minio_feature - OpenNebula/one-apps GitHub Wiki

Features and usage

This appliance comes with a preinstalled MinIO service, including the following features:

Based on MinIO release on Ubuntu 22.04 LTS
TLS configuration with self generated certificates. Enabled by default
Single-Drive and Multi-Drive deployment
Multi-Node deployment, optional as a OneFlow service template.

Contextualization

The contextualization parameters (Context Section) in the VM template controls the configuration of the service, see the table below:

Parameter	Default	Description
`ONEAPP_MINIO_ROOT_USER`	`myminioadmin`	MinIO server root account.
`ONEAPP_MINIO_ROOT_PASSWORD`	`minio-secret-key-change-me`	MinIO server root account password.
`ONEAPP_MINIO_OPTS`	`--console-address :9001`	MinIO server additional commandline options. If `--console-addresss` is omitted, MinIO will generate a dynamic port at server startup. The MinIO server outputs the port to the system log.
`ONEAPP_MINIO_HOSTNAME`	`localhost,minio-*.example.net`	Hostname for auto-generated certificates if no certificate or key are provided
`ONEAPP_MINIO_TLS_ENABLED`	`YES`	Enable TLS configuration
`ONEAPP_MINIO_TLS_CERT`		TLS Certificate. If `ONEAPP_MINIO_TLS_CERT` or `ONEAPP_MINIO_TLS_KEY` is empty, the certificates will be autogenerated with MinIO certgen.
`ONEAPP_MINIO_TLS_KEY`		TLS Key. If `ONEAPP_MINIO_TLS_CERT` or `ONEAPP_MINIO_TLS_KEY` is empty, the certificates will be autogenerated with MinIO certgen.
`ONEAPP_MINIO_MULTI`	`NO`	MinIO Multi-Node configuration. To be used with the OneFlow service template, see MinIO Multi-Node

[!Note] Do not add the option --certs-dir on the ONEAPP_MINIO_OPTS, since it is hardcoded in the scripts. The configuration scripts will append the configuration --certs-dir /opt/minio/certs to the ONEAPP_MINIO_OPTS parameter, so on the MinIO configuration file (/etc/default/minio) the MINIO_OPTS environment variable will look like this: MINIO_OPTS="${ONEAPP_MINIO_OPTS} --certs-dir /opt/minio/certs".

TLS Configuration

When the parameter ONEAPP_MINIO_TLS_ENABLED="YES" is set, the appliance will configure the MinIO deployment to use TLS by appending --certs-dir /opt/minio/certs to the MINIO_OPTS in the configuration file /etc/default/minio.

The appliance will create the folder /opt/minio/certs and two files in that location: public.crt with the contents of ONEAPP_MINIO_TLS_CERT and private.key with the contents of ONEAPP_MINIO_TLS_KEY. If either of those variables is empty, the scripts will autogenerate new certificates using the MinIO certgen tool.

[!Note] On recontextualization the scripts will skip the certificate creation if public.crt or private.key are present in /opt/minio/certs. In order to update the certificates it would be necessary to first manually delete the existing ones and then recontext the VM.

Storage volumes

The contextualization scripts will detect how many additional disks are attached to the VM on instantiation and create a partition on each of those disks, formatting it with XFS.

[!IMPORTANT] Do NOT attach additional disks to the VM once instantiated. The contextualization scripts is not prepared to handle disks reconfiguration. If you would like to resize the disks of the VM you have to do it manually under your own resposibility.

[!Note] There could be performance and / or availability constraints when deploying Multi-Drive instances, for instance if all virtual disks are created on the same phisical disk.

Persistent storage

It is possible to configure persistent images to preserve storage after MinIO instance is terminated. To achieve this it would be necessary to create a persistent image for each disk on the MinIO deployment and add them to the template.

For example, to configure a Single-Node Single-Drive deployment with persistent storage first create a persistent Datablock using the following CLI command:

$ oneimage create -d default --name MinIO-disk-1 --prefix vd --size 5G --type Datablock --persistent

Then update the template to use the persistent image:

    CONTEXT=[
        NETWORK="YES",
        ONEAPP_MINIO_HOSTNAME="$ONEAPP_MINIO_HOSTNAME",
        ONEAPP_MINIO_OPTS="$ONEAPP_MINIO_OPTS",
        ONEAPP_MINIO_ROOT_PASSWORD="$ONEAPP_MINIO_ROOT_PASSWORD",
        ONEAPP_MINIO_ROOT_USER="$ONEAPP_MINIO_ROOT_USER",
        ONEAPP_MINIO_TLS_ENABLED = "$ONEAPP_MINIO_TLS_ENABLED",
        ONEAPP_MINIO_TLS_CERT="$ONEAPP_MINIO_TLS_CERT",
        ONEAPP_MINIO_TLS_KEY="$ONEAPP_MINIO_TLS_KEY",
        SSH_PUBLIC_KEY="$USER[SSH_PUBLIC_KEY]" ]
    CPU="1"
    DISK=[
        DEV_PREFIX="vd",
        IMAGE="service-MinIO",
    IMAGE_UNAME="oneadmin" ]
    DISK=[
        IMAGE="MinIO-disk-1",
        IMAGE_UNAME="oneadmin" ]
    GRAPHICS=[
        LISTEN="0.0.0.0",
        TYPE="VNC" ]
    HOT_RESIZE=[
    CPU_HOT_ADD_ENABLED="NO",
    MEMORY_HOT_ADD_ENABLED="NO" ]
    HYPERVISOR="kvm"
    LOGO="images/logos/ubuntu.png"
    MEMORY="2048"
    MEMORY_UNIT_COST="MB"
    USER_INPUTS=[
        ONEAPP_MINIO_HOSTNAME="O|text|MinIO hostname for TLS certificate| |localhost,minio-*.example.net",
        ONEAPP_MINIO_OPTS="O|text|Additional commandline options for MinIO server| |--console-address :9001",
        ONEAPP_MINIO_ROOT_PASSWORD="O|password|MinIO root user password for MinIO server",
        ONEAPP_MINIO_ROOT_USER="O|text|MinIO root user for MinIO server| |myminioadmin",
        ONEAPP_MINIO_TLS_ENABLED = "M|boolean|Enable TLS configuration| |YES",
        ONEAPP_MINIO_TLS_CERT="O|text64|MinIO TLS certificate (.crt)| |",
        ONEAPP_MINIO_TLS_KEY="O|text64|MinIO TLS key (.key)| |" ]

To configure a Single-Node Multi-Drive instance with persistent storage, create a persistent image for each disk on the deployment and add them to the VM template. For example, a Single-Node Multi-Drive deployment using persistent disks could be like this:

    CONTEXT=[
        NETWORK="YES",
        ONEAPP_MINIO_HOSTNAME="$ONEAPP_MINIO_HOSTNAME",
        ONEAPP_MINIO_OPTS="$ONEAPP_MINIO_OPTS",
        ONEAPP_MINIO_ROOT_PASSWORD="$ONEAPP_MINIO_ROOT_PASSWORD",
        ONEAPP_MINIO_ROOT_USER="$ONEAPP_MINIO_ROOT_USER",
        ONEAPP_MINIO_TLS_ENABLED = "$ONEAPP_MINIO_TLS_ENABLED",
        ONEAPP_MINIO_TLS_CERT="$ONEAPP_MINIO_TLS_CERT",
        ONEAPP_MINIO_TLS_KEY="$ONEAPP_MINIO_TLS_KEY",
        SSH_PUBLIC_KEY="$USER[SSH_PUBLIC_KEY]" ]
    CPU="1"
    DISK=[
        DEV_PREFIX="vd",
        IMAGE="service-MinIO",
    IMAGE_UNAME="oneadmin" ]
    DISK=[
        IMAGE="MinIO-disk-1",
        IMAGE_UNAME="oneadmin" ]
    DISK=[
        IMAGE="MinIO-disk-2",
        IMAGE_UNAME="oneadmin" ]
    DISK=[
        IMAGE="MinIO-disk-3",
        IMAGE_UNAME="oneadmin" ]
    DISK=[
        IMAGE="MinIO-disk-4",
        IMAGE_UNAME="oneadmin" ]
    GRAPHICS=[
        LISTEN="0.0.0.0",
        TYPE="VNC" ]
    HOT_RESIZE=[
    CPU_HOT_ADD_ENABLED="NO",
    MEMORY_HOT_ADD_ENABLED="NO" ]
    HYPERVISOR="kvm"
    LOGO="images/logos/ubuntu.png"
    MEMORY="2048"
    MEMORY_UNIT_COST="MB"
    USER_INPUTS=[
        ONEAPP_MINIO_HOSTNAME="O|text|MinIO hostname for TLS certificate| |localhost,minio-*.example.net",
        ONEAPP_MINIO_OPTS="O|text|Additional commandline options for MinIO server| |--console-address :9001",
        ONEAPP_MINIO_ROOT_PASSWORD="O|password|MinIO root user password for MinIO server",
        ONEAPP_MINIO_ROOT_USER="O|text|MinIO root user for MinIO server| |myminioadmin",
        ONEAPP_MINIO_TLS_ENABLED = "M|boolean|Enable TLS configuration| |YES",
        ONEAPP_MINIO_TLS_CERT="O|text64|MinIO TLS certificate (.crt)| |",
        ONEAPP_MINIO_TLS_KEY="O|text64|MinIO TLS key (.key)| |" ]

Next: Multi-Node