From 94a1ff70e5ff7c800e7075eca6a5dbd19831d2cc Mon Sep 17 00:00:00 2001 From: Don Sizemore Date: Thu, 14 Dec 2023 14:30:21 -0500 Subject: [PATCH] #328 create minio service account --- tasks/docker.yml | 71 ------------------------------ tasks/localstack_create_bucket.yml | 2 +- tasks/minio.yml | 12 ++--- tests/group_vars/jenkins.yml | 3 +- 4 files changed, 10 insertions(+), 78 deletions(-) delete mode 100644 tasks/docker.yml diff --git a/tasks/docker.yml b/tasks/docker.yml deleted file mode 100644 index cbe4c79..0000000 --- a/tasks/docker.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- - -- name: install docker-ce repo - ansible.builtin.get_url: - url: '{{ docker.repo }}' - dest: /etc/yum.repos.d/docker-ce.repo - mode: '0644' - -- name: install docker-ce - ansible.builtin.dnf: - name: ['docker-ce', 'docker-compose-plugin'] - state: latest - -- name: Ansible docker module requires python-docker - ansible.builtin.package: - name: 'python3-docker' - state: latest - -- name: pip must update itself - ansible.builtin.pip: - name: pip - executable: pip3 - state: latest - -- name: and docker-compose python package - ansible.builtin.pip: - name: docker-compose - -- name: ensure /etc/docker exists - ansible.builtin.file: - path: /etc/docker - state: directory - owner: root - group: root - mode: 0755 - -- name: configure cidr range - ansible.builtin.template: - src: daemon.json.j2 - dest: /etc/docker/daemon.json - owner: root - group: root - mode: 0644 - when: docker.cidr is undefined - -- name: infer become_user - ansible.builtin.command: whoami - register: whoami_output - -- name: register docker_user - ansible.builtin.set_fact: - docker_user: "{{ whoami_output.stdout }}" - -- name: add ansible_ssh_user to docker group - ansible.builtin.user: - name: '{{ docker_user }}' - groups: docker - append: yes - -- name: add dataverse user to docker group - ansible.builtin.user: - name: '{{ dataverse.payara.user }}' - groups: docker - append: yes - -- name: reload systemd, enable docker, start - ansible.builtin.systemd: - name: docker - enabled: yes - daemon_reload: yes - state: started diff --git a/tasks/localstack_create_bucket.yml b/tasks/localstack_create_bucket.yml index f569cc0..7e98bcc 100644 --- a/tasks/localstack_create_bucket.yml +++ b/tasks/localstack_create_bucket.yml @@ -52,7 +52,7 @@ - name: set Payara JVM options become: yes - become_user: '{{ localstack.user }}' + become_user: '{{ dataverse.payara.user }}' ansible.builtin.shell: '{{ payara_dir }}/bin/asadmin create-jvm-options "\-Ddataverse.files.{{ bucket_options.id }}.{{ inner.key }}={{ inner.value }}"' loop: "{{ lookup('dict', jvm_options) }}" loop_control: diff --git a/tasks/minio.yml b/tasks/minio.yml index 1c1b99a..72e925b 100644 --- a/tasks/minio.yml +++ b/tasks/minio.yml @@ -1,6 +1,10 @@ --- -- ansible.builtin.import_tasks: docker.yml +- ansible.builtin.import_tasks: podman.yml + +- name: ensure minio service account exists + ansible.builtin.user: + name: '{{ minio.user }}' - name: STORAGE | Import assert.yml ansible.builtin.import_tasks: minio_assert.yml @@ -33,8 +37,7 @@ ansible.builtin.file: path: "{{ minio.docker.project_location }}/data" state: directory - owner: '{{ dataverse.payara.user }}' - group: '{{ dataverse.payara.group }}' + owner: '{{ minio.user }}' mode: "0755" recurse: true when: @@ -45,8 +48,7 @@ ansible.builtin.template: src: minio_compose.j2 dest: "{{ minio.docker.project_location }}/minio_compose.yml" - owner: '{{ dataverse.payara.user }}' - group: '{{ dataverse.payara.group }}' + owner: '{{ minio.user }}' mode: "0644" lstrip_blocks: true force: true diff --git a/tests/group_vars/jenkins.yml b/tests/group_vars/jenkins.yml index 4645771..ae2677b 100644 --- a/tests/group_vars/jenkins.yml +++ b/tests/group_vars/jenkins.yml @@ -340,13 +340,14 @@ maven: minio: enabled: true + user: minio docker: version: "latest" service_name: "minio" network: name: "minio" external: false - project_location: "/home/dataverse/minio" + project_location: "/home/minio/minio" timezone: "America/New_York" user: dataverse group: dataverse