Simple MINIO

Download and install the minio server rpm and the mcli tool (mc). https://www.min.io/open-source/download?platform=linux&arch=amd64

Create the config

/etc/default/minio

MINIO_VOLUMES="/opt/minio/data"
MINIO_ROOT_USER="myAdminUser"
MINIO_ROOT_PASSWORD="myAdminPW"

Create the configured directory. And also add the minio user and set the user rights.

useradd -r -d /opt/minio
chown -R minio-user:minio-user /opt/minio

systemctl start minio
systemctl status minio

→ shows the listen address (http://10.20.30.40:37757)

Docs fot the CLI tool: https://docs.min.io/enterprise/aistor-object-store/reference/cli/admin/

To work proper with the mcli tool, it is best to set an alias:

mcli alias set <AliasName> <ServerAddress> <MINIO_ROOT_USER> <MINIO_ROOT_PASSWORD>
mcli alias set myminio http://127.0.0.1:9000 myAdminUser myAdminPW

From now you can use the alias in the commands

Add a new User:

mcli admin user add <AliasName> <newUser> <newPassword>
mcli admin user add myminio test test1234

Create/Make a new bucket:

mcli mb <AliasName>/<BucketName>
mcli mb myminio/test

Delete/Remove a new bucket:

mcli rb <AliasName>/<BucketName>
mcli rb myminio/test

That the right user get access to this bucket, we need a policy. The policy is also needed for the access keys.

 
{
   "Version": "2012-10-17",
   "Statement": [
    {
     "Effect": "Allow",
     "Action": [
      "s3:*"
     ],
     "Resource": [
      "arn:aws:s3:::test",
      "arn:aws:s3:::test/*"
     ]
    }
   ]
  }

This policy allows everything on the test bucket. You need to safe this in a file test.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::test",
        "arn:aws:s3:::test/*"
      ]
    }
  ]
}

This JSON allows also everything, but with all options listed.

Create a policy

mcli admin policy create <AliasName> <PolicyName> </path/to/file.json>
mcli admin policy create myminio rw-test test.json

List policies:

mcli admin policy list <AliasName>
mcli admin policy list myminio

Policy info/details

mcli admin policy info <AliasName> <PolicyName>
mcli admin policy info myminio rw-test

The policy also has to be attached to the user (or the other way round)

mcli admin policy attach <AliasName> <PolicyName> --user <newUser>
mcli admin policy attach myminio rw-test --user test

A detach is also possible

mcli admin policy detach <AliasName> <PolicyName> --user <newUser>
mcli admin policy detach myminio readwrite --user test

With the policy and the user you can also create token and key

mcli admin accesskey create <AliasName>/ test --policy </path/to/file.json>
mcli admin accesskey create myminio/ test --policy test.json

wiki.server17.net

Table of Contents