MinIO Installation and Setup

Montreal

  1. Make sure to install the MinIO client mc here: https://min.io/docs/minio/linux/reference/minio-mc.html

  2. Add the alias using your provided MinIO api url:

    mc alias set myminio https://<my-api-url> cpip 'mypassword'

  3. Test connection to the object store:

    mc ls myminio

  4. Perform additional operations to ensure the connection is working properly:

    1. Upload a file

      echo "Hello, MinIO!" > testfile.txt
mc cp testfile.txt myminio/your-bucket-name

    2. List files in a bucket:

      mc ls myminio/your-bucket-name

    3. Download a file:

      mc cp myminio/your-bucket-name/testfile.txt downloaded-testfile.txt

  5. Go to the MinIO console and create your s3 id and key through the Access Keys sidebar. Enter this information into the corresponding s3_id and s3_key secrets file.

Calgary

Docker swarm installation

  1. Clone the unf stack repository.

  2. Move into the proper folder of the repository.

    cd stack/storage_server

  3. If using selfsigned certs, the installation requires the creation of self-signed certificates using the certgen tool described in intallation option 2 further down in this page.

  4. Create the other secrets required.

    sudo docker secrets create name-of-secret secret-file
# secret-file can be any text file containing the needed information.
# OR
echo "xxxxxxxxxx" | docker secret create name-of-secret -
# make sure to remove the entry from the server's history

  5. Make sure that the docker-compose file is pointing to those secrets for their use inside the container.

  6. Make sure that the docker-compose file point the service deployment to the manager node using the constraints.

    deploy:
placement:
    constraints:
    - node.hostname == manager-node.ca

  7. Run the docker command

    docker stack deploy --compose-file docker-compose.minio.yml cpip

    Important

    In docker swarm, in order to mount a volume to a container, such volume must exist. This is not necessary using docker compose where directories are created if missing.

  8. Debbugging

    Note

    Check this post for debbugging.

    Important

    In docker swarm in order to mount a volume to a container, such volume must exist. This is not necessary using docker compose where directories are created if missing.

Option 2: Installation Using the Linux Release Packages

You can find the installation guides for the different operating systems in this documentation.

  1. Calgary is working with RedHat8, therefore, we will use the following installation package:

    wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio-20231016041343.0.0.x86_64.rpm -O minio.rpm
sudo dnf install minio.rpm

    Other considerations required include the follwoing:

    1. Create the Systemd Sevice File (/usr/lib/systemd/system/minio.service) followig this steps.

      [Unit]
Description=MinIO
Documentation=https://min.io/docs/minio/linux/index.html
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio

[Service]
WorkingDirectory=/usr/local

User=minio-user
Group=minio-user
ProtectProc=invisible

EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES

# MinIO RELEASE.2023-05-04T21-44-30Z adds support for Type=notify (https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=)
# This may improve systemctl setups where other services use `After=minio.server`
# Uncomment the line to enable the functionality
# Type=notify

# Let systemd restart this service always
Restart=always

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536

# Specifies the maximum number of threads this process can create
TasksMax=infinity

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no

[Install]
WantedBy=multi-user.target

# Built for ${project.name}-${project.version} (${project.name})

    2. You need to change this according to the user/group that you are working under, or create a new user/group. There can only exist this /usr/lib/systemd/system/minio.service to avoid problems with the service.

      User=minio-user # user that will be setup to have access to the minio
Group=minio-user # gropu that will be setup to have access to the minio

    3. Make sure that you create the MinIO folder that is set up in /usr/lib/systemd/system/minio/minio.service to be your “mounted drive”. I set ~/mnt/data so I do the following.

      sudo mkdir /mnt/data

    4. You can create the user using the following commands.

      groupadd -r minio-user
useradd -M -r -g minio-user minio-user
chown minio-user:minio-user /mnt/data #mounted drives set up in /usr/lib/systemd/system/minio/minio.service file, could be multiple

  2. Create the environmnet variable file.

    If you are planning on using self signed certificates with a domain name for the S3-API, create a tls certificate with the appropriate ips/domains. Follow these instructions. You can use the certgen tool from the minio team.

    1. Download the certgen tool.

      #download the tool
wget https://github.com/minio/certgen/releases/latest/download/certgen-linux-amd64
#move it to /user/local/bin/
sudo mv certgen-linux-amd64 /usr/local/bin/certgen
#make it executable
sudo chmod +x /usr/local/bin/certgen

    2. Create the certificates and place the TLS certificates for the domain (e.g. minio.ahs.ucalgary.ca) in the /certs directory, with the private key as private.key and public certificate as public.crt.

      #for approx 10 years
certgen -duration 220000h0m0s -host "139.48.221.19:9000,minio.ahs.ucalgary.ca,minio.ahs.ucalgary.ca:9000" -
#move them to the certs folder
mv private.key ~/.minio/certs/
mv public.crt ~/.minio/certs/
#COPY INTO THE CERTS/CAs/ FOLDER BECAUSE WE ARE GOING FOR SELF SIGNED CERTIFICATES
cp ~/.minio/certs/private.key ~/.minio/certs/CAs/myCA.crt

    3. After creating the certificates, create an environment variable file at /etc/default/minio.

      MINIO_ROOT_USER=cpip-minio #root user used to login
MINIO_ROOT_PASSWORD=cpip-minio-has-access #password used to login for root user
# MINIO_VOLUMES sets the storage volume or path to use for the MinIO server.
MINIO_VOLUMES="/mnt/data"
# MINIO_SERVER_URL sets the hostname of the local machine for use with the MinIO Server
# MinIO assumes your network control plane can correctly resolve this hostname to the local machine
# Uncomment the following line and replace the value with the correct hostname for the local machine and port for the MinIO server (9000 by default).
MINIO_SERVER_URL="https://minio.ahs.ucalgary.ca:9000"

  3. Start the MinIO Server.

    1. Run the following commands to start the MinIO server.

      sudo systemctl start minio.service
sudo systemctl status minio.service
journalctl -f -u minio.service
sudo systemctl enable minio.service

    2. Install the mc (minio client binary) following these instructions. Make sure to add the path to the binary to the ~/.bashrc file or copy the binary to the bin folder like we did for the certgen tool.

    3. Done. You can either access the minio console using the ip shown when you run journalctl -f -u minio.service or use ce MinIO client in order create an alias. This alias will allow you to perform admin tasks directly from the tool.

      # this line will create an alias (cpip-minio-calgary) for our MinIO instance which will be used to manage it
mc alias set cpip-minio-calgary https://minio.ahs.ucalgary.ca:9000 cpip-minio cpip-minio-has-access

    4. Creation and managing of users.

      There are different ways to create and manage users, for more information checkout the mc admin tool.