Adding MINIO_SERVER_URL environment variable, so TLS certificates without IP Subject Alternative Names

ricsanfre · ricsanfre · commit d0a328451bbf · 2022-09-25T16:49:56.000+02:00
diff --git a/README.md b/README.md
@@ -81,6 +81,14 @@ Available variables are listed below along with default values (see `defaults\ma
     minio_cert: "{{ lookup('file','certificates/{{ inventory_hostname }}_public.crt') }}"
 
   ```
+
+  `minio_url_server` might be needed in case MinIO Server TLS certificates do not contain any IP Subject Alternative Names (SAN). See [MINIO_SERVER_URL environment variable definition](https://min.io/docs/minio/linux/reference/minio-server/minio-server.html#envvar.MINIO_SERVER_URL).
+
+  ```yml
+  minio_server_url: "https://minio.ricsanfre.com:{{ minio_server_port }}"
+  ```
+
+
 - Buckets to be created
   
   Variable `minio_buckets` create the list of provided buckets, and applying a specifc policy. For creating the buckets, a modified version of Ansible Module from Alexis Facques is used (https://github.com/alexisfacques/ansible-module-s3-minio-bucket)
@@ -232,6 +240,7 @@ It also create some buckets and users with proper ACLs
       minio_root_user: "miniadmin"
       minio_root_password: "supers1cret0"
       minio_enable_tls: true
+      minio_server_url: "https://{{ server_hostname }}:{{ minio_server_port }}"
       minio_buckets:
         - name: bucket1
           policy: read-write
@@ -265,7 +274,6 @@ Where `generate_selfsigned_cert.yml` contain the tasks for generating a Private
     path: "certificates/{{ inventory_hostname }}_cert.csr"
     privatekey_path: "certificates/{{ inventory_hostname }}_private.key"
     common_name: "{{ server_hostname }}"
-    subject_alt_name: "IP:{{ ansible_default_ipv4.address }}"
 
 - name: Create certificates for keystore
   openssl_certificate:
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -46,6 +46,7 @@ minio_root_password: ""
 minio_enable_tls: false
 minio_key: ""
 minio_cert: ""
+minio_server_url: ""
 
 # Buckets
 minio_buckets: []
diff --git a/molecule/tls/converge.yml b/molecule/tls/converge.yml
@@ -4,7 +4,7 @@
   become: true
   gather_facts: true
   vars:
-    server_hostname: minio.picluster.ricsanfre.com
+    server_hostname: minio.ricsanfre.com
     ssl_key_size: 4096
     ssl_certificate_provider: selfsigned
 
@@ -25,6 +25,7 @@
       minio_root_user: "miniadmin"
       minio_root_password: "supers1cret0"
       minio_enable_tls: true
+      minio_server_url: "https://{{ server_hostname }}:{{ minio_server_port }}"
       minio_validate_certificate: false
       minio_buckets:
         - name: bucket1
diff --git a/molecule/tls/molecule.yml b/molecule/tls/molecule.yml
@@ -8,7 +8,7 @@ lint: |
 driver:
   name: docker
 platforms:
-  - name: instance
+  - name: minio.ricsanfre.com
     image: "ricsanfre/docker-${MOLECULE_DISTRO:-ubuntu}-ansible:${MOLECULE_RELEASE:-latest}"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
diff --git a/molecule/tls/tasks/generate_selfsigned_cert.yml b/molecule/tls/tasks/generate_selfsigned_cert.yml
@@ -10,7 +10,7 @@
     path: "certificates/{{ inventory_hostname }}_cert.csr"
     privatekey_path: "certificates/{{ inventory_hostname }}_private.key"
     common_name: "{{ server_hostname }}"
-    subject_alt_name: "IP:{{ ansible_default_ipv4.address }}"
+#    subject_alt_name: "IP:{{ ansible_default_ipv4.address }}"
 
 - name: Create certificates for keystore
   openssl_certificate:
diff --git a/templates/minio.env.j2 b/templates/minio.env.j2
@@ -22,3 +22,9 @@ MINIO_SITE_REGION="{{ minio_site_region }}"
 {% endif %}
 
 {{ minio_server_env_extra }}
+
+{% if minio_server_url | length > 0 %}
+# Minio server URL
+MINIO_SERVER_URL="{{ minio_server_url }}"
+
+{% endif %}
