diff --git a/.ansible/.lock b/.ansible/.lock new file mode 100644 index 0000000..e69de29 diff --git a/README.md b/README.md index af81c03..37585c0 100644 --- a/README.md +++ b/README.md @@ -13,11 +13,9 @@ Requirements Role Variables -------------- -### Installation Variables +### Package Installation -* `podman_install_from_repo`: Install from official repositories (default: `true`) -* `podman_packages`: List of core Podman packages to install -* `podman_additional_packages`: Additional packages for full container support +* `podman_packages`: List of Podman packages to install (includes core and additional packages for Debian/Ubuntu) ### Configuration Variables @@ -236,13 +234,13 @@ podman_systemd_options: new: true # Generate new service files force: true # Overwrite existing files restart_policy: always # Default restart policy - time: 120 # Stop timeout in seconds + stop_timeout: 120 # Stop timeout in seconds no_header: false # Include header in service files wants: [] # Systemd unit Wants after: [] # Systemd unit After requires: [] # Systemd unit Requires - container_prefix: "" # Prefix for container service names - pod_prefix: "" # Prefix for pod service names + container_prefix: "container-" # Prefix for container service names + pod_prefix: "pod-" # Prefix for pod service names restart_sec: 30 # Restart delay in seconds ``` diff --git a/defaults/main.yml b/defaults/main.yml index 5156d14..8c5af08 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,10 +2,14 @@ # defaults file for podman # Package installation -podman_install_from_repo: true podman_packages: - podman - crun + - buildah + - skopeo + - fuse-overlayfs + - slirp4netns + - uidmap # Podman configuration podman_configure_registries: true @@ -626,8 +630,8 @@ podman_systemd_options: wants: [] after: [] requires: [] - container_prefix: "" - pod_prefix: "" + container_prefix: "container-" + pod_prefix: "pod-" restart_sec: 30 ### Prune Configuration diff --git a/handlers/main.yml b/handlers/main.yml index e44081e..e079a66 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -10,3 +10,31 @@ - name: Reload systemd ansible.builtin.systemd: daemon_reload: true + +- name: Start Podman pods + ansible.builtin.systemd: + name: "{{ podman_systemd_options.pod_prefix }}{{ item.name }}" + enabled: true + state: started + daemon_reload: true + listen: Reload systemd + loop: "{{ podman_pods }}" + loop_control: + label: "{{ item.name }}" + when: + - podman_pods is defined + - podman_pods | length > 0 + +- name: Start Podman podless containers + ansible.builtin.systemd: + name: "{{ podman_systemd_options.container_prefix }}{{ item.name }}" + enabled: true + state: started + daemon_reload: true + listen: Reload systemd + loop: "{{ podman_containers | rejectattr('pod', 'defined') | list }}" + loop_control: + label: "{{ item.name }}" + when: + - podman_containers is defined + - podman_containers | length > 0 diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 998a1b0..cd892c6 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,9 +1,7 @@ --- -- name: Converge - apply podman role +- name: Converge hosts: all - become: true vars: - podman_install_from_repo: true podman_packages: - podman podman_configure_registries: true @@ -13,5 +11,3 @@ podman_enable_api_service: false podman_policy_default_type: "insecureAcceptAnything" podman_policy_trusted_registries: [] - roles: - - name: podman diff --git a/tasks/containers.yml b/tasks/containers.yml index a589b0b..16e1524 100644 --- a/tasks/containers.yml +++ b/tasks/containers.yml @@ -15,21 +15,21 @@ hostname: "{{ item.hostname | default(omit) }}" # Container runtime options - detach: "{{ item.detach | default(true) }}" - interactive: "{{ item.interactive | default(false) }}" - tty: "{{ item.tty | default(false) }}" - rm: "{{ item.auto_remove | default(false) }}" - rmi: "{{ item.remove_image | default(false) }}" - privileged: "{{ item.privileged | default(false) }}" - read_only: "{{ item.read_only | default(false) }}" - read_only_tmpfs: "{{ item.read_only_tmpfs | default(true) }}" - init: "{{ item.init | default(false) }}" + detach: "{{ item.detach | bool | default(omit) }}" + interactive: "{{ item.interactive | bool | default(omit) }}" + tty: "{{ item.tty | bool | default(omit) }}" + rm: "{{ item.auto_remove | bool | default(omit) }}" + rmi: "{{ item.remove_image | bool | default(omit) }}" + privileged: "{{ item.privileged | bool | default(omit) }}" + read_only: "{{ item.read_only | bool | default(omit) }}" + read_only_tmpfs: "{{ item.read_only_tmpfs | bool | default(omit) }}" + init: "{{ item.init | bool | default(omit) }}" init_path: "{{ item.init_path | default(omit) }}" # Networking network: "{{ item.networks | default(omit) }}" publish: "{{ item.ports | default(omit) }}" - publish_all: "{{ item.publish_all | default(false) }}" + publish_all: "{{ item.publish_all | bool | default(omit) }}" expose: "{{ item.expose | default(omit) }}" ip: "{{ item.ip | default(omit) }}" ip6: "{{ item.ip6 | default(omit) }}" @@ -39,7 +39,7 @@ dns_option: "{{ item.dns_options | default(omit) }}" dns_search: "{{ item.dns_search | default(omit) }}" etc_hosts: "{{ item.add_hosts | default(omit) }}" - no_hosts: "{{ item.no_hosts | default(false) }}" + no_hosts: "{{ item.no_hosts | bool | default(omit) }}" # Storage and volumes volume: "{{ item.volumes | default(omit) }}" @@ -51,10 +51,10 @@ # Environment variables env: "{{ item.env | default(omit) }}" env_file: "{{ item.env_files | default(omit) }}" - env_host: "{{ item.env_host | default(false) }}" + env_host: "{{ item.env_host | bool | default(omit) }}" env_merge: "{{ item.env_merge | default(omit) }}" unsetenv: "{{ item.unsetenv | default(omit) }}" - unsetenv_all: "{{ item.unsetenv_all | default(false) }}" + unsetenv_all: "{{ item.unsetenv_all | bool | default(omit) }}" # Resource constraints memory: "{{ item.memory | default(omit) }}" @@ -72,7 +72,7 @@ cpuset_mems: "{{ item.cpuset_mems | default(omit) }}" blkio_weight: "{{ item.blkio_weight | default(omit) }}" blkio_weight_device: "{{ item.blkio_weight_device | default(omit) }}" - oom_kill_disable: "{{ item.oom_kill_disable | default(false) }}" + oom_kill_disable: "{{ item.oom_kill_disable | bool | default(omit) }}" oom_score_adj: "{{ item.oom_score_adj | default(omit) }}" pids_limit: "{{ item.pids_limit | default(omit) }}" @@ -137,7 +137,7 @@ healthcheck_start_period: "{{ item.healthcheck_start_period | default(omit) }}" healthcheck_retries: "{{ item.healthcheck_retries | default(omit) }}" healthcheck_failure_action: "{{ item.healthcheck_failure_action | default(omit) }}" - no_healthcheck: "{{ item.no_healthcheck | default(false) }}" + no_healthcheck: "{{ item.no_healthcheck | bool | default(omit) }}" # Startup health checks health_startup_cmd: "{{ item.health_startup_cmd | default(omit) }}" @@ -161,7 +161,7 @@ # Pull and image options pull: "{{ item.pull | default('missing') }}" - image_strict: "{{ item.image_strict | default(false) }}" + image_strict: "{{ item.image_strict | bool | default(omit) }}" arch: "{{ item.arch | default(omit) }}" os: "{{ item.os | default(omit) }}" platform: "{{ item.platform | default(omit) }}" @@ -180,8 +180,8 @@ # Special options attach: "{{ item.attach | default(omit) }}" detach_keys: "{{ item.detach_keys | default(omit) }}" - sig_proxy: "{{ item.sig_proxy | default(true) }}" - http_proxy: "{{ item.http_proxy | default(true) }}" + sig_proxy: "{{ item.sig_proxy | bool | default(omit) }}" + http_proxy: "{{ item.http_proxy | bool | default(omit) }}" # Advanced options chrootdirs: "{{ item.chrootdirs | default(omit) }}" @@ -193,7 +193,7 @@ preserve_fds: "{{ item.preserve_fds | default(omit) }}" rdt_class: "{{ item.rdt_class | default(omit) }}" requires: "{{ item.requires | default(omit) }}" - rootfs: "{{ item.rootfs | default(false) }}" + rootfs: "{{ item.rootfs | bool | default(omit) }}" sdnotify: "{{ item.sdnotify | default(omit) }}" secrets: "{{ item.secrets | default(omit) }}" timezone: "{{ item.timezone | default(omit) }}" @@ -214,13 +214,13 @@ # Control options cmd_args: "{{ item.cmd_args | default(omit) }}" executable: "{{ item.executable | default('podman') }}" - recreate: "{{ item.recreate | default(false) }}" - force_restart: "{{ item.force_restart | default(false) }}" - force_delete: "{{ item.force_delete | default(true) }}" - delete_depend: "{{ item.delete_depend | default(false) }}" + recreate: "{{ item.recreate | bool | default(omit) }}" + force_restart: "{{ item.force_restart | bool | default(omit) }}" + force_delete: "{{ item.force_delete | bool | default(omit) }}" + delete_depend: "{{ item.delete_depend | bool | default(omit) }}" delete_time: "{{ item.delete_time | default(omit) }}" - delete_volumes: "{{ item.delete_volumes | default(false) }}" - debug: "{{ item.debug | default(false) }}" + delete_volumes: "{{ item.delete_volumes | bool | default(omit) }}" + debug: "{{ item.debug | bool | default(omit) }}" loop: "{{ podman_containers }}" loop_control: label: "{{ item.name }}" diff --git a/tasks/pods.yml b/tasks/pods.yml index 790026e..107f09d 100644 --- a/tasks/pods.yml +++ b/tasks/pods.yml @@ -10,7 +10,7 @@ volume: "{{ item.volumes | default(omit) }}" label: "{{ item.labels | default(omit) }}" hostname: "{{ item.hostname | default(omit) }}" - infra: "{{ item.infra | default(true) }}" + infra: "{{ item.infra | default(omit) }}" infra_image: "{{ item.infra_image | default(omit) }}" infra_command: "{{ item.infra_command | default(omit) }}" infra_name: "{{ item.infra_name | default(omit) }}" @@ -21,7 +21,7 @@ ip: "{{ item.ip | default(omit) }}" ip6: "{{ item.ip6 | default(omit) }}" mac_address: "{{ item.mac_address | default(omit) }}" - no_hosts: "{{ item.no_hosts | default(false) }}" + no_hosts: "{{ item.no_hosts | default(omit) }}" share: "{{ item.share | default(omit) }}" share_parent: "{{ item.share_parent | default(omit) }}" userns: "{{ item.userns | default(omit) }}" @@ -59,8 +59,8 @@ quadlet_filename: "{{ item.quadlet_filename | default(omit) }}" quadlet_file_mode: "{{ item.quadlet_file_mode | default(omit) }}" quadlet_options: "{{ item.quadlet_options | default(omit) }}" - recreate: "{{ item.recreate | default(false) }}" - debug: "{{ item.debug | default(false) }}" + recreate: "{{ item.recreate | default(omit) }}" + debug: "{{ item.debug | default(omit) }}" loop: "{{ podman_pods }}" loop_control: label: "{{ item.name }}" diff --git a/tasks/systemd.yml b/tasks/systemd.yml index fe895a6..dd08695 100644 --- a/tasks/systemd.yml +++ b/tasks/systemd.yml @@ -2,49 +2,55 @@ # Generate systemd service files for Podman containers and pods - name: Generate systemd service files for containers + vars: + systemd_opts: "{{ item.systemd if item.systemd is defined else (item.generate_systemd if item.generate_systemd is defined else {}) }}" containers.podman.podman_generate_systemd: name: "{{ item.name }}" dest: "{{ podman_systemd_dir }}" new: "{{ podman_systemd_options.new }}" force: "{{ podman_systemd_options.force }}" - restart_policy: "{{ item.systemd.restart_policy | default(podman_systemd_options.restart_policy) }}" - stop_timeout: "{{ item.systemd.stop_timeout | default(podman_systemd_options.stop_timeout) }}" - no_header: "{{ item.systemd.no_header | default(podman_systemd_options.no_header) }}" - separator: "{{ item.systemd.separator | default(podman_systemd_options.separator) }}" - wants: "{{ item.systemd.wants | default(podman_systemd_options.wants) }}" - after: "{{ item.systemd.after | default(podman_systemd_options.after) }}" - requires: "{{ item.systemd.requires | default(podman_systemd_options.requires) }}" - container_prefix: "{{ item.systemd.container_prefix | default(podman_systemd_options.container_prefix) }}" - pod_prefix: "{{ item.systemd.pod_prefix | default(podman_systemd_options.pod_prefix) }}" - loop: "{{ podman_containers | selectattr('systemd', 'defined') | list }}" + restart_policy: "{{ systemd_opts.restart_policy | default(podman_systemd_options.restart_policy) }}" + stop_timeout: "{{ systemd_opts.stop_timeout | default(podman_systemd_options.stop_timeout) }}" + no_header: "{{ systemd_opts.no_header | default(podman_systemd_options.no_header) }}" + separator: "{{ systemd_opts.separator | default(podman_systemd_options.separator) }}" + wants: "{{ systemd_opts.wants | default(podman_systemd_options.wants) }}" + after: "{{ systemd_opts.after | default(podman_systemd_options.after) }}" + requires: "{{ systemd_opts.requires | default(podman_systemd_options.requires) }}" + container_prefix: "{{ systemd_opts.container_prefix | default(podman_systemd_options.container_prefix) }}" + pod_prefix: "{{ systemd_opts.pod_prefix | default(podman_systemd_options.pod_prefix) }}" + loop: "{{ podman_containers }}" loop_control: label: "{{ item.name }}" when: - podman_generate_systemd | bool - podman_containers is defined - podman_containers | length > 0 + - (item.systemd is defined) or (item.generate_systemd is defined) notify: Reload systemd - name: Generate systemd service files for pods + vars: + systemd_opts: "{{ item.systemd if item.systemd is defined else (item.generate_systemd if item.generate_systemd is defined else {}) }}" containers.podman.podman_generate_systemd: name: "{{ item.name }}" dest: "{{ podman_systemd_dir }}" new: "{{ podman_systemd_options.new }}" force: "{{ podman_systemd_options.force }}" - restart_policy: "{{ item.systemd.restart_policy | default(podman_systemd_options.restart_policy) }}" - stop_timeout: "{{ item.systemd.stop_timeout | default(podman_systemd_options.stop_timeout) }}" - no_header: "{{ item.systemd.no_header | default(podman_systemd_options.no_header) }}" - separator: "{{ item.systemd.separator | default(podman_systemd_options.separator) }}" - wants: "{{ item.systemd.wants | default(podman_systemd_options.wants) }}" - after: "{{ item.systemd.after | default(podman_systemd_options.after) }}" - requires: "{{ item.systemd.requires | default(podman_systemd_options.requires) }}" - container_prefix: "{{ item.systemd.container_prefix | default(podman_systemd_options.container_prefix) }}" - pod_prefix: "{{ item.systemd.pod_prefix | default(podman_systemd_options.pod_prefix) }}" - loop: "{{ podman_pods | selectattr('systemd', 'defined') | list }}" + restart_policy: "{{ systemd_opts.restart_policy | default(podman_systemd_options.restart_policy) }}" + stop_timeout: "{{ systemd_opts.stop_timeout | default(podman_systemd_options.stop_timeout) }}" + no_header: "{{ systemd_opts.no_header | default(podman_systemd_options.no_header) }}" + separator: "{{ systemd_opts.separator | default(podman_systemd_options.separator) }}" + wants: "{{ systemd_opts.wants | default(podman_systemd_options.wants) }}" + after: "{{ systemd_opts.after | default(podman_systemd_options.after) }}" + requires: "{{ systemd_opts.requires | default(podman_systemd_options.requires) }}" + container_prefix: "{{ systemd_opts.container_prefix | default(podman_systemd_options.container_prefix) }}" + pod_prefix: "{{ systemd_opts.pod_prefix | default(podman_systemd_options.pod_prefix) }}" + loop: "{{ podman_pods }}" loop_control: label: "{{ item.name }}" when: - podman_generate_systemd | bool - podman_pods is defined - podman_pods | length > 0 + - (item.systemd is defined) or (item.generate_systemd is defined) notify: Reload systemd diff --git a/vars/Debian.yml b/vars/Debian.yml deleted file mode 100644 index 2f6e0fa..0000000 --- a/vars/Debian.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# OS-specific variables for Debian/Ubuntu - -# Package names may vary between distributions -podman_packages: - - podman - - buildah - - skopeo - -podman_additional_packages: - - crun - - fuse-overlayfs - - slirp4netns - - uidmap