diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2018-12-22 09:27:52 +0100 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2018-12-22 09:27:57 +0100 |
| commit | 5cc58eda41598b00f39b30881e87a41ad704d755 (patch) | |
| tree | a1939d6e724908574ca025452f268c840d3614f0 /ansible | |
| parent | 9325449dbe8c9590d6391bb1603f8f6377c181ae (diff) | |
| download | infra-5cc58eda41598b00f39b30881e87a41ad704d755.tar.gz infra-5cc58eda41598b00f39b30881e87a41ad704d755.tar.bz2 infra-5cc58eda41598b00f39b30881e87a41ad704d755.tar.xz infra-5cc58eda41598b00f39b30881e87a41ad704d755.zip | |
minio.
Diffstat (limited to 'ansible')
| -rw-r--r-- | ansible/group_vars/all/users.yml | 1 | ||||
| -rw-r--r-- | ansible/minio-policies.yml | 49 | ||||
| -rw-r--r-- | ansible/minio/backup-policy.yml | 67 | ||||
| -rw-r--r-- | ansible/minio/policies/backup-conflatorio.json | 1 | ||||
| -rw-r--r-- | ansible/minio/policies/backup-fuckaduck.json | 1 | ||||
| -rw-r--r-- | ansible/minio/vars.yml | 39 |
6 files changed, 158 insertions, 0 deletions
diff --git a/ansible/group_vars/all/users.yml b/ansible/group_vars/all/users.yml index 85fed2e..90309da 100644 --- a/ansible/group_vars/all/users.yml +++ b/ansible/group_vars/all/users.yml @@ -6,6 +6,7 @@ users: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFMRccGxF1l7xIUavu5vDqypCe/aon3+bdFgEhPa7pPb trygvis@arius-v3 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/Xrsk69KhaXdHPcbBoCbqlQ2DXmx77OnkLAk22ui5m trygvis@malabaricus ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPKXVnzqo+JTVNrt3p0LGeH59DPMc9WkVMXO3wpAyTH6 trygvis@akili + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpWssvnarp8O/oN86VDlLxUHAYHSKbdhXpe1s0hWkX5 trygvis@fuckaduck lusers: - trygvis diff --git a/ansible/minio-policies.yml b/ansible/minio-policies.yml new file mode 100644 index 0000000..536314c --- /dev/null +++ b/ansible/minio-policies.yml @@ -0,0 +1,49 @@ +- hosts: localhost + tasks: + - command: mc admin user list --json "{{ minio_config }}" + register: cmd_users + # - debug: var=cmd_users.stdout + +- hosts: localhost + tasks: + - with_items: "{{ backup_policies }}" + include_tasks: minio/backup-policy.yml + vars: + hostname: "{{ item }}" + host: "{{ minio_users['backup-' + item] }}" + +- hosts: localhost + vars: + registered_minio_users: "{{ cmd_users.stdout_lines | map('from_json') | list }}" + present_users: "{{ minio_users | dict2items | json_query('[] | [?value.state == `present`]') | items2dict }}" + absent_users: "{{ minio_users | dict2items | json_query('[] | [?value.state == `absent`]') | items2dict }}" + tasks: + - name: all present users + debug: + msg: "{{ present_users | join(', ') }}" + when: false + + - name: all absent users + debug: + msg: "{{ absent_users | join(', ') }}" + when: false + + - name: all minio users + debug: + msg: "{{ registered_minio_users }}" + when: false + + - name: Adding user to Minio + command: "mc admin user add {{ minio_config }} {{ item }} {{ user.secret }} {{ user.policy }}" + when: user_count == "0" + vars: + user: "{{ minio_users[item] }}" + user_count: "{{ registered_minio_users | json_query('[] | [?accessKey == `' + item + '`]') | length }}" + with_items: "{{ present_users }}" + + - name: Removing user from Minio + command: "mc admin user remove {{ minio_config }} {{ item }}" + when: user_count + vars: + user_count: "{{ registered_minio_users | json_query('[] | [?accessKey == `' + item + '`]') | length }}" + with_items: "{{ absent_users }}" diff --git a/ansible/minio/backup-policy.yml b/ansible/minio/backup-policy.yml new file mode 100644 index 0000000..e0b8376 --- /dev/null +++ b/ansible/minio/backup-policy.yml @@ -0,0 +1,67 @@ +- register: policy + when: host.state == 'present' + local_action: + module: copy + dest: minio/policies/backup-{{ hostname }}.json + content: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::backup-{{ hostname }}/*" + ], + "Sid": "" + }, + { + "Action": [ + "s3:GetObject", + "s3:DeleteObject", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::backup-{{ hostname }}/*" + ], + "Sid": "" + } + ] + } + +- name: Registering policy + when: policy.changed + command: mc admin policy add {{ minio_config }} backup-{{ hostname }} minio/policies/backup-{{ hostname }}.json + +- name: checking if bucked exists + command: mc ls --json "{{ minio_config }}" + register: cmd_ls + failed_when: false + +#- debug: var=foo +# vars: +# foo: "{{ cmd_ls.stdout_lines | map('from_json') | list }}" + +#- debug: var=foo +# vars: +# foo: "{{ cmd_ls.stdout_lines | map('from_json') | list | json_query('[?key==`backup-' + hostname + '/`]') }}" + +- name: Creating backup bucket + vars: + len: "{{ cmd_ls.stdout_lines | map('from_json') | list | json_query('[?key==`backup-' + hostname + '/`]') | length }}" + when: len == "0" + command: mc mb {{ minio_config }}/backup-{{ hostname }} + +- name: Removing policy file + when: host.state != 'present' + register: removed + file: + path: minio/policies/backup-{{ hostname }}.json + state: absent + +- name: Unregistering policy + when: removed.changed + command: mc admin policy remove {{ minio_config }} backup-{{ hostname }} diff --git a/ansible/minio/policies/backup-conflatorio.json b/ansible/minio/policies/backup-conflatorio.json new file mode 100644 index 0000000..97ea158 --- /dev/null +++ b/ansible/minio/policies/backup-conflatorio.json @@ -0,0 +1 @@ +{"Version": "2012-10-17", "Statement": [{"Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::backup-conflatorio/*"], "Effect": "Allow", "Sid": ""}, {"Action": ["s3:GetObject", "s3:DeleteObject", "s3:PutObject"], "Resource": ["arn:aws:s3:::backup-conflatorio/*"], "Effect": "Allow", "Sid": ""}]}
\ No newline at end of file diff --git a/ansible/minio/policies/backup-fuckaduck.json b/ansible/minio/policies/backup-fuckaduck.json new file mode 100644 index 0000000..0f25369 --- /dev/null +++ b/ansible/minio/policies/backup-fuckaduck.json @@ -0,0 +1 @@ +{"Version": "2012-10-17", "Statement": [{"Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::backup-fuckaduck/*"], "Effect": "Allow", "Sid": ""}, {"Action": ["s3:GetObject", "s3:DeleteObject", "s3:PutObject"], "Resource": ["arn:aws:s3:::backup-fuckaduck/*"], "Effect": "Allow", "Sid": ""}]}
\ No newline at end of file diff --git a/ansible/minio/vars.yml b/ansible/minio/vars.yml new file mode 100644 index 0000000..67f65f6 --- /dev/null +++ b/ansible/minio/vars.yml @@ -0,0 +1,39 @@ +$ANSIBLE_VAULT;1.1;AES256 +38623132333131643666333832396131366536303864616161386562613735383938643566663639 +6562383332623834623538313262323765353666313562640a303538383939376231366537613433 +65333766303731323661366437313132333332373130386637306537613332653264383330313931 +6131303363386639650a363963323031626565306366313961353632656362346538316161313662 +31636562323135323733303266303364616139333663663334343766303163613265643066663039 +33613030373636636637666164316438623864316363383534633832613338393965646135643166 +35313361643334646363346539393464396131373230376632336133383362353135616131643961 +65646361303735656432343263663332333736346636646633376463316338316331316564643835 +36623030306538613536393463343763363062626465383637386662653239386265663932376131 +37376432353866343738383331353065613066616431393666326135363130663734303237303864 +39323065663935373863643530333938383931393234646164633334376362323263383932623834 +61613236656238666465393337333361623131633031353137316366303564313364663737346562 +65646530303965633561363539626234643337313733643231363764303731613030386565346163 +33323765363533633564303064396533396536323265323537373136656438373039363664336236 +39393366353930383531366630343034303935393231643538343964643232663538386337666130 +66346433656237663738356563343264363636333662366332373533643535323335356166393531 +61396336396362346461333236646138376365623964336138343431336564303864626639666330 +65613039666262303761306631303539663534343032376164393732616465663961356364636138 +35633134323639386630316166613431323463353535336531353866633065393162313561623936 +63623930613162373765643639313966376231643136333639363563356434346461653066626331 +66653965386664623431313738343462363533356631636665623361343261666437363833623335 +35343434336261353533666132353032626235633864653361613266373035363062356139393261 +30336362373562313436623665343964613161366630323365613438313963303263646136626130 +63626562666331333331623236366532393965343366383330396138666365623135356336626232 +64373234626339313537653362646566643762386534393034663436633864343935633539353935 +36376661336333653065306534643534666565656539353732623063346538616365383733646135 +38633662356231393137363532346130363163373365346634383130353136383031626361306230 +62663336323438346361393531303563646436643962653361343330386334623032346132383263 +38303262303162323137646631313430396634666534373261326330623235626538373861393731 +37303838636565666133396534663562376335346563336334643964346539613266646266633866 +62643263623639666163623763386265386337323435363761666164353466333333376132366166 +34373135326130383839313561393933646236623830356232636162373465346266356230303132 +65306638313737633564373938313564313436333061636536643765323031323763633131303131 +39633236656362386266633831333762366230336231613363373332396139373864646437636436 +61373666373664366133366563643731386138643463313436393239626563386633336632656231 +31616530646337393161623735636239356137646539356633353933366230643366316332663833 +37306531353837326664323430316635393333353366643165393964326431663366356535646431 +3535373634326239356561356562386466363636393238643766 |