diff --git a/Dockerfile b/Dockerfile index f48928ce9..619c194a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,6 +15,8 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3 ENV MINIO_ACCESS_KEY_FILE=access_key \ MINIO_SECRET_KEY_FILE=secret_key \ + MINIO_ROOT_USER_FILE=access_key \ + MINIO_ROOT_PASSWORD_FILE=secret_key \ MINIO_KMS_MASTER_KEY_FILE=kms_master_key \ MINIO_SSE_MASTER_KEY_FILE=sse_master_key \ MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" diff --git a/Dockerfile.cicd b/Dockerfile.cicd index d35e4e9be..85e43cc82 100644 --- a/Dockerfile.cicd +++ b/Dockerfile.cicd @@ -17,6 +17,8 @@ ARG TARGETARCH ENV MINIO_ACCESS_KEY_FILE=access_key \ MINIO_SECRET_KEY_FILE=secret_key \ + MINIO_ROOT_USER_FILE=access_key \ + MINIO_ROOT_PASSWORD_FILE=secret_key \ MINIO_KMS_MASTER_KEY_FILE=kms_master_key \ MINIO_SSE_MASTER_KEY_FILE=sse_master_key \ MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" diff --git a/Dockerfile.dev b/Dockerfile.dev index f92ac6afd..cc3496718 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -12,6 +12,8 @@ COPY LICENSE /licenses/LICENSE ENV MINIO_UPDATE=off \ MINIO_ACCESS_KEY_FILE=access_key \ MINIO_SECRET_KEY_FILE=secret_key \ + MINIO_ROOT_USER_FILE=access_key \ + MINIO_ROOT_PASSWORD_FILE=secret_key \ MINIO_KMS_MASTER_KEY_FILE=kms_master_key \ MINIO_SSE_MASTER_KEY_FILE=sse_master_key diff --git a/Dockerfile.release b/Dockerfile.release index f0b41db24..dae072150 100644 --- a/Dockerfile.release +++ b/Dockerfile.release @@ -12,6 +12,8 @@ LABEL name="MinIO" \ ENV MINIO_ACCESS_KEY_FILE=access_key \ MINIO_SECRET_KEY_FILE=secret_key \ + MINIO_ROOT_USER_FILE=access_key \ + MINIO_ROOT_PASSWORD_FILE=secret_key \ MINIO_KMS_MASTER_KEY_FILE=kms_master_key \ MINIO_SSE_MASTER_KEY_FILE=sse_master_key \ MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" diff --git a/README.md b/README.md index 33d67b935..29c155aa4 100644 --- a/README.md +++ b/README.md @@ -9,16 +9,16 @@ MinIO is a High Performance Object Storage released under Apache License v2.0. I ### Stable ``` docker run -p 9000:9000 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ minio/minio server /data ``` ### Edge ``` docker run -p 9000:9000 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ minio/minio:edge server /data ``` diff --git a/README_zh_CN.md b/README_zh_CN.md index 724ad62fa..54308e5e8 100644 --- a/README_zh_CN.md +++ b/README_zh_CN.md @@ -8,16 +8,16 @@ MinIO是一个非常轻量的服务,可以很简单的和其他应用的结合 ### 稳定版 ``` docker run -p 9000:9000 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ minio/minio server /data ``` ### 尝鲜版 ``` docker run -p 9000:9000 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ minio/minio:edge server /data ``` diff --git a/buildscripts/gateway-tests.sh b/buildscripts/gateway-tests.sh deleted file mode 100755 index 63e7dfaab..000000000 --- a/buildscripts/gateway-tests.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash -# -# MinIO Cloud Storage, (C) 2019 MinIO, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -set -e -set -E -set -o pipefail - -function start_minio_server() -{ - MINIO_ACCESS_KEY=minio MINIO_SECRET_KEY=minio123 \ - minio --quiet --json server /data --address 127.0.0.1:24242 > server.log 2>&1 & - server_pid=$! - sleep 10 - - echo "$server_pid" -} - -function start_minio_gateway_s3() -{ - MINIO_ACCESS_KEY=minio MINIO_SECRET_KEY=minio123 \ - minio --quiet --json gateway s3 http://127.0.0.1:24242 \ - --address 127.0.0.1:24240 > gateway.log 2>&1 & - gw_pid=$! - sleep 10 - - echo "$gw_pid" -} - -function main() -{ - sr_pid="$(start_minio_server)" - gw_pid="$(start_minio_gateway_s3)" - - SERVER_ENDPOINT=127.0.0.1:24240 ENABLE_HTTPS=0 ACCESS_KEY=minio \ - SECRET_KEY=minio123 MINT_MODE="full" /mint/entrypoint.sh \ - aws-sdk-go aws-sdk-java aws-sdk-php aws-sdk-ruby awscli \ - healthcheck mc minio-dotnet minio-js \ - minio-py s3cmd s3select security - rv=$? - - kill "$sr_pid" - kill "$gw_pid" - sleep 3 - - if [ "$rv" -ne 0 ]; then - echo "=========== Gateway ===========" - cat "gateway.log" - echo "=========== Server ===========" - cat "server.log" - fi - - rm -f gateway.log server.log -} - -main "$@" diff --git a/buildscripts/verify-build.sh b/buildscripts/verify-build.sh index 046ca757a..a53b367f1 100755 --- a/buildscripts/verify-build.sh +++ b/buildscripts/verify-build.sh @@ -63,8 +63,8 @@ function start_minio_erasure_sets() function start_minio_pool_erasure_sets() { - export MINIO_ACCESS_KEY=$ACCESS_KEY - export MINIO_SECRET_KEY=$SECRET_KEY + export MINIO_ROOT_USER=$ACCESS_KEY + export MINIO_ROOT_PASSWORD=$SECRET_KEY export MINIO_ENDPOINTS="http://127.0.0.1:9000${WORK_DIR}/pool-disk-sets{1...4} http://127.0.0.1:9001${WORK_DIR}/pool-disk-sets{5...8}" "${MINIO[@]}" server --address ":9000" > "$WORK_DIR/pool-minio-9000.log" 2>&1 & "${MINIO[@]}" server --address ":9001" > "$WORK_DIR/pool-minio-9001.log" 2>&1 & @@ -74,8 +74,8 @@ function start_minio_pool_erasure_sets() function start_minio_pool_erasure_sets_ipv6() { - export MINIO_ACCESS_KEY=$ACCESS_KEY - export MINIO_SECRET_KEY=$SECRET_KEY + export MINIO_ROOT_USER=$ACCESS_KEY + export MINIO_ROOT_PASSWORD=$SECRET_KEY export MINIO_ENDPOINTS="http://[::1]:9000${WORK_DIR}/pool-disk-sets{1...4} http://[::1]:9001${WORK_DIR}/pool-disk-sets{5...8}" "${MINIO[@]}" server --address="[::1]:9000" > "$WORK_DIR/pool-minio-ipv6-9000.log" 2>&1 & "${MINIO[@]}" server --address="[::1]:9001" > "$WORK_DIR/pool-minio-ipv6-9001.log" 2>&1 & @@ -85,8 +85,8 @@ function start_minio_pool_erasure_sets_ipv6() function start_minio_dist_erasure() { - export MINIO_ACCESS_KEY=$ACCESS_KEY - export MINIO_SECRET_KEY=$SECRET_KEY + export MINIO_ROOT_USER=$ACCESS_KEY + export MINIO_ROOT_PASSWORD=$SECRET_KEY export MINIO_ENDPOINTS="http://127.0.0.1:9000${WORK_DIR}/dist-disk1 http://127.0.0.1:9001${WORK_DIR}/dist-disk2 http://127.0.0.1:9002${WORK_DIR}/dist-disk3 http://127.0.0.1:9003${WORK_DIR}/dist-disk4" for i in $(seq 0 3); do "${MINIO[@]}" server --address ":900${i}" > "$WORK_DIR/dist-minio-900${i}.log" 2>&1 & diff --git a/buildscripts/verify-healing.sh b/buildscripts/verify-healing.sh index 87f5703fd..ec1a54411 100755 --- a/buildscripts/verify-healing.sh +++ b/buildscripts/verify-healing.sh @@ -29,8 +29,8 @@ MINIO_CONFIG_DIR="$WORK_DIR/.minio" MINIO=( "$PWD/minio" --config-dir "$MINIO_CONFIG_DIR" server ) function start_minio_3_node() { - export MINIO_ACCESS_KEY=minio - export MINIO_SECRET_KEY=minio123 + export MINIO_ROOT_USER=minio + export MINIO_ROOT_PASSWORD=minio123 export MINIO_ERASURE_SET_DRIVE_COUNT=6 start_port=$(shuf -i 10000-65000 -n 1) diff --git a/cmd/common-main.go b/cmd/common-main.go index 97cc7f74e..c9626e45d 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -286,6 +286,16 @@ func handleCommonEnvVars() { globalConfigEncrypted = true } + if env.IsSet(config.EnvRootUser) || env.IsSet(config.EnvRootPassword) { + cred, err := auth.CreateCredentials(env.Get(config.EnvRootUser, ""), env.Get(config.EnvRootPassword, "")) + if err != nil { + logger.Fatal(config.ErrInvalidCredentials(err), + "Unable to validate credentials inherited from the shell environment") + } + globalActiveCred = cred + globalConfigEncrypted = true + } + if env.IsSet(config.EnvAccessKeyOld) && env.IsSet(config.EnvSecretKeyOld) { oldCred, err := auth.CreateCredentials(env.Get(config.EnvAccessKeyOld, ""), env.Get(config.EnvSecretKeyOld, "")) if err != nil { @@ -296,6 +306,17 @@ func handleCommonEnvVars() { os.Unsetenv(config.EnvAccessKeyOld) os.Unsetenv(config.EnvSecretKeyOld) } + + if env.IsSet(config.EnvRootUserOld) && env.IsSet(config.EnvRootPasswordOld) { + oldCred, err := auth.CreateCredentials(env.Get(config.EnvRootUserOld, ""), env.Get(config.EnvRootPasswordOld, "")) + if err != nil { + logger.Fatal(config.ErrInvalidCredentials(err), + "Unable to validate the old credentials inherited from the shell environment") + } + globalOldCred = oldCred + os.Unsetenv(config.EnvRootUserOld) + os.Unsetenv(config.EnvRootPasswordOld) + } } func logStartupMessage(msg string) { diff --git a/cmd/config-encrypted.go b/cmd/config-encrypted.go index af1b4f065..083b85358 100644 --- a/cmd/config-encrypted.go +++ b/cmd/config-encrypted.go @@ -207,7 +207,7 @@ func migrateIAMConfigsEtcdToEncrypted(ctx context.Context, client *etcd.Client) } if encrypted && globalActiveCred.IsValid() && globalOldCred.IsValid() { - logger.Info("Rotation complete, please make sure to unset MINIO_ACCESS_KEY_OLD and MINIO_SECRET_KEY_OLD envs") + logger.Info("Rotation complete, please make sure to unset MINIO_ROOT_USER_OLD and MINIO_ROOT_PASSWORD_OLD envs") } return saveKeyEtcd(ctx, client, backendEncryptedFile, backendEncryptedMigrationComplete) @@ -294,7 +294,7 @@ func migrateConfigPrefixToEncrypted(objAPI ObjectLayer, activeCredOld auth.Crede } if encrypted && globalActiveCred.IsValid() && activeCredOld.IsValid() { - logger.Info("Rotation complete, please make sure to unset MINIO_ACCESS_KEY_OLD and MINIO_SECRET_KEY_OLD envs") + logger.Info("Rotation complete, please make sure to unset MINIO_ROOT_USER_OLD and MINIO_ROOT_PASSWORD_OLD envs") } return saveConfig(GlobalContext, objAPI, backendEncryptedFile, backendEncryptedMigrationComplete) diff --git a/cmd/config/constants.go b/cmd/config/constants.go index 856e59a6c..0551519eb 100644 --- a/cmd/config/constants.go +++ b/cmd/config/constants.go @@ -23,17 +23,21 @@ const ( // Top level common ENVs const ( - EnvAccessKey = "MINIO_ACCESS_KEY" - EnvSecretKey = "MINIO_SECRET_KEY" - EnvAccessKeyOld = "MINIO_ACCESS_KEY_OLD" - EnvSecretKeyOld = "MINIO_SECRET_KEY_OLD" - EnvBrowser = "MINIO_BROWSER" - EnvDomain = "MINIO_DOMAIN" - EnvRegionName = "MINIO_REGION_NAME" - EnvPublicIPs = "MINIO_PUBLIC_IPS" - EnvFSOSync = "MINIO_FS_OSYNC" - EnvArgs = "MINIO_ARGS" - EnvDNSWebhook = "MINIO_DNS_WEBHOOK_ENDPOINT" + EnvAccessKey = "MINIO_ACCESS_KEY" + EnvSecretKey = "MINIO_SECRET_KEY" + EnvRootUser = "MINIO_ROOT_USER" + EnvRootPassword = "MINIO_ROOT_PASSWORD" + EnvAccessKeyOld = "MINIO_ACCESS_KEY_OLD" + EnvSecretKeyOld = "MINIO_SECRET_KEY_OLD" + EnvRootUserOld = "MINIO_ROOT_USER_OLD" + EnvRootPasswordOld = "MINIO_ROOT_PASSWORD_OLD" + EnvBrowser = "MINIO_BROWSER" + EnvDomain = "MINIO_DOMAIN" + EnvRegionName = "MINIO_REGION_NAME" + EnvPublicIPs = "MINIO_PUBLIC_IPS" + EnvFSOSync = "MINIO_FS_OSYNC" + EnvArgs = "MINIO_ARGS" + EnvDNSWebhook = "MINIO_DNS_WEBHOOK_ENDPOINT" EnvUpdate = "MINIO_UPDATE" diff --git a/cmd/config/errors.go b/cmd/config/errors.go index 01bcf0b1a..10dba2081 100644 --- a/cmd/config/errors.go +++ b/cmd/config/errors.go @@ -116,19 +116,19 @@ var ( ErrInvalidRotatingCredentialsBackendEncrypted = newErrFn( "Invalid rotating credentials", "Please set correct rotating credentials in the environment for decryption", - `Detected encrypted config backend, correct old access and secret keys should be specified via environment variables MINIO_ACCESS_KEY_OLD and MINIO_SECRET_KEY_OLD to be able to re-encrypt the MinIO config, user IAM and policies with new credentials`, + `Detected encrypted config backend, correct old access and secret keys should be specified via environment variables MINIO_ROOT_USER_OLD and MINIO_ROOT_PASSWORD_OLD to be able to re-encrypt the MinIO config, user IAM and policies with new credentials`, ) ErrInvalidCredentialsBackendEncrypted = newErrFn( "Invalid credentials", "Please set correct credentials in the environment for decryption", - `Detected encrypted config backend, correct access and secret keys should be specified via environment variables MINIO_ACCESS_KEY and MINIO_SECRET_KEY to be able to decrypt the MinIO config, user IAM and policies`, + `Detected encrypted config backend, correct access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD to be able to decrypt the MinIO config, user IAM and policies`, ) ErrMissingCredentialsBackendEncrypted = newErrFn( "Credentials missing", "Please set your credentials in the environment", - `Detected encrypted config backend, access and secret keys should be specified via environment variables MINIO_ACCESS_KEY and MINIO_SECRET_KEY to be able to decrypt the MinIO config, user IAM and policies`, + `Detected encrypted config backend, access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD to be able to decrypt the MinIO config, user IAM and policies`, ) ErrInvalidCredentials = newErrFn( @@ -140,13 +140,13 @@ var ( ErrEnvCredentialsMissingGateway = newErrFn( "Credentials missing", "Please set your credentials in the environment", - `In Gateway mode, access and secret keys should be specified via environment variables MINIO_ACCESS_KEY and MINIO_SECRET_KEY respectively`, + `In Gateway mode, access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`, ) ErrEnvCredentialsMissingDistributed = newErrFn( "Credentials missing", "Please set your credentials in the environment", - `In distributed server mode, access and secret keys should be specified via environment variables MINIO_ACCESS_KEY and MINIO_SECRET_KEY respectively`, + `In distributed server mode, access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`, ) ErrInvalidErasureEndpoints = newErrFn( diff --git a/cmd/gateway-startup-msg.go b/cmd/gateway-startup-msg.go index 7add4f77c..5d98fd160 100644 --- a/cmd/gateway-startup-msg.go +++ b/cmd/gateway-startup-msg.go @@ -60,8 +60,8 @@ func printGatewayCommonMsg(apiEndpoints []string) { // Colorize the message and print. logStartupMessage(color.Blue("Endpoint: ") + color.Bold(fmt.Sprintf(getFormatStr(len(apiEndpointStr), 1), apiEndpointStr))) if color.IsTerminal() && !globalCLIContext.Anonymous { - logStartupMessage(color.Blue("AccessKey: ") + color.Bold(fmt.Sprintf("%s ", cred.AccessKey))) - logStartupMessage(color.Blue("SecretKey: ") + color.Bold(fmt.Sprintf("%s ", cred.SecretKey))) + logStartupMessage(color.Blue("RootUser: ") + color.Bold(fmt.Sprintf("%s ", cred.AccessKey))) + logStartupMessage(color.Blue("RootPassword: ") + color.Bold(fmt.Sprintf("%s ", cred.SecretKey))) } printEventNotifiers() diff --git a/cmd/gateway/azure/gateway-azure.go b/cmd/gateway/azure/gateway-azure.go index c3685f5fd..7d69ded46 100644 --- a/cmd/gateway/azure/gateway-azure.go +++ b/cmd/gateway/azure/gateway-azure.go @@ -92,14 +92,14 @@ ENDPOINT: EXAMPLES: 1. Start minio gateway server for Azure Blob Storage backend on custom endpoint. - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}azureaccountname - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}azureaccountkey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}azureaccountname + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}azureaccountkey {{.Prompt}} {{.EnvVarSetCommand}} MINIO_AZURE_CHUNK_SIZE_MB {{.AssignmentOperator}}0.25 {{.Prompt}} {{.HelpName}} https://azureaccountname.blob.custom.azure.endpoint 2. Start minio gateway server for Azure Blob Storage backend with edge caching enabled. - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}azureaccountname - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}azureaccountkey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}azureaccountname + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}azureaccountkey {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_DRIVES{{.AssignmentOperator}}"/mnt/drive1,/mnt/drive2,/mnt/drive3,/mnt/drive4" {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_EXCLUDE{{.AssignmentOperator}}"bucket1/*,*.png" {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_QUOTA{{.AssignmentOperator}}90 diff --git a/cmd/gateway/gcs/gateway-gcs.go b/cmd/gateway/gcs/gateway-gcs.go index 88623aff9..70a2fe5e3 100644 --- a/cmd/gateway/gcs/gateway-gcs.go +++ b/cmd/gateway/gcs/gateway-gcs.go @@ -112,14 +112,14 @@ GOOGLE_APPLICATION_CREDENTIALS: EXAMPLES: 1. Start minio gateway server for GCS backend {{.Prompt}} {{.EnvVarSetCommand}} GOOGLE_APPLICATION_CREDENTIALS{{.AssignmentOperator}}/path/to/credentials.json - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}accesskey - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}secretkey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}accesskey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}secretkey {{.Prompt}} {{.HelpName}} mygcsprojectid 2. Start minio gateway server for GCS backend with edge caching enabled {{.Prompt}} {{.EnvVarSetCommand}} GOOGLE_APPLICATION_CREDENTIALS{{.AssignmentOperator}}/path/to/credentials.json - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}accesskey - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}secretkey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}accesskey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}secretkey {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_DRIVES{{.AssignmentOperator}}"/mnt/drive1,/mnt/drive2,/mnt/drive3,/mnt/drive4" {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_EXCLUDE{{.AssignmentOperator}}"bucket1/*;*.png" {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_AFTER{{.AssignmentOperator}}3 diff --git a/cmd/gateway/hdfs/gateway-hdfs.go b/cmd/gateway/hdfs/gateway-hdfs.go index af4eaad54..e9b297d4e 100644 --- a/cmd/gateway/hdfs/gateway-hdfs.go +++ b/cmd/gateway/hdfs/gateway-hdfs.go @@ -65,13 +65,13 @@ HDFS-NAMENODE: EXAMPLES: 1. Start minio gateway server for HDFS backend - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}accesskey - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}secretkey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}accesskey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}secretkey {{.Prompt}} {{.HelpName}} hdfs://namenode:8200 2. Start minio gateway server for HDFS with edge caching enabled - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}accesskey - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}secretkey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}accesskey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}secretkey {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_DRIVES{{.AssignmentOperator}}"/mnt/drive1,/mnt/drive2,/mnt/drive3,/mnt/drive4" {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_EXCLUDE{{.AssignmentOperator}}"bucket1/*,*.png" {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_QUOTA{{.AssignmentOperator}}90 diff --git a/cmd/gateway/nas/gateway-nas.go b/cmd/gateway/nas/gateway-nas.go index 311fba59a..a9b95856d 100644 --- a/cmd/gateway/nas/gateway-nas.go +++ b/cmd/gateway/nas/gateway-nas.go @@ -39,13 +39,13 @@ PATH: EXAMPLES: 1. Start minio gateway server for NAS backend - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}accesskey - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}secretkey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}accesskey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}secretkey {{.Prompt}} {{.HelpName}} /shared/nasvol 2. Start minio gateway server for NAS with edge caching enabled - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}accesskey - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}secretkey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}accesskey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}secretkey {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_DRIVES{{.AssignmentOperator}}"/mnt/drive1,/mnt/drive2,/mnt/drive3,/mnt/drive4" {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_EXCLUDE{{.AssignmentOperator}}"bucket1/*,*.png" {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_QUOTA{{.AssignmentOperator}}90 diff --git a/cmd/gateway/s3/gateway-s3.go b/cmd/gateway/s3/gateway-s3.go index 98f2353e9..4fb0054bf 100644 --- a/cmd/gateway/s3/gateway-s3.go +++ b/cmd/gateway/s3/gateway-s3.go @@ -55,13 +55,13 @@ ENDPOINT: EXAMPLES: 1. Start minio gateway server for AWS S3 backend - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}accesskey - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}secretkey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}accesskey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}secretkey {{.Prompt}} {{.HelpName}} 2. Start minio gateway server for AWS S3 backend with edge caching enabled - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}accesskey - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}secretkey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}accesskey + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}secretkey {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_DRIVES{{.AssignmentOperator}}"/mnt/drive1,/mnt/drive2,/mnt/drive3,/mnt/drive4" {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_EXCLUDE{{.AssignmentOperator}}"bucket1/*,*.png" {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_QUOTA{{.AssignmentOperator}}90 @@ -136,7 +136,7 @@ func randString(n int, src rand.Source, prefix string) string { // Chains all credential types, in the following order: // - AWS env vars (i.e. AWS_ACCESS_KEY_ID) // - AWS creds file (i.e. AWS_SHARED_CREDENTIALS_FILE or ~/.aws/credentials) -// - Static credentials provided by user (i.e. MINIO_ACCESS_KEY) +// - Static credentials provided by user (i.e. MINIO_ROOT_USER) var defaultProviders = []credentials.Provider{ &credentials.EnvAWS{}, &credentials.FileAWSCredentials{}, diff --git a/cmd/server-main.go b/cmd/server-main.go index b35324103..cf2d0cfb6 100644 --- a/cmd/server-main.go +++ b/cmd/server-main.go @@ -83,13 +83,13 @@ EXAMPLES: {{.Prompt}} {{.HelpName}} /mnt/data{1...64} 3. Start distributed minio server on an 32 node setup with 32 drives each, run following command on all the nodes - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}minio - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}miniostorage + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}minio + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}miniostorage {{.Prompt}} {{.HelpName}} http://node{1...32}.example.com/mnt/export{1...32} 4. Start distributed minio server in an expanded setup, run the following command on all the nodes - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}minio - {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}miniostorage + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_USER{{.AssignmentOperator}}minio + {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ROOT_PASSWORD{{.AssignmentOperator}}miniostorage {{.Prompt}} {{.HelpName}} http://node{1...16}.example.com/mnt/export{1...32} \ http://node{17...64}.example.com/mnt/export{1...64} `, @@ -511,7 +511,7 @@ func serverMain(ctx *cli.Context) { printStartupMessage(getAPIEndpoints(), err) if globalActiveCred.Equal(auth.DefaultCredentials) { - msg := fmt.Sprintf("Detected default credentials '%s', please change the credentials immediately using 'MINIO_ACCESS_KEY' and 'MINIO_SECRET_KEY'", globalActiveCred) + msg := fmt.Sprintf("Detected default credentials '%s', please change the credentials immediately using 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD'", globalActiveCred) logger.StartupMessage(color.RedBold(msg)) } diff --git a/cmd/server-startup-msg.go b/cmd/server-startup-msg.go index acc09e9db..4e8635c6a 100644 --- a/cmd/server-startup-msg.go +++ b/cmd/server-startup-msg.go @@ -137,8 +137,8 @@ func printServerCommonMsg(apiEndpoints []string) { // Colorize the message and print. logStartupMessage(color.Blue("Endpoint: ") + color.Bold(fmt.Sprintf(getFormatStr(len(apiEndpointStr), 1), apiEndpointStr))) if color.IsTerminal() && !globalCLIContext.Anonymous { - logStartupMessage(color.Blue("AccessKey: ") + color.Bold(fmt.Sprintf("%s ", cred.AccessKey))) - logStartupMessage(color.Blue("SecretKey: ") + color.Bold(fmt.Sprintf("%s ", cred.SecretKey))) + logStartupMessage(color.Blue("RootUser: ") + color.Bold(fmt.Sprintf("%s ", cred.AccessKey))) + logStartupMessage(color.Blue("RootPassword: ") + color.Bold(fmt.Sprintf("%s ", cred.SecretKey))) if region != "" { logStartupMessage(color.Blue("Region: ") + color.Bold(fmt.Sprintf(getFormatStr(len(region), 3), region))) } diff --git a/dockerscripts/docker-entrypoint.sh b/dockerscripts/docker-entrypoint.sh index 9c6cbf439..29a54e5cc 100755 --- a/dockerscripts/docker-entrypoint.sh +++ b/dockerscripts/docker-entrypoint.sh @@ -23,7 +23,7 @@ if [ "${1}" != "minio" ]; then fi ## Look for docker secrets at given absolute path or in default documented location. -docker_secrets_env() { +docker_secrets_env_old() { if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then ACCESS_KEY_FILE="$MINIO_ACCESS_KEY_FILE" else @@ -47,6 +47,30 @@ docker_secrets_env() { fi } +docker_secrets_env() { + if [ -f "$MINIO_ROOT_USER_FILE" ]; then + ROOT_USER_FILE="$MINIO_ROOT_USER_FILE" + else + ROOT_USER_FILE="/run/secrets/$MINIO_ROOT_USER_FILE" + fi + if [ -f "$MINIO_ROOT_PASSWORD_FILE" ]; then + SECRET_KEY_FILE="$MINIO_ROOT_PASSWORD_FILE" + else + SECRET_KEY_FILE="/run/secrets/$MINIO_ROOT_PASSWORD_FILE" + fi + + if [ -f "$ROOT_USER_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then + if [ -f "$ROOT_USER_FILE" ]; then + MINIO_ROOT_USER="$(cat "$ROOT_USER_FILE")" + export MINIO_ROOT_USER + fi + if [ -f "$SECRET_KEY_FILE" ]; then + MINIO_ROOT_PASSWORD="$(cat "$SECRET_KEY_FILE")" + export MINIO_ROOT_PASSWORD + fi + fi +} + ## Set KMS_MASTER_KEY from docker secrets if provided docker_kms_encryption_env() { if [ -f "$MINIO_KMS_MASTER_KEY_FILE" ]; then @@ -88,6 +112,9 @@ docker_switch_user() { fi } +## Set access env from secrets if necessary. +docker_secrets_env_old + ## Set access env from secrets if necessary. docker_secrets_env diff --git a/docs/config/README.md b/docs/config/README.md index 30f22b65e..082515bb9 100644 --- a/docs/config/README.md +++ b/docs/config/README.md @@ -32,11 +32,11 @@ $ mc tree --files ~/.minio You can provide a custom certs directory using `--certs-dir` command line option. #### Credentials -On MinIO admin credentials or root credentials are only allowed to be changed using ENVs namely `MINIO_ACCESS_KEY` and `MINIO_SECRET_KEY`. Using the combination of these two values MinIO encrypts the config stored at the backend. +On MinIO admin credentials or root credentials are only allowed to be changed using ENVs namely `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD`. Using the combination of these two values MinIO encrypts the config stored at the backend. ```sh -export MINIO_ACCESS_KEY=minio -export MINIO_SECRET_KEY=minio13 +export MINIO_ROOT_USER=minio +export MINIO_ROOT_PASSWORD=minio13 minio server /data ``` @@ -47,16 +47,16 @@ Additionally if you wish to change the admin credentials, then MinIO will automa > Old ENVs are never remembered in memory and are destroyed right after they are used to migrate your existing content with new credentials. You are safe to remove them after the server as successfully started, by restarting the services once again. ```sh -export MINIO_ACCESS_KEY=newminio -export MINIO_SECRET_KEY=newminio123 -export MINIO_ACCESS_KEY_OLD=minio -export MINIO_SECRET_KEY_OLD=minio123 +export MINIO_ROOT_USER=newminio +export MINIO_ROOT_PASSWORD=newminio123 +export MINIO_ROOT_USER_OLD=minio +export MINIO_ROOT_PASSWORD_OLD=minio123 minio server /data ``` -Once the migration is complete, server will automatically unset the `MINIO_ACCESS_KEY_OLD` and `MINIO_SECRET_KEY_OLD` with in the process namespace. +Once the migration is complete, server will automatically unset the `MINIO_ROOT_USER_OLD` and `MINIO_ROOT_PASSWORD_OLD` with in the process namespace. -> **NOTE: Make sure to remove `MINIO_ACCESS_KEY_OLD` and `MINIO_SECRET_KEY_OLD` in scripts or service files before next service restarts of the server to avoid double encryption of your existing contents.** +> **NOTE: Make sure to remove `MINIO_ROOT_USER_OLD` and `MINIO_ROOT_PASSWORD_OLD` in scripts or service files before next service restarts of the server to avoid double encryption of your existing contents.** #### Region ``` diff --git a/docs/disk-caching/DESIGN.md b/docs/disk-caching/DESIGN.md index 4216ed6d8..0113e9ba8 100644 --- a/docs/disk-caching/DESIGN.md +++ b/docs/disk-caching/DESIGN.md @@ -37,14 +37,21 @@ minio gateway -h ### Stable Cache drives need to have `strictatime` or `relatime` enabled for disk caching feature. In this example, mount the xfs file system on /mnt/cache with `strictatime` or `relatime` enabled. -``` +```sh truncate -s 4G /tmp/data -mkfs.xfs /tmp/data # build xfs filesystem on /tmp/data -sudo mkdir /mnt/cache # create mount dir -sudo mount -o relatime /tmp/data /mnt/cache # mount xfs on /mnt/cache with atime. -docker pull minio/minio -docker run --net=host -e MINIO_ACCESS_KEY={s3-access-key} -e MINIO_SECRET_KEY={s3-secret-key} -e MINIO_CACHE_DRIVES=/cache -e MINIO_CACHE_QUOTA=99 -e MINIO_CACHE_AFTER=0 -e MINIO_CACHE_WATERMARK_LOW=90 -e MINIO_CACHE_WATERMARK_HIGH=95 -v /mnt/cache:/cache minio/minio:latest gateway s3 +mkfs.xfs /tmp/data # build xfs filesystem on /tmp/data + +sudo mkdir /mnt/cache # create mount dir + +sudo mount -o relatime /tmp/data /mnt/cache # mount xfs on /mnt/cache with atime. + +docker pull minio/minio + +docker run --net=host -e MINIO_ROOT_USER={s3-access-key} -e MINIO_ROOT_PASSWORD={s3-secret-key} \ + -e MINIO_CACHE_DRIVES=/cache -e MINIO_CACHE_QUOTA=99 -e MINIO_CACHE_AFTER=0 \ + -e MINIO_CACHE_WATERMARK_LOW=90 -e MINIO_CACHE_WATERMARK_HIGH=95 \ + -v /mnt/cache:/cache minio/minio:latest gateway s3 ``` ## Assumptions diff --git a/docs/distributed/README.md b/docs/distributed/README.md index 6ff93187c..db84d85e6 100644 --- a/docs/distributed/README.md +++ b/docs/distributed/README.md @@ -36,7 +36,7 @@ To start a distributed MinIO instance, you just need to pass drive locations as __NOTE:__ -- All the nodes running distributed MinIO need to have same access key and secret key for the nodes to connect. To achieve this, it is __recommended__ to export access key and secret key as environment variables, `MINIO_ACCESS_KEY` and `MINIO_SECRET_KEY`, on all the nodes before executing MinIO server command. +- All the nodes running distributed MinIO need to have same access key and secret key for the nodes to connect. To achieve this, it is __recommended__ to export access key and secret key as environment variables, `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD`, on all the nodes before executing MinIO server command. - __MinIO creates erasure-coding sets of *4* to *16* drives per set. The number of drives you provide in total must be a multiple of one of those numbers.__ - __MinIO chooses the largest EC set size which divides into the total number of drives or total number of nodes given - making sure to keep the uniform distribution i.e each node participates equal number of drives per set. - __Each object is written to a single EC set, and therefore is spread over no more than 16 drives.__ @@ -54,8 +54,8 @@ Example 1: Start distributed MinIO instance on n nodes with m drives each mounte #### GNU/Linux and macOS ```sh -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio server http://host{1...n}/export{1...m} ``` @@ -67,8 +67,8 @@ minio server http://host{1...n}/export{1...m} MinIO supports expanding distributed erasure coded clusters by specifying new set of clusters on the command-line as shown below: ```sh -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio server http://host{1...n}/export{1...m} http://host{o...z}/export{1...m} ``` diff --git a/docs/docker/README.md b/docs/docker/README.md index 6865eb9b1..92ea94f02 100644 --- a/docs/docker/README.md +++ b/docs/docker/README.md @@ -8,8 +8,8 @@ MinIO needs a persistent volume to store configuration and application data. How ```sh docker run -p 9000:9000 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ minio/minio server /data ``` @@ -20,8 +20,8 @@ To create a MinIO container with persistent storage, you need to map local persi docker run -p 9000:9000 \ --name minio1 \ -v /mnt/data:/data \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ minio/minio server /data ``` @@ -30,8 +30,8 @@ docker run -p 9000:9000 \ docker run -p 9000:9000 \ --name minio1 \ -v D:\data:/data \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ minio/minio server /data ``` @@ -48,8 +48,8 @@ To override MinIO's auto-generated keys, you may pass secret and access keys exp #### GNU/Linux and macOS ```sh docker run -p 9000:9000 --name minio1 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ -v /mnt/data:/data \ minio/minio server /data ``` @@ -57,8 +57,8 @@ docker run -p 9000:9000 --name minio1 \ #### Windows ```powershell docker run -p 9000:9000 --name minio1 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ -v D:\data:/data \ minio/minio server /data ``` @@ -75,8 +75,8 @@ mkdir -p ${HOME}/data docker run -p 9000:9000 \ --user $(id -u):$(id -g) \ --name minio1 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY" \ -v ${HOME}/data:/data \ minio/minio server /data ``` @@ -90,8 +90,8 @@ On windows you would need to use [Docker integrated windows authentication](http docker run -p 9000:9000 \ --name minio1 \ --security-opt "credentialspec=file://myuser.json" - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY" \ -v D:\data:/data \ minio/minio server /data ``` @@ -117,14 +117,14 @@ To use other secret names follow the instructions above and replace `access_key` docker service create --name="minio-service" \ --secret="my_access_key" \ --secret="my_secret_key" \ - --env="MINIO_ACCESS_KEY_FILE=my_access_key" \ - --env="MINIO_SECRET_KEY_FILE=my_secret_key" \ + --env="MINIO_ROOT_USER_FILE=my_access_key" \ + --env="MINIO_ROOT_PASSWORD_FILE=my_secret_key" \ minio/minio server /data ``` -`MINIO_ACCESS_KEY_FILE` and `MINIO_SECRET_KEY_FILE` also support custom absolute paths, in case Docker secrets are mounted to custom locations or other tools are used to mount secrets into the container. For example, HashiCorp Vault injects secrets to `/vault/secrets`. With the custom names above, set the environment variables to +`MINIO_ROOT_USER_FILE` and `MINIO_ROOT_PASSWORD_FILE` also support custom absolute paths, in case Docker secrets are mounted to custom locations or other tools are used to mount secrets into the container. For example, HashiCorp Vault injects secrets to `/vault/secrets`. With the custom names above, set the environment variables to ``` -MINIO_ACCESS_KEY_FILE=/vault/secrets/my_access_key -MINIO_SECRET_KEY_FILE=/vault/secrets/my_secret_key +MINIO_ROOT_USER_FILE=/vault/secrets/my_access_key +MINIO_ROOT_PASSWORD_FILE=/vault/secrets/my_secret_key ``` ### Retrieving Container ID diff --git a/docs/gateway/azure.md b/docs/gateway/azure.md index cd0b90ef9..be2f395e2 100644 --- a/docs/gateway/azure.md +++ b/docs/gateway/azure.md @@ -5,15 +5,15 @@ MinIO Gateway adds Amazon S3 compatibility to Microsoft Azure Blob Storage. ### Using Docker ``` docker run -p 9000:9000 --name azure-s3 \ - -e "MINIO_ACCESS_KEY=azurestorageaccountname" \ - -e "MINIO_SECRET_KEY=azurestorageaccountkey" \ + -e "MINIO_ROOT_USER=azurestorageaccountname" \ + -e "MINIO_ROOT_PASSWORD=azurestorageaccountkey" \ minio/minio gateway azure ``` ### Using Binary ``` -export MINIO_ACCESS_KEY=azureaccountname -export MINIO_SECRET_KEY=azureaccountkey +export MINIO_ROOT_USER=azureaccountname +export MINIO_ROOT_PASSWORD=azureaccountkey minio gateway azure ``` ## Test using MinIO Browser @@ -38,7 +38,7 @@ mc ls myazure ### Use custom access/secret keys -If you do not want to share the credentials of the Azure blob storage with your users/applications, you can set the original credentials in the shell environment using `AZURE_STORAGE_ACCOUNT` and `AZURE_STORAGE_KEY` variables and assign different access/secret keys to `MINIO_ACCESS_KEY` and `MINIO_SECRET_KEY`. +If you do not want to share the credentials of the Azure blob storage with your users/applications, you can set the original credentials in the shell environment using `AZURE_STORAGE_ACCOUNT` and `AZURE_STORAGE_KEY` variables and assign different access/secret keys to `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD`. ### Known limitations Gateway inherits the following Azure limitations: diff --git a/docs/gateway/gcs.md b/docs/gateway/gcs.md index d1ee727ce..e2a9ee44c 100644 --- a/docs/gateway/gcs.md +++ b/docs/gateway/gcs.md @@ -24,8 +24,8 @@ MinIO GCS Gateway allows you to access Google Cloud Storage (GCS) with Amazon S3 docker run -p 9000:9000 --name gcs-s3 \ -v /path/to/credentials.json:/credentials.json \ -e "GOOGLE_APPLICATION_CREDENTIALS=/credentials.json" \ - -e "MINIO_ACCESS_KEY=minioaccountname" \ - -e "MINIO_SECRET_KEY=minioaccountkey" \ + -e "MINIO_ROOT_USER=minioaccountname" \ + -e "MINIO_ROOT_PASSWORD=minioaccountkey" \ minio/minio gateway gcs yourprojectid ``` @@ -33,8 +33,8 @@ docker run -p 9000:9000 --name gcs-s3 \ ```sh export GOOGLE_APPLICATION_CREDENTIALS=/path/to/credentials.json -export MINIO_ACCESS_KEY=minioaccesskey -export MINIO_SECRET_KEY=miniosecretkey +export MINIO_ROOT_USER=minioaccesskey +export MINIO_ROOT_PASSWORD=miniosecretkey minio gateway gcs yourprojectid ``` diff --git a/docs/gateway/hdfs.md b/docs/gateway/hdfs.md index da6e66f45..e98e02394 100644 --- a/docs/gateway/hdfs.md +++ b/docs/gateway/hdfs.md @@ -8,15 +8,15 @@ MinIO HDFS gateway adds Amazon S3 API support to Hadoop HDFS filesystem. Applica ### Using Binary Namenode information is obtained by reading `core-site.xml` automatically from your hadoop environment variables *$HADOOP_HOME* ``` -export MINIO_ACCESS_KEY=minio -export MINIO_SECRET_KEY=minio123 +export MINIO_ROOT_USER=minio +export MINIO_ROOT_PASSWORD=minio123 minio gateway hdfs ``` You can also override the namenode endpoint as shown below. ``` -export MINIO_ACCESS_KEY=minio -export MINIO_SECRET_KEY=minio123 +export MINIO_ROOT_USER=minio +export MINIO_ROOT_PASSWORD=minio123 minio gateway hdfs hdfs://namenode:8200 ``` @@ -25,8 +25,8 @@ Using docker is experimental, most Hadoop environments are not dockerized and ma ``` docker run -p 9000:9000 \ --name hdfs-s3 \ - -e "MINIO_ACCESS_KEY=minio" \ - -e "MINIO_SECRET_KEY=minio123" \ + -e "MINIO_ROOT_USER=minio" \ + -e "MINIO_ROOT_PASSWORD=minio123" \ minio/minio gateway hdfs hdfs://namenode:8200 ``` diff --git a/docs/gateway/nas.md b/docs/gateway/nas.md index c8a20cb85..df763e097 100644 --- a/docs/gateway/nas.md +++ b/docs/gateway/nas.md @@ -10,8 +10,8 @@ Please ensure to replace `/shared/nasvol` with actual mount path. ``` docker run -p 9000:9000 --name nas-s3 \ - -e "MINIO_ACCESS_KEY=minio" \ - -e "MINIO_SECRET_KEY=minio123" \ + -e "MINIO_ROOT_USER=minio" \ + -e "MINIO_ROOT_PASSWORD=minio123" \ -v /shared/nasvol:/container/vol \ minio/minio gateway nas /container/vol ``` @@ -19,8 +19,8 @@ docker run -p 9000:9000 --name nas-s3 \ ### Using Binary ``` -export MINIO_ACCESS_KEY=minio -export MINIO_SECRET_KEY=minio123 +export MINIO_ROOT_USER=minio +export MINIO_ROOT_PASSWORD=minio123 minio gateway nas /shared/nasvol ``` diff --git a/docs/gateway/s3.md b/docs/gateway/s3.md index 2e2fac1fb..1b66632ce 100644 --- a/docs/gateway/s3.md +++ b/docs/gateway/s3.md @@ -8,25 +8,25 @@ As a prerequisite to run MinIO S3 gateway, you need valid AWS S3 access key and ### Using Docker ``` docker run -p 9000:9000 --name minio-s3 \ - -e "MINIO_ACCESS_KEY=aws_s3_access_key" \ - -e "MINIO_SECRET_KEY=aws_s3_secret_key" \ + -e "MINIO_ROOT_USER=aws_s3_access_key" \ + -e "MINIO_ROOT_PASSWORD=aws_s3_secret_key" \ minio/minio gateway s3 ``` ### Using Binary ``` -export MINIO_ACCESS_KEY=aws_s3_access_key -export MINIO_SECRET_KEY=aws_s3_secret_key +export MINIO_ROOT_USER=aws_s3_access_key +export MINIO_ROOT_PASSWORD=aws_s3_secret_key minio gateway s3 ``` ### Using Binary in EC2 Using IAM rotating credentials for AWS S3 -If you are using an S3 enabled IAM role on an EC2 instance for S3 access, MinIO will still require env vars MINIO_ACCESS_KEY and MINIO_SECRET_KEY to be set for its internal use. These may be set to any value which meets the length requirements. Access key length should be at least 3, and secret key length at least 8 characters. +If you are using an S3 enabled IAM role on an EC2 instance for S3 access, MinIO will still require env vars MINIO_ROOT_USER and MINIO_ROOT_PASSWORD to be set for its internal use. These may be set to any value which meets the length requirements. Access key length should be at least 3, and secret key length at least 8 characters. ``` -export MINIO_ACCESS_KEY=custom_access_key -export MINIO_SECRET_KEY=custom_secret_key +export MINIO_ROOT_USER=custom_access_key +export MINIO_ROOT_PASSWORD=custom_secret_key minio gateway s3 ``` @@ -89,15 +89,15 @@ minio gateway s3 ### Using Docker ``` docker run -p 9000:9000 --name minio-s3 \ - -e "MINIO_ACCESS_KEY=access_key" \ - -e "MINIO_SECRET_KEY=secret_key" \ + -e "MINIO_ROOT_USER=access_key" \ + -e "MINIO_ROOT_PASSWORD=secret_key" \ minio/minio gateway s3 https://s3_compatible_service_endpoint:port ``` ### Using Binary ``` -export MINIO_ACCESS_KEY=access_key -export MINIO_SECRET_KEY=secret_key +export MINIO_ROOT_USER=access_key +export MINIO_ROOT_PASSWORD=secret_key minio gateway s3 https://s3_compatible_service_endpoint:port ``` diff --git a/docs/kms/README.md b/docs/kms/README.md index 0a9c4308f..1388e1ebd 100644 --- a/docs/kms/README.md +++ b/docs/kms/README.md @@ -27,8 +27,8 @@ export MINIO_KMS_KES_KEY_NAME=my-minio-key #### 3. Start the MinIO Server ```sh -export MINIO_ACCESS_KEY=minio -export MINIO_SECRET_KEY=minio123 +export MINIO_ROOT_USER=minio +export MINIO_ROOT_PASSWORD=minio123 minio server ~/export ``` diff --git a/docs/multi-tenancy/README.md b/docs/multi-tenancy/README.md index 0d618ac98..ba62a5dfd 100644 --- a/docs/multi-tenancy/README.md +++ b/docs/multi-tenancy/README.md @@ -43,16 +43,16 @@ To host multiple tenants in a distributed environment, run several distributed M Use the following commands to host 3 tenants on a 4-node distributed configuration: ```sh -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio server --address :9001 http://192.168.10.1{1...4}/data/tenant1 -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio server --address :9002 http://192.168.10.1{1...4}/data/tenant2 -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio server --address :9003 http://192.168.10.1{1...4}/data/tenant3 ``` @@ -60,7 +60,7 @@ minio server --address :9003 http://192.168.10.1{1...4}/data/tenant3 ![Example-3](https://github.com/minio/minio/blob/master/docs/screenshots/Example-3.jpg?raw=true) -**Note**: On distributed systems, credentials must be defined and exported using the `MINIO_ACCESS_KEY` and `MINIO_SECRET_KEY` environment variables. If a domain is required, it must be specified by defining and exporting the `MINIO_DOMAIN` environment variable. +**Note**: On distributed systems, credentials must be defined and exported using the `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD` environment variables. If a domain is required, it must be specified by defining and exporting the `MINIO_DOMAIN` environment variable. ## Cloud Scale Deployment diff --git a/docs/orchestration/docker-compose/docker-compose.yaml b/docs/orchestration/docker-compose/docker-compose.yaml index 94a2bff3f..e58240653 100644 --- a/docs/orchestration/docker-compose/docker-compose.yaml +++ b/docs/orchestration/docker-compose/docker-compose.yaml @@ -12,8 +12,8 @@ services: expose: - "9000" environment: - MINIO_ACCESS_KEY: minio - MINIO_SECRET_KEY: minio123 + MINIO_ROOT_USER: minio + MINIO_ROOT_PASSWORD: minio123 command: server http://minio{1...4}/data{1...2} healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] @@ -29,8 +29,8 @@ services: expose: - "9000" environment: - MINIO_ACCESS_KEY: minio - MINIO_SECRET_KEY: minio123 + MINIO_ROOT_USER: minio + MINIO_ROOT_PASSWORD: minio123 command: server http://minio{1...4}/data{1...2} healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] @@ -46,8 +46,8 @@ services: expose: - "9000" environment: - MINIO_ACCESS_KEY: minio - MINIO_SECRET_KEY: minio123 + MINIO_ROOT_USER: minio + MINIO_ROOT_PASSWORD: minio123 command: server http://minio{1...4}/data{1...2} healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] @@ -63,8 +63,8 @@ services: expose: - "9000" environment: - MINIO_ACCESS_KEY: minio - MINIO_SECRET_KEY: minio123 + MINIO_ROOT_USER: minio + MINIO_ROOT_PASSWORD: minio123 command: server http://minio{1...4}/data{1...2} healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] diff --git a/docs/orchestration/docker-swarm/docker-compose.yaml b/docs/orchestration/docker-swarm/docker-compose.yaml index 42e3c2d38..855b053cd 100644 --- a/docs/orchestration/docker-swarm/docker-compose.yaml +++ b/docs/orchestration/docker-swarm/docker-compose.yaml @@ -15,8 +15,8 @@ services: aliases: - minio-cluster environment: - MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE - MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + MINIO_ROOT_USER: AKIAIOSFODNN7EXAMPLE + MINIO_ROOT_PASSWORD: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY deploy: restart_policy: delay: 10s @@ -46,8 +46,8 @@ services: aliases: - minio-cluster environment: - MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE - MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + MINIO_ROOT_USER: AKIAIOSFODNN7EXAMPLE + MINIO_ROOT_PASSWORD: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY deploy: restart_policy: delay: 10s @@ -77,8 +77,8 @@ services: aliases: - minio-cluster environment: - MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE - MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + MINIO_ROOT_USER: AKIAIOSFODNN7EXAMPLE + MINIO_ROOT_PASSWORD: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY deploy: restart_policy: delay: 10s @@ -108,8 +108,8 @@ services: aliases: - minio-cluster environment: - MINIO_ACCESS_KEY: AKIAIOSFODNN7EXAMPLE - MINIO_SECRET_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + MINIO_ROOT_USER: AKIAIOSFODNN7EXAMPLE + MINIO_ROOT_PASSWORD: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY deploy: restart_policy: delay: 10s diff --git a/docs/shared-backend/README.md b/docs/shared-backend/README.md index 2dfa2fc5d..553b2b97a 100644 --- a/docs/shared-backend/README.md +++ b/docs/shared-backend/README.md @@ -34,8 +34,8 @@ To run MinIO shared backend instances, you need to start multiple MinIO servers You'll need the path to the shared volume, e.g. `/path/to/nfs-volume`. Then run the following commands on all the nodes you'd like to launch MinIO. ```sh -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio gateway nas /path/to/nfs-volume ``` @@ -44,8 +44,8 @@ minio gateway nas /path/to/nfs-volume You'll need the path to the shared volume, e.g. `\\remote-server\smb`. Then run the following commands on all the nodes you'd like to launch MinIO. ```cmd -set MINIO_ACCESS_KEY=my-username -set MINIO_SECRET_KEY=my-password +set MINIO_ROOT_USER=my-username +set MINIO_ROOT_PASSWORD=my-password minio.exe gateway nas \\remote-server\smb\export ``` @@ -54,8 +54,8 @@ minio.exe gateway nas \\remote-server\smb\export If a remote volume, e.g. `\\remote-server\smb` is mounted as a drive, e.g. `M:\`. You can use [`net use`](https://technet.microsoft.com/en-us/library/bb490717.aspx) command to map the drive to a folder. ```cmd -set MINIO_ACCESS_KEY=my-username -set MINIO_SECRET_KEY=my-password +set MINIO_ROOT_USER=my-username +set MINIO_ROOT_PASSWORD=my-password net use m: \\remote-server\smb\export /P:Yes minio.exe gateway nas M:\export ``` diff --git a/docs/sts/README.md b/docs/sts/README.md index a826a3138..b3d8f46f9 100644 --- a/docs/sts/README.md +++ b/docs/sts/README.md @@ -43,8 +43,8 @@ In this document we will explain in detail on how to configure all the prerequis Make sure we have followed the previous step and configured each software independently, once done we can now proceed to use MinIO STS API and MinIO server to use these credentials to perform object API operations. ``` -export MINIO_ACCESS_KEY=minio -export MINIO_SECRET_KEY=minio123 +export MINIO_ROOT_USER=minio +export MINIO_ROOT_PASSWORD=minio123 export MINIO_IDENTITY_OPENID_CONFIG_URL=http://localhost:8080/auth/realms/demo/.well-known/openid-configuration export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a" minio server /mnt/data @@ -56,8 +56,8 @@ Make sure we have followed the previous step and configured each software indepe > NOTE: MinIO gateway requires etcd to be configured to use STS API. ``` -export MINIO_ACCESS_KEY=aws_access_key -export MINIO_SECRET_KEY=aws_secret_key +export MINIO_ROOT_USER=aws_access_key +export MINIO_ROOT_PASSWORD=aws_secret_key export MINIO_IDENTITY_OPENID_CONFIG_URL=http://localhost:8080/auth/realms/demo/.well-known/openid-configuration export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a" export MINIO_ETCD_ENDPOINTS=http://localhost:2379 diff --git a/docs/sts/assume-role.md b/docs/sts/assume-role.md index fba19840c..c064a44a5 100644 --- a/docs/sts/assume-role.md +++ b/docs/sts/assume-role.md @@ -91,8 +91,8 @@ http://minio:9000/?Action=AssumeRole&DurationSeconds=3600&Version=2011-06-15&Pol ## Using AssumeRole API ``` -$ export MINIO_ACCESS_KEY=minio -$ export MINIO_SECRET_KEY=minio123 +$ export MINIO_ROOT_USER=minio +$ export MINIO_ROOT_PASSWORD=minio123 $ minio server ~/test ``` diff --git a/docs/sts/client-grants.md b/docs/sts/client-grants.md index 77a671971..1cab3c058 100644 --- a/docs/sts/client-grants.md +++ b/docs/sts/client-grants.md @@ -92,8 +92,8 @@ http://minio.cluster:9000?Action=AssumeRoleWithClientGrants&DurationSeconds=3600 ## Using ClientGrants API ``` -export MINIO_ACCESS_KEY=minio -export MINIO_SECRET_KEY=minio123 +export MINIO_ROOT_USER=minio +export MINIO_ROOT_PASSWORD=minio123 export MINIO_IDENTITY_OPENID_CONFIG_URL=http://localhost:8080/auth/realms/demo/.well-known/openid-configuration export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a" minio server /mnt/export diff --git a/docs/sts/keycloak.md b/docs/sts/keycloak.md index 7f8292066..1e402c81e 100644 --- a/docs/sts/keycloak.md +++ b/docs/sts/keycloak.md @@ -38,8 +38,8 @@ Configure and install keycloak server by following [Keycloak Installation Guide] ### Configure MinIO ``` -$ export MINIO_ACCESS_KEY=minio -$ export MINIO_SECRET_KEY=minio123 +$ export MINIO_ROOT_USER=minio +$ export MINIO_ROOT_PASSWORD=minio123 $ minio server /mnt/export ``` diff --git a/docs/sts/ldap.md b/docs/sts/ldap.md index 8f31f80ad..141df8065 100644 --- a/docs/sts/ldap.md +++ b/docs/sts/ldap.md @@ -215,8 +215,8 @@ http://minio.cluster:9000?Action=AssumeRoleWithLDAPIdentity&LDAPUsername=foouser With multiple OU hierarchies for users, and multiple group search base DN's. ``` -$ export MINIO_ACCESS_KEY=minio -$ export MINIO_SECRET_KEY=minio123 +$ export MINIO_ROOT_USER=minio +$ export MINIO_ROOT_PASSWORD=minio123 $ export MINIO_IDENTITY_LDAP_SERVER_ADDR='my.ldap-active-dir-server.com:636' $ export MINIO_IDENTITY_LDAP_USERNAME_FORMAT='cn=%s,ou=Users,ou=BUS1,ou=LOB,dc=somedomain,dc=com;cn=%s,ou=Users,ou=BUS2,ou=LOB,dc=somedomain,dc=com' $ export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN='dc=minioad,dc=local;dc=somedomain,dc=com' diff --git a/docs/sts/web-identity.md b/docs/sts/web-identity.md index f2d14a5c7..d79c5998a 100644 --- a/docs/sts/web-identity.md +++ b/docs/sts/web-identity.md @@ -92,8 +92,8 @@ http://minio.cluster:9000?Action=AssumeRoleWithWebIdentity&DurationSeconds=3600& ## Using WebIdentity API ``` -export MINIO_ACCESS_KEY=minio -export MINIO_SECRET_KEY=minio123 +export MINIO_ROOT_USER=minio +export MINIO_ROOT_PASSWORD=minio123 export MINIO_IDENTITY_OPENID_CONFIG_URL=https://accounts.google.com/.well-known/openid-configuration export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a" # Optional: Allow to specify the requested OpenID scopes (OpenID only requires the `openid` scope) diff --git a/docs/throttle/README.md b/docs/throttle/README.md index 993ada709..64b48731f 100644 --- a/docs/throttle/README.md +++ b/docs/throttle/README.md @@ -15,8 +15,8 @@ Example: Limit a MinIO cluster to accept at max 1600 simultaneous S3 API request ```sh export MINIO_API_REQUESTS_MAX=1600 -export MINIO_ACCESS_KEY=your-access-key -export MINIO_SECRET_KEY=your-secret-key +export MINIO_ROOT_USER=your-access-key +export MINIO_ROOT_PASSWORD=your-secret-key minio server http://server{1...8}/mnt/hdd{1...16} ``` @@ -39,8 +39,8 @@ Example: Limit a MinIO cluster to accept at max 1600 simultaneous S3 API request ```sh export MINIO_API_REQUESTS_MAX=1600 export MINIO_API_REQUESTS_DEADLINE=2m -export MINIO_ACCESS_KEY=your-access-key -export MINIO_SECRET_KEY=your-secret-key +export MINIO_ROOT_USER=your-access-key +export MINIO_ROOT_PASSWORD=your-secret-key minio server http://server{1...8}/mnt/hdd{1...16} ``` diff --git a/docs/zh_CN/config/README.md b/docs/zh_CN/config/README.md index 9b08f7667..2025a8405 100644 --- a/docs/zh_CN/config/README.md +++ b/docs/zh_CN/config/README.md @@ -37,11 +37,11 @@ $ mc tree --files ~/.minio 你可以使用`--certs-dir`命令行选项提供自定义certs目录。 #### 凭据 -只能通过环境变量`MINIO_ACCESS_KEY` 和 `MINIO_SECRET_KEY` 更改MinIO的admin凭据和root凭据。使用这两个值的组合,MinIO加密存储在后端的配置 +只能通过环境变量`MINIO_ROOT_USER` 和 `MINIO_ROOT_PASSWORD` 更改MinIO的admin凭据和root凭据。使用这两个值的组合,MinIO加密存储在后端的配置 ``` -export MINIO_ACCESS_KEY=minio -export MINIO_SECRET_KEY=minio13 +export MINIO_ROOT_USER=minio +export MINIO_ROOT_PASSWORD=minio13 minio server /data ``` @@ -52,16 +52,16 @@ minio server /data > 旧的环境变量永远不会在内存中被记住,并且在使用新凭据迁移现有内容后立即销毁。在服务器再次成功重启后,你可以安全的删除它们。 ``` -export MINIO_ACCESS_KEY=newminio -export MINIO_SECRET_KEY=newminio123 -export MINIO_ACCESS_KEY_OLD=minio -export MINIO_SECRET_KEY_OLD=minio123 +export MINIO_ROOT_USER=newminio +export MINIO_ROOT_PASSWORD=newminio123 +export MINIO_ROOT_USER_OLD=minio +export MINIO_ROOT_PASSWORD_OLD=minio123 minio server /data ``` -迁移完成后, 服务器会自动的取消进程空间中的`MINIO_ACCESS_KEY_OLD` and `MINIO_SECRET_KEY_OLD`设置。 +迁移完成后, 服务器会自动的取消进程空间中的`MINIO_ROOT_USER_OLD` and `MINIO_ROOT_PASSWORD_OLD`设置。 -> **注意: 在下一次服务重新启动前,要确保移除脚本或者服务文件中的 `MINIO_ACCESS_KEY_OLD` and `MINIO_SECRET_KEY_OLD`, 避免现有的内容被双重加密** +> **注意: 在下一次服务重新启动前,要确保移除脚本或者服务文件中的 `MINIO_ROOT_USER_OLD` and `MINIO_ROOT_PASSWORD_OLD`, 避免现有的内容被双重加密** #### 区域 ``` diff --git a/docs/zh_CN/disk-caching/DESIGN.md b/docs/zh_CN/disk-caching/DESIGN.md index e7a7411a6..f9fc0a966 100644 --- a/docs/zh_CN/disk-caching/DESIGN.md +++ b/docs/zh_CN/disk-caching/DESIGN.md @@ -43,7 +43,7 @@ mkfs.xfs /tmp/data # build xfs filesystem on /tmp/data sudo mkdir /mnt/cache # create mount dir sudo mount -o relatime /tmp/data /mnt/cache # mount xfs on /mnt/cache with atime. docker pull minio/minio -docker run --net=host -e MINIO_ACCESS_KEY={s3-access-key} -e MINIO_SECRET_KEY={s3-secret-key} -e MINIO_CACHE_DRIVES=/cache -e MINIO_CACHE_QUOTA=99 -e MINIO_CACHE_AFTER=0 -e MINIO_CACHE_WATERMARK_LOW=90 -e MINIO_CACHE_WATERMARK_HIGH=95 -v /mnt/cache:/cache minio/minio:latest gateway s3 +docker run --net=host -e MINIO_ROOT_USER={s3-access-key} -e MINIO_ROOT_PASSWORD={s3-secret-key} -e MINIO_CACHE_DRIVES=/cache -e MINIO_CACHE_QUOTA=99 -e MINIO_CACHE_AFTER=0 -e MINIO_CACHE_WATERMARK_LOW=90 -e MINIO_CACHE_WATERMARK_HIGH=95 -v /mnt/cache:/cache minio/minio:latest gateway s3 ``` diff --git a/docs/zh_CN/distributed/README.md b/docs/zh_CN/distributed/README.md index 5409a2b32..31dc81ce4 100644 --- a/docs/zh_CN/distributed/README.md +++ b/docs/zh_CN/distributed/README.md @@ -39,7 +39,7 @@ Minio在分布式和单机模式下,所有读写操作都严格遵守**read-af *注意* -- 分布式Minio里所有的节点需要有同样的access秘钥和secret秘钥,这样这些节点才能建立联接。为了实现这个,__建议__ 在执行minio server命令之前,在所有节点上先将access秘钥和secret秘钥export成环境变量`MINIO_ACCESS_KEY` 和 `MINIO_SECRET_KEY`。 +- 分布式Minio里所有的节点需要有同样的access秘钥和secret秘钥,这样这些节点才能建立联接。为了实现这个,__建议__ 在执行minio server命令之前,在所有节点上先将access秘钥和secret秘钥export成环境变量`MINIO_ROOT_USER` 和 `MINIO_ROOT_PASSWORD`。 - __MinIO 可创建每组4到16个磁盘组成的纠删码集合。所以你提供的磁盘总数必须是其中一个数字的倍数。__ - MinIO会根据给定的磁盘总数或者节点总数选择最大的纠删码集合大小,确保统一分布,即每个节点参与每个集合的磁盘数量相等。 - __每个对象被写入一个EC集合中,因此该对象分布在不超过16个磁盘上。__ @@ -58,8 +58,8 @@ Minio在分布式和单机模式下,所有读写操作都严格遵守**read-af #### GNU/Linux 和 macOS ```shell -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio server http://host{1...n}/export{1...m} ``` @@ -71,8 +71,8 @@ minio server http://host{1...n}/export{1...m} MinIO支持通过命令,指定新的集群来扩展现有集群(纠删码模式),命令行如下: ```sh -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio server http://host{1...n}/export{1...m} http://host{o...z}/export{1...m} ``` diff --git a/docs/zh_CN/docker/README.md b/docs/zh_CN/docker/README.md index 84e45c5d0..34e6d5c81 100644 --- a/docs/zh_CN/docker/README.md +++ b/docs/zh_CN/docker/README.md @@ -8,8 +8,8 @@ MinIO 需要一个持久卷来存储配置和应用数据。不过, 如果只是 ```sh docker run -p 9000:9000 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ minio/minio server /data ``` @@ -20,8 +20,8 @@ docker run -p 9000:9000 \ docker run -p 9000:9000 \ --name minio1 \ -v /mnt/data:/data \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ minio/minio server /data ``` @@ -30,8 +30,8 @@ docker run -p 9000:9000 \ docker run -p 9000:9000 \ --name minio1 \ -v D:\data:/data \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ minio/minio server /data ``` @@ -48,8 +48,8 @@ docker run -p 9000:9000 \ #### GNU/Linux 和 macOS ```sh docker run -p 9000:9000 --name minio1 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ -v /mnt/data:/data \ minio/minio server /data ``` @@ -57,8 +57,8 @@ docker run -p 9000:9000 --name minio1 \ #### Windows ```powershell docker run -p 9000:9000 --name minio1 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \ -v D:\data:/data \ minio/minio server /data ``` @@ -75,8 +75,8 @@ mkdir -p ${HOME}/data docker run -p 9000:9000 \ --user $(id -u):$(id -g) \ --name minio1 \ - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY" \ -v ${HOME}/data:/data \ minio/minio server /data ``` @@ -90,8 +90,8 @@ docker run -p 9000:9000 \ docker run -p 9000:9000 \ --name minio1 \ --security-opt "credentialspec=file://myuser.json" - -e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \ - -e "MINIO_SECRET_KEY=wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY" \ + -e "MINIO_ROOT_USER=AKIAIOSFODNN7EXAMPLE" \ + -e "MINIO_ROOT_PASSWORD=wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY" \ -v D:\data:/data \ minio/minio server /data ``` @@ -117,8 +117,8 @@ docker service create --name="minio-service" --secret="access_key" --secret="sec docker service create --name="minio-service" \ --secret="my_access_key" \ --secret="my_secret_key" \ - --env="MINIO_ACCESS_KEY_FILE=my_access_key" \ - --env="MINIO_SECRET_KEY_FILE=my_secret_key" \ + --env="MINIO_ROOT_USER_FILE=my_access_key" \ + --env="MINIO_ROOT_PASSWORD_FILE=my_secret_key" \ minio/minio server /data ``` diff --git a/docs/zh_CN/gateway/azure.md b/docs/zh_CN/gateway/azure.md index c31bc8338..9b4e425cd 100644 --- a/docs/zh_CN/gateway/azure.md +++ b/docs/zh_CN/gateway/azure.md @@ -6,15 +6,15 @@ MinIO网关将亚马逊S3兼容性添加到微软Azure Blob存储。 ### 使用Docker ``` docker run -p 9000:9000 --name azure-s3 \ - -e "MINIO_ACCESS_KEY=azureaccountname" \ - -e "MINIO_SECRET_KEY=azureaccountkey" \ + -e "MINIO_ROOT_USER=azureaccountname" \ + -e "MINIO_ROOT_PASSWORD=azureaccountkey" \ minio/minio gateway azure ``` ### 使用二进制 ``` -export MINIO_ACCESS_KEY=azureaccountname -export MINIO_SECRET_KEY=azureaccountkey +export MINIO_ROOT_USER=azureaccountname +export MINIO_ROOT_PASSWORD=azureaccountkey minio gateway azure ``` ## 使用MinIO浏览器验证 diff --git a/docs/zh_CN/gateway/gcs.md b/docs/zh_CN/gateway/gcs.md index cb5782c64..ad80e7a79 100644 --- a/docs/zh_CN/gateway/gcs.md +++ b/docs/zh_CN/gateway/gcs.md @@ -18,16 +18,16 @@ MinIO GCS网关将亚马逊S3兼容性添加到Google云存储。 docker run -p 9000:9000 --name gcs-s3 \ -v /path/to/credentials.json:/credentials.json \ -e "GOOGLE_APPLICATION_CREDENTIALS=/credentials.json" \ - -e "MINIO_ACCESS_KEY=minioaccountname" \ - -e "MINIO_SECRET_KEY=minioaccountkey" \ + -e "MINIO_ROOT_USER=minioaccountname" \ + -e "MINIO_ROOT_PASSWORD=minioaccountkey" \ minio/minio gateway gcs yourprojectid ``` ### 使用二进制 ``` export GOOGLE_APPLICATION_CREDENTIALS=/path/to/credentials.json -export MINIO_ACCESS_KEY=minioaccesskey -export MINIO_SECRET_KEY=miniosecretkey +export MINIO_ROOT_USER=minioaccesskey +export MINIO_ROOT_PASSWORD=miniosecretkey minio gateway gcs yourprojectid ``` diff --git a/docs/zh_CN/gateway/nas.md b/docs/zh_CN/gateway/nas.md index 879d4af1e..7a807f5d7 100644 --- a/docs/zh_CN/gateway/nas.md +++ b/docs/zh_CN/gateway/nas.md @@ -5,15 +5,15 @@ MinIO网关使用NAS存储支持Amazon S3。你可以在同一个共享NAS卷上 ### 使用Docker ``` docker run -p 9000:9000 --name nas-s3 \ - -e "MINIO_ACCESS_KEY=minio" \ - -e "MINIO_SECRET_KEY=minio123" \ + -e "MINIO_ROOT_USER=minio" \ + -e "MINIO_ROOT_PASSWORD=minio123" \ minio/minio gateway nas /shared/nasvol ``` ### 使用二进制 ``` -export MINIO_ACCESS_KEY=minioaccesskey -export MINIO_SECRET_KEY=miniosecretkey +export MINIO_ROOT_USER=minioaccesskey +export MINIO_ROOT_PASSWORD=miniosecretkey minio gateway nas /shared/nasvol ``` ## 使用浏览器进行验证 diff --git a/docs/zh_CN/large-bucket/README.md b/docs/zh_CN/large-bucket/README.md index 55d5ca652..9be95bc64 100644 --- a/docs/zh_CN/large-bucket/README.md +++ b/docs/zh_CN/large-bucket/README.md @@ -22,8 +22,8 @@ MinIO的纠删码功能限制了最多只能使用16块磁盘。这就限制了 你需要有多块磁盘,例如 `/export1, /export2 .... /export24`。 然后在你想要启动MinIO的所有节点上运行以下命令。 ```sh -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio server /export{1...24} ``` @@ -31,8 +31,8 @@ minio server /export{1...24} 你需要有多块在不同服务器上的磁盘,例如`http://host1/export1, http://host2/export2 .... http://host4/export16`。 然后在你想要启动MinIO的所有节点上运行以下命令。 ```sh -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio server http://host{1...4}/export{1...16} ``` diff --git a/docs/zh_CN/multi-tenancy/README.md b/docs/zh_CN/multi-tenancy/README.md index b793572e5..c61eb4add 100644 --- a/docs/zh_CN/multi-tenancy/README.md +++ b/docs/zh_CN/multi-tenancy/README.md @@ -33,16 +33,16 @@ minio --config-dir ~/tenant3 server --address :9003 /disk1/data/tenant3 /disk2/d 以下示例在一个4节点集群中托管三个租户。在4个节点里都执行下列命令: ```sh -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio --config-dir ~/tenant1 server --address :9001 http://192.168.10.11/data/tenant1 http://192.168.10.12/data/tenant1 http://192.168.10.13/data/tenant1 http://192.168.10.14/data/tenant1 -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio --config-dir ~/tenant2 server --address :9002 http://192.168.10.11/data/tenant2 http://192.168.10.12/data/tenant2 http://192.168.10.13/data/tenant2 http://192.168.10.14/data/tenant2 -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio --config-dir ~/tenant3 server --address :9003 http://192.168.10.11/data/tenant3 http://192.168.10.12/data/tenant3 http://192.168.10.13/data/tenant3 http://192.168.10.14/data/tenant3 ``` diff --git a/docs/zh_CN/orchestration/kubernetes-yaml/README.md b/docs/zh_CN/orchestration/kubernetes-yaml/README.md index bc145d509..e5e668c13 100644 --- a/docs/zh_CN/orchestration/kubernetes-yaml/README.md +++ b/docs/zh_CN/orchestration/kubernetes-yaml/README.md @@ -121,9 +121,9 @@ spec: - /data env: # MinIO access key and secret key - - name: MINIO_ACCESS_KEY + - name: MINIO_ROOT_USER value: "minio" - - name: MINIO_SECRET_KEY + - name: MINIO_ROOT_PASSWORD value: "minio123" ports: - containerPort: 9000 @@ -273,9 +273,9 @@ spec: containers: - name: minio env: - - name: MINIO_ACCESS_KEY + - name: MINIO_ROOT_USER value: "minio" - - name: MINIO_SECRET_KEY + - name: MINIO_ROOT_PASSWORD value: "minio123" image: minio/minio:RELEASE.2017-05-05T01-14-51Z args: @@ -459,9 +459,9 @@ spec: - gcp_project_id env: # MinIO access key and secret key - - name: MINIO_ACCESS_KEY + - name: MINIO_ROOT_USER value: "minio" - - name: MINIO_SECRET_KEY + - name: MINIO_ROOT_PASSWORD value: "minio123" # Google Cloud Service uses this variable - name: GOOGLE_APPLICATION_CREDENTIALS diff --git a/docs/zh_CN/shared-backend/README.md b/docs/zh_CN/shared-backend/README.md index e574f21c1..447231e44 100644 --- a/docs/zh_CN/shared-backend/README.md +++ b/docs/zh_CN/shared-backend/README.md @@ -33,8 +33,8 @@ MinIO共享模式是为了解决在真实场景中存在的一些问题,而且 你需要将文件夹指向共享存储,比如`/path/to/nfs-volume`,然后在所有MinIO节点上运行下面的命令。 ```sh -export MINIO_ACCESS_KEY= -export MINIO_SECRET_KEY= +export MINIO_ROOT_USER= +export MINIO_ROOT_PASSWORD= minio gateway nas /path/to/nfs-volume ``` @@ -43,8 +43,8 @@ minio gateway nas /path/to/nfs-volume 你需要将文件夹指向共享存储,比如`\\remote-server\smb`. 然后在所有MinIO节点上运行下面的命令。 ```cmd -set MINIO_ACCESS_KEY=my-username -set MINIO_SECRET_KEY=my-password +set MINIO_ROOT_USER=my-username +set MINIO_ROOT_PASSWORD=my-password minio.exe gateway nas \\remote-server\smb\export ``` @@ -53,8 +53,8 @@ minio.exe gateway nas \\remote-server\smb\export 如果一个远程的volume, 比如`\\remote-server\smb`挂载成一个硬盘, 比如`M:\`. 你可以使用[`net use`](https://technet.microsoft.com/en-us/library/bb490717.aspx)命令将这块盘映射到一个文件夹。 ```cmd -set MINIO_ACCESS_KEY=my-username -set MINIO_SECRET_KEY=my-password +set MINIO_ROOT_USER=my-username +set MINIO_ROOT_PASSWORD=my-password net use m: \\remote-server\smb\export /P:Yes minio.exe gateway nas M:\export ``` diff --git a/docs/zh_CN/throttle/README.md b/docs/zh_CN/throttle/README.md index c68b01506..d2bdf7e0c 100644 --- a/docs/zh_CN/throttle/README.md +++ b/docs/zh_CN/throttle/README.md @@ -15,8 +15,8 @@ MinIO服务器允许限制传入的请求: ```sh export MINIO_API_REQUESTS_MAX=1600 -export MINIO_ACCESS_KEY=your-access-key -export MINIO_SECRET_KEY=your-secret-key +export MINIO_ROOT_USER=your-access-key +export MINIO_ROOT_PASSWORD=your-secret-key minio server http://server{1...8}/mnt/hdd{1...16} ``` @@ -39,8 +39,8 @@ mc admin service restart myminio/ ```sh export MINIO_API_REQUESTS_MAX=1600 export MINIO_API_REQUESTS_DEADLINE=2m -export MINIO_ACCESS_KEY=your-access-key -export MINIO_SECRET_KEY=your-secret-key +export MINIO_ROOT_USER=your-access-key +export MINIO_ROOT_PASSWORD=your-secret-key minio server http://server{1...8}/mnt/hdd{1...16} ``` diff --git a/minio.spec b/minio.spec index ce1eb5513..02c862d51 100644 --- a/minio.spec +++ b/minio.spec @@ -44,8 +44,8 @@ cat <> $RPM_BUILD_ROOT/etc/default/minio # Root credentials for the server. # Uncomment both lines before starting the server. -# MINIO_ACCESS_KEY=Server-Access-Key -# MINIO_SECRET_KEY=Server-Secret-Key +# MINIO_ROOT_USER=Server-Root-User +# MINIO_ROOT_PASSWORD=Server-Root-Password MINIO_OPTS="--certs-dir /etc/minio/certs" EOF