Compare commits
1 Commits
Author | SHA1 | Date | |
---|---|---|---|
157aeff3df |
133
README.md
133
README.md
@ -1,82 +1,89 @@
|
||||
# role_podman
|
||||
|
||||
Rôle de déploiement de podman.
|
||||
Install podman and manage pods and containers.
|
||||
|
||||
## Pré-requis
|
||||
## Pre-requisite
|
||||
|
||||
Ce rôle créer un utilisateur dédié via [cet autre rôle](https://gitea.ykn.fr/ansible/role_users) dont il est dépendant.
|
||||
L'utilisation de ce rôle et de sa dépendance dans un playbook nécessite d'utilise ansible-galaxy en lui indiquant un fichier dont le contenu est le suivant :
|
||||
|
||||
```bash
|
||||
$ cd playbook_podman
|
||||
$ tee requirements.yml <<EOF
|
||||
---
|
||||
|
||||
roles:
|
||||
- name: users
|
||||
scm: git
|
||||
src: ssh://gitea@git.ykn.fr:12393/ansible/role_users.git
|
||||
version: alpha
|
||||
|
||||
- name: podman
|
||||
scm: git
|
||||
src: ssh://gitea@git.ykn.fr:12393/ansible/role_podman.git
|
||||
version: alpha
|
||||
EOF
|
||||
$ ansible-galaxy install -fr requirements.yml
|
||||
```
|
||||
The podman user (`podman_user`) must be created before executing this role.
|
||||
|
||||
## Variables
|
||||
|
||||
### podman_packages
|
||||
|
||||
List of packages to install in order to use podman.
|
||||
|
||||
<span style="text-decoration: underline">Default value:</span> `["catatonit", "dbus-user-session", "passt", "podman", "podman-docker", "uidmap", "systemd-container"]`
|
||||
|
||||
### podman_fix_pasta
|
||||
|
||||
On bookworm, we need to fix pasta to use podman ([see here](https://github.com/containers/buildah/issues/5440#issuecomment-2028911573)).
|
||||
|
||||
<span style="text-decoration: underline">Default value:</span> `false`
|
||||
|
||||
### podman_user
|
||||
|
||||
Users with container configuration.
|
||||
|
||||
<span style="text-decoration: underline">Default value:</span> `podman`
|
||||
|
||||
### podman_configure_rsyslog
|
||||
|
||||
Désactive les messages du programme *podman* et des programmes dans les conteneurs si ils portent le nom du conteneur.
|
||||
Status of messages from the *podman* binary and from binaries in containers if they're equalto the container name.
|
||||
|
||||
<span style="text-decoration: underline">Valeur par défaut:</span> `true` (activé, `false` pour désactiver)
|
||||
<span style="text-decoration: underline">Default value:</span> `true`
|
||||
|
||||
### podman_ssh_host
|
||||
|
||||
Host to be tested for instance availability.
|
||||
|
||||
<span style="text-decoration: underline">Default value:</span> `{{ inventory_hostname }}`
|
||||
|
||||
### podman_ssh_port
|
||||
|
||||
Port to be tested for instance availability.
|
||||
|
||||
<span style="text-decoration: underline">Default value:</span> `22`
|
||||
|
||||
### podman_auto_update
|
||||
|
||||
Status of the automatic container update service.
|
||||
|
||||
<span style="text-decoration: underline">Default value:</span> `true`
|
||||
|
||||
### podman_pods
|
||||
|
||||
List of dictionnaries to define pods ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_pod_module.html)).
|
||||
|
||||
<span style="text-decoration: underline">Default value:</span> none
|
||||
|
||||
### podman_containers
|
||||
|
||||
Définition des conteneurs à déployer.
|
||||
List of dictionnaries to define containers ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_container_module.html#ansible-collections-containers-podman-podman-container-module)).
|
||||
|
||||
<span style="text-decoration: underline">Valeur par défaut:</span> *aucune*
|
||||
<span style="text-decoration: underline">Default value:</span> none
|
||||
|
||||
## Utilisation
|
||||
## Extras
|
||||
|
||||
Définir la variable `podman_containers` dans un fichier sous `host_vars` ou `group_vars` :
|
||||
It's possible to use this role with the alvistack repository by setting the variables to the following values:
|
||||
|
||||
```bash
|
||||
$ tee host_vars/lxd_podman_host.yml <<EOF
|
||||
---
|
||||
```yaml
|
||||
# BEGIN role_podman
|
||||
podman_packages:
|
||||
- catatonit
|
||||
- dbus-user-session
|
||||
- containernetworking-dnsname
|
||||
- containernetworking-plugins
|
||||
- containernetworking-podman-machine
|
||||
- passt
|
||||
- podman
|
||||
- podman-aardvark-dns
|
||||
- podman-docker
|
||||
- podman-gvproxy
|
||||
- podman-netavark
|
||||
- python3-podman-compose
|
||||
- uidmap
|
||||
- systemd-container
|
||||
|
||||
podman_containers:
|
||||
- image: docker.io/wallabag/wallabag:latest
|
||||
name: wallbag
|
||||
userns: keep-id
|
||||
volumes:
|
||||
- wallbag-data:/var/www/wallabag/data
|
||||
- wallbag-image:/var/www/wallabag/web/assets/images
|
||||
ports:
|
||||
- 80:80/tcp
|
||||
environment_vars:
|
||||
- SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
|
||||
```
|
||||
|
||||
Il est également possible de définir l'utilisateur via la variable `user`, comme ceci :
|
||||
|
||||
```bash
|
||||
$ tee host_vars/lxd_podman_host.yml <<EOF
|
||||
---
|
||||
|
||||
podman_containers:
|
||||
- image: docker.io/wallabag/wallabag:latest
|
||||
name: wallbag
|
||||
user: un_utilisateur
|
||||
userns: keep-id
|
||||
volumes:
|
||||
- wallbag-data:/var/www/wallabag/data
|
||||
- wallbag-image:/var/www/wallabag/web/assets/images
|
||||
ports:
|
||||
- 80:80/tcp
|
||||
environment_vars:
|
||||
- SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
|
||||
podman_fix_pasta: true
|
||||
# END role_podman
|
||||
```
|
||||
|
@ -1,25 +1,24 @@
|
||||
---
|
||||
# defaults file for podman
|
||||
|
||||
podman_packages:
|
||||
- catatonit
|
||||
- dbus-user-session
|
||||
- passt
|
||||
- podman
|
||||
- podman-docker
|
||||
- uidmap
|
||||
- systemd-container
|
||||
podman_fix_pasta: false
|
||||
|
||||
podman_user: podman
|
||||
|
||||
podman_configure_rsyslog: true
|
||||
podman_fix_pasta: true
|
||||
|
||||
podman_ssh_host: "{{ inventory_hostname }}"
|
||||
podman_ssh_port: 22
|
||||
|
||||
podman_auto_update: true
|
||||
|
||||
podman_pods: []
|
||||
podman_containers: []
|
||||
# Exemple:
|
||||
# - image: docker.io/wallabag/wallabag:latest
|
||||
# name: wallbag
|
||||
# userns: keep-id
|
||||
# commands:
|
||||
# - echo toto
|
||||
# volumes:
|
||||
# - wallbag-data:/var/www/wallabag/data
|
||||
# - wallbag-image:/var/www/wallabag/web/assets/images
|
||||
# ports:
|
||||
# - 80:80/tcp
|
||||
# environment_vars:
|
||||
# - SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
|
||||
|
@ -1,21 +1,34 @@
|
||||
---
|
||||
# handlers file for exim4
|
||||
|
||||
- name: Set default permissions on volumes folders
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
owner: "{{ podman_user }}"
|
||||
group: "{{ podman_user }}"
|
||||
become: true
|
||||
loop: "{{ folders.results | selectattr('changed', 'equalto', true) }}"
|
||||
loop_control:
|
||||
label: "{{ item.path }}"
|
||||
|
||||
# source: https://github.com/containers/buildah/issues/5440#issuecomment-2028911573
|
||||
- name: Corriger le problème passt VS pasta
|
||||
- name: Fix passt VS pasta
|
||||
ansible.builtin.file:
|
||||
state: hard
|
||||
force: true
|
||||
src: /usr/bin/passt
|
||||
dest: /usr/bin/pasta
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
force: true
|
||||
when: podman_fix_pasta
|
||||
become: true
|
||||
|
||||
- name: Redémarrer l'instance
|
||||
- name: Restart instance
|
||||
ansible.builtin.reboot:
|
||||
become: true
|
||||
|
||||
- name: Attendre que le port SSH soit ouvert
|
||||
- name: Wait SSH is ready
|
||||
ansible.builtin.wait_for:
|
||||
host: "{{ podman_ssh_host }}"
|
||||
port: "{{ podman_ssh_port }}"
|
||||
@ -25,7 +38,7 @@
|
||||
sleep: 10
|
||||
delegate_to: 127.0.0.1
|
||||
|
||||
- name: Redémarrer rsyslog.service
|
||||
- name: Restart rsyslog.service
|
||||
ansible.builtin.systemd:
|
||||
state: restarted
|
||||
name: rsyslog.service
|
||||
|
2
meta/.galaxy_install_info
Normal file
2
meta/.galaxy_install_info
Normal file
@ -0,0 +1,2 @@
|
||||
install_date: lun. 21 oct. 2024 11:22:51
|
||||
version: master
|
@ -10,6 +10,6 @@ galaxy_info:
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- bookworm
|
||||
- sid
|
||||
|
||||
dependencies: []
|
||||
|
@ -1,72 +1,74 @@
|
||||
---
|
||||
# tasks file for podman
|
||||
|
||||
- name: Activer le lingering
|
||||
- name: Enable lingering for podman user
|
||||
ansible.builtin.command:
|
||||
cmd: "loginctl enable-linger {{ container_user }}"
|
||||
creates: /var/lib/systemd/linger/{{ container_user }}
|
||||
cmd: "loginctl enable-linger {{ podman_user }}"
|
||||
creates: /var/lib/systemd/linger/podman
|
||||
become: true
|
||||
loop: "{{ podman_containers }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
vars:
|
||||
container_user: "podman-{{ item.user | default(item.name) }}"
|
||||
|
||||
- name: Créer les dossiers des volumes
|
||||
- name: Create subvolumes paths
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.1 | split(':') | first }}"
|
||||
state: directory
|
||||
owner: "{{ container_user }}"
|
||||
group: "{{ container_user }}"
|
||||
mode: u=rwX,g=rX,o=rX
|
||||
become: true
|
||||
loop: "{{ q('ansible.builtin.subelements', podman_containers, 'volumes', {'skip_missing': True}) }}"
|
||||
loop_control:
|
||||
label: "{{ item.0.name }}"
|
||||
vars:
|
||||
container_user: "podman-{{ item.0.user | default(item.0.name) }}"
|
||||
register: folders
|
||||
notify: Set default permissions on volumes folders
|
||||
|
||||
- name: Déployer les conteneurs
|
||||
containers.podman.podman_container:
|
||||
hostname: "{{ item.hostname | default(inventory_hostname) }}"
|
||||
name: "{{ item.name }}"
|
||||
image: "{{ item.image }}"
|
||||
state: quadlet
|
||||
device: "{{ item.device | default(omit) }}"
|
||||
ports: "{{ item.ports | default(omit) }}"
|
||||
volumes: "{{ item.volumes | default(omit) }}"
|
||||
userns: "{{ item.userns | default(omit) }}"
|
||||
mount: "{{ item.mount | default(omit) }}"
|
||||
publish: "{{ item.publish | default(omit) }}"
|
||||
env: "{{ item.env | default(omit) }}"
|
||||
quadlet_options: "{{ item.quadlet_options | default(omit) }}"
|
||||
sysctl: "{{ item.sysctl | default(omit) }}"
|
||||
cap_add: "{{ item.cap_add | default(omit) }}"
|
||||
recreate: true
|
||||
- name: Exécuter les handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
||||
- name: Deploy pods
|
||||
containers.podman.podman_pod: "{{ pod }}"
|
||||
become: true
|
||||
become_user: "{{ container_user }}"
|
||||
register: deploy_container
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ podman_pods }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
register: deployed_pods
|
||||
vars:
|
||||
pod: "{{ podman_pods_defaults | ansible.builtin.combine(item) }}"
|
||||
|
||||
- name: Start or restart pods
|
||||
ansible.builtin.systemd_service:
|
||||
name: "{{ item.item.name }}-pod.service"
|
||||
state: "{{ 'restarted' if item.changed else 'started' }}"
|
||||
daemon_reload: true
|
||||
scope: user
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ deployed_pods.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.item.name }}"
|
||||
|
||||
- name: Deploy containers
|
||||
containers.podman.podman_container: "{{ container }}"
|
||||
become: true
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ podman_containers }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
register: deployed_containers
|
||||
vars:
|
||||
container_user: "podman-{{ item.user | default(item.name) }}"
|
||||
container: "{{ podman_containers_defaults | ansible.builtin.combine(item) }}"
|
||||
|
||||
- name: Démarrer ou redémarrer le conteneur
|
||||
- name: Start or restart containers
|
||||
ansible.builtin.systemd_service:
|
||||
name: "{{ item.item.name }}.service"
|
||||
state: "{{ 'restarted' if item.changed else 'started' }}"
|
||||
daemon_reload: true
|
||||
scope: user
|
||||
become: true
|
||||
become_user: "{{ container_user }}"
|
||||
loop: "{{ deploy_container.results }}"
|
||||
become_user: "{{ podman_user }}"
|
||||
loop: "{{ deployed_containers.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.item.name }}"
|
||||
vars:
|
||||
container_user: "podman-{{ item.item.user | default(item.item.name) }}"
|
||||
|
||||
- name: Activer le service de mise à jour automatique
|
||||
- name: Enable containers auto-update service
|
||||
ansible.builtin.systemd_service:
|
||||
name: podman-auto-update.timer
|
||||
daemon_reload: true
|
||||
@ -74,9 +76,4 @@
|
||||
scope: user
|
||||
when: podman_auto_update
|
||||
become: true
|
||||
become_user: "{{ container_user }}"
|
||||
loop: "{{ deploy_container.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.item.name }}"
|
||||
vars:
|
||||
container_user: "podman-{{ item.item.user | default(item.item.name) }}"
|
||||
become_user: "{{ podman_user }}"
|
||||
|
@ -3,28 +3,14 @@
|
||||
|
||||
- name: Installer les paquets
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- dbus-user-session
|
||||
- containernetworking-dnsname
|
||||
- containernetworking-plugins
|
||||
- containernetworking-podman-machine
|
||||
- dbus-user-session
|
||||
- passt
|
||||
- podman
|
||||
- podman-aardvark-dns
|
||||
- podman-docker
|
||||
- podman-gvproxy
|
||||
- podman-netavark
|
||||
- python3-podman-compose
|
||||
- uidmap
|
||||
- systemd-container
|
||||
name: "{{ podman_packages }}"
|
||||
install_recommends: true
|
||||
state: present
|
||||
become: true
|
||||
notify:
|
||||
- Corriger le problème passt VS pasta
|
||||
- Redémarrer l'instance
|
||||
- Attendre que le port SSH soit ouvert
|
||||
- Fix passt VS pasta
|
||||
- Restart instance
|
||||
- Wait SSH is ready
|
||||
|
||||
- name: Exécuter les handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
@ -38,7 +24,7 @@
|
||||
mode: u=rw,g=r,o=r
|
||||
when: podman_configure_rsyslog
|
||||
become: true
|
||||
notify: Redémarrer rsyslog.service
|
||||
notify: Restart rsyslog.service
|
||||
|
||||
- name: Désactiver le service de mise à jour automatique pour root
|
||||
ansible.builtin.systemd_service:
|
||||
|
@ -1,10 +1,10 @@
|
||||
---
|
||||
# tasks file for podman
|
||||
|
||||
- name: Importer les tâches d'installation
|
||||
- name: Import installation tasks
|
||||
ansible.builtin.import_tasks:
|
||||
file: installation.yml
|
||||
|
||||
- name: Importer les tâches de configuration
|
||||
- name: Import configuration tasks
|
||||
ansible.builtin.import_tasks:
|
||||
file: configuration.yml
|
||||
|
12
vars/main.yml
Normal file
12
vars/main.yml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
|
||||
podman_pods_defaults: []
|
||||
|
||||
podman_containers_defaults:
|
||||
state: quadlet
|
||||
recreate: true
|
||||
quadlet_options:
|
||||
- "AutoUpdate=registry"
|
||||
- |
|
||||
[Install]
|
||||
WantedBy=default.target
|
Loading…
Reference in New Issue
Block a user