Merge pull request 'feat: Create role' (#1) from alpha into master

Reviewed-on: #1
2024-02-08 00:05:26 +00:00
parent d1d57b255e 2b011bf62a
commit a740e7f05a
7 changed files with 171 additions and 4 deletions
--- a/README.md
+++ b/README.md
@@ -1,3 +1,34 @@
-# role_modele
+# role_podman

-Modèle
+Rôle de déploiement de podman.
+
+## Pré-requis
+
+Ce rôle créer un utilisateur à l'aide de ce rôle qu'il faut donc installé lors de l'exécution d'un playbook.<br>
+Afin d'installer les deux rôles dans un playbook :
+
+```bash
+$ cd playbook_podman
+$ tee <<EOF
+---
+
+- name: users
+  scm: git
+  src: ssh://gitea@git.ykn.fr:12393/ansible/role_users.git
+  version: alpha
+
+- name: podman
+  scm: git
+  src: ssh://gitea@git.ykn.fr:12393/ansible/role_podman.git
+  version: alpha
+EOF
+$ ansible-galaxy install -fr requirements_roles.yml 
+```
+
+## Variables
+
+### podman_containers
+
+Définition des conteneurs à déployer.
+
+<span style="text-decoration: underline">Valeur par défaut:</span> aucune
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -0,0 +1,15 @@
+---
+# defaults file for podman
+
+podman_containers: {}
+# Exemple:
+#  - image: docker.io/wallabag/wallabag:latest
+#    name: wallbag
+#    userns: keep-id
+#    volumes:
+#      - wallbag-data:/var/www/wallabag/data
+#      - wallbag-image:/var/www/wallabag/web/assets/images
+#    ports:
+#      - 80:80/tcp
+#    environment_vars:
+#      - SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,7 +1,7 @@
 galaxy_info:
  namespace: ykn
  author: pulsar89.5
-  description: Rôle modèle
+  description: Rôle de déploiement de podman

  license: GPL-3.0-or-later

@@ -10,6 +10,6 @@ galaxy_info:
  platforms:
    - name: Debian
      versions:
-        - all
+        - sid

 dependencies: []
--- a/tasks/configuration.yml
+++ b/tasks/configuration.yml
@@ -0,0 +1,55 @@
+---
+# tasks file for podman
+
+- name: Créer l'utilisateur dédié
+  ansible.builtin.include_role:
+    name: users
+  vars:
+    users:
+      - name: "{{ container_user }}"
+        comment: Dedicated Podman user ({{ container.name }})
+        update_password: on_create
+        password_lock: true
+        shell: /bin/bash
+
+- name: Créer le chemin de stockage des définitions
+  ansible.builtin.file:
+    path: "{{ container_basepath }}"
+    state: directory
+    owner: "{{ container_user }}"
+    group: "{{ container_user }}"
+    mode: u=rwX,g=rwX,o=
+  become: true
+
+- name: Créer le volume
+  containers.podman.podman_volume:
+    name: "{{ item.split(':')[0] }}"
+  when: container.volumes | length > 0
+  loop: "{{ container.volumes }}"
+  notify: Redémarrer le conteneur
+
+- name: Déployer le conteneur
+  ansible.builtin.template:
+    src: podman-quadlet.container.j2 
+    dest: "{{ container_basepath }}/{{ container_filename }}"
+    owner: "{{ container_user }}"
+    group: "{{ container_user }}"
+    mode: u=rw,g=rw,o=
+  become: true
+  register: deploy_container
+
+- name: Activer le lingering
+  ansible.builtin.command:
+   cmd: "loginctl enable-linger {{ container_user }}"
+   creates: /var/lib/systemd/linger/{{ container_user }}
+  become: true
+
+- name: Démarrer ou redémarrer le conteneur
+  ansible.builtin.systemd_service:
+    name: "{{ container_filename | replace('.container', '.service') }}"
+    state: "{{ 'restarted' if deploy_container.changed else 'started' }}"
+    enabled: true
+    daemon_reload: true
+    scope: user
+  become: true
+  become_user: "{{ container_user }}"
--- a/tasks/installation.yml
+++ b/tasks/installation.yml
@@ -0,0 +1,13 @@
+---
+# tasks file for podman
+
+- name: Installer les paquets
+  ansible.builtin.apt:
+    name:
+      - dbus-user-session
+      - podman
+      - rootlesskit
+      - slirp4netns
+      - systemd-container
+    state: present
+  become: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+# tasks file for podman
+
+- name: Importer les tâches d'installation
+  tags: installation
+  ansible.builtin.import_tasks: installation.yml
+
+- name: Importer les tâches de configuration
+  tags: configuration
+  ansible.builtin.include_tasks: configuration.yml
+  loop: "{{ podman_containers }}"
+  loop_control:
+    label: "{{ container.name }}"
+    loop_var: container
+  vars:
+    container_user: "podman-{{ container.user | default(container.name) }}"
+    container_basepath: "/home/{{ container_user }}/.config/containers/systemd"
+    container_filename: "podman-{{ container.name }}.container"
--- a/templates/podman-quadlet.container.j2
+++ b/templates/podman-quadlet.container.j2
@@ -0,0 +1,35 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=Wallbag container
+
+[Container]
+HostName={{ inventory_hostname }}
+
+Image={{ container.image }}
+ContainerName={{ container.name }}
+
+{% if container.get('userns', '') | length > 0 %}
+UserNS={{ container.userns }}
+{% endif %}
+
+AutoUpdate=registry
+
+{% for volume in container.get('volumes', []) %}
+Volume={{ volume }}
+{% endfor %}
+
+{% for port in container.get('ports', []) %}
+PublishPort={{ port }}
+{% endfor %}
+
+{% for environment in container.get('environment_vars', []) %}
+Environment={{ environment }}
+{% endfor %}
+
+[Service]
+Restart=on-failure
+TimeoutStartSec=900
+
+[Install]
+WantedBy=default.target