homeserver/roles/mgrote_minio_configure/tasks/policy.yml

45 lines
1.6 KiB
YAML
Raw Normal View History

2024-11-09 10:34:23 +01:00
---
2024-11-09 19:16:10 +01:00
# https://galaxy.ansible.com/ui/repo/published/dubzland/minio/content/module/minio_policy/ ?
2024-11-09 21:02:55 +01:00
- name: "ensure needed dirs exist"
2024-11-09 10:34:23 +01:00
ansible.builtin.file:
path: "{{ minio_config_dir }}"
state: directory
owner: root
group: root
mode: '0644'
2024-11-09 21:02:55 +01:00
- name: "prep: template policy files (ro)"
2024-11-09 20:21:51 +01:00
ansible.builtin.template:
2024-11-09 21:15:28 +01:00
dest: "{{ minio_config_dir }}/{{ item.name }}_ro"
2024-11-09 20:21:51 +01:00
src: policy_ro.j2
2024-11-09 20:23:13 +01:00
owner: root
group: root
mode: '0644'
2024-11-09 21:09:22 +01:00
loop: "{{ minio_buckets }}"
2024-11-09 20:21:51 +01:00
2024-11-09 21:02:55 +01:00
- name: "prep: template policy files (rw)"
2024-11-09 20:21:51 +01:00
ansible.builtin.template:
2024-11-09 21:15:28 +01:00
dest: "{{ minio_config_dir }}/{{ item.name }}_rw"
2024-11-09 20:21:51 +01:00
src: policy_rw.j2
2024-11-09 20:24:17 +01:00
owner: root
group: root
mode: '0644'
2024-11-09 21:09:22 +01:00
loop: "{{ minio_buckets }}"
2024-11-09 10:34:23 +01:00
2024-11-09 21:02:55 +01:00
- name: "setup policies (ro)"
2024-11-09 21:34:39 +01:00
ansible.builtin.command: "{{ minio_client_bin }} --disable-pager admin policy create {{ minio_root_alias }} {{ item.name }}_ro {{ minio_config_dir }}/{{ item.name }}_ro"
2024-11-09 21:09:22 +01:00
loop: "{{ minio_buckets }}"
2024-11-09 21:23:34 +01:00
changed_when: false # Befehl gibt immer "Created policy `testbucket3_ro` successfully." aus, unabhängig ob sie schon existiert oder nicht.
2024-11-09 10:38:50 +01:00
2024-11-09 21:02:55 +01:00
- name: "setup policies (rw)"
2024-11-09 21:34:39 +01:00
ansible.builtin.command: "{{ minio_client_bin }} --disable-pager admin policy create {{ minio_root_alias }} {{ item.name }}_rw {{ minio_config_dir }}/{{ item.name }}_rw"
2024-11-09 21:09:22 +01:00
loop: "{{ minio_buckets }}"
2024-11-09 21:23:34 +01:00
changed_when: false # Befehl gibt immer "Created policy `testbucket3_ro` successfully." aus, unabhängig ob sie schon existiert oder nicht.
2024-11-09 20:28:46 +01:00
2024-11-09 21:18:16 +01:00
- name: "remove old policy files"
2024-11-09 21:15:28 +01:00
ansible.builtin.file:
2024-11-09 21:19:13 +01:00
path: "{{ minio_config_dir }}/{{ item.name }}*"
2024-11-09 21:15:28 +01:00
state: absent
loop: "{{ minio_buckets }}"
when: '"absent" in item.state'