minio迁移到c2000
版本说明
os:Ubuntu Server 22.04.4 LTS
docker:5:25.0.3-1~ubuntu.22.04~jammy
minio:RELEASE.2021-10-27T16-29-42Z.fips
服务器配置
配置root 用户
bash
sudo passwd root例如
ubuntu@ubuntu:~$ sudo passwd root
New password:
Retype new password:
passwd: password updated successfully首次输入普通用户密码,再输入root密码,按回车完成
设置时区
检查时区
bash
timedatectl例如
ubuntu@ubuntu:~$ timedatectl
Local time: Tue 2024-03-05 02:07:45 UTC
Universal time: Tue 2024-03-05 02:07:45 UTC
RTC time: Tue 2024-03-05 02:02:50
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no修改时区为 Asia/Shanghai
bash
timedatectl set-timezone Asia/Shanghai输出
ubuntu@ubuntu:~$ timedatectl
Local time: Tue 2024-03-05 10:08:07 CST
Universal time: Tue 2024-03-05 02:08:07 UTC
RTC time: Tue 2024-03-05 02:03:02
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no需要使用root 权限
配置ssh
bash
sudo vim /etc/ssh/sshd_config修改如下内容
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
MaxSessions 10重启ssh服务
bash
sudo systemctl restart sshd.service静态IP设置
安装 openvswitch-switch
bash
sudo apt install openvswitch-switch -y备份
bash
sudo cp /etc/netplan/00-installer-config.yaml /etc/netplan/00-installer-config.yaml.bak编辑配置文件
bash
sudo vim /etc/netplan/00-installer-config.yaml动态ip (默认)
# This is the network config written by 'subiquity'
network:
ethernets:
enp0s3:
dhcp4: true
version: 2静态ip
# This is the network config written by 'subiquity'
network:
ethernets:
enp0s3:
addresses:
- 192.168.100.17/23
nameservers:
addresses:
- 223.5.5.5
- 223.6.6.6
search: []
routes:
- to: default
via: 192.168.100.1
version: 2应用配置
bash
sudo netplan apply安装docker
设置 Docker apt 的存储库。
bash
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update列出可用版本
bash
apt-cache madison docker-ce | awk '{ print $3 }'输出如下
5:25.0.3-1~ubuntu.22.04~jammy
5:25.0.2-1~ubuntu.22.04~jammy
5:25.0.1-1~ubuntu.22.04~jammy
......选择所需的版本并安装:
VERSION_STRING=5:25.0.3-1~ubuntu.22.04~jammy
sudo apt-get install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING containerd.io docker-buildx-plugin docker-compose-plugin通过运行 hello-world 映像来验证 Docker 引擎安装是否成功。
bash
sudo docker run hello-world若要安装最新版本,请运行:
bash
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin安装 docker-compose
要下载并安装 Compose 单机版,请运行:
bash
curl -SL https://github.com/docker/compose/releases/download/v2.24.6/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose配置软连接
bash
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose设置执行权限
bash
chmod +x /usr/bin/docker-compose测试
bash
docker-compose version预计输出
Docker Compose version v2.24.6
使用docker-compose 部署minio
创建工作目录
bash
mkdir -p /root/minio进入工作目录
bash
cd /root/minio创建docker-compose.yaml配置文件
bash
touch docker-compose.yaml编辑文件
bash
vim docker-compose.yaml复制以下内容:
yaml
version: "3.2"
services:
minio:
image: minio/minio:RELEASE.2021-10-27T16-29-42Z.fips
container_name: minio
hostname: minio
restart: always
command: server /data --console-address ":9001"
ports:
- "9000:9000"
- "9001:9001"
environment:
MINIO_ROOT_USER: "admin"
MINIO_ROOT_PASSWORD: "minioadmin"
volumes:
- minio-data:/data
volumes:
minio-data:拉去镜像
bash
docker-compose pull启动minio服务
bash
docker-compose up -d创建Bucket
authentication
career
cases
cases-export
class-export
classes
datasets
homeworks
instances
labs
online-judge
personnel
portal
professions
projects
projects-export
public
resource-library
sys
teacher-develop
temp
tenants
trainings
userdata
video使用AWS CLI结合Minio
安装 AWS CLI
AWS 命令行界面:https://aws.amazon.com/cn/cli/
Windows下载并运行 64 位 Windows 安装程序。
MacOS 下载并运行 MacOS PKG 安装程序。
Linux
下载、解压缩,然后运行 Linux 安装程序
检查安装
C:\Users\heyuq>aws --version
aws-cli/2.15.24 Python/3.11.6 Windows/10 exe/AMD64 prompt/off看到版本号输出说明安装AWS CLI 成功。
配置AWS CLI 权限和认证信息
列出配置清单(默认情况)
C:\Users\heyuq>aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region <not set> None None初始化配置
命令格式:aws configure --profile <profilename>,如果不指定--profile默认为default
- 初始化默认环境
powershell
aws configure- 初始化dev 环境
powershell
aws configure --profile dev输入如下信息
C:\Users\heyuq>aws configure
AWS Access Key ID [None]: admin
AWS Secret Access Key [None]: minioadmin
Default region name [None]: us-east-1
Default output format [None]: text操作完成后会在用户目录下生成 .aws目录,该目录下包含两个文件 config 和 credentials 。
C:\Users\heyuq\.awsconfig
[default]
region = us-east-1
output = text
s3 =
signature_version = s3v4credentials
[default]
aws_access_key_id = admin
aws_secret_access_key = minioadmin配置 endpoint_url
编译config文件,添加endpoint_url配置
[default]
endpoint_url = http://192.168.100.17:9000
region = us-east-1
output = text
[profile dev]
endpoint_url = http://192.168.101.213:9000
region = us-east-1
output = text测试
首先通过minio console创建桶 authentication
- 列出本地环境桶列表
powershell
aws s3 lsC:\Users\heyuq>aws s3 ls
2024-03-05 13:21:02 authentication- 列出开发环境桶列表
powershell
aws s3 ls --profile dev使用AWS CLI批量创建S3 buckets
PowerShell 的执行策略决定了脚本的运行方式。有以下几种执行策略:
- Restricted:默认的执行策略,不允许任何脚本运行。
- AllSigned:只允许运行由可信发布者签名的脚本。
- RemoteSigned:允许运行本地脚本和由可信发布者签名的远程脚本。
- Unrestricted:允许运行所有脚本。
为了解决这个问题,你可以采取以下步骤:
- 查看当前的执行策略: 在 PowerShell 中输入
Get-ExecutionPolicy,然后按 Enter。这将显示当前的执行策略。 - 更改执行策略: 如果你确定要运行该脚本并信任其来源,你可以更改执行策略。但请注意,这可能会带来安全风险。以下是如何更改执行策略的示例:
- 要将执行策略更改为
RemoteSigned,输入:Set-ExecutionPolicy RemoteSigned - 要将执行策略更改为
Unrestricted(不推荐,除非你确定脚本是安全的),输入:Set-ExecutionPolicy Unrestricted然后,系统会提示你确认更改。输入Y并按 Enter。
- 要将执行策略更改为
- 运行脚本: 更改执行策略后,你应该能够运行
CreateBuckets.ps1脚本。
CreateBuckets.ps1
powershell
param (
[Parameter(Mandatory=$true)]
[string]$InputFile
)
# 检查输入文件是否存在
if (!(Test-Path $InputFile)) {
Write-Host "Error: Input file $InputFile does not exist."
exit 1
}
# 读取bucket名称列表
Get-Content $InputFile | ForEach-Object {
$bucketName = $_.Trim()
# 跳过空行和已存在的buckets
if ([string]::IsNullOrWhiteSpace($bucketName) -or (aws s3api head-bucket --bucket $bucketName --region us-east-1 --query 'ResponseMetadata.HTTPStatusCode' | ConvertFrom-Json -ErrorAction SilentlyContinue) -eq 200) {
return
}
# 尝试创建bucket
$result = aws s3api create-bucket --bucket $bucketName --region us-east-1
# 检查命令是否成功
if ($result.StartsWith("An error occurred")) {
Write-Host "Failed to create bucket ${bucketName}:${result}"
} else {
Write-Host "Bucket $bucketName created successfully."
}
}脚本接受一个参数$InputFile,这个参数应该是一个包含bucket名称列表的文本文件的路径。脚本会逐行读取这个文件,并尝试在us-east-1区域中为每个名称创建一个bucket。如果bucket已经存在,脚本会跳过它。
保存脚本文件后,你可以通过PowerShell运行它,并传递包含bucket名称列表的文本文件作为参数:
powershell
.\CreateBuckets.ps1 -InputFile .\buckets.txtcreate_buckets.sh
创建一个名为create_buckets.sh的文件,并添加以下内容:
BASH
#!/bin/bash
# 检查是否提供了输入文件
if [ $# -ne 1 ]; then
echo "Usage: $0 <input_file>"
echo "Where <input_file> is a file containing a list of bucket names, each on a new line."
exit 1
fi
# 检查输入文件是否存在
if [ ! -f "$1" ]; then
echo "Error: Input file $1 does not exist."
exit 1
fi
# 读取bucket名称列表
while IFS= read -r bucket_name
do
# 跳过空行
if [ -z "$bucket_name" ]; then
continue
fi
# 尝试创建bucket
aws s3api create-bucket --bucket "$bucket_name" --region us-east-1
# 检查命令是否成功
if [ $? -eq 0 ]; then
echo "Bucket $bucket_name created successfully."
else
echo "Failed to create bucket $bucket_name."
fi
done < "$1"此脚本接受一个参数,即包含bucket名称列表的文件的路径。脚本将读取此文件中的每个名称,并尝试在us-east-1 区域中创建一个bucket。你可以根据需要更改区域。
保存并关闭文件后,使其可执行:
bash
chmod +x create_buckets.shbuckets.txt
buckets.txt是一个包含bucket名称的文件,每个名称占一行。
authentication
career
cases
cases-export
class-export
classes
datasets
homeworks
instances
labs
online-judge
personnel
portal
professions
projects
projects-export
public
resource-library
sys
teacher-develop
temp
tenants
trainings
userdata
video然后,运行脚本并提供包含bucket名称列表的文件作为参数:
bash
./create_buckets.sh buckets.txt确保有足够的权限来创建buckets,并且bucket名称是唯一的。如果尝试创建的bucket名称已经存在,AWS CLI将返回一个错误。
使用AWS CLI批量创建桶策略
aws s3api get-bucket-policy --bucket sys --profile dev输出
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":["*"]},"Action":["s3:GetBucketLocation"],"Resource":["arn:aws:s3:::sys"]},{"Effect":"Allow","Principal":{"AWS":["*"]},"Action":["s3:ListBucket"],"Resource":["arn:aws:s3:::sys"],"Condition":{"StringEquals":{"s3:prefix":["excle/*","excel/*"]}}},{"Effect":"Allow","Principal":{"AWS":["*"]},"Action":["s3:GetObject"],"Resource":["arn:aws:s3:::sys/excle/**","arn:aws:s3:::sys/excel/**"]}]}将输出内容保存成 sys.json
powershell
aws s3api get-bucket-policy --bucket sys --profile dev > sys.jsonaws s3api put-bucket-policy --bucket sys --policy file://policy/sys.json
sys.json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::sys"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::sys"
],
"Condition": {
"StringEquals": {
"s3:prefix": [
"excle/*",
"excel/*"
]
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::sys/excle/**",
"arn:aws:s3:::sys/excel/**"
]
}
]
}逐条执行一下命令
powershell
aws s3api get-bucket-policy --bucket authentication --profile dev > authentication.json
aws s3api get-bucket-policy --bucket cases --profile dev > cases.json
aws s3api get-bucket-policy --bucket career --profile dev > career.json
aws s3api get-bucket-policy --bucket cases-export --profile dev > cases-export.json
aws s3api get-bucket-policy --bucket class-export --profile dev > class-export.json
aws s3api get-bucket-policy --bucket classes --profile classes > sys.json
aws s3api get-bucket-policy --bucket datasets --profile datasets > sys.json
aws s3api get-bucket-policy --bucket homeworks --profile homeworks > sys.json
aws s3api get-bucket-policy --bucket instances --profile instances > sys.json
aws s3api get-bucket-policy --bucket labs --profile dev > labs.json
aws s3api get-bucket-policy --bucket online-judge --profile dev > online-judge.json
aws s3api get-bucket-policy --bucket personnel --profile dev > personnel.json
aws s3api get-bucket-policy --bucket portal --profile dev > portal.json
aws s3api get-bucket-policy --bucket professions --profile dev > professions.json
aws s3api get-bucket-policy --bucket projects --profile dev > projects.json
aws s3api get-bucket-policy --bucket projects-export --profile dev > projects-export.json
aws s3api get-bucket-policy --bucket public --profile dev > public.json
aws s3api get-bucket-policy --bucket resource-library --profile dev > resource-library.json
aws s3api get-bucket-policy --bucket sys --profile dev > sys.json
aws s3api get-bucket-policy --bucket teacher-develop --profile teacher-develop > sys.json
aws s3api get-bucket-policy --bucket temp --profile dev > temp.json
aws s3api get-bucket-policy --bucket tenants --profile dev > tenants.json
aws s3api get-bucket-policy --bucket trainings --profile dev > trainings.json
aws s3api get-bucket-policy --bucket userdata --profile dev > userdata.json
aws s3api get-bucket-policy --bucket video --profile dev > video.jsonbuckets.txt
buckets.txt是一个包含bucket名称的文件,每个名称占一行。
authentication
career
cases
cases-export
class-export
classes
datasets
homeworks
instances
labs
online-judge
personnel
portal
professions
projects
projects-export
public
resource-library
sys
teacher-develop
temp
tenants
trainings
userdata
videoSetBucketPolicies.ps1
powershell
param (
[Parameter(Mandatory=$true)]
[string]$InputFile
)
# 检查输入文件是否存在
if (!(Test-Path $InputFile)) {
Write-Host "Error: Input file $InputFile does not exist."
exit 1
}
# 读取bucket名称列表
Get-Content $InputFile | ForEach-Object {
$bucketName = $_.Trim()
# 跳过空行和已存在的buckets
if ([string]::IsNullOrWhiteSpace($bucketName) -or (aws s3api head-bucket --bucket $bucketName --region us-east-1 --query 'ResponseMetadata.HTTPStatusCode' | ConvertFrom-Json -ErrorAction SilentlyContinue) -eq 200) {
return
}
# 尝试创建bucket
$result = aws s3api create-bucket --bucket $bucketName --region us-east-1
# 检查命令是否成功
if ($result.StartsWith("An error occurred")) {
Write-Host "Failed to create bucket ${bucketName}:${result}"
} else {
Write-Host "Bucket $bucketName created successfully."
}
}脚本接受一个参数$InputFile,这个参数应该是一个包含bucket名称列表的文本文件的路径。脚本会逐行读取这个文件,并尝试在us-east-1区域中为每个名称创建一个bucket。如果bucket已经存在,脚本会跳过它。
保存脚本文件后,你可以通过PowerShell运行它,并传递包含bucket名称列表的文本文件作为参数:
powershell
.\SetBucketPolicies.ps1 -InputFile .\buckets.txt