00de8dbeb6
This PR applies updates to numerous files to address changes in the two
December 2022 `mc` releases.
- Deprecates `mc admin bucket quota` and links to new commands
- Adds `mc quota set | clear | info` commands
- Adds `attach | detach` subcommands to `mc admin idp ldap policy`
- Updates list of call types available to `mc admin trace`
- Updates `mc` page with new commands
- Fixes minor errors in `mc cp`
- Adds `--limit-*` flags to global flag options
- Adds `--versions` flag to `mc find`
Closes #685
- Updates ilm commands for new structure for tiers and rules
- Deprecates `mc admin tier`
- Deprecates `mc ilm add | edit | export | import | ls | rm` commands
- Adds new `mc ilm rule` and six subcommands
- Adds new `mc ilm tier` and six subcommands
- Updates references to ilm and admin tier commands throughout docs
- Adds new deprecated commands page
- Adds `mc ilm rule` and `mc ilm tier` holding pages with toctrees
- Closes #691
- Closes #662
11 KiB
mc admin tier
minio
Table of Contents
mc admin tier
RELEASE.2022-12-24T15-21-38Z
mc admin tier replaced by mc ilm tier.
Description
The mc admin tier
command configures a remote supported S3-compatible service for
supporting MinIO Lifecycle Management: Object Transition ("Tiering")
<minio-lifecycle-management-expiration>.
Use mc admin on MinIO Deployments Only
Supported S3 Services
mc admin tier
supports only the following S3-compatible services as a remote
target for object tiering:
- Amazon S3
- Google Cloud Storage
- Azure Blob Storage
Required Permissions
MinIO requires the following permissions scoped to to the bucket or buckets for which you are creating lifecycle management rules.
s3:PutLifecycleConfigurations3:GetLifecycleConfiguration
MinIO also requires the following administrative permissions on the cluster in which you are creating remote tiers for object transition lifecycle management rules:
admin:SetTieradmin:ListTier
For example, the following policy provides permission for configuring object transition lifecycle management rules on any bucket in the cluster:.
/extra/examples/LifecycleManagementAdmin.json
Transition Permissions
Object transition lifecycle management rules require additional permissions on the remote storage tier. Specifically, MinIO requires the remote tier credentials provide read, write, list, and delete permissions.
For example, if the remote storage tier implements AWS IAM policy-based access control, the following policy provides the necessary permission for transitioning objects into and out of the remote tier:
/extra/examples/LifecycleManagementUser.json
Modify the Resource for the bucket into which MinIO
tiers objects.
Defer to the documentation for the supported tiering targets for more complete information on configuring users and permissions to support MinIO tiering:
Amazon S3 Permissions <service-authorization/latest/reference/list_amazons3.html#amazons3-actions-as-permissions>- Google Cloud Storage Access Control
- Authorizing access to data in Azure storage
Syntax
add
Creates a new remote storage tier for transitioning objects using MinIO lifecycle management rules.
Important
MinIO does not support removing remote storage tiers. Ensure the storage backend supports the intended workload prior to adding it as a remote tier target.
The command has the following syntax:
mc admin tier add TIER_TYPE TARGET TIER_NAME [FLAGS]The command accepts the following arguments:
TIER_TYPE
Required
The Cloud Service Provider storage backend ("Tier") to which MinIO transitions objects. Specify one of the following supported values:
|
Use AWS S3 or a remote MinIO deployment as the storage backend for the new Tier. Requires specifying the following additional options:
|
|
Use Requires specifying the following additional options:
|
|
Use Requires specifying the following additional option:
|
TARGET
Required
The alias <mc alias> of a configured MinIO
deployment on which the command creates the new remote tier.
TIER_NAME
Required
The name to associate with the new remote tier. The name must be unique across all configured tiers on the MinIO cluster.
You must specify the tier in all-caps, e.g.
WARM_TIER.
--endpoint
Required
The URL endpoint for the cloud service provider. The URL endpoint
must resolve to the provider specified to ~mc admin tier add TIER_TYPE.
--access-key
Required
The access key for a user on the remote S3 tier. The user must have permission to perform read/write/list/delete operations on the remote bucket or bucket prefix.
Required if ~mc admin tier add TIER_TYPE is s3.
This option has no effect for any other value of
TIER_TYPE.
--secret-key
Required
The secret key for a user on the remote S3 tier.
Required if ~mc admin tier add TIER_TYPE is s3.
This option has no effect for any other value of
TIER_TYPE.
--account-name
Required
The account name for a user on the remote Azure tier. The user must have permission to perform read/write/list/delete operations on the remote bucket or bucket prefix.
Required if ~mc admin tier add TIER_TYPE is azure.
This option has no effect for any other value of
TIER_TYPE.
MinIO does not support changing the account name associated to an Azure remote tier. Azure storage backends are tied to the account, such that changing the account would change the storage backend and prevent access to any objects transitioned to the original account/backend.
--account-key
Required
The account key for the ~mc admin tier add --account-name associated to the
remote Azure tier.
Required if ~mc admin tier add TIER_TYPE is azure.
This option has no effect for any other value of
TIER_TYPE.
--credentials-file
Required
The credential file for a user on the remote GCS tier. The user must have permission to perform read/write/list/delete operations on the remote bucket or bucket prefix.
Required if ~mc admin tier add TIER_TYPE is gcs.
This option has no effect for any other value of
TIER_TYPE.
--bucket
Required
The bucket on the remote tier to which MinIO transitions objects.
--prefix
Optional
The prefix path for the specified ~mc admin tier add --bucket to which MinIO
transitions objects.
Omit this field to transition objects into the bucket root.
--storage-class
Optional
The AWS storage class to use for objects transitioned by MinIO. MinIO supports only the following storage classes:
STANDARDREDUCED_REDUNDANCY
Defaults to S3_STANDARD if omitted.
This option only applies if ~mc admin tier add TIER_TYPE is s3.
This option has no effect for any other value of
TIER_TYPE.
--region
Optional
The S3 backend region for the specified ~mc admin tier add TIER_TYPE, such as
us-west-1.
This option only applies if ~mc admin tier add TIER_TYPE is s3.
This option has no effect for any other value of
TIER_TYPE.
edit
Modify or remove a remote storage tier from a MinIO cluster. Remote storage tiers support transitioning objects using MinIO lifecycle management rules.
The command has the following syntax:
mc admin tier edit TARGET TIER_NAME [FLAGS]The command accepts the following arguments:
TARGET
Required
The alias <mc alias> of a configured MinIO
deployment.
TIER_NAME
Required
The name of the remote tier the command modifies. The value
corresponds to the mc admin tier add TIER_NAME specified when creating
the remote tier.
--access-key
Optional
The access key for a user on the remote S3 tier. The user must have permission to perform read/write/list/delete operations on the remote bucket or bucket prefix.
This option only applies to remote storage tiers with ~mc admin tier add TIER_TYPE is s3.
This option has no effect for any other TIER_TYPE.
--secret-key
Optional
The secret key for a user on the remote S3 tier.
This option only applies to remote storage tiers with ~mc admin tier add TIER_TYPE is s3.
This option has no effect for any other TIER_TYPE.
--account-key
Required
The account key for a user on the remote Azure tier. Use this option
to rotate the credentials for the ~mc admin tier add --account-name associated to the
remote tier.
This option only applies to remote storage tiers with ~mc admin tier add TIER_TYPE is azure.
This option has no effect for any other TIER_TYPE.
--credentials-file
Required
The credential file for a user on the remote GCS tier. The user must have permission to perform read/write/list/delete operations on the remote bucket or bucket prefix.
This option only applies to remote storage tiers with ~mc admin tier add TIER_TYPE is gcs.
This option has no effect for any other TIER_TYPE.
ls
List all remote storage tiers on a MinIO cluster. Remote storage tiers support transitioning objects using MinIO lifecycle management rules.
The command has the following syntax:
mc admin tier ls TARGET [FLAGS]The command accepts the following arguments:
TARGET
Required
The alias <mc alias> of a configured MinIO
deployment.