2024-11-09 10:34:23 +01:00
|
|
|
---
|
2024-11-09 19:16:10 +01:00
|
|
|
# https://galaxy.ansible.com/ui/repo/published/dubzland/minio/content/module/minio_policy/ ?
|
2024-11-09 19:19:10 +01:00
|
|
|
- name: create needed dirs
|
2024-11-09 10:34:23 +01:00
|
|
|
ansible.builtin.file:
|
|
|
|
path: "{{ minio_config_dir }}"
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: '0644'
|
2024-11-09 20:24:29 +01:00
|
|
|
# pro bucket hjeeil ro + rw
|
2024-11-09 20:21:51 +01:00
|
|
|
- name: temaplet ro policy files
|
|
|
|
ansible.builtin.template:
|
2024-11-09 20:22:29 +01:00
|
|
|
dest: "{{ minio_config_dir }}/{{ item.bucket }}_ro"
|
2024-11-09 20:21:51 +01:00
|
|
|
src: policy_ro.j2
|
2024-11-09 20:23:13 +01:00
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: '0644'
|
2024-11-09 20:21:51 +01:00
|
|
|
loop: "{{ minio_policies }}"
|
|
|
|
|
|
|
|
- name: temaplet rw policy files
|
|
|
|
ansible.builtin.template:
|
2024-11-09 20:22:29 +01:00
|
|
|
dest: "{{ minio_config_dir }}/{{ item.bucket }}_rw"
|
2024-11-09 20:21:51 +01:00
|
|
|
src: policy_rw.j2
|
2024-11-09 20:24:17 +01:00
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: '0644'
|
2024-11-09 10:34:23 +01:00
|
|
|
loop: "{{ minio_policies }}"
|
|
|
|
|
2024-11-09 20:28:46 +01:00
|
|
|
- name: setup minio policies ro
|
|
|
|
ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }} {{ minio_config_dir }}/{{ item.bucket }}_rw"
|
2024-11-09 10:34:23 +01:00
|
|
|
loop: "{{ minio_policies }}"
|
2024-11-09 10:38:50 +01:00
|
|
|
|
2024-11-09 20:28:46 +01:00
|
|
|
- name: setup minio policies ro
|
|
|
|
ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }} {{ minio_config_dir }}/{{ item.bucket }}_ro"
|
|
|
|
loop: "{{ minio_policies }}"
|
|
|
|
|
|
|
|
|
|
|
|
|
2024-11-09 10:38:50 +01:00
|
|
|
- name: Assign MinIO policies to users
|
|
|
|
ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy attach {{ item.1 }} --user {{ item.0.name }}"
|
|
|
|
loop: "{{ minio_users | subelements('policies') }}"
|
2024-11-09 19:19:10 +01:00
|
|
|
|
|
|
|
# ensure absent files are removed
|
|
|
|
# deletata to localhost
|