From 2b011bf62a753b7028f2f3f5e9859f2502176f3a Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Thu, 21 Dec 2023 17:30:57 +0100 Subject: [PATCH] feat: Create role --- README.md | 35 ++++++++++++++++- defaults/main.yml | 15 ++++++++ meta/main.yml | 4 +- tasks/configuration.yml | 55 +++++++++++++++++++++++++++ tasks/installation.yml | 13 +++++++ tasks/main.yml | 18 +++++++++ templates/podman-quadlet.container.j2 | 35 +++++++++++++++++ 7 files changed, 171 insertions(+), 4 deletions(-) create mode 100644 defaults/main.yml create mode 100644 tasks/configuration.yml create mode 100644 tasks/installation.yml create mode 100644 tasks/main.yml create mode 100644 templates/podman-quadlet.container.j2 diff --git a/README.md b/README.md index 3edfbf7..283a5b9 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,34 @@ -# role_modele +# role_podman -Modèle \ No newline at end of file +Rôle de déploiement de podman. + +## Pré-requis + +Ce rôle créer un utilisateur à l'aide de ce rôle qu'il faut donc installé lors de l'exécution d'un playbook.
+Afin d'installer les deux rôles dans un playbook : + +```bash +$ cd playbook_podman +$ tee <Valeur par défaut: aucune diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..35ab668 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,15 @@ +--- +# defaults file for podman + +podman_containers: {} +# Exemple: +# - image: docker.io/wallabag/wallabag:latest +# name: wallbag +# userns: keep-id +# volumes: +# - wallbag-data:/var/www/wallabag/data +# - wallbag-image:/var/www/wallabag/web/assets/images +# ports: +# - 80:80/tcp +# environment_vars: +# - SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr diff --git a/meta/main.yml b/meta/main.yml index c58bebf..24138af 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: namespace: ykn author: pulsar89.5 - description: Rôle modèle + description: Rôle de déploiement de podman license: GPL-3.0-or-later @@ -10,6 +10,6 @@ galaxy_info: platforms: - name: Debian versions: - - all + - sid dependencies: [] diff --git a/tasks/configuration.yml b/tasks/configuration.yml new file mode 100644 index 0000000..9214f0d --- /dev/null +++ b/tasks/configuration.yml @@ -0,0 +1,55 @@ +--- +# tasks file for podman + +- name: Créer l'utilisateur dédié + ansible.builtin.include_role: + name: users + vars: + users: + - name: "{{ container_user }}" + comment: Dedicated Podman user ({{ container.name }}) + update_password: on_create + password_lock: true + shell: /bin/bash + +- name: Créer le chemin de stockage des définitions + ansible.builtin.file: + path: "{{ container_basepath }}" + state: directory + owner: "{{ container_user }}" + group: "{{ container_user }}" + mode: u=rwX,g=rwX,o= + become: true + +- name: Créer le volume + containers.podman.podman_volume: + name: "{{ item.split(':')[0] }}" + when: container.volumes | length > 0 + loop: "{{ container.volumes }}" + notify: Redémarrer le conteneur + +- name: Déployer le conteneur + ansible.builtin.template: + src: podman-quadlet.container.j2 + dest: "{{ container_basepath }}/{{ container_filename }}" + owner: "{{ container_user }}" + group: "{{ container_user }}" + mode: u=rw,g=rw,o= + become: true + register: deploy_container + +- name: Activer le lingering + ansible.builtin.command: + cmd: "loginctl enable-linger {{ container_user }}" + creates: /var/lib/systemd/linger/{{ container_user }} + become: true + +- name: Démarrer ou redémarrer le conteneur + ansible.builtin.systemd_service: + name: "{{ container_filename | replace('.container', '.service') }}" + state: "{{ 'restarted' if deploy_container.changed else 'started' }}" + enabled: true + daemon_reload: true + scope: user + become: true + become_user: "{{ container_user }}" diff --git a/tasks/installation.yml b/tasks/installation.yml new file mode 100644 index 0000000..c99beaf --- /dev/null +++ b/tasks/installation.yml @@ -0,0 +1,13 @@ +--- +# tasks file for podman + +- name: Installer les paquets + ansible.builtin.apt: + name: + - dbus-user-session + - podman + - rootlesskit + - slirp4netns + - systemd-container + state: present + become: true diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..91e3804 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# tasks file for podman + +- name: Importer les tâches d'installation + tags: installation + ansible.builtin.import_tasks: installation.yml + +- name: Importer les tâches de configuration + tags: configuration + ansible.builtin.include_tasks: configuration.yml + loop: "{{ podman_containers }}" + loop_control: + label: "{{ container.name }}" + loop_var: container + vars: + container_user: "podman-{{ container.user | default(container.name) }}" + container_basepath: "/home/{{ container_user }}/.config/containers/systemd" + container_filename: "podman-{{ container.name }}.container" diff --git a/templates/podman-quadlet.container.j2 b/templates/podman-quadlet.container.j2 new file mode 100644 index 0000000..38f9c8b --- /dev/null +++ b/templates/podman-quadlet.container.j2 @@ -0,0 +1,35 @@ +# {{ ansible_managed }} + +[Unit] +Description=Wallbag container + +[Container] +HostName={{ inventory_hostname }} + +Image={{ container.image }} +ContainerName={{ container.name }} + +{% if container.get('userns', '') | length > 0 %} +UserNS={{ container.userns }} +{% endif %} + +AutoUpdate=registry + +{% for volume in container.get('volumes', []) %} +Volume={{ volume }} +{% endfor %} + +{% for port in container.get('ports', []) %} +PublishPort={{ port }} +{% endfor %} + +{% for environment in container.get('environment_vars', []) %} +Environment={{ environment }} +{% endfor %} + +[Service] +Restart=on-failure +TimeoutStartSec=900 + +[Install] +WantedBy=default.target