--- - hosts: beachsidelibrary become: true become_method: sudo become_user: root vars: postgres_device: "/dev/vdc" postgres_vg_name: "vg_postgres" postgres_lv_name: "lv_pgdata" postgres_data_directory: "/pgdata" mysql_device: "/dev/vdd" mysql_vg_name: "vg_mysql" mysql_lv_name: "lv_mysql_data" mysql_data_directory: "/mysql_data" vars_prompt: - name: psql_password prompt: "Enter psql Password: " private: true encrypt: sha512_crypt confirm: true salt_size: 7 - name: mysql_password prompt: "Enter mysql Password: " private: true encrypt: sha512_crypt confirm: true salt_size: 7 tasks: - name: Create psql user ansible.builtin.user: name: psql password: "{{ psql_password }}" comment: "Podman user for Postgresql Database" uid: 2000 - name: Allow psql user to linger ansible.builtin.shell: cmd: "loginctl enable-linger 2000" - name: Build /pgdata mount ansible.builtin.import_role: name: make_lvm_mount vars: device_name: "{{ postgres_device }}" vg_name: "{{ postgres_vg_name }}" lvs: - lv_name: "{{ postgres_lv_name }}" lv_size: "100%FREE" directories: - name: "{{ postgres_data_directory }}" owner: psql group: psql mode: "0755" lv: "{{ postgres_lv_name }}" - name: Create mysql user ansible.builtin.user: name: mysql password: "{{ mysql_password }}" comment: "Podman user for MySQL Database" uid: 2001 - name: Allow mysql user to linger ansible.builtin.shell: cmd: "loginctl enable-linger 2001" - name: Build /mysql_data mount ansible.builtin.import_role: name: make_lvm_mount vars: device_name: "{{ mysql_device }}" vg_name: "{{ mysql_vg_name }}" lvs: - lv_name: "{{ mysql_lv_name }}" lv_size: "100%FREE" directories: - name: "{{ mysql_data_directory }}" owner: mysql group: mysql mode: "0755" lv: "{{ mysql_lv_name }}" - name: Write subuid user entry for psql ansible.builtin.lineinfile: path: /etc/subuid line: "psql:100000:2000" insertafter: EOF create: true state: present - name: Write subuid user entry for mysql ansible.builtin.lineinfile: path: /etc/subuid line: "mysql:102000:2000" insertafter: EOF create: true state: present - name: Write subgid group entry for psql ansible.builtin.lineinfile: path: /etc/subgid line: "psql:100000:2000" insertafter: EOF create: true state: present - name: Write subgid group entry for mysql ansible.builtin.lineinfile: path: /etc/subgid line: "mysql:102000:2000" insertafter: EOF create: true state: present - name: Configure firewalld for postgres ansible.posix.firewalld: service: postgresql state: enabled permanent: true immediate: true - name: Configure firewalld for mysql ansible.posix.firewalld: service: mysql state: enabled permanent: true immediate: true - name: Build postgres quadlet containers.podman.podman_container: name: postgres image: "postgres:latest" state: quadlet quadlet_filename: "postgres-quadlet" quadlet_file_mode: "0640" user: "psql" ports: - "5432:5432" volumes: - "{{ postgres_data_directory }}:/var/lib/postgresql/data" quadlet_options: - "AutoUpdate=registry" - "Pull=newer" - "" - | [Install] WantedBy=default.target env: POSTGRES_PASSWORD: "{{ psql_password }}" - name: Build mysql quadlet containers.podman.podman_container: name: mysql image: "mysql:latest" state: quadlet quadlet_filename: "mysql-quadlet" quadlet_file_mode: "0640" user: "mysql" ports: - "3306:3306" volumes: - "{{ mysql_data_directory }}:/var/lib/mysql" quadlet_options: - "AutoUpdate=registry" - "Pull=newer" - "" - | [Install] WantedBy=default.target env: MYSQL_ROOT_PASSWORD: "{{ psql_password }}"