From f2b64d3ae6710dc1da8e3d4b7fd0ba60e401ef93 Mon Sep 17 00:00:00 2001 From: ravindk89 Date: Wed, 22 Sep 2021 20:00:26 -0400 Subject: [PATCH] DOCS-386: Update replication docs for multi-site replication --- source/_static/css/main.css | 3 +- source/_static/css/main.min.css | 2 +- .../active-active-multi-replication.svg | 1 + .../active-active-twoway-replication.svg | 1 + .../active-passive-oneway-replication.svg | 1 + .../minio-cli/minio-mc/mc-replicate.rst | 227 ++++----- ...ver-side-multi-site-bucket-replication.rst | 464 ++++++++++++++++++ ...server-side-one-way-bucket-replication.rst | 22 +- ...server-side-two-way-bucket-replication.rst | 60 ++- source/replication/replication-overview.rst | 15 +- 10 files changed, 637 insertions(+), 159 deletions(-) create mode 100644 source/images/replication/active-active-multi-replication.svg create mode 100644 source/images/replication/active-active-twoway-replication.svg create mode 100644 source/images/replication/active-passive-oneway-replication.svg create mode 100644 source/replication/enable-server-side-multi-site-bucket-replication.rst diff --git a/source/_static/css/main.css b/source/_static/css/main.css index 3f4a2ccb..fd9f2d0e 100644 --- a/source/_static/css/main.css +++ b/source/_static/css/main.css @@ -47,8 +47,7 @@ a { abbr[title] { border-bottom: none; text-decoration: underline; - -webkit-text-decoration: underline dotted; - text-decoration: underline dotted; } + text-decoration: underline dotted; } b, strong { diff --git a/source/_static/css/main.min.css b/source/_static/css/main.min.css index 77e3f322..1ce28c0d 100644 --- a/source/_static/css/main.min.css +++ b/source/_static/css/main.min.css @@ -1 +1 @@ -:root{--sd-color-tabs-label-active:#C72C48;--sd-color-tabs-label-inactive:rgba(199, 44, 72, 0.5);--sd-color-tabs-overline:rgba(199, 44, 72, 0.5);--sd-color-tabs-underline:rgba(199, 44, 72, 0.25)}@font-face{font-family:Mark;src:url(../fonts/Mark-Regular.woff2) format("woff2"),url(../fonts/Mark-Regular.woff) format("woff");font-weight:400;font-style:normal}@font-face{font-family:Mark;src:url(../fonts/Mark-Medium.woff2) format("woff2"),url(../fonts/Mark-Medium.woff) format("woff");font-weight:500;font-style:normal}html{line-height:1.35;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:.9em}a{background-color:transparent;text-decoration:none}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:700}code,kbd,samp{font-family:monospace,monospace;font-size:.9em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button[disabled]{cursor:default}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{-webkit-box-sizing:border-box;box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{-webkit-box-sizing:border-box;box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details{display:block}summary{display:list-item}template{display:none}[hidden]{display:none}address{font-style:normal;color:inherit;margin:0}*{-webkit-box-sizing:border-box;box-sizing:border-box;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}:active,:focus{outline:0}html{font-size:16px}body{all:unset;font-family:Mark,sans-serif;font-size:1rem;line-height:1.5;color:#4b4b4b;background-color:#f9f9f9;font-weight:400;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}a{color:#0045ec;text-decoration:none}a:hover{color:#0036b9;text-decoration:none}a>img.anchor{-webkit-box-shadow:none;box-shadow:none;height:1rem}a.reference{text-decoration:none;border-bottom:none}h1,h2,h3,h4,h5,h6{color:#1c1c1c;position:relative}h1>.toc-backref,h2>.toc-backref,h3>.toc-backref,h4>.toc-backref,h5>.toc-backref,h6>.toc-backref{color:#1c1c1c}h1>.headerlink,h2>.headerlink,h3>.headerlink,h4>.headerlink,h5>.headerlink,h6>.headerlink{position:absolute;left:-1.5rem;top:0;opacity:.5}h1>.headerlink:hover,h2>.headerlink:hover,h3>.headerlink:hover,h4>.headerlink:hover,h5>.headerlink:hover,h6>.headerlink:hover{background-color:transparent;opacity:1}dl>dt{font-weight:700}li dl.simple{font-weight:400}li dl.simple dt{font-weight:400}li dl.simple dd{margin-left:0}div.admonition{margin-top:0;padding:10px 20px;background:rgba(0,0,0,.01);border:none;border-left:4px solid grey}div.admonition>p.admonition-title{font-weight:700;font-family:Mark,sans-serif;font-size:1rem}div.admonition.warning{background-color:#fff2f2;border:none;border-left:4px solid #e54253}div.admonition.important{background-color:#fff9e6;border:none;border-left:4px solid #edbc39}div.admonition.note{background-color:#edf9ff;border:none;border-left:4px solid #2592ef}dl{margin:10px 0 10px 0}dl.minio{margin:10px 0 10px 0}div.footer{width:auto;margin:0}.align-default{text-align:left}table.docutils{border:none;box-shadow:none;-webkit-box-shadow:none;-moz-box-shadow:none}table.docutils>tbody tr th.stub{border:none;border-bottom:1px solid #e6e6e6;color:#c72c48;font-size:.9rem}table.docutils>thead tr th{border:none;border-bottom:1px solid #e6e6e6;font-size:1rem;color:#c72c48;font-size:.9rem}table.docutils>tbody tr td{border:none;border-bottom:1px solid #e6e6e6}table.docutils>tbody tr td>p{font-size:.9rem}.sphinx-tabs-tab{color:rgba(0,0,0,.5);background:0 0;border:none;padding:0 20px 10px 20px}.sphinx-tabs-tab[aria-selected=true]{color:#c72c48;font-weight:700;border-bottom:.15em solid #c72c48;pointer-events:none}button.toggle-button{width:1.25em;height:1.25em}button.toggle-button.toggle-button-hidden:before{left:-7em}button.toggle-button>.bar{width:14px;left:13%}.xref{color:#c72c48}.content__main img{-webkit-box-shadow:0 0 5px #d3d3d3;box-shadow:0 0 5px #d3d3d3}ul.simple li{margin:0 0 10px 0}video{display:block;margin-left:auto;margin-right:auto}.content{overflow-y:auto;overflow-x:hidden;-ms-flex-wrap:nowrap;flex-wrap:nowrap;height:calc(100vh - 5rem)}@media (min-width:992px){.content{display:-webkit-box;display:-ms-flexbox;display:flex}}.content__main{-webkit-box-flex:1;-ms-flex:1;flex:1;min-width:0;background-color:#fff;-ms-flex-item-align:start;align-self:flex-start;padding:1.75rem}@media (min-width:1200px){.content__main{padding-left:20.75rem;-webkit-transition:padding-left .3s;transition:padding-left .3s;will-change:padding-left}}.sidebar-toggled .content__main{padding-left:1.75rem}@media (min-width:992px){.content__aside{-ms-flex-negative:0;flex-shrink:0;position:sticky;top:0;-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}}.content__right{position:sticky;top:0;overflow:scroll}:root{--nav-text-color:#000000;--nav-item-border-color:#000000;--nav-item-arrow:url(../img/icons/nav-arrow.svg);--nav-toggle-hover-border-color:#000000;--nav-bg-gray:#f8f8f8;--header-bg:#ffffff}.header{height:5rem;background-color:#fff;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-shadow:0 0 .75rem rgba(0,0,0,.1);box-shadow:0 0 .75rem rgba(0,0,0,.1);width:100%;z-index:10;-ms-flex-negative:0;flex-shrink:0;display:flex;align-items:center;padding:0 1.25rem}.logo{-ms-flex-negative:0;flex-shrink:0;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;margin-left:.75rem}.logo>img{height:1.05rem;-webkit-box-shadow:none;box-shadow:none}.nav{z-index:1;-webkit-transition:opacity .3s,-webkit-transform .3s;transition:opacity .3s,-webkit-transform .3s;transition:opacity .3s,transform .3s;transition:opacity .3s,transform .3s,-webkit-transform .3s;margin-left:auto;font-size:.9375rem}@media (min-width:992px){.nav{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}}@media (max-width:991px){.nav{height:100vh;width:300px;position:fixed;right:0;top:0;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-transform:translate3d(300px,0,0);transform:translate3d(300px,0,0);opacity:0;-webkit-box-shadow:0 0 10px rgba(0,0,0,.1);box-shadow:0 0 10px rgba(0,0,0,.1);overflow-y:auto;background-color:#fff;padding-top:2.5rem}}.nav>.toggle-icon{position:absolute;top:.7rem;right:.7rem}@media (min-width:992px){.nav>.toggle-icon{display:none}}@media (max-width:991px){.nav-toggled .nav{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0);opacity:1;z-index:100}}.nav__item:hover .nav__dropdown,.nav__item:hover~.nav__dropdown--product{opacity:1;pointer-events:auto}.nav__item:hover .nav__link--dropdown>span:before{opacity:0}@media (min-width:992px){.nav__item .nav__link{margin-right:.75rem;background:var(--nav-item-arrow) no-repeat top 2.45rem right .25rem}.nav__item .nav__link:after{opacity:0;pointer-events:none;-webkit-box-sizing:border-box;box-sizing:border-box;left:50%;margin-left:-3px;content:"";width:0;height:0;border-style:solid;border-width:0 6px 4px;border-color:transparent transparent #fff;position:absolute;bottom:1rem;-webkit-transition:opacity .2s;transition:opacity .2s;z-index:2}.nav__item:hover .nav__link:after{opacity:1}}.nav__link{position:relative}.nav__link,.nav__link:hover{color:var(--nav-text-color)}@media (min-width:992px){.nav__link{padding:0 1.25rem;margin-left:.25rem;cursor:pointer}.nav__link:not(.nav__link--download){height:5rem;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.nav__link>span{position:relative}.nav__link>span:before{height:1px;width:100%;background-color:var(--nav-item-border-color);position:absolute;bottom:-8px;left:0;content:"";-webkit-transform:translateY(5px);transform:translateY(5px);opacity:0;-webkit-transition:opacity .3s,-webkit-transform .3s;transition:opacity .3s,-webkit-transform .3s;transition:opacity .3s,transform .3s;transition:opacity .3s,transform .3s,-webkit-transform .3s}.nav__link:not(.nav__link--dropdown):hover>span:before{-webkit-transform:translateY(0);transform:translateY(0);opacity:1}}@media (max-width:991px){.nav__link{font-weight:500;color:#000}.nav__link>span{display:block;padding:.5rem 1.5rem}}.nav__link--active>span:before{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}.nav__link--download{border:1px solid #c72c48;-webkit-transition:background-color .3s,color .3s;transition:background-color .3s,color .3s;border-radius:.1875rem;padding:.5rem 1.25rem .6rem}.nav__link--download:hover{background-color:#c72c48;color:#fff}@media (max-width:991px){.nav__link--download{margin:1.5rem;text-align:center;padding:.5rem 1rem;display:block}}@media (min-width:992px){.nav__dropdown{width:385px;-webkit-transform:translateX(calc(-50% + 3rem));transform:translateX(calc(-50% + 3rem));position:absolute;left:0;top:4rem;opacity:0;-webkit-transition:opacity .2s;transition:opacity .2s;pointer-events:none;border-radius:.3125rem;overflow:hidden;-webkit-box-shadow:0 .0625rem 1.25rem rgba(0,0,0,.13);box-shadow:0 .0625rem 1.25rem rgba(0,0,0,.13);background-color:#fff;z-index:1}.nav__dropdown .nav__dropdown__inner{padding:1.5rem;max-height:calc(100vh - 5rem);overflow-y:auto;border-radius:.3125rem}}@media (max-width:991px){.nav__dropdown .nav__dropdown__inner{background-color:var(--nav-bg-gray);padding:.5rem .8rem;margin-bottom:1rem}}@media (min-width:992px){.nav__dropdown--product{width:calc(100% - 3.5rem);max-width:1200px;-webkit-transform:translateX(0);transform:translateX(0);left:auto;right:1.75rem}.nav__dropdown--product:hover{opacity:1;pointer-events:auto}.nav__dropdown--product .nav__dropdown__inner{padding:2.5rem 2.25rem}}.nav__sub{padding:.6rem .75rem;font-weight:500;color:#000;border-radius:.1875rem}@media (max-width:991px){.nav__sub{font-size:.85rem;font-weight:400}}.nav__sub,.nav__sub>small{display:block}.nav__sub>small{color:#4b4b4b;font-weight:400;font-size:.8rem;opacity:.75;margin-top:.25rem}@media (max-width:991px){.nav__sub>small{display:none}}.nav__sub:hover{background-color:var(--nav-bg-gray);color:#000}@media (min-width:992px){.nav__feature{display:-webkit-box;display:-ms-flexbox;display:flex}}@media (min-width:992px){.nav__column{padding:0 1rem}.nav__column:not(:first-child){-webkit-box-flex:1;-ms-flex:1;flex:1}.nav__column:first-child>.nav__sub{margin-top:1rem}}.nav__column__title{text-transform:uppercase;font-size:.6rem;padding-left:.75rem;margin-bottom:.5rem;line-height:100%}@media (max-width:991px){.nav__column__title{margin-top:1rem}}.nav__lead{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.nav__lead,.nav__lead:hover{color:#000}.nav__lead>img{width:30px;-ms-flex-negative:0;flex-shrink:0;margin-right:.75rem}@media (max-width:991px){.nav__lead>img{display:none}}@media (min-width:992px){.nav__jump{padding-left:2.6rem;margin-top:-.2rem}.nav__jump>a{font-weight:400;display:block;font-size:.8rem;margin-top:.5rem}.nav__jump>a,.nav__jump>a:hover{color:#000}.nav__jump>a:hover{text-decoration:underline}}@media (max-width:991px){.nav__jump{display:none}}.nav__seperator{border-left:1px solid var(--nav-bg-gray);margin:0 1rem}@media (max-width:991px){.nav__seperator{display:none}}.toggle-icon{width:2.5rem;height:2.5rem;cursor:pointer;border-radius:.1875rem;-webkit-transition:background-color .3s;transition:background-color .3s;-ms-flex-negative:0;flex-shrink:0;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;flex-shrink:0;background-repeat:no-repeat;background-position:center}.toggle-icon:hover{background-color:rgba(199,44,72,.075)}[data-toggle=nav]{margin-left:auto}@media (min-width:992px){[data-toggle=nav]{display:none}}.sidebar{width:19rem;position:fixed;left:0;top:0;background-color:#f9f9f9;-webkit-transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,transform .3s;transition:opacity .4s,transform .3s,-webkit-transform .3s;padding:2.75rem 1.75rem 1rem 1.75rem;overflow-y:auto;height:100%;z-index:9}@media (min-width:1200px){.sidebar{padding-top:6.75rem}}@media (max-width:1199px){.sidebar{-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0);z-index:11}}.sidebar>.toggle-icon{position:absolute;top:.7rem;right:.15rem}@media (min-width:1200px){.sidebar>.toggle-icon{display:none}}@media (min-width:1200px){.sidebar-toggled .sidebar{-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0);opacity:0;pointer-events:none}}@media (max-width:1199px){.sidebar-toggled .sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0);opacity:1;pointer-events:all;-webkit-box-shadow:.25rem 0 .75rem rgba(0,0,0,.1);box-shadow:.25rem 0 .75rem rgba(0,0,0,.1)}}.sidebar__title{margin:-.25rem 0 1.5rem;line-height:100%}.sidebar__title>a{line-height:100%;color:#1c1c1c;font-size:.9rem;text-transform:uppercase;font-weight:500}.sidebar__title>a:hover{color:#1c1c1c}.search{margin-bottom:.8rem}.search__text{-webkit-appearance:none;-moz-appearance:none;appearance:none;border:1px solid #f0f0f0;height:2.65rem;background-color:#fff;color:#555;font-size:.85rem;width:100%;padding:0 1rem .1rem 2.6rem;background:url(../img/icons/search.svg) no-repeat center left 1rem;background-color:#fff;border-radius:.1875rem}.search__text:focus{border-color:#cacaca}.docs{margin-right:-.65rem}.docs ul{list-style:none;padding:0;margin:.5rem 0 .5rem 0;font-size:.9rem}.docs ul>li{margin:.5rem 0 .5rem 0}.docs ul>li>a,.docs ul>li>a>code{all:unset}.docs ul>li>a:hover{border:0;cursor:pointer}.docs ul>li.active>a{color:#c72c48;font-weight:500}.docs ul>li.active-parent>a{color:#494949;font-weight:500}.docs ul>li>ul>li{margin:.5rem 0 .5rem .5rem;font-size:.85rem}#localtoc{font-size:.8rem}#table-of-contents{background:0 0;border-style:none;padding:1.75rem 1.75rem 1.15rem 1.75rem;margin:0}@media (min-width:992px){#table-of-contents{width:13rem}}#table-of-contents .topic-title{margin:0;font-weight:500;color:#000}#table-of-contents ul{list-style:none;margin:10px 0 10px 0}#table-of-contents ul>li{list-style:none;margin:10px 0 10px 0}#table-of-contents ul>li>p a.reference{text-decoration:none;border-bottom:none;color:#1c1c1c}#table-of-contents ul>li>ul{margin:10px 0 10px 10px}.toggle-icon--docs{background-image:url(../img/icons/docs.svg)}.toggle-icon--menu{background-image:url(../img/icons/menu.svg)}.toggle-icon--close{background-image:url(../img/icons/close-circle.svg)}.toggle-icon--toc{background-image:url(../img/icons/toc.svg)}.scrollbar{scrollbar-color:transparent transparent;scrollbar-width:thin}.scrollbar:hover{scrollbar-color:#ddd transparent}.scrollbar:hover::-webkit-scrollbar-thumb{background-color:#ddd}.scrollbar::-webkit-scrollbar{width:12px}.scrollbar::-webkit-scrollbar-track{background-color:transparent}.scrollbar::-webkit-scrollbar-thumb{background-color:transparent;border-radius:1rem;border:3px solid transparent;background-clip:content-box}.scrollbar::-webkit-scrollbar-thumb:hover{background-color:#cecece} \ No newline at end of file +:root{--sd-color-tabs-label-active:#C72C48;--sd-color-tabs-label-inactive:rgba(199, 44, 72, 0.5);--sd-color-tabs-overline:rgba(199, 44, 72, 0.5);--sd-color-tabs-underline:rgba(199, 44, 72, 0.25)}@font-face{font-family:Mark;src:url(../fonts/Mark-Regular.woff2) format("woff2"),url(../fonts/Mark-Regular.woff) format("woff");font-weight:400;font-style:normal}@font-face{font-family:Mark;src:url(../fonts/Mark-Medium.woff2) format("woff2"),url(../fonts/Mark-Medium.woff) format("woff");font-weight:500;font-style:normal}html{line-height:1.35;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:.9em}a{background-color:transparent;text-decoration:none}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:700}code,kbd,samp{font-family:monospace,monospace;font-size:.9em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button[disabled]{cursor:default}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{-webkit-box-sizing:border-box;box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{-webkit-box-sizing:border-box;box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details{display:block}summary{display:list-item}template{display:none}[hidden]{display:none}address{font-style:normal;color:inherit;margin:0}*{-webkit-box-sizing:border-box;box-sizing:border-box;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}:active,:focus{outline:0}html{font-size:16px}body{all:unset;font-family:Mark,sans-serif;font-size:1rem;line-height:1.5;color:#4b4b4b;background-color:#f9f9f9;font-weight:400;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}a{color:#0045ec;text-decoration:none}a:hover{color:#0036b9;text-decoration:none}a>img.anchor{-webkit-box-shadow:none;box-shadow:none;height:1rem}a.reference{text-decoration:none;border-bottom:none}h1,h2,h3,h4,h5,h6{color:#1c1c1c;position:relative}h1>.toc-backref,h2>.toc-backref,h3>.toc-backref,h4>.toc-backref,h5>.toc-backref,h6>.toc-backref{color:#1c1c1c}h1>.headerlink,h2>.headerlink,h3>.headerlink,h4>.headerlink,h5>.headerlink,h6>.headerlink{position:absolute;left:-1.5rem;top:0;opacity:.5}h1>.headerlink:hover,h2>.headerlink:hover,h3>.headerlink:hover,h4>.headerlink:hover,h5>.headerlink:hover,h6>.headerlink:hover{background-color:transparent;opacity:1}dl>dt{font-weight:700}li dl.simple{font-weight:400}li dl.simple dt{font-weight:400}li dl.simple dd{margin-left:0}div.admonition{margin-top:0;padding:10px 20px;background:rgba(0,0,0,.01);border:none;border-left:4px solid grey}div.admonition>p.admonition-title{font-weight:700;font-family:Mark,sans-serif;font-size:1rem}div.admonition.warning{background-color:#fff2f2;border:none;border-left:4px solid #e54253}div.admonition.important{background-color:#fff9e6;border:none;border-left:4px solid #edbc39}div.admonition.note{background-color:#edf9ff;border:none;border-left:4px solid #2592ef}dl{margin:10px 0 10px 0}dl.minio{margin:10px 0 10px 0}div.footer{width:auto;margin:0}.align-default{text-align:left}table.docutils{border:none;box-shadow:none;-webkit-box-shadow:none;-moz-box-shadow:none}table.docutils>tbody tr th.stub{border:none;border-bottom:1px solid #e6e6e6;color:#c72c48;font-size:.9rem}table.docutils>thead tr th{border:none;border-bottom:1px solid #e6e6e6;font-size:1rem;color:#c72c48;font-size:.9rem}table.docutils>tbody tr td{border:none;border-bottom:1px solid #e6e6e6}table.docutils>tbody tr td>p{font-size:.9rem}.sphinx-tabs-tab{color:rgba(0,0,0,.5);background:0 0;border:none;padding:0 20px 10px 20px}.sphinx-tabs-tab[aria-selected=true]{color:#c72c48;font-weight:700;border-bottom:.15em solid #c72c48;pointer-events:none}button.toggle-button{width:1.25em;height:1.25em}button.toggle-button.toggle-button-hidden:before{left:-7em}button.toggle-button>.bar{width:14px;left:13%}.xref{color:#c72c48}.content__main img{-webkit-box-shadow:0 0 5px #d3d3d3;box-shadow:0 0 5px #d3d3d3}ul.simple li{margin:0 0 10px 0}video{display:block;margin-left:auto;margin-right:auto}.content{overflow-y:auto;overflow-x:hidden;-ms-flex-wrap:nowrap;flex-wrap:nowrap;height:calc(100vh - 5rem)}@media (min-width:992px){.content{display:-webkit-box;display:-ms-flexbox;display:flex}}.content__main{-webkit-box-flex:1;-ms-flex:1;flex:1;min-width:0;background-color:#fff;-ms-flex-item-align:start;align-self:flex-start;padding:1.75rem}@media (min-width:1200px){.content__main{padding-left:20.75rem;-webkit-transition:padding-left .3s;transition:padding-left .3s;will-change:padding-left}}.sidebar-toggled .content__main{padding-left:1.75rem}@media (min-width:992px){.content__aside{-ms-flex-negative:0;flex-shrink:0;position:sticky;top:0;-webkit-box-ordinal-group:3;-ms-flex-order:2;order:2}}.content__right{position:sticky;top:0;overflow:scroll}:root{--nav-text-color:#000000;--nav-item-border-color:#000000;--nav-item-arrow:url(../img/icons/nav-arrow.svg);--nav-toggle-hover-border-color:#000000;--nav-bg-gray:#f8f8f8;--header-bg:#ffffff}.header{height:5rem;background-color:#fff;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-shadow:0 0 .75rem rgba(0,0,0,.1);box-shadow:0 0 .75rem rgba(0,0,0,.1);width:100%;z-index:10;-ms-flex-negative:0;flex-shrink:0;display:flex;align-items:center;padding:0 1.25rem}.logo{-ms-flex-negative:0;flex-shrink:0;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex;margin-left:.75rem}.logo>img{height:1.05rem;-webkit-box-shadow:none;box-shadow:none}.nav{z-index:1;-webkit-transition:opacity .3s,-webkit-transform .3s;transition:opacity .3s,-webkit-transform .3s;transition:opacity .3s,transform .3s;transition:opacity .3s,transform .3s,-webkit-transform .3s;margin-left:auto;font-size:.9375rem}@media (min-width:992px){.nav{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}}@media (max-width:991px){.nav{height:100vh;width:300px;position:fixed;right:0;top:0;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;-webkit-transform:translate3d(300px,0,0);transform:translate3d(300px,0,0);opacity:0;-webkit-box-shadow:0 0 10px rgba(0,0,0,.1);box-shadow:0 0 10px rgba(0,0,0,.1);overflow-y:auto;background-color:#fff;padding-top:2.5rem}}.nav>.toggle-icon{position:absolute;top:.7rem;right:.7rem}@media (min-width:992px){.nav>.toggle-icon{display:none}}@media (max-width:991px){.nav-toggled .nav{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0);opacity:1;z-index:100}}.nav__item:hover .nav__dropdown,.nav__item:hover~.nav__dropdown--product{opacity:1;pointer-events:auto}.nav__item:hover .nav__link--dropdown>span:before{opacity:0}@media (min-width:992px){.nav__item .nav__link{margin-right:.75rem;background:var(--nav-item-arrow) no-repeat top 2.45rem right .25rem}.nav__item .nav__link:after{opacity:0;pointer-events:none;-webkit-box-sizing:border-box;box-sizing:border-box;left:50%;margin-left:-3px;content:"";width:0;height:0;border-style:solid;border-width:0 6px 4px;border-color:transparent transparent #fff;position:absolute;bottom:1rem;-webkit-transition:opacity .2s;transition:opacity .2s;z-index:2}.nav__item:hover .nav__link:after{opacity:1}}.nav__link{position:relative}.nav__link,.nav__link:hover{color:var(--nav-text-color)}@media (min-width:992px){.nav__link{padding:0 1.25rem;margin-left:.25rem;cursor:pointer}.nav__link:not(.nav__link--download){height:5rem;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.nav__link>span{position:relative}.nav__link>span:before{height:1px;width:100%;background-color:var(--nav-item-border-color);position:absolute;bottom:-8px;left:0;content:"";-webkit-transform:translateY(5px);transform:translateY(5px);opacity:0;-webkit-transition:opacity .3s,-webkit-transform .3s;transition:opacity .3s,-webkit-transform .3s;transition:opacity .3s,transform .3s;transition:opacity .3s,transform .3s,-webkit-transform .3s}.nav__link:not(.nav__link--dropdown):hover>span:before{-webkit-transform:translateY(0);transform:translateY(0);opacity:1}}@media (max-width:991px){.nav__link{font-weight:500;color:#000}.nav__link>span{display:block;padding:.5rem 1.5rem}}.nav__link--active>span:before{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}.nav__link--download{border:1px solid #c72c48;-webkit-transition:background-color .3s,color .3s;transition:background-color .3s,color .3s;border-radius:.1875rem;padding:.5rem 1.25rem .6rem}.nav__link--download:hover{background-color:#c72c48;color:#fff}@media (max-width:991px){.nav__link--download{margin:1.5rem;text-align:center;padding:.5rem 1rem;display:block}}@media (min-width:992px){.nav__dropdown{width:385px;-webkit-transform:translateX(calc(-50% + 3rem));transform:translateX(calc(-50% + 3rem));position:absolute;left:0;top:4rem;opacity:0;-webkit-transition:opacity .2s;transition:opacity .2s;pointer-events:none;border-radius:.3125rem;overflow:hidden;-webkit-box-shadow:0 .0625rem 1.25rem rgba(0,0,0,.13);box-shadow:0 .0625rem 1.25rem rgba(0,0,0,.13);background-color:#fff;z-index:1}.nav__dropdown .nav__dropdown__inner{padding:1.5rem;max-height:calc(100vh - 5rem);overflow-y:auto;border-radius:.3125rem}}@media (max-width:991px){.nav__dropdown .nav__dropdown__inner{background-color:var(--nav-bg-gray);padding:.5rem .8rem;margin-bottom:1rem}}@media (min-width:992px){.nav__dropdown--product{width:calc(100% - 3.5rem);max-width:1200px;-webkit-transform:translateX(0);transform:translateX(0);left:auto;right:1.75rem}.nav__dropdown--product:hover{opacity:1;pointer-events:auto}.nav__dropdown--product .nav__dropdown__inner{padding:2.5rem 2.25rem}}.nav__sub{padding:.6rem .75rem;font-weight:500;color:#000;border-radius:.1875rem}@media (max-width:991px){.nav__sub{font-size:.85rem;font-weight:400}}.nav__sub,.nav__sub>small{display:block}.nav__sub>small{color:#4b4b4b;font-weight:400;font-size:.8rem;opacity:.75;margin-top:.25rem}@media (max-width:991px){.nav__sub>small{display:none}}.nav__sub:hover{background-color:var(--nav-bg-gray);color:#000}@media (min-width:992px){.nav__feature{display:-webkit-box;display:-ms-flexbox;display:flex}}@media (min-width:992px){.nav__column{padding:0 1rem}.nav__column:not(:first-child){-webkit-box-flex:1;-ms-flex:1;flex:1}.nav__column:first-child>.nav__sub{margin-top:1rem}}.nav__column__title{text-transform:uppercase;font-size:.6rem;padding-left:.75rem;margin-bottom:.5rem;line-height:100%}@media (max-width:991px){.nav__column__title{margin-top:1rem}}.nav__lead{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.nav__lead,.nav__lead:hover{color:#000}.nav__lead>img{width:30px;-ms-flex-negative:0;flex-shrink:0;margin-right:.75rem}@media (max-width:991px){.nav__lead>img{display:none}}@media (min-width:992px){.nav__jump{padding-left:2.6rem;margin-top:-.2rem}.nav__jump>a{font-weight:400;display:block;font-size:.8rem;margin-top:.5rem}.nav__jump>a,.nav__jump>a:hover{color:#000}.nav__jump>a:hover{text-decoration:underline}}@media (max-width:991px){.nav__jump{display:none}}.nav__seperator{border-left:1px solid var(--nav-bg-gray);margin:0 1rem}@media (max-width:991px){.nav__seperator{display:none}}.toggle-icon{width:2.5rem;height:2.5rem;cursor:pointer;border-radius:.1875rem;-webkit-transition:background-color .3s;transition:background-color .3s;-ms-flex-negative:0;flex-shrink:0;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;flex-shrink:0;background-repeat:no-repeat;background-position:center}.toggle-icon:hover{background-color:rgba(199,44,72,.075)}[data-toggle=nav]{margin-left:auto}@media (min-width:992px){[data-toggle=nav]{display:none}}.sidebar{width:19rem;position:fixed;left:0;top:0;background-color:#f9f9f9;-webkit-transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,transform .3s;transition:opacity .4s,transform .3s,-webkit-transform .3s;padding:2.75rem 1.75rem 1rem 1.75rem;overflow-y:auto;height:100%;z-index:9}@media (min-width:1200px){.sidebar{padding-top:6.75rem}}@media (max-width:1199px){.sidebar{-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0);z-index:11}}.sidebar>.toggle-icon{position:absolute;top:.7rem;right:.15rem}@media (min-width:1200px){.sidebar>.toggle-icon{display:none}}@media (min-width:1200px){.sidebar-toggled .sidebar{-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0);opacity:0;pointer-events:none}}@media (max-width:1199px){.sidebar-toggled .sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0);opacity:1;pointer-events:all;-webkit-box-shadow:.25rem 0 .75rem rgba(0,0,0,.1);box-shadow:.25rem 0 .75rem rgba(0,0,0,.1)}}.sidebar__title{margin:-.25rem 0 1.5rem;line-height:100%}.sidebar__title>a{line-height:100%;color:#1c1c1c;font-size:.9rem;text-transform:uppercase;font-weight:500}.sidebar__title>a:hover{color:#1c1c1c}.search{margin-bottom:.8rem}.search__text{-webkit-appearance:none;-moz-appearance:none;appearance:none;border:1px solid #f0f0f0;height:2.65rem;background-color:#fff;color:#555;font-size:.85rem;width:100%;padding:0 1rem .1rem 2.6rem;background:url(../img/icons/search.svg) no-repeat center left 1rem;background-color:#fff;border-radius:.1875rem}.search__text:focus{border-color:#cacaca}.docs{margin-right:-.65rem}.docs ul{list-style:none;padding:0;margin:.5rem 0 .5rem 0;font-size:.9rem}.docs ul>li{margin:.5rem 0 .5rem 0}.docs ul>li>a,.docs ul>li>a>code{all:unset}.docs ul>li>a:hover{border:0;cursor:pointer}.docs ul>li.active>a{color:#c72c48;font-weight:500}.docs ul>li.active-parent>a{color:#494949;font-weight:500}.docs ul>li>ul>li{margin:.5rem 0 .5rem .5rem;font-size:.85rem}#localtoc{font-size:.8rem}#table-of-contents{background:0 0;border-style:none;padding:1.75rem 1.75rem 1.15rem 1.75rem;margin:0}@media (min-width:992px){#table-of-contents{width:13rem}}#table-of-contents .topic-title{margin:0;font-weight:500;color:#000}#table-of-contents ul{list-style:none;margin:10px 0 10px 0}#table-of-contents ul>li{list-style:none;margin:10px 0 10px 0}#table-of-contents ul>li>p a.reference{text-decoration:none;border-bottom:none;color:#1c1c1c}#table-of-contents ul>li>ul{margin:10px 0 10px 10px}.toggle-icon--docs{background-image:url(../img/icons/docs.svg)}.toggle-icon--menu{background-image:url(../img/icons/menu.svg)}.toggle-icon--close{background-image:url(../img/icons/close-circle.svg)}.toggle-icon--toc{background-image:url(../img/icons/toc.svg)}.scrollbar{scrollbar-color:transparent transparent;scrollbar-width:thin}.scrollbar:hover{scrollbar-color:#ddd transparent}.scrollbar:hover::-webkit-scrollbar-thumb{background-color:#ddd}.scrollbar::-webkit-scrollbar{width:12px}.scrollbar::-webkit-scrollbar-track{background-color:transparent}.scrollbar::-webkit-scrollbar-thumb{background-color:transparent;border-radius:1rem;border:3px solid transparent;background-clip:content-box}.scrollbar::-webkit-scrollbar-thumb:hover{background-color:#cecece} \ No newline at end of file diff --git a/source/images/replication/active-active-multi-replication.svg b/source/images/replication/active-active-multi-replication.svg new file mode 100644 index 00000000..2f2913aa --- /dev/null +++ b/source/images/replication/active-active-multi-replication.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/source/images/replication/active-active-twoway-replication.svg b/source/images/replication/active-active-twoway-replication.svg new file mode 100644 index 00000000..e7e31c0e --- /dev/null +++ b/source/images/replication/active-active-twoway-replication.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/source/images/replication/active-passive-oneway-replication.svg b/source/images/replication/active-passive-oneway-replication.svg new file mode 100644 index 00000000..220d77ed --- /dev/null +++ b/source/images/replication/active-passive-oneway-replication.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/source/reference/minio-cli/minio-mc/mc-replicate.rst b/source/reference/minio-cli/minio-mc/mc-replicate.rst index 2c68646d..498ab8db 100644 --- a/source/reference/minio-cli/minio-mc/mc-replicate.rst +++ b/source/reference/minio-cli/minio-mc/mc-replicate.rst @@ -30,8 +30,8 @@ Create Remote Target Before Configuring Replication Server-Side Replication Requires MinIO Source and Destination ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -MinIO server-side replication only works between MinIO clusters. Both the -source and destination clusters *must* run MinIO. +MinIO server-side replication only works between MinIO deployments. Both the +source and destination deployments *must* run MinIO. To configure replication between arbitrary S3-compatible services, use :mc-cmd:`mc mirror`. @@ -51,7 +51,7 @@ Use the :mc-cmd:`mc version enable` command to enable versioning on mc version enable ALIAS/PATH - Replace :mc-cmd:`ALIAS ` with the - :mc:`alias ` of the MinIO cluster. + :mc:`alias ` of the MinIO deployment. - Replace :mc-cmd:`PATH ` with the bucket on which to enable versioning. @@ -59,108 +59,62 @@ Use the :mc-cmd:`mc version enable` command to enable versioning on Required Permissions ~~~~~~~~~~~~~~~~~~~~ -Bucket Replication requires at minimum the following permissions on the -source and destination clusters: - -.. tab-set:: - - .. tab-item:: Source Policy - - The source cluster *must* have a user with *at minimum* following attached - *or* inherited policy: - - .. code-block:: shell - :class: copyable - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "admin:SetBucketTarget", - "admin:GetBucketTarget" - ], - "Effect": "Allow", - "Sid": "" - }, - { - "Effect": "Allow", - "Action": [ - "s3:GetReplicationConfiguration", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:GetBucketLocation", - "s3:GetBucketVersioning" - ], - "Resource": [ - "arn:aws:s3:::SOURCEBUCKETNAME" - ] - } - ] - } - - Replace ``SOURCEBUCKETNAME`` with the name of the source bucket from which - MinIO replicates objects. - - Use the :mc-cmd:`mc admin policy set` command to associate the policy to - a user on the source MinIO cluster. - - .. tab-item:: Destination Policy - - The destination cluster *must* have a user with *at minimum* the - following attached *or* inherited policy: - - .. code-block:: shell - :class: copyable - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:GetReplicationConfiguration", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:GetBucketLocation", - "s3:GetBucketVersioning", - "s3:GetBucketObjectLockConfiguration" - ], - "Resource": [ - "arn:aws:s3:::DESTINATIONBUCKETNAME" - ] - }, - { - "Effect": "Allow", - "Action": [ - "s3:GetReplicationConfiguration", - "s3:ReplicateTags", - "s3:AbortMultipartUpload", - "s3:GetObject", - "s3:GetObjectVersion", - "s3:GetObjectVersionTagging", - "s3:PutObject", - "s3:DeleteObject", - "s3:ReplicateObject", - "s3:ReplicateDelete" - ], - "Resource": [ - "arn:aws:s3:::DESTINATIONBUCKETNAME/*" - ] - } - ] - } - - Replace ``DESTINATIONBUCKETNAME`` with the name of the target bucket to - which MinIO replicates objects. - - Use the :mc-cmd:`mc admin policy set` command to associate the policy - to a user on the target MinIO cluster. - MinIO strongly recommends creating users specifically for supporting bucket replication operations. See :mc:`mc admin user` and :mc:`mc admin policy` for more complete -documentation on adding users and policies to a MinIO cluster. +documentation on adding users and policies to a MinIO deployment. + +.. tab-set:: + + .. tab-item:: Replication Admin + + The following policy provides permissions for configuring and enabling + replication on a deployment. + + .. literalinclude:: /extra/examples/ReplicationAdminPolicy.json + :class: copyable + :language: json + + - The ``"EnableRemoteBucketConfiguration"`` statement grants permission + for creating a remote target for supporting replication. + + - The ``"EnableReplicationRuleConfiguration"`` statement grants permission + for creating replication rules on a bucket. The ``"arn:aws:s3:::*`` + resource applies the replication permissions to *any* bucket on the + source deployment. You can restrict the user policy to specific buckets + as-needed. + + Use the :mc-cmd:`mc admin policy add` to add this policy to each + deployment acting as a replication source. Use :mc-cmd:`mc admin user add` + to create a user on the deployment and :mc-cmd:`mc admin policy set` + to associate the policy to that new user. + + .. tab-item:: Replication Remote User + + The following policy provides permissions for enabling synchronization of + replicated data *into* the deployment. + + .. literalinclude:: /extra/examples/ReplicationRemoteUserPolicy.json + :class: copyable + :language: json + + - The ``"EnableReplicationOnBucket"`` statement grants permission for + a remote target to retrieve bucket-level configuration for supporting + replication operations on *all* buckets in the MinIO deployment. To + restrict the policy to specific buckets, specify those buckets as an + element in the ``Resource`` array similar to + ``"arn:aws:s3:::bucketName"``. + + - The ``"EnableReplicatingDataIntoBucket"`` statement grants permission + for a remote target to synchronize data into *any* bucket in the MinIO + deployment. To restrict the policy to specific buckets, specify those + buckets as an element in the ``Resource`` array similar to + ``"arn:aws:s3:::bucketName/*"``. + + Use the :mc-cmd:`mc admin policy add` to add this policy to each + deployment acting as a replication target. Use :mc-cmd:`mc admin user add` + to create a user on the deployment and :mc-cmd:`mc admin policy set` + to associate the policy to that new user. Replication of Existing Objects ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -242,10 +196,10 @@ Server-Side Encryption (SSE-S3). Both the source and destination buckets *must* have automatic SSE-S3 enabled for MinIO to replicate an encrypted object. As part of the replication process, MinIO *decrypts* the object on the source -bucket and transmits the unencrypted object. The destination MinIO cluster then +bucket and transmits the unencrypted object. The destination MinIO deployment then re-encrypts the object using the destination bucket SSE-S3 configuration. MinIO *strongly recommends* :ref:`enabling TLS ` on both source and -destination clusters to ensure the safety of objects during transmission. +destination deployments to ensure the safety of objects during transmission. MinIO does *not* support replicating client-side encrypted objects (SSE-C). @@ -274,7 +228,7 @@ prefix. :mc:`mc replicate` depends on the ARN resource returned by [--FLAGS] - Replace :mc-cmd:`ALIAS ` with the - :mc:`alias ` of the MinIO cluster. + :mc:`alias ` of the MinIO deployment. - Replace :mc-cmd:`PATH ` with the path to the bucket or bucket prefix on which to add the new rule. @@ -301,7 +255,7 @@ Use :mc-cmd:`mc replicate edit` to modify an existing replication rule. [--FLAGS] - Replace :mc-cmd:`ALIAS ` with the - :mc:`alias ` of the MinIO cluster. + :mc:`alias ` of the MinIO deployment. - Replace :mc-cmd:`PATH ` with the path to the bucket or bucket prefix on which the rule exists. @@ -333,7 +287,7 @@ replication rule. --state "disabled"|"enabled" - Replace :mc-cmd:`ALIAS ` with the - :mc:`alias ` of the MinIO cluster. + :mc:`alias ` of the MinIO deployment. - Replace :mc-cmd:`PATH ` with the path to the bucket or bucket prefix on which the rule exists. @@ -365,7 +319,7 @@ Use :mc-cmd:`mc replicate rm` to remove an existing replication rule: mc replicate rm ALIAS/PATH --id ID - Replace :mc-cmd:`ALIAS ` with the - :mc:`alias ` of the MinIO cluster. + :mc:`alias ` of the MinIO deployment. - Replace :mc-cmd:`PATH ` with the path to the bucket or bucket prefix on which the rule exists. @@ -416,33 +370,32 @@ Syntax mc replicate add play/mybucket - .. mc-cmd:: arn :option: - *Required* - - Specify the ARN for the destination cluster and bucket. You can - retrieve the ARN using :mc-cmd:`mc admin bucket remote`: - - - Use the :mc-cmd:`mc admin bucket remote ls` to retrieve a list of - ARNs for the bucket on the destination cluster. - - - Use the :mc-cmd:`mc admin bucket remote add` to create an ARN for - the bucket on the destination cluster. - - The specified ARN bucket *must* match the value specified to - :mc-cmd-option:`~mc replicate add remote-bucket`. - + *Deprecated in* :mc-release:`RELEASE.2021-09-23T05-44-03Z`. + :mc-cmd-option:`mc replicate add remote-bucket` supersedes all + functionality provided by this option. .. mc-cmd:: remote-bucket :option: *Required* - Specify the name of the bucket on the destination cluster. The - name *must* match the ARN specified to - :mc-cmd-option:`~mc replicate add arn`. + Specify the ARN for the destination deployment and bucket. You can + retrieve the ARN using :mc-cmd:`mc admin bucket remote`: + + - Use the :mc-cmd:`mc admin bucket remote ls` to retrieve a list of + ARNs for the bucket on the destination deployment. + + - Use the :mc-cmd:`mc admin bucket remote add` to create a replication ARN + for the bucket on the destination deployment. + + The specified ARN bucket *must* match the value specified to + :mc-cmd-option:`~mc replicate add remote-bucket`. + + *Added in* :mc-release:`RELEASE.2021-09-23T05-44-03Z`. Requires + MinIO server :minio-release:`RELEASE.2021-09-23T04-46-24Z`. .. mc-cmd:: replicate @@ -513,8 +466,8 @@ Syntax *Optional* - Disables verification of the destination cluster's TLS certificate. - This option may be required if the destination cluster uses a + Disables verification of the destination deployment's TLS certificate. + This option may be required if the destination deployment uses a self-signed certificate *or* a certificate signed by an unknown Certificate Authority. @@ -576,7 +529,7 @@ Syntax *Optional* - Specify the name of the bucket on the destination cluster. The + Specify the name of the bucket on the destination deployment. The name *must* match the replication rule ARN. Use :mc-cmd:`mc replicate ls` to validate the ARN for each configured replication rule on the bucket. @@ -651,8 +604,8 @@ Syntax *Optional* - Disables verification of the destination cluster's TLS certificate. - This option may be required if the destination cluster uses a + Disables verification of the destination deployment's TLS certificate. + This option may be required if the destination deployment uses a self-signed certificate *or* a certificate signed by an unknown Certificate Authority. @@ -707,8 +660,8 @@ Syntax *Optional* - Disables verification of the destination cluster's TLS certificate. - This option may be required if the destination cluster uses a + Disables verification of the destination deployment's TLS certificate. + This option may be required if the destination deployment uses a self-signed certificate *or* a certificate signed by an unknown Certificate Authority. @@ -760,8 +713,8 @@ Syntax *Optional* - Disables verification of the destination cluster's TLS certificate. - This option may be required if the destination cluster uses a + Disables verification of the destination deployment's TLS certificate. + This option may be required if the destination deployment uses a self-signed certificate *or* a certificate signed by an unknown Certificate Authority. @@ -806,8 +759,8 @@ Syntax *Optional* - Disables verification of the destination cluster's TLS certificate. - This option may be required if the destination cluster uses a + Disables verification of the destination deployment's TLS certificate. + This option may be required if the destination deployment uses a self-signed certificate *or* a certificate signed by an unknown Certificate Authority. diff --git a/source/replication/enable-server-side-multi-site-bucket-replication.rst b/source/replication/enable-server-side-multi-site-bucket-replication.rst new file mode 100644 index 00000000..6864ab8a --- /dev/null +++ b/source/replication/enable-server-side-multi-site-bucket-replication.rst @@ -0,0 +1,464 @@ +.. _minio-bucket-replication-serverside-multi: + +================================================ +Enable Multi-Site Server-Side Bucket Replication +================================================ + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + + +The procedure on this page configures automatic server-side bucket +replication between multiple MinIO deployments. Multi-Site Active-Active +replication builds on the +:ref:`minio-bucket-replication-serverside-twoway` procedure with additional +considerations required to ensure predictable replication behavior across +all sites. + +.. image:: /images/replication/active-active-multi-replication.svg + :width: 600px + :alt: Active-Active Replication synchronizes data between multiple remote deployments. + :align: center + +- To configure replication between arbitrary S3-compatible services, use + :mc-cmd:`mc mirror`. + +- To configure one-way "active-active" replication between two MinIO + deployments, see :ref:`minio-bucket-replication-serverside-oneway`. + +- To configure one-way "active-passive" replication between MinIO deployments, + see :ref:`minio-bucket-replication-serverside-oneway`. + +Multi-Site Active-Active replication configurations can span multiple +racks, datacenters, or geographic locations. Complexity of configuring and +maintaining multi-site configurations generally increase with the number of +sites and size of each site. Enterprises looking to implement +multi-site replication should consider leveraging `MinIO SUBNET +`__ support to access the expertise, planning, +and engineering resources required for addressing that use case. + +MinIO multi-site replication requires MinIO server +:minio-release:`RELEASE.2021-09-23T04-46-24Z` and :mc:`mc` +:mc-release:`RELEASE.2021-09-23T05-44-03Z` and later. + +.. seealso:: + + - Use the :mc-cmd:`mc replicate edit` command to modify an existing + replication rule. + + - Use the :mc-cmd-option:`mc replicate edit` command with the + :mc-cmd-option:`--state "disable" ` flag to + disable an existing replication rule. + + - Use the :mc-cmd:`mc replicate rm` command to remove an existing replication + rule. + +.. _minio-bucket-replication-serverside-multi-requirements: + +Requirements +------------ + +Replication Requires MinIO Remote Targets +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +MinIO server-side replication only works between MinIO deployments. All +deployments participating in the multi-site replication configuration +*must* run MinIO. MinIO strongly recommends using the *same* MinIO server +version across all sites. + +To configure replication between arbitrary S3-compatible services, +use :mc-cmd:`mc mirror`. + +Replication Requires Versioning +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +MinIO relies on the immutability protections provided by versioning to +synchronize objects as part of replication. + +Use the :mc-cmd:`mc version enable` command to enable versioning for the bucket +across *all* MinIO deployments participating in the multi-site replication +configuration. + +.. code-block:: shell + :class: copyable + + mc version enable ALIAS/PATH + +- Replace :mc-cmd:`ALIAS ` with the + :mc:`alias ` of the MinIO deployment. + +- Replace :mc-cmd:`PATH ` with the bucket on which + to enable versioning. + +Install and Configure ``mc`` with Access to Both Clusters. +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This procedure uses :mc:`mc` for performing operations on both the source and +destination MinIO cluster. Install :mc:`mc` on a machine with network access to +both source and destination deployments. See the ``mc`` +:ref:`Installation Quickstart ` for instructions on downloading and +installing ``mc``. + +Use the :mc:`mc alias` command to create an alias for both MinIO deployments. +Alias creation requires specifying an access key for a user on the cluster. +This user **must** have permission to create and manage users and policies +on the cluster. Specifically, ensure the user has *at minimum*: + +- :policy-action:`admin:CreateUser` +- :policy-action:`admin:ListUsers` +- :policy-action:`admin:GetUser` +- :policy-action:`admin:CreatePolicy` +- :policy-action:`admin:GetPolicy` +- :policy-action:`admin:AttachUserOrGroupPolicy` + +.. _minio-bucket-replication-serverside-multi-permissions: + +Required Permissions +~~~~~~~~~~~~~~~~~~~~ + +Bucket replication requires specific permissions on the source and +destination deployments to configure and enable replication rules. + +.. tab-set:: + + .. tab-item:: Replication Admin + + The following policy provides permissions for configuring and enabling + replication on a cluster. + + .. literalinclude:: /extra/examples/ReplicationAdminPolicy.json + :class: copyable + :language: json + + - The ``"EnableRemoteBucketConfiguration"`` statement grants permission + for creating a remote target for supporting replication. + + - The ``"EnableReplicationRuleConfiguration"`` statement grants permission + for creating replication rules on a bucket. The ``"arn:aws:s3:::*`` + resource applies the replication permissions to *any* bucket on the + source cluster. You can restrict the user policy to specific buckets + as-needed. + + Use the :mc-cmd:`mc admin policy add` to add this policy to *both* + deployments. You can then create a user on both deployments using + :mc-cmd:`mc admin user add` and associate the policy to those users + with :mc-cmd:`mc admin policy set`. + + .. tab-item:: Replication Remote User + + The following policy provides permissions for enabling synchronization of + replicated data *into* the cluster. Use the :mc-cmd:`mc admin policy add` + to add this policy to *both* deployments. + + .. literalinclude:: /extra/examples/ReplicationRemoteUserPolicy.json + :class: copyable + :language: json + + - The ``"EnableReplicationOnBucket"`` statement grants permission for + a remote target to retrieve bucket-level configuration for supporting + replication operations on *all* buckets in the MinIO cluster. To + restrict the policy to specific buckets, specify those buckets as an + element in the ``Resource`` array similar to + ``"arn:aws:s3:::bucketName"``. + + - The ``"EnableReplicatingDataIntoBucket"`` statement grants permission + for a remote target to synchronize data into *any* bucket in the MinIO + cluster. To restrict the policy to specific buckets, specify those + buckets as an element in the ``Resource`` array similar to + ``"arn:aws:s3:::bucketName/*"``. + + Use the :mc-cmd:`mc admin policy add` to add this policy to *both* + deployments. You can then create a user on both deployments using + :mc-cmd:`mc admin user add` and associate the policy to those users + with :mc-cmd:`mc admin policy set`. + +MinIO strongly recommends creating users specifically for supporting +bucket replication operations. See +:mc:`mc admin user` and :mc:`mc admin policy` for more complete +documentation on adding users and policies to a MinIO cluster. + +Considerations +-------------- + +Use Consistent Replication Settings +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +MinIO supports customizing the replication configuration to enable or disable +the following replication behaviors: + +- Replication of delete operations +- Replication of delete markers +- Replication of existing objects +- Replication of metadata-only changes + +When configuring replication rules for a bucket, ensure that all MinIO +deployments participating in multi-site replication use the *same* replication +behaviors to ensure consistent and predictable synchronization of objects. + +Replication of Existing Objects +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Starting with :mc:`mc` :minio-git:`RELEASE.2021-06-13T17-48-22Z +` and :mc:`minio` +:minio-git:`RELEASE.2021-06-07T21-40-51Z +`, MinIO supports automatically +replicating existing objects in a bucket. + +MinIO requires explicitly enabling replication of existing objects using the +:mc-cmd-option:`mc replicate add replicate` or +:mc-cmd-option:`mc replicate edit replicate` and including the +``existing-objects`` replication feature flag. This procedure includes the +required flags for enabling replication of existing objects. + +Replication of Delete Operations +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +MinIO supports replicating delete operations onto the target bucket. +Specifically, MinIO can replicate versioning +:s3-docs:`Delete Markers ` and the deletion +of specific versioned objects: + +- For delete operations on an object, MinIO replication also creates the delete + marker on the target bucket. + +- For delete operations on versions of an object, + MinIO replication also deletes those versions on the target bucket. + +MinIO requires explicitly enabling replication of delete operations using the +:mc-cmd-option:`mc replicate add replicate` or +:mc-cmd-option:`mc replicate edit replicate`. This procedure includes the +required flags for enabling replication of delete operations and delete markers. + +Replication of Encrypted Objects +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +MinIO supports replicating objects encrypted with automatic +Server-Side Encryption (SSE-S3). Both the source and destination buckets +*must* have automatic SSE-S3 enabled for MinIO to replicate an encrypted object. + +As part of the replication process, MinIO *decrypts* the object on the source +bucket and transmits the unencrypted object. The destination MinIO cluster then +re-encrypts the object using the destination bucket SSE-S3 configuration. MinIO +*strongly recommends* :ref:`enabling TLS ` on both source and +destination deployments to ensure the safety of objects during transmission. + +MinIO does *not* support replicating client-side encrypted objects +(SSE-C). + +Replication of Locked Objects +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +MinIO supports replicating objects held under +:ref:`WORM Locking `. Both replication buckets *must* have +object locking enabled for MinIO to replicate the locked object. For +active-active configuration, MinIO recommends using the *same* +retention rules on both buckets to ensure consistent behavior across +sites. + +You must enable object locking during bucket creation as per S3 behavior. +You can then configure object retention rules at any time. +Object locking requires :ref:`versioning ` and +enables the feature implicitly. + +Procedure +--------- + +This procedure requires repeating steps for each MinIO deployment participating +in the multi-site replication configuration. Depending on the number of +deployments, this procedure may require significant time and care in +implementation. MinIO recommends reading through the procedure *before* +attempting to implement the documented steps. + +1) Create Replication Administrator Users +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following example creates a replication administrator policy and +associates that policy to a user on the MinIO deployment. Replace the +password ``LongRandomSecretKey`` with a long, random, and secure secret key +as per your organizations best practices for password generation + +.. code-block:: shell + :class: copyable + + wget -O - https://docs.min.io/minio/baremetal/examples/ReplicationAdminPolicy.json | \ + mc admin policy add ALIAS ReplicationAdminPolicy /dev/stdin + mc admin user add ALIAS ReplicationAdmin LongRandomSecretKey + mc admin policy set ALIAS ReplicationAdminPolicy user=ReplicationAdmin + +The ``ReplicationAdminPolicy.json`` contains the limited set of +:ref:`permissions ` +required for configuring replication rules. Replace the +``LongRandomSecretKey`` + +Repeat this step for each MinIO deployment participating in the multi-site +replication configuration. For example, a configuration with three MinIO +deployments should repeat this step three times. + +The example assumes that the specified aliases have the necessary permissions +for creating policies and users on both deployments. See :ref:`minio-users` and +:ref:`MinIO Policy Based Access Control ` for more complete +documentation on MinIO users and policies respectively. + +2) Create Replication Remote Users +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following example creates a replication remote policy and +associates that policy to a user on the MinIO deployment. Replace the +password ``LongRandomSecretKey`` with a long, random, and secure secret key +as per your organizations best practices for password generation. + + +.. code-block:: shell + :class: copyable + + wget -O - https://docs.min.io/minio/baremetal/examples/ReplicationRemoteUserPolicy.json | \ + mc admin policy add ALIAS ReplicationRemoteUserPolicy /dev/stdin + mc admin user add ALIAS ReplicationRemoteUser LongRandomSecretKey + mc admin policy set ALIAS ReplicationRemoteUserPolicy user=ReplicationRemoteUser + +The ``ReplicationRemoteUserPolicy.json`` contains the limited set of +:ref:`permissions ` +required for configuring replication rules. + +Repeat this step for each MinIO deployment participating in the multi-site +replication configuration. For example, a configuration with three MinIO +deployments should repeat this step three times. + +The example assumes that the specified aliases have the necessary permissions +for creating policies and users on both deployments. See :ref:`minio-users` and +:ref:`MinIO Policy Based Access Control ` for more complete +documentation on MinIO users and policies respectively. + +3) Configure Replication Administrative Access to Each Deployment +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Use the :mc-cmd:`mc alias set` command to add a replication-specific alias for +each remote deployment + +.. code-block:: shell + :class: copyable + + mc alias set ALIAS-Replication HOSTNAME ReplicationAdmin LongRandomSecretKey + +Repeat this step for each MinIO deployment participating in the multi-site +replication configuration. Replace the ``ALIAS`` prefix to match the +actual alias for that deployment. + +For example, a multi-site replication configuration consisting of MinIO +deployments ``Alpha``, ``Baker``, and ``Charlie`` would resemble the following: + +.. code-block:: shell + :class: copyable + + mc alias set Alpha-Replication https://alpha-minio.example.net ReplicationAdmin LongRandomSecretKey + mc alias set Baker-Replication https://baker-minio.example.net ReplicationAdmin LongRandomSecretKey + mc alias set Charlie-Replication https://charlie-minio.example.net ReplicationAdmin LongRandomSecretKey + +4) Create the Replication Rule on each Deployment +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Use the :mc-cmd:`mc admin bucket remote` command to create a remote target +for each MinIO deployment participating in the multi-site replication +configuration. + +.. code-block:: shell + :class: copyable + + mc admin bucket remote add ALIAS-Replication/BUCKET \ + https://ReplicationRemoteUser:LongRandomSecretKey@HOSTNAME/BUCKET \ + --service "replication" \ + [--sync] + +- Replace ``BUCKET`` with the name of the bucket on which you are + configuring multi-site replication. + +- Replace ``HOSTNAME`` with the URL of the remote MinIO deployment + +- (Optional) Specify the :mc-cmd-option:`~mc admin bucket remote add sync` + option to enable synchronous replication. Omit the option to use the default + of asynchronous replication. See the reference documentation for + :mc-cmd-option:`~mc admin bucket remote add sync` for more information on + synchronous vs asynchronous replication. + +The command returns an ARN similar to the following. Copy this ARN for use in +following steps. + +.. code-block:: shell + + Role ARN = 'arn:minio:replication:::BUCKET' + +Use the :mc-cmd:`mc replicate add` command to create the replication rule using +the remote as a target: + +.. code-block:: shell + :class: copyable + + mc replicate add ALIAS-Replication/BUCKET \ + --remote-bucket 'arn:minio:replication:::BUCKET' \ + --replicate "delete,delete-marker,existing-objects" + --priority 1 + +- Replace ``BUCKET`` with the name of the bucket on which you are + configuring multi-site replication. The name *must* match the bucket + specified when creating the remote target. + +- Replace the ``--remote-bucket`` value with the ARN returned in the previous + step. + +- The ``--replicate "delete,delete-marker,existing-objects"`` flag enables + the following replication features: + + - :ref:`Replication of Deletes ` + - :ref:`Replication of existing Objects ` + + See :mc-cmd-option:`mc replicate add replicate` for more complete + documentation. Omit these fields to disable replication of delete operations + or replication of existing objects respectively. + + You *must* specify the same set of replication features for all + MinIO deployments participating in this bucket's multi-site replication. + +- Replace ``--priority`` with a unique value for the bucket. If the bucket + has multiple replication rules, you may need to use + :mc-cmd:`mc replicate ls` to identify an unused priority value. + +Repeat these commands for each remote MinIO deployment participating in the +multi-site replication configuration. For example, a multi-site replication +configuration consisting of MinIO deployments ``Alpha``, ``Baker``, and +``Charlie`` would require repeating this step on each deployment for each +remote. Specifically: + +- The ``Alpha`` deployment would perform this step once for + ``Baker`` and once for ``Charlie``. + +- The ``Baker`` deployment would perform this step once for ``Alpha`` and + once for ``Charlie``. + +- The ``Charlie`` deployment would perform this step once for ``Baker`` and + once for ``Alpha``. + +5) Validate the Replication Configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Use :mc-cmd:`mc cp` to copy a new object the bucket on any of the deployments: + +.. code-block:: shell + :class: copyable + + mc cp ~/foo.txt ALIAS/BUCKET + +Use :mc-cmd:`mc ls` to verify the object exists on each deployment: + +.. code-block:: shell + :class: copyable + + mc ls ALIAS/BUCKET + +Repeat this test on each of the deployments by copying a new unique file and +checking the other deployments for that file. + +You can also use :mc-cmd:`mc stat` to check the file to check the +current :ref:`replication stage ` of the object. diff --git a/source/replication/enable-server-side-one-way-bucket-replication.rst b/source/replication/enable-server-side-one-way-bucket-replication.rst index 18c81bc5..fdb38846 100644 --- a/source/replication/enable-server-side-one-way-bucket-replication.rst +++ b/source/replication/enable-server-side-one-way-bucket-replication.rst @@ -14,14 +14,11 @@ Enable One-Way Server-Side Bucket Replication The procedure on this page creates a new bucket replication rule for one-way synchronization of objects between MinIO buckets. -.. image:: /images/active-passive-replication.svg +.. image:: /images/replication/active-passive-oneway-replication.svg :width: 600px :alt: Active-Passive Replication synchronizes data from a source MinIO cluster to a remote MinIO cluster. :align: center -MinIO server-side replication supports at most *two* MinIO clusters. Both -clusters *must* run MinIO. - - To configure replication between arbitrary S3-compatible services, use :mc-cmd:`mc mirror`. @@ -226,6 +223,23 @@ You can then configure object retention rules at any time. Object locking requires :ref:`versioning ` and enables the feature implicitly. +Multi-Site Replication +~~~~~~~~~~~~~~~~~~~~~~ + +MinIO supports configuring multiple remote targets per +bucket or bucket prefix. For example, you can configure a bucket to replicate +data to two or more remote MinIO deployments, where one deployment is a 1:1 copy +(replication of all operations including deletions) and another is a full +historical record (replication of only non-destructive write operations). + +This procedure documents one-way replication to a single remote MinIO +deployment. You can repeat this tutorial for multiple remote targets for a +single bucket. + +MinIO multi-site replication requires MinIO server +:minio-release:`RELEASE.2021-09-23T04-46-24Z` and :mc:`mc` +:mc-release:`RELEASE.2021-09-23T05-44-03Z` and later. + Procedure --------- diff --git a/source/replication/enable-server-side-two-way-bucket-replication.rst b/source/replication/enable-server-side-two-way-bucket-replication.rst index aa1310ad..b75d07b6 100644 --- a/source/replication/enable-server-side-two-way-bucket-replication.rst +++ b/source/replication/enable-server-side-two-way-bucket-replication.rst @@ -14,26 +14,21 @@ Enable Two-Way Server-Side Bucket Replication The procedure on this page creates a new bucket replication rule for two-way "active-active" synchronization of objects between MinIO buckets. -.. image:: /images/active-active-replication.svg +.. image:: /images/replication/active-active-twoway-replication.svg :width: 600px :alt: Active-Active Replication synchronizes data between two remote clusters. :align: center -MinIO server-side replication supports at most *two* MinIO clusters. Both -clusters *must* run MinIO. - - To configure replication between arbitrary S3-compatible services, use :mc-cmd:`mc mirror`. - To configure one-way "active-passive" replication between MinIO clusters, see :ref:`minio-bucket-replication-serverside-oneway`. -MinIO Active-Active replication is designed for synchronizing objects between -two MinIO clusters. MinIO does not support Active-Active replication between -more than two clusters (multi-site). Enterprises looking to implement multi-site -replication should consider leveraging `MinIO SUBNET -`__ support to access the expertise, planning, -and engineering resources required for addressing that use case. +This tutorial covers configuring Active-Active replication between two +MinIO clusters. For a tutorial on multi-site replication between three +or more MinIO clusters, see :ref:`minio-bucket-replication-serverside-multi` +(new in VERSION). .. seealso:: @@ -52,8 +47,17 @@ and engineering resources required for addressing that use case. Requirements ------------ -Enable Versioning on Source and Destination Buckets -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Replication Requires MinIO Remote Targets +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +MinIO server-side replication only works between MinIO clusters. Both the +source and destination clusters *must* run MinIO. + +To configure replication between arbitrary S3-compatible services, +use :mc-cmd:`mc mirror`. + +Replication Requires Versioning +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MinIO relies on the immutability protections provided by versioning to synchronize objects between the source and replication target. @@ -162,6 +166,22 @@ documentation on adding users and policies to a MinIO cluster. Considerations -------------- +Use Consistent Replication Settings +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +MinIO supports customizing the replication configuration to enable or disable +the following replication behaviors: + +- Replication of delete operations +- Replication of delete markers +- Replication of existing objects +- Replication of metadata-only changes + +When configuring replication rules for a bucket, ensure that both MinIO +deployments participating in active-active replication use the *same* +replication behaviors to ensure consistent and predictable synchronization of +objects. + Replication of Existing Objects ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -227,6 +247,22 @@ You can then configure object retention rules at any time. Object locking requires :ref:`versioning ` and enables the feature implicitly. +Multi-Site Replication +~~~~~~~~~~~~~~~~~~~~~~ + +MinIO supports configuring multiple remote targets per bucket or bucket prefix. +This enables configuring multi-site active-active replication between MinIO +deployments. + +This procedure covers active-active replication between *two* MinIO sites. +You can repeat this procedure for each "pair" of MinIO deployments in the +replication mesh. For a dedicated tutorial, see +:ref:`minio-bucket-replication-serverside-multi`. + +MinIO multi-site replication requires MinIO server +:minio-release:`RELEASE.2021-09-23T04-46-24Z` and :mc:`mc` +:mc-release:`RELEASE.2021-09-23T05-44-03Z` and later. + Procedure --------- diff --git a/source/replication/replication-overview.rst b/source/replication/replication-overview.rst index ac08d763..1c132a5e 100644 --- a/source/replication/replication-overview.rst +++ b/source/replication/replication-overview.rst @@ -11,8 +11,7 @@ Bucket Replication :depth: 2 MinIO supports server-side and client-side replication of objects between source -and destination buckets. MinIO offers both active-passive (one-way) and -active-active (two-way) flavors of the following replication types: +and destination buckets. :ref:`Server-Side Bucket Replication ` Configure per-bucket rules for automatically synchronizing objects between @@ -61,6 +60,9 @@ replication while adding the following MinIO-only features: - Active-Active (Two-Way) replication of objects between source and destination buckets. +- Multi-Site replication of objects between three or more MinIO deployments + (New in :minio-release:`RELEASE.2021-09-23T04-46-24Z`). + .. _minio-replication-process: Replication Process @@ -88,6 +90,10 @@ replication state of the object: bucket. MinIO continuously scans for ``PENDING`` objects not yet in the replication queue and adds them to the queue as space is available. + For multi-site replication, objects remain + in the ``PENDING`` state until replicated to *all* configured + remotes for that bucket or bucket prefix. + * - ``COMPLETED`` - The object has successfully replicated to the remote cluster. @@ -270,7 +276,9 @@ overall cluster load, and the size of the namespace (all objects in the bucket). MinIO does not synchronize existing unversioned objects. Specifically, the bucket *must* have :ref:`versioning ` enabled when the -object was created. +object was created. You can use the :mc-cmd:`mc cp` command to create a +"versioned" copy of that object. Once that object replicates successfully, +you can delete the unversioned object (versionid = ``null``). MinIO existing object replication implements functionality similar to @@ -285,6 +293,7 @@ without the overhead of contacting technical support. /replication/enable-server-side-one-way-bucket-replication /replication/enable-server-side-two-way-bucket-replication + /replication/enable-server-side-multi-site-bucket-replication .. _minio-bucket-replication-clientside: