Getting started

Default installation and upgrades

The role will install the latest MinIO release available by default. After that, the selected release will be "locked" via the Ansible local facts, and normal execution of the debops.minio role will not upgrade an existing installation.

To perform an upgrade, you can use the following command:

debops run service/minio -l <host|group> -t role::golang \
                         -e 'minio__upstream_upgrade=true'

This command will execute the debops.golang Ansible role in the context of the service/minio playbook and perform the upgrade of MinIO binary if a new release is found. The existing MinIO instances will be restarted afterwards.

If you want to perform upgrades automatically when the role is executed when they are available, you can set the minio__upstream_upgrade variable to True in the Ansible inventory.

The previously downloaded MinIO releases are currently not removed automatically, therefore make sure that you clean up the ~_golang/go/src/ directory managed by the debops.golang role from time to time.

Dependent role usage

The debops.minio role is focused on configuration of the MinIO service, and relies on other DebOps roles for the actual installation and configuration of additional services:

  • The debops.golang role is used to download and verify MinIO binary, or clone the MinIO source code and build the binary locally.

  • The debops.keyring role is used by the debops.golang role to fetch and import the MinIO GPG signing key used to verify the MinIO binaries or source code.

  • The debops.pki role (not included in the playbook) is used to provide the PKI infrastructure and X.509 certificates required for TLS connections to MinIO instances.

  • The debops.sysctl and debops.sysfs roles are used to configure kernel parameters in the /proc/ and /sys/ directories related to MinIO.

  • The debops.nginx role is used to configure the web server access to MinIO service over HTTPS and redirects the subdomain queries to the correct MinIO instances configured on the host.

  • The debops.ferm role is used to open the firewall access to MinIO instances via their TCP ports.

See the provided Ansible playbook for the order of the roles and usage of the dependent role variables. Without the mentioned DebOps roles and services managed by them, debops.minio role alone will not deploy the MinIO service correctly.

Example inventory

To configure MinIO service on a host, it needs to be added to the [debops_service_minio] Ansible inventory group:

[debops_service_minio]
hostname

See the MinIO deployment guide more examples of distributed MinIO deployments.

Example playbook

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.minio role:

---

- name: Manage MinIO service
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debops_service_minio' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  pre_tasks:

    - name: Prepare minio environment
      ansible.builtin.import_role:
        name: 'minio'
        tasks_from: 'main_env'
      tags: [ 'role::minio', 'role::etc_services', 'role::ferm',
              'role::keyring', 'role::golang', 'role::nginx' ]

    - name: Prepare sysfs environment
      ansible.builtin.import_role:
        name: 'sysfs'
        tasks_from: 'main_env'
      tags: [ 'role::sysfs', 'role::secret' ]

  roles:

    - role: keyring
      tags: [ 'role::keyring', 'skip::keyring', 'role::golang' ]
      keyring__dependent_gpg_user: '{{ golang__keyring__dependent_gpg_user }}'
      keyring__dependent_gpg_keys:
        - '{{ nginx__keyring__dependent_apt_keys }}'
        - '{{ golang__keyring__dependent_gpg_keys }}'
      golang__dependent_packages:  # noqa var-naming[no-role-prefix]
        - '{{ minio__golang__dependent_packages }}'

    - role: secret
      tags: [ 'role::secret', 'role::sysfs' ]
      secret__directories:
        - '{{ sysfs__secret__directories | d([]) }}'

    - role: apt_preferences
      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
      apt_preferences__dependent_list:
        - '{{ golang__apt_preferences__dependent_list }}'
        - '{{ nginx__apt_preferences__dependent_list }}'

    - role: etc_services
      tags: [ 'role::etc_services', 'skip::etc_services' ]
      etc_services__dependent_list:
        - '{{ minio__etc_services__dependent_list }}'

    - role: ferm
      tags: [ 'role::ferm', 'skip::ferm' ]
      ferm__dependent_rules:
        - '{{ minio__ferm__dependent_rules }}'
        - '{{ nginx__ferm__dependent_rules }}'

    - role: sysctl
      tags: [ 'role::sysctl', 'skip::sysctl' ]
      sysctl__dependent_parameters:
        - '{{ minio__sysctl__dependent_parameters }}'

    - role: sysfs
      tags: [ 'role::sysfs', 'skip::sysfs' ]
      sysfs__dependent_attributes:
        - '{{ minio__sysfs__dependent_attributes }}'

    - role: python
      tags: [ 'role::python', 'skip::python' ]
      python__dependent_packages3:
        - '{{ nginx__python__dependent_packages3 }}'
      python__dependent_packages2:
        - '{{ nginx__python__dependent_packages2 }}'

    - role: nginx
      tags: [ 'role::nginx', 'skip::nginx' ]
      nginx__dependent_upstreams:
        - '{{ minio__nginx__dependent_upstreams }}'
      nginx__dependent_servers:
        - '{{ minio__nginx__dependent_servers }}'

    - role: golang
      tags: [ 'role::golang', 'skip::golang' ]
      golang__dependent_packages:
        - '{{ minio__golang__dependent_packages }}'

    - role: minio
      tags: [ 'role::minio', 'skip::minio' ]

Ansible tags

You can use Ansible --tags or --skip-tags parameters to limit what tasks are performed during Ansible run. This can be used after a host was first configured to speed up playbook execution, when you are sure that most of the configuration is already in the desired state.

Available role tags:

role::minio

Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.

Other resources

List of other useful resources related to the debops.minio Ansible role: