ansible/role_podman
1
0
Fork 0
Code Pull Requests 1 Releases Activity

refacto: Rewriting for Debian Sid #4

Open
pulsar wants to merge 1 commits from 2024.43 into master
pull from: 2024.43
merge into: ansible:master
Conversation 0 Commits 1 Files Changed 9 +165 -149
9 changed files with 165 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
README.md
View File

@ -1,82 +1,89 @@
# role_podman
Rôle de déploiement de podman.
Install podman and manage pods and containers.
## Pré-requis
## Pre-requisite
Ce rôle créer un utilisateur dédié via [cet autre rôle](https://gitea.ykn.fr/ansible/role_users) dont il est dépendant.
L'utilisation de ce rôle et de sa dépendance dans un playbook nécessite d'utilise ansible-galaxy en lui indiquant un fichier dont le contenu est le suivant :
```bash
$ cd playbook_podman
$ tee requirements.yml <<EOF
---
roles:
- name: users
scm: git
src: ssh://gitea@git.ykn.fr:12393/ansible/role_users.git
version: alpha
- name: podman
scm: git
src: ssh://gitea@git.ykn.fr:12393/ansible/role_podman.git
version: alpha
EOF
$ ansible-galaxy install -fr requirements.yml
```
The podman user (`podman_user`) must be created before executing this role.
## Variables
### podman_packages
List of packages to install in order to use podman.
<span style="text-decoration: underline">Default value:</span> `["catatonit", "dbus-user-session", "passt", "podman", "podman-docker", "uidmap", "systemd-container"]`
### podman_fix_pasta
On bookworm, we need to fix pasta to use podman ([see here](https://github.com/containers/buildah/issues/5440#issuecomment-2028911573)).
<span style="text-decoration: underline">Default value:</span> `false`
### podman_user
Users with container configuration.
<span style="text-decoration: underline">Default value:</span> `podman`
### podman_configure_rsyslog
Désactive les messages du programme *podman* et des programmes dans les conteneurs si ils portent le nom du conteneur.
Status of messages from the *podman* binary and from binaries in containers if they're equalto the container name.
<span style="text-decoration: underline">Valeur par défaut:</span> `true` (activé, `false` pour désactiver)
<span style="text-decoration: underline">Default value:</span> `true`
### podman_ssh_host
Host to be tested for instance availability.
<span style="text-decoration: underline">Default value:</span> `{{ inventory_hostname }}`
### podman_ssh_port
Port to be tested for instance availability.
<span style="text-decoration: underline">Default value:</span> `22`
### podman_auto_update
Status of the automatic container update service.
<span style="text-decoration: underline">Default value:</span> `true`
### podman_pods
List of dictionnaries to define pods ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_pod_module.html)).
<span style="text-decoration: underline">Default value:</span> none
### podman_containers
Définition des conteneurs à déployer.
List of dictionnaries to define containers ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_container_module.html#ansible-collections-containers-podman-podman-container-module)).
<span style="text-decoration: underline">Valeur par défaut:</span> *aucune*
<span style="text-decoration: underline">Default value:</span> none
## Utilisation
## Extras
Définir la variable `podman_containers` dans un fichier sous `host_vars` ou `group_vars` :
It's possible to use this role with the alvistack repository by setting the variables to the following values:
```bash
$ tee host_vars/lxd_podman_host.yml <<EOF
---
```yaml
# BEGIN role_podman
podman_packages:
- catatonit
- dbus-user-session
- containernetworking-dnsname
- containernetworking-plugins
- containernetworking-podman-machine
- passt
- podman
- podman-aardvark-dns
- podman-docker
- podman-gvproxy
- podman-netavark
- python3-podman-compose
- uidmap
- systemd-container
podman_containers:
- image: docker.io/wallabag/wallabag:latest
name: wallbag
userns: keep-id
volumes:
- wallbag-data:/var/www/wallabag/data
- wallbag-image:/var/www/wallabag/web/assets/images
ports:
- 80:80/tcp
environment_vars:
- SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
```
Il est également possible de définir l'utilisateur via la variable `user`, comme ceci :
```bash
$ tee host_vars/lxd_podman_host.yml <<EOF
---
podman_containers:
- image: docker.io/wallabag/wallabag:latest
name: wallbag
user: un_utilisateur
userns: keep-id
volumes:
- wallbag-data:/var/www/wallabag/data
- wallbag-image:/var/www/wallabag/web/assets/images
ports:
- 80:80/tcp
environment_vars:
- SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
podman_fix_pasta: true
# END role_podman
```

27
defaults/main.yml
View File

@ -1,25 +1,24 @@
---
# defaults file for podman
podman_packages:
- catatonit
- dbus-user-session
- passt
- podman
- podman-docker
- uidmap
- systemd-container
podman_fix_pasta: false
podman_user: podman
podman_configure_rsyslog: true
podman_fix_pasta: true
podman_ssh_host: "{{ inventory_hostname }}"
podman_ssh_port: 22
podman_auto_update: true
podman_pods: []
podman_containers: []
# Exemple:
# - image: docker.io/wallabag/wallabag:latest
# name: wallbag
# userns: keep-id
# commands:
# - echo toto
# volumes:
# - wallbag-data:/var/www/wallabag/data
# - wallbag-image:/var/www/wallabag/web/assets/images
# ports:
# - 80:80/tcp
# environment_vars:
# - SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr

23
handlers/main.yml
View File

@ -1,21 +1,34 @@
---
# handlers file for exim4
- name: Set default permissions on volumes folders
ansible.builtin.file:
path: "{{ item.path }}"
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
become: true
loop: "{{ folders.results | selectattr('changed', 'equalto', true) }}"
loop_control:
label: "{{ item.path }}"
# source: https://github.com/containers/buildah/issues/5440#issuecomment-2028911573
- name: Corriger le problème passt VS pasta
- name: Fix passt VS pasta
ansible.builtin.file:
state: hard
force: true
src: /usr/bin/passt
dest: /usr/bin/pasta
owner: root
group: root
mode: u=rw,g=r,o=r
force: true
when: podman_fix_pasta
become: true
- name: Redémarrer l'instance
- name: Restart instance
ansible.builtin.reboot:
become: true
- name: Attendre que le port SSH soit ouvert
- name: Wait SSH is ready
ansible.builtin.wait_for:
host: "{{ podman_ssh_host }}"
port: "{{ podman_ssh_port }}"
@ -25,7 +38,7 @@
sleep: 10
delegate_to: 127.0.0.1
- name: Redémarrer rsyslog.service
- name: Restart rsyslog.service
ansible.builtin.systemd:
state: restarted
name: rsyslog.service

2
meta/.galaxy_install_info Normal file
View File

@ -0,0 +1,2 @@
install_date: lun. 21 oct. 2024 11:22:51
version: master

2
meta/main.yml
View File

@ -10,6 +10,6 @@ galaxy_info:
platforms:
- name: Debian
versions:
- bookworm
- sid
dependencies: []

87
tasks/configuration.yml
View File

@ -1,72 +1,74 @@
---
# tasks file for podman
- name: Activer le lingering
- name: Enable lingering for podman user
ansible.builtin.command:
cmd: "loginctl enable-linger {{ container_user }}"
creates: /var/lib/systemd/linger/{{ container_user }}
cmd: "loginctl enable-linger {{ podman_user }}"
creates: /var/lib/systemd/linger/podman
become: true
loop: "{{ podman_containers }}"
loop_control:
label: "{{ item.name }}"
vars:
container_user: "podman-{{ item.user | default(item.name) }}"
- name: Créer les dossiers des volumes
- name: Create subvolumes paths
ansible.builtin.file:
path: "{{ item.1 | split(':') | first }}"
state: directory
owner: "{{ container_user }}"
group: "{{ container_user }}"
mode: u=rwX,g=rX,o=rX
become: true
loop: "{{ q('ansible.builtin.subelements', podman_containers, 'volumes', {'skip_missing': True}) }}"
loop_control:
label: "{{ item.0.name }}"
vars:
container_user: "podman-{{ item.0.user | default(item.0.name) }}"
register: folders
notify: Set default permissions on volumes folders
- name: Déployer les conteneurs
containers.podman.podman_container:
hostname: "{{ item.hostname | default(inventory_hostname) }}"
name: "{{ item.name }}"
image: "{{ item.image }}"
state: quadlet
device: "{{ item.device | default(omit) }}"
ports: "{{ item.ports | default(omit) }}"
volumes: "{{ item.volumes | default(omit) }}"
userns: "{{ item.userns | default(omit) }}"
mount: "{{ item.mount | default(omit) }}"
publish: "{{ item.publish | default(omit) }}"
env: "{{ item.env | default(omit) }}"
quadlet_options: "{{ item.quadlet_options | default(omit) }}"
sysctl: "{{ item.sysctl | default(omit) }}"
cap_add: "{{ item.cap_add | default(omit) }}"
recreate: true
- name: Exécuter les handlers
ansible.builtin.meta: flush_handlers
- name: Deploy pods
containers.podman.podman_pod: "{{ pod }}"
become: true
become_user: "{{ container_user }}"
register: deploy_container
become_user: "{{ podman_user }}"
loop: "{{ podman_pods }}"
loop_control:
label: "{{ item.name }}"
register: deployed_pods
vars:
pod: "{{ podman_pods_defaults | ansible.builtin.combine(item) }}"
- name: Start or restart pods
ansible.builtin.systemd_service:
name: "{{ item.item.name }}-pod.service"
state: "{{ 'restarted' if item.changed else 'started' }}"
daemon_reload: true
scope: user
become: true
become_user: "{{ podman_user }}"
loop: "{{ deployed_pods.results }}"
loop_control:
label: "{{ item.item.name }}"
- name: Deploy containers
containers.podman.podman_container: "{{ container }}"
become: true
become_user: "{{ podman_user }}"
loop: "{{ podman_containers }}"
loop_control:
label: "{{ item.name }}"
register: deployed_containers
vars:
container_user: "podman-{{ item.user | default(item.name) }}"
container: "{{ podman_containers_defaults | ansible.builtin.combine(item) }}"
- name: Démarrer ou redémarrer le conteneur
- name: Start or restart containers
ansible.builtin.systemd_service:
name: "{{ item.item.name }}.service"
state: "{{ 'restarted' if item.changed else 'started' }}"
daemon_reload: true
scope: user
become: true
become_user: "{{ container_user }}"
loop: "{{ deploy_container.results }}"
become_user: "{{ podman_user }}"
loop: "{{ deployed_containers.results }}"
loop_control:
label: "{{ item.item.name }}"
vars:
container_user: "podman-{{ item.item.user | default(item.item.name) }}"
- name: Activer le service de mise à jour automatique
- name: Enable containers auto-update service
ansible.builtin.systemd_service:
name: podman-auto-update.timer
daemon_reload: true
@ -74,9 +76,4 @@
scope: user
when: podman_auto_update
become: true
become_user: "{{ container_user }}"
loop: "{{ deploy_container.results }}"
loop_control:
label: "{{ item.item.name }}"
vars:
container_user: "podman-{{ item.item.user | default(item.item.name) }}"
become_user: "{{ podman_user }}"

24
tasks/installation.yml
View File

@ -3,28 +3,14 @@
- name: Installer les paquets
ansible.builtin.apt:
name:
- dbus-user-session
- containernetworking-dnsname
- containernetworking-plugins
- containernetworking-podman-machine
- dbus-user-session
- passt
- podman
- podman-aardvark-dns
- podman-docker
- podman-gvproxy
- podman-netavark
- python3-podman-compose
- uidmap
- systemd-container
name: "{{ podman_packages }}"
install_recommends: true
state: present
become: true
notify:
- Corriger le problème passt VS pasta
- Redémarrer l'instance
- Attendre que le port SSH soit ouvert
- Fix passt VS pasta
- Restart instance
- Wait SSH is ready
- name: Exécuter les handlers
ansible.builtin.meta: flush_handlers
@ -38,7 +24,7 @@
mode: u=rw,g=r,o=r
when: podman_configure_rsyslog
become: true
notify: Redémarrer rsyslog.service
notify: Restart rsyslog.service
- name: Désactiver le service de mise à jour automatique pour root
ansible.builtin.systemd_service:

4
tasks/main.yml
View File

@ -1,10 +1,10 @@
---
# tasks file for podman
- name: Importer les tâches d'installation
- name: Import installation tasks
ansible.builtin.import_tasks:
file: installation.yml
- name: Importer les tâches de configuration
- name: Import configuration tasks
ansible.builtin.import_tasks:
file: configuration.yml

12
vars/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
podman_pods_defaults: []
podman_containers_defaults:
state: quadlet
recreate: true
quadlet_options:
- "AutoUpdate=registry"
- |
[Install]
WantedBy=default.target