From 6177112df835645c95de38ca6eb15c2a6d690f81 Mon Sep 17 00:00:00 2001 From: Daniel Akulenok Date: Wed, 21 Jan 2026 10:11:18 +0100 Subject: [PATCH] Update with latest out of band changes --- README.md | 28 ++++++++++++++++------ defaults/main.yml | 3 +-- handlers/main.yml | 48 +++++++++++++++++++------------------- tasks/host_directories.yml | 18 -------------- tasks/main.yml | 7 ------ tasks/services.yml | 15 ++++++++++++ 6 files changed, 61 insertions(+), 58 deletions(-) delete mode 100644 tasks/host_directories.yml diff --git a/README.md b/README.md index 97978bd..d817d1e 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ ## 🚀 Quick Start ### 1. Basic Setup + ```yaml - hosts: servers roles: @@ -38,7 +39,7 @@ podman_containers: env: DATABASE_URL: "postgresql://postgres@db:5432/app" - - name: database + - name: postgres image: postgres:15 volumes: - "db-data:/var/lib/postgresql/data" @@ -134,9 +135,6 @@ podman_networks: #### Volumes ```yaml -# Toggle automatic creation of host directories for bind mounts -podman_create_volumes: true - podman_volumes: - name: db_data # state defaults to 'quadlet' @@ -174,6 +172,15 @@ podman_policy_trusted_registries: insecure: false mirror: - location: "backup.company.com" + +# Additional registries (for special mirror/proxy configurations) +podman_registries_additional: + - location: "internal-mirror.company.com" + insecure: false + blocked: false + mirror: + - location: "docker.io" + insecure: false ``` #### Systemd Service Generation @@ -190,6 +197,13 @@ podman_systemd_options: pod_prefix: "pod-" ``` +#### Container Defaults + +```yaml +# Auto-remove containers when they exit (applies to all containers unless overridden) +podman_auto_remove: true +``` + #### Resource Cleanup ```yaml @@ -217,8 +231,11 @@ podman_storage_runroot: /run/containers/storage ```yaml podman_enable_socket: true # Enable Podman socket podman_enable_api_service: true # Enable REST API +podman_enable_auto_update: true # Enable automatic container updates ``` +> **Note:** When using `podman_enable_auto_update`, containers must use **fully qualified image names** including the registry (e.g., `docker.io/postgres:15` instead of `postgres:15`) and should have `AutoUpdate=registry` in their `quadlet_options` or be configured with Quadlet state. + --- ## 🏷️ Available Tags @@ -352,9 +369,6 @@ ansible-playbook -t podman-networks playbook.yml env: DATABASE_URL: "postgresql://postgres:{{ vault_db_password }}@postgres:5432/myapp" REDIS_URL: "redis://redis:6379" - depends_on: - - postgres - - redis ``` --- diff --git a/defaults/main.yml b/defaults/main.yml index 7bdd496..35c78cd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -165,6 +165,7 @@ podman_policy_trusted_registries: # Service management podman_enable_socket: false podman_enable_api_service: false +podman_enable_auto_update: false # Determine if Quadlet should be used (Debian 13+ or other distros) podman_use_quadlet: "{{ not (ansible_distribution | default('Debian') == 'Debian' and ansible_distribution_major_version | default('13') | int < 13) }}" @@ -526,7 +527,6 @@ podman_networks: [] # - "10.10.0.0/16,192.168.1.1" # Volume management -podman_create_volumes: true podman_volume_defaults: state: "{{ 'quadlet' if podman_use_quadlet else 'present' }}" quadlet_options: @@ -656,7 +656,6 @@ podman_systemd_options: requires: [] container_prefix: "container-" pod_prefix: "pod-" - restart_sec: 30 ### Prune Configuration podman_prune_enabled: true diff --git a/handlers/main.yml b/handlers/main.yml index 5e3dc2c..7595888 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -11,30 +11,6 @@ ansible.builtin.systemd: daemon_reload: true -- name: Restart Podman pods - ansible.builtin.systemd: - name: "{{ (podman_systemd_options.pod_prefix if podman_generate_systemd | bool else '') ~ item ~ ('-pod' if not podman_generate_systemd | bool else '') }}" - state: restarted - listen: Reload systemd - loop: "{{ podman_pod_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }}" - loop_control: - label: "{{ item }}" - when: - - podman_pod_output is defined - - podman_pod_output.results | length > 0 - -- name: Restart Podman containers - ansible.builtin.systemd: - name: "{{ (podman_systemd_options.container_prefix if podman_generate_systemd | bool else '') ~ item }}" - state: restarted - listen: Reload systemd - loop: "{{ podman_container_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }}" - loop_control: - label: "{{ item }}" - when: - - podman_container_output is defined - - podman_container_output.results | length > 0 - - name: Restart Podman networks ansible.builtin.systemd: name: "{{ item }}-network" @@ -60,3 +36,27 @@ - podman_volume_output is defined - podman_volume_output.results | length > 0 - not podman_generate_systemd | bool + +- name: Restart Podman pods + ansible.builtin.systemd: + name: "{{ (podman_systemd_options.pod_prefix if podman_generate_systemd | bool else '') ~ item ~ ('-pod' if not podman_generate_systemd | bool else '') }}" + state: restarted + listen: Reload systemd + loop: "{{ podman_pod_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }}" + loop_control: + label: "{{ item }}" + when: + - podman_pod_output is defined + - podman_pod_output.results | length > 0 + +- name: Restart Podman containers + ansible.builtin.systemd: + name: "{{ (podman_systemd_options.container_prefix if podman_generate_systemd | bool else '') ~ item }}" + state: restarted + listen: Reload systemd + loop: "{{ podman_container_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }}" + loop_control: + label: "{{ item }}" + when: + - podman_container_output is defined + - podman_container_output.results | length > 0 diff --git a/tasks/host_directories.yml b/tasks/host_directories.yml deleted file mode 100644 index a760d8d..0000000 --- a/tasks/host_directories.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Ensure volumes are created - -- name: Create bind mount directories from containers - ansible.builtin.file: - path: "{{ item.1.split(':')[0] }}" - state: directory - mode: '0755' - owner: root - group: root - loop: "{{ podman_containers | subelements('volumes', skip_missing=True) }}" - when: - - podman_create_volumes | bool - - item.1 is string - - item.1.split(':')[0] | dirname | length > 0 - - item.1.split(':')[0].startswith('/') or item.1.split(':')[0].startswith('./') - loop_control: - label: "{{ item.0.name }} -> {{ item.1.split(':')[0] }}" diff --git a/tasks/main.yml b/tasks/main.yml index 4bf6364..bd561a2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -26,13 +26,6 @@ - podman - podman-networks -- name: Create volume directories - ansible.builtin.include_tasks: host_directories.yml - when: podman_create_volumes | bool - tags: - - podman - - podman-volumes - - name: Manage Podman volumes ansible.builtin.include_tasks: volumes.yml when: podman_volumes | length > 0 diff --git a/tasks/services.yml b/tasks/services.yml index 13ff076..3f9caee 100644 --- a/tasks/services.yml +++ b/tasks/services.yml @@ -30,3 +30,18 @@ enabled: false state: stopped when: not podman_enable_api_service + +- name: Enable and start Podman auto-update service + ansible.builtin.systemd: + name: podman-auto-update.service + enabled: true + state: started + daemon_reload: true + when: podman_enable_auto_update + +- name: Disable Podman auto-update service + ansible.builtin.systemd: + name: podman-auto-update.service + enabled: false + state: stopped + when: not podman_enable_auto_update