Bradley/Random_Ansible_Stuff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6d1318e954
Random_Ansible_Stuff/playbooks/IaC_database.yml

263 lines
7.4 KiB
YAML
Raw Blame History

---
- hosts: beachsidelibrary
become: true
become_method: sudo
become_user: root
vars:
postgres_device: "/dev/vdc"
postgres_vg_name: "vg_postgres"
postgres_lv_name: "lv_pgdata"
postgres_data_directory: "/pgdata"
mysql_device: "/dev/vdd"
mysql_vg_name: "vg_mysql"
mysql_lv_name: "lv_mysql_data"
mysql_data_directory: "/mysql_data"
vars_prompt:
- name: psql_password
prompt: "Enter psql Password: "
private: true
encrypt: sha512_crypt
confirm: true
salt_size: 7
- name: mysql_password
prompt: "Enter mysql Password: "
private: true
encrypt: sha512_crypt
confirm: true
salt_size: 7
- name: postgres_db_password
prompt: "Enter Postgres DB Password: "
private: true
- name: mysql_db_password
prompt: "Enter MySQL DB Password: "
private: true
tasks:
- name: Create psql user
ansible.builtin.user:
name: psql
password: "{{ psql_password }}"
comment: "Podman user for Postgresql Database"
uid: 2000
- name: Make .bashrc.d directory for psql user
ansible.builtin.file:
path: /home/psql/.bashrc.d
owner: psql
group: psql
mode: "0750"
state: directory
- name: Set XDG_RUNTIME_DIR var for psql user
ansible.builtin.lineinfile:
path: /home/psql/.bashrc.d/systemd
owner: psql
group: psql
mode: "0750"
line: "export XDG_RUNTIME_DIR=/run/user/2000"
create: true
- name: Allow psql user to linger
ansible.builtin.shell:
cmd: "loginctl enable-linger 2000"
- name: Build /pgdata mount
ansible.builtin.import_role:
name: make_lvm_mount
vars:
device_name: "{{ postgres_device }}"
vg_name: "{{ postgres_vg_name }}"
lvs:
- lv_name: "{{ postgres_lv_name }}"
lv_size: "100%FREE"
directories:
- name: "{{ postgres_data_directory }}"
owner: psql
group: psql
mode: "0755"
lv: "{{ postgres_lv_name }}"
- name: Create mysql user
ansible.builtin.user:
name: mysql
password: "{{ mysql_password }}"
comment: "Podman user for MySQL Database"
uid: 2001
- name: Make .bashrc.d directory for mysql user
ansible.builtin.file:
path: /home/mysql/.bashrc.d
owner: mysql
group: mysql
mode: "0750"
state: directory
- name: Set XDG_RUNTIME_DIR var for mysql user
ansible.builtin.lineinfile:
path: /home/mysql/.bashrc.d/systemd
owner: mysql
group: mysql
mode: "0750"
line: "export XDG_RUNTIME_DIR=/run/user/2001"
create: true
- name: Place container environment file for psql user
ansible.builtin.lineinfile:
path: /home/psql/.containerenv
owner: psql
group: psql
mode: "0750"
line: "POSTGRES_PASSWORD={{ postgres_db_password }}"
create: true
- name: Place container environment file for mysql user
ansible.builtin.lineinfile:
path: /home/mysql/.containerenv
owner: mysql
group: mysql
mode: "0750"
line: "MYSQL_ROOT_PASSWORD={{ mysql_db_password }}"
create: true
- name: Allow mysql user to linger
ansible.builtin.shell:
cmd: "loginctl enable-linger 2001"
- name: Build /mysql_data mount
ansible.builtin.import_role:
name: make_lvm_mount
vars:
device_name: "{{ mysql_device }}"
vg_name: "{{ mysql_vg_name }}"
lvs:
- lv_name: "{{ mysql_lv_name }}"
lv_size: "100%FREE"
directories:
- name: "{{ mysql_data_directory }}"
owner: mysql
group: mysql
mode: "0755"
lv: "{{ mysql_lv_name }}"
- name: Run systemctl daemon-reload
ansible.builtin.systemd_service:
daemon_reload: true
- name: Write subuid user entry for psql
ansible.builtin.lineinfile:
path: /etc/subuid
line: "psql:100000:2000"
insertafter: EOF
create: true
state: present
- name: Write subuid user entry for mysql
ansible.builtin.lineinfile:
path: /etc/subuid
line: "mysql:102000:2000"
insertafter: EOF
create: true
state: present
- name: Write subgid group entry for psql
ansible.builtin.lineinfile:
path: /etc/subgid
line: "psql:100000:2000"
insertafter: EOF
create: true
state: present
- name: Write subgid group entry for mysql
ansible.builtin.lineinfile:
path: /etc/subgid
line: "mysql:102000:2000"
insertafter: EOF
create: true
state: present
- name: Configure firewalld for postgres
ansible.posix.firewalld:
service: postgresql
state: enabled
permanent: true
immediate: true
- name: Configure firewalld for mysql
ansible.posix.firewalld:
service: mysql
state: enabled
permanent: true
immediate: true
# TODO Unit spec should get *.mount After directive from variables
- name: Build postgres quadlet
containers.podman.podman_container:
name: postgres
image: "docker.io/library/postgres:17"
state: quadlet
quadlet_filename: "postgres-quadlet"
quadlet_file_mode: "0640"
rm: false
ports:
- "5432:5432"
volumes:
- "{{ postgres_data_directory }}:/var/lib/postgresql/data:Z"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Install]
WantedBy=default.target
- |
[Unit]
Description=Postgres Quadlet
After=pgdata.mount
env_file: "/home/psql/.containerenv"
become_user: "psql"
- name: Build mysql quadlet
containers.podman.podman_container:
name: mysql
image: "docker.io/library/mysql:8"
state: quadlet
quadlet_filename: "mysql-quadlet"
quadlet_file_mode: "0640"
rm: false
ports:
- "3306:3306"
volumes:
- "{{ mysql_data_directory }}:/var/lib/mysql:Z"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- ""
- |
[Install]
WantedBy=default.target
- |
[Unit]
Description=MySQL Quadlet
After=mysql_data.mount
env_file: "/home/mysql/.containerenv"
become_user: "mysql"
- name: Run systemctl --user daemon-reload
ansible.builtin.systemd_service:
daemon_reload: true
scope: user
become_user: "{{ item }}"
loop:
- psql
- mysql
- name: Run systemctl --user start for each quadlet
ansible.builtin.systemd_service:
name: "{{ item.service }}"
scope: user
state: started
become_user: "{{ item.user }}"
loop:
- service: postgres-quadlet.service
user: psql
- service: mysql-quadlet.service
user: mysql
Reference in New Issue View Git Blame Copy Permalink