diff --git a/roles/minio/README.md b/roles/minio/README.md new file mode 100644 index 0000000..8ef2753 --- /dev/null +++ b/roles/minio/README.md @@ -0,0 +1,29 @@ +# `finallycoffee.services.minio` ansible role + +## Overview + +This role deploys a [min.io](https://min.io) server (s3-compatible object storage server) +using the official docker container image. + +## Configuration + +The role requires setting the password for the `root` user (name can be changed by +setting `minio_root_username`) in `minio_root_password`. That user has full control +over the minio-server instance. + +### Useful config hints + +Most configuration is done by setting environment variables in +`minio_container_extra_env`, for example: + +```yaml +minio_container_extra_env: + # disable the "console" web browser UI + MINIO_BROWSER: off + # enable public prometheus metrics on `/minio/v2/metrics/cluster` + MINIO_PROMETHEUS_AUTH_TYPE: public +``` + +When serving minio (or any s3-compatible server) on a "subfolder", +see https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTRedirect.html +and https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml new file mode 100644 index 0000000..f22f54e --- /dev/null +++ b/roles/minio/defaults/main.yml @@ -0,0 +1,40 @@ +--- + +minio_user: ~ +minio_data_path: /opt/minio + +minio_create_user: false +minio_manage_host_filesystem: false + +minio_root_username: root +minio_root_password: ~ + +minio_container_name: minio +minio_container_image_name: quay.io/minio/minio +minio_container_image_tag: latest +minio_container_image: "{{ minio_container_image_name }}:{{ minio_container_image_tag }}" +minio_container_networks: [] +minio_container_ports: [] + +minio_container_base_volumes: + - "{{ minio_data_path }}:{{ minio_container_data_path }}:z" +minio_container_extra_volumes: [] + +minio_container_base_env: + MINIO_ROOT_USER: "{{ minio_root_username }}" + MINIO_ROOT_PASSWORD: "{{ minio_root_password }}" +minio_container_extra_env: {} + +minio_container_labels: {} + +minio_container_command: + - "server" + - "{{ minio_container_data_path }}" + - "--console-address \":{{ minio_container_listen_port_console }}\"" +minio_container_restart_policy: "unless-stopped" +minio_container_force_source: "{{ (minio_container_image_tag == 'latest')|bool }}" + +minio_container_listen_port_api: 9000 +minio_container_listen_port_console: 8900 + +minio_container_data_path: /storage diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml new file mode 100644 index 0000000..7decd1a --- /dev/null +++ b/roles/minio/tasks/main.yml @@ -0,0 +1,39 @@ +--- + +- name: Ensure minio run user is present + user: + name: "{{ minio_user }}" + state: present + system: yes + when: minio_create_user + +- name: Ensure filesystem mounts ({{ minio_data_path }}) for container volumes are present + file: + path: "{{ minio_data_path }}" + state: directory + user: "{{ minio_user|default(omit, True) }}" + group: "{{ minio_user|default(omit, True) }}" + when: minio_manage_host_filesystem + +- name: Ensure container image for minio is present + community.docker.docker_image: + name: "{{ minio_container_image }}" + state: present + source: pull + force_source: "{{ minio_container_force_source }}" + +- name: Ensure container {{ minio_container_name }} is running + docker_container: + name: "{{ minio_container_name }}" + image: "{{ minio_container_image }}" + volumes: "{{ minio_container_volumes }}" + env: "{{ minio_container_env }}" + labels: "{{ minio_container_labels }}" + networks: "{{ minio_container_networks }}" + ports: "{{ minio_container_ports }}" + user: "{{ minio_user|default(omit, True) }}" + command: "{{ minio_container_command }}" + restart_policy: "{{ minio_container_restart_policy }}" + state: started + comparisons: + env: strict diff --git a/roles/minio/vars/main.yml b/roles/minio/vars/main.yml new file mode 100644 index 0000000..96ff72c --- /dev/null +++ b/roles/minio/vars/main.yml @@ -0,0 +1,5 @@ +--- + +minio_container_volumes: "{{ minio_container_base_volumes + minio_container_extra_volumes }}" + +minio_container_env: "{{ minio_container_base_env | combine(minio_container_extra_env) }}"