163 lines
4.6 KiB
YAML
163 lines
4.6 KiB
YAML
---
|
|
- name: Manage the installation of a baremetal distributed MinIO
|
|
block:
|
|
- name: Create the minio-user username
|
|
user:
|
|
name: '{{ minio_username }}'
|
|
home: '{{ minio_user_home }}'
|
|
createhome: true
|
|
shell: /usr/sbin/nologin
|
|
system: true
|
|
|
|
- name: Ensure that /etc/default exists
|
|
file:
|
|
dest: /etc/default
|
|
state: directory
|
|
|
|
- name: Install the configuration file
|
|
template:
|
|
src: minio.default.j2
|
|
dest: /etc/default/minio
|
|
owner: '{{ minio_username }}'
|
|
group: '{{ minio_username }}'
|
|
mode: 0440
|
|
notify: Restart minio
|
|
tags: ['minio', 'minio_baremetal', 'minio_conf']
|
|
|
|
- name: Change the ownership of the minio data disks
|
|
file:
|
|
dest: '{{ minio_data_prefix }}/{{ minio_volume_prefix }}{{ item }}/{{ minio_volume_subdir }}'
|
|
state: directory
|
|
owner: '{{ minio_username }}'
|
|
group: '{{ minio_username }}'
|
|
mode: 0700
|
|
loop: '{{ minio_disk_volume_names }}'
|
|
|
|
- name: Download the minio binary
|
|
get_url:
|
|
url: '{{ minio_binary_download }}'
|
|
dest: '{{ minio_executable }}'
|
|
validate_certs: '{{ minio_download_validate_certs }}'
|
|
force: '{{ minio_upgrade_executable }}'
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
tags: ['minio', 'minio_baremetal']
|
|
|
|
- name: TLS certificates management with Letsencrypt
|
|
block:
|
|
- name: Create the acme hooks directory if it does not yet exist
|
|
file:
|
|
dest: '{{ letsencrypt_acme_services_scripts_dir }}'
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Create the minio certificate directory
|
|
file:
|
|
dest: '{{ minio_tls_certs_dir }}/CAs'
|
|
state: directory
|
|
owner: root
|
|
group: '{{ minio_username }}'
|
|
mode: 0750
|
|
|
|
- name: Copy the key file where minio expects it
|
|
copy:
|
|
src: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey'
|
|
dest: '{{ minio_tls_key_file }}'
|
|
owner: root
|
|
group: '{{ minio_username }}'
|
|
mode: 0640
|
|
remote_src: true
|
|
notify: Restart minio
|
|
|
|
- name: Copy the certificate file where minio expects it
|
|
copy:
|
|
src: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain'
|
|
dest: '{{ minio_tls_cert_file }}'
|
|
owner: root
|
|
group: '{{ minio_username }}'
|
|
mode: 0640
|
|
remote_src: true
|
|
notify: Restart minio
|
|
|
|
- name: Copy the CA trust file on deb systems
|
|
copy:
|
|
src: '/etc/ssl/certs/ca-certificates.crt'
|
|
dest: '{{ minio_tls_certs_dir }}/CAs/ca-certificates.crt'
|
|
owner: root
|
|
group: '{{ minio_username }}'
|
|
mode: 0640
|
|
remote_src: true
|
|
notify: Restart minio
|
|
when: ansible_distribution_file_variety == "Debian"
|
|
|
|
- name: Copy the CA trust file on EL systems
|
|
copy:
|
|
src: '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem'
|
|
dest: '{{ minio_tls_certs_dir }}/CAs/ca-certificates.crt'
|
|
owner: root
|
|
group: '{{ minio_username }}'
|
|
mode: 0640
|
|
remote_src: true
|
|
notify: Restart minio
|
|
when: ansible_distribution_file_variety == "RedHat"
|
|
|
|
- name: Install a script that updates the certificates upon renewal
|
|
template:
|
|
src: minio-letsencrypt-hook.j2
|
|
dest: '{{ letsencrypt_acme_services_scripts_dir }}/minio'
|
|
owner: root
|
|
group: root
|
|
mode: 4555
|
|
|
|
when:
|
|
- minio_letsencrypt_certs
|
|
- letsencrypt_acme_install
|
|
tags: ['minio', 'minio_baremetal', 'minio_letsencrypt']
|
|
|
|
- name: minio service
|
|
block:
|
|
- name: Install the minio systemd unit
|
|
template:
|
|
src: minio.conf.upstart.j2
|
|
dest: /etc/init/minio.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: ansible_service_mgr != 'systemd'
|
|
notify: Restart minio
|
|
|
|
- name: Install the minio systemd unit
|
|
template:
|
|
src: minio.service.j2
|
|
dest: /etc/systemd/system/minio.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
register: minio_unit_update
|
|
when: ansible_service_mgr == 'systemd'
|
|
notify: Restart minio
|
|
|
|
- name: Reload systemd
|
|
systemd:
|
|
daemon_reload: true
|
|
when: minio_unit_update is changed
|
|
|
|
- name: Ensure that minio is running and enabled
|
|
service:
|
|
name: minio
|
|
state: started
|
|
enabled: true
|
|
when: minio_enabled
|
|
|
|
- name: Ensure that minio is stopped and disabled
|
|
service:
|
|
name: minio
|
|
state: stopped
|
|
enabled: false
|
|
when: not minio_enabled
|
|
|
|
tags: ['minio', 'minio_baremetal', 'minio_letsencrypt']
|