atosatto / ansible-minio Goto Github PK

View Code? Open in Web Editor NEW

110.0 5.0 88.0 97 KB

Ansible role to install the minio S3 compatible object storage server (https://minio.io)

Home Page: https://galaxy.ansible.com/atosatto/minio/

License: MIT License

Python 33.45% Shell 66.55%

ansible minio minio-client minio-server

ansible-minio's People

Contributors

Stargazers

Watchers

Forkers

aya sdemura superq paulfantom stone-payments aaronrubin901 pngmbh lagonix sberthier houssoli kleinenberg targyz supesharisuto obuisson drakmail fititnt kelnmaari datumgeek pedroalxs kingsukhoi minio ppouliot xyl0o uponu-gmbh dlotterman jporven mariojmdavid sannour wireapp randsw nico0olas uow-dshills benosman dstoeckm mcdir samedi nayaksuraj sa1o liyoujunlizi fabiogermann marsdonne kenael operationcanard akire0ne skymyyang frannovo elli56 nightsnake serviceware changqing bato1986 setsua sobadon mariosenam fluidfractal flyinggecko kernt warhaus-kc rgevaert drgogeta86 zorndorff basisexpert artefactual-labs

ansible-minio's Issues

Send output of StdErr to journald

I would like to patch your unit to send output from StdErr to the journal. So I can get it more easily with journalctl -u minio. It's currently set to =inherit, which I think implies the systemd defaults. Any thoughts on changing it to =journal?

Service does not start under Ubuntu 16.04 LTS

Maybe, this is just a question, but I cannot manage to get the role running if provisioning an Ubuntu Xenial Server.

Ansible Playbook (snip):

- hosts: all
  become: yes
  roles:
    - atosatto.minio
  vars:
    minio_server_datadirs: [ "/data" ]

Note: Mkdir-ed /data manually, doesn't make a difference

Minio service doesn't start. If I try to start it manually using sudo service minio start it runs for a short time:

sudo service minio status
● minio.service - Minio
   Loaded: loaded (/lib/systemd/system/minio.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2018-07-06 19:34:27 UTC; 3s ago
     Docs: https://docs.minio.io
  Process: 1523 ExecStartPre=/bin/bash -c [ -n "${MINIO_VOLUMES}" ] || echo "Variable MINIO_VOLUMES not set in /etc/default/minio" (code=exited, status=0/SUCCESS)
 Main PID: 1528 (minio)
    Tasks: 7
   Memory: 2.7M
      CPU: 14ms
   CGroup: /system.slice/minio.service
           └─1528 /usr/local/bin/minio server --address :9091 /data

Jul 06 19:34:27 ubuntu-xenial systemd[1]: Starting Minio...
Jul 06 19:34:27 ubuntu-xenial systemd[1]: Started Minio.

Then, http://server.tld:9091 is called in browser. => Connection refused

When sudo service minio status is called after that:

● minio.service - Minio
   Loaded: loaded (/lib/systemd/system/minio.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2018-07-06 19:34:32 UTC; 32s ago
     Docs: https://docs.minio.io
  Process: 1528 ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES (code=exited, status=1/FAILURE)
  Process: 1523 ExecStartPre=/bin/bash -c [ -n "${MINIO_VOLUMES}" ] || echo "Variable MINIO_VOLUMES not set in /etc/default/minio" (code=exited, status=0/SUCCESS)
 Main PID: 1528 (code=exited, status=1/FAILURE)

Jul 06 19:34:27 ubuntu-xenial systemd[1]: Starting Minio...
Jul 06 19:34:27 ubuntu-xenial systemd[1]: Started Minio.
Jul 06 19:34:32 ubuntu-xenial minio[1528]: [75B blob data]
Jul 06 19:34:32 ubuntu-xenial minio[1528]: [81B blob data]
Jul 06 19:34:32 ubuntu-xenial systemd[1]: minio.service: Main process exited, code=exited, status=1/FAILURE
Jul 06 19:34:32 ubuntu-xenial systemd[1]: minio.service: Unit entered failed state.
Jul 06 19:34:32 ubuntu-xenial systemd[1]: minio.service: Failed with result 'exit-code'.

Am I doing it wrong, or is it a bug in the recipe / minio?

Checksuming fails

It get killed while trying to get the checksums for server and client:

TASK [atosatto.minio : Get the Minio server checksum for amd64 architecture] ***********************************
objc[27057]: +[__NSCFConstantString initialize] may have been in progress in another thread when fork() was called.
objc[27057]: +[__NSCFConstantString initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.
ERROR! A worker was found in a dead state

TASK [atosatto.minio : Get the Minio client checksum for amd64 architecture] **********************************************************************************************************************************
objc[27916]: +[__NSCFConstantString initialize] may have been in progress in another thread when fork() was called.
objc[27916]: +[__NSCFConstantString initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.
ERROR! A worker was found in a dead state

Secure user

We should probably switch to using a system user without a shell (/usr/bin/nologin) to increase security. Also this is recommended by minio (https://github.com/minio/minio-service#guidelines)

cluster_nodes:

Hello!

How I should set this if i have for example 2 new VPS servers with IP 185.233.203.11 and 185.233.80.87

minio_server_cluster_nodes:

Allow minio to bind to lower ports

By adding this line to the systemd [service] config:
AmbientCapabilities=CAP_NET_BIND_SERVICE

You can allow minio to bind to lower ports (e.g. 80 and 443) without running it as root.
Maybe pack it behind a conditional setting.

just fyi.

Can't connect to SSL URL to get checksum

Ansible version: 2.8.2
Target host OS: Debian 10 Buster
Python version on target host: 3.7

TASK [atosatto.minio : Get the Minio server checksum for amd64 architecture] ******************************************************************************************
fatal: [my.hostname.com]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Error validating the server's certificate for https://dl.minio.io/server/minio/release/linux-amd64/minio.sha256sum: Failed to validate the SSL certificate for dl.minio.io:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/ansible, /usr/local/etc/openssl. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)."}

Suggestion to allow disable create/update the default user/group running minio and, if is created by this role, set `create_home: no`

Refs #15
Refs #15 (comment)
https://docs.ansible.com/ansible/latest/modules/user_module.html, parameter create_home: (default) yes
Refs this file

ansible-minio/tasks/install-server.yml

Lines 25 to 30 in 15ad3a3

    
           - name: Create Minio user 
        
             user: 
        
               name: "{{ minio_user }}" 
        
               group: "{{ minio_group }}" 
        
               system: "yes" 
        
               shell: "/usr/sbin/nologin"

The PR #41 by @drakmail did not explicitly removed the default ansible behavior of not create the home.

Suggestion to add by default `create_home: no`

On this case, I agree with @SuperQ to not create home if the user is created by atosatto.ansible-minio. The way to implement this would be add an extra line create_home: no.

Suggestion to allow not manange user/group running minio

The problem with this is that, different from the option to not allow this role create the data dirs with minio_server_make_datadirs: true there is no option to disable management of the user/group. So even if a user define another user/group to run minio, this role may in fact revert options of user created by other roles or tasks.

How can we scale minio cluster disks by this ansible for an already running cluster?

my variable is like this:

minio_server_datadirs: [ "/mnt/minio1", "/mnt/minio2" ]
minio_server_cluster_nodes:
  - 'http://server1/mnt/minio1'
  - 'http://server1/mnt/minio2'
  - 'http://server2/mnt/minio1'
  - 'http://server2/mnt/minio2'

and then I want to scale to this

minio_server_datadirs: [ "/mnt/minio1", "/mnt/minio2", "/mnt/minio3", "/mnt/minio4" ]
minio_server_cluster_nodes:
  - 'http://server1/mnt/minio1'
  - 'http://server1/mnt/minio2'
  - 'http://server1/mnt/minio3'
  - 'http://server1/mnt/minio4'
  - 'http://server2/mnt/minio1'
  - 'http://server2/mnt/minio2'
  - 'http://server2/mnt/minio3'
  - 'http://server2/mnt/minio4'

but the second stage doesnt work

Add OS/arch support matrix

Add support for various Minio OS/ARCH combos:

https://dl.minio.io/server/minio/release/

Returns Success even if Minio Service Didn't start Successfully

For example if odd number of shards is provided to MinIO configuration, playbook will install successfully, but MinIO service will fail to start. I'd expect in this case Playbook to report an error from systemctl. Currently it reports success, even if MinIO failed to start.

Fails to run from master branch

TASK [ansible-minio : Compose Minio download url] ******************************
ok: [vagrant]

TASK [ansible-minio : Minio server checksum for amd64 architecture] ************
objc[89476]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called.
objc[89476]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.

I have no idea about how this stuff works, but this is the error I get when trying to run the master branch.

I wanted to make use of the minio_server_make_datadirs var as this always fails to start the service otherwise.

Why systemd Restart=on-success rule ?

I wonder why the restart rule on systemd service is set to 'on-success'.
I would expect a policy like 'always'.

I am starting to use minio cluster and during tests, some nodes crashed, either because of out of memory, or with 'Write failed. Insufficient number of disks online' errors when I shutdown some nodes (2 over 4, which is enough to read, but not to write)
Not sure if the last is expected, but I would expect the cluster to be up even read only.

The comment above this rule in minio.service.j2 does not explain why.

# Let systemd restart this service only if it has ended with the clean exit code or signal.
Restart=on-success

	- name: Create Minio user
	user:
	name: "{{ minio_user }}"
	group: "{{ minio_group }}"
	system: "yes"
	shell: "/usr/sbin/nologin"

atosatto / ansible-minio Goto Github PK

ansible-minio's People

Contributors

Stargazers

Watchers

Forkers

ansible-minio's Issues

Suggestion to add by default create_home: no

Suggestion to allow not manange user/group running minio

Recommend Projects

Recommend Topics

Recommend Org

Suggestion to add by default `create_home: no`