Divide add config and rproxy installation

roles/addconfig/tasks/addconfig.yml

@@ -0,0 +1,5 @@
+---
+- name: Copy server.conf
+  ansible.builtin.template:
+    src: templates/server.conf.j2
+    dest: "{{ rproxy_dir }}/sites/{{  rproxy_service_name  }}.conf"

roles/addconfig/tasks/certificates.yml

@@ -0,0 +1,83 @@
+---
+- name: Create CNAME dns record
+  community.general.ipa_dnsrecord:
+    ipa_user: "{{ ansible_user }}"
+    ipa_pass: "{{ ansible_password }}"
+    zone_name: "{{ ansible_facts['domain'] }}"
+    record_name: "{{  rproxy_service_name  }}"
+    record_type: 'CNAME'
+    record_value: "{{ ansible_facts['hostname'] }}"
+    state: present
+  ignore_errors: true
+
+- name: Kinit
+  ansible.builtin.shell:
+    cmd: "echo '{{ ansible_password }}' | kinit"
+  become: false
+  become_user: "{{ ansible_user }}"
+
+- name: Create fake host for certificate
+  ansible.builtin.shell:
+    cmd: "ipa host-add {{ rproxy_service_name }}.{{ ansible_facts['domain'] }} --force --desc=\"Fake host for SPN\""
+  become: false
+  become_user: "{{ ansible_user }}"
+  ignore_errors: true
+
+- name: Create SPN for HTTP
+  ansible.builtin.shell:
+    cmd: "ipa service-add HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }} --skip-host-check --force"
+  become: false
+  become_user: "{{ ansible_user }}"
+  ignore_errors: true
+
+- name: "Allow {{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }} to get certificates for HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }} SPN"
+  ansible.builtin.shell:
+    cmd: "ipa service-add-host --hosts={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }} HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}"
+  become: false
+  become_user: "{{ ansible_user }}"
+  ignore_errors: true
+
+- name: Kdestroy
+  ansible.builtin.shell:
+    cmd: kdestroy
+  become: false
+  become_user: "{{ ansible_user }}"
+
+- name: Get all tracking certificates
+  ansible.builtin.shell:
+    cmd: "ipa-getcert list | grep -m1 -B5 \"{{ rproxy_dir }}/certs/{{ rproxy_service_name }}\" | grep Request | awk '{print $NF}' | tr -d \"'\\|:\""
+  register: tracking_list
+
+- name: Remove certificates from IPA tracking
+  ansible.builtin.shell:
+    cmd: "ipa-getcert stop-tracking -i {{ item }}"
+  loop: "{{ tracking_list.stdout_lines }}"
+  ignore_errors: true
+
+- name: Request certificate via ipa-getcert
+  ansible.builtin.command: >
+    ipa-getcert request
+    -f {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt
+    -k {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key
+    -K HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}
+    -N CN={{ rproxy_service_name }}.{{ ansible_facts['domain'] }}
+
+- name: Wait for certificate to appear
+  ansible.builtin.wait_for:
+    path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt"
+    timeout: 60
+
+- name: Change certificate permissions
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt"
+    mode: "0744"
+
+- name: Wait for certificate key to appear
+  ansible.builtin.wait_for:
+    path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key"
+    timeout: 60
+
+- name: Change certificate key permissions
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key"
+    mode: "0744"

roles/addconfig/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Add config
+  ansible.builtin.include_tasks: 
+    file: addconfig.yml
+
+- name: Generate certificates
+  ansible.builtin.include_tasks: 
+    file: certificates.yml
+
+- name: Restart rproxy service
+  ansible.builtin.systemd:
+    name: "container-rproxy.service"
+    state: restarted
+    enabled: yes

roles/addconfig/vars/main.yml

@@ -0,0 +1,5 @@
+---
+ansible_python_interpreter: /usr/bin/python3
+
+# Rproxy
+rproxy_dir: /opt/rproxy

roles/podman/tasks/main.yml

@@ -5,8 +5,6 @@
       - podman
       - podman-compose
       - podman-docker
-      - podman-remote
-      - podman-tui
       - buildah
     update_cache: yes
 

roles/podman/vars/main.yml

@@ -0,0 +1,2 @@
+---
+ansible_python_interpreter: /usr/bin/python3

roles/rproxy/tasks/addconfig.yml

@@ -1,91 +0,0 @@
----
-- name: Create server configs
-  block:
-    - name: Copy server.conf
-      ansible.builtin.template:
-        src: templates/server.conf.j2
-        dest: "{{ rproxy_dir }}/sites/{{  rproxy_service_name  }}.conf"
-
-- name: Generate certificates for {{  rproxy_service_name  }}
-  block:
-    - name: Create CNAME dns record
-      community.general.ipa_dnsrecord:
-        ipa_user: "{{ ansible_user }}"
-        ipa_pass: "{{ ansible_password }}"
-        zone_name: "{{ ansible_facts['domain'] }}"
-        record_name: "{{  rproxy_service_name  }}"
-        record_type: 'CNAME'
-        record_value: "{{ ansible_facts['hostname'] }}"
-        state: present
-
-    - name: Kinit
-      ansible.builtin.shell:
-        cmd: "echo '{{ ansible_password }}' | kinit"
-      become: false
-      become_user: "{{ ansible_user }}"
-
-    - name: Create fake host for certificate
-      ansible.builtin.shell:
-        cmd: "ipa host-add {{ rproxy_service_name }}.{{ ansible_facts['domain'] }} --force --desc=\"Fake host for SPN\""
-      become: false
-      become_user: "{{ ansible_user }}"
-      ignore_errors: true
-
-    - name: Create SPN for HTTP
-      ansible.builtin.shell:
-        cmd: "ipa service-add HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }} --skip-host-check --force"
-      become: false
-      become_user: "{{ ansible_user }}"
-      ignore_errors: true
-
-    - name: "Allow {{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }} to get certificates for HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }} SPN "
-      ansible.builtin.shell:
-        cmd: "ipa service-add-host --hosts={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }} HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}"
-      become: false
-      become_user: "{{ ansible_user }}"
-      ignore_errors: true
-
-    - name: Get all tracking certificates
-      ansible.builtin.shell:
-        cmd: ipa-getcert list | grep "ID" | awk '{print $NF}' | tr -d "'\|:"
-      register: tracking_list
-
-    - name: Remove certificates from IPA tracking
-      ansible.builtin.shell:
-        cmd: "ipa-getcert stop-tracking -i {{ item }}"
-      loop: "{{ tracking_list.stdout_lines }}"
-      ignore_errors: true
-
-    - name: Request certificate via ipa-getcert
-      ansible.builtin.command: >
-        ipa-getcert request
-        -f {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt
-        -k {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key
-        -K HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}
-        -N CN={{ rproxy_service_name }}.{{ ansible_facts['domain'] }}
-
-    - name: Wait for certificate to appear
-      ansible.builtin.wait_for:
-        path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt"
-        timeout: 60
-
-    - name: Change certificate permissions
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt"
-        mode: "0744"
-
-    - name: Wait for certificate key to appear
-      ansible.builtin.wait_for:
-        path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key"
-        timeout: 60
-
-    - name: Change certificate key permissions
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key"
-        mode: "0744"
-
-- name: Restart rproxy service
-  ansible.builtin.systemd:
-    name: "container-rproxy.service"
-    state: restarted
-    enabled: yes

roles/rproxy/tasks/certificates.yml

@@ -0,0 +1,59 @@
+---
+- name: Kinit
+  ansible.builtin.shell:
+    cmd: "echo '{{ ansible_password }}' | kinit"
+  become: false
+  become_user: "{{ ansible_user }}"
+
+- name: Create SPN for HTTP
+  ansible.builtin.shell:
+    cmd: "ipa service-add HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}"
+  become: false
+  become_user: "{{ ansible_user }}"
+  ignore_errors: true
+
+- name: Kdestroy
+  ansible.builtin.shell:
+    cmd: kdestroy
+  become: false
+  become_user: "{{ ansible_user }}"
+
+- name: Get all tracking certificates
+  ansible.builtin.shell:
+    cmd: "ipa-getcert list | grep -m1 -B5 \"{{ rproxy_dir }}/certs/repo\" | grep Request | awk '{print $NF}' | tr -d \"'\\|:\""
+  register: tracking_list
+
+- name: Remove certificates from IPA tracking
+  ansible.builtin.shell:
+    cmd: "ipa-getcert stop-tracking -i {{ item }}"
+  loop: "{{ tracking_list.stdout_lines }}"
+  ignore_errors: true
+
+- name: Request certificate via ipa-getcert
+  ansible.builtin.command: >
+    ipa-getcert request
+    -f {{ rproxy_dir }}/certs/repo.crt
+    -k {{ rproxy_dir }}/certs/repo.key
+    -K HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
+    -N CN={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
+    -F {{ rproxy_dir }}/certs/RootCA.crt
+
+- name: Wait for certificate to appear
+  ansible.builtin.wait_for:
+    path: "{{ rproxy_dir }}/certs/repo.crt"
+    timeout: 60
+
+- name: Change certificate permissions
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/certs/repo.crt"
+    mode: "0744"
+
+- name: Wait for certificate key to appear
+  ansible.builtin.wait_for:
+    path: "{{ rproxy_dir }}/certs/repo.key"
+    timeout: 60
+
+- name: Change certificate key permissions
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/certs/repo.key"
+    mode: "0744"

roles/rproxy/tasks/configs.yml

@@ -0,0 +1,10 @@
+---
+- name: Copy repo.conf
+  ansible.builtin.copy:
+    src: files/repo.conf
+    dest: "{{ rproxy_dir }}/sites/repo.conf"
+
+- name: Copy nginx.conf
+  ansible.builtin.copy:
+    src: files/nginx.conf
+    dest: "{{ rproxy_dir }}/nginx.conf"

roles/rproxy/tasks/dirs.yml

@@ -0,0 +1,31 @@
+---
+- name: Remove rproxy dir
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}"
+    state: absent
+
+- name: Create rproxy dir
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}"
+    state: directory
+
+- name: Create rproxy data dir
+  ansible.builtin.file:
+    path: "{{ repo_data_dir }}"
+    state: directory
+
+- name: Create sites dir
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/sites"
+    state: directory
+
+- name: Create certs dir
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/certs"
+    state: directory
+
+- name: Create repo dir
+  ansible.builtin.file:
+    path: "{{ repo_data_dir }}"
+    state: directory
+    mode: 0777

roles/rproxy/tasks/main.yml

@@ -1,32 +1,20 @@
 ---
-- name: Podman install
+- name: Prepare directories
   ansible.builtin.include_tasks: 
-    file: podman.yml
-    apply:
-      tags: install
-  tags:
-  - install
+    file: dirs.yml
+
+- name: Copy configs
+  ansible.builtin.include_tasks: 
+    file: configs.yml
+
+- name: Generate certificates
+  ansible.builtin.include_tasks: 
+    file: certificates.yml
 
 - name: Rproxy install
   ansible.builtin.include_tasks: 
     file: rproxy.yml
-    apply:
-      tags: install
-  tags:
-  - install
 
-- name: Repo install
+- name: Repository install
   ansible.builtin.include_tasks: 
-    file: repo.yml
-    apply:
-      tags: install
-  tags:
-  - install
-
-- name: Add config
-  ansible.builtin.include_tasks: 
-    file: addconfig.yml
-    apply:
-      tags: add_config
-  tags:
-  - add_config
+    file: repo.yml

roles/rproxy/tasks/repo.yml

@@ -1,77 +1,9 @@
 ---
-- name: Prepare for https repository
-  block:
-    - name: Create repo dir
-      ansible.builtin.file:
-        path: "{{ repo_data_dir }}"
-        state: directory
-        mode: 0777
-
-    - name: Copy repo.conf
-      ansible.builtin.copy:
-        src: files/repo.conf
-        dest: "{{ rproxy_dir }}/sites/repo.conf"
-
-    - name: Install createrepo
-      ansible.builtin.yum:
-        name:
-          - createrepo
-        update_cache: yes
-
-- name: Create https certificates for repository
-  block:
-    - name: Kinit
-      ansible.builtin.shell:
-        cmd: "echo '{{ ansible_password }}' | kinit"
-      become: false
-      become_user: "{{ ansible_user }}"
-
-    - name: Create SPN for HTTP
-      ansible.builtin.shell:
-        cmd: "ipa service-add HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}"
-      become: false
-      become_user: "{{ ansible_user }}"
-      ignore_errors: true
-
-    - name: Get all tracking certificates
-      ansible.builtin.shell:
-        cmd: ipa-getcert list | grep "ID" | awk '{print $NF}' | tr -d "'\|:"
-      register: tracking_list
-
-    - name: Remove certificates from IPA tracking
-      ansible.builtin.shell:
-        cmd: "ipa-getcert stop-tracking -i {{ item }}"
-      loop: "{{ tracking_list.stdout_lines }}"
-      ignore_errors: true
-
-    - name: Request certificate via ipa-getcert
-      ansible.builtin.command: >
-        ipa-getcert request
-        -f {{ rproxy_dir }}/certs/repo.crt
-        -k {{ rproxy_dir }}/certs/repo.key
-        -K HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
-        -N CN={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
-        -F {{ rproxy_dir }}/certs/RootCA.crt
-
-    - name: Wait for certificate to appear
-      ansible.builtin.wait_for:
-        path: "{{ rproxy_dir }}/certs/repo.crt"
-        timeout: 60
-
-    - name: Change certificate permissions
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs/repo.crt"
-        mode: "0744"
-
-    - name: Wait for certificate key to appear
-      ansible.builtin.wait_for:
-        path: "{{ rproxy_dir }}/certs/repo.key"
-        timeout: 60
-
-    - name: Change certificate key permissions
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs/repo.key"
-        mode: "0744"
+- name: Install createrepo
+  ansible.builtin.yum:
+    name:
+      - createrepo
+    update_cache: yes
 
 - name: Restart rproxy service
   ansible.builtin.systemd:

roles/rproxy/tasks/rproxy.yml

@@ -1,76 +1,42 @@
 ---
-- name: Prepare dirs for rproxy
-  block:
-    - name: Remove rproxy dir
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}"
-        state: absent
+- name: Pull rproxy image
+  containers.podman.podman_image:
+    name: "{{ image_repo }}/{{ rproxy_image }}:{{ rproxy_version }}"
+    state: present
 
-    - name: Create rproxy dir
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}"
-        state: directory
+- name: Delete rproxy container if exists
+  containers.podman.podman_container:
+    name: rproxy
+    state: absent
 
-    - name: Create rproxy data dir
-      ansible.builtin.file:
-        path: "{{ repo_data_dir }}"
-        state: directory
+- name: Start rproxy
+  containers.podman.podman_container:
+    name: rproxy
+    image: "{{ image_repo }}/{{ rproxy_image }}:{{ rproxy_version }}"
+    state: started
+    ports:
+        - "443:443"
+        - "80:80"
+        - "9000:9000"
+    volumes:
+      - '{{ rproxy_dir }}/nginx.conf:/etc/nginx/nginx.conf:z,rw'
+      - '{{ rproxy_dir }}/sites:/etc/nginx/sites:z,rw'
+      - '{{ rproxy_dir }}/certs:/etc/nginx/certs:z,rw'
+      - '{{ repo_data_dir }}:/repo:z,rw'
+      - "/etc/localtime:/etc/localtime:ro"
+    privileged: true
+    security_opt:
+      - "label=disable"
+    log_driver: journald
+    generate_systemd:
+      path: /etc/systemd/system/
+      restart_policy: always
+      stop_timeout: 120
+      names: true
 
-    - name: Create sites dir
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/sites"
-        state: directory
-
-    - name: Create certs dir
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs"
-        state: directory
-
-    - name: Copy nginx.conf
-      ansible.builtin.copy:
-        src: files/nginx.conf
-        dest: "{{ rproxy_dir }}/nginx.conf"
-
-- name: Install rproxy
-  block:
-    - name: Pull rproxy image
-      containers.podman.podman_image:
-        name: "{{ image_repo }}/{{ rproxy_image }}:{{ rproxy_version }}"
-        state: present
-
-    - name: Delete rproxy container if exists
-      containers.podman.podman_container:
-        name: rproxy
-        state: absent
-
-    - name: Start rproxy
-      containers.podman.podman_container:
-        name: rproxy
-        image: "{{ image_repo }}/{{ rproxy_image }}:{{ rproxy_version }}"
-        state: started
-        ports:
-            - "443:443"
-            - "80:80"
-            - "9000:9000"
-        volumes:
-          - '{{ rproxy_dir }}/nginx.conf:/etc/nginx/nginx.conf:z,rw'
-          - '{{ rproxy_dir }}/sites:/etc/nginx/sites:z,rw'
-          - '{{ rproxy_dir }}/certs:/etc/nginx/certs:z,rw'
-          - '{{ repo_data_dir }}:/repo:z,rw'
-          - "/etc/localtime:/etc/localtime:ro"
-        privileged: true
-        security_opt:
-          - "label=disable"
-        log_driver: journald
-        generate_systemd:
-          path: /etc/systemd/system/
-          restart_policy: always
-          stop_timeout: 120
-          names: true
-
-    - name: Enable rproxy service
-      ansible.builtin.systemd:
-        name: "container-rproxy.service"
-        state: started
-        enabled: yes
-        daemon_reload: yes
+- name: Enable rproxy service
+  ansible.builtin.systemd:
+    name: "container-rproxy.service"
+    state: started
+    enabled: yes
+    daemon_reload: yes