dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

r/minio: Update container unit for Podman 5 

Modern versions of Podman use Netavark, which needs to write various
files on the host file system (even when the container uses the
host's network namespace).
frigate-exporter
Dustin 2024-08-31 18:59:28 -05:00
parent 623f652e0d
commit 7ec7cad26a
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/minio/tasks/deploy.yml
View File

@ -102,6 +102,8 @@
- name: flush_handlers - name: flush_handlers
meta: flush_handlers meta: flush_handlers
tags:
- always
- name: ensure minio.service is running - name: ensure minio.service is running
systemd: systemd:

4
roles/minio/templates/minio.container.j2
View File

@ -2,6 +2,7 @@
Description=MinIO Object Storage Description=MinIO Object Storage
Wants=network-online.target Wants=network-online.target
After=network-online.target After=network-online.target
RequiresMountsFor={{ minio_storage_path }}
[Container] [Container]
Image={{ minio_container_image }}:{{ minio_version }} Image={{ minio_container_image }}:{{ minio_version }}
@ -27,6 +28,9 @@ ProtectKernelModules=yes
ProtectKernelTunables=yes ProtectKernelTunables=yes
ProtectProc=invisible ProtectProc=invisible
ProtectSystem=strict ProtectSystem=strict
ReadWritePaths=/etc/minio/certs
ReadWritePaths=/etc/containers/networks
ReadWritePaths=/run
ReadWritePaths=/var/lib/containers/storage ReadWritePaths=/var/lib/containers/storage
ReadWritePaths={{ minio_storage_path }} ReadWritePaths={{ minio_storage_path }}
RestrictRealtime=yes RestrictRealtime=yes