dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
1,033 Commits
14 Branches
0 Tags
7.3 MiB
Commit Graph

9 Commits (143c96074ed66636207456c0993654dd4b84cca4)

Author SHA1 Message Date
Dustin 7854a729b7 r/minio: Add option to disable firewall rules 
If MinIO is behind a reverse proxy, we do not want to expose it directly
to the network.
 2024-09-01 08:59:28 -05:00
Dustin 7ec7cad26a r/minio: Update container unit for Podman 5 
Modern versions of Podman use Netavark, which needs to write various
files on the host file system (even when the container uses the
host's network namespace).
 2024-09-01 08:59:28 -05:00
Dustin 623f652e0d r/minio: Add additional configuration options 
If the `minio_address` variable is specified, it will be passed with the
`--address` argument to `minio server`.  This allows controlling the
socket the server binds to and listens on.

The `minio_browser_redirect_url` can be specified to populate the
similarly-named environment variable, which configures how MinIO serves
the web UI.

The `minio_domain` variable sets the `MINIO_DOMAIN` environment
variable, which enables DNS names (subdomains) for buckets, i.e.
`{bucket_name}.{MINIO_DOMAIN}`.
 2024-09-01 08:59:28 -05:00
Dustin b5eac25f14 r/minio: Fix ExecReload command 
Sending SIGHUP to the main PID (i.e. conmon) ends up stopping the
service.  What we really want is to send the signal to main PID _inside_
the container.  We can achieve this by using `podman kill` instead of
`kill`.
 2024-06-23 10:43:15 -05:00
Dustin 823d899e9e r/minio: Start more reliably on boot 
The MinIO service often fails to start from a cold boot.  Delaying
starting the service until the network is online, plus increasing the
startup timeout, should help with this.  If not, enabling auto restart
will let systemd try to start the service again if it still fails to
come up on time.
 2024-01-21 15:53:33 -06:00
Dustin 0037a3c281 r/minio: Reload server after changing cert 
MinIO is supposed to automatically reload itself when the certificate
changes, but this does not appear to happen in all cases.  To ensure the
updated certificate gets used, we need to send SIGHUP to the MinIO
server process.
 2023-09-22 07:29:05 -05:00
Dustin b05edbf7fb r/minio: Configure firewall 
The firewall needs to allow inbound connections to the MinIO HTTP API
and web UI ports.
 2023-06-08 10:07:32 -05:00
Dustin c0bb387b18 metricspi: Scrape metrics from MinIO backup storage 
MinIO exposes metrics in Prometheus exposition format.  By default, it
requires an authentication token to access the metrics, but I was unable
to get this to work.  Fortunately, it can be configured to allow
anonymous access to the metrics, which is fine, in my opinion.
 2023-05-22 21:19:25 -05:00
Dustin f54bc44a48 minio: Install and configure MinIO 
[MinIO][0] is an S3-compatible object storage server.  It is designed to
provide storage for cloud-native applications for on-premises
deployments.

MinIO has not been packaged for Fedora (yet?).  As such, the best way to
deploy it is usining its official container image.  Here, we are using
`podman-systemd-generator` (Quadlet) to generate a systemd service
unit to manage the container process.
 2023-05-09 21:37:46 -05:00