feat(garage): add provisioning of and bootstraping

2025-12-18 11:34:09 +01:00 · 2025-12-18 11:34:09 +01:00 · 19986e1205
commit 19986e1205
parent 188a6f539f
4 changed files with 194 additions and 5 deletions
--- a/roles/garage/tasks/provision.yml
+++ b/roles/garage/tasks/provision.yml
@ -0,0 +1,95 @@
+# S3 keys and buckets tasks
+- name: Get list of existing S3 keys
+  community.docker.docker_container_exec:
+    container: "{{ garage_service_name }}"
+    command: /garage key list
+  register: _existing_keys_output
+  when: garage_s3_keys | length > 0
+
+- name: Parse existing key names
+  ansible.builtin.set_fact:
+    _existing_keys: "{{ _existing_keys_output.stdout_lines[1:] | select('match', '^GK') | map('regex_replace', '^\\S+\\s+\\S+\\s+(\\S+)\\s+.*$', '\\1') | list }}"
+  when: garage_s3_keys | length > 0
+
+- name: Create S3 keys
+  community.docker.docker_container_exec:
+    container: "{{ garage_service_name }}"
+    command: /garage key create {{ item.name }}
+  loop: "{{ garage_s3_keys }}"
+  register: _key_create_result
+  when:
+    - garage_s3_keys | length > 0
+    - item.name not in _existing_keys
+
+- name: Get key IDs for all keys
+  community.docker.docker_container_exec:
+    container: "{{ garage_service_name }}"
+    command: /garage key info {{ item.name }}
+  loop: "{{ garage_s3_keys }}"
+  register: _key_info_results
+  when: garage_s3_keys | length > 0
+
+- name: Extract key IDs from info
+  ansible.builtin.set_fact:
+    _key_id_map: "{{ _key_id_map | default({}) | combine({item.item.name: item.stdout | regex_search('Key ID:\\s+(\\S+)', '\\1') | first}) }}"
+  loop: "{{ _key_info_results.results }}"
+  when:
+    - garage_s3_keys | length > 0
+    - item.stdout is defined
+
+- name: Get list of existing buckets
+  community.docker.docker_container_exec:
+    container: "{{ garage_service_name }}"
+    command: /garage bucket list
+  register: _existing_buckets_output
+  when: garage_s3_keys | length > 0
+
+- name: Parse existing bucket names
+  ansible.builtin.set_fact:
+    _existing_buckets: "{{ _existing_buckets_output.stdout_lines[2:] | map('split') | map('first') | list }}"
+  when: garage_s3_keys | length > 0
+
+- name: Get unique bucket names
+  ansible.builtin.set_fact:
+    _unique_buckets: "{{ garage_s3_keys | subelements('buckets', skip_missing=True) | map(attribute='1.name') | unique | list }}"
+  when: garage_s3_keys | length > 0
+
+- name: Create buckets
+  community.docker.docker_container_exec:
+    container: "{{ garage_service_name }}"
+    command: /garage bucket create {{ item }}
+  loop: "{{ _unique_buckets }}"
+  when:
+    - garage_s3_keys | length > 0
+    - item not in _existing_buckets
+  failed_when: false
+
+- name: Set bucket permissions using key IDs
+  community.docker.docker_container_exec:
+    container: "{{ garage_service_name }}"
+    command: /garage bucket allow {{ item.1.name }} {% for perm in item.1.permissions %}--{{ perm }} {% endfor %}--key {{ _key_id_map[item.0.name] }}
+  loop: "{{ garage_s3_keys | subelements('buckets', skip_missing=True) }}"
+  when: garage_s3_keys | length > 0
+
+# Export key credentials for use by other roles
+- name: Get detailed key information for all keys
+  community.docker.docker_container_exec:
+    container: "{{ garage_service_name }}"
+    command: /garage key info {{ item.name }}
+  loop: "{{ garage_s3_keys }}"
+  register: _key_details_results
+  when: garage_s3_keys | length > 0
+
+- name: Build garage S3 credentials map
+  ansible.builtin.set_fact:
+    garage_s3_credentials: "{{ garage_s3_credentials | default({}) | combine({item.item.name: {'key_id': item.stdout | regex_search('Key ID:\\s+(\\S+)', '\\1') | first, 'secret_key': item.stdout | regex_search('Secret key:\\s+(\\S+)', '\\1') | first}}) }}"
+  loop: "{{ _key_details_results.results }}"
+  when:
+    - garage_s3_keys | length > 0
+    - item.stdout is defined
+
+- name: Export garage S3 credentials as cacheable fact
+  ansible.builtin.set_fact:
+    garage_s3_credentials: "{{ garage_s3_credentials }}"
+    cacheable: true
+  when: garage_s3_keys | length > 0