diff --git a/ansible/group_vars/all/main.yml b/ansible/group_vars/all/main.yml index 4541fba..fb913e6 100644 --- a/ansible/group_vars/all/main.yml +++ b/ansible/group_vars/all/main.yml @@ -57,4 +57,7 @@ vault_ca_cert_payload: | # lnd lnd_version: 0.16.4-beta + +# minio +minio_version: RELEASE.2023-07-07T07-13-57Z ... diff --git a/ansible/host_vars/ivyking.minhas.io/main.yml b/ansible/host_vars/ivyking.minhas.io/main.yml index 5dc5620..26b0173 100644 --- a/ansible/host_vars/ivyking.minhas.io/main.yml +++ b/ansible/host_vars/ivyking.minhas.io/main.yml @@ -1,2 +1,3 @@ --- docker_repo_storage: /tank0/docker-repo +minio_volume: /tank0/minio diff --git a/ansible/inventory.txt b/ansible/inventory.txt index 0436a2e..625cf28 100644 --- a/ansible/inventory.txt +++ b/ansible/inventory.txt @@ -33,3 +33,6 @@ sedan.minhas.io [bitcoind] ivyking.minhas.io + +[minio] +ivyking.minhas.io diff --git a/ansible/playbooks/minio.yml b/ansible/playbooks/minio.yml new file mode 100644 index 0000000..07bc8ea --- /dev/null +++ b/ansible/playbooks/minio.yml @@ -0,0 +1,5 @@ +--- +- hosts: minio + roles: + - role: minio +... diff --git a/ansible/playbooks/site.yml b/ansible/playbooks/site.yml index 02551bc..0647491 100644 --- a/ansible/playbooks/site.yml +++ b/ansible/playbooks/site.yml @@ -2,7 +2,7 @@ - import_playbook: common.yml - import_playbook: vault-server.yml - import_playbook: k3s.yml -- import_playbook: docker-repo.yml + #- import_playbook: docker-repo.yml - import_playbook: lnd.yml - import_playbook: wekan.yml ... diff --git a/ansible/roles/bitcoind/tasks/main.yml b/ansible/roles/bitcoind/tasks/main.yml index 87c41c4..072703f 100644 --- a/ansible/roles/bitcoind/tasks/main.yml +++ b/ansible/roles/bitcoind/tasks/main.yml @@ -38,7 +38,7 @@ copy: src: files/bitcoind.service dest: /etc/systemd/system/bitcoind.service - mode: 0755 + mode: 0750 owner: root group: root notify: reload systemd diff --git a/ansible/roles/minio/files/minio.service b/ansible/roles/minio/files/minio.service new file mode 100644 index 0000000..96dc0a6 --- /dev/null +++ b/ansible/roles/minio/files/minio.service @@ -0,0 +1,24 @@ +[Unit] +Description=MinIO +Documentation=https://min.io/docs/minio/linux/index.html +Wants=network-online.target +After=network-online.target +AssertFileIsExecutable=/usr/local/bin/minio + +[Service] +WorkingDirectory=/usr/local + +User=minio +Group=minio +ProtectProc=invisible + +EnvironmentFile=-/etc/default/minio +ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES +Restart=always +LimitNOFILE=65536 +TasksMax=infinity +TimeoutStopSec=infinity +SendSIGKILL=no + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/minio/handlers/main.yml b/ansible/roles/minio/handlers/main.yml new file mode 100644 index 0000000..f9ff614 --- /dev/null +++ b/ansible/roles/minio/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: reload systemd + systemd: + daemon_reload: True + +- name: restart minio + systemd: + name: minio + state: restarted +... diff --git a/ansible/roles/minio/tasks/main.yml b/ansible/roles/minio/tasks/main.yml new file mode 100644 index 0000000..bf15efe --- /dev/null +++ b/ansible/roles/minio/tasks/main.yml @@ -0,0 +1,64 @@ +--- +- name: create minio group + group: + name: minio + state: present + +- name: create minio user + user: + name: minio + group: minio + system: True + shell: /usr/sbin/nologin + +- name: ensure minio cert dir + file: + path: /etc/minio/certs + state: directory + owner: minio + group: minio + mode: 0750 + +- name: ensure minio owns minio path + file: + path: '{{ minio_volume }}' + state: directory + owner: minio + group: minio + mode: 0750 + +- name: ensure minio systemd file + copy: + src: minio.service + dest: /etc/systemd/system/minio.service + owner: root + group: root + notify: + - reload systemd + - restart minio + +- name: template minio config + template: + src: minio.j2 + dest: /etc/default/minio + owner: root + group: minio + mode: 0640 + notify: restart minio + +- name: download minio + get_url: + url: 'https://dl.minio.io/server/minio/release/linux-amd64/archive/minio.{{ minio_version }}' + dest: /usr/local/bin/minio + owner: root + group: root + mode: 0755 + checksum: "sha256:https://dl.minio.io/server/minio/release/linux-amd64/archive/minio.{{ minio_version}}.sha256sum" + notify: restart minio + +- name: enable and start minio + systemd: + name: minio + state: started + enabled: True + daemon_reload: True diff --git a/ansible/roles/minio/templates/minio.j2 b/ansible/roles/minio/templates/minio.j2 new file mode 100644 index 0000000..ff94f1b --- /dev/null +++ b/ansible/roles/minio/templates/minio.j2 @@ -0,0 +1,5 @@ +MINIO_ROOT_USER={{ lookup('hashi_vault', 'secret=kv/data/minio:admin_username') }} +MINIO_ROOT_PASSWORD={{ lookup('hashi_vault', 'secret=kv/data/minio:admin_password') }} +MINIO_VOLUMES="{{ minio_volume }}" +MINIO_SERVER_URL="http://ivyking.minhas.io:9000" +MINIO_DOMAIN=ivyking.minhas.io