From 4b1e72dd4555c05b23ef5ab340d91dd5f9be5ebf Mon Sep 17 00:00:00 2001
From: paulfantom <pawel@krupa.net.pl>
Date: Mon, 25 Jun 2018 16:30:17 +0200
Subject: [PATCH 1/5] add ansible_managed info

---
 templates/minio.init.j2    |  2 ++
 templates/minio.service.j2 | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff --git a/templates/minio.init.j2 b/templates/minio.init.j2
index b2a88d2..a090006 100644
--- a/templates/minio.init.j2
+++ b/templates/minio.init.j2
@@ -9,6 +9,8 @@
 # Description:       Distributed object storage server built for cloud applications and devops.
 ### END INIT INFO
 
+# {{ ansible_managed }}
+
 # Do NOT "set -e"
 
 # PATH should only include /usr/* if it runs after the mountnfs.sh script
diff --git a/templates/minio.service.j2 b/templates/minio.service.j2
index f98ccf9..924fb5b 100644
--- a/templates/minio.service.j2
+++ b/templates/minio.service.j2
@@ -1,3 +1,5 @@
+# {{ ansible_managed }}
+
 [Unit]
 Description=Minio
 Documentation=https://docs.minio.io
@@ -15,8 +17,12 @@ PermissionsStartOnly=true
 
 EnvironmentFile={{ minio_server_envfile }}
 ExecStartPre=/bin/bash -c "[ -n \"${MINIO_VOLUMES}\" ] || echo \"Variable MINIO_VOLUMES not set in {{ minio_server_envfile }}\""
+
 ExecStart={{ minio_server_bin }} server $MINIO_OPTS $MINIO_VOLUMES
 
+# Let systemd restart this service only if it has ended with the clean exit code or signal.
+Restart=on-success
+
 StandardOutput=journal
 StandardError=inherit
 
@@ -33,5 +39,9 @@ SendSIGKILL=no
 
 SuccessExitStatus=0
 
+{% if minio_server_addr.split(':')[1] < 1024 %}
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+{% endif %}
+
 [Install]
 WantedBy=multi-user.target

From 1d79df82b7b43f6dad91329216350d79c268161f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Krupa?= <pawel@krupa.net.pl>
Date: Mon, 25 Jun 2018 16:59:14 +0200
Subject: [PATCH 2/5] IPv6 compatibility

---
 templates/minio.service.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/minio.service.j2 b/templates/minio.service.j2
index 924fb5b..87cf047 100644
--- a/templates/minio.service.j2
+++ b/templates/minio.service.j2
@@ -39,7 +39,7 @@ SendSIGKILL=no
 
 SuccessExitStatus=0
 
-{% if minio_server_addr.split(':')[1] < 1024 %}
+{% if minio_server_addr.split(':')[-1] < 1024 %}
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 {% endif %}
 

From fc152824d55581898f2e647a282734e5a00a5070 Mon Sep 17 00:00:00 2001
From: paulfantom <pawel@krupa.net.pl>
Date: Mon, 25 Jun 2018 22:53:37 +0200
Subject: [PATCH 3/5] add alternative settings test scenario

---
 molecule/alternative/molecule.yml        | 50 ++++++++++++++++++++++++
 molecule/alternative/playbook.yml        | 14 +++++++
 molecule/alternative/tests/test_minio.py | 44 +++++++++++++++++++++
 templates/minio.service.j2               |  2 +-
 4 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 molecule/alternative/molecule.yml
 create mode 100644 molecule/alternative/playbook.yml
 create mode 100644 molecule/alternative/tests/test_minio.py

diff --git a/molecule/alternative/molecule.yml b/molecule/alternative/molecule.yml
new file mode 100644
index 0000000..41bef2b
--- /dev/null
+++ b/molecule/alternative/molecule.yml
@@ -0,0 +1,50 @@
+---
+driver:
+  name: docker
+lint:
+  name: yamllint
+
+platforms:
+  - name: minio-centos-7
+    image: paulfantom/centos-molecule:7
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: minio-fedora-27
+    image: paulfantom/fedora-molecule:27
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: minio-debian-9
+    image: paulfantom/debian-molecule:9
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: minio-ubuntu-18.04
+    image: paulfantom/ubuntu-molecule:18.04
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: minio-ubuntu-16.04
+    image: paulfantom/ubuntu-molecule:16.04
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+
+provisioner:
+  name: ansible
+  lint:
+    name: ansible-lint
+  playbooks:
+    create: ../default/create.yml
+    prepare: ../default/prepare.yml
+    converge: playbook.yml
+    destroy: ../default/destroy.yml
+
+scenario:
+  name: alternative
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
+    enabled: true
diff --git a/molecule/alternative/playbook.yml b/molecule/alternative/playbook.yml
new file mode 100644
index 0000000..e9a7446
--- /dev/null
+++ b/molecule/alternative/playbook.yml
@@ -0,0 +1,14 @@
+---
+
+- hosts: all
+  any_errors_fatal: true
+  roles:
+    - ansible-minio
+  vars:
+    # minio_server_envfile: "/opt/minio"
+    minio_server_addr: ":80"
+    minio_server_datadirs:
+      - "/srv/data1"
+      - "/srv/data2"
+      - "/srv/data3"
+      - "/srv/data4"
diff --git a/molecule/alternative/tests/test_minio.py b/molecule/alternative/tests/test_minio.py
new file mode 100644
index 0000000..d09f8d8
--- /dev/null
+++ b/molecule/alternative/tests/test_minio.py
@@ -0,0 +1,44 @@
+import yaml
+import pytest
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    '.molecule/ansible_inventory').get_hosts('all')
+
+
+@pytest.fixture()
+def AnsibleDefaults(Ansible):
+    with open("./defaults/main.yml", 'r') as stream:
+        return yaml.load(stream)
+
+
+@pytest.mark.parametrize("dirs", [
+    "/minio-test"
+])
+def test_directories(host, dirs):
+    d = host.file(dirs)
+    assert d.is_directory
+    assert d.exists
+    assert d.user == AnsibleDefaults['minio_user']
+    assert d.group == AnsibleDefaults['minio_group']
+    assert oct(d.mode) == '0750'
+
+
+@pytest.mark.parametrize('minio_bin_var', [
+    'minio_server_bin',
+    'minio_client_bin',
+])
+def test_minio_installed(File, AnsibleDefaults, minio_bin_var):
+
+    f = File(AnsibleDefaults[minio_bin_var])
+    assert f.exists
+    assert f.user == AnsibleDefaults['minio_user']
+    assert f.group == AnsibleDefaults['minio_group']
+    assert oct(f.mode) == '0755'
+
+
+def test_minio_service(Service):
+
+    s = Service('minio')
+    assert s.is_running
+    assert s.is_enabled
diff --git a/templates/minio.service.j2 b/templates/minio.service.j2
index 87cf047..96e2ef1 100644
--- a/templates/minio.service.j2
+++ b/templates/minio.service.j2
@@ -39,7 +39,7 @@ SendSIGKILL=no
 
 SuccessExitStatus=0
 
-{% if minio_server_addr.split(':')[-1] < 1024 %}
+{% if (minio_server_addr.split(':')[-1] | int) < 1024 %}
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 {% endif %}
 

From 00670c903e5d90441b37c870eae053670961b9df Mon Sep 17 00:00:00 2001
From: paulfantom <pawel@krupa.net.pl>
Date: Mon, 25 Jun 2018 23:08:16 +0200
Subject: [PATCH 4/5] more options

---
 molecule/alternative/playbook.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/molecule/alternative/playbook.yml b/molecule/alternative/playbook.yml
index e9a7446..7d8bcba 100644
--- a/molecule/alternative/playbook.yml
+++ b/molecule/alternative/playbook.yml
@@ -5,7 +5,7 @@
   roles:
     - ansible-minio
   vars:
-    # minio_server_envfile: "/opt/minio"
+    minio_server_envfile: "/opt/minio"
     minio_server_addr: ":80"
     minio_server_datadirs:
       - "/srv/data1"

From 7be1b66dc05db6460651728491902700d7148344 Mon Sep 17 00:00:00 2001
From: paulfantom <pawel@krupa.net.pl>
Date: Mon, 25 Jun 2018 23:49:55 +0200
Subject: [PATCH 5/5] assert capabilities existence

---
 molecule/alternative/tests/test_minio.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/molecule/alternative/tests/test_minio.py b/molecule/alternative/tests/test_minio.py
index d09f8d8..142a110 100644
--- a/molecule/alternative/tests/test_minio.py
+++ b/molecule/alternative/tests/test_minio.py
@@ -42,3 +42,8 @@ def test_minio_service(Service):
     s = Service('minio')
     assert s.is_running
     assert s.is_enabled
+
+
+def test_capabilities(host):
+    service_file = host.file("/etc/systemd/system/minio.service")
+    assert service_file.contains("AmbientCapabilities=CAP_NET_BIND_SERVICE")