f27c16f30a
- Adds info about tracking batch job status for completed jobs - Deprecates `mc license update` - Adds flags for updating Azure credentials in `mc ilm tier update` Closes #1260
9.6 KiB
mc ilm tier update
minio
Table of Contents
mc ilm tier update
RELEASE.2022-12-24T15-21-38Z
mc ilm tier update replaces
mc admin tier edit.
Description
The mc ilm tier update command modifies an existing
configured remote tier.
Use mc admin on MinIO Deployments Only
Supported S3 Services
mc ilm tier supports
only the following S3-compatible services as a remote target
for object tiering:
- MinIO
- Amazon S3
- Google Cloud Storage
- Azure Blob Storage
Required Permissions
MinIO requires the following permissions scoped to to the bucket or buckets for which you are creating lifecycle management rules.
s3:PutLifecycleConfigurations3:GetLifecycleConfiguration
MinIO also requires the following administrative permissions on the cluster in which you are creating remote tiers for object transition lifecycle management rules:
admin:SetTieradmin:ListTier
For example, the following policy provides permission for configuring object transition lifecycle management rules on any bucket in the cluster:.
/extra/examples/LifecycleManagementAdmin.json
Transition Permissions
Object transition lifecycle management rules require additional permissions on the remote storage tier. Specifically, MinIO requires the remote tier credentials provide read, write, list, and delete permissions.
For example, if the remote storage tier implements AWS IAM policy-based access control, the following policy provides the necessary permission for transitioning objects into and out of the remote tier:
/extra/examples/LifecycleManagementUser.json
Modify the Resource for the bucket into which MinIO
tiers objects.
Defer to the documentation for the supported tiering targets for more complete information on configuring users and permissions to support MinIO tiering:
Amazon S3 Permissions <service-authorization/latest/reference/list_amazons3.html#amazons3-actions-as-permissions>- Google Cloud Storage Access Control
- Authorizing access to data in Azure storage
Syntax
EXAMPLE
The following example updates the credentials for an existing remote
tier called S3TIER on the myminio
deployment.
mc ilm tier update myminio S3TIER --access-key ACCESS_KEY --secret-key SECRET_KEY After running this command, lifecycle management rules on the
myminio deployment use the tier's new credentials to
transition objects into the remote location. Options not modified in the
command maintain their existing configurations.
SYNTAX
The command has the following syntax:
mc ilm tier update TARGET \
TIER_NAME \
[--account-key value] \
[--access-key value] \
[--az-sp-tenant-id value] \
[--az-sp-client-id value] \
[--az-sp-client-secret value] \
[--secret-key value] \
[--use-aws-role] \
[--credentials-file value] Parameters
The command accepts the following arguments:
TARGET
The alias <mc alias> of a configured MinIO
deployment.
TIER_NAME
The name of the remote tier the command modifies. The value
corresponds to the mc ilm tier add TIER_NAME specified when creating
the remote tier.
--access-key
--secret-key
The secret key for a user on the remote s3 or
minio tier.
This option only applies to remote storage tiers with ~mc ilm tier add TIER_TYPE
is s3 or minio. This option has no effect for
any other TIER_TYPE.
--use-aws-role
Use the access permission for the locally configured AWS Role <id_roles.html>.
This option only applies if ~mc ilm tier add TIER_TYPE is s3 or
minio. This option has no effect for any other value of
TIER_TYPE.
--account-key
--az-sp-tenant-id
mc RELEASE.2024-07-03T20-17-25Z
Directory ID for the Azure service principal account.
This option only applies to remote storage tiers with ~mc ilm tier add TIER_TYPE
is azure. This option has no effect for any other type of
login.
--az-sp-client-id
mc RELEASE.2024-07-03T20-17-25Z
Client ID of the Azure service principal account.
Requires ~mc ilm tier update --az-sp-client-secret.
This option only applies to remote storage tiers with ~mc ilm tier add TIER_TYPE
is azure. This option has no effect for any other type of
login.
--az-sp-client-secret
mc RELEASE.2024-07-03T20-17-25Z
The secret for the Azure service principal account.
Requires ~mc ilm tier update --az-sp-client-id.
This option only applies to remote storage tiers with ~mc ilm tier add TIER_TYPE
is azure. This option has no effect for any other type of
login.
--credentials-file
Global Flags
Examples
Rotate Credentials for an S3 Remote Tier
The following example updates the credentials for an S3 remote tier
called S3TIER on the myminio deployment.
mc ilm tier update myminio S3TIER --access-key ACCESS_KEY --secret-key SECRET_KEY - Replace
S3TIERwith the name for your Amazon Simple Storage Solution tier. - Replace
ACCESS_KEYwith the updated access key for your S3 storage. - Replace
SECRET_KEYwith the updated secret key for the access key provided.
Rotate Credentials for an Azure Blob Storage Remote Tier
The following example updates the credentials for an Azure remote
tier called AXTIER on the myminio
deployment.
mc ilm tier update myminio AZTIER --account-key ACCOUNT-KEY - Replace
AZTIERwith the name for your Azure tier. - Replace
ACCOUNT-KEYwith the updated key for your Azure storage.
Rotate Credentials for a Google Cloud Storage Remote Tier
The following example updates the credentials for a Google Cloud
Storage remote tier called GCSTIER on the
myminio deployment.
mc ilm tier update myminio GCSTIER --credentials-file /path/to/credentials.json - Replace
GCSTIERwith the name for your Google Cloud Storage tier. - Replace
/path/to/credentials.jsonwith the path of the updated credential file to use to access the remote storage.
S3 Compatibility
Required Permissions
For permissions required to modify a tier, refer to the required permissions <minio-mc-ilm-tier-permissions>
on the parent command.