Compare commits

..

No commits in common. "2024.43" and "master" have entirely different histories.

9 changed files with 148 additions and 164 deletions

133
README.md
View File

@ -1,89 +1,82 @@
# role_podman # role_podman
Install podman and manage pods and containers. Rôle de déploiement de podman.
## Pre-requisite ## Pré-requis
The podman user (`podman_user`) must be created before executing this role. Ce rôle créer un utilisateur dédié via [cet autre rôle](https://gitea.ykn.fr/ansible/role_users) dont il est dépendant.
L'utilisation de ce rôle et de sa dépendance dans un playbook nécessite d'utilise ansible-galaxy en lui indiquant un fichier dont le contenu est le suivant :
```bash
$ cd playbook_podman
$ tee requirements.yml <<EOF
---
roles:
- name: users
scm: git
src: ssh://gitea@git.ykn.fr:12393/ansible/role_users.git
version: alpha
- name: podman
scm: git
src: ssh://gitea@git.ykn.fr:12393/ansible/role_podman.git
version: alpha
EOF
$ ansible-galaxy install -fr requirements.yml
```
## Variables ## Variables
### podman_packages
List of packages to install in order to use podman.
<span style="text-decoration: underline">Default value:</span> `["catatonit", "dbus-user-session", "passt", "podman", "podman-docker", "uidmap", "systemd-container"]`
### podman_fix_pasta
On bookworm, we need to fix pasta to use podman ([see here](https://github.com/containers/buildah/issues/5440#issuecomment-2028911573)).
<span style="text-decoration: underline">Default value:</span> `false`
### podman_user
Users with container configuration.
<span style="text-decoration: underline">Default value:</span> `podman`
### podman_configure_rsyslog ### podman_configure_rsyslog
Status of messages from the *podman* binary and from binaries in containers if they're equalto the container name. Désactive les messages du programme *podman* et des programmes dans les conteneurs si ils portent le nom du conteneur.
<span style="text-decoration: underline">Default value:</span> `true` <span style="text-decoration: underline">Valeur par défaut:</span> `true` (activé, `false` pour désactiver)
### podman_ssh_host
Host to be tested for instance availability.
<span style="text-decoration: underline">Default value:</span> `{{ inventory_hostname }}`
### podman_ssh_port
Port to be tested for instance availability.
<span style="text-decoration: underline">Default value:</span> `22`
### podman_auto_update
Status of the automatic container update service.
<span style="text-decoration: underline">Default value:</span> `true`
### podman_pods
List of dictionnaries to define pods ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_pod_module.html)).
<span style="text-decoration: underline">Default value:</span> none
### podman_containers ### podman_containers
List of dictionnaries to define containers ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_container_module.html#ansible-collections-containers-podman-podman-container-module)). Définition des conteneurs à déployer.
<span style="text-decoration: underline">Default value:</span> none <span style="text-decoration: underline">Valeur par défaut:</span> *aucune*
## Extras ## Utilisation
It's possible to use this role with the alvistack repository by setting the variables to the following values: Définir la variable `podman_containers` dans un fichier sous `host_vars` ou `group_vars` :
```yaml ```bash
# BEGIN role_podman $ tee host_vars/lxd_podman_host.yml <<EOF
podman_packages: ---
- catatonit
- dbus-user-session
- containernetworking-dnsname
- containernetworking-plugins
- containernetworking-podman-machine
- passt
- podman
- podman-aardvark-dns
- podman-docker
- podman-gvproxy
- podman-netavark
- python3-podman-compose
- uidmap
- systemd-container
podman_fix_pasta: true podman_containers:
# END role_podman - image: docker.io/wallabag/wallabag:latest
name: wallbag
userns: keep-id
volumes:
- wallbag-data:/var/www/wallabag/data
- wallbag-image:/var/www/wallabag/web/assets/images
ports:
- 80:80/tcp
environment_vars:
- SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
```
Il est également possible de définir l'utilisateur via la variable `user`, comme ceci :
```bash
$ tee host_vars/lxd_podman_host.yml <<EOF
---
podman_containers:
- image: docker.io/wallabag/wallabag:latest
name: wallbag
user: un_utilisateur
userns: keep-id
volumes:
- wallbag-data:/var/www/wallabag/data
- wallbag-image:/var/www/wallabag/web/assets/images
ports:
- 80:80/tcp
environment_vars:
- SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
``` ```

View File

@ -1,24 +1,25 @@
--- ---
# defaults file for podman # defaults file for podman
podman_packages:
- catatonit
- dbus-user-session
- passt
- podman
- podman-docker
- uidmap
- systemd-container
podman_fix_pasta: false
podman_user: podman
podman_configure_rsyslog: true podman_configure_rsyslog: true
podman_fix_pasta: true
podman_ssh_host: "{{ inventory_hostname }}" podman_ssh_host: "{{ inventory_hostname }}"
podman_ssh_port: 22 podman_ssh_port: 22
podman_auto_update: true podman_auto_update: true
podman_pods: []
podman_containers: [] podman_containers: []
# Exemple:
# - image: docker.io/wallabag/wallabag:latest
# name: wallbag
# userns: keep-id
# commands:
# - echo toto
# volumes:
# - wallbag-data:/var/www/wallabag/data
# - wallbag-image:/var/www/wallabag/web/assets/images
# ports:
# - 80:80/tcp
# environment_vars:
# - SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr

View File

@ -1,34 +1,21 @@
--- ---
# handlers file for exim4 # handlers file for exim4
- name: Set default permissions on volumes folders
ansible.builtin.file:
path: "{{ item.path }}"
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
become: true
loop: "{{ folders.results | selectattr('changed', 'equalto', true) }}"
loop_control:
label: "{{ item.path }}"
# source: https://github.com/containers/buildah/issues/5440#issuecomment-2028911573 # source: https://github.com/containers/buildah/issues/5440#issuecomment-2028911573
- name: Fix passt VS pasta - name: Corriger le problème passt VS pasta
ansible.builtin.file: ansible.builtin.file:
state: hard state: hard
force: true
src: /usr/bin/passt src: /usr/bin/passt
dest: /usr/bin/pasta dest: /usr/bin/pasta
owner: root
group: root
mode: u=rw,g=r,o=r
force: true
when: podman_fix_pasta when: podman_fix_pasta
become: true become: true
- name: Restart instance - name: Redémarrer l'instance
ansible.builtin.reboot: ansible.builtin.reboot:
become: true become: true
- name: Wait SSH is ready - name: Attendre que le port SSH soit ouvert
ansible.builtin.wait_for: ansible.builtin.wait_for:
host: "{{ podman_ssh_host }}" host: "{{ podman_ssh_host }}"
port: "{{ podman_ssh_port }}" port: "{{ podman_ssh_port }}"
@ -38,7 +25,7 @@
sleep: 10 sleep: 10
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
- name: Restart rsyslog.service - name: Redémarrer rsyslog.service
ansible.builtin.systemd: ansible.builtin.systemd:
state: restarted state: restarted
name: rsyslog.service name: rsyslog.service

View File

@ -1,2 +0,0 @@
install_date: lun. 21 oct. 2024 11:22:51
version: master

View File

@ -10,6 +10,6 @@ galaxy_info:
platforms: platforms:
- name: Debian - name: Debian
versions: versions:
- sid - bookworm
dependencies: [] dependencies: []

View File

@ -1,74 +1,72 @@
--- ---
# tasks file for podman # tasks file for podman
- name: Enable lingering for podman user - name: Activer le lingering
ansible.builtin.command: ansible.builtin.command:
cmd: "loginctl enable-linger {{ podman_user }}" cmd: "loginctl enable-linger {{ container_user }}"
creates: /var/lib/systemd/linger/podman creates: /var/lib/systemd/linger/{{ container_user }}
become: true become: true
loop: "{{ podman_containers }}"
loop_control:
label: "{{ item.name }}"
vars:
container_user: "podman-{{ item.user | default(item.name) }}"
- name: Create subvolumes paths - name: Créer les dossiers des volumes
ansible.builtin.file: ansible.builtin.file:
path: "{{ item.1 | split(':') | first }}" path: "{{ item.1 | split(':') | first }}"
state: directory state: directory
owner: "{{ container_user }}"
group: "{{ container_user }}"
mode: u=rwX,g=rX,o=rX mode: u=rwX,g=rX,o=rX
become: true become: true
loop: "{{ q('ansible.builtin.subelements', podman_containers, 'volumes', {'skip_missing': True}) }}" loop: "{{ q('ansible.builtin.subelements', podman_containers, 'volumes', {'skip_missing': True}) }}"
loop_control: loop_control:
label: "{{ item.0.name }}" label: "{{ item.0.name }}"
register: folders
notify: Set default permissions on volumes folders
- name: Exécuter les handlers
ansible.builtin.meta: flush_handlers
- name: Deploy pods
containers.podman.podman_pod: "{{ pod }}"
become: true
become_user: "{{ podman_user }}"
loop: "{{ podman_pods }}"
loop_control:
label: "{{ item.name }}"
register: deployed_pods
vars: vars:
pod: "{{ podman_pods_defaults | ansible.builtin.combine(item) }}" container_user: "podman-{{ item.0.user | default(item.0.name) }}"
- name: Start or restart pods - name: Déployer les conteneurs
ansible.builtin.systemd_service: containers.podman.podman_container:
name: "{{ item.item.name }}-pod.service" hostname: "{{ item.hostname | default(inventory_hostname) }}"
state: "{{ 'restarted' if item.changed else 'started' }}" name: "{{ item.name }}"
daemon_reload: true image: "{{ item.image }}"
scope: user state: quadlet
device: "{{ item.device | default(omit) }}"
ports: "{{ item.ports | default(omit) }}"
volumes: "{{ item.volumes | default(omit) }}"
userns: "{{ item.userns | default(omit) }}"
mount: "{{ item.mount | default(omit) }}"
publish: "{{ item.publish | default(omit) }}"
env: "{{ item.env | default(omit) }}"
quadlet_options: "{{ item.quadlet_options | default(omit) }}"
sysctl: "{{ item.sysctl | default(omit) }}"
cap_add: "{{ item.cap_add | default(omit) }}"
recreate: true
become: true become: true
become_user: "{{ podman_user }}" become_user: "{{ container_user }}"
loop: "{{ deployed_pods.results }}" register: deploy_container
loop_control:
label: "{{ item.item.name }}"
- name: Deploy containers
containers.podman.podman_container: "{{ container }}"
become: true
become_user: "{{ podman_user }}"
loop: "{{ podman_containers }}" loop: "{{ podman_containers }}"
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"
register: deployed_containers
vars: vars:
container: "{{ podman_containers_defaults | ansible.builtin.combine(item) }}" container_user: "podman-{{ item.user | default(item.name) }}"
- name: Start or restart containers - name: Démarrer ou redémarrer le conteneur
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: "{{ item.item.name }}.service" name: "{{ item.item.name }}.service"
state: "{{ 'restarted' if item.changed else 'started' }}" state: "{{ 'restarted' if item.changed else 'started' }}"
daemon_reload: true daemon_reload: true
scope: user scope: user
become: true become: true
become_user: "{{ podman_user }}" become_user: "{{ container_user }}"
loop: "{{ deployed_containers.results }}" loop: "{{ deploy_container.results }}"
loop_control: loop_control:
label: "{{ item.item.name }}" label: "{{ item.item.name }}"
vars:
container_user: "podman-{{ item.item.user | default(item.item.name) }}"
- name: Enable containers auto-update service - name: Activer le service de mise à jour automatique
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: podman-auto-update.timer name: podman-auto-update.timer
daemon_reload: true daemon_reload: true
@ -76,4 +74,9 @@
scope: user scope: user
when: podman_auto_update when: podman_auto_update
become: true become: true
become_user: "{{ podman_user }}" become_user: "{{ container_user }}"
loop: "{{ deploy_container.results }}"
loop_control:
label: "{{ item.item.name }}"
vars:
container_user: "podman-{{ item.item.user | default(item.item.name) }}"

View File

@ -3,14 +3,28 @@
- name: Installer les paquets - name: Installer les paquets
ansible.builtin.apt: ansible.builtin.apt:
name: "{{ podman_packages }}" name:
- dbus-user-session
- containernetworking-dnsname
- containernetworking-plugins
- containernetworking-podman-machine
- dbus-user-session
- passt
- podman
- podman-aardvark-dns
- podman-docker
- podman-gvproxy
- podman-netavark
- python3-podman-compose
- uidmap
- systemd-container
install_recommends: true install_recommends: true
state: present state: present
become: true become: true
notify: notify:
- Fix passt VS pasta - Corriger le problème passt VS pasta
- Restart instance - Redémarrer l'instance
- Wait SSH is ready - Attendre que le port SSH soit ouvert
- name: Exécuter les handlers - name: Exécuter les handlers
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers
@ -24,7 +38,7 @@
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
when: podman_configure_rsyslog when: podman_configure_rsyslog
become: true become: true
notify: Restart rsyslog.service notify: Redémarrer rsyslog.service
- name: Désactiver le service de mise à jour automatique pour root - name: Désactiver le service de mise à jour automatique pour root
ansible.builtin.systemd_service: ansible.builtin.systemd_service:

View File

@ -1,10 +1,10 @@
--- ---
# tasks file for podman # tasks file for podman
- name: Import installation tasks - name: Importer les tâches d'installation
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: installation.yml file: installation.yml
- name: Import configuration tasks - name: Importer les tâches de configuration
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: configuration.yml file: configuration.yml

View File

@ -1,12 +0,0 @@
---
podman_pods_defaults: []
podman_containers_defaults:
state: quadlet
recreate: true
quadlet_options:
- "AutoUpdate=registry"
- |
[Install]
WantedBy=default.target