Minio
1、简介
分布式对象存储系统
1.1 概念介绍
1.1.1 服务器池
生产 MinIO 部署由至少 4 个具有同构存储和计算资源的 MinIO 主机组成。
这些资源聚合在一起作为一个 服务器池,对外抽象为一个可被访问的对象存储服务
1.1.2 EC
纠删码,也叫奇偶校验码,数字表示所有磁盘中要分出多少来进行数据校验,参考RAID
公式
n = k + m
n: 总数据块
k: 原始数据块
m: 校验块,本架构指ec数量,也就意味着集群中可以允许m块磁盘进行故障而不影响读写
冗余度 n+m/n 冗余度越高,磁盘利用率越低
k值影响数据恢复代价
k值越小,数据分散度越小,故障影响面越大
k值越大,多路数据拷贝增加的网络和磁盘负载越大
一般推荐使用ec4集群冗余度1.33
2、架构
3、部署(多节点,多磁盘)
3.1 环境准备
3.1.1 硬件准备
https://www.minio.org.cn/docs/minio/linux/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.html
https://www.minio.org.cn/docs/minio/linux/operations/checklists.html
3.1.1.1 服务器系统
推荐 使用 RHEL8+ 或 Ubuntu 18.04+
本实验使用ubuntu 18.04.6
3.1.1.2 磁盘
MinIO 通常建议规划容量,以便 服务器池扩展 仅在以下情况下才需要 2 年以上的部署正常运行时间。
例如,考虑一个估计会产生 10TB 数据的应用程序套件 每年的数据。 MinIO 部署应 至少 提供:
10TB + 10TB + 10TB = 30TB
推荐使用xfs磁盘且磁盘序号为连续
推荐使用ssd磁盘或nvme,保证磁盘类型相同和容量相同
本实验使用四台机器,每台机器4块盘,每块盘20G,使用ec4,冗余度1.33,共可用容量240G,磁盘利用率0.75 磁盘冗余与磁盘利用率互为倒数
分区
mkfs.xfs /dev/sdb -L DISK1 && mkfs.xfs /dev/sdc -L DISK2 && mkfs.xfs /dev/sdd -L DISK3 && mkfs.xfs /dev/sde -L DISK4
做好自动挂载
$ vim /etc/fstab
LABEL=DISK1 /mnt/disk1 xfs defaults,noatime 0 2
LABEL=DISK2 /mnt/disk2 xfs defaults,noatime 0 2
LABEL=DISK3 /mnt/disk3 xfs defaults,noatime 0 2
LABEL=DISK4 /mnt/disk4 xfs defaults,noatime 0 2
3.1.2 软件准备
3.1.2.1 主机名和域名配置
minio-01
minio-02
minio-03
minio-04
172.31.3.170 minio-01
172.31.3.171 minio-02
172.31.3.172 minio-03
172.31.3.173 minio-04
3.1.2.2 防火墙
所有节点需要完全的防火墙权限
3.1.2.3 时间同步
timedatectl set-timezone Asia/Shanghai
apt install chrony
https://www.cnblogs.com/guquanheng/p/17888278.html
3.1.2.4 负载均衡准备
vi /etc/nginx/conf.d/minio.conf
upstream minio_api {
server 172.31.3.170:9000;
server 172.31.3.171:9000;
server 172.31.3.172:9000;
server 172.31.3.173:9000;
}
upstream minio_console {
server 172.31.3.170:9001;
server 172.31.3.171:9001;
server 172.31.3.172:9001;
server 172.31.3.173:9001;
}
server{
listen 81;
server_name 172.31.3.123;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_set_header X-Forwarded-Proto $scheme ;
proxy_set_header Host $http_host ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_connect_timeout 300;
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_ignore_client_abort on;
proxy_pass http://minio_api;
}
}
server{
listen 82;
server_name 172.31.3.123;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_set_header X-Forwarded-Proto $scheme ;
proxy_set_header Host $http_host ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_connect_timeout 300;
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_ignore_client_abort on;
proxy_pass http://minio_console;
}
}
3.1.3 准备脚本
---
- hosts: all
tasks:
- name: 磁盘格式化
shell: mkfs.xfs /dev/sdb -L DISK1 && mkfs.xfs /dev/sdc -L DISK2 && mkfs.xfs /dev/sdd -L DISK3 && mkfs.xfs /dev/sde -L DISK4
- name: 时间同步
shell: timedatectl set-timezone Asia/Shanghai && ntpdate ntp1.aliyun.com && hwclock -w
tags: time-seed
- name: 安装时间同步服务
apt:
name: chrony
state: present
tags: chrony
---
- hosts: all
tasks:
- name: 配置vs
shell: ipvsadm -A -t 192.168 .10 .3 :{{ item }} -s lc
with_items:
- 9000
- 9001
tags:
- vs
- name: 配置rs1
shell: ipvsadm -a -t 192.168 .10 .3 :9000 -r 172.31 .3 .{{ item }}:9000 -g
with_items:
- 170
- 171
- 172
- 173
tags:
- rs1
- name: 配置rs2
shell: ipvsadm -a -t 192.168 .10 .3 :9001 -r 172.31 .3 .{{ item }}:9001 -g
with_items:
- 170
- 171
- 172
- 173
tags:
- rs2
3.2 部署服务
3.2.1 下载安装包
wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio_20240101163633.0.0_amd64.deb -O minio.deb
3.2.2 安装
dpkg -i minio.deb
3.2.3 配置
groupadd -r minio-user
useradd -M -r -g minio-user minio-user
chown minio-user:minio-user /mnt/disk1 /mnt/disk2 /mnt/disk3 /mnt/disk4
MINIO_VOLUMES="http://minio-0{1...4}:9000/mnt/disk{1...4}/minio"
MINIO_OPTS="--console-address :9001"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=12345678
MINIO_SERVER_URL="http://192.168.10.3:81"
systemctl enable --now minio
3.2.4 ansible一键安装
---
- hosts: all
tasks:
- name: 下载安装包
get_url:
url: https://dl.min.io/server/minio/release/linux-amd64/archive/minio_20240101163633.0.0_amd64.deb -O minio.deb
dest: /root/minio.deb
- name: 安装minio
shell: dpkg -i /root/minio.deb
- name: 创建用户组
group:
name: minio-user
- name: 创建用户
user:
name: minio-user
group: minio-user
shell: /sbin/nologin
- name: 更改文件权限
file:
path: /mnt/{{ item }}
owner: minio-user
group: minio-user
mode: 0755
state: directory
with_items:
- disk1
- disk2
- disk3
- disk4
- name: 创建minio配置文件
copy:
src: /home/gu/ansible/playbook/minio
dest: /etc/default/minio
- name: 启动服务
service:
name: minio
state: started
enabled: yes
3.3 测试
输入 /etc/default/minio 定义的账号密码
3.4 客户端
3.4.1 下载
curl https://dl.minio.org.cn/client/mc/release/linux-amd64/mc \
--create-dirs \
-o $HOME /minio-binaries/mc
chmod +x $HOME /minio-binaries/mc
export PATH=$PATH :$HOME /minio-binaries/
3.4.2 配置
bash +o history
mc alias set ALIAS HOSTNAME ACCESS_KEY SECRET_KEY
bash -o history
3.4.3 测试
(base) gu@ubuntu:~/ansible/playbook$ mc admin info miniocl
● minio-01:9000
Uptime: 39 minutes
Version: 2024-01-01T16:36:33Z
Network: 4/4 OK
Drives: 4/4 OK
Pool: 1
● minio-02:9000
Uptime: 39 minutes
Version: 2024-01-01T16:36:33Z
Network: 4/4 OK
Drives: 4/4 OK
Pool: 1
● minio-03:9000
Uptime: 39 minutes
Version: 2024-01-01T16:36:33Z
Network: 4/4 OK
Drives: 4/4 OK
Pool: 1
● minio-04:9000
Uptime: 39 minutes
Version: 2024-01-01T16:36:33Z
Network: 4/4 OK
Drives: 4/4 OK
Pool: 1
Pools:
1st, Erasure sets: 1, Drives per erasure set : 16
0 B Used, 1 Bucket, 0 Objects
16 drives online, 0 drives offline
4、配置
4.1 tls配置
4.1.1 实现负载均衡器的tls
4.1.1.1 生成证书
yum -y install easy-rsa
cd /usr/share/easy-rsa/3
./easyrsa init-pki
./easyrsa build-ca nopass
./easyrsa gen-req server nopass
./easyrsa sign server server
4.1.1.2 配置nginx实现https
upstream minio_api {
server 172.31.3.170:9000;
server 172.31.3.171:9000;
server 172.31.3.172:9000;
server 172.31.3.173:9000;
}
upstream minio_console {
server 172.31.3.170:9001;
server 172.31.3.171:9001;
server 172.31.3.172:9001;
server 172.31.3.173:9001;
}
server{
listen 81;
listen 445 ssl;
server_name www.minioapi.com;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_set_header X-Forwarded-Proto $scheme ;
proxy_set_header Host $http_host ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_connect_timeout 300;
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_ignore_client_abort on;
proxy_pass https://minio_api;
}
}
server{
listen 82;
listen 444 ssl;
server_name www.minioconsole.com;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_set_header X-Forwarded-Proto $scheme ;
proxy_set_header Host $http_host ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_connect_timeout 300;
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_ignore_client_abort on;
proxy_pass https://minio_console;
}
}
4.1.2 配置minio
4.1.2.1 自定义证书路径
minio server --certs-dir /opt/minio/certs ...
cat /lib/systemd/system/minio.service
ExecStart=/usr/local/bin/minio server --certs-dir $CERTS_DIR $MINIO_OPTS $MINIO_VOLUMES
cat /etc/default/minio
CERTS_DIR=/opt/certs/
mkdir /opt/certs/
cd /opt/ && chmod 766 certs -R
4.1.2.2 生成证书
wget https://github.com/minio/certgen/releases/latest/download/certgen-linux-amd64
certgen -host '"localhost,minio-*"'
将生成的 public.crt 和 private.key 文件放置到 /opt/certs 目录中
应用程序可以使用 public.crt 作为受信任的证书颁发机构,以允许连接到MinIO部署,而无需禁用证书验证
4.1.2.3 更新环境变量
MINIO_VOLUMES="https://minio-0{1...4}:9000/mnt/disk{1...4}/minio"
---
- hosts: all
tasks:
- name: 安装minio
shell: dpkg -i /root/minio.deb
- name: 创建用户组
group:
name: minio-user
- name: 创建用户
user:
name: minio-user
group: minio-user
shell: /sbin/nologin
- name: 更改文件权限
file:
path: /mnt/{{ item }}
owner: minio-user
group: minio-user
mode: 0755
state: directory
with_items:
- disk1
- disk2
- disk3
- disk4
- name: 创建minio配置文件
copy:
src: /home/gu/ansible/playbook/minio
dest: /etc/default/minio
- name: 复制service文件
copy:
src: /home/gu/ansible/playbook/minio.service
dest: /lib/systemd/system/minio.service
- name: 创建家目录
file:
path: /home/minio-user
owner: minio-user
group: minio-user
mode: 0755
state: directory
- name: 删除旧目录
shell: rm -rf /home/minio-user/.minio/certs
- name: 创建证书目录
file:
path: /home/minio-user/.minio/certs
owner: minio-user
group: minio-user
mode: 0755
state: directory
- name: 复制证书文件
copy:
src: /home/gu/ansible/playbook/certs/minio/public.crt
dest: /home/minio-user/.minio/certs
owner: minio-user
group: minio-user
mode: 0666
- name: 复制私钥key
copy:
src: /home/gu/ansible/playbook/certs/minio/private.key
dest: /home/minio-user/.minio/certs
owner: minio-user
group: minio-user
mode: 0666
- name: 改变所有文件权限
shell: chown -R minio-user:minio-user /home/minio-user/.minio/certs && chmod -R 0766 /home/minio-user/.minio/certs
- name: 重载配置
shell: systemctl daemon-reload
tags: reload
- name: 启动服务
service:
name: minio
state: restarted
enabled: yes
tags: restart
4.2 变量文件解析
MINIO_VOLUMES="http://minio-0{1...4}:9000/mnt/disk{1...4}/minio"
minio server https://minio{1...4}.example.net/mnt/disk{1...4} \
https://minio{5...8}.example.net/mnt/disk{1...4}
MINIO_OPTS="--console-address :9001"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=123456ai
MINIO_SERVER_URL="http://192.168.10.3:81"
5、运维
5.1 扩容
5.1.1 准备
https://www.minio.org.cn/docs/minio/linux/operations/install-deploy-manage/expand-minio-deployment.html
https://www.minio.org.cn/docs/minio/linux/operations/checklists.html
5.1.2 步骤
1、安装miniodeb包
2、配置ssl证书
3、修改变量文件minio
4、同时重启所有节点
总结:基本和部署步骤差不多,保持节点配置一致即可
5.2 监控
https://www.minio.org.cn/docs/minio/linux/operations/monitoring/collect-minio-metrics-using-prometheus.html
https://www.minio.org.cn/docs/minio/linux/operations/monitoring/grafana.html
5.3 日志
https://www.minio.org.cn/docs/minio/linux/operations/monitoring/minio-logging.html
5.4 健康检测
curl -I https://minio.example.net:9000/minio/health/live
curl -I https://minio.example.net:9000/minio/health/cluster
curl -I https://minio.example.net:9000/minio/health/cluster/read
curl -I https://minio.example.net:9000/minio/health/cluster?maintenance=true
5.5 故障维修
5.5.1 硬盘故障
https: //www.minio.org.cn/docs /minio/linux /operations/data -recovery/recover-after-drive-failure.html
5.5.2 节点故障
https: //www.minio.org.cn/docs /minio/linux /operations/data -recovery/recover-after-node-failure.html
5.5.3 站点故障
https: //www.minio.org.cn/docs /minio/linux /operations/data -recovery/recover-after-site-failure.html
5.6 集群管理
5.6.1 控制台
白屏化操作页面,和mc命令拥有相同部分功能
https://www.minio.org.cn/docs/minio/linux/administration/minio-console.html
6、最佳实践
1、使用Just a Bunch of Drives(直接使用裸磁盘)不需要使用raid等技术
2、使用xfs文件系统
3、负载均衡设置推荐位最小连接 LC
4、单个集群推荐最大使用16节点,单个节点推荐最多使用8个磁盘 如果每磁盘按2T算,那么单个集群最大可以容纳为2*8*16*利用率(默认ec4)=192T
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· SQL Server 2025 AI相关能力初探
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南