r/minio: Update container unit for Podman 5

Modern versions of Podman use Netavark, which needs to write various files on the host file system (even when the container uses the host's network namespace).
2024-08-31 18:59:28 -05:00 · 2024-08-31 18:59:28 -05:00 · 7ec7cad26a
parent 623f652e0d
commit 7ec7cad26a
2 changed files with 6 additions and 0 deletions
--- a/roles/minio/tasks/deploy.yml
+++ b/roles/minio/tasks/deploy.yml
@ -102,6 +102,8 @@

 - name: flush_handlers
  meta: flush_handlers
+  tags:
+  - always

 - name: ensure minio.service is running
  systemd:
--- a/roles/minio/templates/minio.container.j2
+++ b/roles/minio/templates/minio.container.j2
@ -2,6 +2,7 @@
 Description=MinIO Object Storage
 Wants=network-online.target
 After=network-online.target
+RequiresMountsFor={{ minio_storage_path }}

 [Container]
 Image={{ minio_container_image }}:{{ minio_version }}
@ -27,6 +28,9 @@ ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectProc=invisible
 ProtectSystem=strict
+ReadWritePaths=/etc/minio/certs
+ReadWritePaths=/etc/containers/networks
+ReadWritePaths=/run
 ReadWritePaths=/var/lib/containers/storage
 ReadWritePaths={{ minio_storage_path }}
 RestrictRealtime=yes