You've already forked role_podman
Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 3a55ec0a21 |
@@ -3,20 +3,20 @@
|
||||
|
||||
# Packages to install to run podman
|
||||
podman_packages:
|
||||
- dbus-user-session
|
||||
- passt
|
||||
- podman
|
||||
- systemd-container
|
||||
- uidmap
|
||||
- policycoreutils-python-utils # to manage SELinux
|
||||
|
||||
# Dedicated user
|
||||
podman_user: podman
|
||||
podman_user_homedir: /home/{{ podman_user }}
|
||||
|
||||
# Enable container auto-update
|
||||
podman_auto_update: true
|
||||
|
||||
# Define pods
|
||||
podman_pods: []
|
||||
|
||||
# Define containers
|
||||
podman_containers: []
|
||||
# List of quadlets to deploy
|
||||
podman_quadlets: []
|
||||
# Example:
|
||||
# podman_quadlets:
|
||||
# - uptime-kuma.network
|
||||
# - uptime-kuma.container
|
||||
# - signal-cli-rest-api.container
|
||||
|
||||
@@ -1,12 +1,22 @@
|
||||
---
|
||||
# handlers file for podman
|
||||
|
||||
- name: Set default permissions on volumes folders
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
owner: "{{ podman_user }}"
|
||||
group: "{{ podman_user }}"
|
||||
- name: Start or restart quadlets
|
||||
ansible.builtin.systemd_service:
|
||||
name: "{{ unit }}"
|
||||
state: "{{ 'restarted' if item.changed else 'started' }}"
|
||||
daemon_reload: true
|
||||
enabled: true
|
||||
scope: user
|
||||
become: true
|
||||
loop: "{{ folders.results | selectattr('changed', 'equalto', true) }}"
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ deployed_quadlets.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.path }}"
|
||||
label: "{{ unit }}"
|
||||
vars:
|
||||
unit: >-
|
||||
{{
|
||||
item.item | ansible.builtin.basename |
|
||||
ansible.builtin.regex_replace('\.container$', '.service') |
|
||||
ansible.builtin.regex_replace('\.network$', '-network.service')
|
||||
}}
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
galaxy_info:
|
||||
namespace: ykn
|
||||
author: pulsar89.5
|
||||
description: Deploy podman, manage pods and containers
|
||||
description: Deploy podman quadlets
|
||||
|
||||
license: GPL-3.0-or-later
|
||||
|
||||
min_ansible_version: '2.1'
|
||||
|
||||
platforms:
|
||||
- name: CoreOS
|
||||
- name: Fedora
|
||||
versions:
|
||||
- 41
|
||||
- "43"
|
||||
|
||||
dependencies: []
|
||||
|
||||
42
tasks/config.yml
Normal file
42
tasks/config.yml
Normal file
@@ -0,0 +1,42 @@
|
||||
---
|
||||
# tasks file for podman
|
||||
|
||||
- name: Disable global podman auto-update
|
||||
ansible.builtin.systemd_service:
|
||||
name: podman-auto-update.timer
|
||||
enabled: false
|
||||
become: true
|
||||
|
||||
- name: Enable lingering for podman user
|
||||
ansible.builtin.command:
|
||||
cmd: loginctl enable-linger {{ podman_user }}
|
||||
creates: /var/lib/systemd/linger/podman
|
||||
become: true
|
||||
|
||||
- name: Enable containers auto-update service
|
||||
ansible.builtin.systemd_service:
|
||||
name: podman-auto-update.timer
|
||||
state: started
|
||||
daemon_reload: true
|
||||
scope: user
|
||||
when: podman_auto_update
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
|
||||
- name: Create podman user directory tree
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
owner: "{{ podman_user }}"
|
||||
group: "{{ podman_user }}"
|
||||
mode: "{{ item.mode }}"
|
||||
state: directory
|
||||
become: true
|
||||
loop:
|
||||
- path: "{{ podman_user_homedir }}/.config"
|
||||
mode: u=rwX,g=,o=
|
||||
- path: "{{ podman_user_homedir }}/.config/containers"
|
||||
mode: u=rwX,g=rX,o=rX
|
||||
- path: "{{ podman_user_homedir }}/.config/containers/systemd"
|
||||
mode: u=rwX,g=rX,o=rX
|
||||
loop_control:
|
||||
label: "{{ item.path }}"
|
||||
@@ -1,25 +0,0 @@
|
||||
---
|
||||
# tasks file for podman
|
||||
|
||||
- name: Deploy containers
|
||||
containers.podman.podman_container: "{{ container }}"
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ podman_containers }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
register: deployed_containers
|
||||
vars:
|
||||
container: "{{ podman_containers_defaults | ansible.builtin.combine(item) }}"
|
||||
|
||||
- name: Start or restart containers
|
||||
ansible.builtin.systemd_service:
|
||||
name: "{{ item.item.name }}.service"
|
||||
state: "{{ 'restarted' if item.changed else 'started' }}"
|
||||
daemon_reload: true
|
||||
scope: user
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ deployed_containers.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.item.name }}"
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
# tasks file for dnsmasq
|
||||
|
||||
- name: Install podman
|
||||
ansible.builtin.apt:
|
||||
name: "{{ podman_packages }}"
|
||||
become: true
|
||||
@@ -1,22 +1,17 @@
|
||||
---
|
||||
# tasks file for podman
|
||||
|
||||
- name: Import installation tasks
|
||||
ansible.builtin.import_tasks:
|
||||
file: installation.yml
|
||||
|
||||
- name: Import instance preparation tasks
|
||||
- name: Import prepare tasks
|
||||
ansible.builtin.import_tasks:
|
||||
file: prepare.yml
|
||||
|
||||
- name: Import networks management tasks
|
||||
- name: Import configuration tasks
|
||||
ansible.builtin.import_tasks:
|
||||
file: networks.yml
|
||||
file: config.yml
|
||||
|
||||
- name: Import pods management tasks
|
||||
- name: Import management tasks
|
||||
ansible.builtin.import_tasks:
|
||||
file: pods.yml
|
||||
file: manage.yml
|
||||
|
||||
- name: Import containers management tasks
|
||||
ansible.builtin.import_tasks:
|
||||
file: containers.yml
|
||||
- name: Flush handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
||||
58
tasks/manage.yml
Normal file
58
tasks/manage.yml
Normal file
@@ -0,0 +1,58 @@
|
||||
---
|
||||
# tasks file for podman
|
||||
|
||||
- name: List current quadlets
|
||||
ansible.builtin.find:
|
||||
paths: "{{ podman_user_homedir }}/.config/containers/systemd"
|
||||
become: true
|
||||
register: current_quadlets
|
||||
|
||||
- name: Extract list of undefined quadlets
|
||||
ansible.builtin.set_fact:
|
||||
podman_quadlets_undefined: >-
|
||||
{{
|
||||
current_quadlets.files |
|
||||
map(attribute='path') |
|
||||
map('ansible.builtin.basename') |
|
||||
ansible.builtin.difference(podman_qualets_filenames)
|
||||
}}
|
||||
vars:
|
||||
podman_qualets_filenames: "{{ podman_quadlets | map('ansible.builtin.basename') }}"
|
||||
|
||||
- name: Stop unwanted quadlets
|
||||
ansible.builtin.systemd_service:
|
||||
name: "{{ unit }}"
|
||||
state: stopped
|
||||
daemon_reload: true
|
||||
scope: user
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ podman_quadlets_undefined }}"
|
||||
loop_control:
|
||||
label: "{{ unit }}"
|
||||
vars:
|
||||
unit: >-
|
||||
{{
|
||||
item | ansible.builtin.basename |
|
||||
ansible.builtin.regex_replace('\.container$', '.service') |
|
||||
ansible.builtin.regex_replace('\.network$', '-network.service')
|
||||
}}
|
||||
|
||||
- name: Remove undefined quadlets
|
||||
ansible.builtin.file:
|
||||
path: "{{ podman_user_homedir }}/.config/containers/systemd/{{ item }}"
|
||||
state: absent
|
||||
become: true
|
||||
loop: "{{ podman_quadlets_undefined }}"
|
||||
|
||||
- name: Deploy quadlets
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "{{ podman_user_homedir }}/.config/containers/systemd/{{ item | ansible.builtin.basename }}"
|
||||
owner: "{{ podman_user }}"
|
||||
group: "{{ podman_user }}"
|
||||
mode: u=rw,g=r,o=
|
||||
become: true
|
||||
loop: "{{ podman_quadlets }}"
|
||||
register: deployed_quadlets
|
||||
notify: Start or restart quadlets
|
||||
@@ -1,25 +0,0 @@
|
||||
---
|
||||
# tasks file for podman
|
||||
|
||||
- name: Deploy networks
|
||||
containers.podman.podman_network: "{{ network }}"
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ podman_networks }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
register: deployed_networks
|
||||
vars:
|
||||
network: "{{ podman_networks_defaults | ansible.builtin.combine(item) }}"
|
||||
|
||||
- name: Start or restart networks
|
||||
ansible.builtin.systemd_service:
|
||||
name: "{{ item.item.name }}-network.service"
|
||||
state: "{{ 'restarted' if item.changed else 'started' }}"
|
||||
daemon_reload: true
|
||||
scope: user
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ deployed_networks.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.item.name }}"
|
||||
@@ -1,25 +0,0 @@
|
||||
---
|
||||
# tasks file for podman
|
||||
|
||||
- name: Deploy pods
|
||||
containers.podman.podman_pod: "{{ pod }}"
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ podman_pods }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
register: deployed_pods
|
||||
vars:
|
||||
pod: "{{ podman_pods_defaults | ansible.builtin.combine(item) }}"
|
||||
|
||||
- name: Start or restart pods
|
||||
ansible.builtin.systemd_service:
|
||||
name: "{{ item.item.name }}-pod.service"
|
||||
state: "{{ 'restarted' if item.changed else 'started' }}"
|
||||
daemon_reload: true
|
||||
scope: user
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ deployed_pods.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.item.name }}"
|
||||
@@ -1,6 +1,11 @@
|
||||
---
|
||||
# tasks file for podman
|
||||
|
||||
- name: Install packages
|
||||
ansible.builtin.dnf:
|
||||
name: "{{ podman_packages }}"
|
||||
become: true
|
||||
|
||||
- name: Create dedicated group
|
||||
ansible.builtin.group:
|
||||
name: "{{ podman_user }}"
|
||||
@@ -10,40 +15,8 @@
|
||||
ansible.builtin.user:
|
||||
name: "{{ podman_user }}"
|
||||
comment: Dedicated Podman user
|
||||
home: "{{ podman_user_homedir }}"
|
||||
password_lock: true
|
||||
shell: /bin/bash
|
||||
group: podman
|
||||
become: true
|
||||
|
||||
- name: Disable global podman auto-update
|
||||
ansible.builtin.systemd_service:
|
||||
name: podman-auto-update.timer
|
||||
enabled: false
|
||||
become: true
|
||||
|
||||
- name: Enable containers auto-update service
|
||||
ansible.builtin.command:
|
||||
cmd: systemctl --user --machine={{ podman_user }}@ start podman-auto-update.timer
|
||||
when: podman_auto_update
|
||||
become: true
|
||||
|
||||
- name: Enable lingering for podman user
|
||||
ansible.builtin.command:
|
||||
cmd: loginctl enable-linger {{ podman_user }}
|
||||
creates: /var/lib/systemd/linger/podman
|
||||
become: true
|
||||
|
||||
- name: Create subvolumes paths
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.1 | split(':') | first }}"
|
||||
state: directory
|
||||
mode: u=rwX,g=rX,o=rX
|
||||
become: true
|
||||
loop: "{{ q('ansible.builtin.subelements', podman_containers, 'volumes', {'skip_missing': True}) }}"
|
||||
loop_control:
|
||||
label: "{{ item.0.name }}"
|
||||
register: folders
|
||||
notify: Set default permissions on volumes folders
|
||||
|
||||
- name: Execute handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
||||
@@ -1,16 +1,10 @@
|
||||
---
|
||||
|
||||
podman_pods_defaults: []
|
||||
|
||||
podman_networks_defaults:
|
||||
state: quadlet
|
||||
recreate: true
|
||||
|
||||
podman_containers_defaults:
|
||||
state: quadlet
|
||||
recreate: true
|
||||
quadlet_options:
|
||||
- "AutoUpdate=registry"
|
||||
- |
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
# Convert quadlets filename to systemd units
|
||||
podman_units: >
|
||||
{{
|
||||
podman_quadlets |
|
||||
map('regex_replace', '\\.container$', '.service') |
|
||||
map('regex_replace', '\\.network$', '-network.service') |
|
||||
list
|
||||
}}
|
||||
|
||||
Reference in New Issue
Block a user