stef
/
minio_role
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first commit

main
stef 2025-06-20 14:08:56 +02:00
commit 276e539ac8
18 changed files with 498 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
README.md 100644
View File

@ -0,0 +1,98 @@
minio
=========
- Create minio user
- Create minio disque pool
- Install and configure Minio service
- If necessary, install ssl certificat
- Install client mc
Requirements
------------
Package minio.rpm and mc binary (client minio) must be located in role files directory
Certificats could be located in files/certs ( optionnal)
```
tree roles/minio/files/
roles/minio/files/
├── certs
│ ├── Minio.crt
│ ├── Minio.key
│ └── zen6ca.crt
├── mc
└── minio.rpm
```
Role Variables
--------------
## System information defined in vars/default
```
minio_user: minio-user
minio_group: minio-user
minio_rootdir: /opt/minio
```
## LVM Vars
Must de defined un hosts_var or group var
```
lvm:
pvname: /dev/nvme0n1 # PV to create ( unique)
vgname: vg_minio # VG to create ( unique)
lvs:
- lvname: lv_minio01 # Fist lv to create
size: 10g
fstype: xfs
mountpoint: "{{minio_rootdir}}/disk01"
owner: "{{minio_user}}" # not change
group: "{{minio_group}}" # not change
...
...
...
- lvname: lv_minio04 # Last LV to create
size: 10g
fstype: xfs
mountpoint: /opt/minio/disk04
owner: "{{minio_user}}"
group: "{{minio_group}}"
```
## Minio vars
Must de defined un hosts_var or group var
```
minio:
admin_user: adminminio # Minio Root user
admin_passwd: adminminio # Minio Root user password
root_dir: "{{minio_rootdir}}"
disks_pool: "{{minio_rootdir}}/opt/minio/disk0{1...4}" # Disk pull : must be coherant with lvm data
url: "https://minio01.dell.stef.lan:9000" # APi S3 url
console_port: 9001
key: certs/Minio.key # minio ssl keylocal path in ansible file dir (optionnel)
cert: certs/Minio.crt # minio ssl cert local path in ansible file dir (optionnel)
cacert: certs/zen6ca.crt # minio ssl ca local path in ansible file dir (optionnel)
```
Dependencies
------------
none
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
```
---
- name: Install minio
hosts:
- minio
roles:
- minio
```
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
defaults/main.yml 100644
View File

@ -0,0 +1,2 @@
---
# defaults file for minio

29
files/certs/Minio.crt 100644
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIIWxT+12xX5c8wDQYJKoZIhvcNAQELBQAwZjEPMA0GA1UE
AxMGemVuLWNhMQswCQYDVQQGEwJGUjEWMBQGA1UECBMNSWxlIGRlIEZyYW5jZTER
MA8GA1UEBxMITUFMQUtPRkYxDTALBgNVBAoTBFplbjYxDDAKBgNVBAsTA0xhYjAe
Fw0yNTA2MTMxMTMwMzVaFw0zNTA2MTExMTMwMzVaMHsxHDAaBgNVBAMTE21pbmlv
LmRlbGwuc3RlZi5sYW4xCzAJBgNVBAYTAkZSMRYwFAYDVQQIEw1JbGUgZGUgRnJh
bmNlMRkwFwYDVQQHExBCVVJFUyBTVVIgWVZFVFRFMQ0wCwYDVQQKEwRaZW42MQww
CgYDVQQLEwNMYWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7BeEb
OrS0UuYXQL4Tz5P5YWMcl/iRK+n/YeWrhrjT5YADBzXMFYkQsdeWIdoPpvcV8yFX
90i1RyYpnhFDJy/B9Nc/NgDqu58UMDaa+cvgphXqqCyd1Rfgk6TyxZpbqkDqT+4n
bYZ5yd1OD0MNWRxjnX+ygFmr3Xv4+snbRfwBQHK9GVpSJkmYK+oNwiolh9tKc/TB
wyJ55Len9Jbn22YmQR09zLEe+6a0AD6P+47dB9fefvz5TQjjsQlKcWod5NQ1uib8
Mf8rwXk9BEvGTnt85x5TIIQmI5ksHwO0qcrfhXrpjCV/cDj8en+xG4gzX+od/3s9
Z/OvRPjHK9dI5dJXAgMBAAGjggGgMIIBnDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIB
AQQEAwIGQDALBgNVHQ8EBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUOC3td9TgESZEAmut
xqww7ERK4mEwgZcGA1UdIwSBjzCBjIAUqdmYYM84X3RpvHd6cL3YztWW12ehaqRo
MGYxDzANBgNVBAMTBnplbi1jYTELMAkGA1UEBhMCRlIxFjAUBgNVBAgTDUlsZSBk
ZSBGcmFuY2UxETAPBgNVBAcTCE1BTEFLT0ZGMQ0wCwYDVQQKEwRaZW42MQwwCgYD
VQQLEwNMYWKCCExedBDbXr4bMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcD
AgYIKwYBBQUIAgIwWAYDVR0RBFEwT4ITbWluaW8uZGVsbC5zdGVmLmxhboIVbWlu
aW8wMS5kZWxsLnN0ZWYubGFughVtaW5pbzAyLmRlbGwuc3RlZi5sYW6HBH8AAAGH
BMCoRg8wDQYJKoZIhvcNAQELBQADggEBAIDCUxqW0XPyqemykTAjZFctwELoahL4
+6ftyRkg3kFSq48Sos3HjztGhAcQa/Bwcr0zuSsSpErKMd+bKIzUheQlFTTbmwZy
2e+c+n8f+ItTAU3ArZqeQ6e17KK23bbCxRBW8Ml/kFqN6Dia/L+NU9OFb0SZKA44
ESIny06FwGfMsEvSHc58GxemUg5ZwErNkEcnvXFp+WKf9v2wMKoabBCLFq2uQCem
+eeoKprFqdZb9Cl3ejcQhfPtzMFrBRf+1Ar3mi1yVTg8Z8WIn4UBRRP+RYc6D0py
UioEG28kouzUKTqLEM4veSjHcXkle1EFUR3yDDexqwvv3xdhIj30tyY=
-----END CERTIFICATE-----

28
files/certs/Minio.key 100644
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD7BeEbOrS0UuYX
QL4Tz5P5YWMcl/iRK+n/YeWrhrjT5YADBzXMFYkQsdeWIdoPpvcV8yFX90i1RyYp
nhFDJy/B9Nc/NgDqu58UMDaa+cvgphXqqCyd1Rfgk6TyxZpbqkDqT+4nbYZ5yd1O
D0MNWRxjnX+ygFmr3Xv4+snbRfwBQHK9GVpSJkmYK+oNwiolh9tKc/TBwyJ55Len
9Jbn22YmQR09zLEe+6a0AD6P+47dB9fefvz5TQjjsQlKcWod5NQ1uib8Mf8rwXk9
BEvGTnt85x5TIIQmI5ksHwO0qcrfhXrpjCV/cDj8en+xG4gzX+od/3s9Z/OvRPjH
K9dI5dJXAgMBAAECggEAIHA5D8C9W1QfIcAfEAZSE/buzOIin/fxzCvFdy34soFE
0p9a512dEcg5mNAVEtK7uV1q4Kg3AB4Ko3QmvOvScxkFu8hpw+us+fnlBI/lNcmg
qWtEIL1J0Z6iwTCh6tiMfPsJRpUTvKdGbvDv9Eigr4rJ1rJZZClB/QHDlg9sKmj9
Je/CqN6SYMnPl95DsG3QsTMpAWu9j9qKPpqXnxNauiGCh6xs19V9Y7q+ZDgHUfWV
ZzFNAb5xRPu3xRLgkX8vJ0tUR42hq5btXWBDB59PvhiFwdnxa3mvs+JzcnpsAuae
7sZbBOijpQ1XPapPFdyX7DO4wzkUGSArFSHDPdRmeQKBgQD/EsA/0fvaNgLqwfT/
nbtQ8G5B4SyLWyAA66S1633R20tnR6qfcaAWFQwkoXxox2NII1aLFCcBBCoFA/r8
AqwvtuY3vgwJRcriXI8vygEBRcGWSTYYDRaXPA38Md7Kow67ZFCy0ZVp/fl8GY+u
6vOaoYp9ZrpqeWNpgG2BwysGbQKBgQD771xw17qdWWNqjeoEVOkC7iS00xWEitR9
Y5FgOZukoaVvjh7J8EWsVVB5XLmfmdzN+iGys82VYyPYsWOrXfES0BDbS8Dm5gku
TzGJp+VkSbLSLSulVjqV+gl+GNkh/bEQENib5uey+3ONw3Nm5TmQe3hgzm4y51dK
f7KQayuRUwKBgQDPlhsP1Xz6YeqN07voLB4+CO4yf2cZItgw55Xs1/JVz/rV2uVp
TbfTQN3ZEfOF8n9CPkA4f/YeRZ1M56hjYGlxi5Bg3TI+eaZcAqglZGjc+EBMZti3
Si+QdTeMf6mpkHp013c1kIvg7ukTrlnZKS2IMt/anrgn3xKg0fxNFuD1IQKBgD1k
LKCK0Ty6pZE3l8kKb+V45pTxwxKTSghsFObf4t+RTGEMvs/yrue5umx4ffs4YSgI
ReHoErbOe9O4FlOSBsbQ0Oq/YPhjIeWZArdKpIl1tA+nVjVp98jILzv9DhxMV7NU
h5QmBlwFDjmDYUG3pflhPQpKA2yAFzNePsMWen1lAoGBAN/fgT6kj84CzYJKHTiJ
MdoF355ekmWydNRUe1lsHDo4RVqbZQ1U6dNW8Iqo/ZFM/YzFxTH8eRIAGqHEvtEX
NfTlMVowHbkBDwHqrrMwFgHCOtwJA6f/iiyRKENn9cn6VK5/WqopoXI4bSbcbhZ7
/rijQ51XCHRJMriK8rysX2DY
-----END PRIVATE KEY-----

25
files/certs/zen6ca.crt 100644
View File

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEJjCCAw6gAwIBAgIITF50ENtevhswDQYJKoZIhvcNAQELBQAwZjEPMA0GA1UE
AxMGemVuLWNhMQswCQYDVQQGEwJGUjEWMBQGA1UECBMNSWxlIGRlIEZyYW5jZTER
MA8GA1UEBxMITUFMQUtPRkYxDTALBgNVBAoTBFplbjYxDDAKBgNVBAsTA0xhYjAe
Fw0yMTEwMDIxMDIzNDRaFw0zMTA5MzAxMDIzNDRaMGYxDzANBgNVBAMTBnplbi1j
YTELMAkGA1UEBhMCRlIxFjAUBgNVBAgTDUlsZSBkZSBGcmFuY2UxETAPBgNVBAcT
CE1BTEFLT0ZGMQ0wCwYDVQQKEwRaZW42MQwwCgYDVQQLEwNMYWIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2dXjpA2DiCiUUNdbEkxbZLGz1Av/CEXCV
d6sMvX6SrKfEz+HIy1SI10+vfuB5d33G9a7cf0yvLg8d19HGkNoFFjxCtuFtndyM
W1xAO6jfA2VdnIbGqD98qVfNjqhs9kHh7Xfx2zGtxNi0Lg/fdRkgN1Wh+r2T/zVf
67e5yZSrYdVVzzUwyL8EvyWTk/UOd54ohTTMMphGgb0Sejpv1Kzw5lU4lAFQVWm8
xYj3GRKk1/z21L8dMA551TeLiD3GuB5vYs0NPzsb+3sHoRC0DHY/2ynDaT2IkfJS
gk/92YvF45pB8yuc25j8TMZvZGCia+dgywD1Ta+5sKiz4QtgYg2PAgMBAAGjgdcw
gdQwHQYDVR0OBBYEFKnZmGDPOF90abx3enC92M7VltdnMIGXBgNVHSMEgY8wgYyA
FKnZmGDPOF90abx3enC92M7VltdnoWqkaDBmMQ8wDQYDVQQDEwZ6ZW4tY2ExCzAJ
BgNVBAYTAkZSMRYwFAYDVQQIEw1JbGUgZGUgRnJhbmNlMREwDwYDVQQHEwhNQUxB
S09GRjENMAsGA1UEChMEWmVuNjEMMAoGA1UECxMDTGFigghMXnQQ216+GzAMBgNV
HRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAd4lzS3Cw
sKWgiLlzvo9GYcuKTQbegScg5KzjseE3rCDYH/KQuTE4ku2v9S7iFfosbwGu5kQ5
8fP5VB7uuE4sba3U9YcSkDDHEQIYmm2BmbVE9LuJYrVOMoLUF2MTq8YBMjkTkJRe
EZGyReSKNjtwgh1TS0Z50XGUvbOxvt7rBRo3SMpezL4+hzy/dKPCaZhnRfKmFO0L
hjSD8hmPyXyLmwnt4UEuaSJpriUzMGlU5zMW9aoWXzB/tlSRji9pW7AoKrxGUVl5
CdnwtFSM/3yLH2NEoDlH+Nu0EU6bIWdDGJDZcrBHi5IjhwOgVtqkxuApKbRd7NL/
wRaKX2/Mwy6Olg==
-----END CERTIFICATE-----

BIN
files/mc 100755
View File

Binary file not shown.

BIN
files/minio.rpm 100644
View File

Binary file not shown.

45
files/test-minio.py 100644
View File

@ -0,0 +1,45 @@
from minio import Minio
from minio.error import S3Error
import urllib3
httpClient = urllib3.PoolManager(
ca_certs='/home/stef/zen6ca.crt')
# mc admin accesskey create minio01/
client = Minio("minio01.dell.stef.lan:9000",
access_key="6TRJ1XTK902Q50PET3P1",
secret_key="A7h0OfcqZ+qIllcVea+Si6IblqwI+p6a+5grVxGw",
secure=True,
http_client=httpClient,
)
def main():
# The file to upload, change this path if needed
source_file = "/tmp/test-file.txt"
# The destination bucket and filename on the MinIO server
bucket_name = "python-test-bucket"
destination_file = "my-test-file.txt"
# Make the bucket if it doesn't exist.
found = client.bucket_exists(bucket_name)
if not found:
client.make_bucket(bucket_name)
print("Created bucket", bucket_name)
else:
print("Bucket", bucket_name, "already exists")
# Upload the file, renaming it in the process
client.fput_object(
bucket_name, destination_file, source_file,
)
print(
source_file, "successfully uploaded as object",
destination_file, "to bucket", bucket_name,
)
if __name__ == "__main__":
try:
main()
except S3Error as exc:
print("error occurred.", exc)

2
handlers/main.yml 100644
View File

@ -0,0 +1,2 @@
---
# handlers file for minio

52
meta/main.yml 100644
View File

@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

18
tasks/createfs.yml 100644
View File

@ -0,0 +1,18 @@
---
# tasks createfs file for config_lvm
- name: Create a volume group
community.general.lvg:
vg: "{{ data.vgname }}"
pvs: "{{ data.pvname }}"
tags:
- disk
- name: "Create LVs"
include_tasks: createlv.yml
vars:
lv: "{{ item }}"
vg: "{{ data.vgname}}"
loop: "{{ data.lvs }}"
loop_control:
loop_var: lv
tags:
- disk

45
tasks/createlv.yml 100644
View File

@ -0,0 +1,45 @@
- name: Create a logical volume
community.general.lvol:
vg: "{{ vg }}"
lv: "{{ lv.lvname }}"
size: "{{ lv.size }}"
tags:
- disk
- name: Format LV
community.general.filesystem:
fstype: "{{ lv.fstype }}"
dev: "/dev/mapper/{{ vg }}-{{ lv.lvname }}"
tags:
- disk
- name: Create mount point
ansible.builtin.file:
state: directory
recurse: yes
path: "{{ lv.mountpoint }}"
tags:
- disk
- name: Update Fstab
ansible.builtin.lineinfile:
path: /etc/fstab
state: present
line: "/dev/mapper/{{ vg }}-{{ lv.lvname }} {{ lv.mountpoint }} {{ lv.fstype }} defaults 0 2"
tags:
- disk
- name: Just force systemd to reread configs (2.4 and above)
ansible.builtin.systemd_service:
daemon_reload: true
tags:
- disk
- name: Execute the command in remote shell; stdout goes to the specified file on the remote
ansible.builtin.shell: mount -a
tags:
- disk
- name: Chown mount point
file:
path: "{{ lv.mountpoint }}"
owner: "{{ lv.owner }}"
group: "{{ lv.group }}"
tags:
- disk

87
tasks/install.redhat.yml 100644
View File

@ -0,0 +1,87 @@
---
# tasks file for minio
- name: Copy minio RPM
ansible.builtin.copy:
src: minio.rpm
dest: "/root/minio.rpm"
tags:
- minio
- name: Install Minio
ansible.builtin.shell: dnf install /root/minio.rpm -y
tags:
- minio
- name: Install Client
ansible.builtin.copy:
src: mc
dest: "/usr/local/bin/mc"
owner: root
group: root
mode: '0755'
tags:
- minio
- name: Change file ownership, group and permissions
ansible.builtin.file:
path: "{{ minio_rootdir }}/certs/CAs"
state: directory
owner: "{{ minio_user }}"
group: "{{ minio_group }}"
mode: '0755'
recurse: true
tags:
- minio
- name: Copie certs
ansible.builtin.copy:
src: '{{ minio.cert }}'
dest: "{{ minio_rootdir }}/certs/public.crt"
owner: "{{ minio_user }}"
group: "{{ minio_group }}"
when: minio.cert is defined
tags:
- minio
- name: Copie key
ansible.builtin.copy:
src: "{{ minio.key }}"
dest: "{{ minio_rootdir }}/certs/private.key"
owner: "{{ minio_user }}"
group: "{{ minio_group }}"
when: minio.key is defined
tags:
- minio
- name: Copie CA Cert
ansible.builtin.copy:
src: "{{ minio.cacert }}"
dest: "{{ minio_rootdir }}/certs/CAs/ca.crt"
owner: "{{ minio_user }}"
group: "{{ minio_group }}"
when: minio.cacert is defined
tags:
- minio
- name: Template a file to /etc/default/minio
ansible.builtin.template:
src: minio_config.j2
dest: /etc/default/minio
owner: root
group: root
tags:
- minio
- name: Just force systemd to reread configs (2.4 and above)
ansible.builtin.systemd_service:
daemon_reload: true
tags:
- minio
- name: Restart service minio, in all cases
ansible.builtin.service:
name: minio
state: restarted
tags:
- minio

32
tasks/main.yml 100644
View File

@ -0,0 +1,32 @@
---
# tasks file for minio
- name: Create groupe minio
ansible.builtin.group:
name: "{{minio_group}}"
system : true
tags:
- user
- name: Create user minio
ansible.builtin.user:
name: "{{minio_user}}"
comment: "Utilisateur minio"
create_home : false
group: "{{minio_group}}"
system : true
tags:
- user
- name: Create LVM
include_tasks: createfs.yml
vars:
data: "{{ lvm }}"
tags:
- disk
- name: Run Install task
ansible.builtin.include_tasks:
file: "install.{{ansible_distribution_file_variety|lower}}.yml"
tags:
- minio

23
templates/minio_config.j2 100644
View File

@ -0,0 +1,23 @@
# MINIO_ROOT_USER and MINIO_ROOT_PASSWORD sets the root account for the MinIO se
rver.
# This user has unrestricted permissions to perform S3 and administrative API op
erations on any resource in the deployment.
# Omit to use the default values 'minioadmin:minioadmin'.
# MinIO recommends setting non-default values as a best practice, regardless of
environment.
MINIO_ROOT_USER={{minio.admin_user}}
MINIO_ROOT_PASSWORD={{minio.admin_passwd}}
# MINIO_VOLUMES sets the storage volumes or paths to use for the MinIO server.
# The specified path uses MinIO expansion notation to denote a sequential series
of drives between 1 and 4, inclusive.
# All drives or paths included in the expanded drive list must exist *and* be em
pty or freshly formatted for MinIO to start successfully.
MINIO_SERVER_URL="{{ minio.url }}"
MINIO_VOLUMES="{{ minio.disks_pool }}"
# MINIO_OPTS sets any additional commandline options to pass to the MinIO server
.
# For example, `--console-address :9001` sets the MinIO Console listen port
MINIO_OPTS="--console-address :{{minio.console_port}} --certs-dir={{ minio_rootdir }}/certs"

2
tests/inventory 100644
View File

@ -0,0 +1,2 @@
localhost

5
tests/test.yml 100644
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- minio

5
vars/main.yml 100644
View File

@ -0,0 +1,5 @@
---
# vars file for minio
minio_user: minio-user
minio_group: minio-user
minio_rootdir: /opt/minio