Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Replace MinIO with GarageHQ

Context

We've been using minio for about two years now and it's working fine in daily usage.

MinIO, the company, has abandoned their free software option and are instead promoting their new closed-source product named AIStore. See tpo/tpa/team#42352 for more details about this.

Before the final abandonment mentioned above, we've also witnessed other prior decisions that already put us on edge with regards to the future of the free software:

In September 2025 they decided to unexpectedly remove the management web UI leaving our users out of ways to manage their buckets independently.

Later, upstream has suddenly stopped publishing docker images for minio without communicating this clearly with the community. This means that we're currently running a version that's affected by at least one CVE and surely more will come with time.

Decision

Because of those events, we've decided to migrate away to a different alternative to avoid being stuck with an abandonware.

Thus, we will create a new GarageHQ-based object storage cluster inside VMs on our ganeti cluster, then move all objects to it and have the new cluster replace the minio-based one. After a while and if we're satisfied, we will decommission the minio VMs minio-01.torproject.org and minio-fsn-02.torproject.org.

Consequences

Since Garage also implements a portion of the S3 API, we don't expect the change to have important consequences on the different current users of the service.

Affected users

Currently only the gitlab service is affected.

The network health team also used to have a bucket that was planned to host files for the team, but this has been abandoned for now after Tor received the donation of a new server. The network team may still want to use the object service in the future, for example to host backups, but currently they are not affected by this change.

More Information

On their side the GrageHQ project has started scheduling regular major releases since their 2.0 release in order to acknowledge that it might be necessary for them to create API-breaking changes once in a while.

Garage is still lacking some of the features we had originally wanted in TPA-RFC-56 and TPA-RFC-84 like bucket versioning, bucket replication and bucket encryption. However, since the needs of the network health team have changed, we believe that we can deprioritize those features for now.

Operations for the service with this different software will need to be updated in documentation.

Metadata