mc ilm tier add
The mc ilm tier add
command creates a new remote storage tier to a supported storage services.
See Object Transition for a complete list.
Syntax
Parameters
The command accepts the following arguments:
TIER_TYPE
Required
The Cloud Service Provider storage backend (“Tier”) to which AIStor transitions objects. Specify one of the following supported values:
Tier | Description |
---|---|
minio |
Use a remote AIStor deployment as the storage backend for the new Tier. Requires also specifying the following parameters: - --access-key - --secret-key |
s3 |
Use AWS S3 as the storage backend for the new Tier. Requires also specifying the following parameters: - --access-key - --secret-key |
azure |
Use Blob Storage as the storage backend for the new Tier. Requires also specifying the following parameters: - --account-name - --account-key |
gcs |
Use Cloud Storage as the storage backend for the new Tier. Requires also specifying the following parameter: - --credentials-file |
TARGET
Required
The alias
of a configured AIStor deployment on which the command creates the new remote tier.
You can then create new rules with mc ilm rule add
specifying the new remote tier.
TIER_NAME
Required
The name to associate with the new remote tier. The name must be unique across all configured tiers on the AIStor cluster.
You must specify the tier in all-caps, e.g. WARM_TIER
.
--endpoint
Optional
The URL endpoint for the S3 or AIStor storage.
The URL endpoint must resolve to the provider specified to TIER_TYPE
.
Required for s3
or minio
tier types, optional for azure
.
This option has no effect for any other value of TIER_TYPE
.
--access-key
Optional
The access key for a user on the remote S3
or minio
tier types.
The user must have permission to perform read/write/list/delete operations on the remote bucket or bucket prefix.
Required if TIER_TYPE
is s3
or minio
.
This option has no effect for any other value of TIER_TYPE
.
--secret-key
Optional
The secret key for a user on the remote s3
or minio
tier types.
Required if TIER_TYPE
is s3
or minio
.
This option has no effect for any other value of TIER_TYPE
.
--account-name
Optional
The Storage Account to use as the remote storage resource.
Required if TIER_TYPE
is azure
.
This option has no effect for any other value of TIER_TYPE
.
AIStor does not support changing the storage account name associated to an Azure remote tier. Azure storage backends are tied to the storage account, such that changing this value would change the storage backend and prevent access to any objects transitioned to the original account/backend.
--account-key
Optional
The corresponding shared account key for the --account-name
associated to the remote Azure tier.
The account key must have an assigned Azure policy with the required permissions.
Required if TIER_TYPE
is azure
.
This option has no effect for any other value of TIER_TYPE
.
--credentials-file
Optional
The credential file for a user on the remote Google Cloud Storage tier. The user must have permission to perform read/write/list/delete operations on the remote bucket or bucket prefix.
Required if TIER_TYPE
is gcs
.
This option has no effect for any other value of TIER_TYPE
.
--bucket
Required
The bucket on the remote tier to which AIStor transitions objects.
For azure
remote tiers, this value corresponds to the Container name
--prefix
Optional
The prefix path for the specified --bucket
to which AIStor transitions objects.
Omit this field to transition objects into the bucket root.
--storage-class
Optional
The storage class (“access tier” for Microsoft Azure) AIStor applies to objects transitioned to the remote bucket.
The storage class to apply to objects transitioned by AIStor to the remote bucket. AIStor tiering behavior depends on the remote storage returning objects immediately (milliseconds to seconds) upon request. AIStor therefore cannot support remote storage which requires rehydration, wait periods, or manual intervention.
Select the tab corresponding to the TIER_TYPE
for a list of supported values for each tier:
minio
STANDARD
RecommendedREDUCED
For more information, see Erasure Coding storage class.
s3
STANDARD
STANDARD-IA
ONEZONE-IA
For more information, see Using Amazon S3 storage classes.
gcs
STANDARD
NEARLINE
COLDLINE
For more information, see GCS storage class.
azure
Hot
Cool
For more information, see Hot, cool, and archive access tiers for blob data.
If omitted, objects use the default storage class defined for the remote bucket.
--region
Optional
The S3 backend region for the specified TIER_TYPE
, such as us-west-1
.
This option only applies if TIER_TYPE
is s3
or minio
.
This option has no effect for any other value of TIER_TYPE
.
--use-aws-role
Optional
Use the access permission for the locally configured AWS Role.
This option only applies if TIER_TYPE
is s3
or minio
.
This option has no effect for any other value of TIER_TYPE
.
--aws-role-arn
Optional
The AWS S3 role name to use when transitioning objects.
This option only applies if TIER_TYPE
is s3
and the source is an AIStor pod on Amazon EKS.
--aws-web-identity-file
Optional
Specify the web identity token file to use when transitioning objects.
This option only applies if TIER_TYPE
is s3
and the source is an AIStor pod on Amazon EKS.
--azure-sp-tenant-id
Optional
Tenant ID for the service principal account to use to log in to Azure storage.
This option only applies if TIER_TYPE
is azure
and you log in using a service principal identity.
This option has no effect for any other value of TIER_TYPE
.
--azure-sp-client-id
Optional
Client ID for the service principal account to use to log in to Azure storage.
This option only applies if TIER_TYPE
is azure
and you log in using a service principal identity.
This option has no effect for any other value of TIER_TYPE
.
--azure-sp-client-secret
Optional
The client secret for the service principal account to use to log in to Azure storage.
This option only applies if TIER_TYPE
is azure
and you log in using a service principal identity.
This option has no effect for any other value of TIER_TYPE
.
Global Flags
This command supports any of the global flags.
Examples
Configure a Tier to Transition Objects to an AIStor deployment
The following example creates a new tier on a local deployment that a configured rule can use to transition objects to a separate, remote AIStor deployment.
mc ilm tier add minio myminio WARM-MINIO-TIER --endpoint https://warm-minio.com \
--access-key ACCESSKEY --secret-key SECRETKEY --bucket mybucket --prefix myprefix/
This command creates a new tier called WARM-MINIO-TIER
for a minio
type of remote storage on the myminio
deployment.
- The remote AIStor storage is located at
https://warm-minio.com
. - The command includes credentials for a user with read, write, list, and delete privileges to the bucket and prefix.
- The tier transitions objects to the
mybucket
bucket and themyprefix
prefix on the remote AIStor storage.
Configure a Tier to Transition Objects to an Azure Blob Storage Location
The following example creates a new tier on a local deployment that a configured rule can use to transition objects to Azure Blob Storage.
mc ilm tier add azure myminio AZTIER --account-name ACCOUNT-NAME --account-key ACCOUNT-KEY \
--bucket myazurebucket --prefix myazureprefix/
This command creates a new tier called AZTIER
for an azure
type of remote storage on the myminio
deployment.
- The remote Azure storage is accessed by the provided account name and key.
- The tier transitions objects to the
myazurebucket
bucket and themyazureprefix
prefix on the Azure storage.
Configure a Tier to Transition Objects to Google Cloud Storage
The following example creates a new tier on a local deployment that a configured rule can use to transition objects to Google Cloud Storage.
mc ilm tier add gcs myminio GCSTIER --credentials-file /path/to/credentials.json \
--bucket mygcsbucket --prefix mygcsprefix/
This command creates a new tier called GCSTIER
for a gcs
type of remote storage on the myminio
deployment.
- The remote GCS storage is accessed by the provided credentials file.
- The tier transitions objects to the
mygcsbucket
bucket and themygcsprefix
prefix on the GCS storage.
Configure a Tier to Transition Objects to Amazon Simple Storage Service (S3)
The following example creates a new tier on a local deployment that a configured rule can use to transition objects to a STANDARD storage on S3.
mc ilm tier add s3 myminio S3TIER --endpoint https://s3.amazonaws.com \
--access-key ACCESSKEY --secret-key SECRETKEY --bucket mys3bucket --prefix mys3prefix/ \
--storage-class "STANDARD" --region us-west-2
This command creates a new tier called S3TIER
for a s3
type of remote storage on the myminio
deployment.
- The S3 storage is located at the provided endpoint.
- The remotes S3 storage is accessed by the provided access key and secret key.
- The tier transitions objects to the
mys3bucket
bucket and themys3prefix
prefix on the GCS storage. - The tier utilizes S3
STANDARD
storage class located in theus-west-2
S3 region.
Behavior
Supported S3 Services
mc ilm tier add
supports only the following S3-compatible services as a remote target for object tiering:
- AIStor
- Amazon S3
- Google Cloud Storage
- Azure Blob Storage
TIER_TYPE
.
Permissions
AIStor requires the following administrative permissions on the cluster in which you create remote tiers for object transition lifecycle management rules:
For example, the following policy provides permission for configuring object transition lifecycle management rules on any bucket in the cluster:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"admin:SetTier",
"admin:ListTier"
],
"Effect": "Allow",
"Sid": "EnableRemoteTierManagement"
},
{
"Action": [
"s3:PutLifecycleConfiguration",
"s3:GetLifecycleConfiguration"
],
"Resource": [
"arn:aws:s3:::*"
],
"Effect": "Allow",
"Sid": "EnableLifecycleManagementRules"
}
]
}
S3 Compatibility
The mc
commandline tool is built for compatibility with the AWS S3 API and is tested with AIStor and AWS S3 for expected functionality and behavior.
AIStor provides no guarantees for other S3-compatible services, As their S3 API implementation is unknown and therefore unsupported.
While mc
commands may work as documented, any such usage is at your own risk.