From 6e5966001642af9c5ee7cca55fb967bbb30daa54 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Sat, 9 Nov 2024 21:02:55 +0100 Subject: [PATCH] polcies --- roles/mgrote_minio_configure/tasks/policy.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/mgrote_minio_configure/tasks/policy.yml b/roles/mgrote_minio_configure/tasks/policy.yml index 35813822..b8da4370 100644 --- a/roles/mgrote_minio_configure/tasks/policy.yml +++ b/roles/mgrote_minio_configure/tasks/policy.yml @@ -1,14 +1,14 @@ --- # https://galaxy.ansible.com/ui/repo/published/dubzland/minio/content/module/minio_policy/ ? -- name: create needed dirs +- name: "ensure needed dirs exist" ansible.builtin.file: path: "{{ minio_config_dir }}" state: directory owner: root group: root mode: '0644' -# pro bucket hjeeil ro + rw -- name: temaplet ro policy files + +- name: "prep: template policy files (ro)" ansible.builtin.template: dest: "{{ minio_config_dir }}/{{ item.bucket }}_ro" src: policy_ro.j2 @@ -17,7 +17,7 @@ mode: '0644' loop: "{{ minio_policies }}" -- name: temaplet rw policy files +- name: "prep: template policy files (rw)" ansible.builtin.template: dest: "{{ minio_config_dir }}/{{ item.bucket }}_rw" src: policy_rw.j2 @@ -26,13 +26,14 @@ mode: '0644' loop: "{{ minio_policies }}" -- name: setup minio policies rw - ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }}_rw {{ minio_config_dir }}/{{ item.bucket }}_rw" +- name: "setup policies (ro)" + ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }}_ro {{ minio_config_dir }}/{{ item.bucket }}_ro" loop: "{{ minio_policies }}" -- name: setup minio policies ro - ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }}_ro {{ minio_config_dir }}/{{ item.bucket }}_ro" +- name: "setup policies (rw)" + ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }}_rw {{ minio_config_dir }}/{{ item.bucket }}_rw" loop: "{{ minio_policies }}" # ensure absent files are removed # deletata to localhost +# changed when überall