Location>code7788 >text

Basic use

Popularity:888 ℃/2024-09-19 11:51:28

Basic use of graphical interfaces

bucket

bucket creation

The graphical interface creates the bucket.

022

023

Characteristics:

  • Versioning
    Turn on version control. Turning on version control allows multiple versions of the same object to be maintained under the same key.

  • Object Locking
    Object locking prevents objects from being deleted, requires support for retention and legal hold, and can only be enabled at bucket creation time.

  • Quita
    Quotas limit the amount of data in buckets.

  • Retention
    Retention imposes rules that prevent objects from being deleted for a period of time. In order to set a bucket retention policy, version control must be enabled.

Confirm that the creation was successful and view the bucket details.

024

035

Anonymous: Configure Access Poilcy as custom, you can define yourself those prefixes are read-only, those prefixes are read-write etc.

036

Events: events, set Bucket to bind those event notifications.

037

Lifecycle: lifecycle, configure the lifecycle of the bucket.
Selecting Expiry for the type means that it is directly deleted after expiration, and selecting Transition means that it is transferred to the target storage server after expiration, which needs to be used with Tiering.

Prefix: file name prefix.
After: represents how many days after the expiration date.

038

039

Test Upload

Test uploading a file.

033

034

Create AK

Creating Access Keys

Graphical interface to create AK and SK.

025

It is highly recommended to log the key created by the lock:

xuq70VZxkfwPvDG5Mfga
t3FgyXTOhfyKowWFbMvFpTPJ9rJQh0RiTLEnJ2F5

026

027

The created Key can also be downloaded locally.

028

Configure permissions

Delegation of authority

By default, Minio's buckets are not associated with any Acess Key, and Minio supports the standard S3 protocol, which allows you to create a bucket and an ak, and then grant the Access Key access to a particular bucket, thus realizing the binding between the Key and the bucket.

Policy

MinIO uses policy-based access control (PBAC) to define the authorized operations and resources that authenticated users are entitled to access.
Each policy describes one or more actions and conditions that summarize the permissions of a user or group of users.
MinIO PBAC is built to be compatible with AWS IAM policy syntax, structure and behavior.
Each user can only access resources and operations that are explicitly granted by the built-in roles.
By default, MinIO denies access to any other resources or operations.

That is, policies are used to manage whether users are authorized to perform operations, what resources they can access, and so on.

  • Policy statements
    The information in a statement is contained within a series of elements.
    Version: Specify the version of the policy language to use. It is recommended that you use the latest 2012-10-17 version.
    Statement: uses this primary strategy element as a container for the following elements. Multiple statements can be included in a single strategy.
    Sid (optional): Includes an optional statement ID to distinguish between different statements.
    Effect: Use Allow or Deny to indicate whether the policy allows or denies access.
    Principal (only required in some cases): If creating a resource-based policy, you must indicate the accounts, users, roles, or federated identity users to be allowed or denied access. This element cannot be included if an IAM permission policy is to be created to attach to a user or role. The subject is implied to be this user or role.
    Action: includes a list of actions that are allowed or denied by the policy.
    Resource (required only in some cases): if creating an IAM permission policy, you must specify the list of resources to which the operation applies. This element is optional if creating a resource-based policy. If this element is not included, the resources to which the operation applies are those to which the policy is attached.
    Condition (optional): specifies the conditions under which the policy grants permissions.

More IMA references:Policies and Permissions in IAM

User

User: A MinIO user consists of a unique access key (username) and a corresponding secret key (password).

Clients must authenticate existing MinlO users by specifying their valid access key (username) and corresponding secret key (password).
Groups provides a simplified method for managing shared permissions between users with common access patterns and workloads.
Users inherit access to data and resources through the groups they belong to.

MinlO uses policy-based access control (PBAC) to define the authorized operations and resources that authenticated users are entitled to access.
Each policy describes one or more actions and conditions that summarize the permissions of a user or group of users.
Each user can only access resources and operations that are explicitly granted by the built-in roles.

By default, MinlO denies access to any other resources or operations.

Create User.

040

Groups

Groups can have an additional IAM policy that is inherited by all users with membership in that group.
Groups supports more simplified MinIO tenant user rights management, i.e., you can manage user rights under a user group through a user group, a many-to-many relationship, a group can choose multiple members under a group, and a member of a group can belong to multiple user groups.

Create a group.
041

042
Confirm that the creation was successful.
043

Sets the Policy of the Groups.

044

Check the Policy that has been created.

045

Confirm that creation is complete.
046

Associate policies to associate user members for easier batch privilege management.

Monitoring

Metrics

Metrics metrics, MinIO supports Prometheus for metrics and alerts.
Prometheus is an open source system and service monitoring system that supports analysis and alerts based on collected metrics.
The Prometheus ecosystem includes multiple integrations that allow for extensive processing and storage of a wide range of collected metrics.

MinIO has released Prometheus-compatible clusters to get endpoint and node-level metrics.
See Indicators for more information.
For alerts, use Prometheus Alerting Rules and Alert Manager to trigger alerts based on collected metrics.

MinIO uses Prometheus-compatible data to publish the structure of the collected metrics data.
Any Prometheus-compatible capture software can capture and process MinIO metrics for analysis, visualization, and alerting.

As shown in the following figure, you can see the monitoring metrics related to basic information.

047

Trace

Trace, select those Trace calls, then turn on Trace, and all Traces will be logged below, such as time, name. Status, and so on.
048

Events

Time notifications, MinIO bucket notifications allow administrators to send notifications to supported external services about certain object or bucket events.MinIO supports bucket-level and object-level S3 events, similar to Amazon S3 event notifications.

The essence is that Minio operations are notified externally in the form of events when they are completed.

049

Minio supports notification of multiple events, as shown below:

050

Tiering

Object Lifecycle Management: Tiering is used by MinIO Object Lifecycle Management, which allows for the creation of time or date based rules for automatic conversion or expiration of objects. For object migration, MinIO automatically migrates objects to a configured remote storage tier.

For object expiration, MinIO automatically deletes the object.
That is, the object life cycle can be user-defined management , but the object expires the way to deal with , Minio provides two options , either directly delete the object , or the object is converted to a remote storage service up .

051

MinIO supports the creation of object transfer lifecycle management rules, MinIO can automatically move objects to remote storage "Tiering":
MinIO supports the following Tier types.

052

Site Replication‘

Replica Site: Site Replication. this feature allows multiple independent MinIO sites (or clusters) using the same external IDentity Provider (IDP) to be configured as replicas.

That is, copy a copy out to the target site to quickly build a cluster, as well as migrate, without the need for tedious configuration, etc.

053

As shown in the following figure, fill in the corresponding site information, including name, end address, Access Key, Secret Key.
You need to fill in this site, the target station, the target station can be more than one.

054

Client Usage

mc client installation

The MinIO Client mc command line tool provides commands such as ls, cat, cp, mirror, and diff to support file systems and Amazon s3-compatible cloud storage services.

The mc command line tool is built for compatibility with the AWS S3 API and has been tested on MinIO and AWS S3 for expected functionality and behavior.

Install mc:

[root@master01 minio]# curl /client/mc/release/linux-amd64/mc \
  --create-dirs \
  -o /usr/local/bin/mc

[root@master01 minio]# chmod +x /usr/local/bin/mc
[root@master01 minio]# mc --autocompletion #mcauto-complete

[root@master01 minio]# mc --help

Connect minio:
Use the mc alias set command to add Amazon s3-compatible services to the mc configuration, replacing the alias with the name to be associated with the S3 service.
The mc command usually requires alias as an argument to identify which S3 service it is to be executed against. If you omit ACCESS_KEY and SECRET_KEY, you will be prompted to enter these values in the CLI when executing the command.

[root@master01 minio]# mc alias set myminio  minio minio123
Added `myminio` successfully.
[root@master01 minio]# mc admin info myminio

055

bucket

  • Creating a bucket
[root@master01 ~]# mc mb myminio/mybucket02 #create bucket

[root@master01 ~]# mc ls myminio #List the bucket
[2024-09-06 04:14:49 CST] 0B mybucket/
[2024-09-09 07:29:20 CST] 0B mybucket02/
  • Delete bucket
[root@k8s-master ~]# mc rb myminio/mybucket02 #Delete bucket without object

[root@k8s-master ~]# mc rb myminio/mybucket02 --force #Forces the deletion of the bucket, even if it contains files.

object

  • upload and download
[root@master01 ~]# echo "This is my test file!" >
[root@master01 ~]# mc cp myminio/mybucket/ #Uploading test files

[root@master01 ~]# mkdir testdir #Creating a test directory

[root@master01 ~]# echo "This is my test02 file!" > testdir/
[root@master01 ~]# mc cp testdir myminio/mybucket --recursive #Uploading the test catalog,and uploaded recursively

[root@master01 ~]# mc ls myminio/mybucket #ferret outminiostockpile
[2024-09-10 09:32:04 CST] 22B STANDARD
[2024-09-10 09:32:45 CST] 0B testdir/

[root@master01 ~]# mkdir download
[root@master01 ~]# mc cp myminio/mybucket/ download/ #Download file
[root@master01 ~]# mc cp myminio/mybucket/testdir download/ --recursive #Download Catalog,and recursively download

[root@master01 ~]# ll download/ #ferret out文件
total 4.0K
-rw-r--r-- 1 root root 22 Sep 10 09:33
drwxr-xr-x 2 root root 24 Sep 10 09:34 testdir

[root@master01 ~]# ll download/testdir/
total 4.0K
-rw-r--r-- 1 root root 24 Sep 10 09:34
  • removing
[root@master01 ~]# mc rm myminio/mybucket/ #delete files

[root@master01 ~]# mc rm myminio/mybucket/testdir --recursive --force #Delete directories even if they contain files

[root@master01 ~]# mc ls myminio/mybucket #View minio storage

Policy

View policy

Lists all preset policies on the MinIO.

[root@master01 ~]# mc admin policy list myminio
diagnostics
mypolicy
readonly
readwrite
writeonly
consoleAdmin

Delete policy

[root@master01 ~]# mc admin policy remove myminio listbucketsonly

Creating a policy

Create a new policy.

[root@master01 ~]# vim #Writing new strategy rules
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Resource": [
        "arn:aws:s3:::*"
      ]
    }
  ]
}

[root@master01 ~]# mc admin policy create myminio listbucketsonly ./

User Management

  • Create User
[root@master01 ~]# mc admin user add myminio newuser newuser123
Added user `newuser` successfully.

[root@master01 ~]# mc admin user add myminio newuser02 newuser123
Added user `newuser02` successfully.

[root@master01 ~]# mc admin user add myminio newuser03 newuser123
Added user `newuser03` successfully.
  • disable users
[root@master01 ~]# mc admin user disable myminio newuser
Disabled user `newuser` successfully.
  • Enabling Users
[root@master01 ~]# mc admin user enable myminio newuser
Enabled user `newuser` successfully.
  • Associate a strategy to the user
[root@master01 ~]# mc admin policy attach myminio listbucketsonly --user newuser
Attached Policies: [listbucketsonly]
To User: newuser

  • Creating User Groups and Associated Users
    Create user groups and associate users.
[root@master01 ~]# mc admin group add myminio somegroup newuser
Added members `newuser` to group `somegroup` successfully.

[root@master01 ~]# mc admin group add myminio somegroup newuser02
Added members `newuser02` to group `somegroup` successfully.
  • Associate a policy with a user group
[root@master01 ~]# mc admin policy attach myminio listbucketsonly --group somegroup
Attached Policies: [listbucketsonly]
To Group: somegroup
  • List Users
    List users, or list them in json format.
[root@master01 ~]# mc admin user list myminio
enabled    newuser               listbucketsonly     
enabled    newuser02                                 
enabled    newuser03                                 

[root@master01 ~]# mc admin user list myminio --json
{
 "status": "success",
 "accessKey": "newuser02",
 "userStatus": "enabled"
}
{
 "status": "success",
 "accessKey": "newuser03",
 "userStatus": "enabled"
}
{
 "status": "success",
 "accessKey": "newuser",
 "policyName": "listbucketsonly",
 "userStatus": "enabled",
 "memberOf": [
  {
   "name": "somegroup",
   "policies": [
    "listbucketsonly"
   ]
  }
 ]
}
  • Display user information
    Displays user details.
[root@master01 ~]# mc admin user info myminio newuser
AccessKey: newuser
Status: enabled
PolicyName: listbucketsonly
MemberOf: [somegroup]
  • Delete User
[root@master01 ~]# mc admin user remove myminio newuser03
Removed user `newuser03` successfully.

Groups Management

  • Create user groups and add users

Create user groups and add users

  • Removing a user from a group
[root@master01 ~]# mc admin group remove myminio somegroup newuser02
Removed members {newuser02} from group somegroup successfully.
  • List user groups
[root@master01 ~]# mc admin group list myminio
mygroups
somegroup
  • Disable user groups
[root@master01 ~]# mc admin group disable myminio somegroup
Disabled group `somegroup` successfully.
  • Enabling User Groups
[root@master01 ~]# mc admin group enable myminio somegroup
Enabled group `somegroup` successfully.
  • Display user group information
[root@master01 ~]# mc admin group info myminio somegroup
Group: somegroup
Status: enabled
Policy: listbucketsonly
Members: newuser
  • Deleting User Groups
    Deletion is only possible if the user group is empty, i.e. no users exist in the user group.
[root@master01 ~]# mc admin group remove myminio somegroup
mc: <ERROR> Could not perform remove operation. The specified group is not empty - cannot remove it. (Specified group is not empty - cannot remove it).

[root@master01 ~]# mc admin group info myminio somegroup #Viewing user group information
Group: somegroup
Status: enabled
Policy: listbucketsonly
Members: newuser

[root@master01 ~]# mc admin group remove myminio somegroup newuser #Delete only existing users
Removed members {newuser} from group somegroup successfully.

[root@master01 ~]# mc admin group remove myminio somegroup #Delete the user group again
Removed group somegroup successfully.

Config Management

[root@master01 ~]# mc admin config export myminio #Getting Cluster Configuration

[root@master01 ~]# mc admin config export myminio > my-serverconfig #Getting Cluster Configuration并重定向至文件

Cluster Management

Viewing Cluster Information

mc tools

Show debug debugging

[root@master01 ~]# mc admin info --debug myminio

Display in json format

Specifies the display format.

[root@master01 ~]# mc admin info myminio --json

Restart the minio service

The service command provides a way to restart and stop all MinIO servers.

[root@master01 ~]# mc admin policy --help
[root@master01 ~]# mc admin service restart myminio
Service status: ▰▰▱ [DONE]
Summary:
    ┌───────────────┬─────────────────────────────┐
    │ Servers:      │ 4 online, 0 offline, 0 hung │
    │ Restart Time: │ 1.133381597s                │
    └───────────────┴─────────────────────────────┘

Curl tool usage

curl tool reference:Curl Client Usage