daniel/ansible-podman
1
0
Fork 0
Code Pull Requests Activity

podman

Browse Source
This commit is contained in:
Daniel Akulenok
2026-01-10 23:21:34 +01:00
parent af66520dcb
commit 17fea0e02b
9 changed files with 452 additions and 380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

178
README.md
View File

@@ -12,6 +12,7 @@
```
### 2. Run Your First Container
```yaml
- hosts: servers
roles:
@@ -20,7 +21,6 @@
podman_containers:
- name: nginx
image: nginx:latest
state: started
ports:
- "80:80"
```
@@ -28,11 +28,11 @@
### 3. Common Patterns
**Web application with database:**
```yaml
podman_containers:
- name: webapp
image: myapp:latest
state: started
ports:
- "8080:8080"
env:
@@ -40,7 +40,6 @@ podman_containers:
- name: database
image: postgres:15
state: started
volumes:
- "db-data:/var/lib/postgresql/data"
env:
@@ -63,127 +62,99 @@ podman_volumes:
---
## 🔧 Complete Feature Reference
## 🔧 Configuration Guide
### Container Management
### Management Modes (Quadlet vs Systemd)
This role automatically selects the best management engine based on your operating system version:
- **Quadlet** (Default for Debian 13+): Uses Podman's native systemd generator via `.container` files. This is the modern, preferred method.
- **Systemd** (Default for Debian < 13): Uses legacy `podman generate systemd` to create service units.
The determination is controlled by the logic in `defaults/main.yml`:
```yaml
# Auto-detected. True for Debian 13+, False otherwise.
podman_use_quadlet: "{{ ... }}"
# Sets default state to 'quadlet' or 'started'/'present' accordingly
podman_mode: ...
```
**Recommendation:** Do **not** set `state` explicitly in your variables (e.g., `podman_containers`) unless you have a specific reason. The role's defaults will ensure the correct state is applied for your OS version.
Users can still manually control defaults if needed:
```yaml
# Force Quadlet usage on older systems (if supported)
podman_use_quadlet: true
# Or customize default options
podman_container_defaults:
quadlet_options:
- "AutoUpdate=registry"
- |
[Install]
WantedBy=default.target
```
If you prefer the standard imperative approach (similar to `docker run`) regardless of OS, you can override the defaults or set `state: started` on individual items.
### Resource Definition
The variables `podman_containers`, `podman_networks`, `podman_volumes`, and `podman_pods` accept standard parameters from the [containers.podman](https://docs.ansible.com/ansible/latest/collections/containers/podman/index.html) collection.
#### Containers
```yaml
podman_containers:
- name: my-app
- name: nginx
image: nginx:latest
state: started # started|stopped|present|absent
ports:
- "8080:80"
- "443:443"
ports: ["80:80"]
volumes:
- "/host/path:/container/path"
- "volume-name:/data"
- "html_vol:/usr/share/nginx/html"
- "./local_conf:/etc/nginx/conf.d:ro"
env:
ENV_VAR: value
networks:
- app-network
restart_policy: always # no|always|on-failure|unless-stopped
user: "1000:1000"
labels:
app: web
environment: prod
memory: "1g"
cpu_shares: 1024
device:
- "/dev/sda:/dev/xvda:rwm"
security_opt:
- "seccomp=unconfined"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 30s
timeout: 10s
retries: 3
# Systemd service generation (optional)
generate_systemd:
path: "/etc/systemd/system"
restart_policy: always
after: ["network.target"]
wants: ["network-online.target"]
NGINX_HOST: example.com
# Quadlet-specific options can be added as a list
quadlet_options:
- "AutoUpdate=registry"
```
### Network Management
#### Networks
```yaml
podman_networks:
- name: app-network
state: present
driver: bridge # bridge|macvlan|ipvlan
subnet: "172.20.0.0/16"
gateway: "172.20.0.1"
internal: false # true for isolated networks
dns:
- "8.8.8.8"
- "1.1.1.1"
options:
mtu: 1500
vlan: 100
# Advanced networking
- name: macvlan-net
driver: macvlan
macvlan: "eth0" # Parent interface
subnet: "192.168.1.0/24"
- name: ipv6-net
driver: bridge
subnet: "fd00::/64"
ipv6: true
- name: app_net
subnet: "10.0.0.0/24"
gateway: "10.0.0.1"
dns: ["8.8.8.8"]
```
### Volume Management
#### Volumes
```yaml
# Toggle automatic creation of host directories for bind mounts
podman_create_volumes: true
podman_volumes:
- name: app-data
state: present
driver: local # local|tmpfs
labels:
backup: daily
environment: prod
options:
- "device=/dev/sdb1"
- "type=ext4"
- "o=rw"
- name: tmpfs-volume
driver: tmpfs
options:
- "tmpfs-size=100m"
- "tmpfs-mode=1777"
- name: db_data
# state defaults to 'quadlet'
```
### Pod Management
#### Pods
```yaml
podman_pods:
- name: webapp-pod
state: started
ports:
- "8080:80"
networks:
- frontend
hostname: webapp
dns:
- "8.8.8.8"
labels:
app: webapp
volumes:
- "webapp-data:/data"
memory: "2g"
cpu_shares: 1024
share: "net,ipc" # Shared namespaces
infra: true # Use infra container
infra_image: "registry.k8s.io/pause:3.9"
- name: app_pod
ports: ["8080:80"]
share: "net,ipc"
```
### Advanced Configuration
#### Registry & Security Policy
```yaml
# Basic registry setup (development)
podman_policy_default_type: "insecureAcceptAnything"
@@ -206,6 +177,7 @@ podman_policy_trusted_registries:
```
#### Systemd Service Generation
```yaml
# Global systemd settings
podman_generate_systemd: true
@@ -219,6 +191,7 @@ podman_systemd_options:
```
#### Resource Cleanup
```yaml
# Auto-cleanup unused resources
podman_prune_enabled: true
@@ -231,6 +204,7 @@ podman_prune_options:
```
#### Storage Configuration
```yaml
podman_configure_storage: true
podman_storage_driver: overlay
@@ -239,6 +213,7 @@ podman_storage_runroot: /run/containers/storage
```
#### API & Socket Services
```yaml
podman_enable_socket: true # Enable Podman socket
podman_enable_api_service: true # Enable REST API
@@ -265,6 +240,7 @@ ansible-playbook -t podman-networks playbook.yml
```
**Available tags:**
- `podman` - Run everything
- `podman-install` - Package installation
- `podman-configure` - Configuration files
@@ -281,6 +257,7 @@ ansible-playbook -t podman-networks playbook.yml
## 📚 Example Playbooks
### Development Environment
```yaml
- hosts: dev-servers
roles:
@@ -293,7 +270,6 @@ ansible-playbook -t podman-networks playbook.yml
podman_containers:
- name: dev-web
image: nginx:latest
state: started
ports:
- "8080:80"
volumes:
@@ -301,6 +277,7 @@ ansible-playbook -t podman-networks playbook.yml
```
### Production Environment
```yaml
- hosts: prod-servers
roles:
@@ -317,7 +294,6 @@ ansible-playbook -t podman-networks playbook.yml
podman_containers:
- name: prod-app
image: registry.company.com/app:v1.2.3
state: started
restart_policy: always
memory: "2g"
cpu_shares: 2048
@@ -329,6 +305,7 @@ ansible-playbook -t podman-networks playbook.yml
```
### Multi-Service Application
```yaml
- hosts: app-servers
roles:
@@ -347,7 +324,6 @@ ansible-playbook -t podman-networks playbook.yml
# Database
- name: postgres
image: postgres:15
state: started
networks:
- app-network
volumes:
@@ -359,7 +335,6 @@ ansible-playbook -t podman-networks playbook.yml
# Cache
- name: redis
image: redis:7-alpine
state: started
networks:
- app-network
volumes:
@@ -368,7 +343,6 @@ ansible-playbook -t podman-networks playbook.yml
# Application
- name: app
image: myapp:latest
state: started
networks:
- app-network
ports: