setup minio automation #229
3 changed files with 20 additions and 50 deletions
|
@ -13,10 +13,12 @@ minio_print_keys: true # zeige secret in playbook
|
||||||
minio_users:
|
minio_users:
|
||||||
- name: testuser5
|
- name: testuser5
|
||||||
secret: hallowelt
|
secret: hallowelt
|
||||||
|
state: present
|
||||||
policies:
|
policies:
|
||||||
- testbucket1_rw
|
- testbucket1_rw
|
||||||
- name: testuser6
|
- name: testuser6
|
||||||
secret: hallowelt2
|
secret: hallowelt2
|
||||||
|
state: present
|
||||||
policies:
|
policies:
|
||||||
- testbucket3_ro
|
- testbucket3_ro
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
#- name: include client tasks # einkommentieren!!!!!!!!!!!!!!
|
#- name: include client tasks # einkommentieren!!!!!!!!!!!!!!
|
||||||
# ansible.builtin.include_tasks: client.yml
|
# ansible.builtin.include_tasks: client.yml
|
||||||
|
|
||||||
|
|
||||||
- name: ensure alias exists
|
- name: ensure alias exists
|
||||||
# ansible.builtin.command: "{{ minio_client_bin }} --dp alias set {{ minio_root_alias }} {{ minio_url }} {{ minio_root_access_key }} {{ minio_root_secret_key }}"
|
# ansible.builtin.command: "{{ minio_client_bin }} --dp alias set {{ minio_root_alias }} {{ minio_url }} {{ minio_root_access_key }} {{ minio_root_secret_key }}"
|
||||||
dubzland.minio.minio_alias:
|
dubzland.minio.minio_alias:
|
||||||
|
@ -11,6 +12,9 @@
|
||||||
secret_key: "{{ minio_root_secret_key }}"
|
secret_key: "{{ minio_root_secret_key }}"
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: include policy tasks
|
||||||
|
ansible.builtin.include_tasks: policy.yml
|
||||||
|
|
||||||
- name: include user tasks
|
- name: include user tasks
|
||||||
ansible.builtin.include_tasks: user.yml
|
ansible.builtin.include_tasks: user.yml
|
||||||
|
|
||||||
|
@ -20,9 +24,6 @@
|
||||||
- name: include policy tasks
|
- name: include policy tasks
|
||||||
ansible.builtin.include_tasks: policy.yml
|
ansible.builtin.include_tasks: policy.yml
|
||||||
|
|
||||||
- name: include policy tasks
|
|
||||||
ansible.builtin.include_tasks: policy.yml
|
|
||||||
|
|
||||||
- name: get all access keys (is set to true)
|
- name: get all access keys (is set to true)
|
||||||
ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey list {{ minio_root_alias }} --all"
|
ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey list {{ minio_root_alias }} --all"
|
||||||
when: minio_print_keys
|
when: minio_print_keys
|
||||||
|
@ -32,3 +33,6 @@
|
||||||
ansible.builtin.debug:
|
ansible.builtin.debug:
|
||||||
msg: "{{ all_keys.stdout_lines }}"
|
msg: "{{ all_keys.stdout_lines }}"
|
||||||
when: minio_print_keys
|
when: minio_print_keys
|
||||||
|
|
||||||
|
|
||||||
|
# https://galaxy.ansible.com/ui/repo/published/dubzland/minio/content/module/minio_alias/
|
||||||
|
|
|
@ -1,56 +1,20 @@
|
||||||
---
|
---
|
||||||
- name: setup minio users
|
- name: Add a Minio user
|
||||||
ansible.builtin.command: "{{ minio_client_bin }} --dp admin user add {{ minio_root_alias }} {{ item.name }} {{ item.secret }}"
|
dubzland.minio.minio_user:
|
||||||
|
access_key: "{{ item.name }}"
|
||||||
|
secret_key: "{{ item.secret }}"
|
||||||
|
auth:
|
||||||
|
access_key: "{{ minio_root_access_key }}"
|
||||||
|
secret_key: "{{ minio_root_secret_key }}"
|
||||||
|
url: "{{ minio_url }}"
|
||||||
|
state: "{{ item.state | default('present') }}"
|
||||||
|
# policy:
|
||||||
|
delegate_to: localhost
|
||||||
loop: "{{ minio_users }}"
|
loop: "{{ minio_users }}"
|
||||||
register: users
|
|
||||||
|
|
||||||
# mg@irantu ~
|
|
||||||
# > ./mc --dp admin accesskey list minio_root --all
|
|
||||||
# User: m-admin
|
|
||||||
# Access Keys:
|
|
||||||
# xxx, expires: 1 hour ago, sts: true
|
|
||||||
# xxx, expires: never, sts: false
|
|
||||||
# User: testuser1
|
|
||||||
# Access Keys:
|
|
||||||
# ekWgpsClIB5SDT2bJSqS, expires: never, sts: false
|
|
||||||
# 6ZP41ECPMGQM5IFXNN9E, expires: never, sts: false
|
|
||||||
# KFOB01AASUOQQ6PUZ0K2, expires: never, sts: false
|
|
||||||
# FYTEFK8ODQZOYFHCJUW7, expires: never, sts: false
|
|
||||||
# WIKS93B4323YI2WN0P5U, expires: never, sts: false
|
|
||||||
# User: testuser7
|
|
||||||
#
|
|
||||||
# mg@irantu ~
|
|
||||||
# > ./mc --dp admin accesskey list minio_root testuser7
|
|
||||||
# User: testuser7
|
|
||||||
|
|
||||||
# 1. check if user has access keys{wenn access}
|
|
||||||
# 2. when not create one, else skip
|
|
||||||
# whe exist, then display if param is set
|
|
||||||
|
|
||||||
- name: Get access keys for each user
|
|
||||||
ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey list {{ minio_root_alias }} {{ item.name }}"
|
|
||||||
loop: "{{ minio_users }}"
|
|
||||||
register: keys
|
|
||||||
|
|
||||||
- name: Debug Print users with access keys
|
|
||||||
ansible.builtin.debug:
|
|
||||||
msg: "User {{ item.item.name }} has access keys: {{ item.stdout }}"
|
|
||||||
loop: "{{ keys.results }}"
|
|
||||||
when: "'Access Keys:' in item.stdout"
|
|
||||||
|
|
||||||
- name: Create access keys for users without them
|
|
||||||
ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey create {{ minio_root_alias }} {{ item.item.name }}"
|
|
||||||
loop: "{{ keys.results }}"
|
|
||||||
when: "'Access Keys:' not in item.stdout"
|
|
||||||
register: new_keys
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# mehrere keys pro user?
|
|
||||||
# wie ausgeben?
|
|
||||||
|
|
||||||
|
|
||||||
# no_log überall bei keys und users
|
# no_log überall bei keys und users
|
||||||
# linter
|
# linter
|
||||||
# succssfu/changed_when
|
# succssfu/changed_when
|
||||||
|
|
Loading…
Reference in a new issue