Remote the docker compose file. Fix the Readme.

This commit is contained in:
Andrea Dell'Amico 2022-05-28 14:46:08 +02:00
parent e720e52461
commit 6e3b07204b
Signed by: andrea.dellamico
GPG Key ID: 147ABE6CEB9E20FF
3 changed files with 62 additions and 101 deletions

View File

@ -1,7 +1,9 @@
Role Name Role Name
========= =========
A role that installs min.io as a Docker Swarm stack, <https://min.io/> A role that installs min.io, <https://min.io/>.
The supported installation mode is *baremetal* and *distributed*.
minio is not installed from a package, but the binary is downloaded and placed into `/usr/local/bin`.
Role Variables Role Variables
-------------- --------------
@ -9,48 +11,69 @@ Role Variables
The most important variables are listed below: The most important variables are listed below:
``` yaml ``` yaml
minio_compose_dir: '/srv/minio_stack' minio_baremetal: true
minio_docker_stack_name: 'minio' minio_enabled: true
minio_binary: 'minio'
minio_binary_download: 'https://dl.min.io/server/minio/release/linux-amd64/{{ minio_binary }}'
minio_download_validate_certs: true
minio_work_dir: /usr/local
minio_install_dir: '{{ minio_work_dir }}/bin'
minio_executable: '{{ minio_install_dir }}/{{ minio_binary }}'
minio_username: 'minio-user'
minio_user_home: '/srv/{{ minio_username }}'
minio_access_key: 'use a vault' minio_access_key: 'use a vault'
minio_secret_key: 'use a vault' minio_secret_key: 'use a vault'
minio_secrets: minio_secrets:
- { name: minio_access_key, data: '{{ minio_access_key }}' } - {name: minio_access_key, data: '{{ minio_access_key }}'}
- { name: minio_secret_key, data: '{{ minio_secret_key }}' } - {name: minio_secret_key, data: '{{ minio_secret_key }}'}
minio_docker_service_server_name: 'minio' minio_server_instances_num: 4
minio_docker_server_image: 'quay.io/minio/minio' minio_server_name_prefix: 'minio'
minio_docker_network: 'distributed' minio_server_domain_name: 'example.org'
minio_docker_swarm_dnsrr: True minio_disk_volumes: 4
minio_server_instances: minio_disk_volume_names:
- 1 - 1
- 2 - 2
- 3 - 3
- 4 - 4
- 5
- 6
- 7
- 8
minio_data_prefix: /storage
minio_volume_prefix: 'minio'
minio_volume_subdir: 'data'
minio_port: 9000
minio_volumes: 'https://{{ minio_server_name_prefix }}{%raw%}{{%endraw%}1...{{ minio_server_instances_num }}{%raw%}}{%endraw%}.{{ minio_server_domain_name }}:{{ minio_port }}{{ minio_data_prefix }}/{{ minio_volume_prefix }}{%raw%}{{%endraw%}1...{{ minio_disk_volumes }}{%raw%}}{%endraw%}/{{ minio_volume_subdir }}'
minio_dedicated_console: true
minio_console_port: 9001
minio_behind_haproxy: true
minio_server_url: 'https://minio-reverse-proxy.example.org'
minio_ui_url: 'https://minio-ui-reverse-proxy.example.org'
minio_over_tls: true
minio_letsencrypt_certs: true
minio_tls_certs_dir: /etc/pki/minio
# The certificate and private key file names
# must be *exactly* the ones used here.
minio_tls_cert_file: '{{ minio_tls_certs_dir }}/public.crt'
minio_tls_key_file: '{{ minio_tls_certs_dir }}/private.key'
minio_root_user: minio_adm
# minio_root_password: 'Use a vault'
minio_storage_class_standard: 4
minio_storage_class_rrs: 2
# #
minio_data_prefix: /minio minio_prometheus_url: 'https://prometheus.localhost'
minio_volume_prefix: /min_io minio_prometheus_jobid: 'minio-job'
minio_disk_volumes: minio_prometheus_auth_type: public
- 3 minio_external_oidc: false
- 4 minio_openid_config_url: http://localhost:8080/auth/
minio_behind_haproxy: True minio_openid_realm: 'realm'
minio_haproxy_public_net: 'haproxy-public' minio_openid_client_id: 'minio_client_id'
# # minio_openid_client_secret: 'use a vault'
minio_keylocak_auth_url: http://localhost:8080/auth/ minio_openid_claim_name: 'policy'
#minio_keycloak_client_secret: 'use a vault' minio_openid_set_claim_prefix: false
minio_keycloak_realm: 'realm' minio_openid_claim_prefix: 'minio_'
minio_keycloak_client_name: 'minio_client_name' minio_openid_scopes: ''
minio_keycloak_client_id: 'minio_client_id' minio_openid_redirect_uri: '{{ minio_ui_url }}/oauth_callback'
``` ```
Dependencies
------------
* Docker Swarm
License License
------- -------

View File

@ -1,13 +1,14 @@
---
galaxy_info: galaxy_info:
author: Andrea Dell'Amico author: Andrea Dell'Amico
description: Systems Architect description: Systems Architect
company: ISTI-CNR company: ISTI-CNR
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning issue_tracker_url: https://support.d4science.org
license: EUPL 1.2+ license: EUPL 1.2+
min_ansible_version: 2.8 min_ansible_version: 2.9
# To view available platforms and versions (or releases), visit: # To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/ # https://galaxy.ansible.com/api/v1/platforms/
@ -16,12 +17,14 @@ galaxy_info:
- name: Ubuntu - name: Ubuntu
versions: versions:
- bionic - bionic
- focal
- jammy
- name: EL - name: EL
versions: versions:
- 7
- 8 - 8
galaxy_tags: galaxy_tags:
- users - s3
- storage
dependencies: [] dependencies: []

View File

@ -1,65 +0,0 @@
version: '3.7'
networks:
{{ minio_docker_network }}:
{% if minio_behind_haproxy %}
haproxy-public:
external: true
{% endif %}
secrets:
minio_secret_key:
external: true
minio_access_key:
external: true
services:
{% for i in minio_server_instances %}
{{ minio_docker_service_server_name }}{{ i }}:
hostname: {{ minio_docker_service_server_name }}{{ i }}
image: {{ minio_docker_server_image }}
command: server --console-address ":9001" http://{{ minio_docker_service_server_name }}{1...8}/{{ minio_data_prefix }}{3...4}
{% if not minio_docker_swarm_dnsrr %}
ports:
- 9000
{% endif %}
networks:
- {{ minio_docker_network }}
{% if minio_behind_haproxy %}
- haproxy-public
{% endif %}
environment:
MINIO_ROOT_USER_FILE: {{minio_access_key}}
MINIO_ROOT_PASSWORD_FILE: {{minio_secret_key}}
secrets:
- minio_access_key
- minio_secret_key
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 5
volumes:
{% for vol in minio_disk_volumes %}
- {{ minio_volume_prefix }}/{{ vol }}:{{ minio_data_prefix }}{{ vol }}
{% endfor %}
deploy:
mode: replicated
replicas: 1
{% if minio_docker_swarm_dnsrr %}
endpoint_mode: dnsrr
{% endif %}
placement:
constraints:
- node.role == worker
- node.labels.minio == minio{{ i }}
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 120s
logging:
driver: 'journald'
{% endfor %}