MinIO

Purpose

To see if I can run an S3 compatible endpoint using NetAPP as the backend storage. Basically S3 isn't trusted by the team that wants to store data, but we can't open NetAPP to the internet (DUH).

Installation

^[1]

Amazon Linux 2

Attempting to run on Amazon Linux using an ARM t4g.small instance.

Basic install

sudo yum upgrade -y
sudo yum install -y https://dl.min.io/server/minio/release/linux-arm64/minio-20210825004118.0.0.aarch64.rpm
sudo mkdir /mnt/data
sudo chown ec2-user:ec2-user /mnt/data

• To test, run the following.

MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=password minio server /mnt/data --console-address ":9001"

• For systemd autostart create the config file, /etc/default/minio, with the following^[2]

MINIO_VOLUMES="/mnt/data/"
#MINIO_OPTS="--address :9199"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=password

• Some user provisioning

sudo useradd -s /sbin/nologin minio-user
sudo systemctl daemon-reload
sudo chown -R minio-user:minio-user /mnt/data
sudo systemctl start minio.service

Production Install

• Let's run on the same port as S3 by adding the following to /etc/systemd/system/minio.service under the service section

AmbientCapabilities=CAP_NET_BIND_SERVICE

• Set permissions on binary

sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/minio

Then configure the ports in /etc/default/minio

MINIO_OPTS="--console-address myminio.com:9000 --address myminio.com:443"

• Add your domain name to the hosts file pointing to the internal IP address. This is used in case you are placing behind NAT.
• Grab a cert^[3]

sudo amazon-linux-extras install -y epel
sudo yum install -y certbot
sudo certbot certonly --standalone -d myminio.com --staple-ocsp -m test@yourdomain.io --agree-tos