ziti-edge-tunnel/redhat9-ziti-edge-tunnel-rpm-repo/playbook.yaml

- name: Install Ziti Edge Tunnel
  gather_facts: false
  hosts: default
  become: true
  vars:
    zet_version: 0.22.29

  tasks:
    - name: Configure RPM Repository
      ansible.builtin.copy:
        dest: /etc/yum.repos.d/ziti-edge-tunnel.repo
        mode: '0644'
        owner: root
        group: root
        content: |
          [OpenZitiTunneler]
          name=OpenZitiTunneler
          baseurl=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat9/$basearch
          enabled=1
          gpgcheck=0
          gpgkey=https://packages.openziti.org/zitipax-openziti-rpm-stable/redhat9/$basearch/repodata/repomd.xml.key
          repo_gpgcheck=1

    - name: Pin ZET version
      ansible.builtin.yum:
        name: ziti-edge-tunnel-{{ zet_version }}
        update_cache: true
        disable_gpg_check: false
        state: present

    - name: Install Ziti Identity Enrollment Token
      ansible.builtin.copy:
        src: ./ziti-id.jwt  # relative to playbook on Vagrant host/Ansible Controller
        dest: /opt/openziti/etc/identities/ziti-id.jwt
        owner: root
        group: ziti
        mode: '0664'

    - name: Start Ziti Edge Tunnel
      ansible.builtin.service:
        name: ziti-edge-tunnel
        state: started
        enabled: true

    - name: Add two IPv4 DNS server addresses
      community.general.nmcli:
        conn_name: eth0
        type: ethernet
        dns4_ignore_auto: true
        dns4:
          - 100.64.0.2
          - 1.1.1.1
        state: present

    - name: raise the network manager connection
      command: nmcli connection up "eth0"

    - name: Ensure Ziti Edge Tunnel is running
      ansible.builtin.pause:
        seconds: 10

    - name: Send an HTTP Request to Test Ziti
      ansible.builtin.uri:
        # url: http://testapi.ziti/post
        url: http://httpbin.miniziti.private/post
        method: POST
        body_format: json
        body:
          hello: ziggy
      register: httpbin
      failed_when:
        - httpbin.status != 200
        - httpbin.json.hello != "ziggy"