Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Minor fixes for several smaller issues #1380

Merged
merged 2 commits into from
Dec 4, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions source/administration/batch-framework-job-keyrotate.rst
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,6 @@ Required Fields
* - ``key:``
- Only for use with the ``sse-kms`` type.
The key to use to unseal the key vault.
* - ``context:``
- Only for use with the ``sse-kms`` type.
The context within which to perform actions.


Optional Fields
~~~~~~~~~~~~~~~
Expand Down Expand Up @@ -73,6 +69,9 @@ For **flag based filters**
- A date in ``YYYY-MM-DD`` format.

Keys rotate only for objects created prior to the date.
* - ``context:``
- Only for use with the ``sse-kms`` type.
The context within which to perform actions.
* - ``tags:``
- Rotate keys only for objects with tags that match the specified ``key:`` and ``value:``.
* - ``metadata:``
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -110,8 +110,8 @@ Procedure

This procedure requires repeating steps for each MinIO deployment participating in the multi-site replication configuration. Depending on the number of deployments, this procedure may require significant time and care in implementation. MinIO recommends reading through the procedure *before* attempting to implement the documented steps.

- :ref:`Configure Multi-Site Bucket Replication Using the Command Line <minio-bucket-replication-multi-site-minio-cli-procedure>`
- :ref:`Create Replication Remote Targets <minio-bucket-replication-multi-site-minio-cli-create-remote-targets>`
- Configure Multi-Site Bucket Replication Using the Command Line

- :ref:`Create New Bucket Replication Rules <minio-bucket-replication-multi-site-minio-cli-create-replication-rules>`
- :ref:`Validate the Replication Configuration <minio-bucket-replication-multi-site-minio-cli-verify-replication-config>`

Expand All @@ -129,8 +129,6 @@ This procedure assumes each alias corresponds to a user with the :ref:`necessary
:mc:`mc replicate add` automatically creates the necessary replication targets, removing the need for using the deprecated ``mc admin remote bucket add`` command.
This procedure only documents the procedure as of that release.

.. _minio-bucket-replication-multi-site-minio-cli-create-remote-targets:

.. _minio-bucket-replication-multi-site-minio-cli-create-replication-rules:

1) Create New Bucket Replication Rules
Expand Down
1 change: 0 additions & 1 deletion source/administration/minio-console.rst
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,6 @@ Once logged in to the MinIO Console, users can perform many kinds of tasks.
- :ref:`Manage objects <minio-console-managing-objects>` by browsing existing objects, uploading objects, or modifying bucket settings.
- :ref:`Review or modify identity and security <minio-console-security-access>` with access keys, policies, and Identity Provider settings.
- :ref:`Monitor the health and activities <minio-console-managing-deployment>` with metrics and notifications.
- :ref:`Manage your deployment's license <minio-console-subscription>`

.. toctree::
:titlesonly:
Expand Down
46 changes: 46 additions & 0 deletions source/includes/linux/file-transfer-protocol-not-k8s.rst
Original file line number Diff line number Diff line change
Expand Up @@ -273,6 +273,52 @@ Once the MinIO Server verifies the client's certificate, the user can connect to

sftp -P <SFTP port> <server IP>


Procedure
+++++++++

The following procedure generates two key-value pairs, signs one with the other, then uses the resulting signed key to log in to the SFTP server.

1. Generate a key-value pair for the MinIO Server

.. code-block:: bash
:class: copyable

ssh-keygen -f ./ca_user_key

2. Generate a key-value pair for the user

.. code-block:: bash
:class: copyable

ssh-keygen -f ./minioadmin

Replace ``minioadmin`` with the user accessing the MinIO Server by SFTP.

3. Sign the user key-value pair key with the MinIO Server key-value pair key

.. code-block:: bash
:class: copyable

ssh-keygen -s ca_user_key -I minioadmin -n minioadmin -V +30d -z 1 minioadmin.pub

Move the ``minioadmin.pub`` key to the same directory as ``minioadmin`` key-value pair, such as ``~/.ssh/meaningful-directory``.

4. Start or restart the MinIO Server passing the generated public keys

.. code-block:: bash
:class: copyable

minio server --sftp="address=:8022" --sftp="ssh-private-key=/path/to/ca_user_key" --sftp="trusted-user-ca-key=/path/to/ca_user_key.pub"

5. Connect to the MinIO Server by sftp

.. code-block:: bash
:class: copyable

sftp -i ./minioadmin -oPort=8022 minioadmin@localhost


Require service account or LDAP for authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Expand Down
12 changes: 7 additions & 5 deletions source/operations/network-encryption.rst
Original file line number Diff line number Diff line change
Expand Up @@ -585,7 +585,13 @@ Self-signed, Internal, Private Certificates, and Public CAs with Intermediate Ce

mv myCA.crt /opt/minio/certs/CAs/

For a self-signed certificate, the Certificate Authority is typically the private key used to sign the cert.
.. important::

Do not use or share the private key of the self-signed certificate.
Only the public certificate should be shared or distributed for trust purposes.

For certificates signed by an internal, private, or other non-global Certificate Authority, use the same CA that signed the cert.
A non-global CA must include the full chain of trust from the intermediate certificate to the root.

For certificates signed by an internal, private, or other non-global Certificate Authority, use the same CA that signed the cert.
A non-global CA must include the full chain of trust from the intermediate certificate to the root.
Expand Down Expand Up @@ -621,7 +627,3 @@ Self-signed, Internal, Private Certificates, and Public CAs with Intermediate Ce
:class: copyable

kubectl rollout restart deployments.apps/minio-operator -n minio-operator




11 changes: 4 additions & 7 deletions source/reference/minio-server/settings/storage-class.rst
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,8 @@ Standard Storage Class
.. tab-item:: Configuration Setting
:sync: config

.. include:: /includes/common-mc-admin-config.rst
:start-after: start-minio-settings-no-config-option
:end-before: end-minio-settings-no-config-option
.. mc-conf:: storage_class standard
:delimiter: " "

The :ref:`parity level <minio-ec-parity>` for the deployment.
MinIO shards objects written with the default ``STANDARD`` storage class using this parity value.
Expand Down Expand Up @@ -113,9 +112,8 @@ Reduced Redundancy Storage Class
.. tab-item:: Configuration Setting
:sync: config

.. include:: /includes/common-mc-admin-config.rst
:start-after: start-minio-settings-no-config-option
:end-before: end-minio-settings-no-config-option
.. mc-conf:: storage_class rrs
:delimiter: " "

The :ref:`parity level <minio-ec-parity>` for objects written with the ``REDUCED`` storage class.

Expand All @@ -133,7 +131,6 @@ Defaults to ``EC:0`` for deployments of erasure set size of 1.
Parity Retention Optimization
-----------------------------


.. tab-set::

.. tab-item:: Environment Variable
Expand Down
Loading