refactor(trustee_quadlet): move quadlet repo and install dir variables to private

We don't want users to easily move away from designated Trustee quadlets.
So move the repo and install path to private to reduce variants.

Signed-off-by: Li Tian <litian@redhat.com>

Author: litian1992

README.md

@@ -29,10 +29,6 @@ ansible-galaxy collection install -r meta/collection-requirements.yml
   hosts: all
   vars:
     trustee_attestation_server_trustee: true
-    trustee_attestation_server_quadlet_repo_url: "https://github.com/litian1992/trustee-quadlet-rhel.git"
-    trustee_attestation_server_quadlet_repo_path: "quadlet"
-    trustee_attestation_server_quadlet_repo_branch: "main"
-    trustee_attestation_server_quadlet_install_dir: "/etc/containers/systemd"
     trustee_attestation_server_secret_registration_enabled: true
     trustee_attestation_server_secret_registration_listen_port: 8081
   roles:

defaults/main.yml

@@ -3,13 +3,7 @@
 # Here is the right place to put the role's input variables.
 # This file also serves as a documentation for such a variables.
 
-# Trustee Server Components Quadlet repository configuration
 trustee_attestation_server_trustee: true
-trustee_attestation_server_quadlet_repo_url: "https://github.com/litian1992/trustee-quadlet-rhel.git"
-trustee_attestation_server_quadlet_repo_path: "quadlet"
-trustee_attestation_server_quadlet_repo_branch: "main"
-trustee_attestation_server_quadlet_install_dir: "/etc/containers/systemd"
-trustee_attestation_server_config_dir: "/etc/trustee"
 # Secret registration server service configuration
 trustee_attestation_server_secret_registration_enabled: false
 trustee_attestation_server_secret_registration_listen_port: 8081

examples/simple.yml

@@ -4,10 +4,6 @@
   hosts: all
   vars:
     trustee_attestation_server_trustee: true
-    trustee_attestation_server_quadlet_repo_url: "https://github.com/litian1992/trustee-quadlet-rhel.git"
-    trustee_attestation_server_quadlet_repo_path: "quadlet"
-    trustee_attestation_server_quadlet_repo_branch: "main"
-    trustee_attestation_server_quadlet_install_dir: "/etc/containers/systemd"
     trustee_attestation_server_secret_registration_enabled: false
   roles:
     - linux-system-roles.trustee_attestation_server

tasks/trustee_quadlet.yml

@@ -9,7 +9,7 @@
 
 - name: Ensure quadlet install directory exists
   ansible.builtin.file:
-    path: "{{ trustee_attestation_server_quadlet_install_dir }}"
+    path: "{{ __trustee_attestation_server_quadlet_install_dir }}"
     state: directory
     mode: "0755"
 
@@ -20,16 +20,16 @@
 
 - name: Download Trustee Server quadlet files from GitHub repository
   ansible.builtin.git:
-    repo: "{{ trustee_attestation_server_quadlet_repo_url }}"
+    repo: "{{ __trustee_attestation_server_quadlet_repo_url }}"
     dest: "{{ __trustee_attestation_server_quadlet_repo_dir.path }}"
-    version: "{{ trustee_attestation_server_quadlet_repo_branch }}"
+    version: "{{ __trustee_attestation_server_quadlet_repo_branch }}"
     depth: 1
     force: true
   register: quadlet_repo_download
 
 - name: Find Trustee Server quadlet files in repository
   ansible.builtin.find:
-    paths: "{{ __trustee_attestation_server_quadlet_repo_dir.path }}/{{ trustee_attestation_server_quadlet_repo_path }}"
+    paths: "{{ __trustee_attestation_server_quadlet_repo_dir.path }}/{{ __trustee_attestation_server_quadlet_repo_path }}"
     patterns:
       - "*.container"
       - "*.volume"
@@ -40,13 +40,13 @@
 
 - name: Fail if no Trustee Server quadlet files found
   ansible.builtin.fail:
-    msg: "No quadlet files found in {{ trustee_attestation_server_quadlet_repo_url }}/{{ trustee_attestation_server_quadlet_repo_path }}"
+    msg: "No quadlet files found in {{ __trustee_attestation_server_quadlet_repo_url }}/{{ __trustee_attestation_server_quadlet_repo_path }}"
   when: quadlet_files_found.files | length == 0
 
 - name: Copy Trustee Server quadlet files to install directory
   ansible.builtin.copy:
     src: "{{ item.path }}"
-    dest: "{{ trustee_attestation_server_quadlet_install_dir }}/{{ item.path | basename }}"
+    dest: "{{ __trustee_attestation_server_quadlet_install_dir }}/{{ item.path | basename }}"
     mode: "0644"
     remote_src: true
     force: true
@@ -109,7 +109,7 @@
 
 - name: Get the installed Trustee Server pod name
   ansible.builtin.find:
-    paths: "{{ trustee_attestation_server_quadlet_install_dir }}"
+    paths: "{{ __trustee_attestation_server_quadlet_install_dir }}"
     patterns: "*.pod"
   register: __trustee_attestation_server_pod_name
 

tests/tests_default.yml

@@ -20,17 +20,17 @@
 
     - name: Check trustee quadlet install directory exists
       ansible.builtin.stat:
-        path: "{{ trustee_attestation_server_quadlet_install_dir }}"
+        path: "{{ __trustee_attestation_server_quadlet_install_dir }}"
       register: quadlet_dir
 
     - name: Assert quadlet directory exists
       ansible.builtin.assert:
         that: quadlet_dir.stat.exists
-        fail_msg: "Quadlet install directory {{ trustee_attestation_server_quadlet_install_dir }} was not created"
+        fail_msg: "Quadlet install directory {{ __trustee_attestation_server_quadlet_install_dir }} was not created"
 
     - name: Find quadlet files in install directory
       ansible.builtin.find:
-        paths: "{{ trustee_attestation_server_quadlet_install_dir }}"
+        paths: "{{ __trustee_attestation_server_quadlet_install_dir }}"
         patterns:
           - "*.container"
           - "*.volume"
@@ -42,7 +42,7 @@
     - name: Assert quadlet files exist
       ansible.builtin.assert:
         that: quadlet_files.matched | int > 0
-        fail_msg: "No quadlet files found in {{ trustee_attestation_server_quadlet_install_dir }}"
+        fail_msg: "No quadlet files found in {{ __trustee_attestation_server_quadlet_install_dir }}"
 
     - name: Check trustee certificates and keys were generated
       ansible.builtin.stat:
@@ -65,7 +65,7 @@
 
     - name: Find trustee pod file
       ansible.builtin.find:
-        paths: "{{ trustee_attestation_server_quadlet_install_dir }}"
+        paths: "{{ __trustee_attestation_server_quadlet_install_dir }}"
         patterns: "*.pod"
         recurse: false
       register: trustee_pod_files

vars/main.yml

@@ -12,6 +12,10 @@ __trustee_attestation_server_trustee_packages:
 __trustee_attestation_server_services: []
 __trustee_attestation_server_secret_registration_packages:
   - python3
+__trustee_attestation_server_quadlet_repo_url: "https://github.com/litian1992/trustee-quadlet-rhel.git"
+__trustee_attestation_server_quadlet_repo_path: "quadlet"
+__trustee_attestation_server_quadlet_repo_branch: "main"
+__trustee_attestation_server_quadlet_install_dir: "/etc/containers/systemd"
 __trustee_attestation_server_config_dir: "/etc/trustee"
 # ansible_facts required by the role
 __trustee_attestation_server_required_facts: