Dear-夜下小灼

没有眼泪,最有性感的技巧——北上广不相信眼泪

MINIO分布式部署

MINIO是一个基于GNU AGPL v3.0协议的分布式高性能Simple Storage Service简单存储服务方案。从RELEASE.2025-10-15T17-29-55Z版本开始,只提供源码版本,不再提供编译好的发行版本了。目前的一些Docker镜像使用的都是之前的一些老版本,存在CVE安全漏洞。

一、服务器准备
Ubuntu 10.80.251.143 /mnt/data1 /mnt/data2 分别挂载4TB磁盘,格式为xfs
Ubuntu 10.80.251.141 /mnt/data1 /mnt/data2 分别挂载4TB磁盘,格式为xfs
赋予当前用户数据目录的权限

chown -R server:server /mnt/data1 /mnt/data2

二、源码编译生成可执行的minio文件
先将github上面的源码编译成二进制文件,这一步可能存在网络问题,需要科学处理。源码及编译位置为/home/server/software/minio目录,编译后在该目录会得到一个minio文件。

赋予minio文件可执行的权限

server@server:~/software/minio$ chmod +x minio

三、添加环境变量

vim ~/.bashrc

#minio
export MINIO_HOME=$HOME/software/minio
export PATH=$PATH:$MINIO_HOME

source ~/.bashrc

四、创建 systemd 系统启动服务文件
修改对应的执行路径和User Group

vim /usr/lib/systemd/system/minio.service

[Unit]
Description=MinIO
Documentation=https://minio.org.cn/docs/minio/linux/index.html
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/home/server/software/minio/minio

[Service]
WorkingDirectory=/usr/local

User=server
Group=server
ProtectProc=invisible

EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/home/server/software/minio/minio server $MINIO_OPTS $MINIO_VOLUMES

# MinIO RELEASE.2023-05-04T21-44-30Z adds support for Type=notify (https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=)
# This may improve systemctl setups where other services use `After=minio.server`
# Uncomment the line to enable the functionality
# Type=notify

# Let systemd restart this service always
Restart=always

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536

# Specifies the maximum number of threads this process can create
TasksMax=infinity

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no

[Install]
WantedBy=multi-user.target

# Built for ${project.name}-${project.version} (${project.name})

五、创建服务环变变量配置文件
修改两台服务器的本地hosts,添加本地dns映射

vim /etc/hosts
127.0.0.1 localhost
127.0.1.1 server
10.80.251.143 minio1.runs.wang
10.80.251.141 minio2.runs.wang

添加专属环境变量文件,9001是网页界面端口,9000是api端口

vim /etc/default/minio

# Set the hosts and volumes MinIO uses at startup
# The command uses MinIO expansion notation {x...y} to denote a
# sequential series.
#
# The following example covers four MinIO hosts
# with 4 drives each at the specified hostname and drive locations.
# The command includes the port that each MinIO server listens on
# (default 9000)

MINIO_VOLUMES="http://minio{1...2}.runs.wang:9000/mnt/data{1...2}"

# Set all MinIO server options
#
# The following explicitly sets the MinIO控制台 listen address to
# port 9001 on all network interfaces. The default behavior is dynamic
# port selection.

MINIO_OPTS="--console-address :9001"

# Set the root username. This user has unrestricted permissions to
# perform S3 and administrative API operations on any resource in the
# deployment.
#
# Defer to your organizations requirements for superadmin user name.

MINIO_ROOT_USER=your_admin_account

# Set the root password
#
# Use a long, random, unique string that meets your organizations
# requirements for passwords.

MINIO_ROOT_PASSWORD=your_admin_password

六、运行MinIO

sudo systemctl start minio
sudo systemctl status minio
journalctl -f -u minio

使用your_admin_account/your_admin_password访问浏览器web端
http://10.80.251.141:9001
http://10.80.251.143:9001

七、下载mc客户端

curl --progress-bar -L https://dl.min.io/aistor/mc/release/linux-amd64/mc --create-dirs -o $HOME/software/aistorbinaries/mc
chmod +x $HOME/software/aistorbinaries/mc

vim ~/.bashrc
# mc
export MC_HOME=$HOME/software/aistorbinaries
export PATH=$PATH:$MC_HOME
source ~/.bashrc

八、使用mc创建新用户并赋予某个桶的权限

设置MinIO服务别名

mc alias set myminio https://10.80.251.143:9000 your_admin_account your_admin_password

为MinIO服务添加新用户

mc admin user add myminio myuser myuserpassword

创建策略文件
vim my-user-policy.json

JSON
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::mybucket",
                "arn:aws:s3:::mybucket/*"
            ]
        }
    ]
}

根据策略文件创建策略

mc admin policy create myminio my-user-policy my-user-policy.json

将策略attach到用户

mc admin policy attach myminio my-user-policy --user myuser

使用myuser /myuserpassword访问浏览器web端
http://10.80.251.141:9001
http://10.80.251.143:9001

References:
《多节点多硬盘部署》
《MinIO GitHub》
《MINIO》