This section documents steps for running AIStor as a container. Procedure Pull the latest stable image of AIStor Server Docker docker pull quay.io/minio/aistor/minio Podman podman pull quay.io/minio/aistor/minio Create a data directory for use with the server The following example uses the path $HOME/minio/data. Change this path to reflect the folder, storage volume, or drive intended for use with the server.

This page explains how to deploy AIStor with KES for Server Side Encryption. For instructions on running KES, see the KES docs. Broadly, the required steps are: Create a new external key (EK) for server-side encryption (SSE). Create or modify an AIStor deployment to support SSE with KES. Configure automatic bucket-default SSE. Enabling SSE on an AIStor deployment automatically encrypts the backend data for that deployment using the default encryption key.

The procedure on this page creates a new object lifecycle management rule that transition objects from an AIStor bucket to a remote storage tier on the storage backend. This procedure supports use cases like moving aged data to low-cost public cloud storage solutions after a certain time period or calendar date. Requirements Install and configure mc This procedure uses mc for performing operations on the AIStor cluster. Install mc on a machine with network access to both source and destination clusters. See the mc Installation Quickstart for instructions on downloading and installing mc.

Site replication configures multiple independent AIStor deployments as a cluster of replicas called peer sites. Site replication assumes the use of either the included AIStor identity provider (IDP) or an external IDP. All configured deployments must use the same IDP. Deployments using an external IDP must use the same configuration across sites. AIStor does not recommend using macOS, Windows, or non-orchestrated containerized deployments for site replication except for early development, evaluation, or general experimentation.

AIStor uses Policy-Based Access Control (PBAC) to define the authorized actions and resources to which an authenticated user has access. Each policy describes one or more actions and conditions that outline the permissions of a user or group of users. AIStor PBAC is built for compatibility with AWS IAM policy syntax, structure, and behavior. This documentation makes a best-effort to cover IAM-specific behavior and functionality. Refer also to the AWS IAM documentation for more information.

The mc cors set command sets the Cross-Origin Resource Sharing (CORS) configuration for a bucket from an XML file. CORS is a browser security mechanism that controls which web domains can access your object storage from client-side JavaScript. When a web application running on one domain attempts to access objects in AIStor from a different domain, the browser checks CORS policies to determine if the request should be allowed. See the Mozilla CORS documentation for more information.

The mc get command retrieves objects from an AIStor deployment or S3-compatible service to a local filesystem. mc get provides a simplified interface for downloading files compared to mc cp or mc mirror. mc get uses a one-way download function that trades efficiency for the power and complexity of the other commands. Syntax Example The following command downloads an object from the myaistor deployment to the local filesystem:

The mc event ls command lists all event notification triggers for a bucket. The alias mc event list has equivalent functionality to mc event ls. Syntax EXAMPLE The following command lists all configured event notifications for the specified bucket notification target for the mydata bucket on the myaistor AIStor deployment:

The mc idp ldap accesskey info outputs information about the specified access key(s). This command works against access keys created by an AD/LDAP user after authenticating to AIStor. Create AD/LDAP service accounts with the mc idp ldap accesskey create command. Authenticated users can manage their own long-term Access Keys using the AIStor Console. AIStor supports using AssumeRoleWithLDAPIdentity to generate temporary access keys using the Security Token Service. Syntax Example The following example outputs details for the access key mykey from the myaistor deployment:

Description The mc idp ldap policy commands show the mapping relationships between policies and the associated groups or users. This command has the following subcommands: Subcommand Description attach Attaches one or more policies to an entity. detach Detaches one or more policies from an entity. entities Displays a list of mappings for a user, group, and/or policy.