github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/docs/site-replication/run-sse-kms-object-replication.sh (about) 1 #!/usr/bin/env bash 2 3 # shellcheck disable=SC2120 4 exit_1() { 5 cleanup 6 7 echo "minio1 ============" 8 cat /tmp/minio1_1.log 9 echo "minio2 ============" 10 cat /tmp/minio2_1.log 11 12 exit 1 13 } 14 15 cleanup() { 16 echo -n "Cleaning up instances of MinIO ..." 17 pkill -9 minio || sudo pkill -9 minio 18 pkill -9 kes || sudo pkill -9 kes 19 rm -rf ${PWD}/keys 20 rm -rf /tmp/minio{1,2} 21 echo "done" 22 } 23 24 cleanup 25 26 export MINIO_CI_CD=1 27 export MINIO_BROWSER=off 28 export MINIO_ROOT_USER="minio" 29 export MINIO_ROOT_PASSWORD="minio123" 30 31 # Create certificates for TLS enabled MinIO 32 echo -n "Setup certs for MinIO instances ..." 33 wget -O certgen https://github.com/minio/certgen/releases/latest/download/certgen-linux-amd64 && chmod +x certgen 34 ./certgen --host localhost 35 mkdir -p ~/.minio/certs 36 mv public.crt ~/.minio/certs || sudo mv public.crt ~/.minio/certs 37 mv private.key ~/.minio/certs || sudo mv private.key ~/.minio/certs 38 echo "done" 39 40 # Start MinIO instances 41 echo -n "Starting MinIO instances ..." 42 CI=on MINIO_KMS_SECRET_KEY=minio-default-key:IyqsU3kMFloCNup4BsZtf/rmfHVcTgznO2F25CkEH1g= MINIO_ROOT_USER=minio MINIO_ROOT_PASSWORD=minio123 minio server --address ":9001" --console-address ":10000" /tmp/minio1/{1...4}/disk{1...4} /tmp/minio1/{5...8}/disk{1...4} >/tmp/minio1_1.log 2>&1 & 43 CI=on MINIO_KMS_SECRET_KEY=minio-default-key:IyqsU3kMFloCNup4BsZtf/rmfHVcTgznO2F25CkEH1g= MINIO_ROOT_USER=minio MINIO_ROOT_PASSWORD=minio123 minio server --address ":9002" --console-address ":11000" /tmp/minio2/{1...4}/disk{1...4} /tmp/minio2/{5...8}/disk{1...4} >/tmp/minio2_1.log 2>&1 & 44 echo "done" 45 46 if [ ! -f ./mc ]; then 47 echo -n "Downloading MinIO client ..." 48 wget -O mc https://dl.min.io/client/mc/release/linux-amd64/mc && 49 chmod +x mc 50 echo "done" 51 fi 52 53 sleep 10 54 55 export MC_HOST_minio1=https://minio:minio123@localhost:9001 56 export MC_HOST_minio2=https://minio:minio123@localhost:9002 57 58 # Prepare data for tests 59 echo -n "Preparing test data ..." 60 mkdir -p /tmp/data 61 echo "Hello from encrypted world" >/tmp/data/encrypted 62 touch /tmp/data/mpartobj 63 shred -s 500M /tmp/data/mpartobj 64 touch /tmp/data/defpartsize 65 shred -s 500M /tmp/data/defpartsize 66 touch /tmp/data/custpartsize 67 shred -s 500M /tmp/data/custpartsize 68 echo "done" 69 70 # Add replication site 71 ./mc admin replicate add minio1 minio2 --insecure 72 # sleep for replication to complete 73 sleep 30 74 75 # Create bucket in source cluster 76 echo "Create bucket in source MinIO instance" 77 ./mc mb minio1/test-bucket --insecure 78 79 # Enable SSE KMS for the bucket 80 ./mc encrypt set sse-kms minio-default-key minio1/test-bucket --insecure 81 82 # Load objects to source site 83 echo "Loading objects to source MinIO instance" 84 ./mc cp /tmp/data/encrypted minio1/test-bucket --insecure 85 ./mc cp /tmp/data/mpartobj minio1/test-bucket --encrypt-key "minio1/test-bucket/mpartobj=iliketobecrazybutnotsomuchreally" --insecure 86 ./mc cp /tmp/data/defpartsize minio1/test-bucket --insecure 87 ./mc put /tmp/data/custpartsize minio1/test-bucket --insecure --part-size 50MiB 88 sleep 120 89 90 # List the objects from source site 91 echo "Objects from source instance" 92 ./mc ls minio1/test-bucket --insecure 93 count1=$(./mc ls minio1/test-bucket/encrypted --insecure | wc -l) 94 if [ "${count1}" -ne 1 ]; then 95 echo "BUG: object minio1/test-bucket/encrypted not found" 96 exit_1 97 fi 98 count2=$(./mc ls minio1/test-bucket/mpartobj --insecure | wc -l) 99 if [ "${count2}" -ne 1 ]; then 100 echo "BUG: object minio1/test-bucket/mpartobj not found" 101 exit_1 102 fi 103 count3=$(./mc ls minio1/test-bucket/defpartsize --insecure | wc -l) 104 if [ "${count3}" -ne 1 ]; then 105 echo "BUG: object minio1/test-bucket/defpartsize not found" 106 exit_1 107 fi 108 count4=$(./mc ls minio1/test-bucket/custpartsize --insecure | wc -l) 109 if [ "${count4}" -ne 1 ]; then 110 echo "BUG: object minio1/test-bucket/custpartsize not found" 111 exit_1 112 fi 113 114 # List the objects from replicated site 115 echo "Objects from replicated instance" 116 ./mc ls minio2/test-bucket --insecure 117 repcount1=$(./mc ls minio2/test-bucket/encrypted --insecure | wc -l) 118 if [ "${repcount1}" -ne 1 ]; then 119 echo "BUG: object test-bucket/encrypted not replicated" 120 exit_1 121 fi 122 repcount2=$(./mc ls minio2/test-bucket/mpartobj --insecure | wc -l) 123 if [ "${repcount2}" -ne 1 ]; then 124 echo "BUG: object test-bucket/mpartobj not replicated" 125 exit_1 126 fi 127 repcount3=$(./mc ls minio2/test-bucket/defpartsize --insecure | wc -l) 128 if [ "${repcount3}" -ne 1 ]; then 129 echo "BUG: object test-bucket/defpartsize not replicated" 130 exit_1 131 fi 132 repcount4=$(./mc ls minio2/test-bucket/custpartsize --insecure | wc -l) 133 if [ "${repcount4}" -ne 1 ]; then 134 echo "BUG: object test-bucket/custpartsize not replicated" 135 exit_1 136 fi 137 138 # Stat the objects from source site 139 echo "Stat minio1/test-bucket/encrypted" 140 ./mc stat minio1/test-bucket/encrypted --insecure --json 141 stat_out1=$(./mc stat minio1/test-bucket/encrypted --insecure --json) 142 src_obj1_algo=$(echo "${stat_out1}" | jq '.metadata."X-Amz-Server-Side-Encryption"') 143 src_obj1_keyid=$(echo "${stat_out1}" | jq '.metadata."X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id"') 144 echo "Stat minio1/test-bucket/defpartsize" 145 ./mc stat minio1/test-bucket/defpartsize --insecure --json 146 stat_out2=$(./mc stat minio1/test-bucket/defpartsize --insecure --json) 147 src_obj2_algo=$(echo "${stat_out2}" | jq '.metadata."X-Amz-Server-Side-Encryption"') 148 src_obj2_keyid=$(echo "${stat_out2}" | jq '.metadata."X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id"') 149 echo "Stat minio1/test-bucket/custpartsize" 150 ./mc stat minio1/test-bucket/custpartsize --insecure --json 151 stat_out3=$(./mc stat minio1/test-bucket/custpartsize --insecure --json) 152 src_obj3_algo=$(echo "${stat_out3}" | jq '.metadata."X-Amz-Server-Side-Encryption"') 153 src_obj3_keyid=$(echo "${stat_out3}" | jq '.metadata."X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id"') 154 echo "Stat minio1/test-bucket/mpartobj" 155 ./mc stat minio1/test-bucket/mpartobj --encrypt-key "minio1/test-bucket/mpartobj=iliketobecrazybutnotsomuchreally" --insecure --json 156 stat_out4=$(./mc stat minio1/test-bucket/mpartobj --encrypt-key "minio1/test-bucket/mpartobj=iliketobecrazybutnotsomuchreally" --insecure --json) 157 src_obj4_etag=$(echo "${stat_out4}" | jq '.etag') 158 src_obj4_size=$(echo "${stat_out4}" | jq '.size') 159 src_obj4_md5=$(echo "${stat_out4}" | jq '.metadata."X-Amz-Server-Side-Encryption-Customer-Key-Md5"') 160 161 # Stat the objects from replicated site 162 echo "Stat minio2/test-bucket/encrypted" 163 ./mc stat minio2/test-bucket/encrypted --insecure --json 164 stat_out1_rep=$(./mc stat minio2/test-bucket/encrypted --insecure --json) 165 rep_obj1_algo=$(echo "${stat_out1_rep}" | jq '.metadata."X-Amz-Server-Side-Encryption"') 166 rep_obj1_keyid=$(echo "${stat_out1_rep}" | jq '.metadata."X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id"') 167 echo "Stat minio2/test-bucket/defpartsize" 168 ./mc stat minio2/test-bucket/defpartsize --insecure --json 169 stat_out2_rep=$(./mc stat minio2/test-bucket/defpartsize --insecure --json) 170 rep_obj2_algo=$(echo "${stat_out2_rep}" | jq '.metadata."X-Amz-Server-Side-Encryption"') 171 rep_obj2_keyid=$(echo "${stat_out2_rep}" | jq '.metadata."X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id"') 172 echo "Stat minio2/test-bucket/custpartsize" 173 ./mc stat minio2/test-bucket/custpartsize --insecure --json 174 stat_out3_rep=$(./mc stat minio2/test-bucket/custpartsize --insecure --json) 175 rep_obj3_algo=$(echo "${stat_out3_rep}" | jq '.metadata."X-Amz-Server-Side-Encryption"') 176 rep_obj3_keyid=$(echo "${stat_out3_rep}" | jq '.metadata."X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id"') 177 echo "Stat minio2/test-bucket/mpartobj" 178 ./mc stat minio2/test-bucket/mpartobj --encrypt-key "minio2/test-bucket/mpartobj=iliketobecrazybutnotsomuchreally" --insecure --json 179 stat_out4_rep=$(./mc stat minio2/test-bucket/mpartobj --encrypt-key "minio2/test-bucket/mpartobj=iliketobecrazybutnotsomuchreally" --insecure --json) 180 rep_obj4_etag=$(echo "${stat_out4}" | jq '.etag') 181 rep_obj4_size=$(echo "${stat_out4}" | jq '.size') 182 rep_obj4_md5=$(echo "${stat_out4}" | jq '.metadata."X-Amz-Server-Side-Encryption-Customer-Key-Md5"') 183 184 # Check the algo and keyId of replicated objects 185 if [ "${rep_obj1_algo}" != "${src_obj1_algo}" ]; then 186 echo "BUG: Algorithm: '${rep_obj1_algo}' of replicated object: 'minio2/test-bucket/encrypted' doesn't match with source value: '${src_obj1_algo}'" 187 exit_1 188 fi 189 if [ "${rep_obj1_keyid}" != "${src_obj1_keyid}" ]; then 190 echo "BUG: KeyId: '${rep_obj1_keyid}' of replicated object: 'minio2/test-bucket/encrypted' doesn't match with source value: '${src_obj1_keyid}'" 191 exit_1 192 fi 193 if [ "${rep_obj2_algo}" != "${src_obj2_algo}" ]; then 194 echo "BUG: Algorithm: '${rep_obj2_algo}' of replicated object: 'minio2/test-bucket/defpartsize' doesn't match with source value: '${src_obj2_algo}'" 195 exit_1 196 fi 197 if [ "${rep_obj2_keyid}" != "${src_obj2_keyid}" ]; then 198 echo "BUG: KeyId: '${rep_obj2_keyid}' of replicated object: 'minio2/test-bucket/defpartsize' doesn't match with source value: '${src_obj2_keyid}'" 199 exit_1 200 fi 201 if [ "${rep_obj3_algo}" != "${src_obj3_algo}" ]; then 202 echo "BUG: Algorithm: '${rep_obj3_algo}' of replicated object: 'minio2/test-bucket/custpartsize' doesn't match with source value: '${src_obj3_algo}'" 203 exit_1 204 fi 205 if [ "${rep_obj3_keyid}" != "${src_obj3_keyid}" ]; then 206 echo "BUG: KeyId: '${rep_obj3_keyid}' of replicated object: 'minio2/test-bucket/custpartsize' doesn't match with source value: '${src_obj3_keyid}'" 207 exit_1 208 fi 209 210 # Check the etag, size and md5 of replicated SSEC object 211 if [ "${rep_obj4_etag}" != "${src_obj4_etag}" ]; then 212 echo "BUG: Etag: '${rep_obj4_etag}' of replicated object: 'minio2/test-bucket/mpartobj' doesn't match with source value: '${src_obj4_etag}'" 213 exit_1 214 fi 215 if [ "${rep_obj4_size}" != "${src_obj4_size}" ]; then 216 echo "BUG: Size: '${rep_obj4_size}' of replicated object: 'minio2/test-bucket/mpartobj' doesn't match with source value: '${src_obj4_size}'" 217 exit_1 218 fi 219 if [ "${src_obj4_md5}" != "${rep_obj4_md5}" ]; then 220 echo "BUG: MD5 checksum of object 'minio2/test-bucket/mpartobj' doesn't match with source. Expected: '${src_obj4_md5}', Found: '${rep_obj4_md5}'" 221 exit_1 222 fi 223 224 # Check content of replicated objects 225 ./mc cat minio2/test-bucket/encrypted --insecure 226 ./mc cat minio2/test-bucket/mpartobj --encrypt-key "minio2/test-bucket/mpartobj=iliketobecrazybutnotsomuchreally" --insecure >/dev/null || exit_1 227 ./mc cat minio2/test-bucket/defpartsize --insecure >/dev/null || exit_1 228 ./mc cat minio2/test-bucket/custpartsize --insecure >/dev/null || exit_1 229 230 cleanup