minio: Install and configure MinIO
[MinIO][0] is an S3-compatible object storage server. It is designed to provide storage for cloud-native applications for on-premises deployments. MinIO has not been packaged for Fedora (yet?). As such, the best way to deploy it is usining its official container image. Here, we are using `podman-systemd-generator` (Quadlet) to generate a systemd service unit to manage the container process.
This commit is contained in:
34
roles/minio/templates/minio.container.j2
Normal file
34
roles/minio/templates/minio.container.j2
Normal file
@@ -0,0 +1,34 @@
|
||||
[Unit]
|
||||
Description=MinIO Object Storage
|
||||
Wants=network.target
|
||||
After=network.target
|
||||
|
||||
[Container]
|
||||
Image={{ minio_container_image }}:{{ minio_version }}
|
||||
Exec=server /data --certs-dir /certs
|
||||
User=224
|
||||
Group=224
|
||||
EnvironmentFile=/etc/sysconfig/minio
|
||||
Volume={{ minio_storage_path }}:/data:rw,Z
|
||||
Volume=/etc/minio/certs:/certs:ro,z
|
||||
Network=host
|
||||
NoNewPrivileges=yes
|
||||
|
||||
[Service]
|
||||
MemoryDenyWriteExecute=yes
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectHome=yes
|
||||
ProtectKernelLogs=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectProc=invisible
|
||||
ProtectSystem=strict
|
||||
ReadWritePaths=/var/lib/containers/storage
|
||||
ReadWritePaths={{ minio_storage_path }}
|
||||
RestrictRealtime=yes
|
||||
RestrictSUIDSGID=yes
|
||||
UMask=0077
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user