2021-01-14 23:52:57 -05:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
2021-09-20 21:24:24 -04:00
|
|
|
# Create buckets with versioning and object locking enabled.
|
|
|
|
|
mc mb -l source/bucket
|
|
|
|
|
mc mb -l dest/bucket
|
2021-01-14 23:52:57 -05:00
|
|
|
|
|
|
|
|
#### Create a replication admin on source alias
|
|
|
|
|
# create a replication admin user : repladmin
|
|
|
|
|
mc admin user add source repladmin repladmin123
|
|
|
|
|
|
|
|
|
|
# create a replication policy for repladmin
|
|
|
|
|
cat > repladmin-policy-source.json <<EOF
|
|
|
|
|
{
|
|
|
|
|
"Version": "2012-10-17",
|
|
|
|
|
"Statement": [
|
|
|
|
|
{
|
|
|
|
|
"Action": [
|
|
|
|
|
"admin:SetBucketTarget",
|
|
|
|
|
"admin:GetBucketTarget"
|
|
|
|
|
],
|
|
|
|
|
"Effect": "Allow",
|
|
|
|
|
"Sid": ""
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"Effect": "Allow",
|
|
|
|
|
"Action": [
|
|
|
|
|
"s3:GetReplicationConfiguration",
|
2021-04-07 18:56:02 -04:00
|
|
|
"s3:PutReplicationConfiguration",
|
2021-01-14 23:52:57 -05:00
|
|
|
"s3:ListBucket",
|
|
|
|
|
"s3:ListBucketMultipartUploads",
|
|
|
|
|
"s3:GetBucketLocation",
|
|
|
|
|
"s3:GetBucketVersioning"
|
|
|
|
|
],
|
|
|
|
|
"Resource": [
|
|
|
|
|
"arn:aws:s3:::bucket"
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
EOF
|
2023-03-21 02:38:06 -04:00
|
|
|
mc admin policy create source repladmin-policy ./repladmin-policy-source.json
|
2021-01-14 23:52:57 -05:00
|
|
|
cat ./repladmin-policy-source.json
|
|
|
|
|
|
|
|
|
|
#assign this replication policy to repladmin
|
2023-03-21 02:38:06 -04:00
|
|
|
mc admin policy attach source repladmin-policy --user=repladmin
|
2021-01-14 23:52:57 -05:00
|
|
|
|
|
|
|
|
### on dest alias
|
|
|
|
|
# Create a replication user : repluser on dest alias
|
|
|
|
|
mc admin user add dest repluser repluser123
|
|
|
|
|
|
|
|
|
|
# create a replication policy for repluser
|
|
|
|
|
# Remove "s3:GetBucketObjectLockConfiguration" if object locking is not enabled, i.e. bucket was not created with `mc mb --with-lock` option
|
|
|
|
|
# Remove "s3:ReplicateDelete" if delete marker replication is not required
|
|
|
|
|
cat > replpolicy.json <<EOF
|
|
|
|
|
{
|
|
|
|
|
"Version": "2012-10-17",
|
|
|
|
|
"Statement": [
|
|
|
|
|
{
|
|
|
|
|
"Effect": "Allow",
|
|
|
|
|
"Action": [
|
|
|
|
|
"s3:GetReplicationConfiguration",
|
|
|
|
|
"s3:ListBucket",
|
|
|
|
|
"s3:ListBucketMultipartUploads",
|
|
|
|
|
"s3:GetBucketLocation",
|
|
|
|
|
"s3:GetBucketVersioning",
|
|
|
|
|
"s3:GetBucketObjectLockConfiguration"
|
|
|
|
|
],
|
|
|
|
|
"Resource": [
|
|
|
|
|
"arn:aws:s3:::bucket"
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"Effect": "Allow",
|
|
|
|
|
"Action": [
|
|
|
|
|
"s3:GetReplicationConfiguration",
|
|
|
|
|
"s3:ReplicateTags",
|
|
|
|
|
"s3:AbortMultipartUpload",
|
|
|
|
|
"s3:GetObject",
|
|
|
|
|
"s3:GetObjectVersion",
|
|
|
|
|
"s3:GetObjectVersionTagging",
|
|
|
|
|
"s3:PutObject",
|
|
|
|
|
"s3:DeleteObject",
|
|
|
|
|
"s3:ReplicateObject",
|
|
|
|
|
"s3:ReplicateDelete"
|
|
|
|
|
],
|
|
|
|
|
"Resource": [
|
|
|
|
|
"arn:aws:s3:::bucket/*"
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
EOF
|
2023-03-21 02:38:06 -04:00
|
|
|
mc admin policy create dest replpolicy ./replpolicy.json
|
2021-01-14 23:52:57 -05:00
|
|
|
cat ./replpolicy.json
|
|
|
|
|
|
2021-09-20 21:24:24 -04:00
|
|
|
# assign this replication policy to repluser
|
2023-03-21 02:38:06 -04:00
|
|
|
mc admin policy attach dest replpolicy --user=repluser
|
2021-01-14 23:52:57 -05:00
|
|
|
|
2023-01-04 01:54:39 -05:00
|
|
|
# configure replication config to remote bucket at http://localhost:9000
|
|
|
|
|
mc replicate add source/bucket --priority 1 --remote-bucket http://repluser:repluser123@localhost:9000/bucket \
|
2021-09-20 21:24:24 -04:00
|
|
|
--replicate existing-objects,delete,delete-marker,replica-metadata-sync
|
