commit 272159d4b63de988892b15a3916c0ab21f75dd08 Author: Andrea Tosatto Date: Mon Jan 2 17:52:58 2017 +0100 First commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..acf553a --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +.molecule/ +.vagrant/ +.cache/ + +# TestInfra tests +tests/__pycache__/ +*.pyc + +*.retry diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..4951d15 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,27 @@ +--- + +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: required + +# Enable the docker service +services: + - docker + +# Ensure docker is updated +before_install: + - sudo apt-get -qq update + - sudo apt-get install -o Dpkg::Options::="--force-confold" --force-yes -y docker-engine + +# Install molecule +install: + - pip install -r test-requirements.txt + +# Execute the tests using the molecule docker driver +script: + - molecule test --driver docker + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..ed984a3 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2017 Andrea Tosatto + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..f2d8275 --- /dev/null +++ b/README.md @@ -0,0 +1,79 @@ +Ansible Role: Minio +=================== + +[![Build Status](https://travis-ci.org/atosatto/ansible-minio.svg?branch=master)](https://travis-ci.org/atosatto/ansible-minio) + +Install and configure [Minio](https://minio.io/) on RHEL/CentOS and Debian/Ubuntu. + +Requirements +------------ + +None. + +Role Variables +-------------- + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + minio_server_bin: /usr/local/bin/minio + minio_client_bin: /usr/local/bin/mc + +Installation path of the Minio server and client binaries. + + minio_user: minio + minio_group: minio + +Name and group of the user running the minio server. +**NB**: This role automatically creates the minio user and/or group if these does not exist in the system. + + minio_server_envfile: /etc/default/minio + +Path to the file containing the minio server configuration ENV variables. + + minio_server_addr: ":9091" + +The Minio server listen address. + + minio_server_datadirs: [ ] + +Directories of the folder containing the minio server data +**NB**: This variable must always be set by the role, otherwise the minio service will not start. + + minio_server_opts: "" + +Additional CLI options that must be appended to the minio server start command. + + minio_access_key: "" + minio_secret_key: "" + +Minio access and secret keys. + + skip_server: False + skip_client: False + +Switches to disable minio server and/or minio client installation. + +Dependencies +------------ + +None. + +Example Playbook +---------------- + + $ cat playbook.yml + - name: "Install Minio" + hosts: all + roles: + - { role: atosatto.minio, + minio_server_datadirs: [ "/tmp" ] } + +License +------- + +MIT + +Author Information +------------------ + +Andrea Tosatto ([@\_hilbert\_](https://twitter.com/_hilbert_)) diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..ea7ab71 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,29 @@ +--- + +# Minio binaries path +minio_server_bin: /usr/local/bin/minio +minio_client_bin: /usr/local/bin/mc + +# Runtime user and group for the minio server service +minio_user: minio +minio_group: minio + +# Path to the file containing the ENV variables for the minio server +minio_server_envfile: /etc/default/minio + +# Minio server listen address +minio_server_addr: ":9091" + +# Minio server data directories +minio_server_datadirs: [ ] + +# Additional minio server CLI options +minio_server_opts: "" + +# Minio access and secret keys +minio_access_key: "" +minio_secret_key: "" + +# Switches to disable minio server and/or minio client installation +skip_server: False +skip_client: False diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..64820f3 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: restart minio + service: + name: minio + state: restarted diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..920f42b --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,194 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 1.2 + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If travis integration is cofigured, only notification for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + #platforms: + #- name: EL + # versions: + # - all + # - 5 + # - 6 + # - 7 + #- name: GenericUNIX + # versions: + # - all + # - any + #- name: OpenBSD + # versions: + # - all + # - 5.6 + # - 5.7 + # - 5.8 + # - 5.9 + # - 6.0 + #- name: Fedora + # versions: + # - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + # - 21 + # - 22 + # - 23 + #- name: opensuse + # versions: + # - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + #- name: MacOSX + # versions: + # - all + # - 10.10 + # - 10.11 + # - 10.12 + # - 10.7 + # - 10.8 + # - 10.9 + #- name: IOS + # versions: + # - all + # - any + #- name: Solaris + # versions: + # - all + # - 10 + # - 11.0 + # - 11.1 + # - 11.2 + # - 11.3 + #- name: SmartOS + # versions: + # - all + # - any + #- name: eos + # versions: + # - all + # - Any + #- name: Windows + # versions: + # - all + # - 2012R2 + #- name: Amazon + # versions: + # - all + # - 2013.03 + # - 2013.09 + #- name: GenericBSD + # versions: + # - all + # - any + #- name: Junos + # versions: + # - all + # - any + #- name: FreeBSD + # versions: + # - all + # - 10.0 + # - 10.1 + # - 10.2 + # - 10.3 + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + # - 9.3 + #- name: Ubuntu + # versions: + # - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + # - utopic + # - vivid + # - wily + # - xenial + #- name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + # - 11SP4 + # - 12 + # - 12SP1 + #- name: GenericLinux + # versions: + # - all + # - any + #- name: NXOS + # versions: + # - all + # - any + #- name: Debian + # versions: + # - all + # - etch + # - jessie + # - lenny + # - sid + # - squeeze + # - stretch + # - wheezy + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is + # a keyword that describes and categorizes the role. + # Users find roles by searching for tags. Be sure to + # remove the '[]' above if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of + # alphanumeric characters. Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. + # Be sure to remove the '[]' above if you add dependencies + # to this list. diff --git a/molecule.yml b/molecule.yml new file mode 100644 index 0000000..8b894b1 --- /dev/null +++ b/molecule.yml @@ -0,0 +1,38 @@ +--- + +# docker driver configuration (CI) +docker: + containers: + - name: minio-centos-7 + image: atosatto/centos + image_version: 7-systemd + privileged: True + # - name: minio-ubuntu-16.04 + # image: atosatto/ubuntu + # image_version: 16.04 + # privileged: True + # Unfortunately, upstart does not run in Docker containers, + # so no Ubuntu 14.04 docker tests :/ + +# vagrant driver configuration (development) +vagrant: + platforms: + - name: centos-7 + box: centos/7 + - name: ubuntu-16.04 + box: bento/ubuntu-16.04 + - name: ubuntu-14.04 + box: bento/ubuntu-14.04 + providers: + - name: virtualbox + type: virtualbox + options: + memory: 2048 + cpus: 2 + instances: + - name: ansible-minio-01 + options: + append_platform_to_hostname: yes + +verifier: + name: testinfra diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..179462c --- /dev/null +++ b/playbook.yml @@ -0,0 +1,6 @@ +--- + +- hosts: all + roles: + - { role: ansible-minio, + minio_server_datadirs: [ "/tmp" ] } diff --git a/tasks/client.yml b/tasks/client.yml new file mode 100644 index 0000000..28a8391 --- /dev/null +++ b/tasks/client.yml @@ -0,0 +1,9 @@ +--- + +- name: download minio client + get_url: + url: "{{ minio_client_download_url }}" + dest: "{{ minio_client_bin }}" + owner: "{{ minio_user }}" + group: "{{ minio_group }}" + mode: 0755 diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..d22f2a8 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,21 @@ +--- + +- name: include os-specific variables + include_vars: "{{ ansible_os_family }}.yml" + +- name: create minio group + group: + name: "{{ minio_group }}" + state: present + +- name: create minio user + user: + name: "{{ minio_user }}" + group: "{{ minio_group }}" + shell: /bin/bash + +- include: server.yml + when: not skip_server + +- include: client.yml + when: not skip_client diff --git a/tasks/server.yml b/tasks/server.yml new file mode 100644 index 0000000..c47d4ed --- /dev/null +++ b/tasks/server.yml @@ -0,0 +1,33 @@ +--- + +- name: download minio server + get_url: + url: "{{ minio_server_download_url }}" + dest: "{{ minio_server_bin }}" + owner: "{{ minio_user }}" + group: "{{ minio_group }}" + mode: 0755 + +- name: generate the minio server envfile + template: + src: minio_env.j2 + dest: "{{ minio_server_envfile }}" + notify: restart minio + +- name: create the minio server systemd config + template: + src: minio.service.j2 + dest: "{{ systemd_units_dir }}/minio.service" + when: ansible_service_mgr == "systemd" + +- name: create the minio server upstart config + template: + src: minio.upstart.j2 + dest: "{{ upstart_conf_dir }}/minio.conf" + when: ansible_service_mgr == "upstart" + +- name: enable and start the minio service + service: + name: minio + state: started + enabled: yes diff --git a/templates/minio.service.j2 b/templates/minio.service.j2 new file mode 100644 index 0000000..f98ccf9 --- /dev/null +++ b/templates/minio.service.j2 @@ -0,0 +1,37 @@ +[Unit] +Description=Minio +Documentation=https://docs.minio.io +Wants=network-online.target +After=network-online.target +AssertFileIsExecutable={{ minio_server_bin }} + +[Service] +WorkingDirectory=/usr/local/ + +User={{ minio_user }} +Group={{ minio_group }} + +PermissionsStartOnly=true + +EnvironmentFile={{ minio_server_envfile }} +ExecStartPre=/bin/bash -c "[ -n \"${MINIO_VOLUMES}\" ] || echo \"Variable MINIO_VOLUMES not set in {{ minio_server_envfile }}\"" +ExecStart={{ minio_server_bin }} server $MINIO_OPTS $MINIO_VOLUMES + +StandardOutput=journal +StandardError=inherit + +# Specifies the maximum file descriptor number that can be opened by this process +LimitNOFILE=65536 + +# Disable timeout logic and wait until process is stopped +TimeoutStopSec=0 + +# SIGTERM signal is used to stop Minio +KillSignal=SIGTERM + +SendSIGKILL=no + +SuccessExitStatus=0 + +[Install] +WantedBy=multi-user.target diff --git a/templates/minio.upstart.j2 b/templates/minio.upstart.j2 new file mode 100644 index 0000000..c326189 --- /dev/null +++ b/templates/minio.upstart.j2 @@ -0,0 +1,36 @@ +description "minio" + +start on (local-filesystems and net-device-up IFACE!=lo) +stop on shutdown + +# Maximum file descriptor number that can be opened +limit nofile 65536 65536 + +# Set the kill signal and timeout +kill signal SIGTERM + +pre-start script + # enable the dash allexport feature + set -a + + # stop job from continuing if no config file found for daemon + [ ! -f {{ minio_server_envfile }} ] && { stop; exit 0; } + + # source the config file + . {{ minio_server_envfile }} + + # stop job from continuing if MINIO_VOLUMES not set + [ -n "$MINIO_VOLUMES" ] || { echo "Variable MINIO_VOLUMES not set in {{ minio_server_envfile }}"; stop; exit 0; } + +end script + +script + # enable the dash allexport feature + set -a + + # source the environment config file + . {{ minio_server_envfile }} + + # start the minio server + exec sudo -u {{ minio_user }} {{ minio_server_bin }} server $MINIO_OPTS $MINIO_VOLUMES +end script diff --git a/templates/minio_env.j2 b/templates/minio_env.j2 new file mode 100644 index 0000000..4ad10be --- /dev/null +++ b/templates/minio_env.j2 @@ -0,0 +1,15 @@ +# {{ ansible_managed }} + +# Minio local/remote volumes. +MINIO_VOLUMES="{{ minio_server_datadirs | join(' ') }}" +# Minio cli options. +MINIO_OPTS="--address {{ minio_server_addr }} {{ minio_server_opts }}" + +{% if minio_access_key %} +# Access Key of the server. +MINIO_ACCESS_KEY="{{ minio_access_key }}" +{% endif %} +{% if minio_secret_key %} +# Secret key of the server. +MINIO_SECRET_KEY="{{ minio_secret_key }}" +{% endif %} diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 0000000..bc4cea1 --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,3 @@ +molecule==1.17.3 +docker-py==1.10.6 +PyYAML==3.12 diff --git a/tests/test_minio.py b/tests/test_minio.py new file mode 100644 index 0000000..78a0f3a --- /dev/null +++ b/tests/test_minio.py @@ -0,0 +1,32 @@ +import yaml +import pytest +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + '.molecule/ansible_inventory').get_hosts('all') + + +@pytest.fixture() +def AnsibleDefaults(Ansible): + with open("./defaults/main.yml", 'r') as stream: + return yaml.load(stream) + + +@pytest.mark.parametrize('minio_bin_var', [ + 'minio_server_bin', + 'minio_client_bin', +]) +def test_minio_installed(File, AnsibleDefaults, minio_bin_var): + + f = File(AnsibleDefaults[minio_bin_var]) + assert f.exists + assert f.user == AnsibleDefaults['minio_user'] + assert f.group == AnsibleDefaults['minio_group'] + assert oct(f.mode) == '0755' + + +def test_minio_service(Service): + + s = Service('minio') + assert s.is_running + assert s.is_enabled diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..56f7f1a --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,4 @@ +--- + +systemd_units_dir: /lib/systemd/system +upstart_conf_dir: /etc/init diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..565d01d --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,3 @@ +--- + +systemd_units_dir: /etc/systemd/system diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..1dc9b27 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,5 @@ +--- + +# Minio and MC download urls +minio_server_download_url: https://dl.minio.io/server/minio/release/linux-amd64/minio +minio_client_download_url: https://dl.minio.io/client/mc/release/linux-amd64/mc