MinIO/MC: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
Line 98: Line 98:
{|class='wikitable mw-collapsible'
{|class='wikitable mw-collapsible'
!scope='col' style='width:1000px'|
!scope='col' style='width:1000px'|
'''MinIO » Policy » acl_academia_list'''
'''MinIO » Policy » iamAcademiaList'''
|-
|-
|valign='top'|
|valign='top'|

Revision as of 11:58, 2 July 2025

MinIO » MC » Install 

cat <<'EXE'| sudo bash
wget  -c https://dl.min.io/client/mc/release/linux-amd64/mc \
      -P /usr/local/bin/
chmod +x /usr/local/bin/mc
EXE
xdg-open http://minio.host.k8s.local &>/dev/null &

MC » Quick » Setup

MinIO » MC » Quick » Setup 

echo -n 'Username: ';read -s MC_ACCESS_KEY;export MC_ACCESS_KEY;echo
# Username: admin

echo -n 'Password: ';read -s MC_SECRET_KEY;export MC_SECRET_KEY;echo
# Password: sadaqah!

export MC_HOST_s3_minio_host_k8s_local_admin="http://${MC_ACCESS_KEY}:${MC_SECRET_KEY}@s3.minio.host.k8s.local"
mc ping        s3_minio_host_k8s_local_admin -c=3
mc ready       s3_minio_host_k8s_local_admin
mc admin info  s3_minio_host_k8s_local_admin
mc alias ls

EXPIRY_DATE="$(date --utc -d '+1 year' +'%Y-%m-%dT00:00:00%:z')";\
mc admin user svcacct add  s3_minio_host_k8s_local_admin ${MC_ACCESS_KEY} --expiry ${EXPIRY_DATE};\
             unset MC_HOST_s3_minio_host_k8s_local_admin;unset MC_ACCESS_KEY;unset MC_SECRET_KEY
:'
Access Key: HS7LQO7XFCJGWNU1OQ50
Secret Key: TkbFQXTXZjYquDhzfdFBUyguZF15s0W+OYrb3LXQ
Expiration: 2026-06-30 00:00:00 +0000 UTC
'

MC » Manage » Alias

MinIO » MC » Manage » Alias 

echo -n 'AccessKey: ';read -s MC_ACCESS_KEY;export MC_ACCESS_KEY;echo
# AccessKey: HS7LQO7XFCJGWNU1OQ50

echo -n 'SecretKey: ';read -s MC_SECRET_KEY;export MC_SECRET_KEY;echo
# SecretKey: TkbFQXTXZjYquDhzfdFBUyguZF15s0W+OYrb3LXQ

mc alias set   s3_minio_host_k8s_local_admin http://s3.minio.host.k8s.local ${MC_ACCESS_KEY} ${MC_SECRET_KEY}
mc ping        s3_minio_host_k8s_local_admin -c=3
mc ready       s3_minio_host_k8s_local_admin
mc admin info  s3_minio_host_k8s_local_admin
mc alias rm    s3_minio_host_k8s_local_admin
mc alias ls

MC » Manage » User

MinIO » MC » Manage » User 

set +o history
echo -e "academia\nsadaqah!" | \
mc admin user add s3_minio_host_k8s_local_admin
mc admin user add s3_minio_host_k8s_local_admin academia sadaqah!
set -o history

mc admin user list s3_minio_host_k8s_local_admin
mc admin user list s3_minio_host_k8s_local_admin --json|jq -rs ' .[].accessKey'
mc admin user list s3_minio_host_k8s_local_admin --json|jq -rs '[.[].accessKey]|join(" ")'

MC » Manage » Policy

MinIO » Policy » iamAcademiaList 

yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin iamAcademiaList /dev/stdin
---
Version: "2012-10-17"
Statement:
  - Effect: Allow
    Action:
      - s3:ListAllMyBuckets
    Resource:
      - arn:aws:s3:::academia/*
YML

mc admin policy info   s3_minio_host_k8s_local_admin iamAcademiaList|yq -P '.Policy'
mc admin policy rm     s3_minio_host_k8s_local_admin iamAcademiaList
mc admin policy ls     s3_minio_host_k8s_local_admin

MC » System » Policy

MinIO » Policy » consoleAdmin 

mc admin policy info   s3_minio_host_k8s_local_admin consoleAdmin|yq -P '.Policy'

yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin consoleAdmin /dev/stdin
---
Version: "2012-10-17"
Statement:
  - Effect: Allow
    Action:
      - admin:*
  - Effect: Allow
    Action:
      - kms:*
  - Effect: Allow
    Action:
      - s3:*
    Resource:
      - arn:aws:s3:::*
YML

MinIO » Policy » diagnostics 

mc admin policy info   s3_minio_host_k8s_local_admin diagnostics|yq -P '.Policy'

yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin diagnostics /dev/stdin
---
Version: "2012-10-17"
Statement:
  - Effect: Allow
    Action:
      - admin:TopLocksInfo
      - admin:BandwidthMonitor
      - admin:ConsoleLog
      - admin:OBDInfo
      - admin:Profiling
      - admin:Prometheus
      - admin:ServerInfo
      - admin:ServerTrace
    Resource:
      - arn:aws:s3:::*
YML

MinIO » Policy » readonly 

mc admin policy info   s3_minio_host_k8s_local_admin readonly|yq -P '.Policy'

yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin readonly /dev/stdin
---
Version: "2012-10-17"
Statement:
  - Effect: Allow
    Action:
      - s3:GetObject
      - s3:GetBucketLocation
    Resource:
      - arn:aws:s3:::*
YML

MinIO » Policy » readwrite 

mc admin policy info   s3_minio_host_k8s_local_admin readwrite|yq -P '.Policy'

yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin readwrite /dev/stdin
---
Version: "2012-10-17"
Statement:
  - Effect: Allow
    Action:
      - s3:*
    Resource:
      - arn:aws:s3:::*
YML

MinIO » Policy » writeonly 

mc admin policy info   s3_minio_host_k8s_local_admin writeonly|yq -P '.Policy'

yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin writeonly /dev/stdin
---
Version: "2012-10-17"
Statement:
  - Effect: Allow
    Action:
      - s3:PutObject
    Resource:
      - arn:aws:s3:::*
YML

MC » Manage » Bucket

MinIO » MC » Manage » Bucket 

mc ready  s3_minio_host_k8s_local_admin
mc mb     s3_minio_host_k8s_local_admin/academia
mc mb     s3_minio_host_k8s_local_admin/agronomy

mc mirror s3_minio_host_k8s_local_admin/academia \
          s3_minio_host_k8s_local_admin/agronomy
mc rb     s3_minio_host_k8s_local_admin/academia

MC » Manage » Service » AC

MinIO » MC » Manage » Service » AC 

mc admin user svcacct add  s3_minio_host_k8s_local_admin academia
mc admin user svcacct list s3_minio_host_k8s_local_admin academia

EXPIRY_DATE="$(date --utc -d '+1 year' +'%Y-%m-%dT00:00:00%:z')";\
mc admin user svcacct add  s3_minio_host_k8s_local_admin academia --expiry ${EXPIRY_DATE}

for key in $(\
mc admin user svcacct list s3_minio_host_k8s_local_admin academia --json|jq -rs '[.[].accessKey]|join(" ")');do \
mc admin user svcacct rm   s3_minio_host_k8s_local_admin ${key};done

Create » Random » Key

Access Key Time (Seconds)
Real User System Status
time echo "$(cat /dev/urandom|tr -dc 'A-Za-z0-9'|head -c 20)" 0.007 0.001 0.012 🟢
time echo "$(openssl rand -base64 16|tr -d /=+|cut -c1-20)" 0.009 0.002 0.012 🟡
time echo "$(openssl rand -hex 12|tr -d /=+|cut -c1-20)" 0.008 0.003 0.009 🟡
time echo "$(makepasswd --chars 20)" 0.023 0.020 0.003 🔴
Secret Key Time (Seconds)
Real User System Status
time echo "$(cat /dev/urandom|tr -dc 'A-Za-z0-9'|head -c 40)" 0.006 0.003 0.007 🟢
time echo "$(openssl rand -base64 32|tr -d /=+|cut -c1-40)" 0.007 0.003 0.009 🟡
time echo "$(openssl rand -hex 24|tr -d /=+|cut -c1-40)" 0.009 0.003 0.011 🟡
time echo "$(makepasswd --chars 40)" 0.021 0.016 0.005 🔴

Playground

MinIO » MC » Playground 

jq -r '.aliases.s3_minio_host_k8s_local_admin' ~/.mc/config.json
mc alias export s3_minio_host_k8s_local_admin|jq -r .
mc alias remove s3_minio_host_k8s_local_admin
mc admin info   s3_minio_host_k8s_local_admin

jq -r '.aliases|keys[]' ~/.mc/config.json
mc alias list

cat <<'JSN'| mc alias import s3_minio_host_k8s_local_admin
{ "url": "http://s3.minio.host.k8s.local",
  "accessKey": "admin",
  "secretKey": "sadaqah!",
  "path": "auto",
  "api": "s3v4" }
JSN

set +o history
echo -e "academia\nsadaqah!" | \
mc admin user add s3_minio_host_k8s_local_admin
set -o history

References

Retrieved from "https://wiki.chorke.org/index.php?title=MinIO/MC&oldid=15179"