From 6e3b07204bec5d036d9b7939123b794d141ff3de Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Sat, 28 May 2022 14:46:08 +0200
Subject: [PATCH] Remote the docker compose file. Fix the Readme.

---
 README.md                             | 87 +++++++++++++++++----------
 meta/main.yml                         | 11 ++--
 templates/minio-docker-compose.yml.j2 | 65 --------------------
 3 files changed, 62 insertions(+), 101 deletions(-)
 delete mode 100644 templates/minio-docker-compose.yml.j2

diff --git a/README.md b/README.md
index 613b7b9..2dfd925 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,9 @@
 Role Name
 =========
 
-A role that installs min.io as a Docker Swarm stack, <https://min.io/>
+A role that installs min.io, <https://min.io/>.
+The supported installation mode is *baremetal* and *distributed*.
+minio is not installed from a package, but the binary is downloaded and placed into `/usr/local/bin`.
 
 Role Variables
 --------------
@@ -9,48 +11,69 @@ Role Variables
 The most important variables are listed below:
 
 ``` yaml
-minio_compose_dir: '/srv/minio_stack'
-minio_docker_stack_name: 'minio'
+minio_baremetal: true
+minio_enabled: true
+minio_binary: 'minio'
+minio_binary_download: 'https://dl.min.io/server/minio/release/linux-amd64/{{ minio_binary }}'
+minio_download_validate_certs: true
+minio_work_dir: /usr/local
+minio_install_dir: '{{ minio_work_dir }}/bin'
+minio_executable: '{{ minio_install_dir }}/{{ minio_binary }}'
+minio_username: 'minio-user'
+minio_user_home: '/srv/{{ minio_username }}'
 minio_access_key: 'use a vault'
 minio_secret_key: 'use a vault'
 minio_secrets:
-  - { name: minio_access_key, data: '{{ minio_access_key }}' }
-  - { name: minio_secret_key, data: '{{ minio_secret_key }}' }
-minio_docker_service_server_name: 'minio'
-minio_docker_server_image: 'quay.io/minio/minio'
-minio_docker_network: 'distributed'
-minio_docker_swarm_dnsrr: True
-minio_server_instances:
+  - {name: minio_access_key, data: '{{ minio_access_key }}'}
+  - {name: minio_secret_key, data: '{{ minio_secret_key }}'}
+minio_server_instances_num: 4
+minio_server_name_prefix: 'minio'
+minio_server_domain_name: 'example.org'
+minio_disk_volumes: 4
+minio_disk_volume_names:
   - 1
   - 2
   - 3
   - 4
-  - 5
-  - 6
-  - 7
-  - 8
 
+minio_data_prefix: /storage
+minio_volume_prefix: 'minio'
+minio_volume_subdir: 'data'
+minio_port: 9000
+minio_volumes: 'https://{{ minio_server_name_prefix }}{%raw%}{{%endraw%}1...{{ minio_server_instances_num }}{%raw%}}{%endraw%}.{{ minio_server_domain_name }}:{{ minio_port }}{{ minio_data_prefix }}/{{ minio_volume_prefix }}{%raw%}{{%endraw%}1...{{ minio_disk_volumes }}{%raw%}}{%endraw%}/{{ minio_volume_subdir }}'
+
+minio_dedicated_console: true
+minio_console_port: 9001
+minio_behind_haproxy: true
+minio_server_url: 'https://minio-reverse-proxy.example.org'
+minio_ui_url: 'https://minio-ui-reverse-proxy.example.org'
+minio_over_tls: true
+minio_letsencrypt_certs: true
+minio_tls_certs_dir: /etc/pki/minio
+# The certificate and private key file names
+# must be *exactly* the ones used here.
+minio_tls_cert_file: '{{ minio_tls_certs_dir }}/public.crt'
+minio_tls_key_file: '{{ minio_tls_certs_dir }}/private.key'
+minio_root_user: minio_adm
+# minio_root_password: 'Use a vault'
+minio_storage_class_standard: 4
+minio_storage_class_rrs: 2
 #
-minio_data_prefix: /minio
-minio_volume_prefix: /min_io
-minio_disk_volumes:
-  - 3
-  - 4
-minio_behind_haproxy: True
-minio_haproxy_public_net: 'haproxy-public'
-# 
-minio_keylocak_auth_url: http://localhost:8080/auth/
-#minio_keycloak_client_secret: 'use a vault'
-minio_keycloak_realm: 'realm'
-minio_keycloak_client_name: 'minio_client_name'
-minio_keycloak_client_id: 'minio_client_id'
+minio_prometheus_url: 'https://prometheus.localhost'
+minio_prometheus_jobid: 'minio-job'
+minio_prometheus_auth_type: public
+minio_external_oidc: false
+minio_openid_config_url: http://localhost:8080/auth/
+minio_openid_realm: 'realm'
+minio_openid_client_id: 'minio_client_id'
+# minio_openid_client_secret: 'use a vault'
+minio_openid_claim_name: 'policy'
+minio_openid_set_claim_prefix: false
+minio_openid_claim_prefix: 'minio_'
+minio_openid_scopes: ''
+minio_openid_redirect_uri: '{{ minio_ui_url }}/oauth_callback'
 ```
 
-Dependencies
-------------
-
-* Docker Swarm
-
 License
 -------
 
diff --git a/meta/main.yml b/meta/main.yml
index 83f1706..c43b4eb 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,13 +1,14 @@
+---
 galaxy_info:
   author: Andrea Dell'Amico
   description: Systems Architect
   company: ISTI-CNR
 
-  issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
+  issue_tracker_url: https://support.d4science.org
 
   license: EUPL 1.2+
 
-  min_ansible_version: 2.8
+  min_ansible_version: 2.9
 
   # To view available platforms and versions (or releases), visit:
   # https://galaxy.ansible.com/api/v1/platforms/
@@ -16,12 +17,14 @@ galaxy_info:
     - name: Ubuntu
       versions:
         - bionic
+        - focal
+        - jammy
     - name: EL
       versions:
-        - 7
         - 8
 
   galaxy_tags:
-    - users
+    - s3
+    - storage
 
 dependencies: []
diff --git a/templates/minio-docker-compose.yml.j2 b/templates/minio-docker-compose.yml.j2
deleted file mode 100644
index 1d953dd..0000000
--- a/templates/minio-docker-compose.yml.j2
+++ /dev/null
@@ -1,65 +0,0 @@
-version: '3.7'
-
-networks:
-  {{ minio_docker_network }}:
-{% if minio_behind_haproxy %}
-  haproxy-public:
-    external: true
-{% endif %}
-
-secrets:
-  minio_secret_key:
-    external: true
-  minio_access_key:
-    external: true
-
-services:
-{% for i in minio_server_instances %}
-  {{ minio_docker_service_server_name }}{{ i }}:
-    hostname: {{ minio_docker_service_server_name }}{{ i }}
-    image: {{ minio_docker_server_image }}
-    command: server --console-address ":9001" http://{{ minio_docker_service_server_name }}{1...8}/{{ minio_data_prefix }}{3...4}
-{% if not minio_docker_swarm_dnsrr %}
-    ports:
-      - 9000
-{% endif %}
-    networks:
-      - {{ minio_docker_network }}
-{% if minio_behind_haproxy %}
-      - haproxy-public
-{% endif %}
-    environment:
-      MINIO_ROOT_USER_FILE: {{minio_access_key}}
-      MINIO_ROOT_PASSWORD_FILE: {{minio_secret_key}}
-    secrets:
-      - minio_access_key
-      - minio_secret_key
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
-      interval: 30s
-      timeout: 20s
-      retries: 5
-    volumes:
-    {% for vol in minio_disk_volumes %}
-      - {{ minio_volume_prefix }}/{{ vol }}:{{ minio_data_prefix }}{{ vol }}
-    {% endfor %}
-
-    deploy:
-      mode: replicated
-      replicas: 1
-{% if minio_docker_swarm_dnsrr %}
-      endpoint_mode: dnsrr
-{% endif %}
-      placement:
-        constraints:
-          - node.role == worker
-          - node.labels.minio == minio{{ i }}
-      restart_policy:
-        condition: on-failure
-        delay: 5s
-        max_attempts: 20
-        window: 120s
-    logging:
-      driver: 'journald'
-{% endfor %}
-