From 73dba46efa13f46878853f880cc4d3eac6b6a131 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Mon, 5 Jan 2026 10:29:07 +0100 Subject: [PATCH 01/44] use docker volume --- roles/minio/tasks/main.yml | 5 ++--- roles/mongodbdocker/defaults/main.yml | 1 + roles/mongodbdocker/tasks/main.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index 2c9ec4063..1f18e195b 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -37,10 +37,9 @@ MINIO_CONFIG_ENV_FILE: "/etc/config.env" networks: - name: "loadbalancer" + volumes: + - minio_data mounts: - - source: "{{ minio_data_dir }}" - target: "{{ minio_data_dir_oncontainer }}" - type: bind - source: "{{ minio_dir }}/config.env" target: /etc/config.env type: bind diff --git a/roles/mongodbdocker/defaults/main.yml b/roles/mongodbdocker/defaults/main.yml index c0095f38b..ee8af1e32 100644 --- a/roles/mongodbdocker/defaults/main.yml +++ b/roles/mongodbdocker/defaults/main.yml @@ -1,2 +1,3 @@ replica_set_name: "{{ instance_name }}" docker_mongodb_network_range: "172.21.22.0/24" +mongodbdocker_version: "7.0.28" diff --git a/roles/mongodbdocker/tasks/main.yml b/roles/mongodbdocker/tasks/main.yml index fcc667d54..b159aa340 100644 --- a/roles/mongodbdocker/tasks/main.yml +++ b/roles/mongodbdocker/tasks/main.yml @@ -20,7 +20,7 @@ - name: Create the MongoDB container community.docker.docker_container: name: openconext_mongodb - image: bitnami/mongodb:7.0 + image: mongo:{{ mongodbdocker_version }} state: started pull: true restart_policy: "always" From 0f3cc5ab2a9ec2a77acf15a116bb9e2c52cf7e5f Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 10:03:07 +0100 Subject: [PATCH 02/44] remove unnecessary tasks --- roles/minio/defaults/main.yml | 2 -- roles/minio/tasks/main.yml | 10 +--------- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml index 67d9354c8..8c72b4fc7 100644 --- a/roles/minio/defaults/main.yml +++ b/roles/minio/defaults/main.yml @@ -1,7 +1,5 @@ --- minio_dir: /opt/openconext/minio -minio_data_dir: "{{ minio_dir }}/data" minio_version: RELEASE.2025-05-24T17-08-30Z -minio_data_dir_oncontainer: "/mnt/data" minio_root_user: "minioadmin" # minio_root_password get from vault diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index 1f18e195b..32b7e74c4 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -7,18 +7,10 @@ group: root mode: "0755" -- name: Create minio data directory - ansible.builtin.file: - state: directory - path: "{{ minio_data_dir }}" - owner: root - group: root - mode: "0755" - - name: Place the serverapplication configfiles ansible.builtin.template: src: "{{ item }}.j2" - dest: /opt/openconext/minio/{{ item }} + dest: "{{ minio_dir }}/{{ item }}" owner: root group: root mode: "0644" From b44ebcdcd70e5eabbe4d844c0c8d04137c925815 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 10:07:04 +0100 Subject: [PATCH 03/44] remove unnecessary tasks --- roles/minio/templates/config.env.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/minio/templates/config.env.j2 b/roles/minio/templates/config.env.j2 index 06c6c5954..6564667d1 100644 --- a/roles/minio/templates/config.env.j2 +++ b/roles/minio/templates/config.env.j2 @@ -1,3 +1,2 @@ MINIO_ROOT_USER={{ minio_root_user }} -MINIO_ROOT_PASSWORD={{ minio_root_password }} -MINIO_VOLUMES="{{ minio_data_dir_oncontainer }}" \ No newline at end of file +MINIO_ROOT_PASSWORD={{ minio_root_password }} \ No newline at end of file From ba79a2614f7797c5bce89e41cf95201121a407af Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 10:08:36 +0100 Subject: [PATCH 04/44] add data dir --- roles/minio/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml index 8c72b4fc7..39b8f0cbe 100644 --- a/roles/minio/defaults/main.yml +++ b/roles/minio/defaults/main.yml @@ -2,4 +2,5 @@ minio_dir: /opt/openconext/minio minio_version: RELEASE.2025-05-24T17-08-30Z minio_root_user: "minioadmin" +minio_data_dir_oncontainer: "/data" # minio_root_password get from vault From dde053a91bf279556b0eac73bc5112ac40b2cd70 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 10:16:10 +0100 Subject: [PATCH 05/44] docker image has volume --- roles/minio/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index 32b7e74c4..8ca8703bc 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -29,8 +29,6 @@ MINIO_CONFIG_ENV_FILE: "/etc/config.env" networks: - name: "loadbalancer" - volumes: - - minio_data mounts: - source: "{{ minio_dir }}/config.env" target: /etc/config.env From 37d17a8a6bf0e735b88328feb73096aa9b2341cc Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 10:21:18 +0100 Subject: [PATCH 06/44] docker image has volume --- roles/minio/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index 8ca8703bc..29bca4400 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -18,6 +18,10 @@ - config.env notify: Restart minio +- name: Create a docker volume + community.docker.docker_volume: + name: minio_data + - name: Create and start the server container community.docker.docker_container: name: minio From f6883795a31f82afbe6d3f4ec2f29b9619c12524 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 11:30:16 +0100 Subject: [PATCH 07/44] mount volume --- roles/minio/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index 29bca4400..d510c91d0 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -37,6 +37,10 @@ - source: "{{ minio_dir }}/config.env" target: /etc/config.env type: bind + - source: minio_data + target: "{{ minio_data_dir_oncontainer }}" + type: volume + command: server --console-address ":9090" {{ minio_data_dir_oncontainer }} labels: traefik.http.routers.minio.rule: "Host(`minio.{{ base_domain }}`)" From 05de58ceed89fb81d2cc436dfbbeaaceaffc4f28 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 11:45:20 +0100 Subject: [PATCH 08/44] use mutiple task files --- roles/minio/tasks/configure_container.yml | 67 ++++++++++++++++++++++ roles/minio/tasks/configure_minio.yml | 0 roles/minio/tasks/main.yml | 70 ++--------------------- 3 files changed, 71 insertions(+), 66 deletions(-) create mode 100644 roles/minio/tasks/configure_container.yml create mode 100644 roles/minio/tasks/configure_minio.yml diff --git a/roles/minio/tasks/configure_container.yml b/roles/minio/tasks/configure_container.yml new file mode 100644 index 000000000..d510c91d0 --- /dev/null +++ b/roles/minio/tasks/configure_container.yml @@ -0,0 +1,67 @@ +--- +- name: Create minio files directory + ansible.builtin.file: + state: directory + path: "{{ minio_dir }}" + owner: root + group: root + mode: "0755" + +- name: Place the serverapplication configfiles + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "{{ minio_dir }}/{{ item }}" + owner: root + group: root + mode: "0644" + with_items: + - config.env + notify: Restart minio + +- name: Create a docker volume + community.docker.docker_volume: + name: minio_data + +- name: Create and start the server container + community.docker.docker_container: + name: minio + image: quay.io/minio/minio:{{ minio_version }} + pull: true + restart_policy: "always" + state: started + env: + MINIO_CONFIG_ENV_FILE: "/etc/config.env" + networks: + - name: "loadbalancer" + mounts: + - source: "{{ minio_dir }}/config.env" + target: /etc/config.env + type: bind + - source: minio_data + target: "{{ minio_data_dir_oncontainer }}" + type: volume + + command: server --console-address ":9090" {{ minio_data_dir_oncontainer }} + labels: + traefik.http.routers.minio.rule: "Host(`minio.{{ base_domain }}`)" + traefik.http.routers.minio.tls: "true" + traefik.http.routers.minio.service: "minio" + traefik.http.services.minio.loadbalancer.server.port: "9090" + traefik.http.routers.minioapi.rule: "Host(`minioapi.{{ base_domain }}`)" + traefik.http.routers.minioapi.tls: "true" + traefik.http.routers.minioapi.service: "minioapi" + traefik.http.services.minioapi.loadbalancer.server.port: "9000" + traefik.enable: "true" + healthcheck: + test: + [ + "CMD", + "curl", + "--fail", + "http://localhost:9000/minio/health/live" + ] + interval: 10s + timeout: 10s + retries: 3 + start_period: 10s + register: miniocontainer diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml new file mode 100644 index 000000000..e69de29bb diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index d510c91d0..02fa4532b 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -1,67 +1,5 @@ ---- -- name: Create minio files directory - ansible.builtin.file: - state: directory - path: "{{ minio_dir }}" - owner: root - group: root - mode: "0755" +- name: Configure and start container + ansible.builtin.include_tasks: "configure_container.yml" -- name: Place the serverapplication configfiles - ansible.builtin.template: - src: "{{ item }}.j2" - dest: "{{ minio_dir }}/{{ item }}" - owner: root - group: root - mode: "0644" - with_items: - - config.env - notify: Restart minio - -- name: Create a docker volume - community.docker.docker_volume: - name: minio_data - -- name: Create and start the server container - community.docker.docker_container: - name: minio - image: quay.io/minio/minio:{{ minio_version }} - pull: true - restart_policy: "always" - state: started - env: - MINIO_CONFIG_ENV_FILE: "/etc/config.env" - networks: - - name: "loadbalancer" - mounts: - - source: "{{ minio_dir }}/config.env" - target: /etc/config.env - type: bind - - source: minio_data - target: "{{ minio_data_dir_oncontainer }}" - type: volume - - command: server --console-address ":9090" {{ minio_data_dir_oncontainer }} - labels: - traefik.http.routers.minio.rule: "Host(`minio.{{ base_domain }}`)" - traefik.http.routers.minio.tls: "true" - traefik.http.routers.minio.service: "minio" - traefik.http.services.minio.loadbalancer.server.port: "9090" - traefik.http.routers.minioapi.rule: "Host(`minioapi.{{ base_domain }}`)" - traefik.http.routers.minioapi.tls: "true" - traefik.http.routers.minioapi.service: "minioapi" - traefik.http.services.minioapi.loadbalancer.server.port: "9000" - traefik.enable: "true" - healthcheck: - test: - [ - "CMD", - "curl", - "--fail", - "http://localhost:9000/minio/health/live" - ] - interval: 10s - timeout: 10s - retries: 3 - start_period: 10s - register: miniocontainer +- name: Configure minio + ansible.builtin.include_tasks: "configure_minio.yml" From 4a67160105a5470d0546b3a0ea2a2d110f02c6de Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 12:00:14 +0100 Subject: [PATCH 09/44] check minio alias --- roles/minio/defaults/main.yml | 3 +++ roles/minio/tasks/configure_minio.yml | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml index 39b8f0cbe..5a86d0388 100644 --- a/roles/minio/defaults/main.yml +++ b/roles/minio/defaults/main.yml @@ -4,3 +4,6 @@ minio_version: RELEASE.2025-05-24T17-08-30Z minio_root_user: "minioadmin" minio_data_dir_oncontainer: "/data" # minio_root_password get from vault +minio_url_local: "http://127.0.0.1:9000" +minio_aliases: + - "openconext" diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index e69de29bb..0ab064f39 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -0,0 +1,18 @@ +- name: Check if minio alias is set + ansible.builtin.command: "mc alias list {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" + register: minio_alias_list + changed_when: false + failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' + loop: "{{ minio_aliases }}" + +- name: Debug alias list + ansible.builtin.debug: + msg: "{{ minio_alias_list }}" + verbosity: 2 + +# - name: Configure minio connection alias +# command: "mc alias set {{ item }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" +# register: alias_command +# changed_when: false +# failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' +# loop: "{{ minio_aliases }}" \ No newline at end of file From 1b871210c4198055c9df8aa46fd8e3fc7fffd0cc Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 12:02:11 +0100 Subject: [PATCH 10/44] remove chaned and failed when --- roles/minio/tasks/configure_minio.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index 0ab064f39..ff3ac1713 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -1,8 +1,6 @@ - name: Check if minio alias is set ansible.builtin.command: "mc alias list {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" register: minio_alias_list - changed_when: false - failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' loop: "{{ minio_aliases }}" - name: Debug alias list From 1228366ca784720d28f208e0179645f2fbcf387a Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 12:04:00 +0100 Subject: [PATCH 11/44] remove chaned and failed when --- roles/minio/tasks/configure_minio.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index ff3ac1713..013b10f12 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -1,6 +1,7 @@ - name: Check if minio alias is set ansible.builtin.command: "mc alias list {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" register: minio_alias_list + check_mode: false # always run its safe loop: "{{ minio_aliases }}" - name: Debug alias list From 5f48253c86e28e936ba06afe809c038bf1207247 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 12:13:20 +0100 Subject: [PATCH 12/44] check minio alias --- roles/minio/defaults/main.yml | 3 +-- roles/minio/tasks/configure_minio.yml | 13 +++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml index 5a86d0388..812405201 100644 --- a/roles/minio/defaults/main.yml +++ b/roles/minio/defaults/main.yml @@ -5,5 +5,4 @@ minio_root_user: "minioadmin" minio_data_dir_oncontainer: "/data" # minio_root_password get from vault minio_url_local: "http://127.0.0.1:9000" -minio_aliases: - - "openconext" +minio_alias: "openconext" diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index 013b10f12..b63265e63 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -1,17 +1,18 @@ - name: Check if minio alias is set - ansible.builtin.command: "mc alias list {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" - register: minio_alias_list + ansible.builtin.command: "mc alias list {{ minio_alias }}" + register: minio_alias_present + no_log: true check_mode: false # always run its safe - loop: "{{ minio_aliases }}" - name: Debug alias list ansible.builtin.debug: - msg: "{{ minio_alias_list }}" + msg: "{{ minio_alias_present }}" verbosity: 2 # - name: Configure minio connection alias -# command: "mc alias set {{ item }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" +# when: minio_alias_present.stdout +# command: "mc alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" # register: alias_command # changed_when: false # failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' -# loop: "{{ minio_aliases }}" \ No newline at end of file + From 275f6323e9dbce4c75885daf48cfd973bce42b3a Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:03:21 +0100 Subject: [PATCH 13/44] check minio changed wehn --- roles/minio/tasks/configure_minio.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index b63265e63..5bf2859c4 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -1,7 +1,7 @@ - name: Check if minio alias is set ansible.builtin.command: "mc alias list {{ minio_alias }}" + changed_when: false register: minio_alias_present - no_log: true check_mode: false # always run its safe - name: Debug alias list From 98a8511d1a5dc2d65c6838c924462a81a2d4c079 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:05:28 +0100 Subject: [PATCH 14/44] mc command --- roles/minio/defaults/main.yml | 1 + roles/minio/tasks/configure_minio.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml index 812405201..d5523bb60 100644 --- a/roles/minio/defaults/main.yml +++ b/roles/minio/defaults/main.yml @@ -6,3 +6,4 @@ minio_data_dir_oncontainer: "/data" # minio_root_password get from vault minio_url_local: "http://127.0.0.1:9000" minio_alias: "openconext" +minio_mc: "/usr/local/bin/mc" diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index 5bf2859c4..afe679864 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -1,5 +1,5 @@ - name: Check if minio alias is set - ansible.builtin.command: "mc alias list {{ minio_alias }}" + ansible.builtin.command: "{{ minio_mc }} alias list {{ minio_alias }}" changed_when: false register: minio_alias_present check_mode: false # always run its safe From a969c61ef8f9eb22371bc13c23b1439b04ed3edf Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:05:48 +0100 Subject: [PATCH 15/44] mc command --- roles/minio/tasks/configure_minio.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index afe679864..cfedf41cf 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -11,7 +11,7 @@ # - name: Configure minio connection alias # when: minio_alias_present.stdout -# command: "mc alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" +# command: "{{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" # register: alias_command # changed_when: false # failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' From b51d3c0b63ada3d1467372c9b6c9da9c3de315be Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:06:06 +0100 Subject: [PATCH 16/44] mc command --- provision.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/provision.yml b/provision.yml index be6d8fbf0..40fcee940 100644 --- a/provision.yml +++ b/provision.yml @@ -143,5 +143,3 @@ become: true roles: - { role: minio, tags: ["minio"] } - -- import_playbook: "{{ environment_dir }}/playbook.yml" From fbeac13b712af7c89cbc48a51f359f35f64cc4ed Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:10:08 +0100 Subject: [PATCH 17/44] rc can be 1 --- roles/minio/tasks/configure_minio.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index cfedf41cf..db9282c03 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -3,16 +3,17 @@ changed_when: false register: minio_alias_present check_mode: false # always run its safe + failed_when: minio_alias_present.rc > 1 # rc 1 means alias not present thjats what we wanted to know - name: Debug alias list ansible.builtin.debug: msg: "{{ minio_alias_present }}" verbosity: 2 -# - name: Configure minio connection alias -# when: minio_alias_present.stdout -# command: "{{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" -# register: alias_command -# changed_when: false -# failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' +- name: Configure minio connection alias + command: "echo {{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" + register: alias_command + changed_when: false + failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' + when: minio_alias_present.rc == 1 From 86c65799e284c4b32344835ddff34bef8ebcca6f Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:11:10 +0100 Subject: [PATCH 18/44] rc can be 1 --- roles/minio/tasks/configure_minio.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index db9282c03..d7687fa82 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -11,7 +11,7 @@ verbosity: 2 - name: Configure minio connection alias - command: "echo {{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" + command: "{{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" register: alias_command changed_when: false failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' From ffe276f6b709d5d8f3d13d6a03a4ef23982169d7 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:21:33 +0100 Subject: [PATCH 19/44] publish port --- roles/minio/tasks/configure_container.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/minio/tasks/configure_container.yml b/roles/minio/tasks/configure_container.yml index d510c91d0..2ffb14e28 100644 --- a/roles/minio/tasks/configure_container.yml +++ b/roles/minio/tasks/configure_container.yml @@ -31,6 +31,9 @@ state: started env: MINIO_CONFIG_ENV_FILE: "/etc/config.env" + ports: + # Publish container port 9000 for mc client commands + - "9000:9000" networks: - name: "loadbalancer" mounts: From 5297d89a8097be2eb0545d2a969b69b9722aee6a Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:39:16 +0100 Subject: [PATCH 20/44] create users --- roles/minio/tasks/configure_minio.yml | 8 +++++++- roles/minio/tasks/create_users.yml | 13 +++++++++++++ roles/minio/tasks/main.yml | 7 +++++++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 roles/minio/tasks/create_users.yml diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index d7687fa82..0bdfbdb68 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -7,7 +7,7 @@ - name: Debug alias list ansible.builtin.debug: - msg: "{{ minio_alias_present }}" + msg: "{{ minio_alias_present.rc }}" # stdout can contain password verbosity: 2 - name: Configure minio connection alias @@ -17,3 +17,9 @@ failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' when: minio_alias_present.rc == 1 +- name: Add minio users + +# mc admin user add ALIAS ACCESSKEY SECRETKEY +mc admin user add local userpiet secret123 +# mc admin policy attach ALIAS readwrite --user=USERNAME +mc admin policy attach local readwrite --user=userpiet diff --git a/roles/minio/tasks/create_users.yml b/roles/minio/tasks/create_users.yml new file mode 100644 index 000000000..2d5b891b1 --- /dev/null +++ b/roles/minio/tasks/create_users.yml @@ -0,0 +1,13 @@ +- name: Check whether user is already configured + command: "{{ minio_mc }} admin user info {{ minio_alias }} {{ user.name }}" + register: get_user + changed_when: false + ignore_errors: true + +- name: Create users + command: "{{ mc_command }} admin user add {{ minio_alias }} {{ user.name }} {{ user.password }}" + register: add_user + changed_when: '"Added user `" + user.name + "` successfully" in add_user.stdout' + when: + - get_user.rc==1 + - '"Unable to get user info" in get_user.stderr' diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index 02fa4532b..19afd154e 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -3,3 +3,10 @@ - name: Configure minio ansible.builtin.include_tasks: "configure_minio.yml" + +- name: Add minio users + ansible.builtin.include_tasks: "create_users.yml" + loop: + - {{ name: "testuser1", password: "testpassword1" }} + loop_control: + loop_var: "user" From 4af98e6da3a83725f2c63975fd5958deed2ea108 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:42:37 +0100 Subject: [PATCH 21/44] create users --- roles/minio/tasks/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index 19afd154e..3b61e7363 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -6,7 +6,8 @@ - name: Add minio users ansible.builtin.include_tasks: "create_users.yml" - loop: - - {{ name: "testuser1", password: "testpassword1" }} + loop: + - { name: 'testuser1', password: 'wheel' } + - { name: 'testuser2', password: 'root' } loop_control: loop_var: "user" From 53bb09b2c9adc799ff0dc1b1f353822b91b1188c Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:43:53 +0100 Subject: [PATCH 22/44] create users --- roles/minio/tasks/configure_minio.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index 0bdfbdb68..bdad9ca35 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -17,9 +17,3 @@ failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' when: minio_alias_present.rc == 1 -- name: Add minio users - -# mc admin user add ALIAS ACCESSKEY SECRETKEY -mc admin user add local userpiet secret123 -# mc admin policy attach ALIAS readwrite --user=USERNAME -mc admin policy attach local readwrite --user=userpiet From 39e5e41a596a057ff355a9a3c50fbeddc52216b2 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:46:18 +0100 Subject: [PATCH 23/44] create users --- roles/minio/tasks/create_users.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/minio/tasks/create_users.yml b/roles/minio/tasks/create_users.yml index 2d5b891b1..77dd760aa 100644 --- a/roles/minio/tasks/create_users.yml +++ b/roles/minio/tasks/create_users.yml @@ -1,13 +1,14 @@ - name: Check whether user is already configured - command: "{{ minio_mc }} admin user info {{ minio_alias }} {{ user.name }}" - register: get_user + ansible.builtin.command: "{{ minio_mc }} admin user info {{ minio_alias }} {{ user.name }}" + register: minio_user_present changed_when: false ignore_errors: true + failed_when: minio_user_present.rc > 1 # rc 1 means alias not present thjats what we wanted to know - name: Create users - command: "{{ mc_command }} admin user add {{ minio_alias }} {{ user.name }} {{ user.password }}" - register: add_user - changed_when: '"Added user `" + user.name + "` successfully" in add_user.stdout' + ansible.builtin.command: "{{ minio_mc }} admin user add {{ minio_alias }} {{ user.name }} {{ user.password }}" + register: minio_add_user + changed_when: '"Added user `" + user.name + "` successfully" in minio_add_user.stdout' when: - - get_user.rc==1 - - '"Unable to get user info" in get_user.stderr' + - minio_user_present.rc==1 + - '"Unable to get user info" in minio_user_present.stderr' From 62a6db02bcd14dfab810949b9b3168cbea200f63 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 14:48:40 +0100 Subject: [PATCH 24/44] create users --- roles/minio/defaults/main.yml | 3 +++ roles/minio/tasks/main.yml | 4 +--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml index d5523bb60..567bc0497 100644 --- a/roles/minio/defaults/main.yml +++ b/roles/minio/defaults/main.yml @@ -7,3 +7,6 @@ minio_data_dir_oncontainer: "/data" minio_url_local: "http://127.0.0.1:9000" minio_alias: "openconext" minio_mc: "/usr/local/bin/mc" +minio_users: + - { name: 'testuser1', password: 'wheelwheel' } + - { name: 'testuser2', password: 'rootroot' } diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index 3b61e7363..75b6ff55c 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -6,8 +6,6 @@ - name: Add minio users ansible.builtin.include_tasks: "create_users.yml" - loop: - - { name: 'testuser1', password: 'wheel' } - - { name: 'testuser2', password: 'root' } + loop: "{{ minio_users }}" loop_control: loop_var: "user" From cf5d350ac3ca64f949f3aaebc8e19dd2c238b56e Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 15:03:57 +0100 Subject: [PATCH 25/44] attach users --- roles/minio/tasks/create_users.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/roles/minio/tasks/create_users.yml b/roles/minio/tasks/create_users.yml index 77dd760aa..8fdfb3e1e 100644 --- a/roles/minio/tasks/create_users.yml +++ b/roles/minio/tasks/create_users.yml @@ -5,10 +5,17 @@ ignore_errors: true failed_when: minio_user_present.rc > 1 # rc 1 means alias not present thjats what we wanted to know -- name: Create users - ansible.builtin.command: "{{ minio_mc }} admin user add {{ minio_alias }} {{ user.name }} {{ user.password }}" - register: minio_add_user - changed_when: '"Added user `" + user.name + "` successfully" in minio_add_user.stdout' +- name: create and configure users when: - minio_user_present.rc==1 - '"Unable to get user info" in minio_user_present.stderr' + block: + - name: Create users + ansible.builtin.command: "{{ minio_mc }} admin user add {{ minio_alias }} {{ user.name }} {{ user.password }}" + register: minio_add_user + changed_when: '"Added user `" + user.name + "` successfully" in minio_add_user.stdout' + + - name: Attach read write policy + ansible.builtin.command: "{{ minio_mc }} admin policy attach {{ minio_alias }} readwrite --user={{ user.name }}" + register: minio_attach_user + changed_when: '"Added user `" + user.name + "` successfully" in minio_add_user.stdout' From e1ec47f9204e2f489f3d69f3ff1cc29994183085 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 15:20:43 +0100 Subject: [PATCH 26/44] lint --- roles/minio/handlers/main.yml | 2 +- roles/minio/tasks/configure_container.yml | 2 +- roles/minio/tasks/configure_minio.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/minio/handlers/main.yml b/roles/minio/handlers/main.yml index d85b5db33..b491e4201 100644 --- a/roles/minio/handlers/main.yml +++ b/roles/minio/handlers/main.yml @@ -8,4 +8,4 @@ # https://docs.ansible.com/ansible/latest/collections/community/docker/docker_container_module.html#notes comparisons: '*': ignore - when: miniocontainer is success and miniocontainer is not change + when: minio_container is success and minio_container is not change diff --git a/roles/minio/tasks/configure_container.yml b/roles/minio/tasks/configure_container.yml index 2ffb14e28..979985534 100644 --- a/roles/minio/tasks/configure_container.yml +++ b/roles/minio/tasks/configure_container.yml @@ -67,4 +67,4 @@ timeout: 10s retries: 3 start_period: 10s - register: miniocontainer + register: minio_container diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio.yml index bdad9ca35..a72952b1a 100644 --- a/roles/minio/tasks/configure_minio.yml +++ b/roles/minio/tasks/configure_minio.yml @@ -11,7 +11,7 @@ verbosity: 2 - name: Configure minio connection alias - command: "{{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" + ansible.builtin.command: "{{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" register: alias_command changed_when: false failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' From 972e45618f511ab3e1bf9d9c69361c5c7e8687e1 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 15:23:35 +0100 Subject: [PATCH 27/44] container debug info --- roles/minio/tasks/configure_container.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/minio/tasks/configure_container.yml b/roles/minio/tasks/configure_container.yml index 979985534..0755bdd07 100644 --- a/roles/minio/tasks/configure_container.yml +++ b/roles/minio/tasks/configure_container.yml @@ -68,3 +68,8 @@ retries: 3 start_period: 10s register: minio_container + +- name: Show container debug info + ansible.builtin.debug: + msg: "{{ minio_container }}" + verbosity: 2 From bbfa657c107f11a072b4b8f5113286403951dfe8 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 15:42:13 +0100 Subject: [PATCH 28/44] passwords in vault --- roles/minio/defaults/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml index 567bc0497..fa07f153e 100644 --- a/roles/minio/defaults/main.yml +++ b/roles/minio/defaults/main.yml @@ -8,5 +8,4 @@ minio_url_local: "http://127.0.0.1:9000" minio_alias: "openconext" minio_mc: "/usr/local/bin/mc" minio_users: - - { name: 'testuser1', password: 'wheelwheel' } - - { name: 'testuser2', password: 'rootroot' } + - { name: 'openconext', password: "{{ minio_passwords.openconext }}" } # set passwords in vault From 7d941b3ef3395eaaa9bde22a2151d0f65d12eecf Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 15:43:09 +0100 Subject: [PATCH 29/44] example in template --- environments/template/secrets/skeleton.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/environments/template/secrets/skeleton.yml b/environments/template/secrets/skeleton.yml index d2faac776..43a58b77b 100644 --- a/environments/template/secrets/skeleton.yml +++ b/environments/template/secrets/skeleton.yml @@ -175,3 +175,6 @@ invite_private_key_pkcs8: | exUPAkqg7ZYNOJa+amGnPWMA1LT0LsIchvqNM9D0xX7PY6zWIH/NDS/yMfIwzcmn NVHeh6irTrXgMsuDg1f/rqid -----END PRIVATE KEY----- + +minio_passwords: + openconext: secret From 462df94e9e750b70c95aed36733bb03e9006be1b Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 15:53:56 +0100 Subject: [PATCH 30/44] downlaod client --- roles/minio/tasks/configure_minio_client.yml | 7 +++++++ .../{configure_minio.yml => configure_minio_server.yml} | 0 roles/minio/tasks/main.yml | 7 +++++-- 3 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 roles/minio/tasks/configure_minio_client.yml rename roles/minio/tasks/{configure_minio.yml => configure_minio_server.yml} (100%) diff --git a/roles/minio/tasks/configure_minio_client.yml b/roles/minio/tasks/configure_minio_client.yml new file mode 100644 index 000000000..3bd4a6e35 --- /dev/null +++ b/roles/minio/tasks/configure_minio_client.yml @@ -0,0 +1,7 @@ +--- +- name: Download Minio Client + ansible.builtin.get_url: + url: "https://dl.min.io/client/mc/release/linux-amd64/mc" + dest: "/usr/local/sbin/mc" + mode: '0700' + checksum: sha256:https://dl.min.io/client/mc/release/linux-amd64/mc.sha256sum diff --git a/roles/minio/tasks/configure_minio.yml b/roles/minio/tasks/configure_minio_server.yml similarity index 100% rename from roles/minio/tasks/configure_minio.yml rename to roles/minio/tasks/configure_minio_server.yml diff --git a/roles/minio/tasks/main.yml b/roles/minio/tasks/main.yml index 75b6ff55c..aa823b249 100644 --- a/roles/minio/tasks/main.yml +++ b/roles/minio/tasks/main.yml @@ -1,8 +1,11 @@ - name: Configure and start container ansible.builtin.include_tasks: "configure_container.yml" -- name: Configure minio - ansible.builtin.include_tasks: "configure_minio.yml" +- name: Configure minio client + ansible.builtin.include_tasks: "configure_minio_client.yml" + +- name: Configure minio server + ansible.builtin.include_tasks: "configure_minio_server.yml" - name: Add minio users ansible.builtin.include_tasks: "create_users.yml" From c6b8628b58dff579490843f3107deb9919aa0d2c Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 15:55:59 +0100 Subject: [PATCH 31/44] downlaod client --- roles/minio/tasks/configure_minio_client.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/minio/tasks/configure_minio_client.yml b/roles/minio/tasks/configure_minio_client.yml index 3bd4a6e35..3023f49bc 100644 --- a/roles/minio/tasks/configure_minio_client.yml +++ b/roles/minio/tasks/configure_minio_client.yml @@ -4,4 +4,4 @@ url: "https://dl.min.io/client/mc/release/linux-amd64/mc" dest: "/usr/local/sbin/mc" mode: '0700' - checksum: sha256:https://dl.min.io/client/mc/release/linux-amd64/mc.sha256sum + checksum: 01f866e9c5f9b87c2b09116fa5d7c06695b106242d829a8bb32990c00312e891 From 8c091bb132ee372b5ef92ac93e485671c3bf86d8 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 16:08:24 +0100 Subject: [PATCH 32/44] alias is client side --- roles/minio/defaults/main.yml | 2 ++ roles/minio/tasks/configure_minio_client.yml | 25 +++++++++++++++++--- roles/minio/tasks/configure_minio_server.yml | 19 +-------------- 3 files changed, 25 insertions(+), 21 deletions(-) diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml index fa07f153e..24ee80aba 100644 --- a/roles/minio/defaults/main.yml +++ b/roles/minio/defaults/main.yml @@ -9,3 +9,5 @@ minio_alias: "openconext" minio_mc: "/usr/local/bin/mc" minio_users: - { name: 'openconext', password: "{{ minio_passwords.openconext }}" } # set passwords in vault +minio_client_checksum: "sha256:01f866e9c5f9b87c2b09116fa5d7c06695b106242d829a8bb32990c00312e891" +minio_client_version: "mc.RELEASE.2025-08-13T08-35-41Z" diff --git a/roles/minio/tasks/configure_minio_client.yml b/roles/minio/tasks/configure_minio_client.yml index 3023f49bc..fcfa7733a 100644 --- a/roles/minio/tasks/configure_minio_client.yml +++ b/roles/minio/tasks/configure_minio_client.yml @@ -1,7 +1,26 @@ --- - name: Download Minio Client ansible.builtin.get_url: - url: "https://dl.min.io/client/mc/release/linux-amd64/mc" - dest: "/usr/local/sbin/mc" + url: "https://dl.min.io/client/mc/release/linux-amd64/{{ minio_client_version }}" + dest: "{{ minio_mc }}" mode: '0700' - checksum: 01f866e9c5f9b87c2b09116fa5d7c06695b106242d829a8bb32990c00312e891 + checksum: "{{ minio_client_checksum }}" + +- name: Check if minio alias is set + ansible.builtin.command: "{{ minio_mc }} alias list {{ minio_alias }}" + changed_when: false + register: minio_alias_present + check_mode: false # always run its safe + failed_when: minio_alias_present.rc > 1 # rc 1 means alias not present thjats what we wanted to know + +- name: Debug alias list + ansible.builtin.debug: + msg: "{{ minio_alias_present.rc }}" # stdout can contain password + verbosity: 2 + +- name: Configure minio connection alias + ansible.builtin.command: "{{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" + register: alias_command + changed_when: false + failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' + when: minio_alias_present.rc == 1 \ No newline at end of file diff --git a/roles/minio/tasks/configure_minio_server.yml b/roles/minio/tasks/configure_minio_server.yml index a72952b1a..cd21505a4 100644 --- a/roles/minio/tasks/configure_minio_server.yml +++ b/roles/minio/tasks/configure_minio_server.yml @@ -1,19 +1,2 @@ -- name: Check if minio alias is set - ansible.builtin.command: "{{ minio_mc }} alias list {{ minio_alias }}" - changed_when: false - register: minio_alias_present - check_mode: false # always run its safe - failed_when: minio_alias_present.rc > 1 # rc 1 means alias not present thjats what we wanted to know - -- name: Debug alias list - ansible.builtin.debug: - msg: "{{ minio_alias_present.rc }}" # stdout can contain password - verbosity: 2 - -- name: Configure minio connection alias - ansible.builtin.command: "{{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" - register: alias_command - changed_when: false - failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' - when: minio_alias_present.rc == 1 +--- From a9689721033664bcebe8cf858c61c806348c8b7b Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 16:24:48 +0100 Subject: [PATCH 33/44] do not become root --- roles/minio/README.md | 2 + roles/minio/tasks/configure_minio_client.yml | 48 +++++++++++--------- 2 files changed, 28 insertions(+), 22 deletions(-) create mode 100644 roles/minio/README.md diff --git a/roles/minio/README.md b/roles/minio/README.md new file mode 100644 index 000000000..36d4e0691 --- /dev/null +++ b/roles/minio/README.md @@ -0,0 +1,2 @@ +# TODO +- option to remove users \ No newline at end of file diff --git a/roles/minio/tasks/configure_minio_client.yml b/roles/minio/tasks/configure_minio_client.yml index fcfa7733a..2270d95d5 100644 --- a/roles/minio/tasks/configure_minio_client.yml +++ b/roles/minio/tasks/configure_minio_client.yml @@ -1,26 +1,30 @@ --- -- name: Download Minio Client - ansible.builtin.get_url: - url: "https://dl.min.io/client/mc/release/linux-amd64/{{ minio_client_version }}" - dest: "{{ minio_mc }}" - mode: '0700' - checksum: "{{ minio_client_checksum }}" +- name: Configure minio client + block: + - name: Download Minio Client + ansible.builtin.get_url: + url: "https://dl.min.io/client/mc/release/linux-amd64/{{ minio_client_version }}" + dest: "{{ minio_mc }}" + mode: '0700' + checksum: "{{ minio_client_checksum }}" -- name: Check if minio alias is set - ansible.builtin.command: "{{ minio_mc }} alias list {{ minio_alias }}" - changed_when: false - register: minio_alias_present - check_mode: false # always run its safe - failed_when: minio_alias_present.rc > 1 # rc 1 means alias not present thjats what we wanted to know + - name: Check if minio alias is set + ansible.builtin.command: "{{ minio_mc }} alias list {{ minio_alias }}" + changed_when: false + register: minio_alias_present + check_mode: false # always run its safe + failed_when: minio_alias_present.rc > 1 # rc 1 means alias not present thjats what we wanted to know -- name: Debug alias list - ansible.builtin.debug: - msg: "{{ minio_alias_present.rc }}" # stdout can contain password - verbosity: 2 + - name: Debug alias list + ansible.builtin.debug: + msg: "{{ minio_alias_present.rc }}" # stdout can contain password + verbosity: 2 -- name: Configure minio connection alias - ansible.builtin.command: "{{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" - register: alias_command - changed_when: false - failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' - when: minio_alias_present.rc == 1 \ No newline at end of file + - name: Configure minio connection alias + ansible.builtin.command: "{{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" + register: alias_command + changed_when: false + failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' + when: minio_alias_present.rc == 1 + + become: false # No mc client actions as root \ No newline at end of file From 6fdf653c8ea7dee138954cd8b42caa296c083967 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 16:30:23 +0100 Subject: [PATCH 34/44] do not become root --- roles/minio/tasks/configure_minio_client.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/minio/tasks/configure_minio_client.yml b/roles/minio/tasks/configure_minio_client.yml index 2270d95d5..c021ec713 100644 --- a/roles/minio/tasks/configure_minio_client.yml +++ b/roles/minio/tasks/configure_minio_client.yml @@ -23,7 +23,6 @@ - name: Configure minio connection alias ansible.builtin.command: "{{ minio_mc }} alias set {{ minio_alias }} {{ minio_url_local }} {{ minio_root_user }} {{ minio_root_password }}" register: alias_command - changed_when: false failed_when: '"Added `" + minio_alias + "` successfully" not in alias_command.stdout' when: minio_alias_present.rc == 1 From 5ebbd31134cafb8f0bfc1a26f785bea9edcfdd2c Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 16:32:57 +0100 Subject: [PATCH 35/44] do not become root --- roles/minio/tasks/create_users.yml | 41 ++++++++++++++++-------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/roles/minio/tasks/create_users.yml b/roles/minio/tasks/create_users.yml index 8fdfb3e1e..c92fd0644 100644 --- a/roles/minio/tasks/create_users.yml +++ b/roles/minio/tasks/create_users.yml @@ -1,21 +1,24 @@ -- name: Check whether user is already configured - ansible.builtin.command: "{{ minio_mc }} admin user info {{ minio_alias }} {{ user.name }}" - register: minio_user_present - changed_when: false - ignore_errors: true - failed_when: minio_user_present.rc > 1 # rc 1 means alias not present thjats what we wanted to know - -- name: create and configure users - when: - - minio_user_present.rc==1 - - '"Unable to get user info" in minio_user_present.stderr' +- name: Check and create users block: - - name: Create users - ansible.builtin.command: "{{ minio_mc }} admin user add {{ minio_alias }} {{ user.name }} {{ user.password }}" - register: minio_add_user - changed_when: '"Added user `" + user.name + "` successfully" in minio_add_user.stdout' + - name: Check whether user is already configured + ansible.builtin.command: "{{ minio_mc }} admin user info {{ minio_alias }} {{ user.name }}" + register: minio_user_present + changed_when: false + ignore_errors: true + failed_when: minio_user_present.rc > 1 # rc 1 means alias not present thjats what we wanted to know + + - name: create and configure users + when: + - minio_user_present.rc==1 + - '"Unable to get user info" in minio_user_present.stderr' + block: + - name: Create users + ansible.builtin.command: "{{ minio_mc }} admin user add {{ minio_alias }} {{ user.name }} {{ user.password }}" + register: minio_add_user + changed_when: '"Added user `" + user.name + "` successfully" in minio_add_user.stdout' - - name: Attach read write policy - ansible.builtin.command: "{{ minio_mc }} admin policy attach {{ minio_alias }} readwrite --user={{ user.name }}" - register: minio_attach_user - changed_when: '"Added user `" + user.name + "` successfully" in minio_add_user.stdout' + - name: Attach read write policy + ansible.builtin.command: "{{ minio_mc }} admin policy attach {{ minio_alias }} readwrite --user={{ user.name }}" + register: minio_attach_user + changed_when: '"Added user `" + user.name + "` successfully" in minio_add_user.stdout' + become: false # No mc client actions as root From 06a6ffd6ca96745ae0167cc71f5b1b33463aa3af Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Wed, 7 Jan 2026 16:34:14 +0100 Subject: [PATCH 36/44] no log --- roles/minio/tasks/create_users.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/minio/tasks/create_users.yml b/roles/minio/tasks/create_users.yml index c92fd0644..6cf56958d 100644 --- a/roles/minio/tasks/create_users.yml +++ b/roles/minio/tasks/create_users.yml @@ -16,6 +16,7 @@ ansible.builtin.command: "{{ minio_mc }} admin user add {{ minio_alias }} {{ user.name }} {{ user.password }}" register: minio_add_user changed_when: '"Added user `" + user.name + "` successfully" in minio_add_user.stdout' + no_log: true - name: Attach read write policy ansible.builtin.command: "{{ minio_mc }} admin policy attach {{ minio_alias }} readwrite --user={{ user.name }}" From 246025e9b27b9471f5f647d75b885c746a4b3bc1 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Thu, 8 Jan 2026 10:58:44 +0100 Subject: [PATCH 37/44] download client to homedir --- roles/minio/defaults/main.yml | 3 ++- roles/minio/tasks/configure_minio_client.yml | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml index 24ee80aba..2fbcbb776 100644 --- a/roles/minio/defaults/main.yml +++ b/roles/minio/defaults/main.yml @@ -6,7 +6,8 @@ minio_data_dir_oncontainer: "/data" # minio_root_password get from vault minio_url_local: "http://127.0.0.1:9000" minio_alias: "openconext" -minio_mc: "/usr/local/bin/mc" +minio_client_path: $HOME/minio-binaries" +minio_mc: "{{ minio_client_path }}/mc" minio_users: - { name: 'openconext', password: "{{ minio_passwords.openconext }}" } # set passwords in vault minio_client_checksum: "sha256:01f866e9c5f9b87c2b09116fa5d7c06695b106242d829a8bb32990c00312e891" diff --git a/roles/minio/tasks/configure_minio_client.yml b/roles/minio/tasks/configure_minio_client.yml index c021ec713..4241a46a7 100644 --- a/roles/minio/tasks/configure_minio_client.yml +++ b/roles/minio/tasks/configure_minio_client.yml @@ -1,6 +1,20 @@ --- - name: Configure minio client block: + + - name: Create directory for minio client + ansible.builtin.file: + path: "{{ minio_client_path }}" + state: directory + mode: '0700' + + - name: Download Minio Client + ansible.builtin.get_url: + url: "https://dl.min.io/client/mc/release/linux-amd64/{{ minio_client_version }}" + dest: "{{ minio_mc }}" + mode: '0700' + checksum: "{{ minio_client_checksum }}" + - name: Download Minio Client ansible.builtin.get_url: url: "https://dl.min.io/client/mc/release/linux-amd64/{{ minio_client_version }}" From 679c50b57b9988a03dbf3ad2efe1eaf5bf76f54a Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Thu, 8 Jan 2026 11:02:43 +0100 Subject: [PATCH 38/44] fix quote --- roles/minio/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml index 2fbcbb776..74a2561c0 100644 --- a/roles/minio/defaults/main.yml +++ b/roles/minio/defaults/main.yml @@ -6,7 +6,7 @@ minio_data_dir_oncontainer: "/data" # minio_root_password get from vault minio_url_local: "http://127.0.0.1:9000" minio_alias: "openconext" -minio_client_path: $HOME/minio-binaries" +minio_client_path: $HOME/minio-binaries minio_mc: "{{ minio_client_path }}/mc" minio_users: - { name: 'openconext', password: "{{ minio_passwords.openconext }}" } # set passwords in vault From 1192b7ae8f94d379ae1501097a7fd33e9f6becb4 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Thu, 8 Jan 2026 11:35:53 +0100 Subject: [PATCH 39/44] check client existence --- roles/minio/tasks/configure_minio_client.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/minio/tasks/configure_minio_client.yml b/roles/minio/tasks/configure_minio_client.yml index 4241a46a7..519cacbf0 100644 --- a/roles/minio/tasks/configure_minio_client.yml +++ b/roles/minio/tasks/configure_minio_client.yml @@ -8,12 +8,18 @@ state: directory mode: '0700' + - name: Check for presence Minio Client + ansible.builtin.stat: + path: "{{ minio_mc }}" + register: minio_client_status + - name: Download Minio Client ansible.builtin.get_url: url: "https://dl.min.io/client/mc/release/linux-amd64/{{ minio_client_version }}" dest: "{{ minio_mc }}" mode: '0700' checksum: "{{ minio_client_checksum }}" + when: not minio_client_status.stat.exists - name: Download Minio Client ansible.builtin.get_url: From 03b0a5604a167191e29261cd62ada3c180932fdb Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Thu, 8 Jan 2026 12:23:13 +0100 Subject: [PATCH 40/44] do some checks to avoid downlaod task fail --- roles/minio/defaults/main.yml | 2 +- roles/minio/tasks/configure_minio_client.yml | 29 ++++++++++++++------ 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/roles/minio/defaults/main.yml b/roles/minio/defaults/main.yml index 74a2561c0..cd6baacbe 100644 --- a/roles/minio/defaults/main.yml +++ b/roles/minio/defaults/main.yml @@ -11,4 +11,4 @@ minio_mc: "{{ minio_client_path }}/mc" minio_users: - { name: 'openconext', password: "{{ minio_passwords.openconext }}" } # set passwords in vault minio_client_checksum: "sha256:01f866e9c5f9b87c2b09116fa5d7c06695b106242d829a8bb32990c00312e891" -minio_client_version: "mc.RELEASE.2025-08-13T08-35-41Z" +minio_client_version: "RELEASE.2025-08-13T08-35-41Z" diff --git a/roles/minio/tasks/configure_minio_client.yml b/roles/minio/tasks/configure_minio_client.yml index 519cacbf0..e768339ff 100644 --- a/roles/minio/tasks/configure_minio_client.yml +++ b/roles/minio/tasks/configure_minio_client.yml @@ -8,25 +8,36 @@ state: directory mode: '0700' + # without these checks (is mc there and is it the desired version) the download minio client task will fail if + # the version we have defined is non existent in the minio repository, so lets check those before we + # continue to our Download Minio Client + - name: Check for presence Minio Client ansible.builtin.stat: path: "{{ minio_mc }}" - register: minio_client_status + register: minio_client_presence - - name: Download Minio Client - ansible.builtin.get_url: - url: "https://dl.min.io/client/mc/release/linux-amd64/{{ minio_client_version }}" - dest: "{{ minio_mc }}" - mode: '0700' - checksum: "{{ minio_client_checksum }}" - when: not minio_client_status.stat.exists + - name: Check version Minio Client + ansible.builtin.shell: + cmd: "{{ minio_mc }} --version | head -1 | awk -F ' ' '{ print $3 }'" + args: + executable: /bin/bash + changed_when: false + register: minio_client_current_version + + - name: Debug check version Minio Client + ansible.builtin.debug: + msg: "{{ minio_client_current_version }}" + verbosity: 2 - name: Download Minio Client ansible.builtin.get_url: - url: "https://dl.min.io/client/mc/release/linux-amd64/{{ minio_client_version }}" + url: "https://dl.min.io/client/mc/release/linux-amd64/mc.{{ minio_client_version }}" dest: "{{ minio_mc }}" mode: '0700' checksum: "{{ minio_client_checksum }}" + backup: true # always nice to have a backup + when: not minio_client_presence.stat.exists or minio_client_current_version.stdout != minio_client_version - name: Check if minio alias is set ansible.builtin.command: "{{ minio_mc }} alias list {{ minio_alias }}" From 600109efa84de723d3e62917577919d880565dba Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Thu, 8 Jan 2026 12:24:35 +0100 Subject: [PATCH 41/44] fix indentation issue --- roles/minio/tasks/configure_minio_client.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/minio/tasks/configure_minio_client.yml b/roles/minio/tasks/configure_minio_client.yml index e768339ff..729157b1c 100644 --- a/roles/minio/tasks/configure_minio_client.yml +++ b/roles/minio/tasks/configure_minio_client.yml @@ -20,9 +20,9 @@ - name: Check version Minio Client ansible.builtin.shell: cmd: "{{ minio_mc }} --version | head -1 | awk -F ' ' '{ print $3 }'" - args: - executable: /bin/bash - changed_when: false + args: + executable: /bin/bash + changed_when: false register: minio_client_current_version - name: Debug check version Minio Client From 8fc4b721eddd125a6e764c81f914e83397c2e1e1 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Fri, 30 Jan 2026 16:02:56 +0100 Subject: [PATCH 42/44] some unwanted changes from another branch sneaked their way in --- roles/mongodbdocker/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mongodbdocker/tasks/main.yml b/roles/mongodbdocker/tasks/main.yml index b159aa340..fcc667d54 100644 --- a/roles/mongodbdocker/tasks/main.yml +++ b/roles/mongodbdocker/tasks/main.yml @@ -20,7 +20,7 @@ - name: Create the MongoDB container community.docker.docker_container: name: openconext_mongodb - image: mongo:{{ mongodbdocker_version }} + image: bitnami/mongodb:7.0 state: started pull: true restart_policy: "always" From 260948eff8060a0ae0651a3346a6a702067ae75f Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Fri, 30 Jan 2026 16:04:14 +0100 Subject: [PATCH 43/44] some unwanted changes from another branch sneaked their way in --- provision.yml | 2 ++ roles/mongodbdocker/defaults/main.yml | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/provision.yml b/provision.yml index 731288369..51d8dc79d 100644 --- a/provision.yml +++ b/provision.yml @@ -143,3 +143,5 @@ become: true roles: - { role: minio, tags: ["minio"] } + +- import_playbook: "{{ environment_dir }}/playbook.yml" \ No newline at end of file diff --git a/roles/mongodbdocker/defaults/main.yml b/roles/mongodbdocker/defaults/main.yml index ee8af1e32..c0095f38b 100644 --- a/roles/mongodbdocker/defaults/main.yml +++ b/roles/mongodbdocker/defaults/main.yml @@ -1,3 +1,2 @@ replica_set_name: "{{ instance_name }}" docker_mongodb_network_range: "172.21.22.0/24" -mongodbdocker_version: "7.0.28" From a572b7d52962d1255ddfa95b0e45b05fd046f3d0 Mon Sep 17 00:00:00 2001 From: Chantal Rosmuller Date: Fri, 30 Jan 2026 16:05:51 +0100 Subject: [PATCH 44/44] some unwanted changes from another branch sneaked their way in --- provision.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provision.yml b/provision.yml index 51d8dc79d..b0ee5e173 100644 --- a/provision.yml +++ b/provision.yml @@ -144,4 +144,4 @@ roles: - { role: minio, tags: ["minio"] } -- import_playbook: "{{ environment_dir }}/playbook.yml" \ No newline at end of file +- import_playbook: "{{ environment_dir }}/playbook.yml"