feat(minio): add ansible role for deploying minio, a s3-compatible object storage server, with docker #1
@ -11,6 +11,9 @@ concise area of concern.
|
|||||||
- [`roles/restic-s3`](roles/restic-s3/README.md): Manage backups using restic
|
- [`roles/restic-s3`](roles/restic-s3/README.md): Manage backups using restic
|
||||||
and persist them to an s3-compatible backend.
|
and persist them to an s3-compatible backend.
|
||||||
|
|
||||||
|
- [`roles/minio`](roles/minio/README.md): Deploy [min.io](https://min.io), an
|
||||||
|
s3-compatible object storage server, using docker containers.
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
[CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License
|
[CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License
|
||||||
|
29
roles/minio/README.md
Normal file
29
roles/minio/README.md
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
# `finallycoffee.services.minio` ansible role
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
This role deploys a [min.io](https://min.io) server (s3-compatible object storage server)
|
||||||
|
using the official docker container image.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
The role requires setting the password for the `root` user (name can be changed by
|
||||||
|
setting `minio_root_username`) in `minio_root_password`. That user has full control
|
||||||
|
over the minio-server instance.
|
||||||
|
|
||||||
|
### Useful config hints
|
||||||
|
|
||||||
|
Most configuration is done by setting environment variables in
|
||||||
|
`minio_container_extra_env`, for example:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
minio_container_extra_env:
|
||||||
|
# disable the "console" web browser UI
|
||||||
|
MINIO_BROWSER: off
|
||||||
|
# enable public prometheus metrics on `/minio/v2/metrics/cluster`
|
||||||
|
MINIO_PROMETHEUS_AUTH_TYPE: public
|
||||||
|
```
|
||||||
|
|
||||||
|
When serving minio (or any s3-compatible server) on a "subfolder",
|
||||||
|
see https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTRedirect.html
|
||||||
|
and https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html
|
40
roles/minio/defaults/main.yml
Normal file
40
roles/minio/defaults/main.yml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
minio_user: ~
|
||||||
|
minio_data_path: /opt/minio
|
||||||
|
|
||||||
|
minio_create_user: false
|
||||||
|
minio_manage_host_filesystem: false
|
||||||
|
|
||||||
|
minio_root_username: root
|
||||||
|
minio_root_password: ~
|
||||||
|
|
||||||
|
minio_container_name: minio
|
||||||
|
minio_container_image_name: docker.io/minio/minio
|
||||||
|
minio_container_image_tag: latest
|
||||||
|
minio_container_image: "{{ minio_container_image_name }}:{{ minio_container_image_tag }}"
|
||||||
|
minio_container_networks: []
|
||||||
|
minio_container_ports: []
|
||||||
|
|
||||||
|
minio_container_base_volumes:
|
||||||
|
- "{{ minio_data_path }}:{{ minio_container_data_path }}:z"
|
||||||
|
minio_container_extra_volumes: []
|
||||||
|
|
||||||
|
minio_container_base_env:
|
||||||
|
MINIO_ROOT_USER: "{{ minio_root_username }}"
|
||||||
|
MINIO_ROOT_PASSWORD: "{{ minio_root_password }}"
|
||||||
|
minio_container_extra_env: {}
|
||||||
|
|
||||||
|
minio_container_labels: {}
|
||||||
|
|
||||||
|
minio_container_command:
|
||||||
|
- "server"
|
||||||
|
- "{{ minio_container_data_path }}"
|
||||||
|
- "--console-address \":{{ minio_container_listen_port_console }}\""
|
||||||
|
minio_container_restart_policy: "unless-stopped"
|
||||||
|
minio_container_image_force_source: "{{ (minio_container_image_tag == 'latest')|bool }}"
|
||||||
|
|
||||||
|
minio_container_listen_port_api: 9000
|
||||||
|
minio_container_listen_port_console: 8900
|
||||||
|
|
||||||
|
minio_container_data_path: /storage
|
37
roles/minio/tasks/main.yml
Normal file
37
roles/minio/tasks/main.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure minio run user is present
|
||||||
|
user:
|
||||||
|
name: "{{ minio_user }}"
|
||||||
|
state: present
|
||||||
|
system: yes
|
||||||
|
when: minio_create_user
|
||||||
|
|
||||||
|
- name: Ensure filesystem mounts ({{ minio_data_path }}) for container volumes are present
|
||||||
|
file:
|
||||||
|
path: "{{ minio_data_path }}"
|
||||||
|
state: directory
|
||||||
|
user: "{{ minio_user|default(omit, True) }}"
|
||||||
|
group: "{{ minio_user|default(omit, True) }}"
|
||||||
|
when: minio_manage_host_filesystem
|
||||||
|
|
||||||
|
- name: Ensure container image for minio is present
|
||||||
|
community.docker.docker_image:
|
||||||
|
name: "{{ minio_container_image }}"
|
||||||
|
state: present
|
||||||
|
source: pull
|
||||||
|
force_source: "{{ minio_container_image_force_source }}"
|
||||||
|
|
||||||
|
- name: Ensure container {{ minio_container_name }} is running
|
||||||
|
docker_container:
|
||||||
|
name: "{{ minio_container_name }}"
|
||||||
|
image: "{{ minio_container_image }}"
|
||||||
|
volumes: "{{ minio_container_volumes }}"
|
||||||
|
env: "{{ minio_container_env }}"
|
||||||
|
labels: "{{ minio_container_labels }}"
|
||||||
|
networks: "{{ minio_container_networks }}"
|
||||||
|
ports: "{{ minio_container_ports }}"
|
||||||
|
user: "{{ minio_user|default(omit, True) }}"
|
||||||
|
command: "{{ minio_container_command }}"
|
||||||
|
restart_policy: "{{ minio_container_restart_policy }}"
|
||||||
|
state: started
|
5
roles/minio/vars/main.yml
Normal file
5
roles/minio/vars/main.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
minio_container_volumes: "{{ minio_container_base_volumes + minio_container_extra_volumes }}"
|
||||||
|
|
||||||
|
minio_container_env: "{{ minio_container_base_env | combine(minio_container_extra_env) }}"
|
Loading…
Reference in New Issue
Block a user