daniel/ansible-podman
1
0
Fork 0
Code Pull Requests Activity

Update podman role

Browse Source
This commit is contained in:
Daniel Akulenok
2025-09-09 12:35:00 +02:00
parent ad681951fd
commit 50fdc3689b
9 changed files with 96 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
.ansible/.lock Normal file
View File

12
README.md
View File

@@ -13,11 +13,9 @@ Requirements
Role Variables Role Variables
-------------- --------------
### Installation Variables ### Package Installation
* `podman_install_from_repo`: Install from official repositories (default: `true`) * `podman_packages`: List of Podman packages to install (includes core and additional packages for Debian/Ubuntu)
* `podman_packages`: List of core Podman packages to install
* `podman_additional_packages`: Additional packages for full container support
### Configuration Variables ### Configuration Variables
@@ -236,13 +234,13 @@ podman_systemd_options:
new: true # Generate new service files new: true # Generate new service files
force: true # Overwrite existing files force: true # Overwrite existing files
restart_policy: always # Default restart policy restart_policy: always # Default restart policy
time: 120 # Stop timeout in seconds stop_timeout: 120 # Stop timeout in seconds
no_header: false # Include header in service files no_header: false # Include header in service files
wants: [] # Systemd unit Wants wants: [] # Systemd unit Wants
after: [] # Systemd unit After after: [] # Systemd unit After
requires: [] # Systemd unit Requires requires: [] # Systemd unit Requires
container_prefix: "" # Prefix for container service names container_prefix: "container-" # Prefix for container service names
pod_prefix: "" # Prefix for pod service names pod_prefix: "pod-" # Prefix for pod service names
restart_sec: 30 # Restart delay in seconds restart_sec: 30 # Restart delay in seconds
``` ```

10
defaults/main.yml
View File

@@ -2,10 +2,14 @@
# defaults file for podman # defaults file for podman
# Package installation # Package installation
podman_install_from_repo: true
podman_packages: podman_packages:
- podman - podman
- crun - crun
- buildah
- skopeo
- fuse-overlayfs
- slirp4netns
- uidmap
# Podman configuration # Podman configuration
podman_configure_registries: true podman_configure_registries: true
@@ -626,8 +630,8 @@ podman_systemd_options:
wants: [] wants: []
after: [] after: []
requires: [] requires: []
container_prefix: "" container_prefix: "container-"
pod_prefix: "" pod_prefix: "pod-"
restart_sec: 30 restart_sec: 30
### Prune Configuration ### Prune Configuration

28
handlers/main.yml
View File

@@ -10,3 +10,31 @@
- name: Reload systemd - name: Reload systemd
ansible.builtin.systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
- name: Start Podman pods
ansible.builtin.systemd:
name: "{{ podman_systemd_options.pod_prefix }}{{ item.name }}"
enabled: true
state: started
daemon_reload: true
listen: Reload systemd
loop: "{{ podman_pods }}"
loop_control:
label: "{{ item.name }}"
when:
- podman_pods is defined
- podman_pods | length > 0
- name: Start Podman podless containers
ansible.builtin.systemd:
name: "{{ podman_systemd_options.container_prefix }}{{ item.name }}"
enabled: true
state: started
daemon_reload: true
listen: Reload systemd
loop: "{{ podman_containers | rejectattr('pod', 'defined') | list }}"
loop_control:
label: "{{ item.name }}"
when:
- podman_containers is defined
- podman_containers | length > 0

6
molecule/default/converge.yml
View File

@@ -1,9 +1,7 @@
--- ---
- name: Converge - apply podman role - name: Converge
hosts: all hosts: all
become: true
vars: vars:
podman_install_from_repo: true
podman_packages: podman_packages:
- podman - podman
podman_configure_registries: true podman_configure_registries: true
@@ -13,5 +11,3 @@
podman_enable_api_service: false podman_enable_api_service: false
podman_policy_default_type: "insecureAcceptAnything" podman_policy_default_type: "insecureAcceptAnything"
podman_policy_trusted_registries: [] podman_policy_trusted_registries: []
roles:
- name: podman

50
tasks/containers.yml
View File

@@ -15,21 +15,21 @@
hostname: "{{ item.hostname | default(omit) }}" hostname: "{{ item.hostname | default(omit) }}"
# Container runtime options # Container runtime options
detach: "{{ item.detach | default(true) }}" detach: "{{ item.detach | bool | default(omit) }}"
interactive: "{{ item.interactive | default(false) }}" interactive: "{{ item.interactive | bool | default(omit) }}"
tty: "{{ item.tty | default(false) }}" tty: "{{ item.tty | bool | default(omit) }}"
rm: "{{ item.auto_remove | default(false) }}" rm: "{{ item.auto_remove | bool | default(omit) }}"
rmi: "{{ item.remove_image | default(false) }}" rmi: "{{ item.remove_image | bool | default(omit) }}"
privileged: "{{ item.privileged | default(false) }}" privileged: "{{ item.privileged | bool | default(omit) }}"
read_only: "{{ item.read_only | default(false) }}" read_only: "{{ item.read_only | bool | default(omit) }}"
read_only_tmpfs: "{{ item.read_only_tmpfs | default(true) }}" read_only_tmpfs: "{{ item.read_only_tmpfs | bool | default(omit) }}"
init: "{{ item.init | default(false) }}" init: "{{ item.init | bool | default(omit) }}"
init_path: "{{ item.init_path | default(omit) }}" init_path: "{{ item.init_path | default(omit) }}"
# Networking # Networking
network: "{{ item.networks | default(omit) }}" network: "{{ item.networks | default(omit) }}"
publish: "{{ item.ports | default(omit) }}" publish: "{{ item.ports | default(omit) }}"
publish_all: "{{ item.publish_all | default(false) }}" publish_all: "{{ item.publish_all | bool | default(omit) }}"
expose: "{{ item.expose | default(omit) }}" expose: "{{ item.expose | default(omit) }}"
ip: "{{ item.ip | default(omit) }}" ip: "{{ item.ip | default(omit) }}"
ip6: "{{ item.ip6 | default(omit) }}" ip6: "{{ item.ip6 | default(omit) }}"
@@ -39,7 +39,7 @@
dns_option: "{{ item.dns_options | default(omit) }}" dns_option: "{{ item.dns_options | default(omit) }}"
dns_search: "{{ item.dns_search | default(omit) }}" dns_search: "{{ item.dns_search | default(omit) }}"
etc_hosts: "{{ item.add_hosts | default(omit) }}" etc_hosts: "{{ item.add_hosts | default(omit) }}"
no_hosts: "{{ item.no_hosts | default(false) }}" no_hosts: "{{ item.no_hosts | bool | default(omit) }}"
# Storage and volumes # Storage and volumes
volume: "{{ item.volumes | default(omit) }}" volume: "{{ item.volumes | default(omit) }}"
@@ -51,10 +51,10 @@
# Environment variables # Environment variables
env: "{{ item.env | default(omit) }}" env: "{{ item.env | default(omit) }}"
env_file: "{{ item.env_files | default(omit) }}" env_file: "{{ item.env_files | default(omit) }}"
env_host: "{{ item.env_host | default(false) }}" env_host: "{{ item.env_host | bool | default(omit) }}"
env_merge: "{{ item.env_merge | default(omit) }}" env_merge: "{{ item.env_merge | default(omit) }}"
unsetenv: "{{ item.unsetenv | default(omit) }}" unsetenv: "{{ item.unsetenv | default(omit) }}"
unsetenv_all: "{{ item.unsetenv_all | default(false) }}" unsetenv_all: "{{ item.unsetenv_all | bool | default(omit) }}"
# Resource constraints # Resource constraints
memory: "{{ item.memory | default(omit) }}" memory: "{{ item.memory | default(omit) }}"
@@ -72,7 +72,7 @@
cpuset_mems: "{{ item.cpuset_mems | default(omit) }}" cpuset_mems: "{{ item.cpuset_mems | default(omit) }}"
blkio_weight: "{{ item.blkio_weight | default(omit) }}" blkio_weight: "{{ item.blkio_weight | default(omit) }}"
blkio_weight_device: "{{ item.blkio_weight_device | default(omit) }}" blkio_weight_device: "{{ item.blkio_weight_device | default(omit) }}"
oom_kill_disable: "{{ item.oom_kill_disable | default(false) }}" oom_kill_disable: "{{ item.oom_kill_disable | bool | default(omit) }}"
oom_score_adj: "{{ item.oom_score_adj | default(omit) }}" oom_score_adj: "{{ item.oom_score_adj | default(omit) }}"
pids_limit: "{{ item.pids_limit | default(omit) }}" pids_limit: "{{ item.pids_limit | default(omit) }}"
@@ -137,7 +137,7 @@
healthcheck_start_period: "{{ item.healthcheck_start_period | default(omit) }}" healthcheck_start_period: "{{ item.healthcheck_start_period | default(omit) }}"
healthcheck_retries: "{{ item.healthcheck_retries | default(omit) }}" healthcheck_retries: "{{ item.healthcheck_retries | default(omit) }}"
healthcheck_failure_action: "{{ item.healthcheck_failure_action | default(omit) }}" healthcheck_failure_action: "{{ item.healthcheck_failure_action | default(omit) }}"
no_healthcheck: "{{ item.no_healthcheck | default(false) }}" no_healthcheck: "{{ item.no_healthcheck | bool | default(omit) }}"
# Startup health checks # Startup health checks
health_startup_cmd: "{{ item.health_startup_cmd | default(omit) }}" health_startup_cmd: "{{ item.health_startup_cmd | default(omit) }}"
@@ -161,7 +161,7 @@
# Pull and image options # Pull and image options
pull: "{{ item.pull | default('missing') }}" pull: "{{ item.pull | default('missing') }}"
image_strict: "{{ item.image_strict | default(false) }}" image_strict: "{{ item.image_strict | bool | default(omit) }}"
arch: "{{ item.arch | default(omit) }}" arch: "{{ item.arch | default(omit) }}"
os: "{{ item.os | default(omit) }}" os: "{{ item.os | default(omit) }}"
platform: "{{ item.platform | default(omit) }}" platform: "{{ item.platform | default(omit) }}"
@@ -180,8 +180,8 @@
# Special options # Special options
attach: "{{ item.attach | default(omit) }}" attach: "{{ item.attach | default(omit) }}"
detach_keys: "{{ item.detach_keys | default(omit) }}" detach_keys: "{{ item.detach_keys | default(omit) }}"
sig_proxy: "{{ item.sig_proxy | default(true) }}" sig_proxy: "{{ item.sig_proxy | bool | default(omit) }}"
http_proxy: "{{ item.http_proxy | default(true) }}" http_proxy: "{{ item.http_proxy | bool | default(omit) }}"
# Advanced options # Advanced options
chrootdirs: "{{ item.chrootdirs | default(omit) }}" chrootdirs: "{{ item.chrootdirs | default(omit) }}"
@@ -193,7 +193,7 @@
preserve_fds: "{{ item.preserve_fds | default(omit) }}" preserve_fds: "{{ item.preserve_fds | default(omit) }}"
rdt_class: "{{ item.rdt_class | default(omit) }}" rdt_class: "{{ item.rdt_class | default(omit) }}"
requires: "{{ item.requires | default(omit) }}" requires: "{{ item.requires | default(omit) }}"
rootfs: "{{ item.rootfs | default(false) }}" rootfs: "{{ item.rootfs | bool | default(omit) }}"
sdnotify: "{{ item.sdnotify | default(omit) }}" sdnotify: "{{ item.sdnotify | default(omit) }}"
secrets: "{{ item.secrets | default(omit) }}" secrets: "{{ item.secrets | default(omit) }}"
timezone: "{{ item.timezone | default(omit) }}" timezone: "{{ item.timezone | default(omit) }}"
@@ -214,13 +214,13 @@
# Control options # Control options
cmd_args: "{{ item.cmd_args | default(omit) }}" cmd_args: "{{ item.cmd_args | default(omit) }}"
executable: "{{ item.executable | default('podman') }}" executable: "{{ item.executable | default('podman') }}"
recreate: "{{ item.recreate | default(false) }}" recreate: "{{ item.recreate | bool | default(omit) }}"
force_restart: "{{ item.force_restart | default(false) }}" force_restart: "{{ item.force_restart | bool | default(omit) }}"
force_delete: "{{ item.force_delete | default(true) }}" force_delete: "{{ item.force_delete | bool | default(omit) }}"
delete_depend: "{{ item.delete_depend | default(false) }}" delete_depend: "{{ item.delete_depend | bool | default(omit) }}"
delete_time: "{{ item.delete_time | default(omit) }}" delete_time: "{{ item.delete_time | default(omit) }}"
delete_volumes: "{{ item.delete_volumes | default(false) }}" delete_volumes: "{{ item.delete_volumes | bool | default(omit) }}"
debug: "{{ item.debug | default(false) }}" debug: "{{ item.debug | bool | default(omit) }}"
loop: "{{ podman_containers }}" loop: "{{ podman_containers }}"
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"

8
tasks/pods.yml
View File

@@ -10,7 +10,7 @@
volume: "{{ item.volumes | default(omit) }}" volume: "{{ item.volumes | default(omit) }}"
label: "{{ item.labels | default(omit) }}" label: "{{ item.labels | default(omit) }}"
hostname: "{{ item.hostname | default(omit) }}" hostname: "{{ item.hostname | default(omit) }}"
infra: "{{ item.infra | default(true) }}" infra: "{{ item.infra | default(omit) }}"
infra_image: "{{ item.infra_image | default(omit) }}" infra_image: "{{ item.infra_image | default(omit) }}"
infra_command: "{{ item.infra_command | default(omit) }}" infra_command: "{{ item.infra_command | default(omit) }}"
infra_name: "{{ item.infra_name | default(omit) }}" infra_name: "{{ item.infra_name | default(omit) }}"
@@ -21,7 +21,7 @@
ip: "{{ item.ip | default(omit) }}" ip: "{{ item.ip | default(omit) }}"
ip6: "{{ item.ip6 | default(omit) }}" ip6: "{{ item.ip6 | default(omit) }}"
mac_address: "{{ item.mac_address | default(omit) }}" mac_address: "{{ item.mac_address | default(omit) }}"
no_hosts: "{{ item.no_hosts | default(false) }}" no_hosts: "{{ item.no_hosts | default(omit) }}"
share: "{{ item.share | default(omit) }}" share: "{{ item.share | default(omit) }}"
share_parent: "{{ item.share_parent | default(omit) }}" share_parent: "{{ item.share_parent | default(omit) }}"
userns: "{{ item.userns | default(omit) }}" userns: "{{ item.userns | default(omit) }}"
@@ -59,8 +59,8 @@
quadlet_filename: "{{ item.quadlet_filename | default(omit) }}" quadlet_filename: "{{ item.quadlet_filename | default(omit) }}"
quadlet_file_mode: "{{ item.quadlet_file_mode | default(omit) }}" quadlet_file_mode: "{{ item.quadlet_file_mode | default(omit) }}"
quadlet_options: "{{ item.quadlet_options | default(omit) }}" quadlet_options: "{{ item.quadlet_options | default(omit) }}"
recreate: "{{ item.recreate | default(false) }}" recreate: "{{ item.recreate | default(omit) }}"
debug: "{{ item.debug | default(false) }}" debug: "{{ item.debug | default(omit) }}"
loop: "{{ podman_pods }}" loop: "{{ podman_pods }}"
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"

46
tasks/systemd.yml
View File

@@ -2,49 +2,55 @@
# Generate systemd service files for Podman containers and pods # Generate systemd service files for Podman containers and pods
- name: Generate systemd service files for containers - name: Generate systemd service files for containers
vars:
systemd_opts: "{{ item.systemd if item.systemd is defined else (item.generate_systemd if item.generate_systemd is defined else {}) }}"
containers.podman.podman_generate_systemd: containers.podman.podman_generate_systemd:
name: "{{ item.name }}" name: "{{ item.name }}"
dest: "{{ podman_systemd_dir }}" dest: "{{ podman_systemd_dir }}"
new: "{{ podman_systemd_options.new }}" new: "{{ podman_systemd_options.new }}"
force: "{{ podman_systemd_options.force }}" force: "{{ podman_systemd_options.force }}"
restart_policy: "{{ item.systemd.restart_policy | default(podman_systemd_options.restart_policy) }}" restart_policy: "{{ systemd_opts.restart_policy | default(podman_systemd_options.restart_policy) }}"
stop_timeout: "{{ item.systemd.stop_timeout | default(podman_systemd_options.stop_timeout) }}" stop_timeout: "{{ systemd_opts.stop_timeout | default(podman_systemd_options.stop_timeout) }}"
no_header: "{{ item.systemd.no_header | default(podman_systemd_options.no_header) }}" no_header: "{{ systemd_opts.no_header | default(podman_systemd_options.no_header) }}"
separator: "{{ item.systemd.separator | default(podman_systemd_options.separator) }}" separator: "{{ systemd_opts.separator | default(podman_systemd_options.separator) }}"
wants: "{{ item.systemd.wants | default(podman_systemd_options.wants) }}" wants: "{{ systemd_opts.wants | default(podman_systemd_options.wants) }}"
after: "{{ item.systemd.after | default(podman_systemd_options.after) }}" after: "{{ systemd_opts.after | default(podman_systemd_options.after) }}"
requires: "{{ item.systemd.requires | default(podman_systemd_options.requires) }}" requires: "{{ systemd_opts.requires | default(podman_systemd_options.requires) }}"
container_prefix: "{{ item.systemd.container_prefix | default(podman_systemd_options.container_prefix) }}" container_prefix: "{{ systemd_opts.container_prefix | default(podman_systemd_options.container_prefix) }}"
pod_prefix: "{{ item.systemd.pod_prefix | default(podman_systemd_options.pod_prefix) }}" pod_prefix: "{{ systemd_opts.pod_prefix | default(podman_systemd_options.pod_prefix) }}"
loop: "{{ podman_containers | selectattr('systemd', 'defined') | list }}" loop: "{{ podman_containers }}"
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"
when: when:
- podman_generate_systemd | bool - podman_generate_systemd | bool
- podman_containers is defined - podman_containers is defined
- podman_containers | length > 0 - podman_containers | length > 0
- (item.systemd is defined) or (item.generate_systemd is defined)
notify: Reload systemd notify: Reload systemd
- name: Generate systemd service files for pods - name: Generate systemd service files for pods
vars:
systemd_opts: "{{ item.systemd if item.systemd is defined else (item.generate_systemd if item.generate_systemd is defined else {}) }}"
containers.podman.podman_generate_systemd: containers.podman.podman_generate_systemd:
name: "{{ item.name }}" name: "{{ item.name }}"
dest: "{{ podman_systemd_dir }}" dest: "{{ podman_systemd_dir }}"
new: "{{ podman_systemd_options.new }}" new: "{{ podman_systemd_options.new }}"
force: "{{ podman_systemd_options.force }}" force: "{{ podman_systemd_options.force }}"
restart_policy: "{{ item.systemd.restart_policy | default(podman_systemd_options.restart_policy) }}" restart_policy: "{{ systemd_opts.restart_policy | default(podman_systemd_options.restart_policy) }}"
stop_timeout: "{{ item.systemd.stop_timeout | default(podman_systemd_options.stop_timeout) }}" stop_timeout: "{{ systemd_opts.stop_timeout | default(podman_systemd_options.stop_timeout) }}"
no_header: "{{ item.systemd.no_header | default(podman_systemd_options.no_header) }}" no_header: "{{ systemd_opts.no_header | default(podman_systemd_options.no_header) }}"
separator: "{{ item.systemd.separator | default(podman_systemd_options.separator) }}" separator: "{{ systemd_opts.separator | default(podman_systemd_options.separator) }}"
wants: "{{ item.systemd.wants | default(podman_systemd_options.wants) }}" wants: "{{ systemd_opts.wants | default(podman_systemd_options.wants) }}"
after: "{{ item.systemd.after | default(podman_systemd_options.after) }}" after: "{{ systemd_opts.after | default(podman_systemd_options.after) }}"
requires: "{{ item.systemd.requires | default(podman_systemd_options.requires) }}" requires: "{{ systemd_opts.requires | default(podman_systemd_options.requires) }}"
container_prefix: "{{ item.systemd.container_prefix | default(podman_systemd_options.container_prefix) }}" container_prefix: "{{ systemd_opts.container_prefix | default(podman_systemd_options.container_prefix) }}"
pod_prefix: "{{ item.systemd.pod_prefix | default(podman_systemd_options.pod_prefix) }}" pod_prefix: "{{ systemd_opts.pod_prefix | default(podman_systemd_options.pod_prefix) }}"
loop: "{{ podman_pods | selectattr('systemd', 'defined') | list }}" loop: "{{ podman_pods }}"
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"
when: when:
- podman_generate_systemd | bool - podman_generate_systemd | bool
- podman_pods is defined - podman_pods is defined
- podman_pods | length > 0 - podman_pods | length > 0
- (item.systemd is defined) or (item.generate_systemd is defined)
notify: Reload systemd notify: Reload systemd

14
vars/Debian.yml
View File

@@ -1,14 +0,0 @@
---
# OS-specific variables for Debian/Ubuntu
# Package names may vary between distributions
podman_packages:
- podman
- buildah
- skopeo
podman_additional_packages:
- crun
- fuse-overlayfs
- slirp4netns
- uidmap