High Performance Object Storage for AI
Go to file
Andreas Auernhammer a6f4cf61f2 add UpdateKey method to KMS interface (#7974)
This commit adds a new method `UpdateKey` to the KMS
interface.

The purpose of `UpdateKey` is to re-wrap an encrypted
data key (the key generated & encrypted with a master key by e.g.
Vault).
For example, consider Vault with a master key ID: `master-key-1`
and an encrypted data key `E(dk)` for a particular object. The
data key `dk` has been generated randomly when the object was created.
Now, the KMS operator may "rotate" the master key `master-key-1`.
However, the KMS cannot forget the "old" value of that master key
since there is still an object that requires `dk`, and therefore,
the `D(E(dk))`.
With the `UpdateKey` method call MinIO can ask the KMS to decrypt
`E(dk)` with the old key (internally) and re-encrypted `dk` with
the new master key value: `E'(dk)`.

However, this operation only works for the same master key ID.
When rotating the data key (replacing it with a new one) then
we perform a `UnsealKey` operation with the 1st master key ID
and then a `GenerateKey` operation with the 2nd master key ID.

This commit also updates the KMS documentation and removes
the `encrypt` policy entry (we don't use `encrypt`) and
add a policy entry for `rewarp`.
2019-08-01 15:47:47 -07:00
.github Simplify PR template to ease new contributors' workflow (#7844) 2019-06-27 15:47:46 -07:00
browser Bump lodash from 4.17.4 to 4.17.14 in /browser (#7912) 2019-07-11 16:44:47 -07:00
buildscripts Use GOPROXY to speed up builds (#7984) 2019-07-30 22:27:11 +05:30
cmd add UpdateKey method to KMS interface (#7974) 2019-08-01 15:47:47 -07:00
dockerscripts Remove file added inadvertently (#7968) 2019-07-23 18:51:54 -07:00
docs add UpdateKey method to KMS interface (#7974) 2019-08-01 15:47:47 -07:00
mint Use GOPROXY to speed up builds (#7984) 2019-07-30 22:27:11 +05:30
pkg fix: add integer code for Windows Subsystem for Linux filesystem (#8010) 2019-08-01 06:00:57 -07:00
.gitignore Deprecate auto detection of container user (#7930) 2019-07-17 19:20:55 +01:00
.jshintrc browser: Listing should append instead of replacing previous listing (#4188) 2017-04-28 09:30:26 -07:00
.mailmap Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 11:39:42 -07:00
.mention-bot Add mention-bot config 2016-05-20 13:53:15 -07:00
.travis.yml Use GOPROXY to speed up builds (#7984) 2019-07-30 22:27:11 +05:30
CONTRIBUTING.md doc: use make instead of go command to test changes (#7951) 2019-07-19 14:40:39 +01:00
Dockerfile Add KMS master key from Docker secret (#7825) 2019-07-17 20:55:26 +01:00
Dockerfile.dev Add KMS master key from Docker secret (#7825) 2019-07-17 20:55:26 +01:00
Dockerfile.mint Fix mint hub.docker.com builds (#7908) 2019-07-11 11:45:57 -07:00
Dockerfile.release Add KMS master key from Docker secret (#7825) 2019-07-17 20:55:26 +01:00
Dockerfile.simpleci Use GOPROXY to speed up builds (#7984) 2019-07-30 22:27:11 +05:30
go.mod Update yaml files to latest version RELEASE.2019-08-01T22-18-54Z 2019-08-01 22:27:41 +00:00
go.sum Update yaml files to latest version RELEASE.2019-08-01T22-18-54Z 2019-08-01 22:27:41 +00:00
hound.yml browser: Listing should append instead of replacing previous listing (#4188) 2017-04-28 09:30:26 -07:00
LICENSE Initial commit 2014-10-30 21:51:52 -07:00
main.go Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 11:39:42 -07:00
MAINTAINERS.md Fix typo (#5960) 2018-05-22 08:09:30 +05:30
Makefile Use GOPROXY to speed up builds (#7984) 2019-07-30 22:27:11 +05:30
minio.spec Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 11:39:42 -07:00
NOTICE Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 11:39:42 -07:00
README_zh_CN.md Removes the incorrect coverage badge from the docs (#7651) 2019-05-16 12:11:49 +05:30
README.md Use GOPROXY to speed up builds (#7984) 2019-07-30 22:27:11 +05:30
SECURITY.md Create SECURITY.md (#7692) 2019-06-06 16:56:43 -07:00
staticcheck.conf Preserve ETag case for S3 compatibility (#7498) 2019-04-08 16:54:46 -07:00

MinIO Quickstart Guide

Slack Go Report Card Docker Pulls

MinIO is an object storage server released under Apache License v2.0. It is compatible with Amazon S3 cloud storage service. It is best suited for storing unstructured data such as photos, videos, log files, backups and container / VM images. Size of an object can range from a few KBs to a maximum of 5TB.

MinIO server is light enough to be bundled with the application stack, similar to NodeJS, Redis and MySQL.

Docker Container

Stable

docker pull minio/minio
docker run -p 9000:9000 minio/minio server /data

Edge

docker pull minio/minio:edge
docker run -p 9000:9000 minio/minio:edge server /data

Note: Docker will not display the autogenerated keys unless you start the container with the -it(interactive TTY) argument. Generally, it is not recommended to use autogenerated keys with containers. Please visit MinIO Docker quickstart guide for more information here

macOS

Homebrew

Install minio packages using Homebrew

brew install minio/stable/minio
minio server /data

NOTE: If you previously installed minio using brew install minio then it is recommended that you reinstall minio from minio/stable/minio official repo instead.

brew uninstall minio
brew install minio/stable/minio

Binary Download

Platform Architecture URL
Apple macOS 64-bit Intel https://dl.min.io/server/minio/release/darwin-amd64/minio
chmod 755 minio
./minio server /data

GNU/Linux

Binary Download

Platform Architecture URL
GNU/Linux 64-bit Intel https://dl.min.io/server/minio/release/linux-amd64/minio
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
./minio server /data
Platform Architecture URL
GNU/Linux ppc64le https://dl.min.io/server/minio/release/linux-ppc64le/minio
wget https://dl.min.io/server/minio/release/linux-ppc64le/minio
chmod +x minio
./minio server /data

Microsoft Windows

Binary Download

Platform Architecture URL
Microsoft Windows 64-bit https://dl.min.io/server/minio/release/windows-amd64/minio.exe
minio.exe server D:\Photos

FreeBSD

Port

Install minio packages using pkg

pkg install minio
sysrc minio_enable=yes
sysrc minio_disks=/home/user/Photos
service minio start

Install from Source

Source installation is only intended for developers and advanced users. If you do not have a working Golang environment, please follow How to install Golang. Minimum version required is go1.12

GOPROXY=https://proxy.golang.org GO111MODULE=on go get github.com/minio/minio

Allow port access for Firewalls

By default MinIO uses the port 9000 to listen for incoming connections. If your platform blocks the port by default, you may need to enable access to the port.

iptables

For hosts with iptables enabled (RHEL, CentOS, etc), you can use iptables command to enable all traffic coming to specific ports. Use below command to allow access to port 9000

iptables -A INPUT -p tcp --dport 9000 -j ACCEPT
service iptables restart

Below command enables all incoming traffic to ports ranging from 9000 to 9010.

iptables -A INPUT -p tcp --dport 9000:9010 -j ACCEPT
service iptables restart

ufw

For hosts with ufw enabled (Debian based distros), you can use ufw command to allow traffic to specific ports. Use below command to allow access to port 9000

ufw allow 9000

Below command enables all incoming traffic to ports ranging from 9000 to 9010.

ufw allow 9000:9010/tcp

firewall-cmd

For hosts with firewall-cmd enabled (CentOS), you can use firewall-cmd command to allow traffic to specific ports. Use below commands to allow access to port 9000

firewall-cmd --get-active-zones

This command gets the active zone(s). Now, apply port rules to the relevant zones returned above. For example if the zone is public, use

firewall-cmd --zone=public --add-port=9000/tcp --permanent

Note that permanent makes sure the rules are persistent across firewall start, restart or reload. Finally reload the firewall for changes to take effect.

firewall-cmd --reload

Test using MinIO Browser

MinIO Server comes with an embedded web based object browser. Point your web browser to http://127.0.0.1:9000 ensure your server has started successfully.

Screenshot

Test using MinIO Client mc

mc provides a modern alternative to UNIX commands like ls, cat, cp, mirror, diff etc. It supports filesystems and Amazon S3 compatible cloud storage services. Follow the MinIO Client Quickstart Guide for further instructions.

Pre-existing data

When deployed on a single drive, MinIO server lets clients access any pre-existing data in the data directory. For example, if MinIO is started with the command minio server /mnt/data, any pre-existing data in the /mnt/data directory would be accessible to the clients.

The above statement is also valid for all gateway backends.

Explore Further

Contribute to MinIO Project

Please follow MinIO Contributor's Guide

License

FOSSA Status