Operator Guide

This topic describes how to install and configure Minio Internal Blobstore for VMware Tanzu.

Install Minio Internal Blobstore for VMware Tanzu

To install Minio Internal Blobstore for VMware Tanzu, do the following:

  1. Download the Minio Internal Blobstore for VMware Tanzu tile from Pivotal Network.
  2. Navigate to the Ops Manager Installation Dashboard and click Import a Product to upload the tile.
  3. Under the Import a Product button, click + next to the version number of Minio Internal Blobstore for VMware Tanzu. This adds the tile to the staging area.

Configure Minio Internal Blobstore for VMware Tanzu

To configure Minio Internal Blobstore for VMware Tanzu, do the following:

  1. Click on the newly added Minio Internal Blobstore for VMware Tanzu tile.
  2. Assign AZs and Networks.
    • Configure regions.
    • Configure the Network.
    • Click Save.
  3. Configure System Domain.
    • Configure the System Domain. This should be the same System Domain that will be configured in the VMware Tanzu Application Service for VMs (TAS for VMs) tile. System Domain is used to construct the BOSH-DNS Alias for the MinIO Internal Blobstore. For ex. if System Domain is configured as system.example.com then the BOSH-DNS Alias for the MinIO Blobstore will be minio-internal-blobstore.system.example.com. This can be used as S3 endpoint in the Tanzu Application Servcie Tile.
    • Click Save.
  4. Configure Credentials.
    • Configure AccessKey for Minio, at least 5 characters. This can be left to the default value of “minio”.
    • Configure SecretKey for Minio, at least 8 characters. Type in a strong secret key.
    • The configured AccessKey and SecretKey should be used for S3 Credentials in the Tanzu Application Service Tile’s File Storage configuration.
    • Click Save.
  5. Configure bucket names.
    • Configure the bucket names. The default values can be left as is.
    • The same bucket names has to be entered in the VMware Tanzu Application Service for VMs (TAS for VMs) tile while configuring the “External S3 Compatible blobstore” section.
    • Click Save.
  6. Configure static IPs (optional)
    • Configure static IPs for minio servers. This is optional. However if the TLS Certificates needs to be configured for HTTPS access (described in the next section), then the Static IPs must be configured and also the same static IPs must be provided for TLS Certificates (described in the next section).
    • Click Save.
  7. Configure Certificates for HTTPS
    You can leave the form in the “Disable” state or “Enable” it. To enable, click “Enable” and then click “Generate RSA Certificate” Enter the MinIO BOSH-DNS Alias (ex. minio-internal-blobstore.system.example.com) and IP addresses of minio servers that was configured in the “Configure Static IPs” form. The list needs to be comma separated. (The IP addresses are not visible in the below screeshot)
    • Click Save.
  8. TAS Tile
    • Choose if TAS Tile for VMs is already installed or not. If “Yes” is chosen, routes to MinIO will be published to the Gorouter for external access (ex. cf curl).
    • Click Save.
  9. Review errands.
    • There are two post-deploy errands: one to create the default buckets, the other to do the smoke tests.
    • There is one pre-delete errand which ensures that all the buckets have been deleted before removal of the tile.
  10. Configure resources.
    • minio-server: For distributed mode, the number of instances should be an even number (atleast 4 and atmost 16). You can select the disk size based on the requirements. Usable space of the Minio cluster is calculated as (n/2)*d where n is the number of instances and d is the disk size on each instance. Half the instances store the data and the other half of the instances store the parity. The cluster can sustain n/2 number of instance failures and still be able to serve read requests. For writes, atleast (n/2)+1 number of instances should be available. For example if 6 instances are configured with each instance having 200G, total usable space will be 600G (6/2 * 200)
    • Click Save.
  11. Return to the Ops Manager Installation Dashboard and click Review Pending Changes and then Apply Changes to install the Minio Internal Blobstore tile.
  12. Note down the MinIO Internal Blobstore access details
    • Note down the BOSH DNS alias (“minio-internal-blobstore” + SystemDomain). For example if you configured SystemDomain as system.example.com , then MinIO BOSH DNS alias will be minio-internal-blobstore.system.example.com
    • Note down the AccessKey and SecretKey that was configured in step-4.
    • Note down the bucket names configured in step-5
    • The above values should to be configured in the TAS for VMs Tile’s File Storage configuration in the “External S3 Compatible blobstore” section.
    • When you save this S3 configuration in the TAS tile for VMs, it will show the following warning which can be ignored. This is because the BOSH DNS alias of MinIO will not be reachable from the Ops Manager. You can choose “Apply anyway” option. Once the VMs for the TAS tile for VMs are deployed, the BOSH DNS alias for MinIO will be resolvable in all the VMs of the TAS tile.

Inspect Minio Blobstore

Minio Client can be installed on the Ops Manager.

To inspect Minio Blobstore, do the following:

  1. To download the latest version of Minio Client, run the following commands: wget -O mc http://dl.minio.io/client/mc/release/linux-amd64/mc chmod +x mc ./mc --help

  2. To configure the Minio Client, run the following command:

    ./mc config host add myminio http://MINIO-SERVER-IP ACCESS-KEY SECRET-KEY
    

    MINIO-SERVER-IP can be one of the MinIO server’s IP address.

  3. To list buckets in Minio blobstore, run the following command:

    ./mc ls myminio
    

Enable Versioning on the buckets

MinIO’s S3 compatible bucket versioning support can be used for efficient BOSH Backup and Restore.

$ mc version enable myminio/buildpacks
$ mc version enable myminio/droplets
$ mc version enable myminio/packages

Apply lifecycle policy to the three buckets:

$ mc ilm  import myminio/test < lifecycle.json
$ mc ilm  import myminio/test < lifecycle.json
$ mc ilm  import myminio/test < lifecycle.json

lifecycle.json specifies the lifecycle policy:

{
  "Rules": [
    {
      "ID": "expire-non-current",
      "Status": "Enabled",
      "Expiration": {
        "ExpiredObjectDeleteMarker": true
      },
      "NoncurrentVersionExpiration": {
        "NoncurrentDays": 30
      }
    }
  ]
}

i.e the policy ensures that the deleted objects gets purged from the system after 30 days.

NOTE: Please note that this tile creates a deployment with the name minio-internal-blobstore. Make sure that you do not have any other custom BOSH deployment that starts with the string minio-internal-blobstore as it causes issues with MinIO’s BOSH DNS name resolution.