refactor(objstore): extract MinIO into dedicated role 'web-app-minio' and adjust AI role

• Rename ports: web-app-ai_minio_* → web-app-minio_* in group_vars • Remove MinIO from web-app-ai (service, volumes, ENV) • Add new role web-app-minio (config, tasks, compose, env, vars) incl. front-proxy matrix • AI role: front-proxy loop via matrix; unify domain/port vars (OPENWEBUI/Flowise *_PORT_PUBLIC/_PORT_INTERNAL, *_DOMAIN) • Update compose templates accordingly Ref: https://chatgpt.com/share/68d15cb8-cf18-800f-b853-78962f751f81
2025-09-24 11:06:24 +02:00 · 2025-09-22 16:27:51 +02:00
parent 4b56ab3d18
commit 3dc2fbd47c
11 changed files with 145 additions and 60 deletions
--- a/roles/web-app-minio/config/main.yml
+++ b/roles/web-app-minio/config/main.yml
@@ -0,0 +1,40 @@
+features:
+  matomo:           true
+  css:              true
+  desktop:          true
+  central_database: true
+  logout:           true
+  javascript:       false
+server:
+  domains:
+    canonical:
+      console:  "console.s3.{{ PRIMARY_DOMAIN }}"
+      api:      "api.s3.{{ PRIMARY_DOMAIN }}"
+    aliases: []
+  csp:
+    flags: []
+      #script-src-elem:
+      #  unsafe-inline:  true
+      #script-src:
+      #  unsafe-inline:  true
+      #  unsafe-eval:    true
+      #style-src:
+      #  unsafe-inline:  true
+    whitelist:
+      font-src: [] 
+      connect-src: [] 
+docker:
+  services:
+    minio:
+      backup:
+        no_stop_required: true
+      image:   quay.io/minio/minio:latest
+      version: latest
+      name:    minio
+    redis:
+      enabled: false
+    database:
+      enabled: false
+  volumes: 
+    data:      minio_data
+credentials: {}
--- a/roles/web-app-minio/tasks/main.yml
+++ b/roles/web-app-minio/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: "load docker and db for {{ application_id }}"
+  include_role:
+    name: sys-stk-back-stateless
+  vars:
+    docker_compose_flush_handlers: true
+
+- name: "Include role sys-stk-front-proxy for each UI domain"
+  include_role:
+    name: sys-stk-front-proxy
+  vars:
+    domain:    "{{ item.domain }}"
+    http_port: "{{ item.http_port }}"
+  loop: "{{ MINIO_FRONT_PROXY_MATRIX }}"
+  loop_control:
+    label: "{{ item.domain }} -> {{ item.http_port }}"
--- a/roles/web-app-minio/templates/docker-compose.yml.j2
+++ b/roles/web-app-minio/templates/docker-compose.yml.j2
@@ -0,0 +1,17 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+
+  minio:
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    image: {{ MINIO_IMAGE }}:{{ MINIO_VERSION }}
+    container_name: {{ MINIO_CONTAINER }}
+    ports:
+      - "127.0.0.1:{{ MINIO_API_PORT_PUBLIC }}:{{ MINIO_API_PORT_INTERNAL }}"
+      - "127.0.0.1:{{ MINIO_CONSOLE_PORT_PUBLIC }}:{{ MINIO_CONSOLE_PORT_INTERNAL }}"
+    command: server /data --console-address ":{{ MINIO_CONSOLE_PORT_INTERNAL }}"
+    volumes:
+      - data:/data
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+    name: {{ MINIO_VOLUME }}
--- a/roles/web-app-minio/templates/env.J2
+++ b/roles/web-app-minio/templates/env.J2
@@ -0,0 +1,3 @@
+# MINIO
+MINIO_ROOT_USER=admin
+MINIO_ROOT_PASSWORD=adminadmin
--- a/roles/web-app-minio/vars/main.yml
+++ b/roles/web-app-minio/vars/main.yml
@@ -0,0 +1,31 @@
+# General
+application_id:                       "web-app-minio"
+
+# Docker
+docker_pull_git_repository:           false
+docker_compose_file_creation_enabled: true
+
+# MINIO
+# https://www.min.io/
+MINIO_VERSION:                  "{{ applications | get_app_conf(application_id, 'docker.services.minio.version') }}"
+MINIO_IMAGE:                    "{{ applications | get_app_conf(application_id, 'docker.services.minio.image') }}"
+MINIO_CONTAINER:                "{{ applications | get_app_conf(application_id, 'docker.services.minio.name') }}"
+MINIO_VOLUME:                   "{{ applications | get_app_conf(application_id, 'docker.volumes.minio') }}"
+
+## Api
+MINIO_API_DOMAIN:               "{{ applications | get_app_conf(application_id, 'server.domains.canonical.api') }}"
+MINIO_API_PORT_INTERNAL:        9000
+MINIO_API_PORT_PUBLIC:          "{{ ports.localhost.http[application_id ~ '_api'] }}"
+
+## Console
+MINIO_CONSOLE_DOMAIN:           "{{ applications | get_app_conf(application_id, 'server.domains.canonical.console') }}"
+MINIO_CONSOLE_PORT_INTERNAL:    9001
+MINIO_CONSOLE_PORT_PUBLIC:      "{{ ports.localhost.http[application_id ~ '_console'] }}"
+
+MINIO_FRONT_PROXY_MATRIX: >-
+  {{
+    [
+      { 'domain': MINIO_CONSOLE_DOMAIN:, 'http_port': MINIO_CONSOLE_PORT_PUBLIC },
+      { 'domain': MINIO_API_DOMAIN,   'http_port': MINIO_API_PORT_PUBLIC }
+    ]
+  }}