系统环境
操作系统:CentOS7
以下均在同一台服务器上部署
一、Minio搭建
rpm安装minio
wget https://dl.min.io/server/minio/release/linux-amd64/minio-20210617001046.0.0.x86_64.rpm
rpm -ivh minio-20210617001046.0.0.x86_64.rpm配置minio
配置minio的启动脚本
vi /etc/systemd/system/minio.service
[Unit]
Description=Minio
Documentation=https://docs.minio.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
WorkingDirectory=/usr/local/
User=root
Group=root
PermissionsStartOnly=true
EnvironmentFile=-/etc/default/minio.conf
ExecStartPre=/bin/bash -c "[ -n \"${MINIO_VOLUMES}\" ] || echo \"Variable MINIO_VOLUMES not set in /etc/default/minio.conf\""
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
StandardOutput=journal
StandardError=inherit
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0
# SIGTERM signal is used to stop Minio
KillSignal=SIGTERM
SendSIGKILL=no
SuccessExitStatus=0
[Install]
WantedBy=multi-user.target创建存储路径
mkdir -p /data/minio/创建配置文件并编辑
vi /etc/default/minio.conf
MINIO_ROOT_USER="admin"
MINIO_ROOT_PASSWORD="******"
MINIO_VOLUMES="/data/minio/"
MINIO_OPTS="--address :443"导入第三方证书
cd /root/.minio/certs
#拷贝证书并命名为private.key public.crt
[root@minio-server certs]# ls
CAs private.key public.crt启动服务并设置开机自启动
systemctl daemon-reload
systemctl start minio
systemctl enable minio查看状态
systemctl status minio防火墙开放443端口
firewall-cmd --list-ports
firewall-cmd --add-port=443/tcp --permanent
firewall-cmd --reload
systemctl restart firewalld访问Minio地址
https://[your domain]二、MinIO Console配置
0、配置mc连接minio服务
下载安装minio客户端mc,通过mc配置minio,此处步骤省略,可参考官网
将minio服务添加到host列表,命名为minio,认证使用admin
[root@minio-server console]# mc config host add minio https://[your domain] admin
Enter Secret Key:
Added `minio` successfully.1、准备安装包
下载二进制文件console-linux-amd64,上传到服务器
[root@minio-server~]# mkdir console
[root@minio-server~]# mv console-linux-amd64 console/
[root@minio-server~]# cd console/
[root@minio-server console]# ls
console-linux-amd64
[root@minio-server console]# mv console-linux-amd64 console
[root@minio-server console]# chmod +x console2、创建用于console的账户
使用mc创建用户console
[root@minio-server console]# mc admin user add minio/ console
Enter Secret Key:
Added user `console` successfully.3、为console用户添加管理员权限
为console创建管理员policy配置文件
cat > admin.json << EOF
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"admin:*"
],
"Effect": "Allow",
"Sid": ""
},
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
],
"Sid": ""
}
]
}
EOF从admin.json创建策略,命名为console-admin
[root@minio-server console]# mc admin policy add minio/ console-admin admin.json
Added policy `console-admin` successfully.4、将策略console-admin分配给用户console
[root@minio-server console]# mc admin policy set minio/ console-admin user=console
Policy `console-admin` is set on user `console`5、启动console服务
需要先配置环境变量
# Salt to encrypt JWT payload
[root@minio-server console]# export CONSOLE_PBKDF_PASSPHRASE=SECRET
# Required to encrypt JWT payload
[root@minio-server console]# export CONSOLE_PBKDF_SALT=SECRET
# MinIO Endpoint
[root@minio-server console]# export CONSOLE_MINIO_SERVER=https://[your domain]启动console服务
[root@minio-server console]# ./console server
I: 2021/09/05 22:31:06 Serving console at http://[::]:90906、配置https服务
将环境变量写入配置文件
[root@minio-server console]# cat /etc/default/minio-console.conf
# Salt to encrypt JWT payload
CONSOLE_PBKDF_PASSPHRASE=SECRET
# Required to encrypt JWT payload
CONSOLE_PBKDF_SALT=SECRET
# MinIO Endpoint
CONSOLE_MINIO_SERVER=https://[your domain]启动过console server之后会自动在/root/目录下创建 .console/certs/ 目录
将证书文件拷贝到 .console/certs/ 再启动服务,可提供https,默认端口9090、9443
[root@minio-server ~]# cp .minio/certs/public.crt .console/certs/
[root@minio-server ~]# cp .minio/certs/private.key .console/certs/
[root@minio-server ~]# ll .console/certs/
total 8
drwx------ 2 root root 6 Sep 5 22:31 CAs
-rw-r--r-- 1 root root 1675 Sep 5 23:26 private.key
-rw-r--r-- 1 root root 3681 Sep 5 23:26 public.crt7、配置systemctl 启动服务
[root@minio-server console]# mv console /usr/local/bin/minio-console
[root@minio-server console]# cat /etc/systemd/system/minio-console.service
[Unit]
Description=Minio
ConsoleDocumentation=https://github.com/minio/console
Wants=network-online.target minio.service
After=network-online.target minio.service
AssertFileIsExecutable=/usr/local/bin/minio-console
[Service]
WorkingDirectory=/usr/local/
User=root
Group=root
PermissionsStartOnly=true
EnvironmentFile=-/etc/default/minio-console.conf
ExecStart=/usr/local/bin/minio-console server
StandardOutput=journal
StandardError=inherit
# SIGTERM signal is used to stop
MinioKillSignal=SIGTERM
SendSIGKILL=noSuccess
ExitStatus=0
[Install]
WantedBy=multi-user.target
[root@minio-server console]# systemctl start minio-console
[root@minio-server console]# systemctl enable minio-console
Created symlink from /etc/systemd/system/multi-user.target.wants/minio-console.service to /etc/systemd/system/minio-console.service.8、添加防火墙配置
[root@minio-server ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=[your source address] port port=9443 protocol=tcp accept'
[root@minio-server ~]# firewall-cmd --reload
[root@minio-server ~]# firewall-cmd --list-all浏览器访问 https://[your domain]:9443
三、配置Prometheus Dashboard
1、创建token
使用mc客户端创建Prometheus JWT bearer token
其中minio为你的minio服务名称,可通过mc config host list查看
[root@minio-server ~]# mc admin prometheus generate minio
scrape_configs:
- job_name: minio-job
bearer_token: <your token>
metrics_path: /minio/v2/metrics/cluster
scheme: https
static_configs:
- targets: [your domain]2、下载Prometheus安装包
[root@minio-server ~]# wget https://github.com/prometheus/prometheus/releases/download/v2.29.2/prometheus-2.29.2.linux-amd64.tar.gz
[root@minio-server ~]# tar zxvf prometheus-2.29.2.linux-amd64.tar.gz
[root@minio-server ~]# cd prometheus-2.29.2.linux-amd643、配置Prometheus
复制prometheus到/usr/local/bin/,prometheus.yml到/etc/promethus/
[root@minio-server prometheus-2.29.2.linux-amd64]# cp prometheus /usr/local/bin/
[root@minio-server prometheus-2.29.2.linux-amd64]# mkdir /etc/prometheus
[root@minio-server prometheus-2.29.2.linux-amd64]# cp prometheus.yml /etc/prometheus/修改prometheus.yml ,将步骤1中得到的scrape_config加到配置文件中
[root@minio-server prometheus-2.29.2.linux-amd64]# vim /etc/prometheus/prometheus.yml
scrape_configs:
- job_name: minio-job
bearer_token: <your token>
metrics_path: /minio/v2/metrics/cluster
scheme: https
static_configs:
- targets: [your domain]4、配置Prometheus服务
–web.config.file参数配置https
[root@minio-server ~]# vim /etc/prometheus/web-config.yml
# TLS and basic authentication configuration example.
#
# Additionally, a certificate and a key file are needed.
tls_server_config:
cert_file: /root/.minio/certs/public.crt
key_file: /root/.minio/certs/private.key
[root@minio-server ~]#配置systemctl服务
[root@minio-server prometheus-2.29.2.linux-amd64]# vim /etc/systemd/system/prometheus.service
[Unit]
Description=Prometheus
Documentation=https://prometheus.io/docs
Wants=network-online.target minio.service
After=network-online.target minio.service
AssertFileIsExecutable=/usr/local/bin/prometheus
[Service]
WorkingDirectory=/usr/local/
User=root
Group=root
PermissionsStartOnly=true
ExecStart=/usr/local/bin/prometheus --config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/data/prometheus --web.listen-address=:9091 --web.config.file=/etc/prometheus/web-config.yml
StandardOutput=journal
StandardError=inherit
Restart=on-failure
[Install]
WantedBy=multi-user.target5、启动服务
[root@minio-server prometheus-2.29.2.linux-amd64]# systemctl enable prometheus
[root@minio-server prometheus-2.29.2.linux-amd64]# systemctl start prometheus
[root@minio-server prometheus-2.29.2.linux-amd64]# ss -lntp|grep prom
LISTEN 0 128 :::9091 :::* users:(("prometheus",pid=119102,fd=8))6、配置minio
在minio配置文件中增加 MINIO_PROMETHEUS_URL
[root@minio-server ~]# vim /etc/default/minio.conf
MINIO_PROMETHEUS_URL="https://[your domain]:9091"
