InfraScience
/
ansible-role-minio
24
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix to the defaults template and the cert names.

This commit is contained in:
Andrea Dell'Amico 2022-05-24 13:24:00 +02:00
parent 12709f9260
commit 7c45849996
Signed by: andrea.dellamico
GPG Key ID: 147ABE6CEB9E20FF
3 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
defaults/main.yml
View File

@ -3,6 +3,7 @@ minio_baremetal: true
minio_enabled: true minio_enabled: true
minio_binary: 'minio' minio_binary: 'minio'
minio_binary_download: 'https://dl.min.io/server/minio/release/linux-amd64/{{ minio_binary }}' minio_binary_download: 'https://dl.min.io/server/minio/release/linux-amd64/{{ minio_binary }}'
minio_download_validate_certs: true
minio_work_dir: /usr/local minio_work_dir: /usr/local
minio_install_dir: '{{ minio_work_dir }}/bin' minio_install_dir: '{{ minio_work_dir }}/bin'
minio_executable: '{{ minio_install_dir }}/{{ minio_binary }}' minio_executable: '{{ minio_install_dir }}/{{ minio_binary }}'
@ -17,12 +18,17 @@ minio_server_instances_num: 4
minio_server_name_prefix: 'minio' minio_server_name_prefix: 'minio'
minio_server_domain_name: 'example.org' minio_server_domain_name: 'example.org'
minio_disk_volumes: 4 minio_disk_volumes: 4
minio_disk_volume_names:
- 1
- 2
- 3
- 4
# #
minio_data_prefix: /storage minio_data_prefix: /storage
minio_volume_prefix: 'minio' minio_volume_prefix: 'minio'
minio_volume_subdir: 'data' minio_volume_subdir: 'data'
minio_port: 9000 minio_port: 9000
minio_volumes: 'https://{{ minio_server_name_prefix }}{1...{{ minio_server_instances_num }}}.{{ minio_server_domain_name }}:{{ minio_port }}/{{ minio_data_prefix }}/{{ minio_volume_prefix }}{1...{{ minio_disk_volumes }}}/{{ minio_volume_subdir }}' minio_volumes: 'https://{{ minio_server_name_prefix }}{%raw%}{{%endraw%}1...{{ minio_server_instances_num }}{%raw%}}{%endraw%}.{{ minio_server_domain_name }}:{{ minio_port }}/{{ minio_data_prefix }}/{{ minio_volume_prefix }}{%raw%}{{%endraw%}1...{{ minio_disk_volumes }}{%raw%}}{%endraw%}/{{ minio_volume_subdir }}'
minio_dedicated_console: true minio_dedicated_console: true
minio_console_port: 9001 minio_console_port: 9001
@ -32,8 +38,10 @@ minio_ui_url: 'https://minio-ui-reverse-proxy.example.org'
minio_over_tls: true minio_over_tls: true
minio_letsencrypt_certs: true minio_letsencrypt_certs: true
minio_tls_certs_dir: /etc/pki/minio minio_tls_certs_dir: /etc/pki/minio
minio_tls_cert_file: '{{ minio_tls_certs_dir }}/fullchain' # The certificate and private key file names
minio_tls_key_file: '{{ minio_tls_certs_dir }}/privkey' # must be *exactly* the ones used here.
minio_tls_cert_file: '{{ minio_tls_certs_dir }}/public.crt'
minio_tls_key_file: '{{ minio_tls_certs_dir }}/private.key'
minio_root_user: minio_adm minio_root_user: minio_adm
# minio_root_password: 'Use a vault' # minio_root_password: 'Use a vault'
minio_storage_class_standard: 4 minio_storage_class_standard: 4

11
tasks/main.yml
View File

@ -24,17 +24,18 @@
- name: Change the ownership of the minio data disks - name: Change the ownership of the minio data disks
file: file:
dest: '{{ minio_data_prefix }}/{{ minio_volume_prefix }}_{{ item }}' dest: '{{ minio_data_prefix }}/{{ minio_volume_prefix }}{{ item }}/{{ minio_volume_subdir }}'
state: directory state: directory
owner: '{{ minio_username }}' owner: '{{ minio_username }}'
group: '{{ minio_username }}' group: '{{ minio_username }}'
mode: 0700 mode: 0700
loop: '{{ minio_disk_volumes }}' loop: '{{ minio_disk_volume_names }}'
- name: Download the minio binary - name: Download the minio binary
get_url: get_url:
url: '{{ minio_binary_download }}' url: '{{ minio_binary_download }}'
dest: '{{ minio_executable }}' dest: '{{ minio_executable }}'
validate_certs: '{{ minio_download_validate_certs }}'
owner: root owner: root
group: root group: root
mode: 0755 mode: 0755
@ -52,7 +53,7 @@
- name: Create the minio certificate directory - name: Create the minio certificate directory
file: file:
dest: '{{ minio_tls_certs_dir }}' dest: '{{ minio_tls_certs_dir }}/CAs'
state: directory state: directory
owner: root owner: root
group: '{{ minio_username }}' group: '{{ minio_username }}'
@ -81,7 +82,7 @@
- name: Copy the CA trust file on deb systems - name: Copy the CA trust file on deb systems
copy: copy:
src: '/etc/ssl/certs/ca-certificates.crt' src: '/etc/ssl/certs/ca-certificates.crt'
dest: '{{ minio_tls_certs_dir }}/ca-certificates.crt' dest: '{{ minio_tls_certs_dir }}/CAs/ca-certificates.crt'
owner: root owner: root
group: '{{ minio_username }}' group: '{{ minio_username }}'
mode: 0640 mode: 0640
@ -92,7 +93,7 @@
- name: Copy the CA trust file on EL systems - name: Copy the CA trust file on EL systems
copy: copy:
src: '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem' src: '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem'
dest: '{{ minio_tls_certs_dir }}/ca-certificates.crt' dest: '{{ minio_tls_certs_dir }}/CAs/ca-certificates.crt'
owner: root owner: root
group: '{{ minio_username }}' group: '{{ minio_username }}'
mode: 0640 mode: 0640

9
templates/minio.default.j2
View File

@ -1,12 +1,5 @@
# See https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#environment-variables # See https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#environment-variables
# Set the hosts and volumes MinIO uses at startup # Set the hosts and volumes MinIO uses at startup
# The command uses MinIO expansion notation {x...y} to denote a
# sequential series.
#
# The following example covers four MinIO hosts
# with 4 drives each at the specified hostname and drive locations.
# The command includes the port that each MinIO server listens on
# (default 9000)
MINIO_VOLUMES="{{ minio_volumes }}" MINIO_VOLUMES="{{ minio_volumes }}"
@ -16,7 +9,7 @@ MINIO_VOLUMES="{{ minio_volumes }}"
# port 9001 on all network interfaces. The default behavior is dynamic # port 9001 on all network interfaces. The default behavior is dynamic
# port selection. # port selection.
MINIO_OPTS="{% if minio_dedicated_console }}--console-address :{{ minio_console_port }}{% endif %} --certs-dir {{ minio_tls_certs_dir }}" MINIO_OPTS="{% if minio_dedicated_console %}--console-address :{{ minio_console_port }}{% endif %} --certs-dir {{ minio_tls_certs_dir }}"
# Set the root username. This user has unrestricted permissions to # Set the root username. This user has unrestricted permissions to
# perform S3 and administrative API operations on any resource in the # perform S3 and administrative API operations on any resource in the