-
Notifications
You must be signed in to change notification settings - Fork 10
/
playbook.yml
142 lines (124 loc) · 3.96 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
- name: Setup quadlet demo machine
hosts: all
become: true
tasks:
- name: Upgrade all packages
ansible.builtin.package:
name: "*"
state: latest
register: result
retries: 5
until: result is success
- name: Install packages
ansible.builtin.package:
name:
- podman
- python3-cryptography
- bash-completion
- name: Populate service facts
ansible.builtin.service_facts:
- name: Open Ports in firewalld
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true
state: enabled
loop:
- 8000/tcp
- 9000/tcp
when:
- services['firewalld.service'] is defined
- services['firewalld.service']['state'] == 'running'
- name: Create a podman secret for the self signed certificate
block:
- name: Create a scratch directory
ansible.builtin.file:
path: /opt/quadlet-demo/
state: directory
mode: '0755'
- name: Create private key (RSA, 4096 bits)
community.crypto.openssl_privatekey:
path: /opt/quadlet-demo/certificate.key
- name: Create certificate signing request (CSR) for self-signed certificate
community.crypto.openssl_csr:
path: /opt/quadlet-demo/certificate.csr
privatekey_path: /opt/quadlet-demo/certificate.key
common_name: example.org
organization_name: Example Org
subject_alt_name:
- "DNS:example.org"
- "DNS:www.example.org"
register: csr
- name: Create simple self-signed certificate
community.crypto.x509_certificate:
path: /opt/quadlet-demo/certificate.pem
csr_path: /opt/quadlet-demo/certificate.csr
privatekey_path: /opt/quadlet-demo/certificate.key
provider: selfsigned
- name: Slurp certificate pem file
ansible.builtin.slurp:
src: '/opt/quadlet-demo/certificate.pem'
register: slurp_certificate_pem
- name: Slurp certificate key file
ansible.builtin.slurp:
src: '/opt/quadlet-demo/certificate.key'
register: slurp_certificate_key
- name: Create the podman secret
containers.podman.podman_secret:
name: envoy-certificates
state: present
skip_existing: true
data: |
apiVersion: v1
data:
certificate.key: {{ slurp_certificate_key['content'] }}
certificate.pem: {{ slurp_certificate_pem['content'] }}
kind: Secret
metadata:
name: envoy-certificates
- name: Create the secrets for the mysql server
block:
- name: Create random string and save it in root_password
ansible.builtin.set_fact:
root_password: "{{ lookup('community.general.random_string', special=false, length=20) }}"
- name: Create the kube secret for the mysql root password
containers.podman.podman_secret:
name: mysql-root-password-kube
state: present
skip_existing: true
data: |
apiVersion: v1
data:
password: "{{ root_password | b64encode }}"
kind: Secret
metadata:
name: mysql-root-password-kube
- name: Create the podman secret for the mysql root password
containers.podman.podman_secret:
name: mysql-root-password-container
state: present
skip_existing: true
data: "{{ root_password }}"
- name: Create the Quadlet directory
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: '0755'
loop:
- /etc/containers
- /etc/containers/systemd
- name: Copy the Quadlet files
ansible.builtin.copy:
src: quadlet-files/
dest: /etc/containers/systemd
owner: root
group: root
mode: '0644'
- name: Run daemon reload to make Quadlet create the service files
ansible.builtin.systemd:
daemon_reload: true
- name: Start the Quadlet Demo Service
ansible.builtin.systemd:
name: quadlet-demo
state: started