AIStor Server

These sections contain reference material for deploying AIStor Server (minio) resources onto Baremetal infrastructure.

AIStor Server uses a binary minio that is a drop-in replacement for the AGPLv3-licensed Community AIStor Server.

The minio server command starts the Server process:

minio server --license /path/to/minio.license /mnt/disk{1...4}

See Installation and Management for a complete guide on installation.

Syntax

The AIStor Server minio process has a single command minio server.

The command has the following syntax:

minio server --license path/to/minio.license [FLAGS] HOSTNAME/DIRECTORIES [HOSTNAME/DIRECTORIES..]

Parameters

The command accepts the following arguments:

HOSTNAME

The hostname of a minio server process.

For standalone deployments, this field is optional. You can start a standalone server process with only the minio server DIRECTORIES argument.

For distributed deployments, specify the hostname of each minio server in the deployment. The group of minio server processes represent a single server pool.

minio server HOSTNAME supports AIStor expansion notation {x...y} to denote a sequential series of hostnames. MinIO requires sequential hostnames to identify each minio server process in the set.

For example, https://minio{1...4}.example.net expands to:

https://minio1.example.net
https://minio2.example.net
https://minio3.example.net
https://minio4.example.net

You must run the minio server command with the same combination of minio server HOSTNAME and minio server DIRECTORIES on each host in the Server Pool.

Each additional HOSTNAME/DIRECTORIES pair denotes an additional Server Set for the purpose of horizontal expansion of the AIStor deployment. For more information on Server Pools, see server pool.

DIRECTORIES

Required

The directories or drives the minio server process uses as the storage backend.

minio server DIRECTORIES supports AIStor expansion notation {x...y} to denote a sequential series of folders or drives. For example, /mnt/disk{1...4} expands to:

/mnt/disk1
/mnt/disk2
/mnt/disk3
/mnt/disk4

The minio server DIRECTORIES path(s) must be empty when first starting the minio process.

The minio server process requires at least 4 drives or directories to enable erasure coding.

AIStor recommends locally-attached drives, where the minio server DIRECTORIES path points to each drive on the host machine. AIStor recommends against using network-attached storage, as network latency reduces performance of those drives compared to locally-attached storage.

For development or evaluation, you can specify multiple logical directories or partitions on a single physical volume to enable erasure coding on the deployment.

For production environments, AIStor does not recommend using multiple logical directories or partitions on a single physical disk. While AIStor supports those configurations, the potential cost savings come at the risk of decreased reliability.

--license

Required

The path to the license file.

You can download the license from SUBNET.

Login to MinIO SUBNET.
Select the License button on the right of the summary box at the top of the screen.
Select the Download button at the bottom of the license pop up window. The license.minio file downloads according to your browser settings.

If you do not specify the license flag and path to a valid license, AIStor Server cannot start.

--address

Optional

Binds the minio server process to a specific network address and port number. Specify the address and port as ADDRESS:PORT, where ADDRESS is an IP address or hostname and PORT is a valid and open port on the host system. AIStor supports both IPv4 and IPv6 addressing, provided that the specified addresses are routable and resolveable.

To change the port number for all IP addresses or hostnames configured on the host machine, specify only :PORT where PORT is a valid and open port on the host.

You can configure your hosts file to have AIStor only listen on specific IPs. For example, if the machine’s /etc/hosts file contains the following:

127.0.1.1       minioip
127.0.1.2       minioip

A command like the following would listen for API calls on port 9000 on both configured IP addresses.

minio server --address "minioip:9000" ...

If omitted, minio binds to port 9000 on all configured IPv4 addresses, IPv6 addresses, and hostnames on the host machine.

--api

Optional

Added with RELEASE.2025-05-01T19-17-09Z.

Sets alternative API protocols for Object Store.

Supported values:

S3 - (Default) Standard Amazon S3 API
S3Express - Amazon S3 Express API protocol

Defaults to S3.

--console-address

Optional

Specifies a static port for the embedded AIStor Console.

Omit to direct AIStor to generate a dynamic port at server startup. The Server outputs the port to the system log.

--ftp

Optional

Enable and configure a File Transfer Protocol (FTP) or File Transfer Protocol over SSL/TLS (FTPS) server. Use this flag multiple times to specify an address port, a passive port range of addresses, or a TLS certificate and key as key-value pairs.

Valid keys:

address, which takes a single port to use for the server, typically 8021
(Optional) passive-port-range, which restricts the range of potential ports the server can use to transfer data, such as when tight firewall rules limit the port the FTP server can request for the connection
(Optional) tls-private-key, which takes the path to the user’s private key for accessing the AIStor deployment by TLS

Use with tls-public-cert.

(Optional) tls-public-cert, which takes the path to the certificate for accessing the AIStor deployment by TLS

Use with tls-private-key.

For AIStor deployments with TLS enabled, omit tls-private-key and tls-public-key to direct AIStor to use the default TLS keys for the AIStor deployment. See Network Encryption (TLS) for more information. You only need to specify a certificate and private key to a different set of TLS certificate and key than the AIStor default (for example, to use a different domain).

For example:

Server http://server{1...4}/disk{1...4} \
--ftp="address=:8021"                         \
--ftp="passive-port-range=30000-40000"        \
--ftp="tls-private-key=path/to/private.key"   \
--ftp="tls-public-cert=path/to/public.crt"    \
...

--sftp

Optional

Enable and configure a SSH File Transfer Protocol (SFTP) server. Use multiple times to specify each desired key-value pair.

The following table lists valid keys.

Key	Description	Valid values
`address`	Port to use for connecting to SFTP.	Any valid port number, typically `8022`.
`ssh-private-key`	Path to the user’s private key file.	Absolute path or relative path from current location to the key file to use.
`trusted-user-ca-key`	Specifies a file containing public key of a certificate authority that is trusted to sign user certificates for authentication. The file must contain a user principals list, and the list must include the user(s) that can authenticate with the key.	Absolute path or relative path from current location to the user’s trusted certificate authority public key file.
`pub-key-algos`	Comma-separated list of the public key algorithms to support.	text ssh-ed25519 sk-ssh-ed25519@openssh.com sk-ecdsa-sha2-nistp256@openssh.com ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 rsa-sha2-256 rsa-sha2-512 ssh-rsa ssh-dss
`kex-algos`	Comma-separated list in priority order of the key-exchange algorithms to support.	text curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1
`cipher-algos`	Comma-separated list of cipher algorithms to support	text aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com chacha20-poly1305@openssh.com arcfour256 arcfour128 arcfour aes128-cbc 3des-cbc
`mac-algos`	Comma-separated list in preference order of MAC algorithms to support. Based on RFC 4253 section 6.4 with the exception of `hmac-md5` variants, which are end of life.	text hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha1 hmac-sha1-96
`disable-password-auth`	Disable password authentication.	`true`

For example:

Server http://server{1...4}/disk{1...4}                                 \
--sftp="address=:8022" --sftp="ssh-private-key=/home/miniouser/.ssh/id_rsa"   \
--sftp="kex-algos=diffie-hellman-group14-sha256,curve25519-sha256@libssh.org" \
...

--certs-dir

Alias: -S

Optional

Specifies the path to the folder containing certificates the minio process uses for configuring TLS/SSL connectivity.

The contents of the specified folder must follow that of the default path structure. For example, the path contents of --certs-dir /etc/minio should resemble the following:

/etc/minio
  private.key
  public.crt
  domain.tld/
    private.key
    public.crt
  CAs/
    full-chain-ca.crt

Omit to use the default directory paths:

Linux/macOS: ${HOME}/.minio/certs
Windows: %%USERPROFILE%%\.minio\certs.

See Network Encryption (TLS) for more information on TLS/SSL connectivity.

--quiet

Optional

Disables startup information.

--anonymous

Optional

Hides sensitive information from logging.

--json

Optional

Outputs server logs and startup information in JSON format.

You can define any of the minio parameters above by setting them in the MINIO_OPTS environment variable. This variable takes as its value a single string that contains any of the above parameters and their values that you want to set when starting the AIStor Server.

Settings

You can perform other customizations to the Server process by defining additional Configuration Values or Environment Variables.

Many configuration values and environment variables define the same value. If you set both a configuration value and the matching environment variable, AIStor uses the value from the environment variable.