From 3d9873106d33e3bd4159c30ea235b7342c83594f Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Mon, 17 May 2021 08:45:22 -0700 Subject: [PATCH] feat: distributed setup can start now with default credentials (#12303) In lieu of new changes coming for server command line, this change is to deprecate strict requirement for distributed setups to provide root credentials. Bonus: remove MINIO_WORM warning from April 2020, it is time to remove this warning. --- cmd/common-main.go | 9 +-------- cmd/config/errors.go | 12 ------------ cmd/server-main.go | 5 ++--- docs/distributed/README.md | 2 +- docs/multi-tenancy/README.md | 2 +- 5 files changed, 5 insertions(+), 25 deletions(-) diff --git a/cmd/common-main.go b/cmd/common-main.go index ee30e1886..1262fcd9e 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -245,14 +245,7 @@ func handleCommonCmdArgs(ctx *cli.Context) { } func handleCommonEnvVars() { - wormEnabled, err := config.LookupWorm() - if err != nil { - logger.Fatal(config.ErrInvalidWormValue(err), "Invalid worm configuration") - } - if wormEnabled { - logger.Fatal(errors.New("WORM is deprecated"), "global MINIO_WORM support is removed, please downgrade your server or migrate to https://github.com/minio/minio/tree/master/docs/retention") - } - + var err error globalBrowserEnabled, err = config.ParseBool(env.Get(config.EnvBrowser, config.EnableOn)) if err != nil { logger.Fatal(config.ErrInvalidBrowserValue(err), "Invalid MINIO_BROWSER value in environment variable") diff --git a/cmd/config/errors.go b/cmd/config/errors.go index a935e5b9b..18a2b0eaa 100644 --- a/cmd/config/errors.go +++ b/cmd/config/errors.go @@ -127,12 +127,6 @@ var ( `Detected encrypted config backend, correct access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD to be able to decrypt the MinIO config, user IAM and policies`, ) - ErrMissingCredentialsBackendEncrypted = newErrFn( - "Credentials missing", - "Please set your credentials in the environment", - `Detected encrypted config backend, access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD to be able to decrypt the MinIO config, user IAM and policies`, - ) - ErrInvalidCredentials = newErrFn( "Invalid credentials", "Please provide correct credentials", @@ -145,12 +139,6 @@ var ( `In Gateway mode, access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`, ) - ErrEnvCredentialsMissingDistributed = newErrFn( - "Credentials missing", - "Please set your credentials in the environment", - `In distributed server mode, access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`, - ) - ErrInvalidErasureEndpoints = newErrFn( "Invalid endpoint(s) in erasure mode", "Please provide correct combination of local/remote paths", diff --git a/cmd/server-main.go b/cmd/server-main.go index c044bef05..b785196c4 100644 --- a/cmd/server-main.go +++ b/cmd/server-main.go @@ -473,8 +473,7 @@ func serverMain(ctx *cli.Context) { } if !globalActiveCred.IsValid() && globalIsDistErasure { - logger.Fatal(config.ErrEnvCredentialsMissingDistributed(nil), - "Unable to initialize the server in distributed mode") + globalActiveCred = auth.DefaultCredentials } // Set system resources to maximum. @@ -570,7 +569,7 @@ func serverMain(ctx *cli.Context) { printStartupMessage(getAPIEndpoints(), err) if globalActiveCred.Equal(auth.DefaultCredentials) { - msg := fmt.Sprintf("Detected default credentials '%s', please change the credentials immediately using 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD'", globalActiveCred) + msg := fmt.Sprintf("Detected default credentials '%s', please change the credentials immediately by setting 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment values", globalActiveCred) logger.StartupMessage(color.RedBold(msg)) } diff --git a/docs/distributed/README.md b/docs/distributed/README.md index 1f94ab740..64a86d729 100644 --- a/docs/distributed/README.md +++ b/docs/distributed/README.md @@ -38,7 +38,7 @@ To start a distributed MinIO instance, you just need to pass drive locations as __NOTE:__ -- All the nodes running distributed MinIO need to have same access key and secret key for the nodes to connect. To achieve this, it is __recommended__ to export access key and secret key as environment variables, `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD`, on all the nodes before executing MinIO server command. +- All the nodes running distributed MinIO should share a common root credentials, for the nodes to connect and trust each other. To achieve this, it is __recommended__ to export root user and root password as environment variables, `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD`, on all the nodes before executing MinIO server command. If not exported, default `minioadmin/minioadmin` credentials shall be used. - __MinIO creates erasure-coding sets of *4* to *16* drives per set. The number of drives you provide in total must be a multiple of one of those numbers.__ - __MinIO chooses the largest EC set size which divides into the total number of drives or total number of nodes given - making sure to keep the uniform distribution i.e each node participates equal number of drives per set__. - __Each object is written to a single EC set, and therefore is spread over no more than 16 drives.__ diff --git a/docs/multi-tenancy/README.md b/docs/multi-tenancy/README.md index ba62a5dfd..e9b31b5a4 100644 --- a/docs/multi-tenancy/README.md +++ b/docs/multi-tenancy/README.md @@ -60,7 +60,7 @@ minio server --address :9003 http://192.168.10.1{1...4}/data/tenant3 ![Example-3](https://github.com/minio/minio/blob/master/docs/screenshots/Example-3.jpg?raw=true) -**Note**: On distributed systems, credentials must be defined and exported using the `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD` environment variables. If a domain is required, it must be specified by defining and exporting the `MINIO_DOMAIN` environment variable. +**Note**: On distributed systems, root credentials are recommend to be defined by exporting the `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD` environment variables. If no value is set MinIO setup will assume `minioadmin/minioadmin` as default credentials. If a domain is required, it must be specified by defining and exporting the `MINIO_DOMAIN` environment variable. ## Cloud Scale Deployment