InfraScience
/
ansible-role-minio
24
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ansible-role-minio/tasks/main.yml

163 lines
4.6 KiB
YAML
Raw Blame History

---
- name: Manage the installation of a baremetal distributed MinIO
block:
- name: Create the minio-user username
user:
name: '{{ minio_username }}'
home: '{{ minio_user_home }}'
createhome: true
shell: /usr/sbin/nologin
system: true
- name: Ensure that /etc/default exists
file:
dest: /etc/default
state: directory
- name: Install the configuration file
template:
src: minio.default.j2
dest: /etc/default/minio
owner: '{{ minio_username }}'
group: '{{ minio_username }}'
mode: 0440
notify: Restart minio
tags: ['minio', 'minio_baremetal', 'minio_conf']
- name: Change the ownership of the minio data disks
file:
dest: '{{ minio_data_prefix }}/{{ minio_volume_prefix }}{{ item }}/{{ minio_volume_subdir }}'
state: directory
owner: '{{ minio_username }}'
group: '{{ minio_username }}'
mode: 0700
loop: '{{ minio_disk_volume_names }}'
- name: Download the minio binary
get_url:
url: '{{ minio_binary_download }}'
dest: '{{ minio_executable }}'
validate_certs: '{{ minio_download_validate_certs }}'
force: '{{ minio_upgrade_executable }}'
owner: root
group: root
mode: 0755
tags: ['minio', 'minio_baremetal']
- name: TLS certificates management with Letsencrypt
block:
- name: Create the acme hooks directory if it does not yet exist
file:
dest: '{{ letsencrypt_acme_services_scripts_dir }}'
state: directory
owner: root
group: root
- name: Create the minio certificate directory
file:
dest: '{{ minio_tls_certs_dir }}/CAs'
state: directory
owner: root
group: '{{ minio_username }}'
mode: 0750
- name: Copy the key file where minio expects it
copy:
src: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey'
dest: '{{ minio_tls_key_file }}'
owner: root
group: '{{ minio_username }}'
mode: 0640
remote_src: true
notify: Restart minio
- name: Copy the certificate file where minio expects it
copy:
src: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain'
dest: '{{ minio_tls_cert_file }}'
owner: root
group: '{{ minio_username }}'
mode: 0640
remote_src: true
notify: Restart minio
- name: Copy the CA trust file on deb systems
copy:
src: '/etc/ssl/certs/ca-certificates.crt'
dest: '{{ minio_tls_certs_dir }}/CAs/ca-certificates.crt'
owner: root
group: '{{ minio_username }}'
mode: 0640
remote_src: true
notify: Restart minio
when: ansible_distribution_file_variety == "Debian"
- name: Copy the CA trust file on EL systems
copy:
src: '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem'
dest: '{{ minio_tls_certs_dir }}/CAs/ca-certificates.crt'
owner: root
group: '{{ minio_username }}'
mode: 0640
remote_src: true
notify: Restart minio
when: ansible_distribution_file_variety == "RedHat"
- name: Install a script that updates the certificates upon renewal
template:
src: minio-letsencrypt-hook.j2
dest: '{{ letsencrypt_acme_services_scripts_dir }}/minio'
owner: root
group: root
mode: 4555
when:
- minio_letsencrypt_certs
- letsencrypt_acme_install
tags: ['minio', 'minio_baremetal', 'minio_letsencrypt']
- name: minio service
block:
- name: Install the minio systemd unit
template:
src: minio.conf.upstart.j2
dest: /etc/init/minio.conf
owner: root
group: root
mode: 0644
when: ansible_service_mgr != 'systemd'
notify: Restart minio
- name: Install the minio systemd unit
template:
src: minio.service.j2
dest: /etc/systemd/system/minio.service
owner: root
group: root
mode: 0644
register: minio_unit_update
when: ansible_service_mgr == 'systemd'
notify: Restart minio
- name: Reload systemd
systemd:
daemon_reload: true
when: minio_unit_update is changed
- name: Ensure that minio is running and enabled
service:
name: minio
state: started
enabled: true
when: minio_enabled
- name: Ensure that minio is stopped and disabled
service:
name: minio
state: stopped
enabled: false
when: not minio_enabled
tags: ['minio', 'minio_baremetal', 'minio_letsencrypt']
View Git Blame Copy Permalink