minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

DOCS-580: Fixing reported issues with Vault tutorial (#591)

Browse Source 
@djwfyi cursory review in case I missed something.

Closes #580 

I do need to do further testing beyond the patches here. But I'm going
to handle that out-of-band.
This commit is contained in:
Ravind Kumar
2022-09-30 17:47:12 -04:00
committed by GitHub
parent ce1a843a62
commit d5d3243413
21 changed files with 61 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
source/includes/linux/common-minio-kes.rst
View File

@ -31,7 +31,7 @@ Create the ``/etc/systemd/system/kes.service`` file on all KES hosts:
You may need to run ``systemctl daemon-reload`` to load the new service file into ``systemctl``.
The ``kes.service`` file runs as the ``kes-user`` User and Group by default.
The ``kes.service`` file runs as the ``kes`` User and Group by default.
You can create the user and group using the ``useradd`` and ``groupadd`` commands.
The following example creates the user and group.
These commands typically require root (``sudo``) permissions.
@ -39,17 +39,16 @@ These commands typically require root (``sudo``) permissions.
.. code-block:: shell
:class: copyable
groupadd -r kes-user
useradd -M -r -g kes-user kes-user
groupadd -r kes
useradd -M -r -g kes kes
The ``kes-user`` user and group must have read access to all files used by the KES service:
The ``kes`` user and group must have read access to all files used by the KES service:
.. code-block:: shell
:class: copyable
:substitutions:
chown -R kes-user:kes-user /opt/kes
chown -R kes-user:kes-user /etc/kes
chown -R kes:kes /opt/kes
.. end-kes-service-file-desc
@ -107,10 +106,10 @@ This procedure assumes a structure similar to the following:
-rw-r--r-- 1 minio-user:minio-user |miniocertpath|/kes-server.cert
# For the KES Hosts
-rw-r--r-- 1 kes-user:kes-user |kescertpath|/kes-server.cert
-rw-r--r-- 1 kes-user:kes-user |kescertpath|/kes-server.key
-rw-r--r-- 1 kes:kes |kescertpath|/kes-server.cert
-rw-r--r-- 1 kes:kes |kescertpath|/kes-server.key
If the KES certificates are self-signed *or* signed by Certificate Authority (CA) that is *not* globally trusted, you **must** add the CA certificate to the |miniocertpath|/certs directory such that each MinIO server can properly validate the KES certificates.
If the KES certificates are self-signed *or* signed by Certificate Authority (CA) that is *not* globally trusted, you **must** add the CA certificate to the |miniocertpath| directory such that each MinIO server can properly validate the KES certificates.
.. end-kes-generate-kes-certs-prod-desc

2
source/includes/linux/steps-configure-minio-kes-aws-quick.rst
View File

@ -52,7 +52,7 @@ a. Create the KES Configuration File
:class: copyable
:substitutions:
kes tool identity of |miniocertpath|/minio-kes.cert
kes identity of |miniocertpath|/minio-kes.cert
- Replace the ``REGION`` with the appropriate region for AWS Secrets Manager.
The value **must** match for both ``endpoint`` and ``region``.

2
source/includes/linux/steps-configure-minio-kes-aws.rst
View File

@ -58,7 +58,7 @@ a. Create the KES Configuration File
:class: copyable
:substitutions:
kes tool identity of |miniocertpath|/minio-kes.cert
kes identity of |miniocertpath|/minio-kes.cert
- Replace the ``REGION`` with the appropriate region for AWS Secrets Manager.
The value **must** match for both ``endpoint`` and ``region``.

2
source/includes/linux/steps-configure-minio-kes-azure-quick.rst
View File

@ -52,7 +52,7 @@ a. Create the KES Configuration File
:class: copyable
:substitutions:
kes tool identity of |miniocertpath|/minio-kes.cert
kes identity of |miniocertpath|/minio-kes.cert
- Replace the ``endpoint`` with the URL for the Keyvault instance.

2
source/includes/linux/steps-configure-minio-kes-azure.rst
View File

@ -58,7 +58,7 @@ a. Create the KES Configuration File
:class: copyable
:substitutions:
kes tool identity of |miniocertpath|/minio-kes.cert
kes identity of |miniocertpath|/minio-kes.cert
- Replace the ``endpoint`` with the URL for the Keyvault instance.

2
source/includes/linux/steps-configure-minio-kes-gcp-quick.rst
View File

@ -52,7 +52,7 @@ a. Create the KES Configuration File
:class: copyable
:substitutions:
kes tool identity of |miniocertpath|/minio-kes.cert
kes identity of |miniocertpath|/minio-kes.cert
- Set ``GCPPROJECTID`` to the GCP project for the Secrets Manager instance KES should use.

2
source/includes/linux/steps-configure-minio-kes-gcp.rst
View File

@ -58,7 +58,7 @@ a. Create the KES Configuration File
:class: copyable
:substitutions:
kes tool identity of |miniocertpath|/minio-kes.cert
kes identity of |miniocertpath|/minio-kes.cert
- Set ``GCPPROJECTID`` to the GCP project for the Secrets Manager instance KES should use.

4
source/includes/linux/steps-configure-minio-kes-hashicorp-quick.rst
View File

@ -56,10 +56,10 @@ a. Create the KES Configuration File
:class: copyable
:substitutions:
kes tool identity of |miniocertpath|/minio-kes.cert
kes identity of |miniocertpath|/minio-kes.cert
- Replace the ``vault.endpoint`` with the hostname of the Vault server(s).
- Set the ``vault.engine`` and ``vault.version`` to the appropriate values for the Vault K/V Engine configuration
- Replace the ``VAULTAPPID`` and ``VAULTAPPSECRET`` with the appropriate :ref:`Vault AppRole credentials <minio-sse-vault-prereq-vault>`.
b. Create the MinIO Environment File

4
source/includes/linux/steps-configure-minio-kes-hashicorp.rst
View File

@ -48,7 +48,7 @@ a. Create the KES Configuration File
.. code-block:: shell
:substitutions:
nano /etc/kes/config.yaml
nano /opt/kes/config.yaml
.. include:: /includes/common/common-minio-kes-hashicorp.rst
:start-after: start-kes-configuration-hashicorp-vault-desc
@ -62,7 +62,7 @@ a. Create the KES Configuration File
:class: copyable
:substitutions:
kes tool identity of |miniocertpath|/minio-kes.cert
kes identity of |miniocertpath|/minio-kes.cert
- Replace the ``vault.endpoint`` with the hostname of the Vault server(s).