mc replicate add

AIStor automatically creates remote targets based on a given file path or resource location (such as an IP or DNS address). Users defining a remote target no longer need to determine an ARN for the remote bucket.

Syntax

The mc replicate add command creates a new server-side replication rule for a bucket on a AIStor deployment.

The remote bucket must be on a AIStor deployment running the same version of AIStor as the local deployment.

Where mc mirror only synchronizes the current version of an object, mc replicate synchronizes all versions, version information, and metadata for the objects.

The AIStor deployment automatically begins synchronizing new objects to the remote AIStor deployment after creating the rule. You can optionally configure synchronization of existing objects, delete operations, and fully-deleted objects.

Example

The following command adds a new replication rule for the mydata bucket on the myminio AIStor deployment:

mc replicate add                                                     \
   --remote-bucket https://user:secret@minio.mysite.tld:9001/bucket  \
   --replicate "delete,delete-marker,existing-objects"               \
   myminio/mydata

The replication rule synchronizes versioned delete operations, delete markers, and existing objects to the remote AIStor deployment.

Syntax

The command has the following syntax:

mc [GLOBALFLAGS] replicate add                     \
                 --remote-bucket string            \
                 [--bandwidth "string"]            \
                 [--disable]                       \
                 [--disable-proxy]                 \
                 [--edge]                          \
                 [--edge-sync-before-expiry]       \
                 [--healthcheck-seconds integer]   \
                 [--id "string"]                   \
                 [--limit-upload "string"]         \
                 [--limit-download "string"]       \
                 [--path "string"]                 \
                 [--priority int]                  \
                 [--region "string"]               \
                 [--replicate "string"]            \
                 [--storage-class "string"]        \
                 [--sync]                          \
                 [--tags "string"]                 \
                 ALIAS

Brackets [] indicate optional parameters.
Parameters sharing a line are mutually dependent.
Parameters separated using the pipe | operator are mutually exclusive.

Copy the example to a text editor and modify as-needed before running the command in the terminal/shell.

Parameters

ALIAS

Required

The alias of the AIStor deployment and full path to the bucket or bucket prefix on which to create the replication rule. For example:

mc replicate add --remote-bucket https://user:secret@myminio.cloudprovider.tld:9001/bucket play/mybucket

--remote-bucket

Required The --remote-bucket supports specifying

Specify either

An existing alias or
The credentials, destination deployment hostname, and bucket of the remote location.

When providing a manually constructed host-string, use a format similar to the following:

https://user:secret@myminio.cloudprovider.tld:9001/bucket

--bandwidth

Optional

Limit bandwidth rates to no more than the specified rate in KiB/s, MiB/s, or GiB/s. Valid units include:

B for bytes
K for kilobytes
G for gigabytes
T for terabytes
Ki for kibibytes
Gi for gibibytes
Ti for tebibytes

For example, to limit bandwidth rates to no more than 1 GiB/s, use the following:

--limit-upload 1Gi

If not specified, AIStor does not limit the bandwidth rate.

--disable

Optional

Creates the replication rule in the “disabled” state. AIStor does not begin replicating objects using the rule until it is enabled using mc replicate update.

Objects created while replication is disabled are not immediately eligible for replication after enabling the rule. You must explicitly enable replication of existing objects by including "existing-objects" to the list of replication features specified to mc replicate update --replicate. See Replication of existing objects for more information.

--disable-proxy

Optional

When defining active-active replication between buckets, do not proxy.

By default, AIStor proxies.

--edge

Optional

Define the cluster of this rule as a cluster from the edge. Objects replicate to the target bucket with a status of REPLICA-EDGE, allowing them to further replicate from the target destination to additional replication destinations.

Exercise caution when using the --edge flag to avoid creating replication loops back to the source cluster.

If not set, edge function is disabled for the bucket on this cluster. Objects replicate to the target with a status of REPLICA and do not further replicate from the target to any of that deployment’s replication targets.

--edge-sync-before-expiry

Optional

Prevent ILM expiration rules from deleting objects until after they have replicated to the target destination.

If not set, edge-sync-before-expiry is disabled.

--healthcheck-seconds

Optional

The length of time in seconds between checks on the health of the remote bucket.

If not specified, AIStor uses an interval of 60 seconds.

--id

Optional

Specify a unique ID for the replication rule. AIStor automatically generates an ID if one is not specified.

--limit-download

Optional

Limit download rates to no more than a specified rate in KiB/s, MiB/s, or GiB/s. Valid units include:

B for bytes
K for kilobytes
G for gigabytes
T for terabytes
Ki for kibibytes
Gi for gibibytes
Ti for tebibytes

For example, to limit download rates to no more than 1 GiB/s, use the following:

--limit-download 1G

If not specified, AIStor uses an unlimited download rate.

--limit-upload

Optional

Limit upload rates to no more than the specified rate in KiB/s, MiB/s, or GiB/s. Valid units include:

B for bytes
K for kilobytes
G for gigabytes
T for terabytes
Ki for kibibytes
Gi for gibibytes
Ti for tebibytes

For example, to limit upload rates to no more than 1 GiB/s, use the following:

--limit-upload 1G

If not specified, AIStor uses an unlimited upload rate.

--path

Optional

Enable path-style lookup support for the remote bucket.

Valid values include:

on - use a path lookup to find the remote bucket
off - use a resource locator style (such as a domain or IP address) lookup to find the remote bucket
auto - ask AIStor to identify the correct type of lookup to use to find the remote bucket

When not defined, AIStor uses the auto value.

--priority

Optional

Specify the integer priority of the replication rule. The value must be unique among all other rules on the source bucket. Higher values imply a higher priority than all other rules.

The default value is 0.

--region

Optional

The region of the destination bucket to replicate contents to.

--replicate

Optional

Specify a comma-separated list of the following values to enable extended replication features.

delete - Directs AIStor to replicate DELETE operations to the destination bucket.
delete-marker - Directs AIStor to replicate delete markers to the destination bucket.
existing-objects - Directs AIStor to replicate objects created before replication was enabled or while replication was suspended.
metadata-sync - Directs AIStor to replicate metadata for each object. For active-active replication situations only.

Omitting this value directs AIStor to stop replicating metadata-only changes back to the source.

If not specified, AIStor syncs all options.

--storage-class

Optional

Specify the AIStor storage class to apply to replicated objects.

--sync

Optional

Enable synchronous replication for this remote target.

By default, AIStor uses asynchronous replication.

--tags

Optional

Specify one or more ampersand & separated key-value pair tags which AIStor uses for filtering objects to replicate. For example:

mc replicate add --tags "TAG1=VALUE&TAG2=VALUE&TAG3=VALUE" ALIAS

AIStor applies the replication rule to any object whose tag set contains the specified replication tags.

Global Flags

This command supports any of the global flags.

Examples

Configure Bucket Replication

The following mc replicate add command creates a replication configuration that synchronizes all new objects, existing objects, delete operations, and delete markers to the remote target:

mc replicate add myminio/mybucket \
   --remote-bucket https://user:secret@minio.mysite.tld/remotebucket \
   --replicate "delete,delete-marker,existing-objects"

Replace myminio/mybucket with the ALIAS and full bucket path for which to create the replication configuration.
Replace the --remote-bucket value with the URL or path of the remote target. If using a file path format location, use the --path on option.
The --replicate flag directs AIStor to replicate all delete operations, delete markers, and existing objects to the remote. See Replication of Delete Operations and Replication of existing objects for more information on replication behavior.

Configure Bucket Replication for Historical Data Record

The following mc replicate add command creates a new bucket replication configuration that synchronizes all new and existing objects to the remote target:

mc replicate add myminio/mybucket \
   --remote-bucket https://user:secret@minio.mysite.tld/remotebucket \
   --replicate "existing-objects"

Replace myminio/mybucket with the ALIAS and full bucket path for which to create the replication configuration.
Replace the --remote-bucket value with the location of the remote target. If using a file path format location, use the --path on option.
The --replicate flag directs AIStor to replicate all existing objects to the remote. See Replication of existing objects for more information on replication behavior.

The resulting remote copy represents a historical record of objects on the remote, where delete operations on the source have no effect on the remote copy.

Behavior

Server-Side Replication Requires AIStor Source and Destination

AIStor server-side replication only works between AIStor deployments. Both the source and destination deployments must run AIStor.

To configure replication between arbitrary S3-compatible services, use mc mirror.

Enable Versioning on Source and Destination Buckets

AIStor relies on the immutability protections provided by versioning to synchronize objects between the source and replication target.

Use the mc version enable command to enable versioning on both the source and destination bucket before starting this procedure:

mc version enable ALIAS/PATH

Replace the ALIAS and PATH with the alias of the AIStor deployment and the path to the bucket on which to enable versioning.

Required Permissions

AIStor strongly recommends creating users specifically for supporting bucket replication operations. See mc admin user and mc admin policy for more complete documentation on adding users and policies to a AIStor deployment.

Replication Admin

The following policy provides permissions for configuring and enabling replication on a deployment.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "admin:SetBucketTarget",
                "admin:GetBucketTarget"
            ],
            "Effect": "Allow",
            "Sid": "EnableRemoteBucketConfiguration"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetReplicationConfiguration",
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads",
                "s3:GetBucketLocation",
                "s3:GetBucketVersioning",
                "s3:GetObjectRetention",
                "s3:GetObjectLegalHold",
                "s3:PutReplicationConfiguration"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ],
            "Sid": "EnableReplicationRuleConfiguration"
        }
    ]
}

The "EnableRemoteBucketConfiguration" statement grants permission for creating a remote target for supporting replication.
The "EnableReplicationRuleConfiguration" statement grants permission for creating replication rules on a bucket. The "arn:aws:s3:::* resource applies the replication permissions to any bucket on the source deployment. You can restrict the user policy to specific buckets as-needed.

Use the mc admin policy create to add this policy to each deployment acting as a replication source. Use mc admin user add to create a user on the deployment and mc admin policy attach to associate the policy to that new user.

Replication Remote User

The following policy provides permissions for enabling synchronization of replicated data into the deployment.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetReplicationConfiguration",
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads",
                "s3:GetBucketLocation",
                "s3:GetBucketVersioning",
                "s3:GetBucketObjectLockConfiguration",
                "s3:GetEncryptionConfiguration"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ],
            "Sid": "EnableReplicationOnBucket"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetReplicationConfiguration",
                "s3:ReplicateTags",
                "s3:AbortMultipartUpload",
                "s3:GetObject",
                "s3:GetObjectVersion",
                "s3:GetObjectVersionTagging",
                "s3:PutObject",
                "s3:PutObjectRetention",
                "s3:PutBucketObjectLockConfiguration",
                "s3:PutObjectLegalHold",
                "s3:DeleteObject",
                "s3:ReplicateObject",
                "s3:ReplicateDelete"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ],
            "Sid": "EnableReplicatingDataIntoBucket"
        }
    ]
}

The "EnableReplicationOnBucket" statement grants permission for a remote target to retrieve bucket-level configuration for supporting replication operations on all buckets in the AIStor deployment. To restrict the policy to specific buckets, specify those buckets as an element in the Resource array similar to "arn:aws:s3:::bucketName".
The "EnableReplicatingDataIntoBucket" statement grants permission for a remote target to synchronize data into any bucket in the AIStor deployment. To restrict the policy to specific buckets, specify those buckets as an element in the Resource array similar to "arn:aws:s3:::bucketName/*".

Use the mc admin policy create to add this policy to each deployment acting as a replication target. Use mc admin user add to create a user on the deployment and mc admin policy attach to associate the policy to that new user.

Replication of Existing Objects

AIStor supports automatically replicating existing objects in a bucket. AIStor existing object replication implements functionality similar to AWS Replicating existing objects between S3 buckets without the overhead of contacting technical support.

To enable replication of existing objects when creating a new replication rule, include "existing-objects" to the list of replication features specified to mc replicate add --replicate.
To enable replication of existing objects for an existing replication rule, add "existing-objects" to the list of existing replication features using mc replicate add --replicate. You must specify all desired replication features when editing the replication rule.

See Replication of existing objects for more complete documentation on this behavior.

Synchronization of Metadata Changes

AIStor supports two-way active-active replication configurations, where AIStor synchronizes new and modified objects between a bucket on two AIStor deployments. Starting with mc RELEASE.2021-05-18T03-39-44Z, AIStor by default synchronizes metadata-only changes to a replicated object back to the “source” deployment. Prior to the this update, AIStor did not support synchronizing metadata-only changes to a replicated object.

With metadata synchronization enabled, AIStor resets the object replication status to indicate replication eligibility. Specifically, when an application performs a metadata-only update to an object with the REPLICA status, AIStor marks the object as PENDING and eligible for replication.

To disable metadata synchronization, use the mc replicate update --replicate command and omit replica-metadata-sync from the replication feature list.

Replication of Delete Operations

AIStor supports replicating delete operations onto the target bucket. Specifically, AIStor can replicate both Delete Markers and the deletion of specific versioned objects:

For delete operations on an object, AIStor replication also creates the delete marker on the target bucket.
For delete operations on versions of an object, AIStor replication also deletes those versions on the target bucket.

AIStor does not replicate objects deleted due to lifecycle management expiration rules. AIStor only replicates explicit client-driven delete operations.

AIStor requires explicitly enabling replication of delete operations using the mc replicate add --replicate flag. This procedure includes the required flags for enabling replication of delete operations and delete markers. See Replication of Delete Operations for more complete documentation on this behavior.

Replication of Encrypted Objects

AIStor supports replicating objects encrypted with automatic Server-Side Encryption (SSE-S3). Both the source and destination buckets must have automatic SSE-S3 enabled for AIStor to replicate an encrypted object.

As part of the replication process, AIStor decrypts the object on the source bucket and transmits the unencrypted object. The destination AIStor deployment then re-encrypts the object using the destination bucket SSE-S3 configuration. AIStor strongly recommends enabling TLS on both source and destination deployments to ensure the safety of objects during transmission.

AIStor does not support replicating client-side encrypted objects (SSE-C).

S3 Compatibility

The mc commandline tool is built for compatibility with the AWS S3 API and is tested with AIStor and AWS S3 for expected functionality and behavior.

AIStor provides no guarantees for other S3-compatible services, As their S3 API implementation is unknown and therefore unsupported.

While mc commands may work as documented, any such usage is at your own risk.