--- - hosts: beachsidelibrary become: true become_method: sudo become_user: root vars: postgres_device: "/dev/vdc" postgres_vg_name: "vg_postgres" postgres_lv_name: "lv_pgdata" postgres_data_directory: "/pgdata" mysql_device: "/dev/vdd" mysql_vg_name: "vg_mysql" mysql_lv_name: "lv_mysql_data" mysql_data_directory: "/mysql_data" vars_prompt: - name: psql_password prompt: "Enter psql Password: " private: true encrypt: sha512_crypt confirm: true salt_size: 7 - name: mysql_password prompt: "Enter mysql Password: " private: true encrypt: sha512_crypt confirm: true salt_size: 7 - name: postgres_db_password prompt: "Enter Postgres DB Password: " private: true - name: mysql_db_password prompt: "Enter MySQL DB Password: " private: true tasks: - name: Create psql user ansible.builtin.user: name: psql password: "{{ psql_password }}" comment: "Podman user for Postgresql Database" uid: 2000 - name: Make .bashrc.d directory for psql user ansible.builtin.file: path: /home/psql/.bashrc.d owner: psql group: psql mode: "0750" state: directory - name: Set XDG_RUNTIME_DIR var for psql user ansible.builtin.lineinfile: path: /home/psql/.bashrc.d/systemd owner: psql group: psql mode: "0750" line: "export XDG_RUNTIME_DIR=/run/user/2000" create: true - name: Allow psql user to linger ansible.builtin.shell: cmd: "loginctl enable-linger 2000" - name: Build /pgdata mount ansible.builtin.import_role: name: make_lvm_mount vars: device_name: "{{ postgres_device }}" vg_name: "{{ postgres_vg_name }}" lvs: - lv_name: "{{ postgres_lv_name }}" lv_size: "100%FREE" directories: - name: "{{ postgres_data_directory }}" owner: psql group: psql mode: "0755" lv: "{{ postgres_lv_name }}" - name: Create mysql user ansible.builtin.user: name: mysql password: "{{ mysql_password }}" comment: "Podman user for MySQL Database" uid: 2001 - name: Make .bashrc.d directory for mysql user ansible.builtin.file: path: /home/mysql/.bashrc.d owner: mysql group: mysql mode: "0750" state: directory - name: Set XDG_RUNTIME_DIR var for mysql user ansible.builtin.lineinfile: path: /home/mysql/.bashrc.d/systemd owner: mysql group: mysql mode: "0750" line: "export XDG_RUNTIME_DIR=/run/user/2001" create: true - name: Allow mysql user to linger ansible.builtin.shell: cmd: "loginctl enable-linger 2001" - name: Build /mysql_data mount ansible.builtin.import_role: name: make_lvm_mount vars: device_name: "{{ mysql_device }}" vg_name: "{{ mysql_vg_name }}" lvs: - lv_name: "{{ mysql_lv_name }}" lv_size: "100%FREE" directories: - name: "{{ mysql_data_directory }}" owner: mysql group: mysql mode: "0755" lv: "{{ mysql_lv_name }}" - name: Run systemctl daemon-reload ansible.builtin.systemd_service: daemon_reload: true - name: Write subuid user entry for psql ansible.builtin.lineinfile: path: /etc/subuid line: "psql:100000:2000" insertafter: EOF create: true state: present - name: Write subuid user entry for mysql ansible.builtin.lineinfile: path: /etc/subuid line: "mysql:102000:2000" insertafter: EOF create: true state: present - name: Write subgid group entry for psql ansible.builtin.lineinfile: path: /etc/subgid line: "psql:100000:2000" insertafter: EOF create: true state: present - name: Write subgid group entry for mysql ansible.builtin.lineinfile: path: /etc/subgid line: "mysql:102000:2000" insertafter: EOF create: true state: present - name: Configure firewalld for postgres ansible.posix.firewalld: service: postgresql state: enabled permanent: true immediate: true - name: Configure firewalld for mysql ansible.posix.firewalld: service: mysql state: enabled permanent: true immediate: true # TODO Unit spec should get *.mount After directive from variables - name: Build postgres quadlet containers.podman.podman_container: name: postgres image: "docker.io/library/postgres:latest" state: quadlet quadlet_filename: "postgres-quadlet" quadlet_file_mode: "0640" user: "psql" ports: - "5432:5432" volumes: - "{{ postgres_data_directory }}:/var/lib/postgresql/data" quadlet_options: - "AutoUpdate=registry" - "Pull=newer" - | [Install] WantedBy=default.target - | [Unit] Description=Postgres Quadlet After=pgdata.mount env: POSTGRES_PASSWORD: "{{ postgres_db_password }}" become_user: "psql" - name: Build mysql quadlet containers.podman.podman_container: name: mysql image: "docker.io/library/mysql:latest" state: quadlet quadlet_filename: "mysql-quadlet" quadlet_file_mode: "0640" user: "mysql" ports: - "3306:3306" volumes: - "{{ mysql_data_directory }}:/var/lib/mysql" quadlet_options: - "AutoUpdate=registry" - "Pull=newer" - "" - | [Install] WantedBy=default.target - | [Unit] Description=MySQL Quadlet After=mysql_data.mount env: MYSQL_ROOT_PASSWORD: "{{ mysql_db_password }}" become_user: "mysql" - name: Run systemctl --user daemon-reload ansible.builtin.systemd_service: daemon_reload: true scope: user become_user: "{{ item }}" loop: - psql - mysql