Adding IaC_httptest

playbooks/IaC_httptest.yml

@@ -0,0 +1,118 @@
+---
+- hosts: bulletin-board
+  become: true
+  become_method: sudo
+  become_user:
+  vars:
+    httptest_user_www: "/home/httptest/www"
+  vars_prompt:
+    - name: httptest_password
+      prompt: "Enter httptest Password: "
+      private: true
+      encrypt: sha512_crypt
+      confirm: true
+      salt_size: 7
+  tasks:
+    - name: Create httptest user
+      ansible.builtin.user:
+        name: httptest
+        password: "{{ httptest_password }}"
+        comment: "Podman user for httpd test host"
+        uid: 2000
+
+    - name: Make .bashrc.d directory for httptest user
+      ansible.builtin.file:
+        path: /home/httptest/.bashrc.d
+        owner: httptest
+        group: httptest
+        mode: "0750"
+        state: directory
+
+    - name: Set XDG_RUNTIME_DIR var for httptest user
+      ansible.builtin.lineinfile:
+        path: /home/httptest/.bashrc.d/systemd
+        owner: httptest
+        group: httptest
+        mode: "0750"
+        line: "export XDG_RUNTIME_DIR=/run/user/2000"
+        create: true
+
+    - name: Allow httptest user to linger
+      ansible.builtin.shell:
+        cmd: "loginctl enable-linger 2000"
+      
+    - name: Make www directory for httptest user
+      ansible.builtin.file:
+        path: "{{ httptest_user_www }}"
+        owner: httptest
+        group: httptest
+        mode: "0750"
+        state: directory
+
+    - name: Make index.html file
+      ansible.builtin.lineinfile:
+        path: "{{ httptest_user_www }}/index.html"
+        owner: httptest
+        group: httptest
+        mode: "0750"
+        line: "<!DOCTYPE html><html><body><h1>TEST</h1></body></html>"
+        create: true
+
+    - name: Write subuid user entry for httptest
+      ansible.builtin.lineinfile:
+        path: /etc/subuid
+        line: "httptest:100000:2000"
+        insertafter: EOF
+        create: true
+        state: present
+
+    - name: Write subgid user entry for httptest
+      ansible.builtin.lineinfile:
+        path: /etc/subgid
+        line: "httptest:100000:2000"
+        insertafter: EOF
+        create: true
+        state: present
+
+    - name: Configure firewalld for httpd
+      ansible.posix.firewalld:
+        service: http
+        state: enabled
+        permanent: true
+        immediate: true
+
+    - name: Build httpd quadlet
+      containers.podman.podman_container:
+        name: httptest
+        image: "docker.io/library/httpd:latest"
+        state: quadlet
+        quadlet_filename: "httptest-quadlet"
+        quadlet_file_mode: "0640"
+        rm: false
+        ports: 80:80
+        volumes:
+          - "{{ httptest_user_www }}:/usr/local/apache2/htdocs"
+        quadlet_options:
+          - "AutoUpdate=registry"
+          - "Pull=newer"
+          - |
+            [Install]
+            WantedBy=default.target
+          - |
+            [Unit]
+            Description=httpd Test Quadlet
+            After=home.mount
+      become_user: "httptest"
+
+    - name: Run systemctl --user daemon-reload
+      ansible.builtin.systemd_service:
+        daemon_reload: true
+        scope: user
+      become_user: "httptest"
+
+    - name: Run systemctl --user start for httptest-quadlet
+      ansible.builtin.systemd_service:
+        name: "httptest-quadlet.service"
+        scope: user
+        state: started
+      become_user: "httptest"