minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-05-28 00:41:14 +03:00
Code
docs/source/includes/common-mc-admin-config.rst
Ravind Kumar ac72345962
DOCS-898: Synchronous Bucket Notifications, config API secret redaction (#960) 
Closes #898 

- Adds a short section on synchronous vs asynchronous bucket
notifications
- Adds a note on specific configs which now return redacted data on `mc
admin config get`
- Found a few new webhook lambda envvars to add
2023-08-21 11:19:20 -04:00

37 KiB
Raw Blame History

Specify on to enable publishing bucket notifications to an AMQP endpoint.

Defaults to off.

Specify the AMQP server endpoint to which MinIO publishes bucket events. For example, amqp://myuser:mypassword@localhost:5672.

Specify the name of the AMQP exchange to use.

Specify the type of the AMQP exchange.

Specify the routing key for publishing events.

Specify off to ignore undelivered messages errors. Defaults to on.

Specify on to persist the message queue across broker restarts. Defaults to 'off'.

Specify on to enable non-blocking message delivery. Defaults to 'off'.

Specify on to use the exchange only if it is bound to other exchanges. See the RabbitMQ documentation on Exchange to Exchange Bindings for more information on AMQP exchange binding.

Specify on to automatically delete the message queue if there are no consumers. Defaults to off.

Specify 1 for set the delivery mode to non-persistent queue.

Specify 2 to set the delivery mode to persistent queue.

Specify the directory path to enable MinIO's persistent event store for undelivered messages, such as /opt/minio/events.

MinIO stores undelivered events in the specified store while the AMQP service is offline and replays the stored events when connectivity resumes.

Specify the maximum limit for undelivered messages. Defaults to 100000.

Specify a comment for the AMQP configuration.

Specify on to enable publishing bucket notifications to an MQTT endpoint.

Defaults to off.

Specify the MQTT server/broker endpoint. MinIO supports TCP, TLS, or Websocket connections to the server/broker URL. For example:

  • tcp://mqtt.example.net:1883
  • tls://mqtt.example.net:1883
  • ws://mqtt.example.net:1883

Specify the name of the MQTT topic to associate with events published by MinIO to the MQTT endpoint.

Specify the MQTT username with which MinIO authenticates to the MQTT server/broker.

Specify the password for the MQTT username with which MinIO authenticates to the MQTT server/broker.

RELEASE.2023-06-23T20-26-00Z

MinIO redacts this value when returned as part of mc admin config get.

Specify the Quality of Service priority for the published events.

Defaults to 0.

Specify the keep-alive interval for the MQTT connections. MinIO supports the following units of time measurement:

  • s - seconds, "60s"
  • m - minutes, "60m"
  • h - hours, "24h"
  • d - days, "7d"

Specify the reconnect interval for the MQTT connections. MinIO supports the following units of time measurement:

  • s - seconds, "60s"
  • m - minutes, "60m"
  • h - hours, "24h"
  • d - days, "7d"

Specify the directory path to enable MinIO's persistent event store for undelivered messages, such as /opt/minio/events.

MinIO stores undelivered events in the specified store while the MQTT server/broker is offline and replays the stored events when connectivity resumes.

Specify the maximum limit for undelivered messages. Defaults to 100000.

Specify a comment to associate with the MQTT configuration.

Specify on to enable publishing bucket notifications to an Elasticsearch service endpoint.

Defaults to off.

Specify the Elasticsearch service endpoint to which MinIO publishes bucket events. For example, https://elasticsearch.example.com:9200.

MinIO supports passing authentication information using as URL parameters using the format PROTOCOL://USERNAME:PASSWORD@HOSTNAME:PORT.

Specify the name of the Elasticsearch index in which to store or update MinIO bucket events. Elasticsearch automatically creates the index if it does not exist.

Specify the format of event data written to the Elasticsearch index. MinIO supports the following values:

namespace

For each bucket event, the MinIO creates a JSON document with the bucket and object name from the event as the document ID and the actual event as part of the document body. Additional updates to that object modify the existing index entry for that object. Similarly, deleting the object also deletes the corresponding index entry.

access

For each bucket event, MinIO creates a JSON document with the event details and appends it to the index with an Elasticsearch-generated random ID. Additional updates to an object result in new index entries, and existing entries remain unmodified.

The username for connecting to an Elasticsearch service endpoint which enforces authentication.

The password for connecting to an Elasticsearch service endpoint which enforces authentication.

RELEASE.2023-06-23T20-26-00Z

MinIO redacts this value when returned as part of mc admin config get.

Specify the maximum limit for undelivered messages. Defaults to 100000.

Specify the directory path to enable MinIO's persistent event store for undelivered messages, such as /opt/minio/events.

MinIO stores undelivered events in the specified store while the Elasticsearch service is offline and replays the stored events when connectivity resumes.

Specify a comment to associate with the Elasticsearch configuration.

Specify on to enable publishing bucket notifications to an NSQ endpoint.

Specify the NSQ server address. For example:

https://nsq-endpoing.example.net:4150

Specify the name of the NSQ topic MinIO uses when publishing events to the broker.

Specify on to enable TLS connectivity to the NSQ service broker.

Enables or disables TLS verification of the NSQ service broker TLS certificates.

  • Specify on to disable TLS verification (Default).
  • Specify off to enable TLS verification.

Specify the directory path to enable MinIO's persistent event store for undelivered messages, such as /opt/minio/events.

MinIO stores undelivered events in the specified store while the NSQ server/broker is offline and replays the stored events when connectivity resumes.

Specify the maximum limit for undelivered messages. Defaults to 100000.

Specify a comment to associate with the NSQ configuration.

Specify on to enable publishing bucket notifications to a Redis service endpoint.

Defaults to off.

Specify the Redis service endpoint to which MinIO publishes bucket events. For example, https://redis.example.com:6369.

Specify the Redis key to use for storing and updating events. Redis auto-creates the key if it does not exist.

Specify the format of event data written to the Redis service endpoint. MinIO supports the following values:

namespace

For each bucket event, the MinIO creates a JSON document with the bucket and object name from the event as the document ID and the actual event as part of the document body. Additional updates to that object modify the existing index entry for that object. Similarly, deleting the object also deletes the corresponding index entry.

access

For each bucket event, MinIO creates a JSON document with the event details and appends it to the key with a Redis-generated random ID. Additional updates to an object result in new index entries, and existing entries remain unmodified.

Specify the password for the Redis server.

RELEASE.2023-06-23T20-26-00Z

MinIO redacts this value when returned as part of mc admin config get.

Specify the directory path to enable MinIO's persistent event store for undelivered messages, such as /opt/minio/events.

MinIO stores undelivered events in the specified store while the Redis server/broker is offline and replays the stored events when connectivity resumes.

Specify the maximum limit for undelivered messages. Defaults to 100000.

Specify a comment to associate with the Redis configuration.

Specify on to enable publishing bucket notifications to an NATS service endpoint.

Defaults to off.

Specify the NATS service endpoint to which MinIO publishes bucket events. For example, https://nats-endpoint.example.com:4222.

Specify the subscription to which MinIO associates events published to the NATS endpoint.

Specify the username for connecting to the NATS service endpoint.

Specify the passport for connecting to the NATS service endpoint.

RELEASE.2023-06-23T20-26-00Z

MinIO redacts this value when returned as part of mc admin config get.

Specify the token for connecting to the NATS service endpoint.

RELEASE.2023-06-23T20-26-00Z

MinIO redacts this value when returned as part of mc admin config get.

Specify on to enable TLS connectivity to the NATS service endpoint.

Enables or disables TLS verification of the NATS service endpoint TLS certificates.

  • Specify on to disable TLS verification (Default).
  • Specify off to enable TLS verification.

Specify the duration interval for client pings to the NATS server. MinIO supports the following time units:

  • s - seconds, "60s"
  • m - minutes, "5m"
  • h - hours, "1h"
  • d - days, "1d"

Specify on to enable JetStream support for streaming events to a NATS JetStream service endpoint.

Specify on to enable asynchronous publishing of events to the NATS service endpoint.

Specify on to enable asynchronous publishing of events to the NATS service endpoint.

Specify the number of messages to publish without waiting for an ACK response from the NATS service endpoint.

Specify the unique ID for the NATS streaming cluster.

Specify the path to the Certificate Authority chain used to sign the NATS service endpoint TLS certificates.

Specify the path to the client certificate to use for performing mTLS authentication to the NATS service endpoint.

Specify the path to the client private key to use for performing mTLS authentication to the NATS service endpoint.

Specify the directory path to enable MinIO's persistent event store for undelivered messages, such as /opt/minio/events.

MinIO stores undelivered events in the specified store while the NATS server/broker is offline and replays the stored events when connectivity resumes.

Specify the maximum limit for undelivered messages. Defaults to 100000.

Specify a comment to associate with the NATS configuration.

Specify on to enable publishing bucket notifications to a PostgreSQL service endpoint.

Defaults to off.

Specify the URI connection string of the PostgreSQL service endpoint. MinIO supports key=value format for the PostgreSQL connection string. For example:

"host=https://postgresql.example.com port=5432 ..."

For more complete documentation on supported PostgreSQL connection string parameters, see the PostgreSQL COnnection Strings documentation .

Specify the name of the PostgreSQL table to which MinIO publishes event notifications.

Specify the format of event data written to the PostgreSQL service endpoint. MinIO supports the following values:

namespace

For each bucket event, the MinIO creates a JSON document with the bucket and object name from the event as the document ID and the actual event as part of the document body. Additional updates to that object modify the existing table entry for that object. Similarly, deleting the object also deletes the corresponding table entry.

access

For each bucket event, MinIO creates a JSON document with the event details and appends it to the table with a PostgreSQL-generated random ID. Additional updates to an object result in new index entries, and existing entries remain unmodified.

Specify the maximum number of open connections to the PostgreSQL database.

Defaults to 2.

Specify the directory path to enable MinIO's persistent event store for undelivered messages, such as /opt/minio/events.

MinIO stores undelivered events in the specified store while the PostgreSQL server/broker is offline and replays the stored events when connectivity resumes.

Specify the maximum limit for undelivered messages. Defaults to 100000.

Specify a comment to associate with the PostgreSQL configuration.

Specify on to enable publishing bucket notifications to a MySQL service endpoint.

Defaults to off.

Specify the data source name (DSN) of the MySQL service endpoint. MinIO expects the following format:

<user>:<password>@tcp(<host>:<port>)/<database>

For example:

"username:password@tcp(mysql.example.com:3306)/miniodb"

Specify the data source name (DSN) connection string for the MySQL service endpoint. MinIO expects the following format:

<user>:<password>@tcp(<host>:<port>)/<database>

For example:

"username:password@tcp(mysql.example.com:3306)/miniodb"

Specify the name of the MySQL table to which MinIO publishes event notifications.

Specify the format of event data written to the MySQL service endpoint. MinIO supports the following values:

namespace

For each bucket event, the MinIO creates a JSON document with the bucket and object name from the event as the document ID and the actual event as part of the document body. Additional updates to that object modify the existing table entry for that object. Similarly, deleting the object also deletes the corresponding table entry.

access

For each bucket event, MinIO creates a JSON document with the event details and appends it to the table with a MySQL-generated random ID. Additional updates to an object result in new index entries, and existing entries remain unmodified.

Specify the maximum number of open connections to the MySQL database.

Defaults to 2.

Specify the directory path to enable MinIO's persistent event store for undelivered messages, such as /opt/minio/events.

MinIO stores undelivered events in the specified store while the MySQL server/broker is offline and replays the stored events when connectivity resumes.

Specify the maximum limit for undelivered messages. Defaults to 100000.

Specify a comment to associate with the MySQL configuration.

Specify on to enable publishing bucket notifications to a Kafka service endpoint.

Defaults to off.

Specify a comma-separated list of Kafka broker addresses. For example:

"kafka1.example.com:2021,kafka2.example.com:2021"

Specify the name of the Kafka topic to which MinIO publishes bucket events.

Specify the username for performing SASL/PLAIN or SASL/SCRAM authentication to the Kafka broker(s).

Specify the password for performing SASL/PLAIN or SASL/SCRAM authentication to the Kafka broker(s).

RELEASE.2023-06-23T20-26-00Z

MinIO redacts this value when returned as part of mc admin config get.

Specify the SASL mechanism to use for authenticating to the Kafka broker(s). MinIO supports the following mechanisms:

  • PLAIN (Default)
  • SHA256
  • SHA512

Specify the client authentication type of the Kafka broker(s). The following table lists the supported values and their mappings

Value Authentication Type
0 NoClientCert
1 RequestClientCert
2 RequireAnyClientCert
3 VerifyClientCertIfGiven
4 RequireAndVerifyClientCert

See ClientAuthType for more information on each client auth type. .. end-minio-notify-kafka-tls-client-auth

Specify on to enable SASL authentication.

Specify on to enable TLS connectivity to the Kafka broker(s)

Enables or disables TLS verification of the NATS service endpoint TLS certificates.

  • Specify on to disable TLS verification (Default).
  • Specify off to enable TLS verification.

Specify the path to the client certificate to use for performing mTLS authentication to the Kafka broker(s).

Specify the path to the client private key to use for performing mTLS authentication to the Kafka broker(s).

Specify the version of the Kafka cluster to assume when performing operations against that cluster. See the sarama reference documentation for more information on this field's behavior.

Specify the directory path to enable MinIO's persistent event store for undelivered messages, such as /opt/minio/events.

MinIO stores undelivered events in the specified store while the Kafka server/broker is offline and replays the stored events when connectivity resumes.

Specify the maximum limit for undelivered messages. Defaults to 100000.

Specify a comment to associate with the Kafka configuration.

Specify on to enable publishing bucket notifications to a Webhook service endpoint.

Defaults to off.

Specify the URL for the webhook service.

Specify the opaque string or JWT authorization token to use for authenticating to the webhook service.

RELEASE.2023-06-23T20-26-00Z

MinIO redacts this value when returned as part of mc admin config get.

Specify the path to the client certificate to use for performing mTLS authentication to the webhook service.

Specify the path to the client private key to use for performing mTLS authentication to the webhook service.

Specify the directory path to enable MinIO's persistent event store for undelivered messages, such as /opt/minio/events.

MinIO stores undelivered events in the specified store while the webhook service is offline and replays the stored events when connectivity resumes.

Specify the maximum limit for undelivered messages. Defaults to 100000.

Specify a comment to associate with the Webhook configuration.

MinIO Server RELEASE.2023-05-04T21-44-30Z

Specify on to enable and off to disable the root <minio-users-root> user account. Disabling the root service account also disables all service accounts associated with root, excluding those used by site replication. Defaults to on.

Ensure you have at least one other admin user, such as one with the consoleAdmin policy, before disabling the root account. If you do not have another admin user, disabling the root account locks administrative access to the deployment.

A comma-separated list of Kafka broker addresses:

brokers="https://kafka-1.example.net:9092,https://kafka-2.example.net:9092"

At least one broker must be online and reachable by the MinIO server to initialize and send audit log events. MinIO checks each specified broker in order of specification.

The name of the Kafka topic to associate to MinIO audit log events.

Set to "on" to enable TLS connectivity to the specified Kafka brokers.

Defaults to "off".

Set to "on" to direct MinIO to skip verification of the Kafka broker TLS certificates.

You can use this option for enabling connectivity to Kafka brokers using TLS certificates signed by unknown parties, such as self-signed or corporate-internal Certificate Authorities (CA).

MinIO by default uses the system trust store and the contents of the MinIO CA directory <minio-tls> for verifying remote client TLS certificates.

Defaults to "off" for strict verification of TLS certificates.

Set to "on" to direct MinIO to use mTLS to authenticate against the Kafka brokers.

The path to the TLS client certificate to use for mTLS authentication.

The path to the TLS client private key to use for mTLS authentication.

Set to "on" to direct MinIO to use SASL to authenticate against the Kafka brokers.

The SASL username MinIO uses for authentication against the Kafka brokers.

The SASL password MinIO uses for authentication against the Kafka brokers.

The SASL mechanism MinIO uses for authentication against the Kafka brokers.

Defaults to plain.

The version of the Kafka broker MinIO expects at the specified endpoints.

MinIO returns an error if the Kakfa broker verison does not match those specified to this setting.

A comment to associate with the configuration.

Specify the directory path to enable MinIO's persistent event store for undelivered messages, such as /opt/minio/events.

MinIO stores undelivered events in the specified store while the Kafka service is offline and replays the stored events when connectivity resumes.

Specify the maximum limit for undelivered messages. Defaults to 100000.

Set to on to encrypt objects after compressing them. Defaults to off.

Encrypting compressed objects may compromise security

MinIO strongly recommends against encrypting compressed objects. If you require encryption, carefully evaluate the risk of potentially leaking information about the contents of encrypted objects.

Specify a comment to associate with the data compression configuration.

Set to on to enable data compression for new objects. Defaults to off.

Enabling or disabling data compression does not change existing objects.

Comma-separated list of the file extensions to compress. Setting a new list of file extensions replaces the previously configured list. Defaults to ".txt, .log, .csv, .json, .tar, .xml, .bin".

Default excluded files

Some types of files cannot be significantly reduced in size. MinIO will not compress these, even if specified in an ~compression.extensions argument. See Excluded types <minio-data-compression-excluded-types> for details.

Comma-separated list of the MIME types to compress. Setting a new list of types replaces the previously configured list. Defaults to "text/*, application/json, application/xml, binary/octet-stream".

Default excluded files

Some types of files cannot be significantly reduced in size. MinIO will not compress these, even if specified in an ~compression.mime_types argument. See Excluded types <minio-data-compression-excluded-types> for details.

Object Type File Extension Media (MIME) Type
Audio audio/*
Video
*.mp4
*.mkv
*.mov
 video/*
Image
*.jpg
*.png
*.gif
 application/x-compress (LZW)
7ZIP Compressed *.7z
BZIP2 Compressed *.bz2 application/x-bz2
GZIP Compressed *.gz application/x-gzip
RAR Compressed *.rar
LZMA Compressed *.xz application/x-xz
ZIP Compressed *.zip
application/zip
application-x-zip-compressed
File Extensions Media (MIME) Types

.txt

.log

.csv

.json

.tar

.xml

.bin

text/*

application/json

application/xml

binary/octet-stream

Enables synchronous bucket notifications <minio-bucket-notifications>.

Specify on to direct MinIO to wait until the remote target returns success on receipt of an event before processing further events.

Defaults to off, or asynchronous bucket notifications where MinIO does not wait for the remote target to return success on receipt of an event.