ansible/role_podman
1
0
Fork 0
Code Pull Requests 1 Releases Activity

refacto: Rewriting for Debian Sid #4

Open
pulsar wants to merge 1 commits from 2024.43 into master
pull from: 2024.43
merge into: ansible:master
Conversation 0 Commits 1 Files Changed 9 +165 -149
9 changed files with 165 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
README.md
View File

@ -1,82 +1,89 @@
# role_podman # role_podman
Rôle de déploiement de podman. Install podman and manage pods and containers.
## Pré-requis ## Pre-requisite
Ce rôle créer un utilisateur dédié via [cet autre rôle](https://gitea.ykn.fr/ansible/role_users) dont il est dépendant. The podman user (`podman_user`) must be created before executing this role.
L'utilisation de ce rôle et de sa dépendance dans un playbook nécessite d'utilise ansible-galaxy en lui indiquant un fichier dont le contenu est le suivant :
```bash
$ cd playbook_podman
$ tee requirements.yml <<EOF
---
roles:
- name: users
scm: git
src: ssh://gitea@git.ykn.fr:12393/ansible/role_users.git
version: alpha
- name: podman
scm: git
src: ssh://gitea@git.ykn.fr:12393/ansible/role_podman.git
version: alpha
EOF
$ ansible-galaxy install -fr requirements.yml
```
## Variables ## Variables
### podman_packages
List of packages to install in order to use podman.
<span style="text-decoration: underline">Default value:</span> `["catatonit", "dbus-user-session", "passt", "podman", "podman-docker", "uidmap", "systemd-container"]`
### podman_fix_pasta
On bookworm, we need to fix pasta to use podman ([see here](https://github.com/containers/buildah/issues/5440#issuecomment-2028911573)).
<span style="text-decoration: underline">Default value:</span> `false`
### podman_user
Users with container configuration.
<span style="text-decoration: underline">Default value:</span> `podman`
### podman_configure_rsyslog ### podman_configure_rsyslog
Désactive les messages du programme *podman* et des programmes dans les conteneurs si ils portent le nom du conteneur. Status of messages from the *podman* binary and from binaries in containers if they're equalto the container name.
<span style="text-decoration: underline">Valeur par défaut:</span> `true` (activé, `false` pour désactiver) <span style="text-decoration: underline">Default value:</span> `true`
### podman_ssh_host
Host to be tested for instance availability.
<span style="text-decoration: underline">Default value:</span> `{{ inventory_hostname }}`
### podman_ssh_port
Port to be tested for instance availability.
<span style="text-decoration: underline">Default value:</span> `22`
### podman_auto_update
Status of the automatic container update service.
<span style="text-decoration: underline">Default value:</span> `true`
### podman_pods
List of dictionnaries to define pods ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_pod_module.html)).
<span style="text-decoration: underline">Default value:</span> none
### podman_containers ### podman_containers
Définition des conteneurs à déployer. List of dictionnaries to define containers ([see ansible documentation](https://docs.ansible.com/ansible/latest/collections/containers/podman/podman_container_module.html#ansible-collections-containers-podman-podman-container-module)).
<span style="text-decoration: underline">Valeur par défaut:</span> *aucune* <span style="text-decoration: underline">Default value:</span> none
## Utilisation ## Extras
Définir la variable `podman_containers` dans un fichier sous `host_vars` ou `group_vars` : It's possible to use this role with the alvistack repository by setting the variables to the following values:
```bash ```yaml
$ tee host_vars/lxd_podman_host.yml <<EOF # BEGIN role_podman
--- podman_packages:
- catatonit
- dbus-user-session
- containernetworking-dnsname
- containernetworking-plugins
- containernetworking-podman-machine
- passt
- podman
- podman-aardvark-dns
- podman-docker
- podman-gvproxy
- podman-netavark
- python3-podman-compose
- uidmap
- systemd-container
podman_containers: podman_fix_pasta: true
- image: docker.io/wallabag/wallabag:latest # END role_podman
name: wallbag
userns: keep-id
volumes:
- wallbag-data:/var/www/wallabag/data
- wallbag-image:/var/www/wallabag/web/assets/images
ports:
- 80:80/tcp
environment_vars:
- SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
```
Il est également possible de définir l'utilisateur via la variable `user`, comme ceci :
```bash
$ tee host_vars/lxd_podman_host.yml <<EOF
---
podman_containers:
- image: docker.io/wallabag/wallabag:latest
name: wallbag
user: un_utilisateur
userns: keep-id
volumes:
- wallbag-data:/var/www/wallabag/data
- wallbag-image:/var/www/wallabag/web/assets/images
ports:
- 80:80/tcp
environment_vars:
- SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr
``` ```

27
defaults/main.yml
View File

@ -1,25 +1,24 @@
--- ---
# defaults file for podman # defaults file for podman
podman_packages:
- catatonit
- dbus-user-session
- passt
- podman
- podman-docker
- uidmap
- systemd-container
podman_fix_pasta: false
podman_user: podman
podman_configure_rsyslog: true podman_configure_rsyslog: true
podman_fix_pasta: true
podman_ssh_host: "{{ inventory_hostname }}" podman_ssh_host: "{{ inventory_hostname }}"
podman_ssh_port: 22 podman_ssh_port: 22
podman_auto_update: true podman_auto_update: true
podman_pods: []
podman_containers: [] podman_containers: []
# Exemple:
# - image: docker.io/wallabag/wallabag:latest
# name: wallbag
# userns: keep-id
# commands:
# - echo toto
# volumes:
# - wallbag-data:/var/www/wallabag/data
# - wallbag-image:/var/www/wallabag/web/assets/images
# ports:
# - 80:80/tcp
# environment_vars:
# - SYMFONY__ENV__DOMAIN_NAME=https://wallbag.ykn.fr

23
handlers/main.yml
View File

@ -1,21 +1,34 @@
--- ---
# handlers file for exim4 # handlers file for exim4
- name: Set default permissions on volumes folders
ansible.builtin.file:
path: "{{ item.path }}"
owner: "{{ podman_user }}"
group: "{{ podman_user }}"
become: true
loop: "{{ folders.results | selectattr('changed', 'equalto', true) }}"
loop_control:
label: "{{ item.path }}"
# source: https://github.com/containers/buildah/issues/5440#issuecomment-2028911573 # source: https://github.com/containers/buildah/issues/5440#issuecomment-2028911573
- name: Corriger le problème passt VS pasta - name: Fix passt VS pasta
ansible.builtin.file: ansible.builtin.file:
state: hard state: hard
force: true
src: /usr/bin/passt src: /usr/bin/passt
dest: /usr/bin/pasta dest: /usr/bin/pasta
owner: root
group: root
mode: u=rw,g=r,o=r
force: true
when: podman_fix_pasta when: podman_fix_pasta
become: true become: true
- name: Redémarrer l'instance - name: Restart instance
ansible.builtin.reboot: ansible.builtin.reboot:
become: true become: true
- name: Attendre que le port SSH soit ouvert - name: Wait SSH is ready
ansible.builtin.wait_for: ansible.builtin.wait_for:
host: "{{ podman_ssh_host }}" host: "{{ podman_ssh_host }}"
port: "{{ podman_ssh_port }}" port: "{{ podman_ssh_port }}"
@ -25,7 +38,7 @@
sleep: 10 sleep: 10
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
- name: Redémarrer rsyslog.service - name: Restart rsyslog.service
ansible.builtin.systemd: ansible.builtin.systemd:
state: restarted state: restarted
name: rsyslog.service name: rsyslog.service

2
meta/.galaxy_install_info Normal file
View File

@ -0,0 +1,2 @@
install_date: lun. 21 oct. 2024 11:22:51
version: master

2
meta/main.yml
View File

@ -10,6 +10,6 @@ galaxy_info:
platforms: platforms:
- name: Debian - name: Debian
versions: versions:
- bookworm - sid
dependencies: [] dependencies: []

87
tasks/configuration.yml
View File

@ -1,72 +1,74 @@
--- ---
# tasks file for podman # tasks file for podman
- name: Activer le lingering - name: Enable lingering for podman user
ansible.builtin.command: ansible.builtin.command:
cmd: "loginctl enable-linger {{ container_user }}" cmd: "loginctl enable-linger {{ podman_user }}"
creates: /var/lib/systemd/linger/{{ container_user }} creates: /var/lib/systemd/linger/podman
become: true become: true
loop: "{{ podman_containers }}"
loop_control:
label: "{{ item.name }}"
vars:
container_user: "podman-{{ item.user | default(item.name) }}"
- name: Créer les dossiers des volumes - name: Create subvolumes paths
ansible.builtin.file: ansible.builtin.file:
path: "{{ item.1 | split(':') | first }}" path: "{{ item.1 | split(':') | first }}"
state: directory state: directory
owner: "{{ container_user }}"
group: "{{ container_user }}"
mode: u=rwX,g=rX,o=rX mode: u=rwX,g=rX,o=rX
become: true become: true
loop: "{{ q('ansible.builtin.subelements', podman_containers, 'volumes', {'skip_missing': True}) }}" loop: "{{ q('ansible.builtin.subelements', podman_containers, 'volumes', {'skip_missing': True}) }}"
loop_control: loop_control:
label: "{{ item.0.name }}" label: "{{ item.0.name }}"
vars: register: folders
container_user: "podman-{{ item.0.user | default(item.0.name) }}" notify: Set default permissions on volumes folders
- name: Déployer les conteneurs - name: Exécuter les handlers
containers.podman.podman_container: ansible.builtin.meta: flush_handlers
hostname: "{{ item.hostname | default(inventory_hostname) }}"
name: "{{ item.name }}" - name: Deploy pods
image: "{{ item.image }}" containers.podman.podman_pod: "{{ pod }}"
state: quadlet
device: "{{ item.device | default(omit) }}"
ports: "{{ item.ports | default(omit) }}"
volumes: "{{ item.volumes | default(omit) }}"
userns: "{{ item.userns | default(omit) }}"
mount: "{{ item.mount | default(omit) }}"
publish: "{{ item.publish | default(omit) }}"
env: "{{ item.env | default(omit) }}"
quadlet_options: "{{ item.quadlet_options | default(omit) }}"
sysctl: "{{ item.sysctl | default(omit) }}"
cap_add: "{{ item.cap_add | default(omit) }}"
recreate: true
become: true become: true
become_user: "{{ container_user }}" become_user: "{{ podman_user }}"
register: deploy_container loop: "{{ podman_pods }}"
loop_control:
label: "{{ item.name }}"
register: deployed_pods
vars:
pod: "{{ podman_pods_defaults | ansible.builtin.combine(item) }}"
- name: Start or restart pods
ansible.builtin.systemd_service:
name: "{{ item.item.name }}-pod.service"
state: "{{ 'restarted' if item.changed else 'started' }}"
daemon_reload: true
scope: user
become: true
become_user: "{{ podman_user }}"
loop: "{{ deployed_pods.results }}"
loop_control:
label: "{{ item.item.name }}"
- name: Deploy containers
containers.podman.podman_container: "{{ container }}"
become: true
become_user: "{{ podman_user }}"
loop: "{{ podman_containers }}" loop: "{{ podman_containers }}"
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"
register: deployed_containers
vars: vars:
container_user: "podman-{{ item.user | default(item.name) }}" container: "{{ podman_containers_defaults | ansible.builtin.combine(item) }}"
- name: Démarrer ou redémarrer le conteneur - name: Start or restart containers
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: "{{ item.item.name }}.service" name: "{{ item.item.name }}.service"
state: "{{ 'restarted' if item.changed else 'started' }}" state: "{{ 'restarted' if item.changed else 'started' }}"
daemon_reload: true daemon_reload: true
scope: user scope: user
become: true become: true
become_user: "{{ container_user }}" become_user: "{{ podman_user }}"
loop: "{{ deploy_container.results }}" loop: "{{ deployed_containers.results }}"
loop_control: loop_control:
label: "{{ item.item.name }}" label: "{{ item.item.name }}"
vars:
container_user: "podman-{{ item.item.user | default(item.item.name) }}"
- name: Activer le service de mise à jour automatique - name: Enable containers auto-update service
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: podman-auto-update.timer name: podman-auto-update.timer
daemon_reload: true daemon_reload: true
@ -74,9 +76,4 @@
scope: user scope: user
when: podman_auto_update when: podman_auto_update
become: true become: true
become_user: "{{ container_user }}" become_user: "{{ podman_user }}"
loop: "{{ deploy_container.results }}"
loop_control:
label: "{{ item.item.name }}"
vars:
container_user: "podman-{{ item.item.user | default(item.item.name) }}"

24
tasks/installation.yml
View File

@ -3,28 +3,14 @@
- name: Installer les paquets - name: Installer les paquets
ansible.builtin.apt: ansible.builtin.apt:
name: name: "{{ podman_packages }}"
- dbus-user-session
- containernetworking-dnsname
- containernetworking-plugins
- containernetworking-podman-machine
- dbus-user-session
- passt
- podman
- podman-aardvark-dns
- podman-docker
- podman-gvproxy
- podman-netavark
- python3-podman-compose
- uidmap
- systemd-container
install_recommends: true install_recommends: true
state: present state: present
become: true become: true
notify: notify:
- Corriger le problème passt VS pasta - Fix passt VS pasta
- Redémarrer l'instance - Restart instance
- Attendre que le port SSH soit ouvert - Wait SSH is ready
- name: Exécuter les handlers - name: Exécuter les handlers
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers
@ -38,7 +24,7 @@
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
when: podman_configure_rsyslog when: podman_configure_rsyslog
become: true become: true
notify: Redémarrer rsyslog.service notify: Restart rsyslog.service
- name: Désactiver le service de mise à jour automatique pour root - name: Désactiver le service de mise à jour automatique pour root
ansible.builtin.systemd_service: ansible.builtin.systemd_service:

4
tasks/main.yml
View File

@ -1,10 +1,10 @@
--- ---
# tasks file for podman # tasks file for podman
- name: Importer les tâches d'installation - name: Import installation tasks
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: installation.yml file: installation.yml
- name: Importer les tâches de configuration - name: Import configuration tasks
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: configuration.yml file: configuration.yml

12
vars/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
podman_pods_defaults: []
podman_containers_defaults:
state: quadlet
recreate: true
quadlet_options:
- "AutoUpdate=registry"
- |
[Install]
WantedBy=default.target