senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/infra/ansible/roles/minio_distributed/defaults/main.yml
senke d86815561c
Some checks failed
Veza CI / Rust (Stream Server) (push) Successful in 5m21s
Details
Security Scan / Secret Scanning (gitleaks) (push) Failing after 54s
Details
Veza CI / Backend (Go) (push) Failing after 8m27s
Details
Veza CI / Notify on failure (push) Successful in 6s
Details
E2E Playwright / e2e (full) (push) Failing after 12m42s
Details
Veza CI / Frontend (Web) (push) Successful in 15m49s
Details
feat(infra): MinIO distributed EC:2 + migration script (W3 Day 12) 
Four-node distributed MinIO cluster, single erasure set EC:2, tolerates
2 simultaneous node losses. 50% storage efficiency. Pinned to
RELEASE.2025-09-07T16-13-09Z to match docker-compose so dev/prod
parity is preserved.

- infra/ansible/roles/minio_distributed/ : install pinned binary,
  systemd unit pointed at MINIO_VOLUMES with bracket-expansion form,
  EC:2 forced via MINIO_STORAGE_CLASS_STANDARD. Vault assertion
  blocks shipping placeholder credentials to staging/prod.
- bucket init : creates veza-prod-tracks, enables versioning, applies
  lifecycle.json (30d noncurrent expiry + 7d abort-multipart). Cold-tier
  transition ready but inert until minio_remote_tier_name is set.
- infra/ansible/playbooks/minio_distributed.yml : provisions the 4
  containers, applies common baseline + role.
- infra/ansible/inventory/lab.yml : new minio_nodes group.
- infra/ansible/tests/test_minio_resilience.sh : kill 2 nodes,
  verify EC:2 reconstruction (read OK + checksum matches), restart,
  wait for self-heal.
- scripts/minio-migrate-from-single.sh : mc mirror --preserve from
  the single-node bucket to the new cluster, count-verifies, prints
  rollout next-steps.
- config/prometheus/alert_rules.yml : MinIODriveOffline (warn) +
  MinIONodesUnreachable (page) — page fires at >= 2 nodes unreachable
  because that's the redundancy ceiling for EC:2.
- docs/ENV_VARIABLES.md §12 : MinIO migration cross-ref.

Acceptance (Day 12) : EC:2 survives 2 concurrent kills + self-heals.
Lab apply pending. No backend code change — interface stays AWS S3.

W3 progress : Redis Sentinel ✓ (Day 11), MinIO distribué ✓ (this),
CDN  Day 13, DMCA  Day 14, embed  Day 15.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-28 13:46:42 +02:00

48 lines
2.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# minio_distributed defaults — 4-node distributed MinIO with EC:2
# (single erasure set: 4 drives = 2 data + 2 parity, tolerates 2
# simultaneous drive/node losses, 50% storage efficiency).
#
# Pinned to the same release as docker-compose so dev / prod parity
# is preserved (a sneaky bucket-policy regression in a newer MinIO
# release would otherwise show up first in prod).
---
minio_version: "RELEASE.2025-09-07T16-13-09Z"
minio_arch: amd64
minio_port: 9000 # S3 API
minio_console_port: 9001 # Web console
minio_data_path: /var/lib/minio
minio_etc: /etc/minio
# Erasure-coding parity. With 4 drives in the set the only viable
# values are EC:2 (default) and EC:4 (mirror — wastes capacity).
# EC:2 = 4 drives × 0.5 = 2 drives' worth of data, lose-2 OK.
minio_storage_class_standard: "EC:2"
# Auth — placeholders. Override via Vault before applying to staging
# or prod. The first task asserts these were overridden.
minio_root_user: "CHANGE_ME_VAULT"
minio_root_password: "CHANGE_ME_VAULT_PASSWORD"
# Bucket layout — `veza-prod-tracks` is the prod bucket holding
# original audio files + HLS segments. Lifecycle policy lives in
# templates/lifecycle.json.j2.
minio_bucket_tracks: "veza-prod-tracks"
# Versioning retention for noncurrent versions of objects in the
# tracks bucket. After this many days, expired noncurrent versions
# are deleted. Keeps the bucket from growing unbounded under writers
# that occasionally overwrite (album re-releases, re-encoded HLS).
minio_noncurrent_version_expiry_days: 30
# Object age threshold for "cold" tier transition. v1.0 has no
# remote tier configured (no Glacier / B2 backing yet) so this
# directive is a placeholder — the lifecycle.json.j2 template emits
# a *delete-marker expiration* rule by default and only emits a
# transition rule if `minio_remote_tier_name` is non-empty.
minio_cold_tier_after_days: 90
minio_remote_tier_name: "" # e.g. "GLACIER" once a remote tier is wired
# `mc` (MinIO client) version used by the init task to create the
# bucket + apply lifecycle. Pinned to the release matching the server.
minio_mc_version: "RELEASE.2025-09-07T05-25-40Z"
Reference in a new issue View git blame Copy permalink