setup minio automation #229

Merged
mg merged 114 commits from minio_automation into master 2024-11-09 22:00:58 +01:00
3 changed files with 20 additions and 50 deletions
Showing only changes of commit 8c9ccae9f1 - Show all commits

View file

@ -13,10 +13,12 @@ minio_print_keys: true # zeige secret in playbook
minio_users: minio_users:
- name: testuser5 - name: testuser5
secret: hallowelt secret: hallowelt
state: present
policies: policies:
- testbucket1_rw - testbucket1_rw
- name: testuser6 - name: testuser6
secret: hallowelt2 secret: hallowelt2
state: present
policies: policies:
- testbucket3_ro - testbucket3_ro

View file

@ -2,6 +2,7 @@
#- name: include client tasks # einkommentieren!!!!!!!!!!!!!! #- name: include client tasks # einkommentieren!!!!!!!!!!!!!!
# ansible.builtin.include_tasks: client.yml # ansible.builtin.include_tasks: client.yml
- name: ensure alias exists - name: ensure alias exists
# ansible.builtin.command: "{{ minio_client_bin }} --dp alias set {{ minio_root_alias }} {{ minio_url }} {{ minio_root_access_key }} {{ minio_root_secret_key }}" # ansible.builtin.command: "{{ minio_client_bin }} --dp alias set {{ minio_root_alias }} {{ minio_url }} {{ minio_root_access_key }} {{ minio_root_secret_key }}"
dubzland.minio.minio_alias: dubzland.minio.minio_alias:
@ -11,6 +12,9 @@
secret_key: "{{ minio_root_secret_key }}" secret_key: "{{ minio_root_secret_key }}"
state: present state: present
- name: include policy tasks
ansible.builtin.include_tasks: policy.yml
- name: include user tasks - name: include user tasks
ansible.builtin.include_tasks: user.yml ansible.builtin.include_tasks: user.yml
@ -20,9 +24,6 @@
- name: include policy tasks - name: include policy tasks
ansible.builtin.include_tasks: policy.yml ansible.builtin.include_tasks: policy.yml
- name: include policy tasks
ansible.builtin.include_tasks: policy.yml
- name: get all access keys (is set to true) - name: get all access keys (is set to true)
ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey list {{ minio_root_alias }} --all" ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey list {{ minio_root_alias }} --all"
when: minio_print_keys when: minio_print_keys
@ -32,3 +33,6 @@
ansible.builtin.debug: ansible.builtin.debug:
msg: "{{ all_keys.stdout_lines }}" msg: "{{ all_keys.stdout_lines }}"
when: minio_print_keys when: minio_print_keys
# https://galaxy.ansible.com/ui/repo/published/dubzland/minio/content/module/minio_alias/

View file

@ -1,56 +1,20 @@
--- ---
- name: setup minio users - name: Add a Minio user
ansible.builtin.command: "{{ minio_client_bin }} --dp admin user add {{ minio_root_alias }} {{ item.name }} {{ item.secret }}" dubzland.minio.minio_user:
access_key: "{{ item.name }}"
secret_key: "{{ item.secret }}"
auth:
access_key: "{{ minio_root_access_key }}"
secret_key: "{{ minio_root_secret_key }}"
url: "{{ minio_url }}"
state: "{{ item.state | default('present') }}"
# policy:
delegate_to: localhost
loop: "{{ minio_users }}" loop: "{{ minio_users }}"
register: users
# mg@irantu ~
# > ./mc --dp admin accesskey list minio_root --all
# User: m-admin
# Access Keys:
# xxx, expires: 1 hour ago, sts: true
# xxx, expires: never, sts: false
# User: testuser1
# Access Keys:
# ekWgpsClIB5SDT2bJSqS, expires: never, sts: false
# 6ZP41ECPMGQM5IFXNN9E, expires: never, sts: false
# KFOB01AASUOQQ6PUZ0K2, expires: never, sts: false
# FYTEFK8ODQZOYFHCJUW7, expires: never, sts: false
# WIKS93B4323YI2WN0P5U, expires: never, sts: false
# User: testuser7
#
# mg@irantu ~
# > ./mc --dp admin accesskey list minio_root testuser7
# User: testuser7
# 1. check if user has access keys{wenn access}
# 2. when not create one, else skip
# whe exist, then display if param is set
- name: Get access keys for each user
ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey list {{ minio_root_alias }} {{ item.name }}"
loop: "{{ minio_users }}"
register: keys
- name: Debug Print users with access keys
ansible.builtin.debug:
msg: "User {{ item.item.name }} has access keys: {{ item.stdout }}"
loop: "{{ keys.results }}"
when: "'Access Keys:' in item.stdout"
- name: Create access keys for users without them
ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey create {{ minio_root_alias }} {{ item.item.name }}"
loop: "{{ keys.results }}"
when: "'Access Keys:' not in item.stdout"
register: new_keys
# mehrere keys pro user?
# wie ausgeben?
# no_log überall bei keys und users # no_log überall bei keys und users
# linter # linter
# succssfu/changed_when # succssfu/changed_when