Skip to content

Instantly share code, notes, and snippets.

@irishgordo

irishgordo/minio-with-certgen-as-harvester-backup-target.md

Last active August 29, 2023 15:44
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save irishgordo/5c6e872b5c9ec3b6e5fcd6ed4d7bcb4e to your computer and use it in GitHub Desktop.
Save irishgordo/5c6e872b5c9ec3b6e5fcd6ed4d7bcb4e to your computer and use it in GitHub Desktop.
Download ZIP
Rough Guide of: MinIO w/ MinIO's 'certgen' for TLS as S3 Endpoint for Backup Target w/ Harvester v1.1.2
Raw
minio-with-certgen-as-harvester-backup-target.md

MinIO w/ MinIO's certgen, as a S3 backup target for Harvester

MinIO and MinIO's certgen

There are a lot of ways to set up a MinIO Server depending on the need. As a quick example this just demonstrates an ability for MinIO to be running the server as a single executable binary downloaded from MinIO's site, as well as continuing to use MinIO's open source suite with the great little self-signed TLS cert tool called certgen. Then how to leverage both elements with Harvester as an S3 backup target.

General Guide MinIO

  • generally, following MinIO Single Node Single Drive or the other options as well will allow for a highlighted guide in setting up both the /etc/ conf files and the systemd service leveraged to have the binary be managed by systemd as a service
  • additionally, just following the certgen README that can build the simple self-signed cert by the ipv4 address of the node running MinIO then making sure that public.crt & private.key that get generated are somewhere that can be leveraged by the systemd service via the /etc/ conf, something like the MINIO_OPTS could be used to specify a specific certs directory where the public.crt & private.key live if desired/needed with something like:
MINIO_OPTS="--certs-dir /home/minio-user/.minio/certs --console-address :9001"
  • and with MinIO & Harvester, setting a region in the Settings of MinIO, as "Bucket Region" is a required element in Harvester

Connecting MinIO to Harvester:

  • In your MinIO, instance wherever it may be (must be able to communicate within to Harvester), ensuring the public.crt is copied or downloaded:
    • Then within Harvester's dashboard navigating to Settings -> additional-ca clicking the UI element to Edit Setting will allow you to either:
      • input from clipboard the public.crt (NOTE: ensure there are no "traling" newlines)
      • read from the public.crt file
  • In Harvester's dashboard navigating to Settings -> backup-target clicking the UI element to Edit Setting will take you to the form to input all the additional data from the MinIO with the Region, Bucket, Access Key, etc.
  • Once filled out, you can test the connection via the call-to-action/button of "Test connection" to validate the connection outbound to MinIO works
  • And backups should be able to work for VMs on Harvester, always can check backup status both on Harvester & tracing the S3 calls on MinIO's console's Monitoring -> Trace -> Start (w/ S3 selected)

Small Demo Video

use-minio-with-harvester-and-tls.mp4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment