Minio S3

Posted on September 26, 2021 by Tom Hamilton
Reading Time: 3 minutes

MiniIO is a S3 High performance Object Storage server released under GNU. It is capable of replication and load balancing to provide a high degree of performance and reliability.

In this section we will discuss 3 things.

The Minio S3 Server.
The Minio S3 Client
The AWS Client

Additional Clients are:
Cyberduck – A long standing file exchange client.
Filezilla Pro – As of 2021 there may very well be a problem with Filezilla Pro. It appears to be focused on connecting to AWS Regions. I do not know if this problem persists.

GOAL 1: Let’s install the MinIO server. Fortunately this is simple.

STEP 1:

wget https://dl.minio.io/server/minio/release/linux-amd64/minio

STEP 2:

chmod +x minio

STEP 3:

sudo ./minio server /minio

Note: we will discuss a few things next, like how to configure a certificate.

HOW to use SSL

There are a number of ways to create a SSL. In this instance we are going to explore the use of a utility called certgen which is provided for from a minio GIT repository. We could have just as easily have used OpenSSL. We could have used or created a certificate using “Let’s Encrypt” or using Python and the Cryptography module.

git clone https://github.com/minio/certgen.git

Now GO is not my go to language of choice. I have only used it to explore the language. So it might be the case that you will need to install parts of the GO development library in order to create a workable version of “certgen”. I will take a slight pause at the fact that the MinIO binary was provided for us.

To install “go” in ubuntu you can do the following:

snap install go --classic

So it should be installed. We can see what version we are using by inquiring about the version/release.

root@node:/home/user/certgen# go version
go version go1.16.7 linux/amd64

Now it’s time to build it.

export GOPATH=/home/user/certgen
go build certgen.go

Now that we have built the command we can use it to create a self signed cert with an IP Address.

root@node:/home/user/certgen# ./certgen --host 192.168.150.110
2021/09/26 14:10:47 wrote public.crt
2021/09/26 14:10:47 wrote private.key

The cert will be of the form:

Version V3
Signature hash algorithm: SHA256
Public Key: RSA (2048 Bits)
Subject: Acme Co
Subject Alternative Name: IP Address = 192.168.150.110
Basic Contstraings:
Subject Type=End Entity
Path Length Contraint=None

Now we can copy these over more useful location:
I choose /root/minio/certs because this is listed as the default directory. ( when in Rome … )

cp private.key /root/.minio/certs
cp public.crt /root/.minio/certs

NOTE: If Minio learns it can use uses CERTS it will launch the portal to use HTTPS insteap of HTTPS.

Now we can:

./minio server /mnt/storage

This assumes that in the /mnt directory you have create a folder named storage
Perhaps you have mounted another disk or storage system to this.

We might want to use the Minio CLI. To get this we simply

STEP 1:

$ wget https://dl.minio.io/client/mc/release/linux-amd64/mc

Alternatively we might can use the AWS CLI.

C:\Users\User>aws --endpoint-url https://192.168.150.110:9000 s3 ls test
2021-09-26 08:37:09 13073 Untitled.png
2021-09-26 09:26:09 3 test.txt

In this cheesy example we will pretended that I created an access_key and secret_key of ec2-user.

aws configure set access_key ec2-user
aws configure set secret_key ec2-user

To list the AWS configuration information:

C:\Users\User.aws>aws configure list
Name Value Type Location
---- ----- ---- --------
profile None None
access_key user shared-credentials-file
secret_key user shared-credentials-file
region None None

If you want to use SSL and not have to specify the –no-verify-ssl option, then you need to set the AWS_CA_BUNDLE environment variable. I will come back and visit this as I was not able to snap my fingers and get this to work.

aws --no-verify-ssl --endpoint-url https://192.168.150.110:9000 s3 ls
aws --no-verify-ssl --endpoint-url https://192.168.150.110:9000 s3 ls s3://test

It may be the case that you will want to install this as a service. For a linux based system the easiest way to do this might be to simply create an entry for the service.

cat <<EOF | sudo tee /etc/systemd/system/minio.service
[Unit]
Description=minio

[Service]
WorkingDirectory=/Home/user
ExecStart=/home/user/minio server /mnt storage

[install]
WantedBy=multi-user.target
EOF

Time to reload the daemon; start the service and then inquire as to its status.

sudo systemctl daemon-reload
sudo systemctl start minio.service
sudo service minio status

URLS:
https://linuxhint.com/installing_minio_ubuntu/

This entry was posted in AWS, Storage. Bookmark the permalink.