Update with latest out of band changes

2026-01-21 10:11:18 +01:00
parent 17fea0e02b
commit 6177112df8
6 changed files with 61 additions and 58 deletions
--- a/README.md
+++ b/README.md
@@ -5,6 +5,7 @@
 ## 🚀 Quick Start

 ### 1. Basic Setup
+
 ```yaml
 - hosts: servers
  roles:
@@ -38,7 +39,7 @@ podman_containers:
    env:
      DATABASE_URL: "postgresql://postgres@db:5432/app"
    
-  - name: database
+  - name: postgres
    image: postgres:15
    volumes:
      - "db-data:/var/lib/postgresql/data"
@@ -134,9 +135,6 @@ podman_networks:
 #### Volumes

 ```yaml
-# Toggle automatic creation of host directories for bind mounts
-podman_create_volumes: true
-
 podman_volumes:
  - name: db_data
    # state defaults to 'quadlet'
@@ -174,6 +172,15 @@ podman_policy_trusted_registries:
    insecure: false
    mirror:
      - location: "backup.company.com"
+
+# Additional registries (for special mirror/proxy configurations)
+podman_registries_additional:
+  - location: "internal-mirror.company.com"
+    insecure: false
+    blocked: false
+    mirror:
+      - location: "docker.io"
+        insecure: false
 ```

 #### Systemd Service Generation
@@ -190,6 +197,13 @@ podman_systemd_options:
  pod_prefix: "pod-"
 ```

+#### Container Defaults
+
+```yaml
+# Auto-remove containers when they exit (applies to all containers unless overridden)
+podman_auto_remove: true
+```
+
 #### Resource Cleanup

 ```yaml
@@ -217,8 +231,11 @@ podman_storage_runroot: /run/containers/storage
 ```yaml
 podman_enable_socket: true      # Enable Podman socket
 podman_enable_api_service: true # Enable REST API
+podman_enable_auto_update: true # Enable automatic container updates
 ```

+> **Note:** When using `podman_enable_auto_update`, containers must use **fully qualified image names** including the registry (e.g., `docker.io/postgres:15` instead of `postgres:15`) and should have `AutoUpdate=registry` in their `quadlet_options` or be configured with Quadlet state.
+
 ---

 ## 🏷️ Available Tags
@@ -352,9 +369,6 @@ ansible-playbook -t podman-networks playbook.yml
            env:
              DATABASE_URL: "postgresql://postgres:{{ vault_db_password }}@postgres:5432/myapp"
              REDIS_URL: "redis://redis:6379"
-            depends_on:
-              - postgres
-              - redis
 ```

 ---
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -165,6 +165,7 @@ podman_policy_trusted_registries:
 # Service management
 podman_enable_socket: false
 podman_enable_api_service: false
+podman_enable_auto_update: false

 # Determine if Quadlet should be used (Debian 13+ or other distros)
 podman_use_quadlet: "{{ not (ansible_distribution | default('Debian') == 'Debian' and ansible_distribution_major_version | default('13') | int < 13) }}"
@@ -526,7 +527,6 @@ podman_networks: []
 #       - "10.10.0.0/16,192.168.1.1"

 # Volume management
-podman_create_volumes: true
 podman_volume_defaults:
  state: "{{ 'quadlet' if podman_use_quadlet else 'present' }}"
  quadlet_options:
@@ -656,7 +656,6 @@ podman_systemd_options:
  requires: []
  container_prefix: "container-"
  pod_prefix: "pod-"
-  restart_sec: 30

 ### Prune Configuration
 podman_prune_enabled: true
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -11,30 +11,6 @@
  ansible.builtin.systemd:
    daemon_reload: true

- name: Restart Podman pods
-  ansible.builtin.systemd:
-    name: "{{ (podman_systemd_options.pod_prefix if podman_generate_systemd | bool else '') ~ item ~ ('-pod' if not podman_generate_systemd | bool else '') }}"
-    state: restarted
-  listen: Reload systemd
-  loop: "{{ podman_pod_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }}"
-  loop_control:
-    label: "{{ item }}"
-  when:
-    - podman_pod_output is defined
-    - podman_pod_output.results | length > 0
-
- name: Restart Podman containers
-  ansible.builtin.systemd:
-    name: "{{ (podman_systemd_options.container_prefix if podman_generate_systemd | bool else '') ~ item }}"
-    state: restarted
-  listen: Reload systemd
-  loop: "{{ podman_container_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }}"
-  loop_control:
-    label: "{{ item }}"
-  when:
-    - podman_container_output is defined
-    - podman_container_output.results | length > 0
-
 - name: Restart Podman networks
  ansible.builtin.systemd:
    name: "{{ item }}-network"
@@ -60,3 +36,27 @@
    - podman_volume_output is defined
    - podman_volume_output.results | length > 0
    - not podman_generate_systemd | bool
+
+- name: Restart Podman pods
+  ansible.builtin.systemd:
+    name: "{{ (podman_systemd_options.pod_prefix if podman_generate_systemd | bool else '') ~ item ~ ('-pod' if not podman_generate_systemd | bool else '') }}"
+    state: restarted
+  listen: Reload systemd
+  loop: "{{ podman_pod_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }}"
+  loop_control:
+    label: "{{ item }}"
+  when:
+    - podman_pod_output is defined
+    - podman_pod_output.results | length > 0
+
+- name: Restart Podman containers
+  ansible.builtin.systemd:
+    name: "{{ (podman_systemd_options.container_prefix if podman_generate_systemd | bool else '') ~ item }}"
+    state: restarted
+  listen: Reload systemd
+  loop: "{{ podman_container_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }}"
+  loop_control:
+    label: "{{ item }}"
+  when:
+    - podman_container_output is defined
+    - podman_container_output.results | length > 0
--- a/tasks/host_directories.yml
+++ b/tasks/host_directories.yml
@@ -1,18 +0,0 @@
---
-# Ensure volumes are created
-
- name: Create bind mount directories from containers
-  ansible.builtin.file:
-    path: "{{ item.1.split(':')[0] }}"
-    state: directory
-    mode: '0755'
-    owner: root
-    group: root
-  loop: "{{ podman_containers | subelements('volumes', skip_missing=True) }}"
-  when:
-    - podman_create_volumes | bool
-    - item.1 is string
-    - item.1.split(':')[0] | dirname | length > 0
-    - item.1.split(':')[0].startswith('/') or item.1.split(':')[0].startswith('./')
-  loop_control:
-    label: "{{ item.0.name }} -> {{ item.1.split(':')[0] }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -26,13 +26,6 @@
    - podman
    - podman-networks

- name: Create volume directories
-  ansible.builtin.include_tasks: host_directories.yml
-  when: podman_create_volumes | bool
-  tags:
-    - podman
-    - podman-volumes
-
 - name: Manage Podman volumes
  ansible.builtin.include_tasks: volumes.yml
  when: podman_volumes | length > 0
--- a/tasks/services.yml
+++ b/tasks/services.yml
@@ -30,3 +30,18 @@
    enabled: false
    state: stopped
  when: not podman_enable_api_service
+
+- name: Enable and start Podman auto-update service
+  ansible.builtin.systemd:
+    name: podman-auto-update.service
+    enabled: true
+    state: started
+    daemon_reload: true
+  when: podman_enable_auto_update
+
+- name: Disable Podman auto-update service
+  ansible.builtin.systemd:
+    name: podman-auto-update.service
+    enabled: false
+    state: stopped
+  when: not podman_enable_auto_update