Minio 笔记
一、安装minio
# 安装方式 or 直接下二进制执行文件 chomod +x minio 运行
sudo wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio-20240326221045.0.0-1.x86_64.rpm -O minio.rpm
sudo dnf install minio.rpm
# mkdir /usr/miniodata 文件夹
# 启动一
# cd /usr/local/bin/minio
./minio server /usr/miniodata
# /usr/miniodata 文件磁盘
二、单节点单Driver
--console-address ":9001" webui 不使用动态端口
MINIO_ROOT_USER
MINIO_ROOT_PASSWORD
--config-dir=path
注意:中文官网的文档属于老版本,坑比较多,建议使用新版本
老版本中MINIO_ACCESS_KEY 和 MINIO_SECRET_KET 指定的账户密码,也不需要console-address
linux
1.手动启动
# 需要修改/etc/profile添加环境变量 or 直接先执行如下命令 admin/123456789可以自定义
export MINIO_ROOT_USER=admin
export MINIO_ROOT_PASSWORD=123456789
# 默认配置目录${HOME}/.minio,可以通过--config-dir 修改
cd /usr/local/bin/minio
./minio server /usr/miniodata --console-address ":9001"
exp:
#!/bin/bash
export MINIO_ROOT_USER=xianpm
export MINIO_ROOT_PASSWORD=123456789
MINIO_HOME=/usr/local/bin
nohup ${MINIO_HOME}/minio server /usr/miniodata --console-address ":9001" > ${MINIO_HOME}/minio.log 2>&1 &
三、单节点多Driver
Single-Node Multi-Drive
单台机多个盘,服务启动方式见上
主要是修改 MINIO_VOLUMES
2.添加到系统服务(以下配置单节点多Driver)
使用.dep or .rpm的安装方式,默认会自动创建minio.service,位置/usr/lib/systemd/system/minio.service
注意: systemd 会检查/usr/lib/systemd/下是否存在minio.service,避免不同的配置选项之间产生冲突或意外,请检查
另外,最好的情况是minio.service只存在于/usr/lib/systemd/system/目录下
minio.service文件
[Unit]
Description=MinIO
Documentation=https://min.io/docs/minio/linux/index.html
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
WorkingDirectory=/usr/local
User=minio-user
Group=minio-user
ProtectProc=invisible
EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
# MinIO RELEASE.2023-05-04T21-44-30Z adds support for Type=notify (https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=)
# This may improve systemctl setups where other services use `After=minio.server`
# Uncomment the line to enable the functionality
# Type=notify
# Let systemd restart this service always
Restart=always
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
# Specifies the maximum number of threads this process can create
TasksMax=infinity
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
# Built for ${project.name}-${project.version} (${project.name})
创建系统用户,并执行相脚本命令
groupadd -r minio-user # 创建组 minio-user
useradd -M -r -g minio-user minio-user #添加用户到组minio-user,见minio.service =>User=minio-user Group=minio-user
chown minio-user:minio-user /mnt/disk1 /mnt/disk2 /mnt/disk3 /mnt/disk4
检查文件是否存在 /etc/default/minio
# MINIO_ROOT_USER and MINIO_ROOT_PASSWORD sets the root account for the MinIO server.
# This user has unrestricted permissions to perform S3 and administrative API operations on any resource in the deployment.
# Omit to use the default values 'minioadmin:minioadmin'.
# MinIO recommends setting non-default values as a best practice, regardless of environment
MINIO_ROOT_USER=myminioadmin
MINIO_ROOT_PASSWORD=minio-secret-key-change-me
# MINIO_VOLUMES sets the storage volume or path to use for the MinIO server.
MINIO_VOLUMES="/mnt/disk{1...4}"
# MINIO_OPTS sets any additional commandline options to pass to the MinIO server.
# For example, `--console-address :9001` sets the MinIO Console listen port
MINIO_OPTS="--console-address :9001"
# MINIO_SERVER_URL sets the hostname of the local machine for use with the MinIO Server
# MinIO assumes your network control plane can correctly resolve this hostname to the local machine
# Uncomment the following line and replace the value with the correct hostname for the local machine and port for the MinIO server (9000 by default).
#MINIO_SERVER_URL="http://minio.example.net:9000"
开机启动配置
systemctl enable minio.service
四、伪集群
1.搭建伪集群
服务器只有一台,搭建伪集群(多节点单Driver)
用端口区分
export MINIO_ROOT_USER=admin
export MINIO_ROOT_PASSWORD=123456789
MINIO_HOME=/usr/local/bin
MINIO_HOST=192.168.3.14
for i in {01..04};do
nohup ${MINIO_HOME}/minio server --address ":90${i}" --console-address ":500${i}" \
http://${MINIO_HOST}:${9001}/mnt/data01 http://${MINIO_HOST}:${9002}/mnt/data02 \
http://${MINIO_HOST}:${9003}/mnt/data03 http://${MINIO_HOST}:${9004}/mnt/data04 \
> ${MINIO_HOME}/minio-90{i}.log 2>&1 &
done
# 以下为伪代码
# OPT http://${MINIO_HOST}:${9001}/mnt/data01 http://${MINIO_HOST}:${9002}/mnt/data02 http://${MINIO_HOST}:${9003}/mnt/data03
# http://${MINIO_HOST}:${9004}/mnt/data04
# nohup 192.168.3.14/minio server --address ":9001" --console-address ":50001" OPT > /usr/local/bin/minio-9001.log 2>&1 &
# nohup 192.168.3.14/minio server --address ":9002" --console-address ":50002" OPT > /usr/local/bin/minio-9002.log 2>&1 &
# nohup 192.168.3.14/minio server --address ":9003" --console-address ":50003" OPT > /usr/local/bin/minio-9003.log 2>&1 &
# nohup 192.168.3.14/minio server --address ":9004" --console-address ":50004" OPT > /usr/local/bin/minio-9004.log 2>&1 &
2.入口使用nginx upstream 做负载均衡
worker_processes 2;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
# include /etc/nginx/conf.d/*.conf;
upstream minio-api {
server 192.168.3.14:9001;
server 192.168.3.14:9002;
server 192.168.3.14:9003;
server 192.168.3.14:9004;
}
upstream minio-web {
server 192.168.3.14:50001;
server 192.168.3.14:50002;
server 192.168.3.14:50003;
server 192.168.3.14:50004;
}
server {
listen 9000;
listen [::]:9000;
server_name localhost;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
# 转发客户浏览器的 ip 地址
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://minio-api;
}
}
server {
listen 50000;
listen [::]:50000;
server_name localhost;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
# 转发客户浏览器的 ip 地址
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://minio-web;
}
}
}
五、Docker 集群版
1.首先创建好目录 /app/minio-cluster,在里面创建目录和文件,具体结构如下:
/app/minio-cluster
.
--data1
--data1
--data1
--data4
--docker-compose.yml
--nginx.conf
2.编写 docker-compose.yml 文件内容如下:
version: "3.5"
services:
minio1:
image: minio/minio
container_name: minio1
privileged: true
restart: always
environment:
# web管理后台用户名
MINIO_ROOT_USER: jobs
# web管理后台密码
MINIO_ROOT_PASSWORD: jobs@123
networks:
- minio_net
volumes:
# 文件存储目录映射
- /app/minio-cluster/data1:/data
# 运行 minio 服务启动命令,/data 参数是 docker 容器内部的数据目录
# 由于 web 管理后台是动态端口,因此必须指定为固定的端口
command: server --console-address ":9001" http://minio{1...4}:9000/data
minio2:
image: minio/minio
container_name: minio2
privileged: true
restart: always
environment:
MINIO_ROOT_USER: jobs
MINIO_ROOT_PASSWORD: jobs@123
networks:
- minio_net
volumes:
- /app/minio-cluster/data2:/data
command: server --console-address ":9001" http://minio{1...4}:9000/data
minio3:
image: minio/minio
container_name: minio3
privileged: true
restart: always
environment:
MINIO_ROOT_USER: jobs
MINIO_ROOT_PASSWORD: jobs@123
networks:
- minio_net
volumes:
- /app/minio-cluster/data3:/data
command: server --console-address ":9001" http://minio{1...4}:9000/data
minio4:
image: minio/minio
container_name: minio4
privileged: true
restart: always
environment:
MINIO_ROOT_USER: jobs
MINIO_ROOT_PASSWORD: jobs@123
networks:
- minio_net
volumes:
- /app/minio-cluster/data4:/data
command: server --console-address ":9001" http://minio{1...4}:9000/data
nginx:
image: nginx
container_name: nginx
privileged: true
restart: always
volumes:
- /app/minio-cluster/nginx.conf:/etc/nginx/nginx.conf
ports:
# 转发 api 端口
- 9000:9000
# 转发 web 管理界面端口
- 9001:9001
networks:
- minio_net
depends_on:
- minio1
- minio2
- minio3
- minio4
# 网络配置
networks:
minio_net:
driver: bridge
我们启动 4 个 docker 容器,每个 Minio 容器都是使用 9000 作为 api 端口,9001 作为 Web 管理界面端口。
由于我们需要使用 nginx 对 api 端口和 Web 管理界面端口进行负载均衡对外提供,因此 4 个容器就不再对外暴露端口。
worker_processes 2;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
# include /etc/nginx/conf.d/*.conf;
upstream minio-api {
server minio1:9000;
server minio2:9000;
server minio3:9000;
server minio4:9000;
}
upstream minio-web {
server minio1:9001;
server minio2:9001;
server minio3:9001;
server minio4:9001;
}
server {
listen 9000;
listen [::]:9000;
server_name localhost;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
# 转发客户浏览器的 ip 地址
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://minio-api;
}
}
server {
listen 9001;
listen [::]:9001;
server_name localhost;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
# 转发客户浏览器的 ip 地址
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://minio-web;
}
}
}
最后在 docker-compose.yml 文件所在目录下,运行 docker-compose up -d 启动服务即可。
然后直接访问nginx服务即可
六、其他 window
start_minio.bat (不详细描述)
#set name 可以查看环境变量
#set name=value
#setx 可以永久设置本地环境变量
#setx /m 永久设置系统环境变量
#setx /m name “value”
#setx -m 永久追加系统环境变量
#setx -m name “%name%;value”
# 下载二进制exe文件至 E:\\minio目录下,并创建start_minio.bat
cd E:/minio
set MINIO_ROOT_USER=admin
set MINIO_ROOT_PASSWORD=123456789
.\minio.exe server E:/minio/data --console-address ":9001" --address ":9000"
# --console-address ":9001" --address ":9000" 可以添加,可以不添加
七、mc操作minio
1.下载
wget https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x mc
mc --help
# mv mc /usr/local/sbin
2.使用
ls 列出文件和文件夹。
mb 创建一个存储桶或一个文件夹。
cat 显示文件和对象内容。
pipe 将一个STDIN重定向到一个对象或者文件或者STDOUT。
share 生成用于共享的URL。
cp 拷贝文件和对象。
mirror 给存储桶和文件夹做镜像。
find 基于参数查找文件。
diff 对两个文件夹或者存储桶比较差异。
rm 删除文件和对象。
events 管理对象通知。
watch 监听文件和对象的事件。
policy 管理访问策略。
session 为cp命令管理保存的会话。
config 管理mc配置文件。
update 检查软件更新。
version 输出版本信息。
1、连接minio服务器,指令如下:
# mc config host add minio连接名(随便) [http://ip:9000](http://ip:9000/) minio用户名 minio服务器密码 --api S3v4
mc config host add myminio http://localhost:9000 xianpm 123456789
2、删除已添加的云存储连接
# mc config host remove 连接名
mc config host remove test
3、查看已连接的云存储
# mc config host list 或 mc config host ls
4、创建存储桶
# mc mb minio连接名/桶名
mc mb test/test
5、查看存储桶
# mc ls minio连接名
mc ls myminio
6、上传下载文件
# 上传一个文件到bucket中
# mc cp filePath 链接名/存储桶
mc cp /etc/1.png myminio/images
# 上传一个目录到bucket中
# mc cp path 链接名/存储桶 --recursive
mc cp /etc test/test --recursive
# 下载一个文件到本地目录
# mc cp 链接名/存储桶/file filePath
mc cp myminio/images/1.jpg /tmp/test/
# 下载一个目录到本地目录
# mc cp 链接名/存储桶/ path --recursive
mc cp myminio/images/ /tmp --recursive
7、删除bucket中的文件
# 删除文件 mc rm 链接名/存储桶/文件名
mc rm myminio/images/1.png
# 删除目录 mc rm 链接名/存储桶/目录 --recursive --force
mc rm myminio/images/avatardir --recursive --force
8、删除存储桶
#删除没有文件的bucket=> mc rb 链接名/存储桶
mc rb test/test
# 删除有文件的bucket => mc rb 链接名/存储桶 --force
mc rb test/test --force
9、创建用户和角色
# 添加用户
# mc admin user add minio连接名 用户名 密码
mc admin user add test testuser test123456
# 添加策略
# mc admin user add minio连接名 策略名 json配置文件
mc admin policy add test test test.json
# 配置用户策略
# mc admin policy set minio连接名 策略名 user=用户名
mc admin policy set test test user=test
3.mc admin使用
mc 提供 mc admin子命令来对minio部署执行管理任务
mc admin 操作
命令 描述
mc admin service 重启或停止所有 MinIO 服务器
mc admin update 更新所有 MinIO 服务器
mc admin info 显示 MinIO 服务器信息
mc admin user 管理 MinIO 部署上的用户
mc admin group 组管理
mc admin policy 管理用于 MinIO 基于策略的访问控制 (PBAC) 的策略
mc admin config 管理 MinIO 服务器的配置设置
mc admin heal 扫描损坏的对象并修复这些对象
mc admin profile 生成用于调试目的的配置文件数据
mc admin top MinIO 提供 top like 统计
mc admin trace 显示 MinIO 服务器的 http 跟踪
mc admin console 显示 MinIO 服务器的控制台日志
mc admin prometheus 管理 prometheus 配置
mc admin kms 执行 KMS 管理操作
mc admin subnet 子网相关命令
mc admin bucket 管理 MinIO 服务器中定义的桶
mc admin tier 为 ILM 转换配置远程层目标
3.mc admin使用
mc 提供 mc admin子命令来对minio部署执行管理任务
mc admin 操作
命令 描述
mc admin service 重启或停止所有 MinIO 服务器
mc admin update 更新所有 MinIO 服务器
mc admin info 显示 MinIO 服务器信息
mc admin user 管理 MinIO 部署上的用户
mc admin group 组管理
mc admin policy 管理用于 MinIO 基于策略的访问控制 (PBAC) 的策略
mc admin config 管理 MinIO 服务器的配置设置
mc admin heal 扫描损坏的对象并修复这些对象
mc admin profile 生成用于调试目的的配置文件数据
mc admin top MinIO 提供 top like 统计
mc admin trace 显示 MinIO 服务器的 http 跟踪
mc admin console 显示 MinIO 服务器的控制台日志
mc admin prometheus 管理 prometheus 配置
mc admin kms 执行 KMS 管理操作
mc admin subnet 子网相关命令
mc admin bucket 管理 MinIO 服务器中定义的桶
mc admin tier 为 ILM 转换配置远程层目标
用户管理
mc admin user --help
# mc admin user COMMAND [COMMAND FLAGS | -h] [ARGUMENTS...]
# 新建用户
mc admin user add minio-server fox foxpwd
# 查看用户
mc admin user list minio-server
# 禁用用户
mc admin user disable minio-server fox
# 启用用户
mc admin user enable minio-server fox
# 查看用户信息
mc admin user info minio-server fox
# 删除用户
mc admin user minio-server fox
策略管理
使用管理用户添加后 mc admin user add myminio fox foxpwd,需要配置相关的策略才能登陆console
mc admin policy --help
# mc admin policy COMMAND [COMMAND FLAGS | -h] [ARGUMENTS...]
# COMMANDS:
# create create a new IAM policy
# remove, rm remove an IAM policy # list, ls list all IAM policies
# info show info on an IAM policy
# attach attach an IAM policy to a user or group
# detach detach an IAM policy from a user or group
# entities list policy association entities
# 查看权限
mc admin policy ls myminio
# consoleAdmin 管理员
# diagnostics 用户观察
# readonly 仅读
# readwrite 读写
# writeonly 仅写
# 查看读策略
mc admin policy info myminio readonly
# 添加策略
mc admin policy add minio-server mypolicy /etc/mypolicy.json
# 列出策略
mc admin policy list minio-server
# 附加策略
mc admin policy attach minio-server mypolicy user=fox
mypolicy.json
配置看 Access Management — MinIO Object Storage for Linux
格式
{
"Version" : "2024-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [ "s3:<ActionName>", ... ],
"Resource" : "arn:aws:s3:::*",
"Condition" : { ... }
},
{
"Effect" : "Deny",
"Action" : [ "s3:<ActionName>", ... ],
"Resource" : "arn:aws:s3:::*",
"Condition" : { ... }
}
]
}
{
"version": "2024-03-31",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject"
],
"Resource":[
"arn:aws:s3:::tulinmall"
]
},
{
"Effect":"Allow",
"Action":[
"s3:*"
],
"Resource":[
"arn:aws:s3:::tulinmall/*"
]
}
]
}
本文来自博客园,作者:一个小笨蛋,转载请注明原文链接:https://www.cnblogs.com/paylove/p/18106900
