ricsanfre.minio

Panoramica Versioni Approfondimenti

Ansible Role: Minio Server Installation and Configuration

This role installs and configures Minio on a Linux server.

Requirements

  • None

Role Variables

Here are the variables you can use, along with their default values (see defaults\main.yaml):

  • Decide whether to install Minio server and client:

    minio_install_server: true
minio_install_client: true

  • Details for Minio server installation:

    User and group for Minio:

    minio_group: minio
minio_user: minio

    Folders for server configuration (minio_etc_dir), TLS certificates (minio_cert_dir), and user access policies (minio_policy_dir):

    minio_etc_dir: /etc/minio
minio_cert_dir: "{{ minio_etc_dir }}/ssl"
minio_policy_dir: "{{ minio_etc_dir }}/policy"

    Set Minio server IP address (minio_server_address). If left empty, the server will listen on all available IPs. You can also set server and console ports:

    minio_server_port: "9091"
minio_server_addr: ""
minio_console_port: "9092"

    Admin user and password for Minio:

    minio_root_user: ""
minio_root_password: ""

    Site region for Minio:

    minio_site_region: "eu-west-1"

    Data directories for Minio (minio_server_datadirs) and an option to create them if they don’t exist (minio_server_make_datadirs):

    minio_server_make_datadirs: true
minio_server_datadirs:
  - /var/lib/minio

    Setup for a distributed cluster (minio_server_cluster_nodes). You need separate disks for multi-drive configurations. Refer to the documentation for best practices.

    Example:

    minio_server_datadirs:
  - '/mnt/disk1/minio'
  - '/mnt/disk2/minio'
  - '/mnt/disk3/minio'
  - '/mnt/disk4/minio'
minio_server_cluster_nodes:
  - 'https://minio{1...4}.example.net:9091/mnt/disk{1...4}/minio'

  • Client Configuration: Set connection alias name (minio_alias) and whether to validate SSL certificates (minio_validate_certificates):

    minio_validate_certificate: true
minio_alias: "myminio"

  • TLS Configuration: Enable TLS by setting minio_enable_tls to true and provide the private key and public certificate. You can load these using an Ansible task:

    - name: Load TLS key and cert from files
  set_fact:
    minio_key: "{{ lookup('file','certificates/{{ inventory_hostname }}_private.key') }}"
    minio_cert: "{{ lookup('file','certificates/{{ inventory_hostname }}_public.crt') }}"

    Specify minio_url if necessary (especially if there are no IP Subject Alternative Names in the TLS certificates):

    minio_url: "https://minio.ricsanfre.com:{{ minio_server_port }}"

  • Buckets: Use the minio_buckets variable to set up a list of buckets and their policies:

    minio_buckets:
  - name: bucket1
    policy: read-only
  - name: bucket2
    policy: read-write
    object_lock: false
  - name: bucket3
    policy: private
    object_lock: true

  • Users: Create users automatically with the minio_users variable:

    minio_users:
  - name: user1
    password: supers1cret0
    buckets_acl:
      - name: bucket1
        policy: read-write
      - name: bucket2
        policy: read-only

    Custom policies can also be defined for specific access needs.

  • Prometheus Token: Generate a Prometheus bearer token and save it to a file:

    minio_prometheus_bearer_token: false
prometheus_bearer_token_output: "{{ minio_etc_dir }}/prometheus_bearer.json"

  • MinIO pip library: Manage environment variables for pip installations:

    minio_pip_environment_var:
  PIP_BREAK_SYSTEM_PACKAGES: "1"

  • Site Replication: Set up replication across multiple MinIO deployments:

    replication_sites:
  - name: myminio2
    url: "http://replication.minio.com:9091"
    admin_user: "myminio2"
    admin_password: "supers1cret02"

Dependencies

  • None

Example Playbook

This playbook installs and configures Minio server and client, enables TLS, and creates some buckets and users:

---
- name: Install and configure Minio Server
  hosts: minio
  become: true
  gather_facts: true
  vars:
    server_hostname: minio.example.com
    ssl_key_size: 4096
    ssl_certificate_provider: selfsigned

  pre_tasks:
    - name: Generate self-signed SSL certificates for minio
      include_tasks: generate_selfsigned_cert.yml
      args:
        apply:
          delegate_to: localhost
          become: false

    - name: Load TLS key and cert
      set_fact:
        minio_key: "{{ lookup('file','certificates/' + inventory_hostname + '_private.key') }}"
        minio_cert: "{{ lookup('file','certificates/' + inventory_hostname + '_public.crt') }}"

  roles:
    - role: ricsanfre.minio
      minio_root_user: "miniadmin"
      minio_root_password: "supers1cret0"
      minio_enable_tls: true
      minio_url: "https://{{ server_hostname }}:{{ minio_server_port }}"
      minio_buckets:
        - name: bucket1
          policy: read-write
        - name: bucket2
          policy: read-write
      minio_users:
        - name: user1
          password: supers1cret0
          buckets_acl:
            - name: bucket1
              policy: read-write
            - name: bucket2
              policy: read-only

License

  • MIT

Author Information

Created by Ricardo Sanchez (ricsanfre)

Bucket creation ansible module based on the work of Alexis Facques (https://github.com/alexisfacques/ansible-module-s3-minio-bucket)

Informazioni sul progetto

minio installation and configuration role

role system s3 minio
Installa
ansible-galaxy install ricsanfre.minio
GitHub repository
59 stelle
31 fork
3 problemi aperti
Licenza
mit
Download
29.4k
Proprietario
Ricardo Sanchez
Telecom engineer.