MinIO/MC: Difference between revisions
Jump to navigation
Jump to search
| Line 113: | Line 113: | ||
- arn:aws:s3:::academia/* | - arn:aws:s3:::academia/* | ||
YML | YML | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 119: | Line 118: | ||
|valign='top'| | |valign='top'| | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
mc admin policy info s3_minio_host_k8s_local_admin iamAcademiaList|yq -P '.Policy' | |||
mc admin policy rm s3_minio_host_k8s_local_admin iamAcademiaList | mc admin policy rm s3_minio_host_k8s_local_admin iamAcademiaList | ||
mc admin policy ls s3_minio_host_k8s_local_admin | mc admin policy ls s3_minio_host_k8s_local_admin | ||
Revision as of 02:40, 2 July 2025
|
MinIO » MC » Install |
|---|
cat <<'EXE'| sudo bash
wget -c https://dl.min.io/client/mc/release/linux-amd64/mc \
-P /usr/local/bin/
chmod +x /usr/local/bin/mc
EXE
xdg-open http://minio.host.k8s.local &>/dev/null &
|
MC » Quick » Setup
|
MinIO » MC » Quick » Setup |
|---|
echo -n 'Username: ';read -s MC_ACCESS_KEY;export MC_ACCESS_KEY;echo
# Username: admin
echo -n 'Password: ';read -s MC_SECRET_KEY;export MC_SECRET_KEY;echo
# Password: sadaqah!
export MC_HOST_s3_minio_host_k8s_local_admin="http://${MC_ACCESS_KEY}:${MC_SECRET_KEY}@s3.minio.host.k8s.local"
mc ping s3_minio_host_k8s_local_admin -c=3
mc ready s3_minio_host_k8s_local_admin
mc admin info s3_minio_host_k8s_local_admin
mc alias ls
EXPIRY_DATE="$(date --utc -d '+1 year' +'%Y-%m-%dT00:00:00%:z')";\
mc admin user svcacct add s3_minio_host_k8s_local_admin ${MC_ACCESS_KEY} --expiry ${EXPIRY_DATE};\
unset MC_HOST_s3_minio_host_k8s_local_admin;unset MC_ACCESS_KEY;unset MC_SECRET_KEY
:'
Access Key: HS7LQO7XFCJGWNU1OQ50
Secret Key: TkbFQXTXZjYquDhzfdFBUyguZF15s0W+OYrb3LXQ
Expiration: 2026-06-30 00:00:00 +0000 UTC
'
|
MC » Manage » Alias
|
MinIO » MC » Manage » Alias |
|---|
echo -n 'AccessKey: ';read -s MC_ACCESS_KEY;export MC_ACCESS_KEY;echo
# AccessKey: HS7LQO7XFCJGWNU1OQ50
echo -n 'SecretKey: ';read -s MC_SECRET_KEY;export MC_SECRET_KEY;echo
# SecretKey: TkbFQXTXZjYquDhzfdFBUyguZF15s0W+OYrb3LXQ
mc alias set s3_minio_host_k8s_local_admin http://s3.minio.host.k8s.local ${MC_ACCESS_KEY} ${MC_SECRET_KEY}
mc ping s3_minio_host_k8s_local_admin -c=3
mc ready s3_minio_host_k8s_local_admin
mc admin info s3_minio_host_k8s_local_admin
mc alias rm s3_minio_host_k8s_local_admin
mc alias ls
|
MC » Manage » User
|
MinIO » MC » Manage » User |
|---|
set +o history
echo -e "academia\nsadaqah!" | \
mc admin user add s3_minio_host_k8s_local_admin
mc admin user add s3_minio_host_k8s_local_admin academia sadaqah!
set -o history
mc admin user list s3_minio_host_k8s_local_admin
mc admin user list s3_minio_host_k8s_local_admin --json|jq -rs ' .[].accessKey'
mc admin user list s3_minio_host_k8s_local_admin --json|jq -rs '[.[].accessKey]|join(" ")'
|
MC » Manage » Policy
|
MinIO » Policy » acl_academia_list |
|---|
yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin iamAcademiaList /dev/stdin
---
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- s3:ListAllMyBuckets
Resource:
- arn:aws:s3:::academia/*
YML
|
mc admin policy info s3_minio_host_k8s_local_admin iamAcademiaList|yq -P '.Policy'
mc admin policy rm s3_minio_host_k8s_local_admin iamAcademiaList
mc admin policy ls s3_minio_host_k8s_local_admin
|
MC » System » Policy
|
MinIO » Policy » consoleAdmin |
|---|
mc admin policy info s3_minio_host_k8s_local_admin consoleAdmin|yq -P '.Policy'
yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin consoleAdmin /dev/stdin
---
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- admin:*
- Effect: Allow
Action:
- kms:*
- Effect: Allow
Action:
- s3:*
Resource:
- arn:aws:s3:::*
YML
|
|
MinIO » Policy » diagnostics |
|---|
mc admin policy info s3_minio_host_k8s_local_admin diagnostics|yq -P '.Policy'
yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin diagnostics /dev/stdin
---
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- admin:TopLocksInfo
- admin:BandwidthMonitor
- admin:ConsoleLog
- admin:OBDInfo
- admin:Profiling
- admin:Prometheus
- admin:ServerInfo
- admin:ServerTrace
Resource:
- arn:aws:s3:::*
YML
|
|
MinIO » Policy » readonly |
|---|
mc admin policy info s3_minio_host_k8s_local_admin readonly|yq -P '.Policy'
yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin readonly /dev/stdin
---
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- s3:GetObject
- s3:GetBucketLocation
Resource:
- arn:aws:s3:::*
YML
|
|
MinIO » Policy » readwrite |
|---|
mc admin policy info s3_minio_host_k8s_local_admin readwrite|yq -P '.Policy'
yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin readwrite /dev/stdin
---
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- s3:*
Resource:
- arn:aws:s3:::*
YML
|
|
MinIO » Policy » writeonly |
|---|
mc admin policy info s3_minio_host_k8s_local_admin writeonly|yq -P '.Policy'
yq -o=json <<'YML'| \
mc admin policy create s3_minio_host_k8s_local_admin writeonly /dev/stdin
---
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- s3:PutObject
Resource:
- arn:aws:s3:::*
YML
|
MC » Manage » Bucket
|
MinIO » MC » Manage » Bucket | |
|---|---|
mc ready s3_minio_host_k8s_local_admin
mc mb s3_minio_host_k8s_local_admin/academia
mc mb s3_minio_host_k8s_local_admin/agronomy
|
mc mirror s3_minio_host_k8s_local_admin/academia \
s3_minio_host_k8s_local_admin/agronomy
mc rb s3_minio_host_k8s_local_admin/academia
|
MC » Manage » Service » AC
|
MinIO » MC » Manage » Service » AC |
|---|
mc admin user svcacct add s3_minio_host_k8s_local_admin academia
mc admin user svcacct list s3_minio_host_k8s_local_admin academia
EXPIRY_DATE="$(date --utc -d '+1 year' +'%Y-%m-%dT00:00:00%:z')";\
mc admin user svcacct add s3_minio_host_k8s_local_admin academia --expiry ${EXPIRY_DATE}
for key in $(\
mc admin user svcacct list s3_minio_host_k8s_local_admin academia --json|jq -rs '[.[].accessKey]|join(" ")');do \
mc admin user svcacct rm s3_minio_host_k8s_local_admin ${key};done
|
Create » Random » Key
| Access Key | Time (Seconds) | |||
|---|---|---|---|---|
| Real | User | System | Status | |
time echo "$(cat /dev/urandom|tr -dc 'A-Za-z0-9'|head -c 20)" |
0.007 | 0.001 | 0.012 | 🟢 |
time echo "$(openssl rand -base64 16|tr -d /=+|cut -c1-20)" |
0.009 | 0.002 | 0.012 | 🟡 |
time echo "$(openssl rand -hex 12|tr -d /=+|cut -c1-20)" |
0.008 | 0.003 | 0.009 | 🟡 |
time echo "$(makepasswd --chars 20)" |
0.023 | 0.020 | 0.003 | 🔴 |
| Secret Key | Time (Seconds) | |||
|---|---|---|---|---|
| Real | User | System | Status | |
time echo "$(cat /dev/urandom|tr -dc 'A-Za-z0-9'|head -c 40)" |
0.006 | 0.003 | 0.007 | 🟢 |
time echo "$(openssl rand -base64 32|tr -d /=+|cut -c1-40)" |
0.007 | 0.003 | 0.009 | 🟡 |
time echo "$(openssl rand -hex 24|tr -d /=+|cut -c1-40)" |
0.009 | 0.003 | 0.011 | 🟡 |
time echo "$(makepasswd --chars 40)" |
0.021 | 0.016 | 0.005 | 🔴 |
Playground
|
MinIO » MC » Playground | |
|---|---|
jq -r '.aliases.s3_minio_host_k8s_local_admin' ~/.mc/config.json
mc alias export s3_minio_host_k8s_local_admin|jq -r .
mc alias remove s3_minio_host_k8s_local_admin
mc admin info s3_minio_host_k8s_local_admin
jq -r '.aliases|keys[]' ~/.mc/config.json
mc alias list
|
cat <<'JSN'| mc alias import s3_minio_host_k8s_local_admin
{ "url": "http://s3.minio.host.k8s.local",
"accessKey": "admin",
"secretKey": "sadaqah!",
"path": "auto",
"api": "s3v4" }
JSN
|
set +o history
echo -e "academia\nsadaqah!" | \
mc admin user add s3_minio_host_k8s_local_admin
set -o history
|
|
References
|
| |||
|
| |||