ansible/role_podman
2
Fork 0
Code Pull Requests Releases Activity

Compare commits

base: ansible:7007d8f1234e56ebf8900d09dc823ccc7ea5c4ee
Branches Tags
ansible:main
..
compare: ansible:main
Branches Tags
ansible:main

22 Commits
7007d8f123 ... main

Author SHA1 Message Date
pulsar89.5
5b872ba3cb fix: Review CoreOS compatibility 2025-04-15 14:22:51 +02:00
pulsar89.5
3cfe5831f2 fix: Bad file permissions 2025-02-27 18:18:27 +01:00
pulsar89.5
745fd321ea feat: Switch to CoreOS 2025-02-27 15:18:25 +01:00
pulsar89.5
14e5cb0537 feat: Allow container auto update 2024-06-18 12:36:04 +02:00
pulsar89.5
56a9bd5fdc feat: Add options on container 2024-06-11 18:05:55 +02:00
pulsar89.5
4e1585446f fix: Ensure container starts at boot 2024-06-09 16:10:19 +02:00
pulsar89.5
1da27ec5a2 feat: Redémarrer le conteneur après son déploiement 2024-06-09 13:20:02 +02:00
pulsar89.5
55a54636b5 fix: Name of task in english to french 2024-06-08 03:25:17 +02:00
pulsar89.5
00c837ad55 fix: Add fix for pasta 2024-06-08 03:09:43 +02:00
pulsar89.5
b11570c069 refactor: Use alvistack repository 2024-06-08 02:38:36 +02:00
pulsar89.5
b9a6f018e0 fix: Reenable lingering 2024-06-06 02:39:39 +02:00
pulsar89.5
60737c9a5a feat: Use ansible module for podman 2024-06-06 02:16:51 +02:00
pulsar89.5
b5484b1c73 feat: Ready for Debian Bookworm 2024-06-04 17:16:08 +02:00
pulsar89.5
ba333bee03 feat: Use list of dict for environment 2024-06-03 18:57:50 +02:00
pulsar89.5
4b75fd6232 Revert "feat: Get latest podman from Sid release" 
This reverts commit 81b51cfcba.
 2024-06-03 18:57:13 +02:00
pulsar89.5
a3d7323849 Revert "feat: Ready for bookworm" 
This reverts commit 74b5b35238.
 2024-06-03 18:57:09 +02:00
pulsar89.5
74b5b35238 feat: Ready for bookworm 2024-06-03 18:29:30 +02:00
pulsar89.5
81b51cfcba feat: Get latest podman from Sid release 2024-06-03 18:15:19 +02:00
pulsar89.5
b1e2866635 feat: Allow to execute command in container 2024-05-06 15:08:54 +02:00
pulsar89.5
91e8739aed Merge pull request 'fix: Configure rsyslog' (#3) from rsyslogFix into master 
Reviewed-on: #3
 2024-04-18 19:49:53 +00:00
pulsar89.5
c800813c7b fix: Configure rsyslog 2024-04-18 21:43:59 +02:00
pulsar89.5
1dd6ac97b9 fix: Use list for unit extras 2024-03-25 19:28:21 +01:00
12 changed files with 213 additions and 193 deletions
Expand all files Collapse all files

114
README.md
View File

@@ -1,76 +1,66 @@
# role_podman
Rôle de déploiement de podman.
## Pré-requis
Ce rôle créer un utilisateur dédié via [cet autre rôle](https://gitea.ykn.fr/ansible/role_users) dont il est dépendant.
L'utilisation de ce rôle et de sa dépendance dans un playbook nécessite d'utilise ansible-galaxy en lui indiquant un fichier dont le contenu est le suivant :
```bash
$ cd playbook_podman
$ tee requirements.yml <<EOF
---
roles:
- name: users
scm: git
src: ssh://gitea@git.ykn.fr:12393/ansible/role_users.git
version: alpha
- name: podman
scm: git
src: ssh://gitea@git.ykn.fr:12393/ansible/role_podman.git
version: alpha
EOF
$ ansible-galaxy install -fr requirements.yml
```
Deploy podman, manage pods and containers.
## Variables
### podman_auto_update
Status of the automatic container update service.
<span style="text-decoration: underline">Default value:</span> `true
### podman_pods
List of dictionnaries to define pods ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_pod_module.html)).
<span style="text-decoration: underline">Default value:</span> none
### podman_containers
Définition des conteneurs à déployer.
List of dictionnaries to define containers ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_container_module.html#ansible-collections-containers-podman-podman-container-module)).
<span style="text-decoration: underline">Valeur par défaut:</span> *aucune*
<span style="text-decoration: underline">Default value:</span> none
## Utilisation
## Usage
Définir la variable `podman_containers` dans un fichier sous `host_vars` ou `group_vars` :
```bash
$ tee host_vars/lxd_podman_host.yml <<EOF
---
To deploy *wg-easy* container:
```yml
# BEGIN role_podman
podman_containers:
- image: docker.io/wallabag/wallabag:latest
name: wallbag
userns: keep-id
- image: "ghcr.io/wg-easy/wg-easy:latest"
name: wg-easy
publish:
- "51820:51820/udp"
- "51821:51821/tcp"
volumes:
- wallbag-data:/var/www/wallabag/data
- wallbag-image:/var/www/wallabag/web/assets/images
ports:
- 80:80/tcp
environment_vars:
- SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
```
Il est également possible de définir l'utilisateur via la variable `user`, comme ceci :
```bash
$ tee host_vars/lxd_podman_host.yml <<EOF
---
podman_containers:
- image: docker.io/wallabag/wallabag:latest
name: wallbag
user: un_utilisateur
userns: keep-id
volumes:
- wallbag-data:/var/www/wallabag/data
- wallbag-image:/var/www/wallabag/web/assets/images
ports:
- 80:80/tcp
environment_vars:
- SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
- "/srv/wg-easy:/etc/wireguard"
env:
LANG: fr
PORT: 51821
UI_CHART_TYPE: 2
PASSWORD_HASH: <secret>
WG_HOST: noun.ykn.fr
WG_PORT: 51820
WG_PERSISTENT_KEEPALIVE: 25
WG_DEFAULT_DNS: ""
WG_ALLOWED_IPS: 192.168.84.0/24
cap_add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE
sysctl:
net.ipv4.ip_forward: 1
net.ipv4.conf.all.src_valid_mark: 1
quadlet_options:
- AutoUpdate=registry
- |-
[Service]
Restart=on-failure
TimeoutStartSec=900
- |-
[Install]
WantedBy=default.target
# END role_podman
```

29
defaults/main.yml
View File

@@ -1,15 +1,22 @@
---
# defaults file for podman
# Packages to install to run podman
podman_packages:
- dbus-user-session
- passt
- podman
- systemd-container
- uidmap
# Dedicated user
podman_user: podman
# Enable container auto-update
podman_auto_update: true
# Define pods
podman_pods: []
# Define containers
podman_containers: []
# Exemple:
# - image: docker.io/wallabag/wallabag:latest
# name: wallbag
# userns: keep-id
# volumes:
# - wallbag-data:/var/www/wallabag/data
# - wallbag-image:/var/www/wallabag/web/assets/images
# ports:
# - 80:80/tcp
# environment_vars:
# - SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr

12
handlers/main.yml Normal file
View File

@@ -0,0 +1,12 @@
---
# handlers file for podman
- name: Set default permissions on volumes folders
ansible.builtin.file:
path: "{{ item.path }}"
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
become: true
loop: "{{ folders.results | selectattr('changed', 'equalto', true) }}"
loop_control:
label: "{{ item.path }}"

6
meta/main.yml
View File

@@ -1,15 +1,15 @@
galaxy_info:
namespace: ykn
author: pulsar89.5
description: Rôle de déploiement de podman
description: Deploy podman, manage pods and containers
license: GPL-3.0-or-later
min_ansible_version: '2.1'
platforms:
- name: Debian
- name: CoreOS
versions:
- sid
- 41
dependencies: []

48
tasks/configuration.yml
View File

@@ -1,48 +0,0 @@
---
# tasks file for podman
- name: Créer l'utilisateur dédié
ansible.builtin.include_role:
name: users
vars:
users:
- name: "{{ container_user }}"
comment: Dedicated Podman user ({{ container.name }})
update_password: on_create
password_lock: true
shell: /bin/bash
- name: Créer le chemin de stockage des définitions
ansible.builtin.file:
path: "{{ container_basepath }}"
state: directory
owner: "{{ container_user }}"
group: "{{ container_user }}"
mode: u=rwX,g=rwX,o=
become: true
- name: Déployer le conteneur
ansible.builtin.template:
src: podman-quadlet.container.j2
dest: "{{ container_basepath }}/{{ container_filename }}"
owner: "{{ container_user }}"
group: "{{ container_user }}"
mode: u=rw,g=rw,o=
become: true
register: deploy_container
- name: Activer le lingering
ansible.builtin.command:
cmd: "loginctl enable-linger {{ container_user }}"
creates: /var/lib/systemd/linger/{{ container_user }}
become: true
- name: Démarrer ou redémarrer le conteneur
ansible.builtin.systemd_service:
name: "{{ container_filename | replace('.container', '.service') }}"
state: "{{ 'restarted' if deploy_container.changed else 'started' }}"
enabled: true
daemon_reload: true
scope: user
become: true
become_user: "{{ container_user }}"

25
tasks/containers.yml Normal file
View File

@@ -0,0 +1,25 @@
---
# tasks file for podman
- name: Deploy containers
containers.podman.podman_container: "{{ container }}"
become: true
become_user: "{{ podman_user }}"
loop: "{{ podman_containers }}"
loop_control:
label: "{{ item.name }}"
register: deployed_containers
vars:
container: "{{ podman_containers_defaults | ansible.builtin.combine(item) }}"
- name: Start or restart containers
ansible.builtin.systemd_service:
name: "{{ item.item.name }}.service"
state: "{{ 'restarted' if item.changed else 'started' }}"
daemon_reload: true
scope: user
become: true
become_user: "{{ podman_user }}"
loop: "{{ deployed_containers.results }}"
loop_control:
label: "{{ item.item.name }}"

12
tasks/installation.yml
View File

@@ -1,13 +1,7 @@
---
# tasks file for podman
# tasks file for dnsmasq
- name: Installer les paquets
- name: Install podman
ansible.builtin.apt:
name:
- dbus-user-session
- podman
- rootlesskit
- slirp4netns
- systemd-container
state: present
name: "{{ podman_packages }}"
become: true

28
tasks/main.yml
View File

@@ -1,18 +1,18 @@
---
# tasks file for podman
- name: Importer les tâches d'installation
tags: installation
ansible.builtin.import_tasks: installation.yml
- name: Import installation tasks
ansible.builtin.import_tasks:
file: installation.yml
- name: Importer les tâches de configuration
tags: configuration
ansible.builtin.include_tasks: configuration.yml
loop: "{{ podman_containers }}"
loop_control:
label: "{{ container.name }}"
loop_var: container
vars:
container_user: "podman-{{ container.user | default(container.name) }}"
container_basepath: "/home/{{ container_user }}/.config/containers/systemd"
container_filename: "podman-{{ container.name }}.container"
- name: Import instance preparation tasks
ansible.builtin.import_tasks:
file: prepare.yml
- name: Import pods management tasks
ansible.builtin.import_tasks:
file: pods.yml
- name: Import containers management tasks
ansible.builtin.import_tasks:
file: containers.yml

25
tasks/pods.yml Normal file
View File

@@ -0,0 +1,25 @@
---
# tasks file for podman
- name: Deploy pods
containers.podman.podman_pod: "{{ pod }}"
become: true
become_user: "{{ podman_user }}"
loop: "{{ podman_pods }}"
loop_control:
label: "{{ item.name }}"
register: deployed_pods
vars:
pod: "{{ podman_pods_defaults | ansible.builtin.combine(item) }}"
- name: Start or restart pods
ansible.builtin.systemd_service:
name: "{{ item.item.name }}-pod.service"
state: "{{ 'restarted' if item.changed else 'started' }}"
daemon_reload: true
scope: user
become: true
become_user: "{{ podman_user }}"
loop: "{{ deployed_pods.results }}"
loop_control:
label: "{{ item.item.name }}"

49
tasks/prepare.yml Normal file
View File

@@ -0,0 +1,49 @@
---
# tasks file for podman
- name: Create dedicated group
ansible.builtin.group:
name: "{{ podman_user }}"
become: true
- name: Create dedicated user
ansible.builtin.user:
name: "{{ podman_user }}"
comment: Dedicated Podman user
password_lock: true
shell: /bin/bash
group: podman
become: true
- name: Disable global podman auto-update
ansible.builtin.systemd_service:
name: podman-auto-update.timer
enabled: false
become: true
- name: Enable containers auto-update service
ansible.builtin.command:
cmd: systemctl --user --machine={{ podman_user }}@ start podman-auto-update.timer
when: podman_auto_update
become: true
- name: Enable lingering for podman user
ansible.builtin.command:
cmd: loginctl enable-linger {{ podman_user }}
creates: /var/lib/systemd/linger/podman
become: true
- name: Create subvolumes paths
ansible.builtin.file:
path: "{{ item.1 | split(':') | first }}"
state: directory
mode: u=rwX,g=rX,o=rX
become: true
loop: "{{ q('ansible.builtin.subelements', podman_containers, 'volumes', {'skip_missing': True}) }}"
loop_control:
label: "{{ item.0.name }}"
register: folders
notify: Set default permissions on volumes folders
- name: Execute handlers
ansible.builtin.meta: flush_handlers

46
templates/podman-quadlet.container.j2
View File

@@ -1,46 +0,0 @@
# {{ ansible_managed }}
[Unit]
Description=Podman container: {{ container.name }}
{% for option, value in container.get('unit_extras', {}).items() %}
{{ option }}={{ value }}
{% endfor %}
[Container]
HostName={{ inventory_hostname }}
Image={{ container.image }}
ContainerName={{ container.name }}
{% if container.get('userns', '') | length > 0 %}
UserNS={{ container.userns }}
{% endif %}
AutoUpdate=registry
{% for volume in container.get('volumes', []) %}
Volume={{ volume }}
{% endfor %}
{% for mount in container.get('mounts', []) %}
{% if mount.get('options', []) | length > 0 %}
Mount=type={{ mount.type }},src={{ mount.source }},dst={{ mount.destination }},{{ mount.options | join(',') }}
{% else %}
Mount=type={{ mount.type }},src={{ mount.source }},dst={{ mount.destination }}
{% endif %}
{% endfor %}
{% for port in container.get('ports', []) %}
PublishPort={{ port }}
{% endfor %}
{% for environment in container.get('environment_vars', []) %}
Environment={{ environment }}
{% endfor %}
[Service]
Restart=on-failure
TimeoutStartSec=900
[Install]
WantedBy=default.target

12
vars/main.yml Normal file
View File

@@ -0,0 +1,12 @@
---
podman_pods_defaults: []
podman_containers_defaults:
state: quadlet
recreate: true
quadlet_options:
- "AutoUpdate=registry"
- |
[Install]
WantedBy=default.target