Basic use of graphical interfaces
bucket
bucket creation
The graphical interface creates the bucket.
Characteristics:
-
Versioning
Turn on version control. Turning on version control allows multiple versions of the same object to be maintained under the same key. -
Object Locking
Object locking prevents objects from being deleted, requires support for retention and legal hold, and can only be enabled at bucket creation time. -
Quita
Quotas limit the amount of data in buckets. -
Retention
Retention imposes rules that prevent objects from being deleted for a period of time. In order to set a bucket retention policy, version control must be enabled.
Confirm that the creation was successful and view the bucket details.
Anonymous: Configure Access Poilcy as custom, you can define yourself those prefixes are read-only, those prefixes are read-write etc.
Events: events, set Bucket to bind those event notifications.
Lifecycle: lifecycle, configure the lifecycle of the bucket.
Selecting Expiry for the type means that it is directly deleted after expiration, and selecting Transition means that it is transferred to the target storage server after expiration, which needs to be used with Tiering.
Prefix: file name prefix.
After: represents how many days after the expiration date.
Test Upload
Test uploading a file.
Create AK
Creating Access Keys
Graphical interface to create AK and SK.
It is highly recommended to log the key created by the lock:
xuq70VZxkfwPvDG5Mfga
t3FgyXTOhfyKowWFbMvFpTPJ9rJQh0RiTLEnJ2F5
The created Key can also be downloaded locally.
Configure permissions
Delegation of authority
By default, Minio's buckets are not associated with any Acess Key, and Minio supports the standard S3 protocol, which allows you to create a bucket and an ak, and then grant the Access Key access to a particular bucket, thus realizing the binding between the Key and the bucket.
Policy
MinIO uses policy-based access control (PBAC) to define the authorized operations and resources that authenticated users are entitled to access.
Each policy describes one or more actions and conditions that summarize the permissions of a user or group of users.
MinIO PBAC is built to be compatible with AWS IAM policy syntax, structure and behavior.
Each user can only access resources and operations that are explicitly granted by the built-in roles.
By default, MinIO denies access to any other resources or operations.
That is, policies are used to manage whether users are authorized to perform operations, what resources they can access, and so on.
- Policy statements
The information in a statement is contained within a series of elements.
Version: Specify the version of the policy language to use. It is recommended that you use the latest 2012-10-17 version.
Statement: uses this primary strategy element as a container for the following elements. Multiple statements can be included in a single strategy.
Sid (optional): Includes an optional statement ID to distinguish between different statements.
Effect: Use Allow or Deny to indicate whether the policy allows or denies access.
Principal (only required in some cases): If creating a resource-based policy, you must indicate the accounts, users, roles, or federated identity users to be allowed or denied access. This element cannot be included if an IAM permission policy is to be created to attach to a user or role. The subject is implied to be this user or role.
Action: includes a list of actions that are allowed or denied by the policy.
Resource (required only in some cases): if creating an IAM permission policy, you must specify the list of resources to which the operation applies. This element is optional if creating a resource-based policy. If this element is not included, the resources to which the operation applies are those to which the policy is attached.
Condition (optional): specifies the conditions under which the policy grants permissions.
More IMA references:Policies and Permissions in IAM 。
User
User: A MinIO user consists of a unique access key (username) and a corresponding secret key (password).
Clients must authenticate existing MinlO users by specifying their valid access key (username) and corresponding secret key (password).
Groups provides a simplified method for managing shared permissions between users with common access patterns and workloads.
Users inherit access to data and resources through the groups they belong to.
MinlO uses policy-based access control (PBAC) to define the authorized operations and resources that authenticated users are entitled to access.
Each policy describes one or more actions and conditions that summarize the permissions of a user or group of users.
Each user can only access resources and operations that are explicitly granted by the built-in roles.
By default, MinlO denies access to any other resources or operations.
Create User.
Groups
Groups can have an additional IAM policy that is inherited by all users with membership in that group.
Groups supports more simplified MinIO tenant user rights management, i.e., you can manage user rights under a user group through a user group, a many-to-many relationship, a group can choose multiple members under a group, and a member of a group can belong to multiple user groups.
Create a group.
Confirm that the creation was successful.
Sets the Policy of the Groups.
Check the Policy that has been created.
Confirm that creation is complete.
Associate policies to associate user members for easier batch privilege management.
Monitoring
Metrics
Metrics metrics, MinIO supports Prometheus for metrics and alerts.
Prometheus is an open source system and service monitoring system that supports analysis and alerts based on collected metrics.
The Prometheus ecosystem includes multiple integrations that allow for extensive processing and storage of a wide range of collected metrics.
MinIO has released Prometheus-compatible clusters to get endpoint and node-level metrics.
See Indicators for more information.
For alerts, use Prometheus Alerting Rules and Alert Manager to trigger alerts based on collected metrics.
MinIO uses Prometheus-compatible data to publish the structure of the collected metrics data.
Any Prometheus-compatible capture software can capture and process MinIO metrics for analysis, visualization, and alerting.
As shown in the following figure, you can see the monitoring metrics related to basic information.
Trace
Trace, select those Trace calls, then turn on Trace, and all Traces will be logged below, such as time, name. Status, and so on.
Events
Time notifications, MinIO bucket notifications allow administrators to send notifications to supported external services about certain object or bucket events.MinIO supports bucket-level and object-level S3 events, similar to Amazon S3 event notifications.
The essence is that Minio operations are notified externally in the form of events when they are completed.
Minio supports notification of multiple events, as shown below:
Tiering
Object Lifecycle Management: Tiering is used by MinIO Object Lifecycle Management, which allows for the creation of time or date based rules for automatic conversion or expiration of objects. For object migration, MinIO automatically migrates objects to a configured remote storage tier.
For object expiration, MinIO automatically deletes the object.
That is, the object life cycle can be user-defined management , but the object expires the way to deal with , Minio provides two options , either directly delete the object , or the object is converted to a remote storage service up .
MinIO supports the creation of object transfer lifecycle management rules, MinIO can automatically move objects to remote storage "Tiering":
MinIO supports the following Tier types.
Site Replication‘
Replica Site: Site Replication. this feature allows multiple independent MinIO sites (or clusters) using the same external IDentity Provider (IDP) to be configured as replicas.
That is, copy a copy out to the target site to quickly build a cluster, as well as migrate, without the need for tedious configuration, etc.
As shown in the following figure, fill in the corresponding site information, including name, end address, Access Key, Secret Key.
You need to fill in this site, the target station, the target station can be more than one.
Client Usage
mc client installation
The MinIO Client mc command line tool provides commands such as ls, cat, cp, mirror, and diff to support file systems and Amazon s3-compatible cloud storage services.
The mc command line tool is built for compatibility with the AWS S3 API and has been tested on MinIO and AWS S3 for expected functionality and behavior.
Install mc:
[root@master01 minio]# curl /client/mc/release/linux-amd64/mc \
--create-dirs \
-o /usr/local/bin/mc
[root@master01 minio]# chmod +x /usr/local/bin/mc
[root@master01 minio]# mc --autocompletion #mcauto-complete
[root@master01 minio]# mc --help
Connect minio:
Use the mc alias set command to add Amazon s3-compatible services to the mc configuration, replacing the alias with the name to be associated with the S3 service.
The mc command usually requires alias as an argument to identify which S3 service it is to be executed against. If you omit ACCESS_KEY and SECRET_KEY, you will be prompted to enter these values in the CLI when executing the command.
[root@master01 minio]# mc alias set myminio minio minio123
Added `myminio` successfully.
[root@master01 minio]# mc admin info myminio
bucket
- Creating a bucket
[root@master01 ~]# mc mb myminio/mybucket02 #create bucket
[root@master01 ~]# mc ls myminio #List the bucket
[2024-09-06 04:14:49 CST] 0B mybucket/
[2024-09-09 07:29:20 CST] 0B mybucket02/
- Delete bucket
[root@k8s-master ~]# mc rb myminio/mybucket02 #Delete bucket without object
[root@k8s-master ~]# mc rb myminio/mybucket02 --force #Forces the deletion of the bucket, even if it contains files.
object
- upload and download
[root@master01 ~]# echo "This is my test file!" >
[root@master01 ~]# mc cp myminio/mybucket/ #Uploading test files
[root@master01 ~]# mkdir testdir #Creating a test directory
[root@master01 ~]# echo "This is my test02 file!" > testdir/
[root@master01 ~]# mc cp testdir myminio/mybucket --recursive #Uploading the test catalog,and uploaded recursively
[root@master01 ~]# mc ls myminio/mybucket #ferret outminiostockpile
[2024-09-10 09:32:04 CST] 22B STANDARD
[2024-09-10 09:32:45 CST] 0B testdir/
[root@master01 ~]# mkdir download
[root@master01 ~]# mc cp myminio/mybucket/ download/ #Download file
[root@master01 ~]# mc cp myminio/mybucket/testdir download/ --recursive #Download Catalog,and recursively download
[root@master01 ~]# ll download/ #ferret out文件
total 4.0K
-rw-r--r-- 1 root root 22 Sep 10 09:33
drwxr-xr-x 2 root root 24 Sep 10 09:34 testdir
[root@master01 ~]# ll download/testdir/
total 4.0K
-rw-r--r-- 1 root root 24 Sep 10 09:34
- removing
[root@master01 ~]# mc rm myminio/mybucket/ #delete files
[root@master01 ~]# mc rm myminio/mybucket/testdir --recursive --force #Delete directories even if they contain files
[root@master01 ~]# mc ls myminio/mybucket #View minio storage
Policy
View policy
Lists all preset policies on the MinIO.
[root@master01 ~]# mc admin policy list myminio
diagnostics
mypolicy
readonly
readwrite
writeonly
consoleAdmin
Delete policy
[root@master01 ~]# mc admin policy remove myminio listbucketsonly
Creating a policy
Create a new policy.
[root@master01 ~]# vim #Writing new strategy rules
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
[root@master01 ~]# mc admin policy create myminio listbucketsonly ./
User Management
- Create User
[root@master01 ~]# mc admin user add myminio newuser newuser123
Added user `newuser` successfully.
[root@master01 ~]# mc admin user add myminio newuser02 newuser123
Added user `newuser02` successfully.
[root@master01 ~]# mc admin user add myminio newuser03 newuser123
Added user `newuser03` successfully.
- disable users
[root@master01 ~]# mc admin user disable myminio newuser
Disabled user `newuser` successfully.
- Enabling Users
[root@master01 ~]# mc admin user enable myminio newuser
Enabled user `newuser` successfully.
- Associate a strategy to the user
[root@master01 ~]# mc admin policy attach myminio listbucketsonly --user newuser
Attached Policies: [listbucketsonly]
To User: newuser
- Creating User Groups and Associated Users
Create user groups and associate users.
[root@master01 ~]# mc admin group add myminio somegroup newuser
Added members `newuser` to group `somegroup` successfully.
[root@master01 ~]# mc admin group add myminio somegroup newuser02
Added members `newuser02` to group `somegroup` successfully.
- Associate a policy with a user group
[root@master01 ~]# mc admin policy attach myminio listbucketsonly --group somegroup
Attached Policies: [listbucketsonly]
To Group: somegroup
- List Users
List users, or list them in json format.
[root@master01 ~]# mc admin user list myminio
enabled newuser listbucketsonly
enabled newuser02
enabled newuser03
[root@master01 ~]# mc admin user list myminio --json
{
"status": "success",
"accessKey": "newuser02",
"userStatus": "enabled"
}
{
"status": "success",
"accessKey": "newuser03",
"userStatus": "enabled"
}
{
"status": "success",
"accessKey": "newuser",
"policyName": "listbucketsonly",
"userStatus": "enabled",
"memberOf": [
{
"name": "somegroup",
"policies": [
"listbucketsonly"
]
}
]
}
- Display user information
Displays user details.
[root@master01 ~]# mc admin user info myminio newuser
AccessKey: newuser
Status: enabled
PolicyName: listbucketsonly
MemberOf: [somegroup]
- Delete User
[root@master01 ~]# mc admin user remove myminio newuser03
Removed user `newuser03` successfully.
Groups Management
- Create user groups and add users
Create user groups and add users
- Removing a user from a group
[root@master01 ~]# mc admin group remove myminio somegroup newuser02
Removed members {newuser02} from group somegroup successfully.
- List user groups
[root@master01 ~]# mc admin group list myminio
mygroups
somegroup
- Disable user groups
[root@master01 ~]# mc admin group disable myminio somegroup
Disabled group `somegroup` successfully.
- Enabling User Groups
[root@master01 ~]# mc admin group enable myminio somegroup
Enabled group `somegroup` successfully.
- Display user group information
[root@master01 ~]# mc admin group info myminio somegroup
Group: somegroup
Status: enabled
Policy: listbucketsonly
Members: newuser
- Deleting User Groups
Deletion is only possible if the user group is empty, i.e. no users exist in the user group.
[root@master01 ~]# mc admin group remove myminio somegroup
mc: <ERROR> Could not perform remove operation. The specified group is not empty - cannot remove it. (Specified group is not empty - cannot remove it).
[root@master01 ~]# mc admin group info myminio somegroup #Viewing user group information
Group: somegroup
Status: enabled
Policy: listbucketsonly
Members: newuser
[root@master01 ~]# mc admin group remove myminio somegroup newuser #Delete only existing users
Removed members {newuser} from group somegroup successfully.
[root@master01 ~]# mc admin group remove myminio somegroup #Delete the user group again
Removed group somegroup successfully.
Config Management
[root@master01 ~]# mc admin config export myminio #Getting Cluster Configuration
[root@master01 ~]# mc admin config export myminio > my-serverconfig #Getting Cluster Configuration并重定向至文件
Cluster Management
Viewing Cluster Information
mc tools
Show debug debugging
[root@master01 ~]# mc admin info --debug myminio
Display in json format
Specifies the display format.
[root@master01 ~]# mc admin info myminio --json
Restart the minio service
The service command provides a way to restart and stop all MinIO servers.
[root@master01 ~]# mc admin policy --help
[root@master01 ~]# mc admin service restart myminio
Service status: ▰▰▱ [DONE]
Summary:
┌───────────────┬─────────────────────────────┐
│ Servers: │ 4 online, 0 offline, 0 hung │
│ Restart Time: │ 1.133381597s │
└───────────────┴─────────────────────────────┘
Curl tool usage
curl tool reference:Curl Client Usage 。