The Deployments service stores Mender artifacts in an S3 compatible object-store. This gives the end-user flexibility in using either their storage proxy based on Minio, the default setup, or 3rd party services such as Amazon S3.
When using an AWS S3 bucket, it is possible to configure the Deployments service to use AWS specific settings, among the others:
The list of the main storage-related settings for the Deployments service, both as environment variables and config file keys, follows:
The AWS region the S3 bucket is located in. For Minio, this value should be
The name of the S3 bucket used to store the artifacts. For Minio, the bucket is automatically created at start-up.
AWS S3 supports two different URI styles:
Buckets created after September 30, 2020, will support only virtual hosted-style requests. Path-style requests will continue to be supported for buckets created on or before this date.
When Minio (or alternative S3 implementations) is in use, path style URI are used.
If set to
true, it enables the S3 Transfer Acceleration for the operations
that support it. The AWS S3 Bucket must have the S3 Transfer Acceleration feature enabled.
The URI to the S3 storage service.
When using AWS S3, set to
https://s3.amazonaws.com for the
us-east-1 region, and
https://s3.region.amazonaws.com for the
other AWS regions. For example, for AWS S3 buckets located in Frankfurt, set to
When using Minio, set to the URI Minio is exposed to the internet. Please note that the domain and protocol used to access the storage service are the same used by the devices to download the artifacts, and the host name is included in the URL presigning algorithm. You can optionally install a CDN in front of your Minio instance, and in this case you can use your CDN URL for this setting.
The credentials to access the S3 storage service.
If you are running Mender on an AWS EC2 instance, you can leave these settings empty if a proper instance profile is attached to the EC2 instance: the service will default to retrieving authentication credentials locally from the AWS IAM role assigned to the EC2 instance. Please refer to the official AWS documentation for further details.
When using Minio, you have to specify the access key ID and the access secret key
MINIO_SECRET_KEY environment variables:
minio: ... environment: MINIO_ACCESS_KEY: "<replace-with-random-string>" MINIO_SECRET_KEY: "<replace-with-another-random-string>"
The Minio service is configured to use the
/export directory as its storage location.
It is possible to define a volume that mounts a local directory into the service
minio: ... volumes: # mount the path `/my/storage/location` as /export directory - /my/storage/location:/export
Alternatively, you can mount a preexisting Docker volume:
minio: ... volumes: # mounts a docker volume named `mender-artifacts` as /export directory - mender-artifacts:/export:rw volumes: # mender-artifacts volume mender-artifacts: # use external volume created manually external: name: mender-artifacts
Minio can be used as Gateway to third-party storage services, optionally caching the data locally. For example, using Minio Gateway, it is possible to store Mender Artifacts on on AWS S3. Older versions supported Azure Blob Storage and Hadoop HDFS. Please refer to the official Minio documentation to configure Minio Gateway.
© 2023 Northern.tech AS