Location>code7788 >text

MinIO Notes

Popularity:746 ℃/2025-02-13 13:32:26

MinIO (Website/) is an open source object storage project, implemented in Go, supports Linux environment, and supports Java, Python, Javascript, Go and other languages. In distributed projects, it can replace old storage sharing methods such as local disk storage and NFS, which is convenient The program accesses files in the form of an s3 interface. MinIO is used instead of direct file operation in the project, which is easy to expand and facilitates switching between the object storage interfaces of local and cloud services.

Install

Docker installation

refer to/docs/minio/container/operations/install-deploy-manage/

Pull the image from or docker hub

# 
docker pull /minio/minio
# DockerHub
docker pull docker://minio/minio

Create configuration file /etc/docker/minio/

  • This file will be mapped to the minio container
  • MINIO_VOLUMESIt is the storage location used after the mini container is started, and it must be consistent with the mapping when creating the container later.
# MINIO_ROOT_USER and MINIO_ROOT_PASSWORD sets the root account for the MinIO server.
# This user has unrestricted permissions to perform S3 and administrative API operations on any reso
urce in the deployment.
# Omit to use the default values 'minioadmin:minioadmin'.
# MinIO recommends setting non-default values as a best practice, regardless of environment

MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=minio123

# MINIO_VOLUMES sets the storage volume or path to use for the MinIO server.

MINIO_VOLUMES="/mnt/data"

# MINIO_OPTS sets any additional commandline options to pass to the MinIO server.
# For example, `--console-address :9001` sets the MinIO Console listen port 
MINIO_OPTS="--console-address :9001"

Set up the hard disk mount. If it is a test environment, you can create a directory, such as currently using /var/minio, and then start the container

  • If the image is not pulled from quay, you need to change the image path
  • use-v /var/minio:/mnt/dataMap the storage directory of the minio, which should be consistent with the definition in the configuration file
  • use-e "MINIO_CONFIG_ENV_FILE=/etc/"Specify the configuration file path to be consistent with the above map
docker run -dt --name minio \
  -p 9000:9000 -p 9001:9001 \
  -v /var/minio:/mnt/data \
  -v /etc/docker/minio/:/etc/ \
  -e "MINIO_CONFIG_ENV_FILE=/etc/" \
  /minio/minio \
  server --console-address ":9001"

After startup, you can access the 9000 port to view the MinIO console using the browser

Configuration

MinIO's noun definition

  • Policy
    • Policy is the basic setting of permission management, in JSON format
  • User
    • Users use to log in to the console (Console)
    • User permissions are set in two ways. One is to directly set Policies. For example, readwrite has read and write permissions for all buckets; the other is user group, which can inherit the Policies of the user group.
  • Group
    • Group permissions are set through Policies
  • Access Key
    • access_key is created by the user
    • Each user can have multiple access keys, each access_key and secret_key form a pair to verify identity during interface access
  • Bucket
    • Bucket is a file bucket, similar to the concept of a directory. You can set capacity limits, whether to maintain the file version, and whether to lock the file (prevent it from being deleted)
    • Control the permissions of anonymous access through Anonymous Access Rule. When setting, you need to set a path prefix (wildcard characters cannot be used *).
    • If it can be read anonymously, the path to access the file is http://[host]:9000/[bucket]/[file path]

Policy Settings

Set meaning

  • Version Specifies the policy language version to use. It is recommended to use the latest version 2012-10-17
  • Statement Use this main policy element as a container for the following elements, and can contain multiple statements in a policy
  • Sid (optional) Includes optional statement ID to distinguish different statements
  • Effect Allow or Deny Identify whether the policy allows or denies access
  • Principal is only required in certain cases, if you create a resource-based policy, you must indicate the account, user, role, or federated user to allow or deny access. If you are creating an IAM permission policy to attach to a user or role, you cannot include it. This element, at this time the potential body is the user or role.
  • Action Includes a list of actions that are allowed or rejected by the policy
  • Resource If you create an IAM permission policy, you must specify a list of resources that apply to the action. If you create a resource-based policy, the element is optional. If you do not include the element, the resource that the action applies to is the resource to which the policy is attached.
  • Condition (optional) Specifies the situations in which the policy grants permissions

Define a policy by specifying what Action (strategy) Principal does under what Condition (condition) Effect (allow or reject) for Resource (resource object)

Read only globally

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}

Write only globally

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}

Global Reading and Writing

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}

Bucket operation

againstbucket2025The policy made in this bucket. After associating this policy to a minio user, this user can do all operations on bucket2025

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::bucket2025",
                "arn:aws:s3:::bucket2025/*"
            ]
        }
    ]
}

If you want to restrict user operations on buckets, only internal files are allowed to be read and written, you can constrain them to the following action list

            "Action": [
                "s3:DeleteObject",
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "s3:PutObject"
            ],

Java access

Add MinIO SDK dependencies

<dependency>
    <groupId></groupId>
    <artifactId>minio</artifactId>
    <version>8.5.17</version>
</dependency>

Create a MinioClient instance, which can be reused, but the program needs to close when exiting, so it is best to put it in a try

MinioClient minioClient =
             ()
                     .endpoint("http://192.168.1.2:9000")
                     .credentials("A1DbqKtKkeukiznEM123", "B3IZXZXYD7RbVJuFP8KEAc5U2q0kHZ7yaQx11122")
                     .build();

Upload the file code

try (MinioClient minioClient =
             ()
                     .endpoint("http://192.168.1.2:9000")
                     .credentials("A1DbqKtKkeukiznEM123", "B3IZXZXYD7RbVJuFP8KEAc5U2q0kHZ7yaQx11122")
                     .build()) {
    // Ensure bucket exists
    boolean found =
            (().bucket("202502").build());
    if (!found) {
        ("Bucket '202502' doesn't exist");
        return;
        //(().bucket("202502").build());
    } else {
        ("Bucket '202502' already exists.");
    }
    (
            ()
                    .bucket("202502")
                    .object("")
                    .filename("D:/Documents/")
                    .build());
    ("successfully uploaded");
} catch (Exception e) {
    ((), e);
}
<Previous Next>