diff --git a/roles/mgrote_minio_configure/defaults/main.yml b/roles/mgrote_minio_configure/defaults/main.yml index 0b704ba6..9ffe65f8 100644 --- a/roles/mgrote_minio_configure/defaults/main.yml +++ b/roles/mgrote_minio_configure/defaults/main.yml @@ -13,10 +13,12 @@ minio_print_keys: true # zeige secret in playbook minio_users: - name: testuser5 secret: hallowelt + state: present policies: - testbucket1_rw - name: testuser6 secret: hallowelt2 + state: present policies: - testbucket3_ro diff --git a/roles/mgrote_minio_configure/tasks/main.yml b/roles/mgrote_minio_configure/tasks/main.yml index c76aab54..26ab217e 100644 --- a/roles/mgrote_minio_configure/tasks/main.yml +++ b/roles/mgrote_minio_configure/tasks/main.yml @@ -2,6 +2,7 @@ #- name: include client tasks # einkommentieren!!!!!!!!!!!!!! # ansible.builtin.include_tasks: client.yml + - name: ensure alias exists # ansible.builtin.command: "{{ minio_client_bin }} --dp alias set {{ minio_root_alias }} {{ minio_url }} {{ minio_root_access_key }} {{ minio_root_secret_key }}" dubzland.minio.minio_alias: @@ -11,6 +12,9 @@ secret_key: "{{ minio_root_secret_key }}" state: present +- name: include policy tasks + ansible.builtin.include_tasks: policy.yml + - name: include user tasks ansible.builtin.include_tasks: user.yml @@ -20,9 +24,6 @@ - name: include policy tasks ansible.builtin.include_tasks: policy.yml -- name: include policy tasks - ansible.builtin.include_tasks: policy.yml - - name: get all access keys (is set to true) ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey list {{ minio_root_alias }} --all" when: minio_print_keys @@ -32,3 +33,6 @@ ansible.builtin.debug: msg: "{{ all_keys.stdout_lines }}" when: minio_print_keys + + +# https://galaxy.ansible.com/ui/repo/published/dubzland/minio/content/module/minio_alias/ diff --git a/roles/mgrote_minio_configure/tasks/user.yml b/roles/mgrote_minio_configure/tasks/user.yml index f5df2e53..2373fd89 100644 --- a/roles/mgrote_minio_configure/tasks/user.yml +++ b/roles/mgrote_minio_configure/tasks/user.yml @@ -1,56 +1,20 @@ --- -- name: setup minio users - ansible.builtin.command: "{{ minio_client_bin }} --dp admin user add {{ minio_root_alias }} {{ item.name }} {{ item.secret }}" +- name: Add a Minio user + dubzland.minio.minio_user: + access_key: "{{ item.name }}" + secret_key: "{{ item.secret }}" + auth: + access_key: "{{ minio_root_access_key }}" + secret_key: "{{ minio_root_secret_key }}" + url: "{{ minio_url }}" + state: "{{ item.state | default('present') }}" + # policy: + delegate_to: localhost loop: "{{ minio_users }}" - register: users - -# mg@irantu ~ -# > ./mc --dp admin accesskey list minio_root --all -# User: m-admin -# Access Keys: -# xxx, expires: 1 hour ago, sts: true -# xxx, expires: never, sts: false -# User: testuser1 -# Access Keys: -# ekWgpsClIB5SDT2bJSqS, expires: never, sts: false -# 6ZP41ECPMGQM5IFXNN9E, expires: never, sts: false -# KFOB01AASUOQQ6PUZ0K2, expires: never, sts: false -# FYTEFK8ODQZOYFHCJUW7, expires: never, sts: false -# WIKS93B4323YI2WN0P5U, expires: never, sts: false -# User: testuser7 -# -# mg@irantu ~ -# > ./mc --dp admin accesskey list minio_root testuser7 -# User: testuser7 - -# 1. check if user has access keys{wenn access} -# 2. when not create one, else skip -# whe exist, then display if param is set - -- name: Get access keys for each user - ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey list {{ minio_root_alias }} {{ item.name }}" - loop: "{{ minio_users }}" - register: keys - -- name: Debug Print users with access keys - ansible.builtin.debug: - msg: "User {{ item.item.name }} has access keys: {{ item.stdout }}" - loop: "{{ keys.results }}" - when: "'Access Keys:' in item.stdout" - -- name: Create access keys for users without them - ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey create {{ minio_root_alias }} {{ item.item.name }}" - loop: "{{ keys.results }}" - when: "'Access Keys:' not in item.stdout" - register: new_keys -# mehrere keys pro user? -# wie ausgeben? - - # no_log überall bei keys und users # linter # succssfu/changed_when