minio 实践

发表于 更新于 分类于 本文字数: 3.5k 阅读时长 ≈ 3 分钟

minio

部署 minio 非常灵活,以下是常用配置参数:

  • address: Minio API 调用的地址 + 端口,其中地址可以是 IP 或者 host

  • console-address: MinIO web 管理页面的地址 + 端口,其中地址同上

binary deploy

使用二进制部署

1
2
3
wget -O /usr/local/bin/minio https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x /usr/local/bin/minio
minio server /data

docker deploy

使用 docker 命令部署

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
export MINIO_ROOT_USER=minio
export MINIO_ROOT_PASSWORD=minio123
export MINIO_ADDRESS_PORT=9000
export MINIO_CONSOLE_PORT=9001
export MINIO_DOCKER_NAME=minio
export MINIO_BUCKET=bucket_name
docker run -p $MINIO_ADDRESS_PORT:9000 -p $MINIO_CONSOLE_PORT:9001 --name $MINIO_DOCKER_NAME \
    -d --restart=always \
    -e MINIO_ROOT_USER=$MINIO_ROOT_USER \
    -e MINIO_ROOT_PASSWORD=$MINIO_ROOT_PASSWORD \
    -v .data:/data \
    -v .minio:/root/.minio \
    minio/minio server /data --address ":9000" --console-address ":9001"

# mc 通过 link 操作使用 `容器名:内部port` 对api port访问
docker run --rm --link $MINIO_DOCKER_NAME -e MINIO_BUCKET=$MINIO_BUCKET --entrypoint sh minio/mc -c "\
  while ! nc -z minio 9000; do echo 'Wait minio to startup...' && sleep 0.1; done; \
  sleep 5 && \
  mc config host add myminio http://minio:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD && \
  if ! mc ls myminio | grep --quiet $MINIO_BUCKET; then mc mb myminio/$MINIO_BUCKET; else echo 'bucket $MINIO_BUCKET already exists'; fi && \
  mc mb myminio/$MINIO_BUCKET && \
  mc policy download myminio/$MINIO_BUCKET \
"

docker-compose deploy

使用 docker-compose 部署,参考如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# docker-compose.yml
services:
  minio:
    # 该镜像默认创建匿名卷 /data 用于持久化 minio 数据
    image: minio/minio:RELEASE.2023-06-02T23-17-26Z
    ports:
      - ${MINIO_ADDRESS_PORT:-9000}:9000
      - ${MINIO_CONSOLE_PORT:-9001}:9001
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minio}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-minio123}
    command: server /data --address ":9000" --console-address ":9001"
    healthcheck:
      test:
        [
          "CMD",
          "curl",
          "-f",
          # 测试命令通过 localhost:external-port 访问
          # "http://localhost:${MINIO_ADDRESS_PORT:-9000}/minio/health/live"
          # 测试命令通过 service-name:internal-port 访问
          "http://minio:9000/minio/health/live"
        ]
      interval: 10s
      timeout: 10s
      retries: 3

  create_models_buckets:
    # 使用 mc 工具创建桶 models
    image: minio/mc:RELEASE.2023-05-30T22-41-38Z
    depends_on:
      minio:
        condition: service_healthy
    entrypoint: >
      bash -c 'mc config host add myminio http://minio:9000 ${MINIO_ROOT_USER:-minio} ${MINIO_ROOT_PASSWORD:-minio123};
      if ! mc ls myminio | grep --quiet models; then
        mc mb myminio/models;
      else
        echo "bucket models already exists in host myminio";
      fi;
      mc anonymous set public myminio/models;
      exit 0;'

使用环境变量配置启动端口

1
MINIO_ADDRESS_PORT=9999 docker-compose up --remove-orphans -V

mc

1,连接服务(hellominio)

1
2
3
mc config host add hellominio http://minio:9001 minio minio123

#msg:Added `hellominio` successfully.

2,创建策略 (readwrite)

1
2
3
4
mc admin policy add hellominio readwrite readwrite.json

# 配置文件如下(readwrite.json )
# Added policy `readwrite` successfully.

3, 创建用户 密码必须为 8 位以上 (用户名 hello 密码 hello123123)

1
2
3
mc admin user add hellominio hello hello123123

# Added user `hello` successfully.

4,成功创建用户后, 为该用户应用策略(readwrite)。

1
2
3
4
mc admin policy set hellominio readwrite user=hello

# Policy readwrite is set on user `hello`
# 到此登录后就可以正常使用了,继续分组管理用户

5, 创建分组 (hellominiogroup)

1
2
3
mc admin group add hellominio hellominiogroup hello

# Added members {hello} to group hellominiogroup successfully.

6, 成功创建组后,对该组应用策略。

1
2
3
mc admin policy set hellominio readwrite group=newgroup

# Policy readwrite is set on group `newgroup`

7,更改权限后 需重新导入

1
2
3
mc admin policy add hellominio readwrite readwrite.json

# Added policy `readwrite` successfully.