«

二进制部署Minio集群(多节点多驱动器)

myluzh 发布于 阅读:22 Linux


0x01 准备Minio所需的硬盘

准备了4台机子,每个机子给minio4块盘(vdb、vdc、vdd、vde)
1、所有机器4块盘都格式化成xfs格式

sudo mkfs.xfs /dev/vdb
sudo mkfs.xfs /dev/vdc
sudo mkfs.xfs /dev/vdd
sudo mkfs.xfs /dev/vde

2、挂载磁盘

# 创建挂载目录
mkdir -p /minio/data1 && mkdir -p /minio/data2 && mkdir -p /minio/data3 && mkdir -p /minio/data4
# 获取vdb到vde的uuid 写入 /etc/fstab,以便开机自动挂载。
lsblk -no NAME,UUID,MOUNTPOINT /dev/vd[b-e] | awk '$2 != "" {print "UUID="$2" /minio/data"++i" xfs defaults,noatime 0 0"}' | sudo tee -a /etc/fstab
# 所有机器尝试挂载 重新看下有没有问题
mount -a
df -h |grep minio
reboot

0x02 二进制安装minio

1、安装minio

# 下载最新版本的minio amd64架构的 二进制包
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
sudo mv minio /usr/local/bin/

2、放行端口

# 9001是web控制台
firewall-cmd --permanent --zone=public --add-port=9000/tcp
firewall-cmd --permanent --zone=public --add-port=9001/tcp
firewall-cmd --reload

3、写入service

# 写入 /usr/lib/systemd/system/minio.service
sudo tee /usr/lib/systemd/system/minio.service > /dev/null <<'EOF'
[Unit]
Description=MinIO
Documentation=https://min.io/docs/minio/linux/index.html
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
WorkingDirectory=/usr/local
User=minio-user
Group=minio-user
ProtectProc=invisible
EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
Restart=always
LimitNOFILE=65536
TasksMax=infinity
TimeoutStopSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
EOF

# 配置开机自启
systemctl enable minio

4、配置权限

默认情况下,minio.service文件以minio-user用户和组身份运行。

groupadd -r minio-user
useradd -M -r -g minio-user minio-user
chown minio-user:minio-user /minio/data1 /minio/data2 /minio/data3 /minio/data4

5、写入minio配置文件

# minio默认配置文件位于etc/default/minio
sudo tee /etc/default/minio > /dev/null <<'EOF'
MINIO_VOLUMES="http://192.168.5.{17...20}:9000/minio/data{1...4}"
MINIO_OPTS="--console-address :9001"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=admin123
#MINIO_SERVER_URL="https://minio.example.net:9000"
EOF
# 重启服务
systemctl daemon-reload
systemctl restart minio

6、开启SLL(使用http可以忽略)

如果要开启minio的ssl,只需要把配置文件里面的MINIO_VOLUMES改成https即可。如果是自签证书不仅需要私钥跟公钥,还需要把ca也放入。

# 把证书放入/home/minio-user/.minio/certs/后 需要改权限,如下:
sudo chown -R minio-user:minio-user /home/minio-user/.minio/certs/
sudo chmod 644 /home/minio-user/.minio/certs/CAs/ca.crt
sudo chmod 644 /home/minio-user/.minio/certs/public.crt
sudo chmod 600 /home/minio-user/.minio/certs/private.key
sudo systemctl restart minio

0x03 为MinIO服务器配置NGINX负载均衡

nginx配置参考如下:

upstream minio_s3 {
   least_conn;
   server 192.168.5.17:9000;
   server 192.168.5.18:9000;
   server 192.168.5.19:9000;
   server 192.168.5.20:9000;
}

upstream minio_console {
   least_conn;
   server 192.168.5.17:9001;
   server 192.168.5.18:9001;
   server 192.168.5.19:9001;
   server 192.168.5.20:9001;
}

server {
   listen       80;
   listen  [::]:80;
   server_name  minio.itho.cn;

   # Allow special characters in headers
   ignore_invalid_headers off;
   # Allow any size file to be uploaded.
   # Set to a value such as 1000m; to restrict file size to a specific value
   client_max_body_size 0;
   # Disable buffering
   proxy_buffering off;
   proxy_request_buffering off;

   location / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_connect_timeout 300;
      # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
      proxy_http_version 1.1;
      proxy_set_header Connection "";
      chunked_transfer_encoding off;

      proxy_pass https://minio_s3; # This uses the upstream directive definition to load balance
   }

   location /minio/ui/ {
      rewrite ^/minio/ui/(.*) /$1 break;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-NginX-Proxy true;

      # This is necessary to pass the correct IP to be hashed
      real_ip_header X-Real-IP;

      proxy_connect_timeout 300;

      # To support websockets in MinIO versions released after January 2023
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
      # Uncomment the following line to set the Origin request to an empty string
      # proxy_set_header Origin \'\';

      chunked_transfer_encoding off;

      proxy_pass https://minio_console; # This uses the upstream directive definition to load balance
   }
}

注意:S3 API签名计算算法不支持托管MinIO Server API(如example.net/s3/的代理方案。
您还必须为MinIO部署设置以下环境变量,默认路径为/etc/default/minio:
将MINIO_SERVER_URL设置为MinIO服务器的代理主机FQDN(https://minio.example.net
将MINIO_BROWSER_REDIRECT_URL设置为MinIO控制台的代理主机FQDN(https://example.net/minio/ui

0x04 在K8S上使用Endpoints访问Minio集群

Endpoints 的 name 必须与 Service 的 name 一致,这样 Kubernetes 才能正确关联它们。

apiVersion: v1
kind: Service
metadata:
  name: minio-external
spec:
  ports:
    - name: http-api
      port: 9000
      protocol: TCP
    - name: http-console
      port: 9001
      protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
  name: minio-external
subsets:
  - addresses:
      - ip: 192.168.5.17
      - ip: 192.168.5.18
      - ip: 192.168.5.19
      - ip: 192.168.5.20
    ports:
      - name: http-api
        port: 9000
      - name: http-console
        port: 9001

0x99 其他

关于新版本的minio控制台无法创建aksk原因:
minio最新版也就是2025-05之后的版本,在页面的控制台中取消了administrator的管理菜单,user菜单,我们常用minio的方式是部署完之后,在User中创建Access Keys,在项目配置好之后,进行API的调用,但是现在新版之后没有了,无法通过手动创建。只能通过mc(minio client)连接minio后进行创建。

参考链接

EC容量计算器 https://min.io/product/erasure-code-calculator
Deploy MinIO: Multi-Node Multi-Drive https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.html#deploy-minio-distributed
Configure NGINX Proxy for MinIO Server https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html#integrations-nginx-proxy
MINIO 最新版无法通过页面的控制台配置accesskey https://blog.csdn.net/liudongyang123/article/details/149109750

minio


正文到此结束
版权声明:若无特殊注明,本文皆为 Myluzh Blog 原创,转载请保留文章出处。
文章内容:https://itho.cn/linux/535.html
文章标题:《二进制部署Minio集群(多节点多驱动器)