MinIO | High Performance, Kubernetes Native Object Storage
MinIO is a great solution when you need to easily organize object storage. Basic configuration, multiple platforms and good performance have done their job in the field of popular love. So we had no choice but to declare Veeam Backup & Replication and MinIO compatibility a month ago. Including such an important function as Immutability. In fact, MinIO has a whole section in the documentation dedicated to our integration.
So today we will talk about how to:
- Set up the Mini very quickly.
- Set up the Mini a little less quickly,but much better.
- Use it as an Archive Tier for a scalable Veeam SOBR repository.
What are you?
A brief introduction for those who have not encountered Mini. This is an open source object storage that is compatible with the Amazon S3 API. It is released under the Apache v2 license and adheres to the philosophy of Spartan minimalism.
In other words, it doesn’t have a large GUI with dashboards, graphs, and numerous menus. MinIO simply starts its server with a single command, where you can simply store data using the full power of the S3 API. But it should be noted that this simplicity can be deceptive when it comes to the resources used. RAM and CPU are absorbed perfectly, but the reasons will be discussed below. And, by the way, such combines as FreeNAS and TrueNAS use MinIO under the hood.
This is the end of the introduction.
Setting up MinIO is very fast
Setting it up is so fast that we’ll cover it for Linux. There are options for decor, for Kubernetics, and even for MacOS, but the meaning will be the same everywhere.
If you already have Docker configured and installed, just skip this step. If Docker is not installed, install it using one of the guides: Ubuntu 16.04 and 18.04, Debian 9 and 10, Centos 7, and proceed to the next step.
First, you need to come up with an access key and a secret key that you and your apps will use to access the storage:
cat /proc/cpuinfo /proc/iomem | sha512sum | awk '{print "\nkey = " substr($1,1,24) "\nsecret = " substr($1,25,64) }'key = dd4168999dcf44e3e036b63bsecret = 2c6d377b20cf06fa8b825f1c2772b0aeb8125ab31fbc264d85915d920f21becd
Remember and save the generated data. Now let’s launch the Mini container itself, specifying the data generated in the previous step in the MEDIA_ACCESS_KEY and MINI_SECRET_KEY variables:
sudo mkdir -p /mnt/minio/data
sudo mkdir -p /mnt/minio/configsudo docker run
-d --restart=always -p 9000:9000 --name minio \
-e "MINIO_ACCESS_KEY=dd4168999dcf44e3e036b63b" \
-e "MINIO_SECRET_KEY=2c6d377b20cf06...125ab31fbc264d85915d920f21becd" \
-v /mnt/minio/data:/data \
-v /mnt/minio/config:/root/.minio \
minio/minio server /data
The directory where minio will store data — /mnt/minio/data, settings /mnt/minio/config. If necessary, you can mount an external device with a large volume in /mnt/mini / data.
Now you can log in to Mini via the web interface using the server IP and port 9000, for example, http://ngx.cs2.netpoint-dc.com:9000/minio/:
Now you can work with the storage using programs that support the S3 Protocol. Mini also has its own utility called mc.
Configuring secure access using Nginx and Let’s Encrypt
If you want to use external Nginx to manage traffic to the container, replace: “9000:9000” with “127.0.0.1:9000:9000” and stop the containers and recreate the minio:
sudo docker rm -f miniosudo docker run -d --restart=always -p 9000:9000 --name minio \
-e "MINIO_ACCESS_KEY=dd4168999dcf44e3e036b63b" \
-e "MINIO_SECRET_KEY=2c6d377b20cf06...125ab31fbc264d85915d920f21becd"\
-v /mnt/minio/data:/data \
-v /mnt/minio/config:/root/.minio \
minio/minio server /data
Now access to your container from outside will be closed.
Go to our guide for configuring proxying using Nginx with let’s Encrypt certificate support: Ubuntu 16.04 and 18.04, Debian 9 and 10, CentOS 7. to complete the configuration of your blog, change the “upstream” and “location /” sections in Nginx to look like this:
upstream minio {
server 127.0.0.1:9000;
}
...
server {
....
location / {
proxy_pass http://minio/;
}
...
}Check the correct settings and restart nginx:
sudo nginx -t && sudo service nginx restartAfter completing this step, the Minio interface and API will be available for the domain name you selected that supports the Let’s Encrypt certificate.
That’s all for now. We have created secure storage and are ready to move to integration with Veeam.
MinIO и Veeam
Well, the preparations are over, let’s open the VBR interface and go to the Backup Infrastructure tab, where we will call the wizard for adding a new repository.
Of course, we are interested in Object storage, namely S3 Compatible. In the wizard that opens, set the name, go through the steps with the address and account. If necessary, do not forget to specify the gate through which requests to the storage will be proxied.
Then select the bouquet, folder and tick Make present back ups immutable. Or we don’t. But since we have made a repository with support for this function, it will be a sin not to use it.
Next > Finish and enjoy the result.
Now you need to add it to the SOBR repository as a Capacity Tier. To do this, either create a new one or edit an existing one. We are interested in the Capacity Tier step.
Here we need to choose which scenario we will work with.
And when the wizard is finished, tasks for copying or transferring backups will be automatically started. However, if you don’t plan to load all the systems at once, then be sure to set acceptable intervals for using the Window button.
And, of course, you can make separate Backup Copy tasks. Some believe that this is even more convenient, since they are somewhat more transparent and predictable for the user who does not want to delve into the details of the operation of the capacity shooting gallery. And there are enough details there, so once again I recommend the corresponding article at the link above.
