github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/docs/bucket/replication/setup_replication.sh

github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/docs/bucket/replication/setup_replication.sh (about)

     1  #!/bin/sh
     2  
     3  # Create buckets with versioning and object locking enabled.
     4  mc mb -l source/bucket
     5  mc mb -l dest/bucket
     6  
     7  #### Create a replication admin on source alias
     8  # create a replication admin user : repladmin
     9  mc admin user add source repladmin repladmin123
    10  
    11  # create a replication policy for repladmin
    12  cat >repladmin-policy-source.json <<EOF
    13  {
    14      "Version": "2012-10-17",
    15      "Statement": [
    16      {
    17          "Action": [
    18              "admin:SetBucketTarget",
    19              "admin:GetBucketTarget"
    20          ],
    21          "Effect": "Allow",
    22          "Sid": ""
    23       }, 
    24       {
    25        "Effect": "Allow",
    26        "Action": [
    27         "s3:GetReplicationConfiguration",
    28         "s3:PutReplicationConfiguration",
    29         "s3:ListBucket",
    30         "s3:ListBucketMultipartUploads",
    31         "s3:GetBucketLocation",
    32         "s3:GetBucketVersioning"
    33        ],
    34        "Resource": [
    35         "arn:aws:s3:::bucket"
    36        ]
    37       }
    38      ]
    39     }
    40  EOF
    41  mc admin policy create source repladmin-policy ./repladmin-policy-source.json
    42  cat ./repladmin-policy-source.json
    43  
    44  #assign this replication policy to repladmin
    45  mc admin policy attach source repladmin-policy --user=repladmin
    46  
    47  ### on dest alias
    48  # Create a replication user : repluser on dest alias
    49  mc admin user add dest repluser repluser123
    50  
    51  # create a replication policy for repluser
    52  # Remove "s3:GetBucketObjectLockConfiguration" if object locking is not enabled, i.e. bucket was not created with `mc mb --with-lock` option
    53  # Remove "s3:ReplicateDelete" if delete marker replication is not required
    54  cat >replpolicy.json <<EOF
    55  {
    56   "Version": "2012-10-17",
    57   "Statement": [
    58    {
    59     "Effect": "Allow",
    60     "Action": [
    61      "s3:GetReplicationConfiguration",
    62      "s3:ListBucket",
    63      "s3:ListBucketMultipartUploads",
    64      "s3:GetBucketLocation",
    65      "s3:GetBucketVersioning",
    66      "s3:GetBucketObjectLockConfiguration"
    67     ],
    68     "Resource": [
    69      "arn:aws:s3:::bucket"
    70     ]
    71    },
    72    {
    73     "Effect": "Allow",
    74     "Action": [
    75      "s3:GetReplicationConfiguration",
    76      "s3:ReplicateTags",
    77      "s3:AbortMultipartUpload",
    78      "s3:GetObject",
    79      "s3:GetObjectVersion",
    80      "s3:GetObjectVersionTagging",
    81      "s3:PutObject",
    82      "s3:DeleteObject",
    83      "s3:ReplicateObject",
    84      "s3:ReplicateDelete"
    85     ],
    86     "Resource": [
    87      "arn:aws:s3:::bucket/*"
    88     ]
    89    }
    90   ]
    91  }
    92  EOF
    93  mc admin policy create dest replpolicy ./replpolicy.json
    94  cat ./replpolicy.json
    95  
    96  # assign this replication policy to repluser
    97  mc admin policy attach dest replpolicy --user=repluser
    98  
    99  # configure replication config to remote bucket at http://localhost:9000
   100  mc replicate add source/bucket --priority 1 --remote-bucket http://repluser:repluser123@localhost:9000/bucket \
   101  	--replicate existing-objects,delete,delete-marker,replica-metadata-sync