Minio是一种简单,快速且符合AWS S3的对象存储。Minio旨在承载非结构化数据,例如照片,视频,日志文件,备份。Minio还支持分布式模式,该模式可将多个驱动器连接到同一存储服务器上的对象,包括位于不同计算机上的对象。
这篇文章的目的是配置minio,以便每个用户只能使用自己的存储桶。
通常,Minio适用于以下情况:
- 可通过S3访问的可靠文件系统之上的无复制存储(位于NAS和SAN上的中小型存储);
- 具有S3访问权限(用于开发和测试)的不受信任的文件系统之上的无复制存储;
- 在具有S3访问权限的同一机架中的一小组服务器上的复制存储(故障域等于机架的故障安全存储)。
在RedHat系统上,我们连接非官方的Minio存储库。
yum -y install yum-plugin-copr
yum copr enable -y lkiesow/minio
yum install -y minio minio-mc
我们在/etc/minio/minio.conf中生成并添加到MINIO_ACCESS_KEY和MINIO_SECRET_KEY。
# Custom username or access key of minimum 3 characters in length.
MINIO_ACCESS_KEY=
# Custom password or secret key of minimum 8 characters in length.
MINIO_SECRET_KEY=
如果在Minio之前不使用nginx,则需要进行更改。
--address 127.0.0.1:9000
在
--address 0.0.0.0:9000
启动Minio。
systemctl start minio
创建与Minio的连接,称为myminio。
minio-mc config host add myminio http://localhost:9000 MINIO_ACCESS_KEY
MINIO_SECRET_KEY
创建存储桶user1bucket。
minio-mc mb myminio/user1bucket
bucket user2bucket.
minio-mc mb myminio/user2bucket
user1-policy.json.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:PutBucketPolicy",
"s3:GetBucketPolicy",
"s3:DeleteBucketPolicy",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::user1bucket"
],
"Sid": ""
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::user1bucket/*"
],
"Sid": ""
}
]
}
user2-policy.json.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:PutBucketPolicy",
"s3:GetBucketPolicy",
"s3:DeleteBucketPolicy",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::user2bucket"
],
"Sid": ""
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::user2bucket/*"
],
"Sid": ""
}
]
}
user1 test12345.
minio-mc admin user add myminio user1 test12345
user2 test54321.
minio-mc admin user add myminio user2 test54321
Minio user1-policy user1-policy.json.
minio-mc admin policy add myminio user1-policy user1-policy.json
Minio user2-policy user2-policy.json.
minio-mc admin policy add myminio user2-policy user2-policy.json
user1-policy user1.
minio-mc admin policy set myminio user1-policy user=user1
user2-policy user2.
minio-mc admin policy set myminio user2-policy user=user2
minio-mc admin user list myminio
enabled user1 user1-policy
enabled user2 user2-policy
http://ip----minio:9000/minio/
Minio MINIO_ACCESS_KEY=user1. bucket user1bucket.
bucket , Action .
在存储桶user1bucket中创建一个文件。
在MINIO_ACCESS_KEY = user2下连接到Minio。桶user2bucket对我们可用。
而且我们既看不到user1bucket也看不到user1bucket中的文件。
在Minio上创建电报聊天https://t.me/minio_s3_zh