Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS: documentation: refer to $HOME but it is inexact #1055

Closed
loganmzz opened this issue Oct 31, 2023 · 6 comments · Fixed by #1060
Closed

TLS: documentation: refer to $HOME but it is inexact #1055

loganmzz opened this issue Oct 31, 2023 · 6 comments · Fixed by #1060
Assignees
@ravindk89
Labels
community triage Needs triage and scheduling

Comments

@loganmzz
Copy link

TLS documentation refers to $HOME but if -C is specified it is searched in in this place instead of $HOME:

By default, the MinIO server looks for the TLS keys and certificates for each node in the following directory:

${HOME}/.minio/certs

It would be to refer to a generic or internal parameter name instead.

Expected Behavior

Refer to a generic or internal parameter name instead of ${HOME}

Current Behavior

Refering to ${HOME}

Possible Solution

Steps to Reproduce (for bugs)

https://min.io/docs/minio/linux/operations/network-encryption.html

Context

As log doesn't mention where it tries to lookup certs, it just mentionned not found. Finally found a /etc/default/minio generated by RPM installer for SystemD service, which mentions /etc/minio directory with -C (not found in documentation, but hard to find out such small option)

Regression

No

Your Environment

  • Version used (minio --version): RELEASE.2023-08-29T23-07-35Z (commit-id=07b1281046c8934c47184d1b56c78995ef960f7d)
  • Server setup and configuration:
  • Operating System and version (uname -a): Linux RHEL 8 (4.18.0-477.10.1.el8_8.x86_64)
@loganmzz loganmzz added community triage Needs triage and scheduling labels Oct 31, 2023
@jiuker
Copy link

jiuker commented Oct 31, 2023
edited
Loading

--certs-dir have you tried this params? @loganmzz

@loganmzz
Copy link
Author

--certs-dir have you tried this params? @loganmzz

@jiuker As state in title and description, issue comes from documentation. Not software.

@klauspost klauspost transferred this issue from minio/minio Oct 31, 2023
@ravindk89
Copy link
Collaborator

I'll clarify the section a bit to note the existence of --certs-dir and how to use it.

@ravindk89
Copy link
Collaborator

That said

By default, the MinIO server looks for the TLS keys and certificates for each node in the following directory:

The key word here is "By default". Of course, if you set -c or --certs-dir you are no longer using the default.

Thus the followup graf,

For deployments using minio server --certs-dir to set a custom TLS directory, use that directory instead of the default. Also, if the user running the process does not have a home directory, you must specify a directory with --certs-dir.

I'm going to tab the section out to completely separate the default search path from the custom search path.

@loganmzz
Copy link
Author

loganmzz commented Nov 3, 2023

The key word here is "By default". Of course, if you set -c or --certs-dir you are no longer using the default.

As stated in my initial "post", I haven't found on https://min.io/docs/minio/linux/reference/minio-server/minio-server.html the meaning of short option -C (not -c).

The same link states the short variant for --certs-dir is neither -C or -c but -S (https://min.io/docs/minio/linux/reference/minio-server/minio-server.html#minio.server.-certs-dir):

--certs-dir, -S
Omit to use the default directory paths:

Linux/OSX: ${HOME}/.minio/certs

Windows: %%USERPROFILE%%\.minio\certs.

More, the defaults points directly to certs/ subdir while my -C path doesn't, but certs are looked up inside certs/ subdir. Meaning -C is replacing ${HOME}/.minio and documentation of this option might also reference to some "MINIO_CONFIG_PATH variable" instead:

--config-dir, -C
(also known as Minio config directory, MINIO_CONFIG_DIR) ... blabla ... blabla
Defaults:

Linux/OSX: ${HOME}/.minio

Windows: %%USERPROFILE%%\.minio.

--certs-dir, -S
Omit to use the default directory paths (See MINIO_CONFIG_DIR, --config-dir, -C):

Linux/OSX: ${MINIO_CONFIG_DIR}/certs

Windows: %%MINIO_CONFIG_DIR%%\certs.

Thus the followup graf,

For deployments using minio server --certs-dir to set a custom TLS directory, use that directory instead of the default. Also, if the user running the process does not have a home directory, you must specify a directory with --certs-dir.

Quoted text sounds good but lacks link and a good description of --certs-dir (that was my issue as I never used this params and user home directory exists).

@ravindk89
Copy link
Collaborator

Yeah there are a few things to tidy up here - I should have it all in the linked PR.

@ravindk89 ravindk89 mentioned this issue Nov 3, 2023
Merged
@ravindk89 ravindk89 self-assigned this Nov 3, 2023
ravindk89 added a commit that referenced this issue Nov 16, 2023
@ravindk89 @feorlen @pjuarezd
DOCS-1021: Adding helm information (#1060)
c770ba9 
Closes #1021 
Closes #1055 
Closes #968 
Closes #943 


---------

Co-authored-by: Andrea Longo <feorlen@users.noreply.github.com>
Co-authored-by: Pedro Juarez <pjuarezd@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ravindk89 ravindk89

Labels
community triage Needs triage and scheduling
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

DOCS-1021: Adding helm information minio/docs
3 participants
@loganmzz @jiuker @ravindk89