4

Admin UI

chrislusf edited this page 2025-07-13 20:30:23 -07:00

Table of Contents

• This is still work in progress. Some features work, some not. Everything is subject to change.
• Weed Admin
• Overview
• Usage
• Options
• Examples
• Basic Usage
• With Authentication
• Production Deployment
• Data Directory
• Security and Authentication
• Authentication
• TLS/HTTPS Configuration
• Security Best Practices
• Worker Communication
• Configuration File
• Generate Example Configuration
• Features
• Automatic Service Discovery
• Web Interface
• Dashboard
• Object Store Management
• File Browser
• Cluster Management
• Message Queue Management
• API Endpoints
• Troubleshooting
• Common Issues
• Debug Information
• Related Commands
• Admin UI Pages Reference
• Accessing the Admin Interface
• Dashboard (/)
• Object Store Management
• S3 Buckets (/object-store/buckets)
• User Management (/object-store/users)
• Policies (/object-store/policies)
• File Browser (/files)
• Cluster Management
• Master Servers (/cluster/masters)
• Filer Servers (/cluster/filers)
• Volume Servers (/cluster/volume-servers)
• Volume Management (/cluster/volumes)
• Collections (/cluster/collections)
• Message Queue Management
• Brokers (/mq/brokers)
• Topics (/mq/topics)
• Topic Details (/mq/topics/{namespace}/{topic})
• Navigation and UI Features
• Responsive Design
• Real-time Updates
• Security Features
• Accessibility
• See Also

This is still work in progress. Some features work, some not. Everything is subject to change.

Weed Admin

The weed admin command starts a modern web-based administration interface for SeaweedFS cluster management.

Overview

The admin interface provides a comprehensive web UI for managing SeaweedFS clusters, including:

• Cluster topology visualization and monitoring
• Volume management and operations
• File browser and management
• System metrics and performance monitoring
• Configuration management

The admin interface automatically discovers filers from the master servers and runs a gRPC server for worker connections on HTTP port + 10000.

Usage

weed admin [options]

Options

Option	Default	Description
-port	23646	Admin server port
-masters	localhost:9333	Comma-separated master servers
-dataDir	""	Directory to store admin configuration and data files
-adminUser	admin	Admin interface username
-adminPassword	""	Admin interface password (if empty, auth is disabled)

Examples

Basic Usage

# Start admin interface on default port (23646)
weed admin -masters=localhost:9333

# Start with custom port and multiple masters
weed admin -port=8080 -masters="master1:9333,master2:9333"

# Start with specific data directory
weed admin -port=23646 -masters="localhost:9333" -dataDir="/var/lib/seaweedfs-admin"

# Start with home directory expansion
weed admin -port=23646 -masters="localhost:9333" -dataDir="~/seaweedfs-admin"

With Authentication

# Enable authentication
weed admin -adminUser=admin -adminPassword=secret123 -masters="localhost:9333"

Production Deployment

# Production setup with data persistence and authentication
weed admin \
  -port=23646 \
  -masters="master1:9333,master2:9333,master3:9333" \
  -dataDir="/var/lib/seaweedfs-admin" \
  -adminUser=admin \
  -adminPassword=strongpassword123

Data Directory

The data directory (-dataDir) is used to persist admin configuration data:

• If specified: Configuration and data are persisted to disk
• If not specified: All configuration is kept in memory only
• Path expansion: Supports tilde (~) expansion for home directory
• Auto-creation: Directory is automatically created if it doesn't exist
• Format: Configuration files are stored in JSON format for easy editing

Security and Authentication

Authentication

• Disabled by default: If -adminPassword is not set, no authentication is required
• Session-based: When enabled, uses secure session management with auto-generated session keys
• User credentials: Login with -adminUser and -adminPassword

TLS/HTTPS Configuration

The admin server reads TLS configuration from security.toml:

[https.admin]
cert = "/etc/ssl/admin.crt"
key = "/etc/ssl/admin.key"
ca = "/etc/ssl/ca.crt"     # optional, for mutual TLS

• HTTPS: Automatically enabled if https.admin.key is configured
• Mutual TLS: Enabled if https.admin.ca is configured
• Certificate loading: Certificates are loaded from the security configuration

Security Best Practices

1. Set strong passwords: Use strong -adminPassword for production
2. Configure TLS: Use HTTPS for production deployments
3. Firewall rules: Restrict admin interface access to authorized networks
4. Regular updates: Keep SeaweedFS updated for security patches

Worker Communication

The admin server also runs a gRPC server for worker connections:

• Port: HTTP port + 10000 (e.g., if admin runs on 23646, gRPC runs on 33646)
• Purpose: Handles worker connections and task distribution
• TLS: Uses [grpc.admin] configuration from security.toml
• Fallback: Workers fall back to insecure connections if TLS is unavailable

Configuration File

The admin server reads configuration from security.toml in the following order:

1. Current directory (.)
2. $HOME/.seaweedfs/
3. /usr/local/etc/seaweedfs/
4. /etc/seaweedfs/

Generate Example Configuration

# Generate example security.toml
weed scaffold -config=security

Features

Automatic Service Discovery

• Master discovery: Connects to specified master servers
• Filer discovery: Automatically discovers filers from masters
• Health monitoring: Monitors cluster health and status

Web Interface

The admin interface provides a comprehensive web-based management console with the following sections:

Dashboard

• Cluster Overview: Real-time cluster status and health metrics
• System Statistics: Total volumes, files, size, and volume size limits
• Node Status: Master, filer, volume server, and message broker status
• Data Centers: Geographic distribution of storage nodes

Object Store Management

• S3 Buckets: View, create, delete, and manage S3-compatible buckets
• Bucket Details: Quota management and configuration
• User Management: Create and manage S3 API users with permissions
• Access Keys: Generate and manage access/secret key pairs
• Policies: Manage bucket policies and user permissions

File Browser

• Directory Navigation: Browse filesystem hierarchy through web interface
• File Operations: Upload, download, delete, and manage files
• File Properties: View file metadata, permissions, and storage details
• Bulk Operations: Multi-select for batch operations

Cluster Management

• Master Servers: View master node status, leadership, and connectivity
• Filer Servers: Monitor filer instances and metadata operations
• Volume Servers: Track storage nodes, capacity, and health status
• Volume Management: View volume distribution, replication, and status
• Collections: Monitor data collections and their volume allocation

Message Queue Management

• Brokers: View message queue broker status and configuration
• Topics: Manage topics, partitions, and message retention
• Subscribers: Monitor subscriber connections and consumer lag
• Topic Details: View message statistics and partition distribution

API Endpoints

The admin interface provides RESTful API endpoints for:

• Cluster status and topology
• Volume management
• File operations
• System metrics
• Configuration management

Troubleshooting

Common Issues

1. No filers discovered:

   • Check master server connectivity
   • Verify master addresses are correct
   • Ensure masters are running and accessible

2. Authentication not working:

   • Verify -adminPassword is set correctly
   • Check session cookie settings
   • Clear browser cache and cookies

3. TLS/HTTPS issues:

   • Verify certificate paths in security.toml
   • Check certificate validity and permissions
   • Ensure certificates are in PEM format

4. Worker connections failing:

   • Check if gRPC port (HTTP port + 10000) is accessible
   • Verify TLS configuration for worker connections
   • Check firewall rules for gRPC port

Debug Information

Enable debug logging for detailed troubleshooting:

# Run with verbose logging
weed admin -v=4 -masters="localhost:9333"

Related Commands

• weed master: Start master servers
• weed filer: Start filer servers
• weed scaffold: Generate configuration files

Admin UI Pages Reference

Accessing the Admin Interface

Once the admin server is running, access the web interface at:

http://localhost:23646

Or with custom port:

http://localhost:PORT

Dashboard (/)

The main dashboard provides a comprehensive overview of your SeaweedFS cluster:

Key Metrics:

• Total volumes, files, and storage size
• Volume size limit configuration
• Cluster health status

Cluster Topology:

• Master server status and leader election
• Filer server instances and connections
• Volume server distribution and capacity
• Message broker status (if enabled)
• Data center geographic distribution

Real-time Updates: The dashboard automatically refreshes to show current cluster status.

Object Store Management

S3 Buckets (/object-store/buckets)

Manage S3-compatible storage buckets:

Features:

• View all buckets with creation dates and sizes
• Create new buckets with Object Lock support
• Delete buckets (with confirmation)
• Set bucket quotas and limits
• Export bucket list to CSV

Bucket Operations:

• Create Bucket: Specify name and optional Object Lock enablement
• Delete Bucket: Remove empty buckets with confirmation dialog
• Quota Management: Set storage limits per bucket
• Bucket Details: View detailed statistics and configuration

User Management (/object-store/users)

Manage S3 API users and their permissions:

User Operations:

• Create new users with email and permissions
• Edit existing user permissions and details
• Delete users with confirmation
• Generate and manage access keys
• View user activity and permissions

Permission Types:

• Admin: Full access to all buckets and operations
• Read: Read access to specified buckets
• Write: Write access to specified buckets
• List: List bucket contents
• Tagging: Manage object tags
• Object Lock Permissions:
  • BypassGovernanceRetention: Override governance retention
  • GetObjectRetention: Read object retention settings
  • PutObjectRetention: Modify object retention
  • GetObjectLegalHold: Read legal hold status
  • PutObjectLegalHold: Set legal hold
  • GetBucketObjectLockConfiguration: Read bucket Object Lock config
  • PutBucketObjectLockConfiguration: Modify bucket Object Lock config

Access Key Management:

• Generate new access/secret key pairs
• View existing access keys (secret keys are masked)
• Delete unused access keys
• Copy keys to clipboard

Policies (/object-store/policies)

Manage bucket policies and access control:

Policy Operations:

• Create JSON-based bucket policies
• Edit existing policies with syntax validation
• Delete policies
• Validate policy syntax before saving
• View policy effects and permissions

File Browser (/files)

Web-based file system interface:

Navigation:

• Browse directory hierarchy
• Navigate with breadcrumb navigation
• Search files and folders
• Sort by name, size, or modification date

File Operations:

• Upload: Single or multiple file upload with progress tracking
• Download: Direct file download or streaming
• Delete: Remove files and folders with confirmation
• Create Folders: New directory creation
• Rename: File and folder renaming
• Copy/Move: File management operations

Advanced Features:

• Drag-and-drop file upload
• Bulk selection for batch operations
• File property viewing (size, permissions, metadata)
• Preview for supported file types
• Export file listings to CSV

Cluster Management

Master Servers (/cluster/masters)

Monitor master server cluster:

Information Displayed:

• Master server addresses and ports
• Leader election status
• Connection health and response times
• Configuration synchronization status
• Cluster membership changes

Filer Servers (/cluster/filers)

Track filer instances:

Monitoring:

• Filer server addresses and health
• Metadata store backend status
• Connected clients and operations
• Performance metrics and response times

Volume Servers (/cluster/volume-servers)

Manage storage nodes:

Server Information:

• Server addresses and capacity
• Free space and utilization
• Active volume counts
• Data center and rack assignment
• Health status and connectivity

Volume Management (/cluster/volumes)

Detailed volume tracking:

Volume Details:

• Volume ID and size information
• Replication status and factor
• Read/write statistics
• Storage location and server mapping
• Collection assignment

Operations:

• View volume distribution across servers
• Monitor replication health
• Track volume growth and utilization

Collections (/cluster/collections)

Monitor data collections:

Collection Information:

• Collection names and volume counts
• Replication configuration
• Storage distribution
• Growth patterns and capacity planning

Message Queue Management

Brokers (/mq/brokers)

Monitor message queue brokers:

Broker Status:

• Broker addresses and health
• Topic assignment and leadership
• Connection counts and throughput
• Configuration and settings

Topics (/mq/topics)

Manage message queue topics:

Topic Operations:

• Create new topics with partition configuration
• View topic statistics and message counts
• Manage topic retention policies
• Monitor consumer lag and throughput

Topic Details (/mq/topics/{namespace}/{topic})

Detailed topic information:

Statistics:

• Message production and consumption rates
• Partition distribution and leadership
• Subscriber connections and lag
• Storage utilization per partition

Configuration Options:

• Task scheduling parameters
• Worker connection settings
• Retry policies and timeouts
• Resource allocation limits

Navigation and UI Features

Responsive Design

• Mobile-friendly interface
• Collapsible sidebar navigation
• Responsive tables and charts
• Touch-friendly controls

Real-time Updates

• Live cluster status monitoring
• Automatic page refresh for dynamic content
• WebSocket connections for real-time data
• Progress indicators for long-running operations

Security Features

• Session-based authentication
• CSRF protection
• Secure cookie handling
• TLS/HTTPS support

Accessibility

• Keyboard navigation support
• Screen reader compatibility
• High contrast mode support
• Semantic HTML structure

See Also

• SeaweedFS Architecture

• Security Configuration

• S3 Object Lock and Retention

• S3 API FAQ

Introduction

• Quick Start with weed mini
• Components
• Getting Started
• Production Setup
• Benchmarks
• FAQ
• Applications

API

• Master Server API
• Volume Server API
• Filer Server API
• Client Libraries
• SeaweedFS Java Client

Configuration

• Replication
• Store file with a Time To Live
• Failover Master Server
• Erasure coding for warm storage
• Server Startup via Systemd
• Environment Variables

Filer

• Filer Setup
• Directories and Files
• File Operations Quick Reference
• Data Structure for Large Files
• Filer Data Encryption
• Filer Commands and Operations
• Filer JWT Use
• TUS Resumable Uploads

Filer Stores

• Filer Cassandra Setup
• Filer Redis Setup
• Super Large Directories
• Path-Specific Filer Store
• Choosing a Filer Store
• Customize Filer Store

Management

• Admin UI
• Worker

Advanced Filer Configurations

• Migrate to Filer Store
• Add New Filer Store
• Filer Store Replication
• Filer Active Active cross cluster continuous synchronization
• Filer as a Key-Large-Value Store
• Path Specific Configuration
• Filer Change Data Capture

FUSE Mount

• FIO benchmark
• fstab

WebDAV

Cloud Drive

• Cloud Drive Benefits
• Cloud Drive Architecture
• Configure Remote Storage
• Mount Remote Storage
• Cache Remote Storage
• Cloud Drive Quick Setup
• Gateway to Remote Object Storage

AWS S3 API

• Amazon S3 API
• S3 Conditional Operations
• S3 CORS
• S3 Object Lock and Retention
• S3 Object Versioning
• S3 API Benchmark
• S3 API FAQ
• S3 Bucket Quota
• S3 Rate Limiting
• S3 API Audit log
• S3 Nginx Proxy
• Docker Compose for S3

S3 Table Bucket

• S3 Table Bucket

S3 Authentication & IAM

• S3 Configuration - Start Here
• S3 Credentials (-s3.config)
• OIDC Integration (-s3.iam.config)
• S3 Policy Variables
• Amazon IAM API
• AWS IAM CLI

Server-Side Encryption

• Server-Side Encryption
• Server-Side Encryption SSE-KMS
• Server-Side Encryption SSE-C

S3 Client Tools

• AWS CLI with SeaweedFS
• s3cmd with SeaweedFS
• rclone with SeaweedFS
• restic with SeaweedFS
• nodejs with Seaweed S3

Machine Learning

• TensorFlow with SeaweedFS

HDFS

• Hadoop Compatible File System
• run Spark on SeaweedFS
• run HBase on SeaweedFS
• run Presto on SeaweedFS
• Hadoop Benchmark
• HDFS via S3 connector

Replication and Backup

• Async Replication to another Filer [Deprecated]
• Async Backup
• Async Filer Metadata Backup
• Async Replication to Cloud [Deprecated]
• Kubernetes Backups and Recovery with K8up

Metadata Change Events

• Filer Metadata Events
• Filer Notification Webhook

Messaging

• Structured Data Lake with SMQ and SQL
• Seaweed Message Queue
• SQL Queries on Message Queue
• SQL Quick Reference
• PostgreSQL-compatible Server weed db
• Pub-Sub to SMQ to SQL
• Kafka to Kafka Gateway to SMQ to SQL

Use Cases

• Use Cases
• Actual Users

Operations

• System Metrics
• weed shell
• Data Backup
• Deployment to Kubernetes and Minikube

Advanced

• Large File Handling
• Optimization
• Volume Management
• Tiered Storage
• Cloud Tier
• Cloud Monitoring
• Load Command Line Options from a file
• SRV Service Discovery
• Volume Files Structure

Security

• Security Overview
• Security Configuration
• Cryptography and FIPS Compliance
• Run Blob Storage on Public Internet

Misc Use Case Examples

• UrBackup with SeaweedFS
• Docker Image Registry with SeaweedFS
• SeaweedFS in Docker Swarm
• Words from SeaweedFS Users
• Independent Benchmarks
• Hardware