» Private Terraform Enterprise Installation (Installer) - Minio Setup Guide
This document provides an overview for setting up Minio for external object storage for HashiCop Private Terraform Enterprise (PTFE).
» Required Reading
- Ensure you are familiar with PTFE's operation and installation requirements, and especially the Operational Mode Decision.
- Familiarize yourself with Minio.
When configured to use external services, PTFE must be connected to a storage service to persist workspace state and other file-based data. Native support exists for Azure Blob Storage, Amazon S3, and services that are API-compatible with Amazon S3. If you are not using Azure or a cloud provider with an S3-compatible service, or you are running PTFE in an environment without a storage service, it may be possible to use Minio instead.
Note: This is not a production-ready configuration: it's intended to guide you to a working configuration that can later be automated and hardened.
This guide will walk through installing Minio in a Docker container alongside PTFE on the same host, with PTFE configured in the "Production - External Services" operational mode. Data will not be persisted outside of an ephemeral Docker volume, Minio will not start on system boot, etc. It is assumed your instance will have access to the Internet and that you will be performing an online install of PTFE.
» System preparation
You also need a PostgreSQL database that meets the requirements, as this is part of the external services operational mode.
» PTFE installation
Begin with an online installation. Once the installation script has finished and you're presented with the following text, move on to the next section:
To continue the installation, visit the following URL in your browser: https://<this_server_address>:8800
» Start Minio
Now you'll start the Minio container, mounting a volume so that you can gain access to the generated config:
docker run \ -d \ --name minio \ -v /run/minio/config:/root/.minio \ minio/minio:latest \ -- \ server /data
Ensure that Minio has started by watching for
/var/run/minio/config/config.json to be written:
while [ ! -e /var/run/minio/config/config.json ]; do sleep 3 done
You now need to collect several pieces of information about your running Minio instance:
- IP address of the running container:
docker inspect minio | jq -r ..NetworkSettings.IPAddress
- Access key:
jq -r .credential.accessKey /var/run/minio/config/config.json
- Secret key:
jq -r .credential.secretKey /var/run/minio/config/config.json
» Create a bucket
Like S3, Minio does not automatically create buckets. Use the AWS CLI to create a bucket named
ptfe that will be used to store data:
export AWS_ACCESS_KEY_ID="<access key from above>" export AWS_SECRET_ACCESS_KEY="<secret key from above>" aws --region us-east-1 --endpoint-url http://<ip address from above>:9000 s3 mb s3://ptfe
» PTFE installation
You may now continue the installation in the browser. When you arrive at the Operational Mode choice in the installer then follow these steps:
- Choose the "Production" installation type
- Choose the "External Services" production type
- Provide the required Database URL for the PostgreSQL configuration
- Choose "S3" for object storage
- Enter the access key and secret access key using the information retrieved from Minio
- Provide the endpoint URL, like:
http://<ip address from above>:9000
- Enter the name of the bucket you created above (
ptfein the example)
us-east-1for the region; this is arbitrary, but must be a valid AWS region
Note: The "Test Authentication" button does not currently work for non-AWS endpoints
- Click "Save"
» Next Steps
- Familiarize yourself with the various storage backends provided by Minio
- Make sure you know how to back up and restore the data written to Minio