Skip to content

docs(influxdb3): document object store consistency requirements for MinIO#7442

Merged
reidkaufmann merged 11 commits into
masterfrom
reidk/object-store-consistency-requirements
Jul 2, 2026
Merged

docs(influxdb3): document object store consistency requirements for MinIO#7442
reidkaufmann merged 11 commits into
masterfrom
reidk/object-store-consistency-requirements

Conversation

@reidkaufmann

@reidkaufmann reidkaufmann commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Add an "Object store requirements" section to the shared MinIO setup guide covering the read-after-write consistency, list-after-write consistency, and conditional PUT semantics that the {{% product-name %}} catalog depends on.
  • For Enterprise, add a > [!Warning] block calling out two topologies that violate those semantics and are unsupported for production:
    • MinIO backed by NFS.
    • Multiple independent MinIO instances sharing a single backing volume.
  • For Core, add a lighter > [!Note] recommending locally-attached POSIX storage and pointing at MinIO's own deployment guidance.
  • Document influxdb3 debug object-store-check (introduced in 3.10.0, PR influxdb_pro#3532) as the way to validate a MinIO deployment against the requirements.

Why

Investigating a recent customer incident on Enterprise 3.9.2 surfaced that the customer's MinIO setup — two MinIO instances backed by shared NFS — is exactly the topology MinIO itself warns against, and it is a plausible contributor to catalog-related panics and stale-view startup warnings we observed. Nothing in the public docs currently tells operators what object-store semantics {{% product-name %}} depends on or that certain MinIO topologies violate them.

The object-store-check subcommand was built to diagnose exactly this class of issue but has no public docs reference. This PR is the first public mention.

Reviewer note

Adding @lilic as reviewer since she authored the object-store-check subcommand and can verify the flag usage and requirement wording are accurate.

Test plan

  • Hugo build succeeds (I could not run locally in this environment — please verify in CI)
  • show-in conditional rendering displays the Enterprise warning only on the Enterprise MinIO page and the Core note only on the Core MinIO page
  • Links to MinIO docs resolve
  • Callout syntax (> [!Warning], > [!Note]) renders as intended

…inIO

Add an "Object store requirements" section to the shared MinIO setup guide
covering the read-after-write and conditional PUT semantics the catalog
depends on. For Enterprise, add a firm warning against NFS-backed MinIO
and against multiple independent MinIO instances sharing a single backing
volume. For Core, add a lighter note recommending locally-attached POSIX
storage.

Also document `influxdb3 debug object-store-check` (introduced in 3.10.0)
as the way to validate a MinIO deployment against these requirements.
@reidkaufmann reidkaufmann requested review from Copilot and lilic July 1, 2026 17:15
@reidkaufmann reidkaufmann requested a review from a team as a code owner July 1, 2026 17:15
@reidkaufmann reidkaufmann requested review from jstirnaman and removed request for a team July 1, 2026 17:15
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Vale Style Check Results

Metric Count
Errors 0
Warnings 4
Warnings (4)
File Line Rule Message
content/influxdb3/core/object-storage/minio.md 5 InfluxDataDocs.Branding Use 'the Object store' instead of 'the object store'
content/influxdb3/core/object-storage/minio.md 17 InfluxDataDocs.WordList Use 'administrator' instead of 'admin'.
content/influxdb3/enterprise/admin/object-storage/minio.md 5 InfluxDataDocs.Branding Use 'the Object store' instead of 'the object store'
content/influxdb3/enterprise/admin/object-storage/minio.md 17 InfluxDataDocs.WordList Use 'administrator' instead of 'admin'.

Check passed

@github-actions github-actions Bot added product:shared Shared content across products product:v3-monolith InfluxDB 3 Core and Enterprise (single-node / clusterable) labels Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor
PR Preview Action v1.8.1

QR code for preview link

🚀 View preview at
https://influxdata.github.io/docs-v2/pr-preview/pr-7442/

Built to branch gh-pages at 2026-07-02 16:29 UTC.
Preview will be ready when the GitHub Pages deployment is complete.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the shared InfluxDB 3 MinIO object-storage setup guide to document the object-store consistency and conditional-write semantics that the catalog depends on, and to provide product-specific operational guidance for Core vs Enterprise deployments.

Changes:

  • Adds an “Object store requirements” section describing required read-after-write, list-after-write, and conditional PUT semantics.
  • Adds product-scoped callouts: an Enterprise warning about unsupported MinIO topologies and a Core note with lighter deployment guidance.
  • Documents influxdb3 debug object-store-check (3.10.0+) as a way to validate a MinIO deployment against the requirements.

Comment on lines +98 to +105
influxdb3 debug object-store-check \
--object-store s3 \
--bucket BUCKET_NAME \
--aws-endpoint MINIO_URL \
--aws-access-key-id AWS_ACCESS_KEY_ID \
--aws-secret-access-key AWS_SECRET_ACCESS_KEY \
--aws-default-region AWS_DEFAULT_REGION \
--check-prefix oscheck

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch — aligned the example with the canonical MinIO convention used elsewhere on this page: MINIO_USERNAME/MINIO_PASSWORD, http://localhost:9000, and --aws-allow-http. Also dropped --aws-default-region since the existing influxdb3 serve MinIO example doesn't set it. Fixed in facd90b.

@reidkaufmann

Copy link
Copy Markdown
Contributor Author

@lilic @hiltontj — question on scope for this PR and follow-up docs:

I compared the requirements described in this PR against the checks in object-store-check and there are a few semantics the tool tests that this PR now touches only briefly (grouped under the new "Strict pagination and error semantics" bullet):

  • head_missing_returns_not_found — HEAD on a missing key must return NotFound specifically, not another error variant.
  • start_after_strict / start_after_late / start_after_missinglist_with_offset returns only keys strictly greater than the offset, including when the offset key does not exist.
  • list_pagination_multipage — multi-page listings deliver every key and terminate.
  • --probe-prefix — read-only replay against a real catalog prefix; I added a one-sentence pointer.

For this setup page, keeping the requirements at a high level and pointing at the tool feels right. But there's a bigger question:

Do we want a separate, in-depth "InfluxDB 3 object store requirements" reference page in docs-v2 that enumerates the semantics we depend on, or do we want the object-store-check tool (and its --help-all) to be the authoritative source?

Arguments for a dedicated docs page:

  • Discoverable — operators evaluating an S3-compatible backend can find the spec before they deploy.
  • Vendor-neutral — this MinIO page isn't the right home for the general contract; a reference page could be linked from the MinIO/Ceph/Qumulo/etc. pages.

Arguments for keeping the tool as the source of truth:

  • The tool is executable; docs drift. Every time we add a check we'd have to update prose.
  • Backend-vendor engineers who want to certify their store can read Rust; ops teams just want to run the tool.
  • The tool's --help-all output is already a decent spec.

My weak preference: tool as source of truth, plus a short reference page that says "these are the classes of semantics we test; run the tool for the authoritative enumeration." No specific check IDs in the docs.

Curious what you both think.

Per Copilot review: use MINIO_USERNAME/MINIO_PASSWORD, http://localhost:9000,
and --aws-allow-http to match the canonical serve example on the same page.
Drop --aws-default-region for the same reason.
Applies the InfluxDataDocs.Branding substitution across the shared MinIO
guide and the two consumer stubs — both in new prose from this PR and in
pre-existing lines that Vale flagged.
The three pagination/error semantics tested by object-store-check
(HEAD-missing NotFound, strict start-after, multi-page listing) are not
current concerns for vanilla MinIO. Historical MinIO bugs in these areas
were confined to the deprecated S3 gateway and are fixed.

Keep the pagination/error checks in mind for a future backend-neutral
requirements reference, but do not imply on this MinIO setup page that
MinIO is likely to violate them.
@reidkaufmann

Copy link
Copy Markdown
Contributor Author

Reverted the "Strict pagination and error semantics" bullet in 3c3a89a.

Rationale after checking each of the three checks against MinIO's actual bug history:

So enumerating these on the MinIO setup page implied a risk that doesn't apply to MinIO specifically — it was really just reflecting what the object-store-check tool tests for S3-compatibles in general (Qumulo, Ceph, LocalStack, etc.).

The three bullets that remain (read-after-write consistency, list-after-write consistency, conditional PUT) do have real MinIO-specific risk paths (NFS backend, shared-mount topology, catalog split-brain), so they stay.

This reinforces the question I asked above about a backend-neutral requirements page — those three pagination/error checks are still valuable ops knowledge, they just don't belong on a MinIO-specific page.

GitHub URLs of the form <repo>?tab=<name>#<anchor> resolve via client-side
hydration; the anchor is not present in the initial HTML the fragment
checker fetches. This produces a false positive on any docs page that
cites a GitHub URL copied from the tab bar (readme-ov-file, packages,
issues, etc.), while the link is fully functional in a browser.

The exclusion is scoped to <org>/<repo>?tab=X#Y so it does not affect
GitHub URLs where the fragment is real (blob/main/file.md#L42, etc.).
@jstirnaman

Copy link
Copy Markdown
Contributor

This reinforces the question I asked above about a backend-neutral requirements page — those three pagination/error checks are still valuable ops knowledge, they just don't belong on a MinIO-specific page.

My first thought before seeing your comments was "we need a neutral object store requirements page". I'll take a stab at it and get your review, but won't hold up your PR for it.

@jstirnaman

Copy link
Copy Markdown
Contributor

Filed #7444 to track two follow-ups from this PR: moving the general object-store consistency requirements to the shared object-storage overview page, and dropping the Vale rule that partially capitalizes "object store." No change requested here for that — just linking for visibility.

(Style-only fixes — capitalization, hyphenation, em dash, wording — are split out separately in #7445, based on this branch, so they don't mix with the technical review.)

@jstirnaman jstirnaman left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I filed #7445 with style fixes rather than inline suggestions here.
#7444 will address the general object storage requirements.

Style-only cleanup for #7442's new "Object store requirements" content:

- Revert "the Object store" to sentence case ("the object store")
  throughout; partial capitalization of a generic term doesn't
  disambiguate anything and is tracked for removal in #7444
- Fix Google.LyHyphens: "locally-attached" -> "locally attached"
- Fix Google.EmDash: remove spaces around the em dash
- Avoid "above" as an in-page reference; use "preceding" instead

No content changes -- SME review of #7442's technical claims is
unaffected.

@lilic lilic left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! 👏 One nit.

Comment thread content/shared/influxdb3-admin/object-storage/minio.md Outdated

@lilic lilic left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only thing maybe we can callout a small warning saying this tool should be used with caution as it does do requests against the given object store so they should always use with caution.

or do we want the object-store-check tool (and its --help-all) to be the authoritative source?

this would be my preference, as the original PR just added some initial checks but as new requirements come in we might need other things.

Co-authored-by: Lili Cosic <cosiclili@gmail.com>

@jstirnaman jstirnaman left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressing lilic's review-body nit about a caution callout on object-store-check — left as a suggestion inline. Her other suggestion (line wording) is already applied in f166871.


Generated by Claude Code

validates an object store against the preceding semantic requirements.
Run it against your MinIO endpoint before putting the deployment into
production, and again after any change to the MinIO topology or backing
storage:

@jstirnaman jstirnaman Jul 2, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per @lilic's comment above about calling out that this tool should be used with caution — suggested addition before the code block:

Suggested change
storage:
storage:
> [!Caution]
> `object-store-check` sends live read, write, and delete requests to the
> object store you point it at. The synthetic checks are isolated to a
> disposable location (`<check-prefix>/oscheck-<uuid>/`) and don't touch your
> real catalog data, but every request still counts against the target
> endpoint's real request quota. Use credentials scoped to a non-production
> bucket or prefix where possible.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if this needs caution as opposed to note as I'm assuming it's a generally one-time thing, but not something I'm concerned on if you think caution makes sense. Otherwise lgtm

@reidkaufmann reidkaufmann Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No opinion on the caution label, but I like warning about what the tool is going to do (though if the tools bakes in the warnings we might not need it here). I agree that usually this is a one-time check because the infra is often a "set it and forget it" thing. However, the recommendation is cautious and hints at the exceptional cases (though they aren't named):

  • we might add additional qualifications and checks to the utility at a later point
  • it's possible for changes to the object store configuration to break compatibility

@reidkaufmann reidkaufmann added this pull request to the merge queue Jul 2, 2026
Merged via the queue into master with commit b7e0215 Jul 2, 2026
23 checks passed
github-actions Bot added a commit that referenced this pull request Jul 2, 2026
pull Bot pushed a commit to Dustin4444/docs-v2 that referenced this pull request Jul 2, 2026
Style-only cleanup for influxdata#7442's new "Object store requirements" content:

- Revert "the Object store" to sentence case ("the object store")
  throughout; partial capitalization of a generic term doesn't
  disambiguate anything and is tracked for removal in influxdata#7444
- Fix Google.LyHyphens: "locally-attached" -> "locally attached"
- Fix Google.EmDash: remove spaces around the em dash
- Avoid "above" as an in-page reference; use "preceding" instead

No content changes -- SME review of influxdata#7442's technical claims is
unaffected.
@jstirnaman jstirnaman deleted the reidk/object-store-consistency-requirements branch July 2, 2026 20:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

product:shared Shared content across products product:v3-monolith InfluxDB 3 Core and Enterprise (single-node / clusterable)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants