minio

5 years ago · f62faca30f
2 changed files with 387 additions and 0 deletions
--- a/DockerSwarm/minio-browser.png
+++ b/DockerSwarm/minio-browser.png
--- a/DockerSwarm/swarm-volumes-storage-howto.adoc
+++ b/DockerSwarm/swarm-volumes-storage-howto.adoc
@ -0,0 +1,387 @@
+= Swarm Storage HowTo!
+Apostolos rootApostolos@swarmlab.io
+:description: IoT  Εισαγωγή στο Cloud
+:keywords: Cloud, swarm
+:data-uri:
+:toc: right
+:toc-title: Πίνακας περιεχομένων
+:toclevels: 4
+:source-highlighter: coderay
+:icons: font
+:sectnums: 
+
+include::header.adoc[]
+
+
+{empty} +
+
+== Install Minio
+
+=== Create Docker secrets for MinIO
+
+.create secrets
+[source,sh]
+----
+KEY=$(od -vN 32 -An -tx1 /dev/urandom | tr -d ' \n' ; echo)
+SECRET=$(od -vN 32 -An -tx1 /dev/urandom | tr -d ' \n' ; echo)
+echo $KEY > key
+echo $SECRET > secret
+echo $KEY | docker secret create access_key -
+echo $SECRET | docker secret create secret_key -
+----
+
+
+
+=== Create node labels
+
+.create labels
+[source,sh]
+----
+docker node update --label-add minio1=true [node-name] // <1>
+docker node update --label-add minio2=true [node-name]
+docker node update --label-add minio3=true [node-name]
+docker node update --label-add minio4=true [node-name]
+
+docker node update --label-add group==minio [node-name] //<2>
+docker node update --label-add group==minio [node-name]
+----
+<1> node name from command: docker node ls e.g. *snf-12118*  (minio)
+<2> node name from command: docker node ls e.g. *snf-12118*  (proxy)
+
+
+=== Generate a Certificate
+
+.Create a configuration file (openssl.conf)
+[source,sh]
+----
+[req]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = US //<1>
+ST = VA //<1>
+L = Somewhere //<1>
+O = MyOrg //<1>
+OU = MyOU //<1>
+CN = MyServerName //<1>
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+IP.1 = 127.0.0.1 //<2>
+----
+<1> change to the correct values
+<2> change to the correct IP address
+
+.Run openssl and specify the configuration file
+[source,sh]
+----
+openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout private.key -out public.crt -config openssl.conf
+----
+
+
+=== Create Yaml file
+
+.docker-compose 
+[source,yaml]
+----
+services:
+  minio1: //<1>
+    image: minio/minio:RELEASE.2020-04-10T03-34-42Z //<2>
+    hostname: minio1 
+    volumes:
+      - minio1-data:/export //<3>
+    ports:
+      - "9001:9000" //<4>
+    networks:
+      - minio_distributed //<5>
+    deploy:
+      restart_policy:
+        delay: 10s
+        max_attempts: 10
+        window: 60s
+      placement:
+        constraints:
+          - node.labels.minio1==true //<6>
+    command: server http://minio{1...4}/export //<7>
+    secrets: //<8>
+      - secret_key 
+      - access_key 
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] //<9>
+      interval: 30s
+      timeout: 20s
+      retries: 3
+
+  minio2: //<10>
+    image: minio/minio:RELEASE.2020-04-10T03-34-42Z
+    hostname: minio2 //<10>
+    volumes:
+      - minio2-data:/export //<11>
+    ports:
+      - "9002:9000" //<12>
+    networks:
+      - minio_distributed //<5>
+    deploy:
+      restart_policy:
+        delay: 10s
+        max_attempts: 10
+        window: 60s
+      placement:
+        constraints:
+          - node.labels.minio2==true //<13>
+    command: server http://minio{1...4}/export
+    secrets:
+      - secret_key
+      - access_key
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
+      interval: 30s
+      timeout: 20s
+      retries: 3
+
+  minio3:
+    image: minio/minio:RELEASE.2020-04-10T03-34-42Z
+    hostname: minio3
+    volumes:
+      - minio3-data:/export
+    ports:
+      - "9003:9000"
+    networks:
+      - minio_distributed //<5>
+    deploy:
+      restart_policy:
+        delay: 10s
+        max_attempts: 10
+        window: 60s
+      placement:
+        constraints:
+          - node.labels.minio3==true
+    command: server http://minio{1...4}/export
+    secrets:
+      - secret_key
+      - access_key
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
+      interval: 30s
+      timeout: 20s
+      retries: 3
+
+  minio4:
+    image: minio/minio:RELEASE.2020-04-10T03-34-42Z
+    hostname: minio4
+    volumes:
+      - minio4-data:/export
+    ports:
+      - "9004:9000"
+    networks:
+      - minio_distributed //<5>
+    deploy:
+      restart_policy:
+        delay: 10s
+        max_attempts: 10
+        window: 60s
+      placement:
+        constraints:
+          - node.labels.minio4==true
+    command: server http://minio{1...4}/export
+    secrets:
+      - secret_key
+      - access_key
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
+      interval: 30s
+      timeout: 20s
+      retries: 3
+
+  web:
+    image: nginx:1.17.9-alpine
+    deploy:
+      mode: replicated
+      restart_policy:
+        delay: 10s
+        max_attempts: 10
+        window: 60s
+      replicas: 2
+      placement:
+        max_replicas_per_node: 1
+        constraints:
+          - node.labels.group==minio //<14>
+    ports:
+      - "8080:80"
+      - "9443:443"
+    volumes: //<15>
+      - /PATH_to_FILE/minio.conf:/etc/nginx/conf.d/default.conf //<16>
+      - /PATH_to_FILE/public.crt:/etc/nginx/public.crt //<17>
+      - /PATH_to_FILE/private.key:/etc/nginx/private.key //<17>
+    networks:
+      - minio_distributed //<5>
+
+
+volumes:
+  minio1-data:
+
+  minio2-data:
+
+  minio3-data:
+
+  minio4-data:
+
+
+networks:
+  minio_distributed: //<5>
+    driver: overlay
+
+secrets:
+  secret_key:
+    external: true
+  access_key:
+    external: true
+                                               
+----
+<1> Service name
+<2> Image name
+<3> Volume to Use
+<4> Expose port
+<5> Network to Use
+<6> Node Placement 
+<7> Start server
+<8> insert secrets
+<9> health check command
+<10> *NEW* Service name
+<11> *NEW* Volume
+<12> *NEW* Port
+<13> *NEW* Label
+<14> Node Placement (Proxy)
+<15> Bind mount config files
+<16> Nginx config file
+<17> ssl keys
+                                                              
+
+
+=== Create config file (proxy)
+
+.nginx config
+[source,yaml]
+----
+upstream minio_servers {
+    server minio1:9000;  //<1>
+    server minio2:9000;  //<1>
+    server minio3:9000;  //<1>
+    server minio4:9000;  //<1>
+}
+proxy_cache_path /var/tmp levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off;
+server {
+    listen 80;
+    server_name name.example.org; //<2>
+    return 301 https://name.example.org$request_uri;  // <3>
+}
+server {
+ listen  443 ssl;
+ server_name name.example.org;
+
+ # To allow special characters in headers
+ ignore_invalid_headers off;
+ # Allow any size file to be uploaded.
+ # Set to a value such as 1000m; to restrict file size to a specific value
+ client_max_body_size 0;
+ # To disable buffering
+ proxy_buffering off;
+
+  ssl_certificate    /etc/nginx/public.crt; //<4>
+    ssl_certificate_key /etc/nginx/private.crt; //<4>
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+
+ location / {
+ proxy_cache      my_cache;
+   proxy_set_header X-Real-IP $remote_addr;
+   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+   proxy_set_header X-Forwarded-Proto $scheme;
+   proxy_set_header Host $http_host;
+
+    proxy_set_header X-NginX-Proxy true;
+    proxy_ssl_session_reuse off;
+    proxy_redirect off;
+
+
+   proxy_connect_timeout 300;
+   # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
+   proxy_http_version 1.1;
+   proxy_set_header Connection "";
+   chunked_transfer_encoding off;
+
+   #proxy_pass http://minio1:9000; # If you are using docker-compose this would be the hostname i.e. minio
+  proxy_pass http://minio_servers; // <5>
+   # Health Check endpoint might go here. See https://www.nginx.com/resources/wiki/modules/healthcheck/
+   # /minio/health/live;
+ }
+}
+
+----
+<1> Service names from yaml
+<2> Server name or IP
+<3> Redirect to https
+<4> keys 
+<5> pass to servers
+
+=== Copy files to nodes
+
+.cp files
+[source,yaml]
+----
+scp minio.conf zeus@*ip*:/PATH_to_FILE/minio.conf // <1>
+scp minio.conf zeus@*ip*:/PATH_to_FILE/minio.conf // <1>
+----
+<1> change *ip* (see <2> in http://docs.swarmlab.io/lab/swarm-volumes-storage-howto.adoc#_create_node_labels[create_node_labels]) and *PATH_to_FILE* (see <16> in http://docs.swarmlab.io/lab/swarm-volumes-storage-howto.adoc#_create_yaml_file[create_yaml_file])
+
+
+=== deploy
+
+.stack deploy
+[source,yaml]
+----
+docker stack deploy --compose-file=docker-compose.yaml minio_stack
+----
+
+=== Test MinIO in Browser
+
+Point your web browser to http://ip:9443
+
+image:./minio-browser.png[]
+
+== Install tools
+
+
+=== Install AWS CLI
+
+Universal Command Line Interface for Amazon Web Services 
+
+.aws cli
+[source,sh]
+----
+curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+unzip awscliv2.zip
+sudo ./aws/install
+----
+
+The AWS Command Line Interface (AWS CLI) is an open source tool that enables you to interact with AWS services using commands in your command-line shell
+
+
+=== Install mc client
+
+MinIO Client (mc) provides a modern alternative to UNIX commands like ls, cat, cp, mirror, diff, find etc. It supports filesystems and Amazon S3 compatible cloud storage service (AWS Signature v2 and v4).
+
+.mc
+[source,yaml]
+----
+wget https://dl.min.io/client/mc/release/linux-amd64/mc
+chmod +x mc
+./mc --help
+----
+
+
+