Divide add config and rproxy installation

2025-10-21 01:25:24 +03:00
parent 36c6511ed6
commit 8c2afbcac9
19 changed files with 370 additions and 326 deletions
--- a/50
+++ b/50
@@ -11,13 +11,8 @@ pipeline {
        timestamps()
    }
    parameters {
-        string(name: "target_host", defaultValue: "", trim: true, description: "Target host")
-        booleanParam(name: "rproxy_install", defaultValue: true, description: "Install Rproxy")
-        string(name: "images_repo_url", defaultValue: "", trim: true, description: "Repository host with podman images (ex. rproxy.olsson.ul:5000)\n(for 'rproxy_install' job only)")
-        booleanParam(name: "config_add", defaultValue: true, description: "Add config")
-        string(name: "rproxy_service_name", defaultValue: "", trim: true, description: "Service name (for 'Add config' job only)")
-        string(name: "rproxy_service_port", defaultValue: "", trim: true, description: "Service port (for 'Add config' job only)")
-        string(name: "rproxy_service_address", defaultValue: "", trim: true, description: "Service address (for 'Add config' job only)")
+        string(name: "target_host", defaultValue: "", trim: true, description: "Target host for rproxy installation")
+        string(name: "images_repo_url", defaultValue: "", trim: true, description: "Repository host with podman images (ex. rproxy.olsson.ul:5000)")
        booleanParam(name: 'update_job', defaultValue: false, description: 'Update job, free run, no changes')
    }
    stages {
@@ -45,11 +40,6 @@ pipeline {
            }
        }
        stage('Install Rproxy') {
-            when {
-                expression {
-                    return params.rproxy_install
-                }
-            }
            steps {
                script {
                    withCredentials([
@@ -61,14 +51,10 @@ pipeline {
                                ansiblePlaybook(
                                    playbook: 'rproxy.yml',
                                    inventory: 'hosts.ini',
-                                    tags: 'install',
                                    colorized: true,
                                    extras: '''--private-key ${SSH_KEY} 
                                    -e "ansible_user=${username} 
                                    ansible_password=${password} 
-                                    rproxy_service_name=${rproxy_service_name} 
-                                    rproxy_service_port=${rproxy_service_port} 
-                                    rproxy_service_address=${rproxy_service_address} 
                                    image_repo=${images_repo_url}"'''
                                )
                            }                            
@@ -77,38 +63,6 @@ pipeline {
                }
            }
        }
-        stage('Add config') {
-            when {
-                expression {
-                    return params.config_add
-                }
-            }
-            steps {
-                script {
-                    withCredentials([
-                        sshUserPrivateKey(credentialsId: 'JENKINS_DEPLOYER_KEY', keyFileVariable: 'SSH_KEY'), 
-                        usernamePassword(credentialsId:'JENKINS_DEPLOYER_PASS', usernameVariable: 'username', passwordVariable: 'password')
-                        ]) {
-                        wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: env.password]]]) {
-                            wrap([$class: 'AnsiColorBuildWrapper', colorMapName: "xterm"]) {
-                                ansiblePlaybook(
-                                    playbook: 'rproxy.yml',
-                                    inventory: 'hosts.ini',
-                                    tags: 'add_config',
-                                    colorized: true,
-                                    extras: '''--private-key ${SSH_KEY} 
-                                    -e "ansible_user=${username} 
-                                    ansible_password=${password} 
-                                    rproxy_service_name=${rproxy_service_name} 
-                                    rproxy_service_port=${rproxy_service_port} 
-                                    rproxy_service_address=${rproxy_service_address}"'''
-                                )
-                            }  
-                        }
-                    }
-                }
-            }
-        }
    }
    post {
        always {
--- a/addconfig.yml
+++ b/addconfig.yml
@@ -0,0 +1,19 @@
+---
+- hosts: all
+  become: yes
+  
+  vars_prompt:
+    - name: rproxy_service_name
+      prompt: Enter service for rproxy
+      private: false
+
+    - name: rproxy_service_port
+      prompt: Enter service for rproxy
+      private: false
+
+    - name: rproxy_service_address
+      prompt: Enter service for rproxy
+      private: false
+
+  roles:
+    - addconfig
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -3,3 +3,6 @@ hostfile = hosts.ini
 host_key_checking = false
 interpreter_python = /usr/bin/python3
 forks = 30
+
+[ssh_connection]
+pipelining = true
--- a/management/AddService.groovy
+++ b/management/AddService.groovy
@@ -0,0 +1,80 @@
+pipeline {
+    agent any
+    options {
+        buildDiscarder logRotator (
+            numToKeepStr: '5',
+            daysToKeepStr: '7',
+            artifactNumToKeepStr: '10',
+            artifactDaysToKeepStr: '7'
+        )
+        ansiColor('xterm')
+        timestamps()
+    }
+    parameters {
+        string(name: "target_host", defaultValue: "", trim: true, description: "Target host with rproxy installed")
+        string(name: "rproxy_service_name", defaultValue: "", trim: true, description: "Service name (ex. jenkins)")
+        string(name: "rproxy_service_port", defaultValue: "", trim: true, description: "Service port (ex. 8080)")
+        string(name: "rproxy_service_address", defaultValue: "", trim: true, description: "Service address (ex. jenkins-master.olsson.ul)")
+        booleanParam(name: 'update_job', defaultValue: false, description: 'Update job, free run, no changes')
+    }
+    stages {
+        stage('Update Job') {
+            when {
+                expression {
+                    return params.update_job
+                }
+            }
+            steps {
+                script {
+                    currentBuild.getRawBuild().getExecutor().interrupt(Result.SUCCESS)
+                    sleep(1)
+                }
+            }
+        }
+        stage('Prepare inventory') {
+            steps {
+                script {
+                    def hostsFile = new File("${WORKSPACE}/hosts.ini")
+                    hostsFile.append('[all]')
+                    hostsFile.append('\n' + params.target_host)
+                    println hostsFile.getText('UTF-8')
+                }
+            }
+        }
+        stage('Add config') {
+            steps {
+                script {
+                    withCredentials([
+                        sshUserPrivateKey(credentialsId: 'JENKINS_DEPLOYER_KEY', keyFileVariable: 'SSH_KEY'), 
+                        usernamePassword(credentialsId:'JENKINS_DEPLOYER_PASS', usernameVariable: 'username', passwordVariable: 'password')
+                        ]) {
+                        wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: env.password]]]) {
+                            wrap([$class: 'AnsiColorBuildWrapper', colorMapName: "xterm"]) {
+                                dir("${env.WORKSPACE}") {
+                                    ansiblePlaybook(
+                                        playbook: 'addconfig.yml',
+                                        inventory: 'hosts.ini',
+                                        colorized: true,
+                                        extras: '''--private-key ${SSH_KEY} 
+                                        -e "ansible_user=${username} 
+                                        ansible_password=${password} 
+                                        rproxy_service_name=${rproxy_service_name} 
+                                        rproxy_service_port=${rproxy_service_port} 
+                                        rproxy_service_address=${rproxy_service_address}"'''
+                                    )
+                                }
+                            }                            
+                        }
+                    }
+                }
+            }
+        }
+    }
+    post {
+        always {
+            cleanWs(patterns: [
+                [pattern: 'hosts.ini', type: 'INCLUDE']
+            ])
+        }
+    }
+}
--- a/roles/addconfig/tasks/addconfig.yml
+++ b/roles/addconfig/tasks/addconfig.yml
@@ -0,0 +1,5 @@
+---
+- name: Copy server.conf
+  ansible.builtin.template:
+    src: templates/server.conf.j2
+    dest: "{{ rproxy_dir }}/sites/{{  rproxy_service_name  }}.conf"
--- a/roles/addconfig/tasks/certificates.yml
+++ b/roles/addconfig/tasks/certificates.yml
@@ -0,0 +1,83 @@
+---
+- name: Create CNAME dns record
+  community.general.ipa_dnsrecord:
+    ipa_user: "{{ ansible_user }}"
+    ipa_pass: "{{ ansible_password }}"
+    zone_name: "{{ ansible_facts['domain'] }}"
+    record_name: "{{  rproxy_service_name  }}"
+    record_type: 'CNAME'
+    record_value: "{{ ansible_facts['hostname'] }}"
+    state: present
+  ignore_errors: true
+
+- name: Kinit
+  ansible.builtin.shell:
+    cmd: "echo '{{ ansible_password }}' | kinit"
+  become: false
+  become_user: "{{ ansible_user }}"
+
+- name: Create fake host for certificate
+  ansible.builtin.shell:
+    cmd: "ipa host-add {{ rproxy_service_name }}.{{ ansible_facts['domain'] }} --force --desc=\"Fake host for SPN\""
+  become: false
+  become_user: "{{ ansible_user }}"
+  ignore_errors: true
+
+- name: Create SPN for HTTP
+  ansible.builtin.shell:
+    cmd: "ipa service-add HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }} --skip-host-check --force"
+  become: false
+  become_user: "{{ ansible_user }}"
+  ignore_errors: true
+
+- name: "Allow {{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }} to get certificates for HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }} SPN"
+  ansible.builtin.shell:
+    cmd: "ipa service-add-host --hosts={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }} HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}"
+  become: false
+  become_user: "{{ ansible_user }}"
+  ignore_errors: true
+
+- name: Kdestroy
+  ansible.builtin.shell:
+    cmd: kdestroy
+  become: false
+  become_user: "{{ ansible_user }}"
+
+- name: Get all tracking certificates
+  ansible.builtin.shell:
+    cmd: "ipa-getcert list | grep -m1 -B5 \"{{ rproxy_dir }}/certs/{{ rproxy_service_name }}\" | grep Request | awk '{print $NF}' | tr -d \"'\\|:\""
+  register: tracking_list
+
+- name: Remove certificates from IPA tracking
+  ansible.builtin.shell:
+    cmd: "ipa-getcert stop-tracking -i {{ item }}"
+  loop: "{{ tracking_list.stdout_lines }}"
+  ignore_errors: true
+
+- name: Request certificate via ipa-getcert
+  ansible.builtin.command: >
+    ipa-getcert request
+    -f {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt
+    -k {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key
+    -K HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}
+    -N CN={{ rproxy_service_name }}.{{ ansible_facts['domain'] }}
+
+- name: Wait for certificate to appear
+  ansible.builtin.wait_for:
+    path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt"
+    timeout: 60
+
+- name: Change certificate permissions
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt"
+    mode: "0744"
+
+- name: Wait for certificate key to appear
+  ansible.builtin.wait_for:
+    path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key"
+    timeout: 60
+
+- name: Change certificate key permissions
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key"
+    mode: "0744"
--- a/roles/addconfig/tasks/main.yml
+++ b/roles/addconfig/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: Add config
+  ansible.builtin.include_tasks: 
+    file: addconfig.yml
+
+- name: Generate certificates
+  ansible.builtin.include_tasks: 
+    file: certificates.yml
+
+- name: Restart rproxy service
+  ansible.builtin.systemd:
+    name: "container-rproxy.service"
+    state: restarted
+    enabled: yes
--- a/roles/addconfig/templates/server.conf.j2
+++ b/roles/addconfig/templates/server.conf.j2
--- a/roles/addconfig/vars/main.yml
+++ b/roles/addconfig/vars/main.yml
@@ -0,0 +1,5 @@
+---
+ansible_python_interpreter: /usr/bin/python3
+
+# Rproxy
+rproxy_dir: /opt/rproxy
--- a/roles/rproxy/tasks/podman.yml
+++ b/roles/rproxy/tasks/podman.yml
@@ -5,8 +5,6 @@
      - podman
      - podman-compose
      - podman-docker
-      - podman-remote
-      - podman-tui
      - buildah
    update_cache: yes

--- a/roles/podman/vars/main.yml
+++ b/roles/podman/vars/main.yml
@@ -0,0 +1,2 @@
+---
+ansible_python_interpreter: /usr/bin/python3
--- a/roles/rproxy/tasks/addconfig.yml
+++ b/roles/rproxy/tasks/addconfig.yml
@@ -1,91 +0,0 @@
---
- name: Create server configs
-  block:
-    - name: Copy server.conf
-      ansible.builtin.template:
-        src: templates/server.conf.j2
-        dest: "{{ rproxy_dir }}/sites/{{  rproxy_service_name  }}.conf"
-
- name: Generate certificates for {{  rproxy_service_name  }}
-  block:
-    - name: Create CNAME dns record
-      community.general.ipa_dnsrecord:
-        ipa_user: "{{ ansible_user }}"
-        ipa_pass: "{{ ansible_password }}"
-        zone_name: "{{ ansible_facts['domain'] }}"
-        record_name: "{{  rproxy_service_name  }}"
-        record_type: 'CNAME'
-        record_value: "{{ ansible_facts['hostname'] }}"
-        state: present
-
-    - name: Kinit
-      ansible.builtin.shell:
-        cmd: "echo '{{ ansible_password }}' | kinit"
-      become: false
-      become_user: "{{ ansible_user }}"
-
-    - name: Create fake host for certificate
-      ansible.builtin.shell:
-        cmd: "ipa host-add {{ rproxy_service_name }}.{{ ansible_facts['domain'] }} --force --desc=\"Fake host for SPN\""
-      become: false
-      become_user: "{{ ansible_user }}"
-      ignore_errors: true
-
-    - name: Create SPN for HTTP
-      ansible.builtin.shell:
-        cmd: "ipa service-add HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }} --skip-host-check --force"
-      become: false
-      become_user: "{{ ansible_user }}"
-      ignore_errors: true
-
-    - name: "Allow {{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }} to get certificates for HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }} SPN "
-      ansible.builtin.shell:
-        cmd: "ipa service-add-host --hosts={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }} HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}"
-      become: false
-      become_user: "{{ ansible_user }}"
-      ignore_errors: true
-
-    - name: Get all tracking certificates
-      ansible.builtin.shell:
-        cmd: ipa-getcert list | grep "ID" | awk '{print $NF}' | tr -d "'\|:"
-      register: tracking_list
-
-    - name: Remove certificates from IPA tracking
-      ansible.builtin.shell:
-        cmd: "ipa-getcert stop-tracking -i {{ item }}"
-      loop: "{{ tracking_list.stdout_lines }}"
-      ignore_errors: true
-
-    - name: Request certificate via ipa-getcert
-      ansible.builtin.command: >
-        ipa-getcert request
-        -f {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt
-        -k {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key
-        -K HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}
-        -N CN={{ rproxy_service_name }}.{{ ansible_facts['domain'] }}
-
-    - name: Wait for certificate to appear
-      ansible.builtin.wait_for:
-        path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt"
-        timeout: 60
-
-    - name: Change certificate permissions
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt"
-        mode: "0744"
-
-    - name: Wait for certificate key to appear
-      ansible.builtin.wait_for:
-        path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key"
-        timeout: 60
-
-    - name: Change certificate key permissions
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.key"
-        mode: "0744"
-
- name: Restart rproxy service
-  ansible.builtin.systemd:
-    name: "container-rproxy.service"
-    state: restarted
-    enabled: yes
--- a/roles/rproxy/tasks/certificates.yml
+++ b/roles/rproxy/tasks/certificates.yml
@@ -0,0 +1,59 @@
+---
+- name: Kinit
+  ansible.builtin.shell:
+    cmd: "echo '{{ ansible_password }}' | kinit"
+  become: false
+  become_user: "{{ ansible_user }}"
+
+- name: Create SPN for HTTP
+  ansible.builtin.shell:
+    cmd: "ipa service-add HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}"
+  become: false
+  become_user: "{{ ansible_user }}"
+  ignore_errors: true
+
+- name: Kdestroy
+  ansible.builtin.shell:
+    cmd: kdestroy
+  become: false
+  become_user: "{{ ansible_user }}"
+
+- name: Get all tracking certificates
+  ansible.builtin.shell:
+    cmd: "ipa-getcert list | grep -m1 -B5 \"{{ rproxy_dir }}/certs/repo\" | grep Request | awk '{print $NF}' | tr -d \"'\\|:\""
+  register: tracking_list
+
+- name: Remove certificates from IPA tracking
+  ansible.builtin.shell:
+    cmd: "ipa-getcert stop-tracking -i {{ item }}"
+  loop: "{{ tracking_list.stdout_lines }}"
+  ignore_errors: true
+
+- name: Request certificate via ipa-getcert
+  ansible.builtin.command: >
+    ipa-getcert request
+    -f {{ rproxy_dir }}/certs/repo.crt
+    -k {{ rproxy_dir }}/certs/repo.key
+    -K HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
+    -N CN={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
+    -F {{ rproxy_dir }}/certs/RootCA.crt
+
+- name: Wait for certificate to appear
+  ansible.builtin.wait_for:
+    path: "{{ rproxy_dir }}/certs/repo.crt"
+    timeout: 60
+
+- name: Change certificate permissions
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/certs/repo.crt"
+    mode: "0744"
+
+- name: Wait for certificate key to appear
+  ansible.builtin.wait_for:
+    path: "{{ rproxy_dir }}/certs/repo.key"
+    timeout: 60
+
+- name: Change certificate key permissions
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/certs/repo.key"
+    mode: "0744"
--- a/roles/rproxy/tasks/configs.yml
+++ b/roles/rproxy/tasks/configs.yml
@@ -0,0 +1,10 @@
+---
+- name: Copy repo.conf
+  ansible.builtin.copy:
+    src: files/repo.conf
+    dest: "{{ rproxy_dir }}/sites/repo.conf"
+
+- name: Copy nginx.conf
+  ansible.builtin.copy:
+    src: files/nginx.conf
+    dest: "{{ rproxy_dir }}/nginx.conf"
--- a/roles/rproxy/tasks/dirs.yml
+++ b/roles/rproxy/tasks/dirs.yml
@@ -0,0 +1,31 @@
+---
+- name: Remove rproxy dir
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}"
+    state: absent
+
+- name: Create rproxy dir
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}"
+    state: directory
+
+- name: Create rproxy data dir
+  ansible.builtin.file:
+    path: "{{ repo_data_dir }}"
+    state: directory
+
+- name: Create sites dir
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/sites"
+    state: directory
+
+- name: Create certs dir
+  ansible.builtin.file:
+    path: "{{ rproxy_dir }}/certs"
+    state: directory
+
+- name: Create repo dir
+  ansible.builtin.file:
+    path: "{{ repo_data_dir }}"
+    state: directory
+    mode: 0777
--- a/roles/rproxy/tasks/main.yml
+++ b/roles/rproxy/tasks/main.yml
@@ -1,32 +1,20 @@
 ---
- name: Podman install
+- name: Prepare directories
  ansible.builtin.include_tasks: 
-    file: podman.yml
-    apply:
-      tags: install
-  tags:
-  - install
+    file: dirs.yml
+
+- name: Copy configs
+  ansible.builtin.include_tasks: 
+    file: configs.yml
+
+- name: Generate certificates
+  ansible.builtin.include_tasks: 
+    file: certificates.yml

 - name: Rproxy install
  ansible.builtin.include_tasks: 
    file: rproxy.yml
-    apply:
-      tags: install
-  tags:
-  - install

- name: Repo install
+- name: Repository install
  ansible.builtin.include_tasks: 
    file: repo.yml
-    apply:
-      tags: install
-  tags:
-  - install
-
- name: Add config
-  ansible.builtin.include_tasks: 
-    file: addconfig.yml
-    apply:
-      tags: add_config
-  tags:
-  - add_config
--- a/roles/rproxy/tasks/repo.yml
+++ b/roles/rproxy/tasks/repo.yml
@@ -1,78 +1,10 @@
 ---
- name: Prepare for https repository
-  block:
-    - name: Create repo dir
-      ansible.builtin.file:
-        path: "{{ repo_data_dir }}"
-        state: directory
-        mode: 0777
-
-    - name: Copy repo.conf
-      ansible.builtin.copy:
-        src: files/repo.conf
-        dest: "{{ rproxy_dir }}/sites/repo.conf"
-
-    - name: Install createrepo
+- name: Install createrepo
  ansible.builtin.yum:
    name:
      - createrepo
    update_cache: yes

- name: Create https certificates for repository
-  block:
-    - name: Kinit
-      ansible.builtin.shell:
-        cmd: "echo '{{ ansible_password }}' | kinit"
-      become: false
-      become_user: "{{ ansible_user }}"
-
-    - name: Create SPN for HTTP
-      ansible.builtin.shell:
-        cmd: "ipa service-add HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}"
-      become: false
-      become_user: "{{ ansible_user }}"
-      ignore_errors: true
-
-    - name: Get all tracking certificates
-      ansible.builtin.shell:
-        cmd: ipa-getcert list | grep "ID" | awk '{print $NF}' | tr -d "'\|:"
-      register: tracking_list
-
-    - name: Remove certificates from IPA tracking
-      ansible.builtin.shell:
-        cmd: "ipa-getcert stop-tracking -i {{ item }}"
-      loop: "{{ tracking_list.stdout_lines }}"
-      ignore_errors: true
-
-    - name: Request certificate via ipa-getcert
-      ansible.builtin.command: >
-        ipa-getcert request
-        -f {{ rproxy_dir }}/certs/repo.crt
-        -k {{ rproxy_dir }}/certs/repo.key
-        -K HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
-        -N CN={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
-        -F {{ rproxy_dir }}/certs/RootCA.crt
-
-    - name: Wait for certificate to appear
-      ansible.builtin.wait_for:
-        path: "{{ rproxy_dir }}/certs/repo.crt"
-        timeout: 60
-
-    - name: Change certificate permissions
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs/repo.crt"
-        mode: "0744"
-
-    - name: Wait for certificate key to appear
-      ansible.builtin.wait_for:
-        path: "{{ rproxy_dir }}/certs/repo.key"
-        timeout: 60
-
-    - name: Change certificate key permissions
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs/repo.key"
-        mode: "0744"
-
 - name: Restart rproxy service
  ansible.builtin.systemd:
    name: "container-rproxy.service"
--- a/roles/rproxy/tasks/rproxy.yml
+++ b/roles/rproxy/tasks/rproxy.yml
@@ -1,49 +1,15 @@
 ---
- name: Prepare dirs for rproxy
-  block:
-    - name: Remove rproxy dir
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}"
-        state: absent
-
-    - name: Create rproxy dir
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}"
-        state: directory
-
-    - name: Create rproxy data dir
-      ansible.builtin.file:
-        path: "{{ repo_data_dir }}"
-        state: directory
-
-    - name: Create sites dir
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/sites"
-        state: directory
-
-    - name: Create certs dir
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs"
-        state: directory
-
-    - name: Copy nginx.conf
-      ansible.builtin.copy:
-        src: files/nginx.conf
-        dest: "{{ rproxy_dir }}/nginx.conf"
-
- name: Install rproxy
-  block:
-    - name: Pull rproxy image
+- name: Pull rproxy image
  containers.podman.podman_image:
    name: "{{ image_repo }}/{{ rproxy_image }}:{{ rproxy_version }}"
    state: present

-    - name: Delete rproxy container if exists
+- name: Delete rproxy container if exists
  containers.podman.podman_container:
    name: rproxy
    state: absent

-    - name: Start rproxy
+- name: Start rproxy
  containers.podman.podman_container:
    name: rproxy
    image: "{{ image_repo }}/{{ rproxy_image }}:{{ rproxy_version }}"
@@ -68,7 +34,7 @@
      stop_timeout: 120
      names: true

-    - name: Enable rproxy service
+- name: Enable rproxy service
  ansible.builtin.systemd:
    name: "container-rproxy.service"
    state: started
--- a/rproxy.yml
+++ b/rproxy.yml
@@ -2,25 +2,11 @@
 - hosts: all
  become: yes
  
-  vars:
-    ansible_python_interpreter: /usr/bin/python3
-  
  vars_prompt:
-    - name: rproxy_service_name
-      prompt: Enter service for rproxy
-      private: false
-
-    - name: rproxy_service_port
-      prompt: Enter service for rproxy
-      private: false
-
-    - name: rproxy_service_address
-      prompt: Enter service for rproxy
-      private: false
-
    - name: image_repo
      prompt: Enter repository address with podman images (ex. rproxy.olsson.ul:5000)
      private: false

  roles:
+    - podman
    - rproxy