feat(minio): add ansible role for deploying minio, a s3-compatible object storage server, with docker
This commit is contained in:
parent
a6ee08561c
commit
41aa9f0365
@ -11,6 +11,9 @@ concise area of concern.
|
||||
- [`roles/restic-s3`](roles/restic-s3/README.md): Manage backups using restic
|
||||
and persist them to an s3-compatible backend.
|
||||
|
||||
- [`roles/minio`](roles/minio/README.md): Deploy [min.io](https://min.io), an
|
||||
s3-compatible object storage server, using docker containers.
|
||||
|
||||
## License
|
||||
|
||||
[CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License
|
||||
|
29
roles/minio/README.md
Normal file
29
roles/minio/README.md
Normal file
@ -0,0 +1,29 @@
|
||||
# `finallycoffee.services.minio` ansible role
|
||||
|
||||
## Overview
|
||||
|
||||
This role deploys a [min.io](https://min.io) server (s3-compatible object storage server)
|
||||
using the official docker container image.
|
||||
|
||||
## Configuration
|
||||
|
||||
The role requires setting the password for the `root` user (name can be changed by
|
||||
setting `minio_root_username`) in `minio_root_password`. That user has full control
|
||||
over the minio-server instance.
|
||||
|
||||
### Useful config hints
|
||||
|
||||
Most configuration is done by setting environment variables in
|
||||
`minio_container_extra_env`, for example:
|
||||
|
||||
```yaml
|
||||
minio_container_extra_env:
|
||||
# disable the "console" web browser UI
|
||||
MINIO_BROWSER: off
|
||||
# enable public prometheus metrics on `/minio/v2/metrics/cluster`
|
||||
MINIO_PROMETHEUS_AUTH_TYPE: public
|
||||
```
|
||||
|
||||
When serving minio (or any s3-compatible server) on a "subfolder",
|
||||
see https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTRedirect.html
|
||||
and https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html
|
40
roles/minio/defaults/main.yml
Normal file
40
roles/minio/defaults/main.yml
Normal file
@ -0,0 +1,40 @@
|
||||
---
|
||||
|
||||
minio_user: ~
|
||||
minio_data_path: /opt/minio
|
||||
|
||||
minio_create_user: false
|
||||
minio_manage_host_filesystem: false
|
||||
|
||||
minio_root_username: root
|
||||
minio_root_password: ~
|
||||
|
||||
minio_container_name: minio
|
||||
minio_container_image_name: docker.io/minio/minio
|
||||
minio_container_image_tag: latest
|
||||
minio_container_image: "{{ minio_container_image_name }}:{{ minio_container_image_tag }}"
|
||||
minio_container_networks: []
|
||||
minio_container_ports: []
|
||||
|
||||
minio_container_base_volumes:
|
||||
- "{{ minio_data_path }}:{{ minio_container_data_path }}:z"
|
||||
minio_container_extra_volumes: []
|
||||
|
||||
minio_container_base_env:
|
||||
MINIO_ROOT_USER: "{{ minio_root_username }}"
|
||||
MINIO_ROOT_PASSWORD: "{{ minio_root_password }}"
|
||||
minio_container_extra_env: {}
|
||||
|
||||
minio_container_labels: {}
|
||||
|
||||
minio_container_command:
|
||||
- "server"
|
||||
- "{{ minio_container_data_path }}"
|
||||
- "--console-address \":{{ minio_container_listen_port_console }}\""
|
||||
minio_container_restart_policy: "unless-stopped"
|
||||
minio_container_image_force_source: "{{ (minio_container_image_tag == 'latest')|bool }}"
|
||||
|
||||
minio_container_listen_port_api: 9000
|
||||
minio_container_listen_port_console: 8900
|
||||
|
||||
minio_container_data_path: /storage
|
37
roles/minio/tasks/main.yml
Normal file
37
roles/minio/tasks/main.yml
Normal file
@ -0,0 +1,37 @@
|
||||
---
|
||||
|
||||
- name: Ensure minio run user is present
|
||||
user:
|
||||
name: "{{ minio_user }}"
|
||||
state: present
|
||||
system: yes
|
||||
when: minio_create_user
|
||||
|
||||
- name: Ensure filesystem mounts ({{ minio_data_path }}) for container volumes are present
|
||||
file:
|
||||
path: "{{ minio_data_path }}"
|
||||
state: directory
|
||||
user: "{{ minio_user|default(omit, True) }}"
|
||||
group: "{{ minio_user|default(omit, True) }}"
|
||||
when: minio_manage_host_filesystem
|
||||
|
||||
- name: Ensure container image for minio is present
|
||||
community.docker.docker_image:
|
||||
name: "{{ minio_container_image }}"
|
||||
state: present
|
||||
source: pull
|
||||
force_source: "{{ minio_container_image_force_source }}"
|
||||
|
||||
- name: Ensure container {{ minio_container_name }} is running
|
||||
docker_container:
|
||||
name: "{{ minio_container_name }}"
|
||||
image: "{{ minio_container_image }}"
|
||||
volumes: "{{ minio_container_volumes }}"
|
||||
env: "{{ minio_container_env }}"
|
||||
labels: "{{ minio_container_labels }}"
|
||||
networks: "{{ minio_container_networks }}"
|
||||
ports: "{{ minio_container_ports }}"
|
||||
user: "{{ minio_user|default(omit, True) }}"
|
||||
command: "{{ minio_container_command }}"
|
||||
restart_policy: "{{ minio_container_restart_policy }}"
|
||||
state: started
|
5
roles/minio/vars/main.yml
Normal file
5
roles/minio/vars/main.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
|
||||
minio_container_volumes: "{{ minio_container_base_volumes + minio_container_extra_volumes }}"
|
||||
|
||||
minio_container_env: "{{ minio_container_base_env | combine(minio_container_extra_env) }}"
|
Loading…
Reference in New Issue
Block a user