TrueNAS AppsTrueNAS Apps: Tutorials
Application maintenance is independent from TrueNAS version release cycles.
App versions, features, options, and installation behavior at time of access might vary from documented tutorials and UI reference.

MinIO Enterprise

TrueNAS Enterprise

TrueNAS Enterprise-licensed systems do not have applications available by default. To enable applications as part of the Enterprise license, consult with the TrueNAS Support team.

Only install qualified applications from the Enterprise applications train with the assistance of TrueNAS Support.

Contacting Support

Customers who purchase TrueNAS hardware or that want additional support must have a support contract to use TrueNAS Support Services. The TrueNAS Community forums provides free support for users without a TrueNAS Support contract.

TrueNAS Customer Support
Support Portalhttps://support.ixsystems.com
Emailsupport@ixsystems.com
Telephone and Other Resourceshttps://www.ixsystems.com/support/

This article applies to the TrueNAS MinIO application in the enterprise train. This smaller version of MinIO is tested and polished for a safe and supportable experience for TrueNAS Enterprise customers. The enterprise MinIO application is tested and verified as an immutable target for Veeam Backup and Replication.

Before You Begin

To install the MinIO enterprise train app, do the following:

  • Acquire and apply the Enterprise VM & Apps license to the Enterprise system.

  • Set a pool for applications to use if not already assigned.

    You can use either an existing pool or create a new one. TrueNAS creates the ix-apps (hidden) dataset in the pool set as the application pool. This dataset is internally managed, so you cannot use this as the parent when you create required application datasets.

    After setting the pool, the Installed Applications screen displays Apps Service Running on the top screen banner.

  • Locate the run-as user for the app.

    Take note of the run-as user for the app, shown on the app information screen in the Run As Context widget and in the Application Metadata widget on the Installed applications screen after the app fully deploys. The run-as user(s) get added to the ACL permissions for each dataset used as a host path storage volume.

  • (Optional) Create a new TrueNAS user account to manage this application. When creating a new user account to manage this application or using an existing TrueNAS administrator account, enable sudo permissions for that TrueNAS user account, select Create New Primary Group, and add the appropriate group in the Auxiliary Group for the type of user you want to create. Make note of the UID for the new user to add in the installation wizard.

    Add the user ID to the dataset ACL permissions when setting up app storage volumes in the Install app wizard.

  • Create a self-signed certificate for the app (if required).

The Certificates setting is optional for a basic app configuration but is required when setting up multi-mode configurations, and when using MinIO as an S3 storage object target for Veeam Backup and Replication Immutability

  • (Optional) Create datasets for the storage volumes for the app.

    Do not create encrypted datasets for apps if not required! Using an encrypted dataset can result in undesired behaviors after upgrading TrueNAS when pools and datasets are locked. When datasets for the containers are locked, the container does not mount, and the apps do not start. To resolve issues, unlock the dataset(s) by entering the passphrase/key to allow datasets to mount and apps to start.

    You can create required datasets before or after launching the installation wizard. The install wizard includes the Create Dataset option for host path storage volumes, but if you are organizing required datasets under a parent you must create that dataset before launching the app installation wizard.

    Go to Datasets and select the pool or dataset where you want to place the dataset(s) for the app. For example, /tank/apps/appName.

Create the dataset(s) before beginning the app installation process. MinIO enterprise train app requires one dataset, data. The default mount path is /data1.

Follow the instructions below in Creating Datasets for Apps to correctly create the dataset(s). You can organize the app dataset(s) under a parent dataset to separate them from datasets for other applications. For example, create a minio parent dataset with each dataset nested under it. If you organize the MinIO app required dataset(s) under a parent dataset, set up the required ACL permissions for the parent dataset before using the app installation wizard to avoid receiving installation wizard errors. Use the Enable ACL option in the Install MinIO wizard to configure permissions for the data dataset.

Creating Datasets for Apps

When creating datasets for apps follow these steps:

  1. Go to Datasets, select the location for the parent dataset if organizing required datasets under a parent dataset, then click Add Dataset. For example, select the root dataset of the pool, and click Add Dataset to create a new parent called apps or appName*, where appName is the name of the app.

    Do not create the app datasets under the ix-applications or ix-apps dataset.

  2. Enter the name of the dataset, then select Apps as the Dataset Preset. Creating the parent dataset with the preset set to Generic causes permissions issues when you try to create the datasets the app requires with the preset set to Apps.

  3. Click Save. Return to dataset creation when prompted rather than configuring ACL permissions.

    You can set up permissions (ACLs) for a dataset after adding it by selecting Go to ACL Manager to open the Edit ACL screen, or wait and use the app Install wizard ACL settings to add permissions. You can also edit permissions after installing the app using either method.

  4. Select the parent dataset and then click Create Dataset to open the Add Dataset screen again.

  5. Enter the name of a dataset required for the app, such as config, select Apps as the Dataset Preset, and then click Save. When prompted, return to creating datasets rather than setting up ACL permissions.

  6. Repeat for remaining datasets required for the app.

Configuring Parent Dataset Permissions

Select the parent dataset row on the Datasets screen tree table, scroll down to the Permissions widget, and click Edit to open the Edit ACL screen. Set the @owner and @group to admin or the name of your TrueNAS administration user account, and click Apply Owner and Apply Group.

Next, click Add Item to add an ACE entry for the MinIO run as user, 568. You might need to add another user, such as www-data if you receive an error message when installing the app. The error message shows the user name to add. Give both users full permissions.

See Setting Up Permissions and Edit ACL Screen for more information.

Installing the MinIO Application

This basic procedure covers the required MinIO app settings. For optional settings, see Understanding App Installation Wizard Settings.

You can have multiple deployments of the same app (for example, two or more from the stable or enterprise trains, or a combination of the stable and enterprise trains).

Naming Multiple App Deployments

Each deployment of the same app requires a unique name. App names can include numbers, dashes, or underscores (for example, syncthing2, syncthing-test, syncthing_1, minio2, etc.).

Use a consistent file-naming convention to avoid conflict situations where data does not or cannot synchronize because of file name conflicts. Path and file names in apps are case-sensitive. For example, a file named MyData.txt is not the same as the mydata.txt file in Syncthing.

Go to Apps, click on Discover Apps, and locate the app widget by either scrolling down to it or begin typing the name into the search field. For example, to locate the MinIO app widget, begin typing minIO into the search field to show app widgets matching the search input.

If this is the first application installed, TrueNAS displays a dialog about configuring apps.

Configuring Apps Dialog

Click Confirm then Agree to close the dialog and open the application details screen.

If not the first time installing apps the dialog does not show, click on the widget to open the app information screen.

Click Install to open the app installation wizard.

Application configuration settings are grouped into several sections, each explained below in Understanding App Installation Wizard Settings. To find specific fields begin typing in the Search Input Fields search field to show the section or field, scroll down to a particular section, or click on the section heading in the list of sections on the upper-right of the wizard screen.

Install MinIO Enterprise Screen
Figure 5: Install MinIO Enterprise Screen

Accept the default value or enter a name in Application Name field. In most cases use the default name, but if adding a second deployment of the application you must change this name.

Accept the default version number in Version. When a new version becomes available, the application shows an update badge and the Application Info widget on the Installed applications screen shows the Update button.

Enter credentials to use as the MinIO administration user. If you have existing MinIO credentials, enter these or create new login credentials for the first time you log into MinIO. Enter a name for the MinIO administrator user in MinIO Root User, which is the equivalent of the MinIO access key. A username for the root user (MinIO access key), entered in MinIO Root User, is limited to five to 20 characters long. For example admin or admin1.

Enter the administration user password in MinIO Root Password, which is the login password for that user or the MinIO secret key. The root user password (MinIO secret key), entered in MinIO Root Password, is limited to eight to 40 random characters. For example, MySecr3tPa$$w0d4Min10.

Select Anonymous to hide sensitive information from logging, or Quiet to disable startup information.

To configure a multi-mode deployment, select Enabled. MinIO recommends using MNMD for enterprise-grade performance and scalability.

If setting up a cluster configuration, see Multi-Mode Configuration below for more information on these settings.

Some TrueNAS apps have predefined run-as user and group IDs. These assignments vary based on the app train and other variables such as installing but not running as the root user.

Default user and group IDs are:

  • 473 for the MinIO stable train app.
  • 568 (apps user), used in some community apps and all apps in the enterprise train
  • 999 (netdata user), used for all postgres storage volumes
  • 0 (root user).

Accept the default user and group ID in the User and Group Configuration section or enter the user ID for a new TrueNAS user created to serve as the administrator for this app.

Create any app administrator user before installing the application, and take note of the UID. Enter this user ID when configuring the user for the app and as the user when setting up storage volume permissions.

Scroll down to or click Network Configuration on the list of sections at the right of the screen.

Accept the default port numbers in API Port and Console Port (Web UI), which are the port numbers MinIO uses to communicate with the app and web portal.

Enter the TrueNAS server IP address and the API port number 30000 as a URL in MinIO Server URL (API). For example, http://ipaddress:30000. Use https:// only if your system is configured to use https to log into the system, or if you are configuring MinIO in a cluster.

Enter the TrueNAS server IP address and the web UI browser redirect port number 30001 as a URL in MinIO Browser Redirect URL. For example, http://ipaddress:30001.

MNMD MinIO installations require HTTPS for both Server URL and Console URL to verify the integrity of each node. Standard or SNMD MinIO installations do not require HTTPS.
If you fail to enter the port number you might not be able to connect to the application!

All TrueNAS apps are assigned default port numbers. Accept the default port numbers, but if changing port number assignments, enter a number within the range 1-65535, however, 0-1024 might require the application to have elevated privileges. Before changing default ports, refer to the TrueNAS default port list for a list of assigned and available port numbers.

Select the certificate created for MinIO from the Certificates dropdown list.

If using MinIO for Veeam Immutability S3 object storage, add the certificate.

Scroll down to or click on Storage Configuration on the list of wizard sections.

Scroll down to or click on Storage Configuration on the list of wizard sections.

Leave Type set to the default ixVolume for the /export mount point. A host path dataset is not required for this storage volume.

MinIO Enterprise Storage Configuration Settings
Figure 9: MinIO Enterprise Storage Configuration Settings

Set Type to Host Path (Path that already exists on the system) which is the recommended option for MinIO. Mount Path populates with the default /data1. Click Enable ACL. Enter or browse to select the data1 dataset and populate Host Path. Click Add to the right of Add Entries, then select Entry is for a USER in ID Type, enter the run as user ID in ID, and give it full control permissions.

Select Force Flag to allow upgrading the app. This allows writing to the dataset when there is existing data.

Accept the default values in Resources Configuration. See Resources Configuration below for more information on customizing the CPU and memory allocated to the container (pod) the Minio app uses.

Click Install to complete the installation.

The Installed applications screen opens showing the MinIO application in the Deploying state, then changes to Running when the application is ready to use.

Click Web Portal to open the MinIO sign-in screen.

Understanding App Installation Wizard Settings

The following section provides more detailed explanations of the settings in each section of the Install installation wizard.

Application Name Settings

Accept the default value or enter a name in Application Name field. In most cases use the default name, but if adding a second deployment of the application you must change this name.

Accept the default version number in Version. When a new version becomes available, the application shows an update badge and the Application Info widget on the Installed applications screen shows the Update button.

MinIO Configuration Settings

MinIO credentials establish the login credentials for the MinIO web portal and the MinIO administration user.

Enter existing MinIO credentials if you already have a MinIO account, or create new login credentials for the first time you log into MinIO. If you are configuring an MNMD cluster, use the same credentials in all four systems in the cluster.

The Root User is the equivalent of the MinIO access key. The Root Password is the login password for that user or the MinIO secret key.

The root user (MinIO access key) username, entered in Root User, is limited to five to 20 characters long. For example admin or admin1.

The root user password (MinIO secret key), entered in Root Password, is limited to eight to 40 random characters. For example, MySecr3tPa$$w0d4Min10.

To configure a multi-mode deployment, select Enabled. MinIO recommends using MNMD for enterprise-grade performance and scalability. See the related MinIO articles listed below for SNMD and MNMD configuration tutorials.

Select Quiet to disable startup information and not show it in the logs.

Select Anonymous to hide sensitive information and not show it in the logs.

(Optional) Click Add to the right of Additional Environment Variables to show the fields to enter the variable. The installation wizard configures all required environment variables, so only use this option to further customize your MinIO deployment. Refer to MinIO documentation for more information on environment variables they allow and use.

Using Multi-Mode Configuration

If creating a multi-disk (SNMD) or MNMD cluster, create four datasets, data1, data2, data3, and data4 on each system (node) in the cluster configuration.

Multi-mode installs the app in either a MinIO Single-Node Multi-Drive (SNMD) or Multi-Node Multi-Drive (MNMD) cluster. MinIO recommends using MNMD for enterprise-grade performance and scalability.

Click Enabled under Multi Mode (SNMD or MNMD) Configuration to enable multi-mode and show the Multi Mode (SNMD or MNMD) and Add options.

For more information see:

Adding Environment Variables

The app wizard is configured with all settings required to deploy the container, but you can add additional settings if you want to further customize the app in TrueNAS.

Click Add to the right of Environmental Variables to show a set of fields to configure the application with additional variables.

You can add environment variables to the app configuration after deploying it. Click Edit on the Application Info widget for the app found on the Installed Application screen to open the edit screen.

User and Group Configuration

Some TrueNAS apps have predefined run-as user and group IDs. These assignments vary based on the app train and other variables such as installing but not running as the root user.

Default user and group IDs are:

  • 473 for the MinIO stable train app.
  • 568 (apps user), used in some community apps and all apps in the enterprise train
  • 999 (netdata user), used for all postgres storage volumes
  • 0 (root user).

Accept the default user and group ID in the User and Group Configuration section or enter the user ID for a new TrueNAS user created to serve as the administrator for this app.

Create any app administrator user before installing the application, and take note of the UID. Enter this user ID when configuring the user for the app and as the user when setting up storage volume permissions.

Network Configuration

Scroll down to or click Network Configuration on the list of sections at the right of the screen.

Accept the default port numbers in API Port and Console Port (Web UI), which are the port numbers MinIO uses to communicate with the app and web portal.

Enter the TrueNAS server IP address and the API port number 30000 as a URL in MinIO Server URL (API). For example, http://ipaddress:30000. Use https:// only if your system is configured to use https to log into the system, or if you are configuring MinIO in a cluster.

Enter the TrueNAS server IP address and the web UI browser redirect port number 30001 as a URL in MinIO Browser Redirect URL. For example, http://ipaddress:30001.

MNMD MinIO installations require HTTPS for both Server URL and Console URL to verify the integrity of each node. Standard or SNMD MinIO installations do not require HTTPS.
If you fail to enter the port number you might not be able to connect to the application!

All TrueNAS apps are assigned default port numbers. Accept the default port numbers, but if changing port number assignments, enter a number within the range 1-65535, however, 0-1024 might require the application to have elevated privileges. Before changing default ports, refer to the TrueNAS default port list for a list of assigned and available port numbers.

Select the certificate created for MinIO from the Certificates dropdown list.

MinIO does not require a certificate for a basic configuration and installation of MinIO Enterprise. If installing and configuring multi-mode SNMD or MNMD you must create a self-signed certificate.

An SNMD configuration can use the same self-signed certificate created for MNMD. An MNMD configuration cannot use the certificate for an SNMD configuration because that certificate only includes the IP address for one system. Create this same self-signed certificate for the MNMD cluster on each system (node) in the cluster!

To use a certificate, best practice is to create the self-signed certificate before you begin using the app installation wizard. If you did not create a certificate before starting the installation wizard you can select the default TrueNAS certificate and edit the app to change the certificate after deploying the application.

Select the certificate created in TrueNAS for the app from the Certificate dropdown list.

Storage Configuration

TrueNAS provides two options for storage volumes: ixVolumes and host paths. The MinIO Enterprise app uses host paths as the storage volume type. Only use ixVolumes for a test deployment of the MinIO app. MinIO uses the default ixVolume for the /export mount path and storage volume by default. Create the data dataset to use as a host path storage volume, and accept the default /data as the mount path for this storage volume.

Set Type to the default ixVolume (Dataset created automatically by the system) to allow TrueNAS to create a storage volume. This storage volume can be found nested under the hidden ix-apps dataset. This is not the recommended storage option except for the /export option.

Set Type to Host Path (Path that already exists on the system) to use the data dataset. The Mount Path field populates with /data as the first storage volume for a basic installation.

To add ACL permissions when setting up the host path, select Enable ACL. Enter or browse to select the data dataset and populate the Host Path field with the path to the dataset.

Click Add to the right of Add Entries, then select Entry is for a USER in ID Type, enter the run as user ID in ID, and give it full control permissions.

Select Force Flag to allow upgrading the app. This allows writing to the dataset when there is existing data.

If configuring either MNMD or SNMD, you must assign all four datasets to each system in the cluster. These datasets represent the disk in the multi-disk configurations.

To add additional datasets as host paths, click Add to the right of Data Directories to show the storage fields. Click Add to the right of Data Directories to add additional datasets created and representing drives for multi-mode configurations. Click Add for each dataset (data1, data2, data3, and data4).

Change the Mount Path to correspond to the dataset path entered or selected in Host Path. Additional mount points are /data2, /data3, or /data4.

Setting Dataset ACL Permissions

You can configure ACL permissions for the required dataset in the Install MinIO wizard, or from the Datasets screen any time after adding the datasets.

Select Enable ACL to show the ACL and ACE Entries options for host path volumes except for postgres storage volumes. Configure ACE entries for each UID and/or GID you recorded from the Run As Context widget in Before You Begin.

Configuring ACE Entries

Enter or browse to select the dataset and populate Host Path.

Next, click Add to the right of ACL Entries to show the permissions settings. Set ID Type to Entry is for a USER or Entry is for a GROUP. If you configured a group in TrueNAS that you want to give access to instead of a single user, set the ID to the group option and enter the GID for that group.

Enter the UID and/or GID for the run as users. The run-as user(s) show on the app details screen in the Run As Content widget, and on the Installed application screen after the app deploys.

If the app shows User and Group Configuration settings, the default UID shows on the screen. If not, choose the run-as user ID found in the Run As Content widget.

Postgres storage volumes have 999 as the default user ID and run-as user.

If you created a new TrueNAS user to serve as the app administration user, add an entry record and enter the UID for this user in addition to the run-as user ID.

When adding the ACL entry for the run-as user, default user, and/or optional TrueNAS app administrator user, set the Access permissions level to FULL CONTROL.

Do not use the Edit ACL option for postgres storage volumes. Select the Automatic Permissions option, which correctly sets permissions for the postgres and parent dataset (if used).

Select Force Flag to apply the ACL even if the path has existing data. This allows you to update the app when an update is available.

Adding ACL Permissions from the Datasets Screen

First, select the dataset row, scroll down to the Permissions widget, and click Edit to open the Edit ACL screen. Change the @owner and @group values from root to the administrative user for your TrueNAS system, and click apply for each. Next, add an ACL entry for the run-as user. For MinIO, the run-as users is 568. Add a user entry for this user. Save the ACL before leaving the screen.

See Setting Up Permissions and Edit ACL Screen for more information.

Resource Configuration

MinIO Enterprise Resource Limits
Figure 18: MinIO Enterprise Resource Limits

Accept the default values in Resources Configuration or enter new CPU and memory values. By default, this application is limited to use no more than 2 CPU cores and 4096 megabytes available memory. The application might use considerably less system resources.

To customize the CPU and memory allocated to the container the app uses, enter new CPU values as a plain integer value (letter suffix is not required). The default is 4096.

Accept the default value (4 Gb) allocated memory or enter a new limit in bytes. Enter a plain integer without the measurement suffix, for example, 129 not 129M or 123MiB.

Contents