README.md

@@ -1,3 +1,34 @@
-# role_modele
+# role_podman
 
-Modèle
+Rôle de déploiement de podman.
+
+## Pré-requis
+
+Ce rôle créer un utilisateur à l'aide de ce rôle qu'il faut donc installé lors de l'exécution d'un playbook.<br>
+Afin d'installer les deux rôles dans un playbook :
+
+```bash
+$ cd playbook_podman
+$ tee <<EOF
+---
+
+- name: users
+  scm: git
+  src: ssh://gitea@git.ykn.fr:12393/ansible/role_users.git
+  version: alpha
+
+- name: podman
+  scm: git
+  src: ssh://gitea@git.ykn.fr:12393/ansible/role_podman.git
+  version: alpha
+EOF
+$ ansible-galaxy install -fr requirements_roles.yml 
+```
+
+## Variables
+
+### podman_containers
+
+Définition des conteneurs à déployer.
+
+<span style="text-decoration: underline">Valeur par défaut:</span> aucune

defaults/main.yml

@@ -0,0 +1,15 @@
+---
+# defaults file for podman
+
+podman_containers: {}
+# Exemple:
+#  - image: docker.io/wallabag/wallabag:latest
+#    name: wallbag
+#    userns: keep-id
+#    volumes:
+#      - wallbag-data:/var/www/wallabag/data
+#      - wallbag-image:/var/www/wallabag/web/assets/images
+#    ports:
+#      - 80:80/tcp
+#    environment_vars:
+#      - SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr

meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
   namespace: ykn
   author: pulsar89.5
-  description: Rôle modèle
+  description: Rôle de déploiement de podman
 
   license: GPL-3.0-or-later
 
@@ -10,6 +10,6 @@ galaxy_info:
   platforms:
     - name: Debian
       versions:
-        - all
+        - sid
 
 dependencies: []

tasks/configuration.yml

@@ -0,0 +1,55 @@
+---
+# tasks file for podman
+
+- name: Créer l'utilisateur dédié
+  ansible.builtin.include_role:
+    name: users
+  vars:
+    users:
+      - name: "{{ container_user }}"
+        comment: Dedicated Podman user ({{ container.name }})
+        update_password: on_create
+        password_lock: true
+        shell: /bin/bash
+
+- name: Créer le chemin de stockage des définitions
+  ansible.builtin.file:
+    path: "{{ container_basepath }}"
+    state: directory
+    owner: "{{ container_user }}"
+    group: "{{ container_user }}"
+    mode: u=rwX,g=rwX,o=
+  become: true
+
+- name: Créer le volume
+  containers.podman.podman_volume:
+    name: "{{ item.split(':')[0] }}"
+  when: container.volumes | length > 0
+  loop: "{{ container.volumes }}"
+  notify: Redémarrer le conteneur
+
+- name: Déployer le conteneur
+  ansible.builtin.template:
+    src: podman-quadlet.container.j2 
+    dest: "{{ container_basepath }}/{{ container_filename }}"
+    owner: "{{ container_user }}"
+    group: "{{ container_user }}"
+    mode: u=rw,g=rw,o=
+  become: true
+  register: deploy_container
+
+- name: Activer le lingering
+  ansible.builtin.command:
+   cmd: "loginctl enable-linger {{ container_user }}"
+   creates: /var/lib/systemd/linger/{{ container_user }}
+  become: true
+
+- name: Démarrer ou redémarrer le conteneur
+  ansible.builtin.systemd_service:
+    name: "{{ container_filename | replace('.container', '.service') }}"
+    state: "{{ 'restarted' if deploy_container.changed else 'started' }}"
+    enabled: true
+    daemon_reload: true
+    scope: user
+  become: true
+  become_user: "{{ container_user }}"

tasks/installation.yml

@@ -0,0 +1,13 @@
+---
+# tasks file for podman
+
+- name: Installer les paquets
+  ansible.builtin.apt:
+    name:
+      - dbus-user-session
+      - podman
+      - rootlesskit
+      - slirp4netns
+      - systemd-container
+    state: present
+  become: true

tasks/main.yml

@@ -0,0 +1,18 @@
+---
+# tasks file for podman
+
+- name: Importer les tâches d'installation
+  tags: installation
+  ansible.builtin.import_tasks: installation.yml
+
+- name: Importer les tâches de configuration
+  tags: configuration
+  ansible.builtin.include_tasks: configuration.yml
+  loop: "{{ podman_containers }}"
+  loop_control:
+    label: "{{ container.name }}"
+    loop_var: container
+  vars:
+    container_user: "podman-{{ container.user | default(container.name) }}"
+    container_basepath: "/home/{{ container_user }}/.config/containers/systemd"
+    container_filename: "podman-{{ container.name }}.container"

templates/podman-quadlet.container.j2

@@ -0,0 +1,35 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=Wallbag container
+
+[Container]
+HostName={{ inventory_hostname }}
+
+Image={{ container.image }}
+ContainerName={{ container.name }}
+
+{% if container.get('userns', '') | length > 0 %}
+UserNS={{ container.userns }}
+{% endif %}
+
+AutoUpdate=registry
+
+{% for volume in container.get('volumes', []) %}
+Volume={{ volume }}
+{% endfor %}
+
+{% for port in container.get('ports', []) %}
+PublishPort={{ port }}
+{% endfor %}
+
+{% for environment in container.get('environment_vars', []) %}
+Environment={{ environment }}
+{% endfor %}
+
+[Service]
+Restart=on-failure
+TimeoutStartSec=900
+
+[Install]
+WantedBy=default.target