playbook.yml

- name: Setup quadlet demo machine
  hosts: all
  become: true

  roles:
    # - role: xfs_storage_cleanup
    #   drive_name: "/dev/sdb"
    #   volume_group: appvg
    #   volumes:
    #     - name: appvol
    #       mount_point: /app
    #     - name: applog
    #       mount_point: /applog

    - role: xfs_storage_setup
      drive_name: "/dev/sdb"
      volumes:
        - name: data02vol
          size: 10G
          mount_point: /data02
        - name: dockervol
          size: 10G
          mount_point: /var/lib/containers
        - name: data01vol
          size: 100%FREE
          mount_point: /data01
      force_recreate: no  # Set this to "yes" or "no" as needed

    - role: baseos

  tasks:
  - name: Upgrade all packages
    ansible.builtin.package:
      name: "*"
      state: latest
    register: result
    retries: 5
    until: result is success

  - name: Install packages
    ansible.builtin.package:
      name:
      - podman
      - python3-cryptography
      - bash-completion

  - name: Populate service facts
    ansible.builtin.service_facts:

  - name: Open Ports in firewalld
    ansible.posix.firewalld:
      port: "{{ item }}"
      permanent: true
      state: enabled
    loop:
    - 8000/tcp
    - 9000/tcp
    when:
    - services['firewalld.service'] is defined
    - services['firewalld.service']['state'] == 'running'

  - name: Create a podman secret for the self signed certificate
    block:
    - name: Create a scratch directory
      ansible.builtin.file:
        path: /data01/quadlet-demo/
        state: directory
        mode: '0755'

    - name: Create private key (RSA, 4096 bits)
      community.crypto.openssl_privatekey:
        path: /data01/quadlet-demo/certificate.key

    - name: Create certificate signing request (CSR) for self-signed certificate
      community.crypto.openssl_csr:
        path: /data01/quadlet-demo/certificate.csr
        privatekey_path: /data01/quadlet-demo/certificate.key
        common_name: example.org
        organization_name: Example Org
        subject_alt_name:
        - "DNS:example.org"
        - "DNS:www.example.org"
      register: csr

    - name: Create simple self-signed certificate
      community.crypto.x509_certificate:
        path: /data01/quadlet-demo/certificate.pem
        csr_path: /data01/quadlet-demo/certificate.csr
        privatekey_path: /data01/quadlet-demo/certificate.key
        provider: selfsigned

    - name: Slurp certificate pem file
      ansible.builtin.slurp:
        src: '/data01/quadlet-demo/certificate.pem'
      register: slurp_certificate_pem

    - name: Slurp certificate key file
      ansible.builtin.slurp:
        src: '/data01/quadlet-demo/certificate.key'
      register: slurp_certificate_key

    - name: Create the podman secret
      containers.podman.podman_secret:
        name: envoy-certificates
        state: present
        skip_existing: true
        data: |
          apiVersion: v1
          data:
            certificate.key: {{ slurp_certificate_key['content'] }}
            certificate.pem: {{ slurp_certificate_pem['content'] }}
          kind: Secret
          metadata:
            name: envoy-certificates

  - name: Create the secrets for the mysql server
    block:
    - name: Create random string and save it in root_password
      ansible.builtin.set_fact:
        root_password: "{{ lookup('community.general.random_string', special=false, length=20) }}"

    - name: Create the kube secret for the mysql root password
      containers.podman.podman_secret:
        name: mysql-root-password-kube
        state: present
        skip_existing: true
        data: |
          apiVersion: v1
          data:
            password: "{{ root_password | b64encode }}"
          kind: Secret
          metadata:
            name: mysql-root-password-kube

    - name: Create the podman secret for the mysql root password
      containers.podman.podman_secret:
        name: mysql-root-password-container
        state: present
        skip_existing: true
        data: "{{ root_password }}"

  - name: Create the Quadlet directory
    ansible.builtin.file:
      path: "{{ item }}"
      state: directory
      owner: root
      group: root
      mode: '0755'
    loop:
    - /etc/containers
    - /etc/containers/systemd

  - name: Copy the Quadlet files
    ansible.builtin.copy:
      src: quadlet-files/
      dest: /etc/containers/systemd
      owner: root
      group: root
      mode: '0644'

  - name: Run daemon reload to make Quadlet create the service files
    ansible.builtin.systemd:
      daemon_reload: true

  - name: Start the Quadlet Demo Service
    ansible.builtin.systemd:
      name: quadlet-demo
      state: started