minio now supports storing the proxy to be used for connecting to subnet
in the `subnet proxy` config. So mc can use it if available when
communicating with subnet during cluster registration or diagnostics
upload.
The earlier approach of using a license token for communicating with
SUBNET is being replaced with a simpler mechanism of API keys. Unlike
the license which is a JWT token, these API keys will be simple UUID
tokens, and don't have any embedded information in them. SUBNET would
generate the API key on cluster registration, and return in the API
response. mc then stores it in the `subnet api_key` config of minio,
to be used for subsequent communication with SUBNET.
In case the api_key is not available in the config, but the cluster's
license is available, it will be used as auth in the subnet API call,
and api_key will be set after the call succeeds. This will help in
smooth migration from older versions of MinIO.
- reach subnet, upon failure provide `--airgap` command line
to allow them to upload report manually.
- use a proper httpClient when reaching out to subnet
with a 10sec timeout, and also support custom proxies
with self signed certs.
- also fix some error messages and cleanup help with correct
wording and grammar.
Subnet doesn't return `ContentLength` in it's api response, and hence
using it as the limit with `LimitReader` doesn't work. Fixed by using a
sufficiently large (1 MiB) limit.
By default, it will run in `online` mode and try to register the cluster
on subnet. If the subnet license is not available in minio/mc config, it
will
- ask the user for login credentials
- use the credentials for authentication and call the registration api
- get the license from response of the api and store it in config
- use the stored license for any subsequent calls
In case the user belongs to multiple organizations in subnet, they will
be prompted to choose the appropriate organization from the list.
If the client machine is in an airgapped environment, user can choose to
use the `--offline` flag when running the command. In this case, it will
- generate and print the registration token
- ask the user to paste it in the subnet registration screen
- accept the license generated by subnet and store it in config
As part of this work, the `health` sub-command is also enhanced to:
- run in `online` mode by default, which tries to upload the health
report to subnet. Here the user will be prompted for subnet credentials
(if license not available in config) _before_ generating the health
report as it is a long running process.
- support a new flag `--offline` which can be used when subnet is not
reachable. When used, the health report will be generated in a local
json.gz file, which can then be uploaded on subnet.
The examples in help text of both the sub-commands are enhanced to list
multiple use cases.
When saving license to config, first preference is given to minio
config. If the minio server supports the `subnet license` key, the
license will be stored here. In case it is an older version of minio
that doesn't support this key, then the license will be stored in mc
host config.
