--- - name: Manage the installation of a baremetal distributed MinIO block: - name: Create the minio-user username user: name: '{{ minio_username }}' home: '{{ minio_user_home }}' createhome: true shell: /usr/sbin/nologin system: true - name: Ensure that /etc/default exists file: dest: /etc/default state: directory - name: Install the configuration file template: src: minio.default.j2 dest: /etc/default/minio owner: '{{ minio_username }}' group: '{{ minio_username }}' mode: 0440 notify: Restart minio tags: ['minio', 'minio_baremetal', 'minio_conf'] - name: Change the ownership of the minio data disks file: dest: '{{ minio_data_prefix }}/{{ minio_volume_prefix }}{{ item }}/{{ minio_volume_subdir }}' state: directory owner: '{{ minio_username }}' group: '{{ minio_username }}' mode: 0700 loop: '{{ minio_disk_volume_names }}' - name: Download the minio binary get_url: url: '{{ minio_binary_download }}' dest: '{{ minio_executable }}' validate_certs: '{{ minio_download_validate_certs }}' force: '{{ minio_upgrade_executable }}' owner: root group: root mode: 0755 notify: Restart minio tags: ['minio', 'minio_baremetal', 'minio_binary_file'] tags: ['minio', 'minio_baremetal'] - name: TLS certificates management with Letsencrypt block: - name: Create the acme hooks directory if it does not yet exist file: dest: '{{ letsencrypt_acme_services_scripts_dir }}' state: directory owner: root group: root - name: Create the minio certificate directory file: dest: '{{ minio_tls_certs_dir }}/CAs' state: directory owner: root group: '{{ minio_username }}' mode: 0750 - name: Copy the key file where minio expects it copy: src: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey' dest: '{{ minio_tls_key_file }}' owner: root group: '{{ minio_username }}' mode: 0640 remote_src: true notify: Restart minio - name: Copy the certificate file where minio expects it copy: src: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain' dest: '{{ minio_tls_cert_file }}' owner: root group: '{{ minio_username }}' mode: 0640 remote_src: true notify: Restart minio - name: Copy the CA trust file on deb systems copy: src: '/etc/ssl/certs/ca-certificates.crt' dest: '{{ minio_tls_certs_dir }}/CAs/ca-certificates.crt' owner: root group: '{{ minio_username }}' mode: 0640 remote_src: true notify: Restart minio when: ansible_distribution_file_variety == "Debian" - name: Copy the CA trust file on EL systems copy: src: '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem' dest: '{{ minio_tls_certs_dir }}/CAs/ca-certificates.crt' owner: root group: '{{ minio_username }}' mode: 0640 remote_src: true notify: Restart minio when: ansible_distribution_file_variety == "RedHat" - name: Install a script that updates the certificates upon renewal template: src: minio-letsencrypt-hook.j2 dest: '{{ letsencrypt_acme_services_scripts_dir }}/minio' owner: root group: root mode: 4555 when: - minio_letsencrypt_certs - letsencrypt_acme_install tags: ['minio', 'minio_baremetal', 'minio_letsencrypt'] - name: minio service block: - name: Install the minio systemd unit template: src: minio.conf.upstart.j2 dest: /etc/init/minio.conf owner: root group: root mode: 0644 when: ansible_service_mgr != 'systemd' notify: Restart minio - name: Install the minio systemd unit template: src: minio.service.j2 dest: /etc/systemd/system/minio.service owner: root group: root mode: 0644 register: minio_unit_update when: ansible_service_mgr == 'systemd' notify: Restart minio - name: Reload systemd systemd: daemon_reload: true when: minio_unit_update is changed - name: Ensure that minio is running and enabled service: name: minio state: started enabled: true when: minio_enabled - name: Ensure that minio is stopped and disabled service: name: minio state: stopped enabled: false when: not minio_enabled tags: ['minio', 'minio_baremetal', 'minio_letsencrypt']