Documentation

Documentation

mc replicate update

Changed in version RELEASE.2022-11-07T23-47-39Z: mc replicate update replaces the mc replicate edit command.

Syntax

The mc replicate update command modifies an existing bucket replication rule.

mc [GLOBALFLAGS] replicate update FLAGS [FLAGS] ARGUMENTS [ARGUMENTS]

The following command modifies an existing replication rule for the mydata bucket on the myminio MinIO deployment:

mc replicate update --id "c76um9h4b0t1ijr36mug"           \
   --replicate "delete,delete-marker,existing-objects"  \
   myminio/mydata

The new replication configuration synchronizes all versioned delete operations, delete marker creation, and existing objects to the remote MinIO deployment.

The command has the following syntax:

mc [GLOBALFLAGS] replicate update              \
                 --id "string"                 \
                 [--remote-bucket "string"]    \
                 [--disable]                   \
                 [--id "string"]               \
                 [--replicate "string"]        \
                 [--state "string"]            \
                 [--storage-class "string"]    \
                 [--tags "string"]             \
                 [--priority int]              \
                 ALIAS
  • Brackets [] indicate optional parameters.

  • Parameters sharing a line are mutually dependent.

  • Parameters seperated using the pipe | operator are mutually exclusive.

Copy the example to a text editor and modify as-needed before running the command in the terminal/shell.

Parameters

ALIAS

Required the alias of the MinIO deployment and full path to the bucket or bucket prefix on which to modify the replication rule. For example:

mc replicate update --id "c75nrap4b0talo3ipthg" [FLAGS]
--id
Required

Specify the unique ID for a configured replication rule. Use the mc replicate ls command to list the replication rules for a bucket.

--priority
Optional

Specify the integer priority of the replication rule. The value must be unique among all other rules on the source bucket. Higher values imply a higher priority than all other rules.

--remote-bucket
Optional

Specify the ARN for the destination deployment and bucket. You can retrieve the ARN using mc admin bucket remote:

--replicate
Optional

Specify a comma-separated list of the following values to enable extended replication features:

  • delete - Directs MinIO to replicate DELETE operations to the destination bucket.

  • delete-marker - Directs MinIO to replicate delete markers to the destination bucket.

  • replica-metadata-sync - Directs MinIO to synchronize metadata-only changes on a replicated object back to the source. This feature only effects two-way active-active replication configurations.

    Omitting this value directs MinIO to stop replicating metadata-only changes back to the source.

  • existing-objects - Directs MinIO to replicate objects created prior to configuring or enabling replication. MinIO by default does not synchronize existing objects to the remote target.

    See Replication of Existing Objects for more information.

--state
Optional

Enables or disables the replication rule. Specify one of the following values:

  • "enable" - Enables the replication rule.

  • "disable" - Disables the replication rule.

Objects created while replication is disabled are not immediately eligible for replication after enabling the rule. You must explicitly enable replication of existing objects by including "existing-objects" to the list of replication features specified to mc replicate update --replicate. See Replication of Existing Objects for more information.

--storage-class
Optional

Specify the MinIO storage class to apply to replicated objects.

--tags
Optional

Specify one or more ampersand & separated key-value pair tags which MinIO uses for filtering objects to replicate. For example:

mc replicate update --id "ID" --tags "TAG1=VALUE&TAG2=VALUE&TAG3=VALUE"

MinIO applies the replication rule to any object whose tag set contains the specified replication tags.

Global Flags

This command supports any of the global flags.

Examples

Modify an Existing Replication Rule

Use mc replicate update to modify an existing replication rule.

mc replicate update ALIAS/PATH \
   --id ID                     \
   [--FLAGS]
  • Replace ALIAS with the alias of the MinIO deployment.

  • Replace PATH with the path to the bucket or bucket prefix on which the rule exists.

  • Replace ID with the unique identifier for the rule to modify. Use mc replicate ls to retrieve the list of replication rules on the bucket and their corresponding identifiers.

Note

Modifying a replication configuration rule does not effect already replicated objects. For example, modifying the --tags filter does not result in the removal of replicated objects which do not meet the filter.

Disable or Enable an Existing Replication Rule

Use mc replicate update with the --state flag to disable or enable a replication rule.

mc replicate update ALIAS/PATH \
   --id ID \
   --state "disabled"|"enabled"
  • Replace ALIAS with the alias of the MinIO deployment.

  • Replace PATH with the path to the bucket or bucket prefix on which the rule exists.

  • Replace ID with the unique identifier for the rule to modify. Use mc replicate ls to retrieve the list of replication rules on the bucket and their corresponding identifiers.

  • Specify either "disabled" or "enabled" to the --state flag to disable or enable the replication rule.

Note

MinIO requires enabling existing object replication to synchronize objects written or removed after disabling a replication rule.

For rules without existing object replication, MinIO synchronizes only those write or delete operations issued while the replication rule is enabled.

Behavior

Required Permissions

MinIO strongly recommends creating users specifically for supporting bucket replication operations. See mc admin user and mc admin policy for more complete documentation on adding users and policies to a MinIO deployment.

The following policy provides permissions for configuring and enabling replication on a deployment.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "admin:SetBucketTarget",
                "admin:GetBucketTarget"
            ],
            "Effect": "Allow",
            "Sid": "EnableRemoteBucketConfiguration"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetReplicationConfiguration",
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads",
                "s3:GetBucketLocation",
                "s3:GetBucketVersioning",
                "s3:GetObjectRetention",
                "s3:GetObjectLegalHold",
                "s3:PutReplicationConfiguration"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ],
            "Sid": "EnableReplicationRuleConfiguration"
        }
    ]
}
  • The "EnableRemoteBucketConfiguration" statement grants permission for creating a remote target for supporting replication.

  • The "EnableReplicationRuleConfiguration" statement grants permission for creating replication rules on a bucket. The "arn:aws:s3:::* resource applies the replication permissions to any bucket on the source deployment. You can restrict the user policy to specific buckets as-needed.

Use the mc admin policy add to add this policy to each deployment acting as a replication source. Use mc admin user add to create a user on the deployment and mc admin policy set to associate the policy to that new user.

The following policy provides permissions for enabling synchronization of replicated data into the deployment.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetReplicationConfiguration",
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads",
                "s3:GetBucketLocation",
                "s3:GetBucketVersioning",
                "s3:GetBucketObjectLockConfiguration",
                "s3:GetEncryptionConfiguration"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ],
            "Sid": "EnableReplicationOnBucket"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetReplicationConfiguration",
                "s3:ReplicateTags",
                "s3:AbortMultipartUpload",
                "s3:GetObject",
                "s3:GetObjectVersion",
                "s3:GetObjectVersionTagging",
                "s3:PutObject",
                "s3:PutObjectRetention",
                "s3:PutBucketObjectLockConfiguration",
                "s3:PutObjectLegalHold",
                "s3:DeleteObject",
                "s3:ReplicateObject",
                "s3:ReplicateDelete"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ],
            "Sid": "EnableReplicatingDataIntoBucket"
        }
    ]
}
  • The "EnableReplicationOnBucket" statement grants permission for a remote target to retrieve bucket-level configuration for supporting replication operations on all buckets in the MinIO deployment. To restrict the policy to specific buckets, specify those buckets as an element in the Resource array similar to "arn:aws:s3:::bucketName".

  • The "EnableReplicatingDataIntoBucket" statement grants permission for a remote target to synchronize data into any bucket in the MinIO deployment. To restrict the policy to specific buckets, specify those buckets as an element in the Resource array similar to "arn:aws:s3:::bucketName/*".

Use the mc admin policy add to add this policy to each deployment acting as a replication target. Use mc admin user add to create a user on the deployment and mc admin policy set to associate the policy to that new user.

S3 Compatibility

The mc commandline tool is built for compatibility with the AWS S3 API and is tested MinIO and AWS S3 for expected functionality and behavior.

MinIO provides no guarantees for other S3-compatible services, as their S3 API implementation is unknown and therefore unsupported. While mc commands may work as documented, any such usage is at your own risk.