homeserver/friedhof/mgrote_minio_configure/tasks/policy.yml
Michael Grote 2b48b9fe6f
All checks were successful
ansible-lint / gitleaks (pull_request) Successful in 5s
ansible-lint / Ansible Lint (pull_request) Successful in 49s
changed Files: friedhof/mgrote_minio_configure/defaults/main.yml
friedhof/mgrote_minio_configure/tasks/bucket.yml
friedhof/mgrote_minio_configure/tasks/client.yml
friedhof/mgrote_minio_configure/tasks/main.yml
friedhof/mgrote_minio_configure/tasks/policy.yml
friedhof/mgrote_minio_configure/templates/policy_ro.j2
friedhof/mgrote_minio_configure/templates/policy_rw.j2
group_vars/docker.yml
host_vars/docker10.mgrote.net.yml
playbooks/3_service/docker.yml

Signed-off-by: Michael Grote <michael.grote@posteo.de>
2024-11-24 21:04:36 +00:00

50 lines
1.8 KiB
YAML

---
# https://galaxy.ansible.com/ui/repo/published/dubzland/minio/content/module/minio_policy/ ?
- name: "ensure needed dirs exist"
ansible.builtin.file:
path: "{{ minio_config_dir }}"
state: directory
owner: root
group: root
mode: '0644'
delegate_to: localhost
- name: "prep: template policy files (ro)"
ansible.builtin.template:
dest: "{{ minio_config_dir }}/{{ item.name }}_ro"
src: policy_ro.j2
owner: root
group: root
mode: '0644'
loop: "{{ minio_buckets }}"
delegate_to: localhost
- name: "prep: template policy files (rw)"
ansible.builtin.template:
dest: "{{ minio_config_dir }}/{{ item.name }}_rw"
src: policy_rw.j2
owner: root
group: root
mode: '0644'
loop: "{{ minio_buckets }}"
delegate_to: localhost
- name: "setup policies (ro)"
ansible.builtin.command: "{{ minio_client_bin }} --disable-pager admin policy create {{ minio_root_alias }} {{ item.name }}_ro {{ minio_config_dir }}/{{ item.name }}_ro"
loop: "{{ minio_buckets }}"
changed_when: false # Befehl gibt immer "Created policy `testbucket3_ro` successfully." aus, unabhängig ob sie schon existiert oder nicht.
delegate_to: localhost
- name: "setup policies (rw)"
ansible.builtin.command: "{{ minio_client_bin }} --disable-pager admin policy create {{ minio_root_alias }} {{ item.name }}_rw {{ minio_config_dir }}/{{ item.name }}_rw"
loop: "{{ minio_buckets }}"
changed_when: false # Befehl gibt immer "Created policy `testbucket3_ro` successfully." aus, unabhängig ob sie schon existiert oder nicht.
delegate_to: localhost
- name: "remove old policy files"
ansible.builtin.file:
path: "{{ minio_config_dir }}/{{ item.name }}*"
state: absent
loop: "{{ minio_buckets }}"
when: '"absent" in item.state'
delegate_to: localhost