Fix to the defaults template and the cert names.

2022-05-24 13:24:00 +02:00 · 2022-05-24 13:24:00 +02:00 · 7c45849996
parent 12709f9260
commit 7c45849996
3 changed files with 18 additions and 16 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -3,6 +3,7 @@ minio_baremetal: true
 minio_enabled: true
 minio_binary: 'minio'
 minio_binary_download: 'https://dl.min.io/server/minio/release/linux-amd64/{{ minio_binary }}'
+minio_download_validate_certs: true
 minio_work_dir: /usr/local
 minio_install_dir: '{{ minio_work_dir }}/bin'
 minio_executable: '{{ minio_install_dir }}/{{ minio_binary }}'
@ -17,12 +18,17 @@ minio_server_instances_num: 4
 minio_server_name_prefix: 'minio'
 minio_server_domain_name: 'example.org'
 minio_disk_volumes: 4
+minio_disk_volume_names:
+  - 1
+  - 2
+  - 3
+  - 4
 #
 minio_data_prefix: /storage
 minio_volume_prefix: 'minio'
 minio_volume_subdir: 'data'
 minio_port: 9000
-minio_volumes: 'https://{{ minio_server_name_prefix }}{1...{{ minio_server_instances_num }}}.{{ minio_server_domain_name }}:{{ minio_port }}/{{ minio_data_prefix }}/{{ minio_volume_prefix }}{1...{{ minio_disk_volumes }}}/{{ minio_volume_subdir }}'
+minio_volumes: 'https://{{ minio_server_name_prefix }}{%raw%}{{%endraw%}1...{{ minio_server_instances_num }}{%raw%}}{%endraw%}.{{ minio_server_domain_name }}:{{ minio_port }}/{{ minio_data_prefix }}/{{ minio_volume_prefix }}{%raw%}{{%endraw%}1...{{ minio_disk_volumes }}{%raw%}}{%endraw%}/{{ minio_volume_subdir }}'

 minio_dedicated_console: true
 minio_console_port: 9001
@ -32,8 +38,10 @@ minio_ui_url: 'https://minio-ui-reverse-proxy.example.org'
 minio_over_tls: true
 minio_letsencrypt_certs: true
 minio_tls_certs_dir: /etc/pki/minio
-minio_tls_cert_file: '{{ minio_tls_certs_dir }}/fullchain'
-minio_tls_key_file: '{{ minio_tls_certs_dir }}/privkey'
+# The certificate and private key file names
+# must be *exactly* the ones used here.
+minio_tls_cert_file: '{{ minio_tls_certs_dir }}/public.crt'
+minio_tls_key_file: '{{ minio_tls_certs_dir }}/private.key'
 minio_root_user: minio_adm
 # minio_root_password: 'Use a vault'
 minio_storage_class_standard: 4
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -24,17 +24,18 @@

    - name: Change the ownership of the minio data disks
      file:
-        dest: '{{ minio_data_prefix }}/{{ minio_volume_prefix }}_{{ item }}'
+        dest: '{{ minio_data_prefix }}/{{ minio_volume_prefix }}{{ item }}/{{ minio_volume_subdir }}'
        state: directory
        owner: '{{ minio_username }}'
        group: '{{ minio_username }}'
        mode: 0700
-      loop: '{{ minio_disk_volumes }}'
+      loop: '{{ minio_disk_volume_names }}'

    - name: Download the minio binary
      get_url:
        url: '{{ minio_binary_download }}'
        dest: '{{ minio_executable }}'
+        validate_certs: '{{ minio_download_validate_certs }}'
        owner: root
        group: root
        mode: 0755
@ -52,7 +53,7 @@

    - name: Create the minio certificate directory
      file:
-        dest: '{{ minio_tls_certs_dir }}'
+        dest: '{{ minio_tls_certs_dir }}/CAs'
        state: directory
        owner: root
        group: '{{ minio_username }}'
@ -81,7 +82,7 @@
    - name: Copy the CA trust file on deb systems
      copy:
        src: '/etc/ssl/certs/ca-certificates.crt'
-        dest: '{{ minio_tls_certs_dir }}/ca-certificates.crt'
+        dest: '{{ minio_tls_certs_dir }}/CAs/ca-certificates.crt'
        owner: root
        group: '{{ minio_username }}'
        mode: 0640
@ -92,7 +93,7 @@
    - name: Copy the CA trust file on EL systems
      copy:
        src: '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem'
-        dest: '{{ minio_tls_certs_dir }}/ca-certificates.crt'
+        dest: '{{ minio_tls_certs_dir }}/CAs/ca-certificates.crt'
        owner: root
        group: '{{ minio_username }}'
        mode: 0640
--- a/templates/minio.default.j2
+++ b/templates/minio.default.j2
@ -1,12 +1,5 @@
 # See https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#environment-variables
 # Set the hosts and volumes MinIO uses at startup
-# The command uses MinIO expansion notation {x...y} to denote a
-# sequential series.
-#
-# The following example covers four MinIO hosts
-# with 4 drives each at the specified hostname and drive locations.
-# The command includes the port that each MinIO server listens on
-# (default 9000)

 MINIO_VOLUMES="{{ minio_volumes }}"

@ -16,7 +9,7 @@ MINIO_VOLUMES="{{ minio_volumes }}"
 # port 9001 on all network interfaces. The default behavior is dynamic
 # port selection.

-MINIO_OPTS="{% if minio_dedicated_console }}--console-address :{{ minio_console_port }}{% endif %} --certs-dir {{ minio_tls_certs_dir }}"
+MINIO_OPTS="{% if minio_dedicated_console %}--console-address :{{ minio_console_port }}{% endif %} --certs-dir {{ minio_tls_certs_dir }}"

 # Set the root username. This user has unrestricted permissions to
 # perform S3 and administrative API operations on any resource in the