Minio Docker-Compose backup rancher registry cluster - HackMD

<style> html, body, .ui-content { background-color: #333; color: #ddd; } .markdown-body h1, .markdown-body h2, .markdown-body h3, .markdown-body h4, .markdown-body h5, .markdown-body h6 { color: #ddd; } .markdown-body h1, .markdown-body h2 { border-bottom-color: #ffffff69; } .markdown-body h1 .octicon-link, .markdown-body h2 .octicon-link, .markdown-body h3 .octicon-link, .markdown-body h4 .octicon-link, .markdown-body h5 .octicon-link, .markdown-body h6 .octicon-link { color: #fff; } .markdown-body img { background-color: transparent; } .ui-toc-dropdown .nav>.active:focus>a, .ui-toc-dropdown .nav>.active:hover>a, .ui-toc-dropdown .nav>.active>a { color: white; border-left: 2px solid white; } .expand-toggle:hover, .expand-toggle:focus, .back-to-top:hover, .back-to-top:focus, .go-to-bottom:hover, .go-to-bottom:focus { color: white; } .ui-toc-dropdown { background-color: #333; } .ui-toc-label.btn { background-color: #191919; color: white; } .ui-toc-dropdown .nav>li>a:focus, .ui-toc-dropdown .nav>li>a:hover { color: white; border-left: 1px solid white; } .markdown-body blockquote { color: #bcbcbc; } .markdown-body table tr { background-color: #5f5f5f; } .markdown-body table tr:nth-child(2n) { background-color: #4f4f4f; } .markdown-body code, .markdown-body tt { color: #eee; background-color: rgba(230, 230, 230, 0.36); } a, .open-files-container li.selected a { color: #5EB7E0; } </style> # Minio Docker-Compose backup rancher registry cluster :::spoiler Minio-Cert-gen-script ```shell= dns=$2 ip=$3 help() { cat <<EOF Usage: mk [OPTIONS] Available options: create create [DNS] [IP] delete delete cert test test EOF exit } ssl() { openssl genrsa -aes256 -passout pass:password -out ca.key 4096 openssl req -new -x509 -sha256 -days 365 -subj "/C=TW/ST=Taipei/L=Taipei/O=test/OU=lab/CN=example" -passin pass:password -key ca.key -out cacerts.pem openssl genrsa -out private.key 4096 openssl req -new -sha256 -subj "/CN=example" -key private.key -out cert.csr echo -e "subjectAltName=DNS:${dns},IP:${ip}\nextendedKeyUsage = serverAuth" > extfile.cnf openssl x509 -req -sha256 -days 365 -passin pass:password -in cert.csr -CA cacerts.pem -CAkey ca.key -out public.crt -extfile extfile.cnf -CAcreateserial } de() { rm ca.key cacerts.pem ca.srl cert.csr private.key public.crt extfile.cnf &>/dev/null if [ "$?" == "0" ];then echo "delete all cert ok!" else echo "delete cert fail,please check!" fi } ts() { openssl verify -CAfile cacerts.pem -verbose public.crt } case $1 in create) if [ "$#" == "3" ];then ssl else help fi ;; delete) de ;; test) ts ;; *) help ;; esac ``` ::: ```shell= vim mk chmod +x mk ./mk create [DNS] [IP] ./mk test ``` Before use Docker-file ```shell= mkdir -p minio/{data,certs} ``` Copy all certificates file to destination folder, must follow the docker compose volume directory ```shell= cp private.key public.crt $folder/certs ``` Copy rootCA to certs/CAs ```shell= cp ca.crt certs/CAs/cacerts.pem ``` Docker-compose file ```yaml= version: '3' services: minio: image: minio/minio hostname: minio.example.com ports: - 9000:9000 - 9001:9001 environment: MINIO_ACCESS_KEY: admin MINIO_SECRET_KEY: admin123 volumes: - /home/rancher/minio/data:/data - /home/rancher/minio/config:/root/.minio/ - /home/rancher/minio/certs:/root/.minio/certs command: server --console-address ':9001' /data privileged: true restart: always ``` Docker compose up minio service ```shell= docker-compose up -d ``` Minio step > Create bucket ![](https://i.imgur.com/cqVD8tc.png) > Configuration bucket Access Policy and Encryption set to disable ![](https://i.imgur.com/QjingjC.png) > Create path ![](https://i.imgur.com/U9nkOkN.png) > [Check Minio work Currently](https://min.io/docs/minio/linux/reference/minio-mc.html) ```shell= ### Download minio client binary ### curl https://dl.min.io/client/mc/release/linux-amd64/mc \ --create-dirs \ -o $HOME/minio-binaries/mc chmod +x $HOME/minio-binaries/mc export PATH=$PATH:$HOME/minio-binaries/ ``` > ACCESS_KEY=admin > SECERT_KEY=admin123 ```shell= mc alias set myminio https://minioserver.example.net ACCESS_KEY SECRET_KEY ### sample ### mc alias set minioexample https://minio.example.com:9000 peter456 peter456 ``` ```shell= rancher@pd1:~/minio-binaries> ./mc admin info minioexample ● minio.example.com:9000 Uptime: 1 hour Version: 2023-02-17T17:52:43Z Network: 1/1 OK Drives: 1/1 OK Pool: 1 Pools: 1st, Erasure sets: 1, Drives per erasure set: 1 290 MiB Used, 3 Buckets, 38 Objects 1 drive online, 0 drives offline ``` > Check Bucket Info ```shell= rancher@pd1:~/minio-binaries> ./mc tree --files minioexample/backup-1 minioexample/backup-1 └─ test2 ├─ etcd-snapshot-pd1-1677654000 ├─ etcd-snapshot-pd1-1677672000 ├─ etcd-snapshot-pd1-1677686400 ├─ etcd-snapshot-pd1-1677704400 ├─ etcd-snapshot-pd1-1677722400 ├─ on-demand-pd1-1676878539 ├─ on-demand-pd1-1676879119 ├─ on-demand-pd1-1676881380 ├─ on-demand-pd1-1676882003 ├─ on-demand-pd1-1676883745 ├─ on-demand-pd1-1676883968 ├─ on-demand-pd1-1676884753 ├─ on-demand-pd1-1676886021 ├─ on-demand-pd1-1676886321 ├─ on-demand-pd1-1676888116 ├─ on-demand-pd1-1676941965 ├─ on-demand-pd1-1676957870 ├─ on-demand-pd1-1676958962 ├─ on-demand-pd1-1676959785 ├─ on-demand-pd1-1676960842 ├─ on-demand-pd1-1676965006 ├─ on-demand-pd1-1677054009 ├─ on-demand-pd1-1677056643 ├─ on-demand-pd1-1677724677 ├─ on-demand-pd1-1677728022 └─ testfile.txt ```