ricsanfre.minio
Ansible Role: Minio Server Installation and Configuration
This role installs and configures Minio on a Linux server.
Requirements
- None
Role Variables
Here are the variables you can use, along with their default values (see defaults\main.yaml):
- Decide whether to install Minio server and client: - minio_install_server: true minio_install_client: true
- Details for Minio server installation: - User and group for Minio: - minio_group: minio minio_user: minio- Folders for server configuration ( - minio_etc_dir), TLS certificates (- minio_cert_dir), and user access policies (- minio_policy_dir):- minio_etc_dir: /etc/minio minio_cert_dir: "{{ minio_etc_dir }}/ssl" minio_policy_dir: "{{ minio_etc_dir }}/policy"- Set Minio server IP address ( - minio_server_address). If left empty, the server will listen on all available IPs. You can also set server and console ports:- minio_server_port: "9091" minio_server_addr: "" minio_console_port: "9092"- Admin user and password for Minio: - minio_root_user: "" minio_root_password: ""- Site region for Minio: - minio_site_region: "eu-west-1"- Data directories for Minio ( - minio_server_datadirs) and an option to create them if they don’t exist (- minio_server_make_datadirs):- minio_server_make_datadirs: true minio_server_datadirs: - /var/lib/minio- Setup for a distributed cluster ( - minio_server_cluster_nodes). You need separate disks for multi-drive configurations. Refer to the documentation for best practices.- Example: - minio_server_datadirs: - '/mnt/disk1/minio' - '/mnt/disk2/minio' - '/mnt/disk3/minio' - '/mnt/disk4/minio' minio_server_cluster_nodes: - 'https://minio{1...4}.example.net:9091/mnt/disk{1...4}/minio'
- Client Configuration: Set connection alias name ( - minio_alias) and whether to validate SSL certificates (- minio_validate_certificates):- minio_validate_certificate: true minio_alias: "myminio"
- TLS Configuration: Enable TLS by setting - minio_enable_tlsto true and provide the private key and public certificate. You can load these using an Ansible task:- - name: Load TLS key and cert from files set_fact: minio_key: "{{ lookup('file','certificates/{{ inventory_hostname }}_private.key') }}" minio_cert: "{{ lookup('file','certificates/{{ inventory_hostname }}_public.crt') }}"- Specify - minio_urlif necessary (especially if there are no IP Subject Alternative Names in the TLS certificates):- minio_url: "https://minio.ricsanfre.com:{{ minio_server_port }}"
- Buckets: Use the - minio_bucketsvariable to set up a list of buckets and their policies:- minio_buckets: - name: bucket1 policy: read-only - name: bucket2 policy: read-write object_lock: false - name: bucket3 policy: private object_lock: true
- Users: Create users automatically with the - minio_usersvariable:- minio_users: - name: user1 password: supers1cret0 buckets_acl: - name: bucket1 policy: read-write - name: bucket2 policy: read-only- Custom policies can also be defined for specific access needs. 
- Prometheus Token: Generate a Prometheus bearer token and save it to a file: - minio_prometheus_bearer_token: false prometheus_bearer_token_output: "{{ minio_etc_dir }}/prometheus_bearer.json"
- MinIO pip library: Manage environment variables for pip installations: - minio_pip_environment_var: PIP_BREAK_SYSTEM_PACKAGES: "1"
- Site Replication: Set up replication across multiple MinIO deployments: - replication_sites: - name: myminio2 url: "http://replication.minio.com:9091" admin_user: "myminio2" admin_password: "supers1cret02"
Dependencies
- None
Example Playbook
This playbook installs and configures Minio server and client, enables TLS, and creates some buckets and users:
---
- name: Install and configure Minio Server
  hosts: minio
  become: true
  gather_facts: true
  vars:
    server_hostname: minio.example.com
    ssl_key_size: 4096
    ssl_certificate_provider: selfsigned
  pre_tasks:
    - name: Generate self-signed SSL certificates for minio
      include_tasks: generate_selfsigned_cert.yml
      args:
        apply:
          delegate_to: localhost
          become: false
    - name: Load TLS key and cert
      set_fact:
        minio_key: "{{ lookup('file','certificates/' + inventory_hostname + '_private.key') }}"
        minio_cert: "{{ lookup('file','certificates/' + inventory_hostname + '_public.crt') }}"
  roles:
    - role: ricsanfre.minio
      minio_root_user: "miniadmin"
      minio_root_password: "supers1cret0"
      minio_enable_tls: true
      minio_url: "https://{{ server_hostname }}:{{ minio_server_port }}"
      minio_buckets:
        - name: bucket1
          policy: read-write
        - name: bucket2
          policy: read-write
      minio_users:
        - name: user1
          password: supers1cret0
          buckets_acl:
            - name: bucket1
              policy: read-write
            - name: bucket2
              policy: read-only
License
- MIT
Author Information
Created by Ricardo Sanchez (ricsanfre)
Bucket creation ansible module based on the work of Alexis Facques (https://github.com/alexisfacques/ansible-module-s3-minio-bucket)
ansible-galaxy install ricsanfre.minio