From 4a2321cbaa018bcc71c28c9113a86166b1a465a8 Mon Sep 17 00:00:00 2001 From: Johanna Dorothea Reichmann Date: Fri, 28 Jul 2023 15:23:10 +0200 Subject: [PATCH] feat(minio): add migrated role from finallycoffee.services --- README.md | 6 ++++++ roles/minio/README.md | 29 +++++++++++++++++++++++++ roles/minio/defaults/main.yml | 40 +++++++++++++++++++++++++++++++++++ roles/minio/tasks/main.yml | 37 ++++++++++++++++++++++++++++++++ roles/minio/vars/main.yml | 5 +++++ 5 files changed, 117 insertions(+) create mode 100644 roles/minio/README.md create mode 100644 roles/minio/defaults/main.yml create mode 100644 roles/minio/tasks/main.yml create mode 100644 roles/minio/vars/main.yml diff --git a/README.md b/README.md index 492a5cd..934363b 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,14 @@ and configuring basic system utilities like gnupg, ssh etc letter "E" in the ELK-stack. - [`git`](roles/git/README.md): configures git on the target system + - [`gnupg`](roles/gnupg/README.md): configures gnupg on the target system + - [`mariadb`](roles/mariadb/README.md): runs [MariaDB Server](https://mariadb.org/), one of the world's most popular open source relational database + +- [`minio`](roles/minio/README.md): Deploy [min.io](https://min.io), an + s3-compatible object storage server, using docker containers. + - [`nginx`](roles/nginx/README.md): [nginx](https://www.nginx.com/), an advanced load balancer, webserver and reverse proxy. diff --git a/roles/minio/README.md b/roles/minio/README.md new file mode 100644 index 0000000..dde8f84 --- /dev/null +++ b/roles/minio/README.md @@ -0,0 +1,29 @@ +# `finallycoffee.base.minio` ansible role + +## Overview + +This role deploys a [min.io](https://min.io) server (s3-compatible object storage server) +using the official docker container image. + +## Configuration + +The role requires setting the password for the `root` user (name can be changed by +setting `minio_root_username`) in `minio_root_password`. That user has full control +over the minio-server instance. + +### Useful config hints + +Most configuration is done by setting environment variables in +`minio_container_extra_env`, for example: + +```yaml +minio_container_extra_env: + # disable the "console" web browser UI + MINIO_BROWSER: off + # enable public prometheus metrics on `/minio/v2/metrics/cluster` + MINIO_PROMETHEUS_AUTH_TYPE: public +``` + +When serving minio (or any s3-compatible server) on a "subfolder", +see https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTRedirect.html +and https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml new file mode 100644 index 0000000..80bd65c --- /dev/null +++ b/roles/minio/defaults/main.yml @@ -0,0 +1,40 @@ +--- + +minio_user: ~ +minio_data_path: /opt/minio + +minio_create_user: false +minio_manage_host_filesystem: false + +minio_root_username: root +minio_root_password: ~ + +minio_container_name: minio +minio_container_image_name: docker.io/minio/minio +minio_container_image_tag: latest +minio_container_image: "{{ minio_container_image_name }}:{{ minio_container_image_tag }}" +minio_container_networks: [] +minio_container_ports: [] + +minio_container_base_volumes: + - "{{ minio_data_path }}:{{ minio_container_data_path }}:z" +minio_container_extra_volumes: [] + +minio_container_base_env: + MINIO_ROOT_USER: "{{ minio_root_username }}" + MINIO_ROOT_PASSWORD: "{{ minio_root_password }}" +minio_container_extra_env: {} + +minio_container_labels: {} + +minio_container_command: + - "server" + - "{{ minio_container_data_path }}" + - "--console-address \":{{ minio_container_listen_port_console }}\"" +minio_container_restart_policy: "unless-stopped" +minio_container_image_force_source: "{{ (minio_container_image_tag == 'latest')|bool }}" + +minio_container_listen_port_api: 9000 +minio_container_listen_port_console: 8900 + +minio_container_data_path: /storage diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml new file mode 100644 index 0000000..f7dbc80 --- /dev/null +++ b/roles/minio/tasks/main.yml @@ -0,0 +1,37 @@ +--- + +- name: Ensure minio run user is present + user: + name: "{{ minio_user }}" + state: present + system: yes + when: minio_create_user + +- name: Ensure filesystem mounts ({{ minio_data_path }}) for container volumes are present + file: + path: "{{ minio_data_path }}" + state: directory + user: "{{ minio_user|default(omit, True) }}" + group: "{{ minio_user|default(omit, True) }}" + when: minio_manage_host_filesystem + +- name: Ensure container image for minio is present + community.docker.docker_image: + name: "{{ minio_container_image }}" + state: present + source: pull + force_source: "{{ minio_container_image_force_source }}" + +- name: Ensure container {{ minio_container_name }} is running + docker_container: + name: "{{ minio_container_name }}" + image: "{{ minio_container_image }}" + volumes: "{{ minio_container_volumes }}" + env: "{{ minio_container_env }}" + labels: "{{ minio_container_labels }}" + networks: "{{ minio_container_networks }}" + ports: "{{ minio_container_ports }}" + user: "{{ minio_user|default(omit, True) }}" + command: "{{ minio_container_command }}" + restart_policy: "{{ minio_container_restart_policy }}" + state: started diff --git a/roles/minio/vars/main.yml b/roles/minio/vars/main.yml new file mode 100644 index 0000000..96ff72c --- /dev/null +++ b/roles/minio/vars/main.yml @@ -0,0 +1,5 @@ +--- + +minio_container_volumes: "{{ minio_container_base_volumes + minio_container_extra_volumes }}" + +minio_container_env: "{{ minio_container_base_env | combine(minio_container_extra_env) }}"