opti_storage.yml

# ansible-galaxy collection install linux_system_roles.storage
# then
# cd ~/.ansible/collections/ansible_collections/fedora/linux_system_roles/requirements.yml
# ansible-galaxy collection install -vv -r requirements.yml
---
- hosts: opti.lan
  #connection: local
  become: yes

  roles:
    - fedora.linux_system_roles.storage

  tasks:

    - name: Create the physical volume (PV)
      lvg:
        vg: fedora_opti
        pvs: /dev/sda3
      tags:
      - lvm

    - name: Create the logical volume on disk for root
      lvol:
        vg: fedora_opti
        lv: root
        size: 30g
      tags:
      - lvm

    - name: Create the filesystem for root
      filesystem:
        fstype: xfs
        dev: /dev/fedora_opti/root
        resizefs: yes
      tags:
      - lvm

    - name: Mount the filesystem
      mount:
        path: /
        src: /dev/mapper/fedora_opti-root
        fstype: xfs
        state: mounted
        backup: yes
      tags:
      - lvm

    - name: Create the logical volume on disk for user_containers
      lvol:
        vg: fedora_opti
        lv: user_containers
        size: 20g
      tags:
      - lvm

    - name: Create the filesystem for user_containers
      filesystem:
        fstype: xfs
        dev: /dev/fedora_opti/user_containers
        resizefs: yes
      tags:
      - lvm

    - name: Mount the filesystem for user_containers
      mount:
        path: /mnt/containers
        src: /dev/mapper/fedora_opti-user_containers
        fstype: xfs
        state: mounted
        backup: yes
      tags:
      - lvm 

    - name: Create the logical volume on disk for root_containers
      lvol:
        vg: fedora_opti
        lv: root_containers
        size: 20g
      tags:
      - lvm

    - name: Create the filesystem for root_containers
      filesystem:
        fstype: xfs
        dev: /dev/fedora_opti/root_containers
        resizefs: yes
      tags:
      - lvm

    - name: Mount the filesystem for root_containers
      mount:
        path: /var/lib/containers
        src: /dev/mapper/fedora_opti-root_containers
        fstype: xfs
        state: mounted
        backup: yes
      tags:
      - lvm

    - name: Create the logical volume on disk for vm_pool
      lvol:
        vg: fedora_opti
        lv: vm_pool
        size: 140g
      tags:
        - lvm

    - name: Create the filesystem for vm_pool
      filesystem:
        fstype: xfs
        dev: /dev/fedora_opti/vm_pool
        resizefs: yes
      tags:
        - lvm

    - name: Mount the filesystem for vm_pool
      mount:
        path: /var/lib/libvirt/vm-pool
        src: /dev/mapper/fedora_opti-vm_pool
        fstype: xfs
        state: mounted
        backup: yes
      tags:
        - lvm

    - name: Create mount point for vm_images filesystem
      file:
        path: /mnt/vm_images
        state: directory
        mode: '0755'
        owner: root
        group: root
      tags:
        - nfs

    - name: Mount vm_images filesystem from MicroServer
      mount:
        src: opti.lan:/mnt/vm_images
        path: /mnt/vm_images
        opts: x-systemd.after=network-online.target
        state: mounted
        fstype: nfs
      tags:
        - nfs

    - name: What's the user containers directory?
      debug:
        var: mount_point_user_containers

    - name: Configure storage directory for rootless containers
      block:
        - name: Set correct directory ownership/permissions for rootless container mount point
          file:
            path: "{{ mount_point_user_containers }}"
            state: directory
            owner: root
            group: root
            mode: '0777'

        # Fix the SELinux permissions for user container storage as per:
        # https://github.com/containers/podman/issues/12812
        # https://github.com/containers/podman/issues/3234
        # $ sudo semanage fcontext -a -e $HOME/.local/share/containers /mnt/containers
        # $ restorecon -R -v /mnt
        - name: Allow users to modify files in their local container storage directories
          community.general.sefcontext:
            #target: '/mnt/containers(/.*)?'
            #target: '/mnt/containers'
            target: "{{ mount_point_user_containers }}"
            # Trying to set seuser is redundant when using SELinux targeted policy
            seuser: unconfined_u
            setype: data_home_t
            state: present

        - name: Apply new SELinux file context to filesystem
          #ansible.builtin.command: restorecon -irv /mnt/containers
          ansible.builtin.command: restorecon -iv {{ mount_point_user_containers }}

        # Edit /etc/containers.conf to ensure rootless containers are stored in correct location
        # OLD: # rootless_storage_path = "$HOME/.local/share/containers/storage"
        # NEW: rootless_storage_path = "/mnt/containers/$USER/storage"
        - name: Ensure that rootless container storage is in the correct directory
          lineinfile:
            path: /usr/share/containers/storage.conf
            regexp: '^rootless_storage_path'
            insertafter: '^# rootless_storage_path'
            line: rootless_storage_path = "{{ mount_point_user_containers }}/$USER/storage"
            #owner: root
            #group: root
            #mode: '0644'
            backup: yes
      when: mount_point_user_containers is defined
      tags:
      - podman