6482571bf2
- Adds landing pages for all two-word `mc` commands - Nests three+ word commands under appropriate two-word commands - Updates MinIO Client doc - Uses description from each command to populate list of subcommand descriptions - Modifies toctree for MinIO Client doc and each command/subcommand to improve left nav experienc Closes #710
8.4 KiB
Transition Objects from MinIO to S3
minio
Table of Contents
The procedure on this page creates a new object lifecycle management rule that transition objects from a MinIO bucket to a remote storage tier on the Amazon Web Services S3 storage backend or an S3-compatible service. This procedure supports use cases such as tiering objects to low-cost or archival storage after a certain time period or calendar date.
Requirements
Install and Configure
mc
This procedure uses mc for performing operations on the MinIO cluster.
Install mc on a machine
with network access to both source and destination clusters. See the
mc Installation Quickstart <mc-install> for
instructions on downloading and installing mc.
Use the mc alias set
command to create an alias for the source MinIO cluster. Alias creation
requires specifying an access key for a user on the source and
destination clusters. The specified users must have permissions
<minio-lifecycle-management-transition-to-s3-permissions>
for configuring and applying transition operations.
Required MinIO Permissions
MinIO requires the following permissions scoped to the bucket or buckets for which you are creating lifecycle management rules.
s3:PutLifecycleConfigurations3:GetLifecycleConfiguration
MinIO also requires the following administrative permissions on the cluster in which you are creating remote tiers for object transition lifecycle management rules:
admin:SetTieradmin:ListTier
For example, the following policy provides permission for configuring object transition lifecycle management rules on any bucket in the cluster:.
/extra/examples/LifecycleManagementAdmin.json
Required S3 Permissions
Object transition lifecycle management rules require additional permissions on the remote storage tier. Specifically, MinIO requires the remote tier credentials provide read, write, list, and delete permissions for the remote bucket.
For example, the following policy provides the necessary permission for transitioning objects into and out of the remote tier:
/extra/examples/LifecycleManagementUser.json
Modify the Resource for the bucket into which MinIO
tiers objects.
Refer to the Amazon S3 Permissions
<service-authorization/latest/reference/list_amazons3.html#amazons3-actions-as-permissions>
documentation for more complete guidance on configuring the required
permissions.
Remote Bucket Must Exist
Create the remote S3 bucket prior to configuring lifecycle management tiers or rules using that bucket as the target.
Considerations
Lifecycle Management Object Scanner
MinIO uses a scanner process to check objects against all configured
lifecycle management rules. Slow scanning due to high IO workloads or
limited system resources may delay application of lifecycle management
rules. See minio-lifecycle-management-scanner for more
information.
Exclusive Access to Remote Data
Availability of Remote Data
Procedure
1) Configure User Accounts and Policies for Lifecycle Management
2) Configure the Remote Storage Tier
Use the mc ilm tier add command to add an Amazon S3 service as
the new remote storage tier:
mc ilm tier add s3 TARGET TIER_NAME \
--endpoint https://HOSTNAME \
--access-key ACCESS_KEY \
--secret-key SECRET_KEY \
--bucket BUCKET \
--prefix PREFIX \
--storage-class STORAGE_CLASS \
--region REGION The example above uses the following arguments:
| Argument | Description |
|---|---|
TARGET <mc ilm tier add TARGET> |
The alias <mc alias> of the MinIO deployment on which
to configure the S3 remote tier. |
TIER_NAME <mc ilm tier add TIER_NAME> |
The name to associate with the new S3 remote storage tier. Specify
the name in all-caps, e.g. S3_TIER. This value is required
in the next step. |
HOSTNAME <mc ilm tier add --endpoint> |
The URL endpoint for the S3 storage backend. |
ACCESS_KEY <mc ilm tier add --access-key> |
The S3 access key MinIO uses to access the bucket. The access key
must correspond to an IAM user with the required permissions
<minio-lifecycle-management-transition-to-s3-permissions-remote>. |
SECRET_KEY <mc ilm tier add --secret-key> |
The corresponding secret key for the specified
ACCESS_KEY. |
BUCKET <mc ilm tier add --bucket> |
The name of the bucket on the S3 storage backend to which MinIO transitions objects. |
|
The optional bucket prefix within which MinIO transitions objects. MinIO stores all transitioned objects in the specified
MinIO recommends specifying this optional prefix for remote storage tiers which contain other data, including transitioned objects from other MinIO deployments. This prefix should provide a clear reference back to the source MinIO deployment to faciliate ease of operations related to diagnostics, maintenance, or disaster recovery. |
|
The S3 storage class to which MinIO transitions objects. MinIO tiering behavior depends on the remote storage returning objects immediately (milliseconds to seconds) upon request. MinIO therefore cannot support remote storage which requires rehydration, wait periods, or manual intervention. The following S3 storage classes meet MinIO's requirements as a remote tier:
Omit this value to use the default storage class for the bucket. Specifying this value overrides the bucket storage class. For more information, see |
REGION <mc ilm tier add --region> |
The AWS S3 region of the specified BUCKET. You can
safely omit this option if the HOSTNAME includes the
region. |
3) Create and Apply the Transition Rule
4) Verify the Transition Rule
Use the mc ilm rule ls command to review the configured
transition rules:
mc ilm rule ls ALIAS/PATH --transition- Replace
ALIAS <mc ilm rule ls ALIAS>with thealias <mc alias>of the MinIO deployment. - Replace
PATH <mc ilm rule ls ALIAS>with the name of the bucket for which to retrieve the configured lifecycle management rules.