refacto: Rewriting for Debian Sid

2024-10-22 11:14:15 +02:00
parent 14e5cb0537
commit 49094e2389
9 changed files with 165 additions and 149 deletions
--- a/README.md
+++ b/README.md
@@ -1,82 +1,89 @@
 # role_podman
-Rôle de déploiement de podman.
+Install podman and manage pods and containers.
-## Pré-requis
+## Pre-requisite
-Ce rôle créer un utilisateur dédié via [cet autre rôle](https://gitea.ykn.fr/ansible/role_users) dont il est dépendant.
+The podman user (`podman_user`) must be created before executing this role.
 L'utilisation de ce rôle et de sa dépendance dans un playbook nécessite d'utilise ansible-galaxy en lui indiquant un fichier dont le contenu est le suivant :
 ```bash
 $ cd playbook_podman
 $ tee requirements.yml <<EOF
 ---
 roles:
  - name: users
    scm: git
    src: ssh://gitea@git.ykn.fr:12393/ansible/role_users.git
    version: alpha
  - name: podman
    scm: git
    src: ssh://gitea@git.ykn.fr:12393/ansible/role_podman.git
    version: alpha
 EOF
 $ ansible-galaxy install -fr requirements.yml
 ```
 ## Variables
 ### podman_packages
 List of packages to install in order to use podman.
 <span style="text-decoration: underline">Default value:</span> `["catatonit", "dbus-user-session", "passt", "podman", "podman-docker", "uidmap", "systemd-container"]`
 ### podman_fix_pasta
 On bookworm, we need to fix pasta to use podman ([see here](https://github.com/containers/buildah/issues/5440#issuecomment-2028911573)).
 <span style="text-decoration: underline">Default value:</span> `false`
 ### podman_user
 Users with container configuration.
 <span style="text-decoration: underline">Default value:</span> `podman`
 ### podman_configure_rsyslog
-Désactive les messages du programme *podman* et des programmes dans les conteneurs si ils portent le nom du conteneur.
+Status of messages from the *podman* binary and from binaries in containers if they're equalto the container name.
-<span style="text-decoration: underline">Valeur par défaut:</span> `true` (activé, `false` pour désactiver)
+<span style="text-decoration: underline">Default value:</span> `true`
 ### podman_ssh_host
 Host to be tested for instance availability.
 <span style="text-decoration: underline">Default value:</span> `{{ inventory_hostname }}`
 ### podman_ssh_port
 Port to be tested for instance availability.
 <span style="text-decoration: underline">Default value:</span> `22`
 ### podman_auto_update
 Status of the automatic container update service.
 <span style="text-decoration: underline">Default value:</span> `true`
 ### podman_pods
 List of dictionnaries to define pods ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_pod_module.html)).
 <span style="text-decoration: underline">Default value:</span> none
 ### podman_containers
-Définition des conteneurs à déployer.
+List of dictionnaries to define containers ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_container_module.html#ansible-collections-containers-podman-podman-container-module)).
-<span style="text-decoration: underline">Valeur par défaut:</span> *aucune*
+<span style="text-decoration: underline">Default value:</span> none
-## Utilisation
+## Extras
-Définir la variable `podman_containers` dans un fichier sous `host_vars` ou `group_vars` :
+It's possible to use this role with the alvistack repository by setting the variables to the following values:
-```bash
+```yaml
-$ tee host_vars/lxd_podman_host.yml <<EOF
+# BEGIN role_podman
---
+podman_packages:
  - catatonit
  - dbus-user-session
  - containernetworking-dnsname
  - containernetworking-plugins
  - containernetworking-podman-machine
  - passt
  - podman
  - podman-aardvark-dns
  - podman-docker
  - podman-gvproxy
  - podman-netavark
  - python3-podman-compose
  - uidmap
  - systemd-container
-podman_containers:
+podman_fix_pasta: true
-  - image: docker.io/wallabag/wallabag:latest
+# END role_podman
    name: wallbag
    userns: keep-id
    volumes:
      - wallbag-data:/var/www/wallabag/data
      - wallbag-image:/var/www/wallabag/web/assets/images
    ports:
      - 80:80/tcp
    environment_vars:
      - SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
 ```
 Il est également possible de définir l'utilisateur via la variable `user`, comme ceci :
 ```bash
 $ tee host_vars/lxd_podman_host.yml <<EOF
 ---
 podman_containers:
  - image: docker.io/wallabag/wallabag:latest
    name: wallbag
    user: un_utilisateur
    userns: keep-id
    volumes:
      - wallbag-data:/var/www/wallabag/data
      - wallbag-image:/var/www/wallabag/web/assets/images
    ports:
      - 80:80/tcp
    environment_vars:
      - SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
 ```
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,25 +1,24 @@
 ---
 # defaults file for podman
 podman_packages:
  - catatonit
  - dbus-user-session
  - passt
  - podman
  - podman-docker
  - uidmap
  - systemd-container
 podman_fix_pasta: false
 podman_user: podman
 podman_configure_rsyslog: true
 podman_fix_pasta: true
 podman_ssh_host: "{{ inventory_hostname }}"
 podman_ssh_port: 22
 podman_auto_update: true
 podman_pods: []
 podman_containers: []
 # Exemple:
 #  - image: docker.io/wallabag/wallabag:latest
 #    name: wallbag
 #    userns: keep-id
 #    commands:
 #       - echo toto
 #    volumes:
 #      - wallbag-data:/var/www/wallabag/data
 #      - wallbag-image:/var/www/wallabag/web/assets/images
 #    ports:
 #      - 80:80/tcp
 #    environment_vars:
 #      - SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,21 +1,34 @@
 ---
 # handlers file for exim4
 - name: Set default permissions on volumes folders
  ansible.builtin.file:
    path: "{{ item.path }}"
    owner: "{{ podman_user }}"
    group: "{{ podman_user }}"
  become: true
  loop: "{{ folders.results | selectattr('changed', 'equalto', true) }}"
  loop_control:
    label: "{{ item.path }}"
 # source: https://github.com/containers/buildah/issues/5440#issuecomment-2028911573
- name: Corriger le problème passt VS pasta
+- name: Fix passt VS pasta
  ansible.builtin.file:
    state: hard
    force: true
    src: /usr/bin/passt
    dest: /usr/bin/pasta
    owner: root
    group: root
    mode: u=rw,g=r,o=r
    force: true
  when: podman_fix_pasta
  become: true
- name: Redémarrer l'instance
+- name: Restart instance
  ansible.builtin.reboot:
  become: true
- name: Attendre que le port SSH soit ouvert
+- name: Wait SSH is ready
  ansible.builtin.wait_for:
    host: "{{ podman_ssh_host }}"
    port: "{{ podman_ssh_port }}"
@@ -25,7 +38,7 @@
    sleep: 10
  delegate_to: 127.0.0.1
- name: Redémarrer rsyslog.service
+- name: Restart rsyslog.service
  ansible.builtin.systemd:
    state: restarted
    name: rsyslog.service
--- a/meta/.galaxy_install_info
+++ b/meta/.galaxy_install_info
@@ -0,0 +1,2 @@
 install_date: lun. 21 oct. 2024 11:22:51
 version: master
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -10,6 +10,6 @@ galaxy_info:
  platforms:
    - name: Debian
      versions:
-        - bookworm
+        - sid
 dependencies: []
--- a/tasks/configuration.yml
+++ b/tasks/configuration.yml
@@ -1,72 +1,74 @@
 ---
 # tasks file for podman
- name: Activer le lingering
+- name: Enable lingering for podman user
  ansible.builtin.command:
-    cmd: "loginctl enable-linger {{ container_user }}"
+    cmd: "loginctl enable-linger {{ podman_user }}"
-    creates: /var/lib/systemd/linger/{{ container_user }}
+    creates: /var/lib/systemd/linger/podman
  become: true
  loop: "{{ podman_containers }}"
  loop_control:
    label: "{{ item.name }}"
  vars:
    container_user: "podman-{{ item.user | default(item.name) }}"
- name: Créer les dossiers des volumes
+- name: Create subvolumes paths
  ansible.builtin.file:
    path: "{{ item.1 | split(':') | first }}"
    state: directory
    owner: "{{ container_user }}"
    group: "{{ container_user }}"
    mode: u=rwX,g=rX,o=rX
  become: true
  loop: "{{ q('ansible.builtin.subelements', podman_containers, 'volumes', {'skip_missing': True}) }}"
  loop_control:
    label: "{{ item.0.name }}"
-  vars:
+  register: folders
-    container_user: "podman-{{ item.0.user | default(item.0.name) }}"
+  notify: Set default permissions on volumes folders
- name: Déployer les conteneurs
+- name: Exécuter les handlers
-  containers.podman.podman_container:
+  ansible.builtin.meta: flush_handlers
-    hostname: "{{ item.hostname | default(inventory_hostname) }}"
+
-    name: "{{ item.name }}"
+- name: Deploy pods
-    image: "{{ item.image }}"
+  containers.podman.podman_pod: "{{ pod }}"
    state: quadlet
    device: "{{ item.device | default(omit) }}"
    ports: "{{ item.ports | default(omit) }}"
    volumes: "{{ item.volumes | default(omit) }}"
    userns: "{{ item.userns | default(omit) }}"
    mount: "{{ item.mount | default(omit) }}"
    publish: "{{ item.publish | default(omit) }}"
    env: "{{ item.env | default(omit) }}"
    quadlet_options: "{{ item.quadlet_options | default(omit) }}"
    sysctl: "{{ item.sysctl | default(omit) }}"
    cap_add: "{{ item.cap_add | default(omit) }}"
    recreate: true
  become: true
-  become_user: "{{ container_user }}"
+  become_user: "{{ podman_user }}"
-  register: deploy_container
+  loop: "{{ podman_pods }}"
  loop_control:
    label: "{{ item.name }}"
  register: deployed_pods
  vars:
    pod: "{{ podman_pods_defaults | ansible.builtin.combine(item) }}"
 - name: Start or restart pods
  ansible.builtin.systemd_service:
    name: "{{ item.item.name }}-pod.service"
    state: "{{ 'restarted' if item.changed else 'started' }}"
    daemon_reload: true
    scope: user
  become: true
  become_user: "{{ podman_user }}"
  loop: "{{ deployed_pods.results }}"
  loop_control:
    label: "{{ item.item.name }}"
 - name: Deploy containers
  containers.podman.podman_container: "{{ container }}"
  become: true
  become_user: "{{ podman_user }}"
  loop: "{{ podman_containers }}"
  loop_control:
    label: "{{ item.name }}"
  register: deployed_containers
  vars:
-    container_user: "podman-{{ item.user | default(item.name) }}"
+    container: "{{ podman_containers_defaults | ansible.builtin.combine(item) }}"
- name: Démarrer ou redémarrer le conteneur
+- name: Start or restart containers
  ansible.builtin.systemd_service:
    name: "{{ item.item.name }}.service"
    state: "{{ 'restarted' if item.changed else 'started' }}"
    daemon_reload: true
    scope: user
  become: true
-  become_user: "{{ container_user }}"
+  become_user: "{{ podman_user }}"
-  loop: "{{ deploy_container.results }}"
+  loop: "{{ deployed_containers.results }}"
  loop_control:
    label: "{{ item.item.name }}"
  vars:
    container_user: "podman-{{ item.item.user | default(item.item.name) }}"
- name: Activer le service de mise à jour automatique
+- name: Enable containers auto-update service
  ansible.builtin.systemd_service:
    name: podman-auto-update.timer
    daemon_reload: true
@@ -74,9 +76,4 @@
    scope: user
  when: podman_auto_update
  become: true
-  become_user: "{{ container_user }}"
+  become_user: "{{ podman_user }}"
  loop: "{{ deploy_container.results }}"
  loop_control:
    label: "{{ item.item.name }}"
  vars:
    container_user: "podman-{{ item.item.user | default(item.item.name) }}"
--- a/tasks/installation.yml
+++ b/tasks/installation.yml
@@ -3,28 +3,14 @@
 - name: Installer les paquets
  ansible.builtin.apt:
-    name:
+    name: "{{ podman_packages }}"
      - dbus-user-session
      - containernetworking-dnsname
      - containernetworking-plugins
      - containernetworking-podman-machine
      - dbus-user-session
      - passt
      - podman
      - podman-aardvark-dns
      - podman-docker
      - podman-gvproxy
      - podman-netavark
      - python3-podman-compose
      - uidmap
      - systemd-container
    install_recommends: true
    state: present
  become: true
  notify:
-    - Corriger le problème passt VS pasta
+#    - Fix passt VS pasta
-    - Redémarrer l'instance
+#    - Restart instance
-    - Attendre que le port SSH soit ouvert
+#    - Wait SSH is ready
 - name: Exécuter les handlers
  ansible.builtin.meta: flush_handlers
@@ -38,7 +24,7 @@
    mode: u=rw,g=r,o=r
  when: podman_configure_rsyslog
  become: true
-  notify: Redémarrer rsyslog.service
+  notify: Restart rsyslog.service
 - name: Désactiver le service de mise à jour automatique pour root
  ansible.builtin.systemd_service:
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,10 +1,10 @@
 ---
 # tasks file for podman
- name: Importer les tâches d'installation
+- name: Import installation tasks
  ansible.builtin.import_tasks:
    file: installation.yml
- name: Importer les tâches de configuration
+- name: Import configuration tasks
  ansible.builtin.import_tasks:
    file: configuration.yml
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -0,0 +1,12 @@
 ---
 podman_pods_defaults: []
 podman_containers_defaults:
  state: quadlet
  recreate: true
  quadlet_options:
    - "AutoUpdate=registry"
    - |
      [Install]
      WantedBy=default.target
		`@@ -0,0 +1,2 @@`
							`install_date: lun. 21 oct. 2024 11:22:51`
							`version: master`