chore: sync staging workspace

deployment/ansible/roles/minio/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+minio_stack_path: "{{ stacks_base_path }}/minio"
+minio_wait_timeout: "{{ wait_timeout | default(60) }}"
+minio_wait_interval: 5
+minio_env_template: "{{ role_path }}/../../templates/minio.env.j2"
+minio_vault_file: "{{ role_path }}/../../secrets/production.vault.yml"

deployment/ansible/roles/minio/tasks/main.yml

@@ -0,0 +1,90 @@
+---
+- name: Check if MinIO vault file exists
+  stat:
+    path: "{{ minio_vault_file }}"
+  delegate_to: localhost
+  register: minio_vault_stat
+  become: no
+
+- name: Optionally load MinIO secrets from vault
+  include_vars:
+    file: "{{ minio_vault_file }}"
+  when: minio_vault_stat.stat.exists
+  no_log: yes
+  delegate_to: localhost
+  become: no
+
+- name: Set MinIO root password from vault or generate
+  set_fact:
+    minio_root_password: "{{ vault_minio_root_password | default(lookup('password', '/dev/null length=32 chars=ascii_letters,digits,punctuation')) }}"
+  no_log: yes
+
+- name: Set MinIO root user from vault or use default
+  set_fact:
+    minio_root_user: "{{ vault_minio_root_user | default('minioadmin') }}"
+  no_log: yes
+
+- name: Ensure MinIO stack directory exists
+  file:
+    path: "{{ minio_stack_path }}"
+    state: directory
+    mode: '0755'
+
+- name: Create MinIO stack .env file
+  template:
+    src: "{{ minio_env_template }}"
+    dest: "{{ minio_stack_path }}/.env"
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    mode: '0600'
+
+- name: Deploy MinIO stack
+  community.docker.docker_compose_v2:
+    project_src: "{{ minio_stack_path }}"
+    state: present
+    pull: always
+  register: minio_compose_result
+
+- name: Check MinIO container status
+  shell: |
+    docker compose -f {{ minio_stack_path }}/docker-compose.yml ps minio | grep -Eiq "Up|running"
+  register: minio_state
+  changed_when: false
+  until: minio_state.rc == 0
+  retries: "{{ ((minio_wait_timeout | int) + (minio_wait_interval | int) - 1) // (minio_wait_interval | int) }}"
+  delay: "{{ minio_wait_interval | int }}"
+  failed_when: minio_state.rc != 0
+  when: not ansible_check_mode
+
+- name: Check MinIO logs for readiness
+  shell: docker compose logs minio 2>&1 | grep -Ei "(API:|WebUI:|MinIO Object Storage Server)" || true
+  args:
+    chdir: "{{ minio_stack_path }}"
+  register: minio_logs
+  until: minio_logs.stdout != ""
+  retries: 6
+  delay: 10
+  changed_when: false
+  failed_when: false
+  when: not ansible_check_mode
+
+- name: Verify MinIO health endpoint
+  uri:
+    url: "http://127.0.0.1:9000/minio/health/live"
+    method: GET
+    status_code: [200, 404, 502, 503]
+    timeout: 5
+  register: minio_health_check
+  ignore_errors: yes
+  changed_when: false
+  when: not ansible_check_mode
+
+- name: Display MinIO status
+  debug:
+    msg: "MinIO health check: {{ 'SUCCESS' if minio_health_check.status == 200 else 'FAILED - Status: ' + (minio_health_check.status|string) }}"
+  when: not ansible_check_mode
+
+- name: Record MinIO deployment facts
+  set_fact:
+    minio_stack_changed: "{{ minio_compose_result.changed | default(false) }}"
+    minio_health_status: "{{ minio_health_check.status | default('unknown') }}"