinIO High Performance Object Storage
.. default-domain:: minio
Welcome to the MinIO Documentation! MinIO is a high performance object storage
solution with native support for Kubernetes deployments. MinIO provides an
Amazon Web Services S3-compatible API and supports all core S3 features.
.. contents:: Table of Contents
:local:
:depth: 2
MinIO is a high performance object storage solution that provides an Amazon Web Services S3-compatible API and supports all core S3 features.
MinIO is built to anywhere - public or private cloud, baremetal infrastructure, orchestrated environments, and edge infrastructure.
.. cond:: linux
This site documents Operations, Administration, and Development of MinIO deployments on Linux platforms.
.. cond:: windows
This site documents Operations, Administration, and Development of MinIO deployments on Windows platforms.
.. cond:: osx
This site documents Operations, Administration, and Development of MinIO deployments on Mac OSX platforms.
.. cond:: k8s
This site documents Operations, Administration, and Development of MinIO deployments on Kubernetes platform.
This documentation targets the latest stable version of MinIO: |minio-tag|.
MinIO is released under `GNU Affero General Public License v3.0
<https://www.gnu.org/licenses/agpl-3.0.en.html>`__.
This documentation targets the latest stable version of MinIO, |minio-tag|.
You can get started exploring MinIO features using our ``play`` server at
https://play.min.io. ``play`` is a *public* MinIO cluster running the latest
stable MinIO server. Any file uploaded to ``play`` should be considered public
and non-protected.
The MinIO Client :mc:`mc` commandline interface includes an
:mc-cmd:`alias <mc alias>` for the ``play`` server. After
`Downloading the MinIO Client <https://min.io/downloads>`__, use the
``play`` alias to perform S3-compatible object storage operations:
.. cond:: linux
.. code-block:: shell
:class: copyable
.. include:: /includes/linux/quickstart.rst
mc alias list play
mc mb --with-lock play/mynewbucket
mc cp ~/data/mytestdata play/mynewbucket
.. cond:: macos
See the :doc:`MinIO Client Complete Reference </reference/minio-mc>`
for complete documentation on the available :mc:`mc` commands.
.. include:: /includes/macos/quickstart.rst
- First-time users of MinIO *or* object storage services should start with
our :doc:`Introduction </introduction/minio-overview>`.
.. cond:: windows
- Users deploying onto a Kubernetes cluster should start with our
:docs-k8s:`Kubernetes documentation <>`.
.. include:: /includes/windows/quickstart.rst
Quickstart
----------
.. cond:: k8s
Select the card corresponding to the platform on which you want to deploy MinIO to display instructions for deploying a :ref:`Standalone <minio-installation-comparison>` MinIO server appropriate for early development and evaluation environments.
.. include:: /includes/k8s/quickstart.rst
.. grid:: 3
:gutter: 3
.. grid-item-card:: Linux
:link-type: ref
:link: quickstart-linux
.. image:: /images/logos/linux.svg
:width: 100px
:height: 100px
:alt: Linux Quickstart
:align: center
:class: noshadow
.. grid-item-card:: MacOS
:link-type: ref
:link: quickstart-macos
.. image:: /images/logos/macos.svg
:width: 100px
:height: 100px
:alt: MacOS Quickstart
:align: center
:class: noshadow
.. grid-item-card:: Windows
:link-type: ref
:link: quickstart-windows
.. image:: /images/logos/windows.svg
:width: 100px
:height: 100px
:alt: Windows Quickstart
:align: center
:class: noshadow
.. grid-item-card:: Kubernetes (Generic)
:link-type: ref
:link: quickstart-kubernetes
.. image:: /images/logos/kubernetes.svg
:width: 100px
:height: 100px
:alt: Kubernetes Quickstart
:align: center
:class: noshadow
.. grid-item-card:: Docker / Podman
:link-type: ref
:link: quickstart-container
.. image:: /images/logos/docker.svg
:width: 100px
:height: 100px
:alt: Docker Quickstart
:align: center
:class: noshadow
:subscript:`All trademarks or logos displayed on this page are the property of their respective owners, and constitute neither an endorsement nor a recommendation of those organizations. In addition, such use of trademarks or links to the web sites of third-party organizations is not intended to imply, directly or indirectly, that those organizations endorse or have any affiliation with MinIO.`
Licensing
---------
@ -126,22 +77,58 @@ applications that trigger AGPLv3 obligations (e.g. open sourcing your
application). Applications using MinIO - or any other OSS-licensed code -
without validating their usage do so at their own risk.
.. toctree::
:titlesonly:
:hidden:
.. cond:: k8s
/introduction/minio-overview
/quickstart/quickstart
/installation/deployment-and-management
/security/iam-overview
/security/encryption-overview
Object Retention </object-retention/minio-object-retention>
/lifecycle-management/lifecycle-management-overview
/replication/replication-overview
/monitoring/monitoring-overview
/support/support-overview
/reference/minio-mc
/reference/minio-mc-admin
/reference/minio-server/minio-server
/console/minio-console
/sdk/minio-drivers
.. toctree::
:titlesonly:
:hidden:
/operations/installation
/operations/deploy-manage-tenants
/operations/concepts
/operations/monitoring
/operations/external-iam
/operations/server-side-encryption
/operations/network-encryption
/operations/checklists
/operations/data-recovery
/operations/troubleshooting
/administration/minio-console
/administration/object-management
/administration/monitoring
/administration/identity-access-management
/administration/server-side-encryption
/administration/bucket-replication
/developers/minio-drivers
/developers/security-token-service
/reference/minio-mc
/reference/minio-mc-admin
/reference/minio-server/minio-server
.. cond:: linux or macos or windows
.. toctree::
:titlesonly:
:hidden:
/operations/installation
/operations/manage-existing-deployments
/operations/concepts
/operations/monitoring
/operations/external-iam
/operations/server-side-encryption
/operations/network-encryption
/operations/checklists
/operations/data-recovery
/operations/troubleshooting
/administration/minio-console
/administration/object-management
/administration/monitoring
/administration/identity-access-management
/administration/server-side-encryption
/administration/bucket-replication
/developers/minio-drivers
/developers/security-token-service
/reference/minio-mc
/reference/minio-mc-admin
/reference/minio-server/minio-server

137
source/installation/deployment-and-management.rst
View File

@ -1,137 +0,0 @@
.. _minio-installation:
=========================
Deployment and Management
=========================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
MinIO is a software-defined high performance distributed object storage server.
You can run MinIO on consumer or enterprise-grade hardware and a variety
of operating systems and architectures.
.. _minio-installation-comparison:
MinIO supports three deployment topologies:
Single-Node Single-Drive (SNSD)
A single MinIO server with a single storage volume or folder.
|SNSD| deployments are best suited for evaluation and initial development of applications using MinIO for object storage.
This topology was previously referred to as :guilabel:`Standalone Mode`.
Starting with :minio-release:`RELEASE.2022-06-02T02-11-04Z`, |SNSD| deployments implement a zero-parity erasure coding backend and include support for the following erasure-coding dependent features:
- Versioning
- Object Locking / Retention
This topology is incompatible with the older filesystem-style behavior where MinIO acted as a simple S3 API layer while allowing POSIX-style access to managed files.
Single-Node Multi-Drive (SNMD)
A single MinIO server with four or more storage volumes.
|SNMD| deployments provide drive-level reliability and failover only.
Multi-Node Multi-Drive (MNMD or "Distributed")
Multiple MinIO servers with at least four drives across all servers.
The distributed |MNMD| topology supports production-grade object storage with drive and node-level availability and resiliency.
For tutorials on deploying or expanding a distributed MinIO deployment, see:
- :ref:`deploy-minio-distributed`
- :ref:`expand-minio-distributed`
For instructions on deploying MinIO in Kubernetes, see
:docs-k8s:`Deploy a MinIO Tenant using the MinIO Kubernetes Plugin
<tenant-management/deploy-minio-tenant.html>`
For tutorials on deploying a standalone MinIO deployment, see:
- :ref:`deploy-minio-standalone`
- :ref:`deploy-minio-standalone-container`
.. _minio-installation-platform-support:
Platform Support
----------------
MinIO provides builds of the MinIO server (:mc:`minio`) and the
MinIO :abbr:`CLI (Command Line Interface)` (:mc:`mc`) for the following
platforms.
.. list-table::
:stub-columns: 1
:widths: 20 80
:width: 100%
* - Linux
- MinIO recommends RHEL8+ or Ubuntu 18.04+.
MinIO provides builds for the following architectures:
- AMD64
- ARM64
- PowerPC 64 LE
- S390X
* - macOS
- MinIO recommends non-EOL macOS versions (10.14+).
* - Microsoft Windows
- MinIO recommends non-EOL Windows versions (Windows 10, Windows Server
2016+). Support for running :ref:`distributed MinIO deployments
<deploy-minio-distributed>` is *experimental* on Windows OS.
For unlisted platforms or architectures, please reach out to MinIO at
hello@min.io for additional support and guidance. You can build MinIO from
:minio-git:`source <minio/#install-from-source>` and
`cross-compile
<https://golang.org/doc/install/source#bootstrapFromCrosscompiledSource>`__
for your platform and architecture combo. MinIO generally does not recommend
source-based installations in production environments.
.. _minio-preexisting-data:
Pre-Existing Data
-----------------
Standalone Deployments
~~~~~~~~~~~~~~~~~~~~~~
When deploying a new MinIO server instance, you can choose a storage location that contains existing data only for standlone deployments.
For standalone deployments, MinIO adds the existing data as buckets and objects as part of starting the server.
.. important::
Files at the root of the starting path do not display in MinIO.
Existing data must be in folders in the starting path.
Top level folders become MinIO buckets.
Distributed Deployments
~~~~~~~~~~~~~~~~~~~~~~~
Once you start a standalone server, you can create or delete buckets and objects either with :ref:`MinIO Console <minio-console>`, the :ref:`mc client <minio-client>`, or directly in the file system.
For a distributed MinIO deployment, the starting path must be empty.
Once you start a distributed server, MinIO does not support manipulating the data directly on the storage location outside of the S3 API.
Manipulating files directly on the storage locations can result in data corruption or data loss.
For example, you cannot navigate to the storage location using a file explorer program and add or remove files.
Instead, use the :ref:`MinIO Client <minio-client>`, the :ref:`MinIO Console <minio-console>`, or one of the MinIO :ref:`Software Development Kits <minio-drivers>` to work with the buckets and objects for distributed deployments.
.. toctree::
:titlesonly:
:hidden:
/installation/deploy-minio-distributed
/installation/expand-minio-distributed
/installation/deploy-minio-single-node-single-drive
/installation/upgrade-minio
/installation/restore-minio
/installation/decommission-pool

262
source/installation/restore-minio.rst
View File

@ -1,262 +0,0 @@
.. _minio-restore-hardware-failure:
==============================
Recover after Hardware Failure
==============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
MinIO deployments rely on :ref:`Erasure Coding <minio-erasure-coding>` to provide built-in tolerance for multiple disk or node failures.
Depending on the deployment topology and the selected erasure code parity, MinIO can tolerate the loss of up to half the drives or nodes in the deployment while maintaining read access ("read quorum") to objects.
:ref:`Single-Node Single-Drive <minio-installation-comparison>` deployments are zero-parity and depend on the underlying storage volume to provide recovery. Ensure the storage volume has the necessary resiliency settings and defer to the tools or software associated to that volume for recovery.
The following table lists the typical types of failure in a MinIO deployment
and links to procedures for recovering from each:
.. list-table::
:header-rows: 1
:widths: 30 70
:width: 100%
* - Failure Type
- Description
* - :ref:`Drive Failure <minio-restore-hardware-failure-drive>`
- MinIO supports hot-swapping failed drives with new healthy drives.
* - :ref:`Node Failure <minio-restore-hardware-failure-node>`
- MinIO detects when a node rejoins the deployment and begins proactively healing the node shortly after it is joined back to the cluster
healing data previously stored on that node.
Since MinIO can operate in a degraded state without significant performance
loss, administrators can schedule hardware replacement in proportion to the rate
of hardware failure. "Normal" failure rates (single drive or node failure) may
allow for a more reasonable replacement timeframe, while "critical" failure
rates (multiple drives or nodes) may require a faster response.
For nodes with one or more drives that are either partially failed or operating
in a degraded state (increasing disk errors, SMART warnings, timeouts in MinIO
logs, etc.), you can safely unmount the drive *if* the cluster has sufficient
remaining healthy drives to maintain
:ref:`read and write quorum <minio-ec-parity>`. Missing drives are less
disruptive to the deployment than drives that are reliably producing read and
write errors.
.. admonition:: MinIO Professional Support
:class: note
`MinIO SUBNET <https://min.io/pricing?jmp=docs>`__ users can
`log in <https://subnet.min.io/>`__ and create a new issue related to drive
or node failures. Coordination with MinIO Engineering via SUBNET can ensure
successful recovery operations of production MinIO deployments, including
root-cause analysis, and health diagnostics.
Community users can seek support on the `MinIO Community Slack
<https://minio.slack.com>`__. Community Support is best-effort only and has
no SLAs around responsiveness.
.. _minio-restore-hardware-failure-drive:
Drive Failure Recovery
----------------------
MinIO supports hot-swapping failed drives with new healthy drives. MinIO detects
and heals those drives without requiring any node or deployment-level restart.
MinIO healing occurs only on the replaced drive(s) and does not typically impact
deployment performance.
MinIO healing ensures consistency and correctness of all data restored onto the
drive. **Do not** attempt to manually recover or migrate data from the failed
drive onto the new healthy drive.
The following steps provide a more detailed walkthrough of drive replacement.
These steps assume a MinIO deployment where each node manages drives using
``/etc/fstab`` with per-drive labels as per the
:ref:`documented prerequisites <minio-installation>`.
1) Unmount the failed drive(s)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unmount each failed drive using ``umount``. For example, the following
command unmounts the drive at ``/dev/sdb``:
.. code-block:: shell
umount /dev/sdb
2) Replace the failed drive(s)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remove the failed drive(s) from the node hardware and replace it with known
healthy drive(s). Replacement drives *must* meet the following requirements:
- :ref:`XFS formatted <deploy-minio-distributed-prereqs-storage>` and empty.
- Same drive type (e.g. HDD, SSD, NVMe).
- Equal or greater performance.
- Equal or greater capacity.
Using a replacement drive with greater capacity does not increase the total
cluster storage. MinIO uses the *smallest* drive's capacity as the ceiling for
all drives in the :ref:`Server Pool <minio-intro-server-pool>`.
The following command formats a drive as XFS and assigns it a label to match
the failed drive.
.. code-block:: shell
mkfs.xfs /dev/sdb -L DISK1
MinIO **strongly recommends** using label-based mounting to ensure consistent
drive order that persists through system restarts.
3) Review and Update ``fstab``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Review the ``/etc/fstab`` file and update as needed such that the entry for
the failed disk points to the newly formatted replacement.
- If using label-based disk assignment, ensure that each label points to the
correct newly formatted disk.
- If using UUID-based disk assignment, update the UUID for each point based on
the newly formatted disk. You can use ``lsblk`` to view disk UUIDs.
For example, consider
.. code-block:: shell
$ cat /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
LABEL=DISK1 /mnt/disk1 xfs defaults,noatime 0 2
LABEL=DISK2 /mnt/disk2 xfs defaults,noatime 0 2
LABEL=DISK3 /mnt/disk3 xfs defaults,noatime 0 2
LABEL=DISK4 /mnt/disk4 xfs defaults,noatime 0 2
Given the previous example command, no changes are required to
``fstab`` since the replacement disk at ``/mnt/disk1`` uses the same
label ``DISK1`` as the failed disk.
4) Remount the Replaced Drive(s)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Use ``mount -a`` to remount the drives unmounted at the beginning of this
procedure:
.. code-block:: shell
:class: copyable
mount -a
The command should result in remounting of all of the replaced drives.
5) Monitor MinIO for Drive Detection and Healing Status
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Use :mc-cmd:`mc admin console` command *or* ``journalctl -u minio`` for
``systemd``-managed installations to monitor the server log output after
remounting drives. The output should include messages identifying each formatted
and empty drive.
Use :mc-cmd:`mc admin heal` to monitor the overall healing status on the
deployment. MinIO aggressively heals replaced drive(s) to ensure rapid recovery
from the degraded state.
6) Next Steps
~~~~~~~~~~~~~
Monitor the cluster for any further drive failures. Some drive batches may fail
in close proximity to each other. Deployments seeing higher than expected drive
failure rates should schedule dedicated maintenance around replacing the known
bad batch. Consider using `MinIO SUBNET <https://min.io/pricing?jmp=docs>`__ to
coordinate with MinIO engineering around guidance for any such operations.
.. _minio-restore-hardware-failure-node:
Node Failure Recovery
---------------------
If a MinIO node suffers complete hardware failure (e.g. loss of all drives,
data, etc.), the node begins healing operations once it rejoins the deployment.
MinIO healing occurs only on the replaced hardware and does not typically impact
deployment performance.
MinIO healing ensures consistency and correctness of all data restored onto the
drive. **Do not** attempt to manually recover or migrate data from the failed
node onto the new healthy node.
The replacement node hardware should be substantially similar to the failed
node. There are no negative performance implications to using improved hardware.
The replacement drive hardware should be substantially similar to the failed
drive. For example, replace a failed SSD with another SSD drive of the same
capacity. While you can use drives with larger capacity, MinIO uses the
*smallest* drive's capacity as the ceiling for all drives in the
:ref:`Server Pool <minio-intro-server-pool>`.
The following steps provide a more detailed walkthrough of node replacement.
These steps assume a MinIO deployment where each node has a DNS hostname
as per the :ref:`documented prerequisites <minio-installation>`.
1) Start the Replacement Node
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ensure the new node has received all necessary security, firmware, and OS
updates as per industry, regulatory, or organizational standards and
requirements.
The new node software configuration *must* match that of the other nodes in the
deployment, including but not limited to the OS and Kernel versions and
configurations. Heterogeneous software configurations may result in unexpected
or undesired behavior in the deployment.
2) Update Hostname for the New Node
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*Optional* This step is only required if the replacement node has a
different IP address from the failed host.
Ensure the hostname associated to the failed node now resolves to the new node.
For example, if ``https://minio-1.example.net`` previously resolved to the
failed host, it should now resolve to the new host.
3) Download and Prepare the MinIO Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Follow the :ref:`deployment procedure <minio-installation>` to download
and run the MinIO server using a matching configuration as all other nodes
in the deployment.
- The MinIO server version *must* match across all nodes
- The MinIO service and environment file configurations *must* match across
all nodes.
4) Rejoin the node to the deployment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Start the MinIO server process on the node and monitor the process output
using :mc-cmd:`mc admin console` or by monitoring the MinIO service logs
using ``journalctl -u minio`` for ``systemd`` managed installations.
The server output should indicate that it has detected the other nodes
in the deployment and begun healing operations.
Use :mc-cmd:`mc admin heal` to monitor overall healing status on the
deployment. MinIO aggressively heals the node to ensure rapid recovery
from the degraded state.
5) Next Steps
~~~~~~~~~~~~~
Continue monitoring the deployment until healing completes. Deployments with
persistent and repeated node failures should schedule dedicated maintenance to
identify the root cause. Consider using
`MinIO SUBNET <https://min.io/pricing?jmp=docs>`__ to coordinate with MinIO
engineering around guidance for any such operations.

179
source/monitoring/metrics-alerts/collect-minio-metrics-using-prometheus.rst
View File

@ -1,179 +0,0 @@
.. _minio-metrics-collect-using-prometheus:
======================================
Collect MinIO Metrics Using Prometheus
======================================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
MinIO leverages `Prometheus <https://prometheus.io/>`__ for metrics and alerts.
MinIO publishes Prometheus-compatible scraping endpoints for cluster and
node-level metrics. See :ref:`minio-metrics-and-alerts-endpoints` for more
information.
The procedure on this page documents scraping the MinIO metrics
endpoints using a Prometheus instance, including deploying and configuring
a simple Prometheus server for collecting metrics.
This procedure is not a replacement for the official
:prometheus-docs:`Prometheus Documentation <>`. Any specific guidance
related to configuring, deploying, and using Prometheus is made on a best-effort
basis.
Requirements
------------
Install and Configure ``mc`` with Access to the MinIO Cluster
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This procedure uses :mc:`mc` for performing operations on the MinIO
deployment. Install ``mc`` on a machine with network access to the
deployment. See the ``mc`` :ref:`Installation Quickstart <mc-install>` for
more complete instructions.
Prometheus Service
~~~~~~~~~~~~~~~~~~
This procedure provides instruction for deploying Prometheus for rapid local
evaluation and development. All other environments should have an existing
Prometheus or Prometheus-compatible service with access to the MinIO cluster.
Procedure
---------
1) Generate the Bearer Token
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MinIO by default requires authentication for requests made to the metrics
endpoints. While step is not required for MinIO deployments started with
:envvar:`MINIO_PROMETHEUS_AUTH_TYPE` set to ``"public"``, you can still use the
command output for retrieving a Prometheus ``scrape_configs`` entry.
Use the :mc-cmd:`mc admin prometheus generate` command to generate a
JWT bearer token for use by Prometheus in making authenticated scraping
requests:
.. code-block:: shell
:class: copyable
mc admin prometheus generate ALIAS
Replace :mc-cmd:`ALIAS <mc admin prometheus generate TARGET>` with the
:mc:`alias <mc alias>` of the MinIO deployment.
The command returns output similar to the following:
.. code-block:: yaml
:class: copyable
scrape_configs:
- job_name: minio-job
bearer_token: TOKEN
metrics_path: /minio/v2/metrics/cluster
scheme: https
static_configs:
- targets: [minio.example.net]
The ``targets`` array can contain the hostname for any node in the deployment.
For clusters with a load balancer managing connections between MinIO nodes,
specify the address of the load balancer.
Specify the output block to the
:prometheus-docs:`scrape_config
<prometheus/latest/configuration/configuration/#scrape_config>` section of
the Prometheus configuration.
2) Configure and Run Prometheus
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Follow the Prometheus :prometheus-docs:`Getting Started
<prometheus/latest/getting_started/#downloading-and-running-prometheus>` guide
to download and run Prometheus locally.
Append the ``scrape_configs`` job generated in the previous step to the
configuration file:
.. code-block:: yaml
:class: copyable
global:
scrape_interval: 15s
scrape_configs:
- job_name: minio-job
bearer_token: TOKEN
metrics_path: /minio/v2/metrics/cluster
scheme: https
static_configs:
- targets: [minio.example.net]
Start the Prometheus cluster using the configuration file:
.. code-block:: shell
:class: copyable
prometheus --config.file=prometheus.yaml
3) Analyze Collected Metrics
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Prometheus includes a
:prometheus-docs:`expression browser
<prometheus/latest/getting_started/#using-the-expression-browser>`. You can
execute queries here to analyze the collected metrics.
The following query examples return metrics collected by Prometheus:
.. code-block:: shell
:class: copyable
minio_cluster_disk_online_total{job="minio-job"}[5m]
minio_cluster_disk_offline_total{job="minio-job"}[5m]
minio_bucket_usage_object_total{job="minio-job"}[5m]
minio_cluster_capacity_usable_free_bytes{job="minio-job"}[5m]
See :ref:`minio-metrics-and-alerts-available-metrics` for a complete
list of published metrics.
4) Visualize Collected Metrics
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The :minio-git:`MinIO Console <console>` supports visualizing collected metrics
from Prometheus. Specify the URL of the Prometheus service to the
:envvar:`MINIO_PROMETHEUS_URL` environment variable to each MinIO server
in the deployment:
.. code-block:: shell
:class: copyable
export MINIO_PROMETHEUS_URL="https://prometheus.example.net"
If you set a custom ``job_name`` for the Prometheus scraping job, you must also
set :envvar:`MINIO_PROMETHEUS_JOB_ID` to match that job name.
Restart the deployment using :mc-cmd:`mc admin service restart` to apply the
changes.
The MinIO Console uses the metrics collected by the ``minio-job`` scraping
job to populate the Dashboard metrics:
.. image:: /images/minio-console/console-metrics.png
:width: 600px
:alt: MinIO Console displaying Prometheus-backed Monitoring Data
:align: center
MinIO also publishes a `Grafana Dashboard
<https://grafana.com/grafana/dashboards/13502>`_ for visualizing collected
metrics. For more complete documentation on configuring a Prometheus data source
for Grafana, see :prometheus-docs:`Grafana Support for Prometheus
<visualization/grafana/>`.
Prometheus includes a :prometheus-docs:`graphing interface
<prometheus/latest/getting_started/#using-the-graphing-interface>` for
visualizing collected metrics.

86
source/monitoring/monitoring-overview.rst
View File

@ -1,86 +0,0 @@
==========
Monitoring
==========
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
Metrics and Alerts
------------------
MinIO provides cluster and node-level metrics through `Prometheus
<https://prometheus.io/>`__-compatible scraping endpoints. Prometheus is an
Open-Source systems and service monitoring system which supports analyzing and
alerting based on collected metrics. The Prometheus ecosystem includes multiple
:prometheus-docs:`integrations <operating/integrations/>`, allowing wide
latitude in processing and storing collected metrics. You can alternatively use
any other Prometheus-compatible metrics scraping software.
- See :ref:`minio-metrics-and-alerts` for more complete documentation on
MinIO Metrics and Alerts.
- See :ref:`minio-metrics-collect-using-prometheus` for a tutorial on
configuring Prometheus for monitoring a MinIO deployment.
Logging
-------
MinIO publishes all :mc:`minio server` operations to the system console.
MinIO also supports publishing server logs and audit logs to an HTTP webhook.
- :ref:`Server logs <minio-logging-publish-server-logs>` contain the same
:mc:`minio server` operations logged to the system console. Server logs
support general monitoring and troubleshooting of operations.
- :ref:`Audit logs <minio-logging-publish-audit-logs>` are more granular
descriptions of each operation on the MinIO deployment. Audit logging
supports security standards and regulations which require detailed tracking
of operations.
MinIO publishes logs as a JSON document as a ``PUT`` request to each configured
endpoint. The endpoint server is responsible for processing each JSON document.
MinIO requires explicit configuration of each webhook endpoint and does *not*
publish logs to a webhook by default.
See :ref:`minio-logging` for more complete documentation.
Healthchecks
------------
MinIO exposes unauthenticated endpoints for probing node uptime and
cluster :ref:`high availability <minio-ec-parity>` for simple healthchecks.
These endpoints return only an HTTP status code. See
:ref:`minio-healthcheck-api` for more information.
Bucket Notifications
--------------------
MinIO supports publishing bucket or object events to the following supported
targets on certain supported events.
- :ref:`minio-bucket-notifications-publish-amqp`
- :ref:`minio-bucket-notifications-publish-mqtt`
- :ref:`minio-bucket-notifications-publish-nats`
- :ref:`minio-bucket-notifications-publish-nsq`
- :ref:`minio-bucket-notifications-publish-elasticsearch`
- :ref:`minio-bucket-notifications-publish-kafka`
- :ref:`minio-bucket-notifications-publish-mysql`
- :ref:`minio-bucket-notifications-publish-postgresql`
- :ref:`minio-bucket-notifications-publish-redis`
- :ref:`minio-bucket-notifications-publish-webhook`
See :ref:`minio-bucket-notifications`
for more complete documentation on MinIO Bucket Notifications.
.. toctree::
:titlesonly:
:hidden:
/monitoring/metrics-alerts/minio-metrics-and-alerts
/monitoring/logging/minio-logging
/monitoring/healthcheck-probe
/monitoring/bucket-notifications/bucket-notifications

60
source/object-retention/minio-object-retention.rst
View File

@ -1,60 +0,0 @@
.. _minio-object-retention:
======================
MinIO Object Retention
======================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
By default, each new write operation to a unique object name results in
overwriting that object. You can configure MinIO to instead create
:ref:`versions <minio-bucket-versioning>` of each object mutation, preserving
the full history of that object. MinIO also supports
:ref:`Write-Once Read-Many (WORM) locking <minio-object-locking>` versioned
objects to ensure complete immutability for a specified duration *or* until the
lock is explicitly lifted.
Both versioning and object locking features are available only with
:ref:`distributed MinIO deployments <minio-installation-comparison>`.
.. card:: Bucket Versioning
:link: minio-bucket-versioning
:link-type: ref
MinIO keeps each mutation to an object as a full "version" of that object.
.. image:: /images/retention/minio-versioning-multiple-versions.svg
:width: 600px
:alt: Bucket with multiple versions of an object
:align: center
Clients by default retrive the latest version of an object and can
explicitly list and retrieve any other version in the object's history.
.. card:: WORM Object Locking
:link: minio-object-locking
:link-type: ref
MinIO enforces Write-Once Read Many (WORM) immutability on versioned objects.
Clients cannot delete a WORM-locked object until the configured locking
rules expire or are explicitly lifted.
.. image:: /images/retention/minio-object-locking.svg
:width: 600px
:alt: Bucket with multiple versions of an object
:align: center
MinIO supports setting bucket-default or per-object WORM locking rules with
either duration-based or indefinite lock expirations. MinIO object locking is
feature-compatible with AWS S3 object locking.
.. toctree::
:titlesonly:
:hidden:
Object Versioning </object-retention/bucket-versioning>
Object Locking </object-retention/minio-object-locking>

26
source/operations/checklists.rst Normal file
View File

@ -0,0 +1,26 @@
=====================
Deployment Checklists
=====================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
The following checklists provide a high-level guideline for validating production-readiness of MinIO deployments.
These checklists may not meet the precise requirements of your unique deployment topology or architecture, and are intended as a best-effort guide to reliable production deployments.
|subnet| users can `log in <https://subnet.min.io/?ref=docs>`__ and create a new issue for pre-production deployment reviews.
Coordination with MinIO Engineering via SUBNET ensures end-to-end support for performant and reliable deployments.
Community users can seek support on the `MinIO Community Slack <https://minio.slack.com>`__.
Community Support is best-effort only and has no SLAs around responsiveness.
.. toctree::
:titlesonly:
:hidden:
:glob:
/operations/checklists/*

11
source/operations/checklists/hardware.rst Normal file
View File

@ -0,0 +1,11 @@
==================
Hardware Checklist
==================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
Stub - detail Hardware Checklist Items

11
source/operations/checklists/security.rst Normal file
View File

@ -0,0 +1,11 @@
==================
Security Checklist
==================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
Stub - detail Security checklist items

11
source/operations/checklists/software.rst Normal file
View File

@ -0,0 +1,11 @@
==================
Software Checklist
==================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
Stub - detail software checklist items

35
source/introduction/minio-overview.rst → source/operations/concepts.rst
View File

@ -1,16 +1,14 @@
============
Introduction
============
=========================
Core Operational Concepts
=========================
.. default-domain:: minio
MinIO is software-defined high performance object storage released under
`GNU Affero General Public License v3.0
<https://www.gnu.org/licenses/agpl-3.0.en.html>`__.
.. contents:: Table of Contents
:local:
:depth: 2
MinIO is API compatible with Amazon's S3 cloud storage service. Use MinIO to
build high performance infrastructure for machine learning, analytics and
application data workloads.
The following core concepts are fundamental to operation of MinIO deployments, including but not limited to installation and management of MinIO.
What Is Object Storage?
-----------------------
@ -126,23 +124,14 @@ Deployment Architecture
clusters consist of a *minimum* of 4 :mc:`minio server` nodes in a
Server Pool.
Deploying MinIO
---------------
Erasure Coding
--------------
.. list-table::
:stub-columns: 1
:widths: 40 60
:width: 100%
* - Baremetal
- :ref:`deploy-minio-distributed`
:ref:`expand-minio-distributed`
* - Kubernetes
- :docs-k8s:`MinIO Kubernetes Operator <>`
High-level blurb on Erasure Coding
.. toctree::
:titlesonly:
:hidden:
:glob:
/concepts/erasure-coding
/operations/concepts/*

6
source/concepts/erasure-coding.rst → source/operations/concepts/erasure-coding.rst
View File

@ -35,12 +35,6 @@ defaults to 4 parity blocks per object with tolerance for the loss of 4 drives
per erasure set. For more complete information on selecting erasure code parity,
see :ref:`minio-ec-parity`.
Erasure coding is a core requirement for the following MinIO features:
- :ref:`Object Versioning <minio-bucket-versioning>`
- :ref:`Server-Side Replication <minio-bucket-replication>`
- :ref:`Write-Once Read-Many Locking <minio-bucket-locking>`
Use the MinIO `Erasure Code Calculator
<https://min.io/product/erasure-code-calculator?ref=docs>`__ when planning and
designing your MinIO deployment to explore the effect of erasure code settings

69
source/operations/data-recovery.rst Normal file
View File

@ -0,0 +1,69 @@
.. _minio-restore-hardware-failure:
==============================
Recover after Hardware Failure
==============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
Distributed MinIO deployments rely on :ref:`Erasure Coding
<minio-erasure-coding>` to provide built-in tolerance for multiple disk or node
failures. Depending on the deployment topology and the selected erasure code
parity, MinIO can tolerate the loss of up to half the drives or nodes in the
deployment while maintaining read access ("read quorum") to objects.
The following table lists the typical types of failure in a MinIO deployment
and links to procedures for recovering from each:
.. list-table::
:header-rows: 1
:widths: 30 70
:width: 100%
* - Failure Type
- Description
* - :ref:`Drive Failure <minio-restore-hardware-failure-drive>`
- MinIO supports hot-swapping failed drives with new healthy drives.
* - :ref:`Node Failure <minio-restore-hardware-failure-node>`
- MinIO detects when a node rejoins the deployment and begins proactively healing the node shortly after it is joined back to the cluster healing data previously stored on that node.
* - :ref:`Site Failure <minio-restore-hardware-failure-site>`
- MinIO Site Replication supports complete resynchronization of buckets, objects, and replication-eligible configuration settings after total site loss.
Since MinIO can operate in a degraded state without significant performance
loss, administrators can schedule hardware replacement in proportion to the rate
of hardware failure. "Normal" failure rates (single drive or node failure) may
allow for a more reasonable replacement timeframe, while "critical" failure
rates (multiple drives or nodes) may require a faster response.
For nodes with one or more drives that are either partially failed or operating
in a degraded state (increasing disk errors, SMART warnings, timeouts in MinIO
logs, etc.), you can safely unmount the drive *if* the cluster has sufficient
remaining healthy drives to maintain
:ref:`read and write quorum <minio-ec-parity>`. Missing drives are less
disruptive to the deployment than drives that are reliably producing read and
write errors.
.. admonition:: MinIO Professional Support
:class: note
`MinIO SUBNET <https://min.io/pricing?jmp=docs>`__ users can
`log in <https://subnet.min.io/>`__ and create a new issue related to drive, node, or site failures.
Coordination with MinIO Engineering via SUBNET can ensure successful recovery operations of production MinIO deployments, including root-cause analysis, and health diagnostics.
Community users can seek support on the `MinIO Community Slack <https://minio.slack.com>`__.
Community Support is best-effort only and has no SLAs around responsiveness.
.. toctree::
:titlesonly:
:hidden:
/operations/data-recovery/recover-after-drive-failure
/operations/data-recovery/recover-after-node-failure
/operations/data-recovery/recover-after-site-failure

122
source/operations/data-recovery/recover-after-drive-failure.rst Normal file
View File

@ -0,0 +1,122 @@
.. _minio-restore-hardware-failure-drive:
======================
Drive Failure Recovery
======================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
MinIO supports hot-swapping failed drives with new healthy drives. MinIO detects
and heals those drives without requiring any node or deployment-level restart.
MinIO healing occurs only on the replaced drive(s) and does not typically impact
deployment performance.
MinIO healing ensures consistency and correctness of all data restored onto the
drive. **Do not** attempt to manually recover or migrate data from the failed
drive onto the new healthy drive.
The following steps provide a more detailed walkthrough of drive replacement.
These steps assume a MinIO deployment where each node manages drives using
``/etc/fstab`` with per-drive labels as per the
:ref:`documented prerequisites <minio-installation>`.
1) Unmount the failed drive(s)
------------------------------
Unmount each failed drive using ``umount``. For example, the following
command unmounts the drive at ``/dev/sdb``:
.. code-block:: shell
umount /dev/sdb
2) Replace the failed drive(s)
------------------------------
Remove the failed drive(s) from the node hardware and replace it with known
healthy drive(s). Replacement drives *must* meet the following requirements:
- :ref:`XFS formatted <deploy-minio-distributed-prereqs-storage>` and empty.
- Same drive type (e.g. HDD, SSD, NVMe).
- Equal or greater performance.
- Equal or greater capacity.
Using a replacement drive with greater capacity does not increase the total
cluster storage. MinIO uses the *smallest* drive's capacity as the ceiling for
all drives in the :ref:`Server Pool <minio-intro-server-pool>`.
The following command formats a drive as XFS and assigns it a label to match
the failed drive.
.. code-block:: shell
mkfs.xfs /dev/sdb -L DISK1
MinIO **strongly recommends** using label-based mounting to ensure consistent
drive order that persists through system restarts.
3) Review and Update ``fstab``
------------------------------
Review the ``/etc/fstab`` file and update as needed such that the entry for
the failed disk points to the newly formatted replacement.
- If using label-based disk assignment, ensure that each label points to the
correct newly formatted disk.
- If using UUID-based disk assignment, update the UUID for each point based on
the newly formatted disk. You can use ``lsblk`` to view disk UUIDs.
For example, consider
.. code-block:: shell
$ cat /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
LABEL=DISK1 /mnt/disk1 xfs defaults,noatime 0 2
LABEL=DISK2 /mnt/disk2 xfs defaults,noatime 0 2
LABEL=DISK3 /mnt/disk3 xfs defaults,noatime 0 2
LABEL=DISK4 /mnt/disk4 xfs defaults,noatime 0 2
Given the previous example command, no changes are required to
``fstab`` since the replacement disk at ``/mnt/disk1`` uses the same
label ``DISK1`` as the failed disk.
4) Remount the Replaced Drive(s)
--------------------------------
Use ``mount -a`` to remount the drives unmounted at the beginning of this
procedure:
.. code-block:: shell
:class: copyable
mount -a
The command should result in remounting of all of the replaced drives.
5) Monitor MinIO for Drive Detection and Healing Status
-------------------------------------------------------
Use :mc-cmd:`mc admin console` command *or* ``journalctl -u minio`` for
``systemd``-managed installations to monitor the server log output after
remounting drives. The output should include messages identifying each formatted
and empty drive.
Use :mc-cmd:`mc admin heal` to monitor the overall healing status on the
deployment. MinIO aggressively heals replaced drive(s) to ensure rapid recovery
from the degraded state.
6) Next Steps
-------------
Monitor the cluster for any further drive failures. Some drive batches may fail
in close proximity to each other. Deployments seeing higher than expected drive
failure rates should schedule dedicated maintenance around replacing the known
bad batch. Consider using `MinIO SUBNET <https://min.io/pricing?jmp=docs>`__ to
coordinate with MinIO engineering around guidance for any such operations.

90
source/operations/data-recovery/recover-after-node-failure.rst Normal file
View File

@ -0,0 +1,90 @@
.. _minio-restore-hardware-failure-node:
=====================
Node Failure Recovery
=====================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
If a MinIO node suffers complete hardware failure (e.g. loss of all drives,
data, etc.), the node begins healing operations once it rejoins the deployment.
MinIO healing occurs only on the replaced hardware and does not typically impact
deployment performance.
MinIO healing ensures consistency and correctness of all data restored onto the
drive. **Do not** attempt to manually recover or migrate data from the failed
node onto the new healthy node.
The replacement node hardware should be substantially similar to the failed
node. There are no negative performance implications to using improved hardware.
The replacement drive hardware should be substantially similar to the failed
drive. For example, replace a failed SSD with another SSD drive of the same
capacity. While you can use drives with larger capacity, MinIO uses the
*smallest* drive's capacity as the ceiling for all drives in the
:ref:`Server Pool <minio-intro-server-pool>`.
The following steps provide a more detailed walkthrough of node replacement.
These steps assume a MinIO deployment where each node has a DNS hostname
as per the :ref:`documented prerequisites <minio-installation>`.
1) Start the Replacement Node
-----------------------------
Ensure the new node has received all necessary security, firmware, and OS
updates as per industry, regulatory, or organizational standards and
requirements.
The new node software configuration *must* match that of the other nodes in the
deployment, including but not limited to the OS and Kernel versions and
configurations. Heterogeneous software configurations may result in unexpected
or undesired behavior in the deployment.
2) Update Hostname for the New Node
-----------------------------------
*Optional* This step is only required if the replacement node has a
different IP address from the failed host.
Ensure the hostname associated to the failed node now resolves to the new node.
For example, if ``https://minio-1.example.net`` previously resolved to the
failed host, it should now resolve to the new host.
3) Download and Prepare the MinIO Server
----------------------------------------
Follow the :ref:`deployment procedure <minio-installation>` to download
and run the MinIO server using a matching configuration as all other nodes
in the deployment.
- The MinIO server version *must* match across all nodes
- The MinIO service and environment file configurations *must* match across
all nodes.
4) Rejoin the node to the deployment
------------------------------------
Start the MinIO server process on the node and monitor the process output
using :mc-cmd:`mc admin console` or by monitoring the MinIO service logs
using ``journalctl -u minio`` for ``systemd`` managed installations.
The server output should indicate that it has detected the other nodes
in the deployment and begun healing operations.
Use :mc-cmd:`mc admin heal` to monitor overall healing status on the
deployment. MinIO aggressively heals the node to ensure rapid recovery
from the degraded state.
5) Next Steps
-------------
Continue monitoring the deployment until healing completes. Deployments with
persistent and repeated node failures should schedule dedicated maintenance to
identify the root cause. Consider using
`MinIO SUBNET <https://min.io/pricing?jmp=docs>`__ to coordinate with MinIO
engineering around guidance for any such operations.

13
source/operations/data-recovery/recover-after-site-failure.rst Normal file
View File

@ -0,0 +1,13 @@
.. _minio-restore-hardware-failure-site:
==========================
Recover after Site Failure
==========================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
ToDo- site replication recovery procedure

33
source/operations/deploy-manage-tenants.rst Normal file
View File

@ -0,0 +1,33 @@
.. _minio-installation:
===============================
Deploy and Manage MinIO Tenants
===============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
STUB - to be filled in
.. Following link is for K8s only
.. _deploy-minio-distributed-prereqs-storage:
Tenant Requirements
-------------------
STUB - to be filled in
.. toctree::
:titlesonly:
:hidden:
/operations/install-deploy-manage/deploy-minio-tenant.rst
/operations/install-deploy-manage/modify-minio-tenant.rst
/operations/install-deploy-manage/upgrade-minio-tenant.rst
/operations/install-deploy-manage/expand-minio-tenant.rst
/operations/install-deploy-manage/delete-minio-tenant.rst
/operations/install-deploy-manage/multi-site-replication.rst

163
source/security/ad-ldap-external-identity-management/external-authentication-with-ad-ldap-identity-provider.rst → source/operations/external-iam.rst
View File

@ -1,8 +1,8 @@
.. _minio-external-identity-management-ad-ldap:
.. _minio-external-identity-management:
====================================================
Active Directory / LDAP External Identity Management
====================================================
============================
External Identity Management
============================
.. default-domain:: minio
@ -10,23 +10,10 @@ Active Directory / LDAP External Identity Management
:local:
:depth: 2
Overview
--------
MinIO supports offloading identity management onto one of the following supported IDentity Providers (IDP):
MinIO supports using an Active Directory or LDAP (AD/LDAP) service for external
management of user identities. Configuring an external IDentity Provider (IDP)
enables Single-Sign On (SSO) workflows, where applications authenticate against
the external IDP before accessing MinIO.
MinIO by default denies access to all actions or resources not explicitly
allowed by a user's assigned or inherited :ref:`policies <minio-policy>`. Users
managed by an AD/LDAP provider must specify the necessary policies as part of
the user profile data. See :ref:`Access Control for AD/LDAP Managed Identities
<minio-external-identity-management-ad-ldap-access-control>` for more
information.
See :ref:`minio-authenticate-using-ad-ldap-generic` for instructions on enabling
external identity management using an AD/LDAP service.
- :ref:`OpenID Connect <minio-external-iam-oidc>`
- :ref:`Active Directory / LDAP <minio-external-iam-ad-ldap>`
.. admonition:: MinIO Supports At Most One Configured IDentity Provider
:class: important
@ -41,43 +28,68 @@ external identity management using an AD/LDAP service.
exists, the MinIO server is effectively inaccessible outside of using the
:ref:`root <minio-users-root>` user.
Authentication and Authorization Flow
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. _minio-external-iam-oidc:
The login flow for an application using Active Directory / LDAP
credentials is as follows:
OpenID Connect (OIDC)
---------------------
1. Specify the AD/LDAP credentials to the MinIO Security Token Service (STS)
:ref:`minio-sts-assumerolewithldapidentity` API endpoint.
MinIO supports using an OpenID Connect (OIDC) compatible IDentity Provider (IDP)
such as Okta, KeyCloak, Dex, Google, or Facebook for external management of user
identities. Configuring an external :abbr:`IDP (IDentity Provider)` enables
Single-Sign On workflows, where applications authenticate against the external
:abbr:`IDP (IDentity Provider)` before accessing MinIO.
2. MinIO verifies the provided credentials against the AD/LDAP server.
MinIO uses :ref:`Policy Based Access Control (PBAC) <minio-access-management>`
to define the actions and resources to which an authenticated user has access.
MinIO supports creating and managing :ref:`policies <minio-policy>` which an
externally managed user can claim.
3. MinIO checks for any :ref:`policy <minio-policy>` whose name matches the
user Distinguished Name (DN) and assigns that policy to the authenticated
user.
For identities managed by the external OpenID Connect (OIDC) compatible
provider, MinIO uses a `JSON Web Token claim
<https://datatracker.ietf.org/doc/html/rfc7519#section-4>`__ to identify the
:ref:`policy <minio-policy>` to assign to the authenticated user.
If configured to perform group queries, MinIO also queries for a list of
AD/LDAP groups in which the user has membership. MinIO checks for any policy
whose name matches a returned group DN and assigns that
policy to the authenticated user.
4. MinIO returns temporary credentials in the STS API response in the form of an
access key, secret key, and session token. The credentials have permissions
matching those policies whose name matches either the authenticated user DN
*or* a group DN.
See :ref:`minio-external-identity-management-openid-access-control` for more information on mapping MinIO policies to an OIDC-managed identity.
MinIO provides an example Go application
:minio-git:`ldap.go <minio/blob/master/docs/sts/ldap.go>` that handles the
full login flow.
MinIO by default looks for a ``policy`` claim and reads a list of one or more
policies to assign. MinIO attempts to match existing policies to those
specified in the JWT claim. If none of the specified policies exist on the MinIO
deployment, MinIO denies authorization for any and all operations issued
by that user. For example, consider a claim with the following key-value
assignment:
AD/LDAP users can alternatively create :ref:`service accounts <minio-idp-service-account>` associated to their AD/LDAP user Distinguished Name. Service accounts are long-lived credentials which inherit their privileges from the parent user. The parent user can further restrict those privileges while creating the service account. Use either of the following methods to create a new service account
.. code-block:: shell
- Log into the :ref:`MinIO Console <minio-console>` using the AD/LDAP-managed user credentials. From the :guilabel:`Identity` section of the left navigation, select :guilabel:`Service Accounts` followed by the :guilabel:`Create service account +` button.
policy="readwrite_data,read_analytics,read_logs"
- Use the :mc-cmd:`mc admin user svcacct add` command to create the service account. Specify the user Distinguished Name as the username to which to associate the service account.
The specified policy claim directs MinIO to attach the policies with names
matching ``readwrite_data``, ``read_analytics``, and ``read_logs`` to the
authenticated user.
You can set a custom policy claim using the
:envvar:`MINIO_IDENTITY_OPENID_CLAIM_NAME` environment variable
*or* by using :mc-cmd:`mc admin config set` to set the
:mc-conf:`identity_openid claim_name <identity_openid.claim_name>` setting.
You can use a `JWT Debugging tool <https://jwt.io/>`__ to decode the returned
JWT token and validate that the user attributes include the specified claim. See
`RFC 7519: JWT Claim
<https://datatracker.ietf.org/doc/html/rfc7519#section-4>`__ for more
information on JWT claims. Defer to the documentation for your preferred OIDC
provider for instructions on configuring user claims.
.. _minio-external-iam-ad-ldap:
Active Directory / LDAP
-----------------------
MinIO supports using an Active Directory or LDAP (AD/LDAP) service for external
management of user identities. Configuring an external IDentity Provider (IDP)
enables Single-Sign On (SSO) workflows, where applications authenticate against
the external IDP before accessing MinIO.
Querying the Active Directory / LDAP Service
--------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MinIO queries the configured Active Directory / LDAP server to verify the
credentials specified by the application and optionally return a list of groups
@ -97,7 +109,7 @@ for backwards compatibility only.
.. _minio-external-identity-management-ad-ldap-lookup-bind:
Lookup-Bind Mode
~~~~~~~~~~~~~~~~
++++++++++++++++
In Lookup-Bind mode, MinIO uses a read-only AD/LDAP account with the minimum
privileges required to authenticate to the AD/LDAP server and perform user and
@ -138,7 +150,7 @@ Lookup-Bind is incompatible and mutually exclusive with
.. _minio-external-identity-management-ad-ldap-username-bind:
Username-Bind Mode
~~~~~~~~~~~~~~~~~~
++++++++++++++++++
In Username-Bind mode, MinIO uses the AD/LDAP credentials provided by the client
attempting authentication to login to the AD/LDAP server and perform and group
@ -171,8 +183,8 @@ Username-bind is incompatible and mutually exclusive with
.. _minio-external-identity-management-ad-ldap-access-control:
Access Control for Externally Managed Identities
------------------------------------------------
Access Control for AD/LDAP-Managed Identities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MinIO uses :ref:`Policy Based Access Control (PBAC) <minio-access-management>`
to define the actions and resources to which an authenticated user has access.
@ -186,25 +198,6 @@ are explicitly associated to that user's Distinguished Name (DN).
Specifically, the policy must be assigned to a user with a matching DN
using the :mc-cmd:`mc admin policy set` command.
For example, consider the following policy assignments:
.. code-block:: shell
mc admin policy set --consoleAdmin user='cn=sisko,cn=users,dc=example,dc=com'
mc admin policy set --readwrite,diagnostics user='cn=dax,cn=users,dc=example,dc=com'
- MinIO would assign an authenticated user with DN matching
``cn=sisko,cn=users,dc=example,dc=com`` the :userpolicy:`consoleAdmin`
policy, granting complete access to the MinIO server.
- MinIO would assign an authenticated user with DN matching
``cn=dax,cn=users,dc=example,dc=com`` both the :userpolicy:`readwrite` and
:userpolicy:`diagnostics` policies, granting general read/write access to the
MinIO server *and* access to diagnostic administrative operations.
- MinIO would assign no policies to an authenticated user with DN matching
``cn=quark,cn=users,dc=example,dc=com`` and deny all access to API operations.
MinIO also supports querying for the user's AD/LDAP group membership. MinIO
attempts to match existing policies to the DN for each of the user's groups. The
authenticated users complete set of permissions consists of its explicitly
@ -221,29 +214,9 @@ control. You can create new policies using the :mc:`mc admin policy` command.
.. _minio-external-identity-management-ad-ldap-access-control-group-lookup:
Group Lookup
~~~~~~~~~~~~
++++++++++++
MinIO supports querying the Active Directory / LDAP server for a list of
groups in which the authenticated user has membership. MinIO
attempts to match existing :ref:`policies <minio-policy>` to each group
DN and assigns each matching policy to the authenticated user.
For example, consider the following policy assignments:
.. code-block:: shell
mc admin policy set --consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'
mc admin policy set --diagnostics group='cn=engineering,cn=groups,dc=example,dc=com'
- MinIO would assign any authenticating user with membership in the
``cn=ops,cn=groups,dc=example,dc=com`` AD/LDAP group the
:userpolicy:`consoleAdmin` policy, granting complete access to the MinIO
server.
- MinIO would assign any authenticating user with membership in the
``cn=engineering,cn=groups,dc=example,dc=com`` AD/LDAP group the
:userpolicy:`diagnostics` policy, granting access to diagnostic administrative
operations.
MinIO supports querying the Active Directory / LDAP server for a list of groups in which the authenticated user has membership. MinIO attempts to match existing :ref:`policies <minio-policy>` to each group DN and assigns each matching policy to the authenticated user.
The following tabs provide a reference of the environment variables and
configuration settings required for enabling group lookups:
@ -271,11 +244,7 @@ configuration settings required for enabling group lookups:
:ref:`minio-authenticate-using-ad-ldap-generic` tutorial includes complete
instructions on setting these variables.
.. toctree::
:titlesonly:
:hidden:
/security/ad-ldap-external-identity-management/configure-ad-ldap-external-identity-management.rst
/security/ad-ldap-external-identity-management/AssumeRoleWithLDAPIdentity.rst
:glob:
/operations/external-iam/*

0
source/security/ad-ldap-external-identity-management/configure-ad-ldap-external-identity-management.rst → source/operations/external-iam/configure-ad-ldap-external-identity-management.rst
View File

0
source/security/openid-external-identity-management/configure-openid-external-identity-management.rst → source/operations/external-iam/configure-openid-external-identity-management.rst
View File

2
source/installation/decommission-pool.rst → source/operations/install-deploy-manage/decommission-server-pool.rst
View File

@ -332,7 +332,7 @@ out of scope for this procedure.
Issue the following commands on each node **simultaneously** in the deployment
to restart the MinIO service:
.. include:: /includes/common-installation.rst
.. include:: /includes/linux/common-installation.rst
:start-after: start-install-minio-restart-service-desc
:end-before: end-install-minio-restart-service-desc

14
source/operations/install-deploy-manage/delete-minio-tenant.rst Normal file
View File

@ -0,0 +1,14 @@
.. _minio-k8s-delete-minio-tenant:
=====================
Delete a MinIO Tenant
=====================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
Stub: TODO

48
source/installation/deploy-minio-distributed.rst → source/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.rst
View File

@ -1,8 +1,8 @@
.. _deploy-minio-distributed:
================================
Deploy MinIO in Distributed Mode
================================
====================================
Deploy MinIO: Multi-Node Multi-Drive
====================================
.. default-domain:: minio
@ -191,19 +191,21 @@ capacity around specific erasure code settings.
Recommended Operating Systems
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This tutorial assumes all hosts running MinIO use a
:ref:`recommended Linux operating system <minio-installation-platform-support>`
such as RHEL8+ or Ubuntu 18.04+.
.. cond:: linux
For other operating systems such as Windows or OSX, visit
`https://min.io/download <https://min.io/download?ref=docs>`__ and select the
tab associated to your operating system. Follow the displayed instructions to
install the MinIO server binary on each node. Defer to the OS best practices for
starting MinIO as a service (e.g. not attached to the terminal/shell session).
This tutorial assumes all hosts running MinIO use a
:ref:`recommended Linux operating system <minio-installation-platform-support>`
such as RHEL8+ or Ubuntu 18.04+.
Support for running MinIO in distributed mode on Windows hosts is
**experimental**. Contact MinIO at hello@min.io if your infrastructure requires
deployment onto Windows hosts.
.. cond:: macos
This tutorial assumes all hosts running MinIO use a non-EOL macOS version (10.14+).
.. cond:: Windows
This tutorial assumes all hosts running MinIO use a non-EOL Windows distribution.
Support for running distributed MinIO deployments on Windows is *experimental*.
Pre-Existing Data
~~~~~~~~~~~~~~~~~
@ -234,14 +236,22 @@ procedure.
1) Install the MinIO Binary on Each Node
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. include:: /includes/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc
.. cond:: linux
.. include:: /includes/linux/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc
.. cond:: macos
.. include:: /includes/macos/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc
2) Create the ``systemd`` Service File
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. include:: /includes/common-installation.rst
.. include:: /includes/linux/common-installation.rst
:start-after: start-install-minio-systemd-desc
:end-before: end-install-minio-systemd-desc
@ -336,7 +346,7 @@ environment variables with the same values for each variable.
Issue the following commands on each node in the deployment to start the
MinIO service:
.. include:: /includes/common-installation.rst
.. include:: /includes/linux/common-installation.rst
:start-after: start-install-minio-start-service-desc
:end-before: end-install-minio-start-service-desc

370
source/operations/install-deploy-manage/deploy-minio-single-node-multi-drive.rst Normal file
View File

@ -0,0 +1,370 @@
=====================================
Deploy MinIO: Single-Node Multi-Drive
=====================================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
The procedures on this page cover deploying MinIO in :guilabel:`Standalone Mode` with multiple local volumes or folders.
This deployment supports and enables :ref:`erasure coding <minio-erasure-coding>` and its dependent features.
For extended development or production environments, *or* to access :ref:`advanced MinIO functionality <minio-installation-comparison>` deploy MinIO in :guilabel:`Distributed Mode`.
See :ref:`deploy-minio-distributed` for more information.
Prerequisites
-------------
.. _deploy-minio-standalone-multidrive:
Local JBOD Storage with Sequential Mounts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. |deployment| replace:: deployment
.. include:: /includes/common-installation.rst
:start-after: start-local-jbod-single-node-desc
:end-before: end-local-jbod-single-node-desc
.. admonition:: Network File System Volumes Break Consistency Guarantees
:class: note
MinIO's strict **read-after-write** and **list-after-write** consistency
model requires local disk filesystems.
MinIO cannot provide consistency guarantees if the underlying storage
volumes are NFS or a similar network-attached storage volume.
For deployments that *require* using network-attached storage, use
NFSv4 for best results.
Deploy Standalone Multi-Drive MinIO
-----------------------------------
The following procedure deploys MinIO in :guilabel:`Standalone Mode` consisting
of a single MinIO server and a single drive or storage volume. Standalone
deployments are best suited for evaluation and initial development environments.
.. admonition:: Network File System Volumes Break Consistency Guarantees
:class: note
MinIO's strict **read-after-write** and **list-after-write** consistency
model requires local disk filesystems (``xfs``, ``ext4``, etc.).
MinIO cannot provide consistency guarantees if the underlying storage
volumes are NFS or a similar network-attached storage volume.
For deployments that *require* using network-attached storage, use
NFSv4 for best results.
1) Download the MinIO Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. cond:: linux
.. include:: /includes/linux/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc
.. cond:: macos
.. include:: /includes/macos/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc
2) Download and Run MinIO Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. cond:: linux
.. include:: /includes/linux/common-installation.rst
:start-after: start-run-minio-binary-desc
:end-before: end-run-minio-binary-desc
.. cond:: macos
.. include:: /includes/macos/common-installation.rst
:start-after: start-run-minio-binary-desc
:end-before: end-run-minio-binary-desc
3) Add TLS Certificates
~~~~~~~~~~~~~~~~~~~~~~~
MinIO supports enabling :ref:`Transport Layer Security (TLS) <minio-TLS>` 1.2+
automatically upon detecting a x.509 private key (``private.key``) and public
certificate (``public.crt``) in the MinIO ``certs`` directory:
.. cond:: linux
.. code-block:: shell
${HOME}/.minio/certs
.. cond:: macos
.. code-block:: shell
${HOME}/.minio/certs
.. cond:: windows
.. code-block:: shell
``%%USERPROFILE%%\.minio\certs``
You can override the certificate directory using the
:mc-cmd:`minio server --certs-dir` commandline argument.
4) Run the MinIO Server with Non-Default Credentials
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue the following command to start the :mc:`minio server` with non-default
credentials. The table following this command breaks down each portion of the
command:
.. code-block:: shell
:class: copyable
export MINIO_ROOT_USER=minio-admin
export MINIO_ROOT_PASSWORD=minio-secret-key-CHANGE-ME
#export MINIO_SERVER_URL=https://minio.example.net
minio server /mnt/disk-{1...4} --console-address ":9090"
The example command breaks down as follows:
.. list-table::
:widths: 40 60
:width: 100%
* - :envvar:`MINIO_ROOT_USER`
- The access key for the :ref:`root <minio-users-root>` user.
Replace this value with a unique, random, and long string.
* - :envvar:`MINIO_ROOT_PASSWORD`
- The corresponding secret key to use for the
:ref:`root <minio-users-root>` user.
Replace this value with a unique, random, and long string.
* - :envvar:`MINIO_SERVER_URL`
- The URL hostname the MinIO Console uses for connecting to the MinIO
server. This variable is *required* if specifying TLS certificates
which **do not** contain the IP address of the MinIO Server host
as a :rfc:`Subject Alternative Name <5280#section-4.2.1.6>`.
Specify a hostname covered by one of the TLS certificate SAN entries.
You may specify other :ref:`environment variables
<minio-server-environment-variables>` as required by your deployment.
5) Open the MinIO Console
~~~~~~~~~~~~~~~~~~~~~~~~~
Open your browser to the DNS name or IP address corresponding to the
container and the :ref:`MinIO Console <minio-console>` port. For example,
``https://127.0.0.1:9090``.
Log in with the :guilabel:`MINIO_ROOT_USER` and :guilabel:`MINIO_ROOT_PASSWORD`
from the previous step.
.. image:: /images/minio-console/minio-console.png
:width: 600px
:alt: MinIO Console Dashboard displaying Monitoring Data
:align: center
You can use the MinIO Console for general administration tasks like
Identity and Access Management, Metrics and Log Monitoring, or
Server Configuration. Each MinIO server includes its own embedded MinIO
Console.
Applications should use the ``https://HOST-ADDRESS:9000`` to perform S3
operations against the MinIO server.
.. _deploy-minio-standalone-multidrive-container:
Deploy Standalone Multi-Drive MinIO in a Container
--------------------------------------------------
The following procedure deploys a single MinIO container with multiple drives.
The procedure uses `Podman <https://podman.io/>`__ for running the MinIO
container in rootfull mode. Configuring for rootless mode is out of scope for
this procedure.
.. admonition:: Network File System Volumes Break Consistency Guarantees
:class: note
MinIO's strict **read-after-write** and **list-after-write** consistency
model requires local disk filesystems (``xfs``, ``ext4``, etc.).
MinIO cannot provide consistency guarantees if the underlying storage
volumes are NFS or a similar network-attached storage volume.
For deployments that *require* using network-attached storage, use
NFSv4 for best results.
1) Create a Configuration File to store Environment Variables
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MinIO reads configuration values from environment variables. MinIO supports
reading these environment variables from ``/run/secrets/config.env``. Save
the ``config.env`` file as a :podman-docs:`Podman secret <secret.html>` and
specify it as part of running the container.
Create a file ``config.env`` using your preferred text editor and enter the
following environment variables:
.. code-block:: shell
:class: copyable
export MINIO_ROOT_USER=minio-admin
export MINIO_ROOT_PASSWORD=minio-secret-key-CHANGE-ME
#export MINIO_SERVER_URL=https://minio.example.net
Create the Podman secret using the ``config.env`` file:
.. code-block:: shell
:class: copyable
sudo podman secret create config.env config.env
The following table details each environment variable set in ``config.env``:
.. list-table::
:widths: 40 60
:width: 100%
* - :envvar:`MINIO_ROOT_USER`
- The access key for the :ref:`root <minio-users-root>` user.
Replace this value with a unique, random, and long string.
* - :envvar:`MINIO_ROOT_PASSWORD`
- The corresponding secret key to use for the
:ref:`root <minio-users-root>` user.
Replace this value with a unique, random, and long string.
* - :envvar:`MINIO_SERVER_URL`
- The URL hostname the MinIO Console uses for connecting to the MinIO
server. This variable is *required* if specifying TLS certificates
which **do not** contain the IP address of the MinIO Server host
as a :rfc:`Subject Alternative Name <5280#section-4.2.1.6>`.
Specify a hostname covered by one of the TLS certificate SAN entries.
You may specify other :ref:`environment variables
<minio-server-environment-variables>` as required by your deployment.
2) Add TLS Certificates
~~~~~~~~~~~~~~~~~~~~~~~
MinIO supports enabling :ref:`Transport Layer Security (TLS) <minio-TLS>` 1.2+
automatically upon detecting a x.509 private key (``private.key``) and public
certificate (``public.crt``) in the MinIO ``certs`` directory:
Create a Podman secret pointing to the x.509
``private.key`` and ``public.crt`` to use for the container.
.. code-block:: shell
:class: copyable
sudo podman secret create private.key /path/to/private.key
sudo podman secret create public.crt /path/to/public.crt
You can optionally skip this step to deploy without TLS enabled. MinIO
strongly recommends *against* non-TLS deployments outside of early development.
3) Run the MinIO Container
~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue the following command to start the MinIO server in a container:
.. code-block:: shell
:class: copyable
sudo podman run -p 9000:9000 -p 9090:9090 \
-v /mnt/disk-1:/mnt/disk-1 \
-v /mnt/disk-2:/mnt/disk-2 \
-v /mnt/disk-3:/mnt/disk-3 \
-v /mnt/disk-4:/mnt/disk-4 \
--secret private.key \
--secret public.crt \
--secret config.env \
minio/minio server /mnt/disk-{1...4} \
--console-address ":9090" \
--certs-dir "/run/secrets/"
The example command breaks down as follows:
.. list-table::
:widths: 40 60
:width: 100%
* - ``-p 9000:9000, -p 9090:9090``
- Exposes the container internal port ``9000`` and ``9090`` through
the node port ``9000`` and ``9090`` respectively.
Port ``9000`` is the default MinIO server listen port.
Port ``9090`` is the :ref:`MinIO Console <minio-console>` listen port
specified by the ``--console-address`` argument.
* - ``-v /mnt/disk-n:/mnt/disk-n``
- Mounts a local volume to the container at the specified path.
The ``/mnt/disk-{1...4}`` uses MinIO expansion notation to denote a sequential series of drives between 1 and 4 inclusive.
* - ``--secret ...``
- Mounts a secret to the container. The specified secrets correspond to
the following:
- The x.509 private and public key the MinIO server process uses for
enabling TLS.
- The ``config.env`` file from which MinIO looks for configuration
environment variables.
* - ``/data``
- The path to the container volume in which the ``minio`` server stores
all information related to the deployment.
See :mc-cmd:`minio server DIRECTORIES` for more information on
configuring the backing storage for the :mc:`minio server` process.
* - ``--console-address ":9090"``
- The static port on which the embedded MinIO Console listens for incoming
connections.
Omit to allow MinIO to select a dynamic port for the MinIO Console.
With dynamic port selection, browsers opening the root node hostname
``https://minio1.example.com:9000`` are automatically redirected to the
Console.
* - ``--cert /run/secrets/``
- Directs the MinIO server to use the ``/run/secrets/`` folder for
retrieving x.509 certificates to use for enabling TLS.
4) Open the MinIO Console
~~~~~~~~~~~~~~~~~~~~~~~~~
Open your browser to the DNS name or IP address corresponding to the
container and the :ref:`MinIO Console <minio-console>` port. For example,
``https://127.0.0.1:9090``.
Log in with the :guilabel:`MINIO_ROOT_USER` and :guilabel:`MINIO_ROOT_PASSWORD`
from the previous step.
.. image:: /images/minio-console/minio-console.png
:width: 600px
:alt: MinIO Console Dashboard displaying Monitoring Data
:align: center
You can use the MinIO Console for general administration tasks like
Identity and Access Management, Metrics and Log Monitoring, or
Server Configuration. Each MinIO server includes its own embedded MinIO
Console.
Applications should use the ``https://HOST-ADDRESS:9000`` to perform S3
operations against the MinIO server.

141
source/installation/deploy-minio-single-node-single-drive.rst → source/operations/install-deploy-manage/deploy-minio-single-node-single-drive.rst
View File

@ -1,6 +1,6 @@
========================================
Deploy MinIO as Single-Node Single-Drive
========================================
======================================
Deploy MinIO: Single-Node Single-Drive
======================================
.. default-domain:: minio
@ -67,77 +67,102 @@ The following procedure deploys MinIO consisting of a single MinIO server and a
For deployments that *require* using network-attached storage, use
NFSv4 for best results.
1) Download the MinIO Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1) Download and Run MinIO Server
.. cond:: linux
.. include:: /includes/linux/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc
.. cond:: macos
.. include:: /includes/macos/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc
2) Download and Run MinIO Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Visit `https://min.io/download <https://min.io/download?ref=docs>`__ and select
the tab most relevant to your use case. Follow the displayed instructions to
download the :mc:`minio` binary to your local machine. The example instructions
use the ``/data`` folder by default. You can create or change this folder
as necessary for your deployment. The :mc:`minio` process must have
full access to the specified folder *and* all of its subfolders.
.. cond:: linux
The :mc:`minio server` process prints its output to the system console, similar
to the following:
.. include:: /includes/linux/common-installation.rst
:start-after: start-run-minio-binary-desc
:end-before: end-run-minio-binary-desc
.. code-block:: shell
.. cond:: macos
API: http://192.0.2.10:9000 http://127.0.0.1:9000
RootUser: minioadmin
RootPass: minioadmin
.. include:: /includes/macos/common-installation.rst
:start-after: start-run-minio-binary-desc
:end-before: end-run-minio-binary-desc
Console: http://192.0.2.10:9001 http://127.0.0.1:9001
RootUser: minioadmin
RootPass: minioadmin
Command-line: https://docs.min.io/docs/minio-client-quickstart-guide
$ mc alias set myminio http://192.0.2.10:9000 minioadmin minioadmin
Documentation: https://docs.min.io
WARNING: Detected default credentials 'minioadmin:minioadmin', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables
Open your browser to any of the listed :guilabel:`Console` addresses to open the
:ref:`MinIO Console <minio-console>` and log in with the :guilabel:`RootUser`
and :guilabel:`RootPass`. You can use the MinIO Console for performing
administration on the MinIO server.
For applications, use the :guilabel:`API` addresses to access the MinIO
server and perform S3 operations.
The following steps are optional but recommended for further securing the
MinIO deployment.
2) Add TLS Certificates
3) Add TLS Certificates
~~~~~~~~~~~~~~~~~~~~~~~
MinIO supports enabling :ref:`Transport Layer Security (TLS) <minio-TLS>` 1.2+
automatically upon detecting a x.509 private key (``private.key``) and public
certificate (``public.crt``) in the MinIO ``certs`` directory:
- For Linux/MacOS: ``${HOME}/.minio/certs``
.. cond:: linux
- For Windows: ``%%USERPROFILE%%\.minio\certs``
.. code-block:: shell
${HOME}/.minio/certs
.. cond:: macos
.. code-block:: shell
${HOME}/.minio/certs
.. cond:: windows
.. code-block:: shell
``%%USERPROFILE%%\.minio\certs``
You can override the certificate directory using the
:mc-cmd:`minio server --certs-dir` commandline argument.
3) Run the MinIO Server with Non-Default Credentials
4) Run the MinIO Server with Non-Default Credentials
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue the following command to start the :mc:`minio server` with non-default
credentials. The table following this command breaks down each portion of the
command:
.. code-block:: shell
:class: copyable
.. cond:: linux
export MINIO_ROOT_USER=minio-admin
export MINIO_ROOT_PASSWORD=minio-secret-key-CHANGE-ME
#export MINIO_SERVER_URL=https://minio.example.net
.. code-block:: shell
:class: copyable
minio server /data --console-address ":9001"
export MINIO_ROOT_USER=minio-admin
export MINIO_ROOT_PASSWORD=minio-secret-key-CHANGE-ME
#export MINIO_SERVER_URL=https://minio.example.net
minio server /data --console-address ":9090"
.. cond:: macos
.. code-block:: shell
:class: copyable
export MINIO_ROOT_USER=minio-admin
export MINIO_ROOT_PASSWORD=minio-secret-key-CHANGE-ME
#export MINIO_SERVER_URL=https://minio.example.net
minio server /data --console-address ":9090"
.. cond:: windows
.. code-block:: powershell
:class: copyable
PS C:\minio> MINIO_ROOT_USER = 'minio-admin'
PS C:\minio> MINIO_ROOT_PASSWORD = 'minio-secret-key-CHANGE-ME'
PS C:\minio> MINIO_SERVER_URL = 'https://minio.example.net'
The example command breaks down as follows:
@ -173,7 +198,7 @@ The example command breaks down as follows:
:ref:`minio-erasure-coding`. Any other application accessing that
directory can read and modify stored objects.
* - ``--console-address ":9001"``
* - ``--console-address ":9090"``
- The static port on which the embedded MinIO Console listens for incoming
connections.
@ -185,12 +210,12 @@ The example command breaks down as follows:
You may specify other :ref:`environment variables
<minio-server-environment-variables>` as required by your deployment.
4) Open the MinIO Console
5) Open the MinIO Console
~~~~~~~~~~~~~~~~~~~~~~~~~
Open your browser to the DNS name or IP address corresponding to the
container and the :ref:`MinIO Console <minio-console>` port. For example,
``https://127.0.0.1:9001``.
``https://127.0.0.1:9090``.
Log in with the :guilabel:`MINIO_ROOT_USER` and :guilabel:`MINIO_ROOT_PASSWORD`
from the previous step.
@ -312,13 +337,13 @@ Issue the following command to start the MinIO server in a container:
.. code-block:: shell
:class: copyable
sudo podman run -p 9000:9000 -p 9001:9001 \
sudo podman run -p 9000:9000 -p 9090:9090 \
-v /data:/data \
--secret private.key \
--secret public.crt \
--secret config.env \
minio/minio server /data \
--console-address ":9001" \
--console-address ":9090" \
--certs-dir "/run/secrets/"
The example command breaks down as follows:
@ -327,13 +352,13 @@ The example command breaks down as follows:
:widths: 40 60
:width: 100%
* - ``-p 9000:9000, -p 9001:9001``
- Exposes the container internal port ``9000`` and ``9001`` through
the node port ``9000`` and ``9001`` respectively.
* - ``-p 9000:9000, -p 9090:9090``
- Exposes the container internal port ``9000`` and ``9090`` through
the node port ``9000`` and ``9090`` respectively.
Port ``9000`` is the default MinIO server listen port.
Port ``9001`` is the :ref:`MinIO Console <minio-console>` listen port
Port ``9090`` is the :ref:`MinIO Console <minio-console>` listen port
specified by the ``--console-address`` argument.
* - ``-v /data:/data``
@ -356,7 +381,7 @@ The example command breaks down as follows:
See :mc-cmd:`minio server DIRECTORIES` for more information on
configuring the backing storage for the :mc:`minio server` process.
* - ``--console-address ":9001"``
* - ``--console-address ":9090"``
- The static port on which the embedded MinIO Console listens for incoming
connections.
@ -374,7 +399,7 @@ The example command breaks down as follows:
Open your browser to the DNS name or IP address corresponding to the
container and the :ref:`MinIO Console <minio-console>` port. For example,
``https://127.0.0.1:9001``.
``https://127.0.0.1:9090``.
Log in with the :guilabel:`MINIO_ROOT_USER` and :guilabel:`MINIO_ROOT_PASSWORD`
from the previous step.

18
source/operations/install-deploy-manage/deploy-minio-tenant.rst Normal file
View File

@ -0,0 +1,18 @@
.. _minio-k8s-deploy-minio-tenant:
.. The following label handles links from content to distributed MinIO in K8s context
.. _deploy-minio-distributed:
=====================
Deploy a MinIO Tenant
=====================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
Stub: TODO

19
source/installation/expand-minio-distributed.rst → source/operations/install-deploy-manage/expand-minio-deployment.rst
View File

@ -253,9 +253,17 @@ procedure.
1) Install the MinIO Binary on Each Node in the New Server Pool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. include:: /includes/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc
.. cond:: linux
.. include:: /includes/linux/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc
.. cond:: macos
.. include:: /includes/macos/common-installation.rst
:start-after: start-install-minio-binary-desc
:end-before: end-install-minio-binary-desc
2) Add TLS/SSL Certificates
~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -264,11 +272,10 @@ procedure.
:start-after: start-install-minio-tls-desc
:end-before: end-install-minio-tls-desc
3) Create the ``systemd`` Service File
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. include:: /includes/common-installation.rst
.. include:: /includes/linux/common-installation.rst
:start-after: start-install-minio-systemd-desc
:end-before: end-install-minio-systemd-desc
@ -384,7 +391,7 @@ environment variables with the matching values.
Issue the following commands on each node **simultaneously** in the deployment
to restart the MinIO service:
.. include:: /includes/common-installation.rst
.. include:: /includes/linux/common-installation.rst
:start-after: start-install-minio-restart-service-desc
:end-before: end-install-minio-restart-service-desc

14
source/operations/install-deploy-manage/expand-minio-tenant.rst Normal file
View File

@ -0,0 +1,14 @@
.. _minio-k8s-expand-minio-tenant:
=====================
Expand a MinIO Tenant
=====================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
Stub: TODO

22
source/operations/install-deploy-manage/modify-minio-tenant.rst Normal file
View File

@ -0,0 +1,22 @@
.. _minio-k8s-modify-minio-tenant:
=====================
Modify a MinIO Tenant
=====================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 1
Stub: TODO
.. Following link is intended for K8s only
.. _minio-decommissioning:
Decommission a Tenant Server Pool
---------------------------------
STUB: ToDo

Some files were not shown because too many files have changed in this diff Show More