maxmustermann
/
minio
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update site replication doc (#13377) 

make pre-requisites clear
This commit is contained in:
Aditya Manthramurthy 2021-10-07 15:21:01 -07:00 committed by GitHub
parent 8e417e28d1
commit f81a188ef6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
docs/site-replication/README.md
View File

@ -1,14 +1,26 @@
# Site Replication Guide #
This feature allows multiple independent MinIO sites (or clusters) that are using the same external IDentity Provider (IDP) to be configured as replicas. In this situation the set of replica sites are referred to as peer sites or just peers. This means that:
This feature allows multiple independent MinIO sites (or clusters) that are using the same external IDentity Provider (IDP) to be configured as replicas. In this situation the set of replica sites are referred to as peer sites or just sites. When site-replication is enabled on a set of sites, the following changes are replicated to all other sites:
- when a bucket is created/deleted at a site, it is created/deleted on the other peer sites as well
- each bucket is automatically configured with versioning enabled and to replicate its data on the corresponding bucket in each of the remaining peer sites
- bucket policies, bucket tags, bucket object-lock configuration and bucket encryption settings are also replicated to all other peers
- all IAM policies are replicated to all other peers
- all service accounts belonging to users authenticated via the external IDP are replicated to all other peers
- creation and deletion of buckets and objects
- creation and deletion of all IAM policies
- creation of STS credentials and creation and deletion of service accounts (for users authenticated by the external IDP)
- changes to bucket policies, bucket tags, bucket object-lock configurations (including retention and legal hold configuration) and bucket encryption configuration
This feature is built on top of multi-site bucket replication feature.
The following bucket-scoped items are **not replicated**, and can differ between sites:
- bucket notification configuration
- ILM configuration
This feature is built on top of multi-site bucket replication feature. It enables bucket versioning automatically for all new and existing buckets in the replicated sites.
## Pre-requisites
1. Initially, only **one** of the sites being added for replication may have data. After site-replication is successfully configured, this data is replicated to the other (initially empty) sites. Subsequently, objects may be written to any of the sites, and they will be replicated to all other sites.
2. Only the **LDAP IDP** is currently supported.
3. At present, all sites are **required** to have the same root credentials.
4. At present it is not possible to **add a new site** to an existing set of replicated sites or to **remove a site** from a set of replicated sites.
5. If using [SSE-S3 or SSE-KMS encryption via KMS](https://docs.min.io/docs/minio-kms-quickstart-guide.html "MinIO KMS Guide"), all sites are required to have access to the same KES keys. This can be achieved via a central KES server or multiple KES servers (say one per site) connected to a central KMS server.
## Configuring Site Replication ##
@ -22,8 +34,6 @@ $ mc alias set minio2 https://minio2.example.com:9000 minio2 minio2123
$ mc alias set minio3 https://minio3.example.com:9000 minio3 minio3123
```
NOTE: When configuring site replication, each site except the first one is required to be empty.
2. Add site replication configuration with:
```shell
@ -35,6 +45,3 @@ $ mc admin replicate add minio1 minio2 minio3
```shell
$ mc admin replicate info minio1
```
*NOTE*:
Site replication enables bucket versioning automatically for each bucket: it must not be modified by the cluster operator.