Getting started
Default installation and upgrades
The role will install the latest MinIO release available by default. After that, the selected release will be "locked" via the Ansible local facts, and normal execution of the debops.minio role will not upgrade an existing installation.
To perform an upgrade, you can use the following command:
debops run service/minio -l <host|group> -t role::golang \
-e 'minio__upstream_upgrade=true'
This command will execute the debops.golang Ansible role in the context
of the service/minio
playbook and perform the upgrade of MinIO binary
if a new release is found. The existing MinIO instances will be restarted
afterwards.
If you want to perform upgrades automatically when the role is executed when
they are available, you can set the minio__upstream_upgrade
variable
to True
in the Ansible inventory.
The previously downloaded MinIO releases are currently not removed
automatically, therefore make sure that you clean up the
~_golang/go/src/
directory managed by the debops.golang role
from time to time.
Dependent role usage
The debops.minio role is focused on configuration of the MinIO service, and relies on other DebOps roles for the actual installation and configuration of additional services:
The debops.golang role is used to download and verify MinIO binary, or clone the MinIO source code and build the binary locally.
The debops.keyring role is used by the debops.golang role to fetch and import the MinIO GPG signing key used to verify the MinIO binaries or source code.
The debops.pki role (not included in the playbook) is used to provide the PKI infrastructure and X.509 certificates required for TLS connections to MinIO instances.
The debops.sysctl and debops.sysfs roles are used to configure kernel parameters in the
/proc/
and/sys/
directories related to MinIO.The debops.nginx role is used to configure the web server access to MinIO service over HTTPS and redirects the subdomain queries to the correct MinIO instances configured on the host.
The debops.ferm role is used to open the firewall access to MinIO instances via their TCP ports.
See the provided Ansible playbook for the order of the roles and usage of the dependent role variables. Without the mentioned DebOps roles and services managed by them, debops.minio role alone will not deploy the MinIO service correctly.
Example inventory
To configure MinIO service on a host, it needs to be added to the
[debops_service_minio]
Ansible inventory group:
[debops_service_minio]
hostname
See the MinIO deployment guide more examples of distributed MinIO deployments.
Example playbook
If you are using this role without DebOps, here's an example Ansible playbook
that uses the debops.minio
role:
---
- name: Manage MinIO service
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debops_service_minio' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
pre_tasks:
- name: Prepare minio environment
ansible.builtin.import_role:
name: 'minio'
tasks_from: 'main_env'
tags: [ 'role::minio', 'role::etc_services', 'role::ferm',
'role::keyring', 'role::golang', 'role::nginx' ]
- name: Prepare sysfs environment
ansible.builtin.import_role:
name: 'sysfs'
tasks_from: 'main_env'
tags: [ 'role::sysfs', 'role::secret' ]
roles:
- role: keyring
tags: [ 'role::keyring', 'skip::keyring', 'role::golang' ]
keyring__dependent_gpg_user: '{{ golang__keyring__dependent_gpg_user }}'
keyring__dependent_gpg_keys:
- '{{ nginx__keyring__dependent_apt_keys }}'
- '{{ golang__keyring__dependent_gpg_keys }}'
golang__dependent_packages: # noqa var-naming[no-role-prefix]
- '{{ minio__golang__dependent_packages }}'
- role: secret
tags: [ 'role::secret', 'role::sysfs' ]
secret__directories:
- '{{ sysfs__secret__directories | d([]) }}'
- role: apt_preferences
tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
apt_preferences__dependent_list:
- '{{ golang__apt_preferences__dependent_list }}'
- '{{ nginx__apt_preferences__dependent_list }}'
- role: etc_services
tags: [ 'role::etc_services', 'skip::etc_services' ]
etc_services__dependent_list:
- '{{ minio__etc_services__dependent_list }}'
- role: ferm
tags: [ 'role::ferm', 'skip::ferm' ]
ferm__dependent_rules:
- '{{ minio__ferm__dependent_rules }}'
- '{{ nginx__ferm__dependent_rules }}'
- role: sysctl
tags: [ 'role::sysctl', 'skip::sysctl' ]
sysctl__dependent_parameters:
- '{{ minio__sysctl__dependent_parameters }}'
- role: sysfs
tags: [ 'role::sysfs', 'skip::sysfs' ]
sysfs__dependent_attributes:
- '{{ minio__sysfs__dependent_attributes }}'
- role: python
tags: [ 'role::python', 'skip::python' ]
python__dependent_packages3:
- '{{ nginx__python__dependent_packages3 }}'
python__dependent_packages2:
- '{{ nginx__python__dependent_packages2 }}'
- role: nginx
tags: [ 'role::nginx', 'skip::nginx' ]
nginx__dependent_upstreams:
- '{{ minio__nginx__dependent_upstreams }}'
nginx__dependent_servers:
- '{{ minio__nginx__dependent_servers }}'
- role: golang
tags: [ 'role::golang', 'skip::golang' ]
golang__dependent_packages:
- '{{ minio__golang__dependent_packages }}'
- role: minio
tags: [ 'role::minio', 'skip::minio' ]
Other resources
List of other useful resources related to the debops.minio
Ansible role: