235 lines
6.5 KiB
YAML
235 lines
6.5 KiB
YAML
---
|
|
- hosts: beachsidelibrary
|
|
become: true
|
|
become_method: sudo
|
|
become_user: root
|
|
vars:
|
|
postgres_device: "/dev/vdc"
|
|
postgres_vg_name: "vg_postgres"
|
|
postgres_lv_name: "lv_pgdata"
|
|
postgres_data_directory: "/pgdata"
|
|
mysql_device: "/dev/vdd"
|
|
mysql_vg_name: "vg_mysql"
|
|
mysql_lv_name: "lv_mysql_data"
|
|
mysql_data_directory: "/mysql_data"
|
|
vars_prompt:
|
|
- name: psql_password
|
|
prompt: "Enter psql Password: "
|
|
private: true
|
|
encrypt: sha512_crypt
|
|
confirm: true
|
|
salt_size: 7
|
|
- name: mysql_password
|
|
prompt: "Enter mysql Password: "
|
|
private: true
|
|
encrypt: sha512_crypt
|
|
confirm: true
|
|
salt_size: 7
|
|
- name: postgres_db_password
|
|
prompt: "Enter Postgres DB Password: "
|
|
private: true
|
|
- name: mysql_db_password
|
|
prompt: "Enter MySQL DB Password: "
|
|
private: true
|
|
tasks:
|
|
- name: Create psql user
|
|
ansible.builtin.user:
|
|
name: psql
|
|
password: "{{ psql_password }}"
|
|
comment: "Podman user for Postgresql Database"
|
|
uid: 2000
|
|
|
|
- name: Make .bashrc.d directory for psql user
|
|
ansible.builtin.file:
|
|
path: /home/psql/.bashrc.d
|
|
owner: psql
|
|
group: psql
|
|
mode: "0750"
|
|
state: directory
|
|
|
|
- name: Set XDG_RUNTIME_DIR var for psql user
|
|
ansible.builtin.lineinfile:
|
|
path: /home/psql/.bashrc.d/systemd
|
|
owner: psql
|
|
group: psql
|
|
mode: "0750"
|
|
line: "export XDG_RUNTIME_DIR=/run/user/2000"
|
|
create: true
|
|
|
|
- name: Allow psql user to linger
|
|
ansible.builtin.shell:
|
|
cmd: "loginctl enable-linger 2000"
|
|
|
|
- name: Build /pgdata mount
|
|
ansible.builtin.import_role:
|
|
name: make_lvm_mount
|
|
vars:
|
|
device_name: "{{ postgres_device }}"
|
|
vg_name: "{{ postgres_vg_name }}"
|
|
lvs:
|
|
- lv_name: "{{ postgres_lv_name }}"
|
|
lv_size: "100%FREE"
|
|
directories:
|
|
- name: "{{ postgres_data_directory }}"
|
|
owner: psql
|
|
group: psql
|
|
mode: "0755"
|
|
lv: "{{ postgres_lv_name }}"
|
|
|
|
- name: Create mysql user
|
|
ansible.builtin.user:
|
|
name: mysql
|
|
password: "{{ mysql_password }}"
|
|
comment: "Podman user for MySQL Database"
|
|
uid: 2001
|
|
|
|
- name: Make .bashrc.d directory for mysql user
|
|
ansible.builtin.file:
|
|
path: /home/mysql/.bashrc.d
|
|
owner: mysql
|
|
group: mysql
|
|
mode: "0750"
|
|
state: directory
|
|
|
|
- name: Set XDG_RUNTIME_DIR var for mysql user
|
|
ansible.builtin.lineinfile:
|
|
path: /home/mysql/.bashrc.d/systemd
|
|
owner: mysql
|
|
group: mysql
|
|
mode: "0750"
|
|
line: "export XDG_RUNTIME_DIR=/run/user/2001"
|
|
create: true
|
|
|
|
- name: Allow mysql user to linger
|
|
ansible.builtin.shell:
|
|
cmd: "loginctl enable-linger 2001"
|
|
|
|
- name: Build /mysql_data mount
|
|
ansible.builtin.import_role:
|
|
name: make_lvm_mount
|
|
vars:
|
|
device_name: "{{ mysql_device }}"
|
|
vg_name: "{{ mysql_vg_name }}"
|
|
lvs:
|
|
- lv_name: "{{ mysql_lv_name }}"
|
|
lv_size: "100%FREE"
|
|
directories:
|
|
- name: "{{ mysql_data_directory }}"
|
|
owner: mysql
|
|
group: mysql
|
|
mode: "0755"
|
|
lv: "{{ mysql_lv_name }}"
|
|
|
|
- name: Run systemctl daemon-reload
|
|
ansible.builtin.systemd_service:
|
|
daemon_reload: true
|
|
|
|
- name: Write subuid user entry for psql
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/subuid
|
|
line: "psql:100000:2000"
|
|
insertafter: EOF
|
|
create: true
|
|
state: present
|
|
|
|
- name: Write subuid user entry for mysql
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/subuid
|
|
line: "mysql:102000:2000"
|
|
insertafter: EOF
|
|
create: true
|
|
state: present
|
|
|
|
- name: Write subgid group entry for psql
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/subgid
|
|
line: "psql:100000:2000"
|
|
insertafter: EOF
|
|
create: true
|
|
state: present
|
|
|
|
- name: Write subgid group entry for mysql
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/subgid
|
|
line: "mysql:102000:2000"
|
|
insertafter: EOF
|
|
create: true
|
|
state: present
|
|
|
|
- name: Configure firewalld for postgres
|
|
ansible.posix.firewalld:
|
|
service: postgresql
|
|
state: enabled
|
|
permanent: true
|
|
immediate: true
|
|
|
|
- name: Configure firewalld for mysql
|
|
ansible.posix.firewalld:
|
|
service: mysql
|
|
state: enabled
|
|
permanent: true
|
|
immediate: true
|
|
|
|
# TODO Unit spec should get *.mount After directive from variables
|
|
- name: Build postgres quadlet
|
|
containers.podman.podman_container:
|
|
name: postgres
|
|
image: "docker.io/library/postgres:latest"
|
|
state: quadlet
|
|
quadlet_filename: "postgres-quadlet"
|
|
quadlet_file_mode: "0640"
|
|
user: "psql"
|
|
ports:
|
|
- "5432:5432"
|
|
volumes:
|
|
- "{{ postgres_data_directory }}:/var/lib/postgresql/data"
|
|
quadlet_options:
|
|
- "AutoUpdate=registry"
|
|
- "Pull=newer"
|
|
- |
|
|
[Install]
|
|
WantedBy=default.target
|
|
- |
|
|
[Unit]
|
|
Description=Postgres Quadlet
|
|
After=pgdata.mount
|
|
env:
|
|
POSTGRES_PASSWORD: "{{ postgres_db_password }}"
|
|
become_user: "psql"
|
|
|
|
- name: Build mysql quadlet
|
|
containers.podman.podman_container:
|
|
name: mysql
|
|
image: "docker.io/library/mysql:latest"
|
|
state: quadlet
|
|
quadlet_filename: "mysql-quadlet"
|
|
quadlet_file_mode: "0640"
|
|
user: "mysql"
|
|
ports:
|
|
- "3306:3306"
|
|
volumes:
|
|
- "{{ mysql_data_directory }}:/var/lib/mysql"
|
|
quadlet_options:
|
|
- "AutoUpdate=registry"
|
|
- "Pull=newer"
|
|
- ""
|
|
- |
|
|
[Install]
|
|
WantedBy=default.target
|
|
- |
|
|
[Unit]
|
|
Description=MySQL Quadlet
|
|
After=mysql_data.mount
|
|
env:
|
|
MYSQL_ROOT_PASSWORD: "{{ mysql_db_password }}"
|
|
become_user: "mysql"
|
|
|
|
- name: Run systemctl --user daemon-reload
|
|
ansible.builtin.systemd_service:
|
|
daemon_reload: true
|
|
scope: user
|
|
become_user: "{{ item }}"
|
|
loop:
|
|
- psql
|
|
- mysql
|
|
|