daniel/ansible-podman
1
0
Fork 0
Code Pull Requests Activity

init

Browse Source
This commit is contained in:
Daniel Akulenok
2025-09-05 22:49:16 +02:00
commit 9cfd12e745
23 changed files with 1646 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
tasks/configure.yml Normal file
View File

@@ -0,0 +1,58 @@
---
# Configure Podman
- name: Ensure containers configuration directory exists
ansible.builtin.file:
path: /etc/containers
state: directory
owner: root
group: root
mode: "0755"
- name: Configure container registries
ansible.builtin.template:
src: registries.conf.j2
dest: "{{ podman_registries_conf_path }}"
owner: root
group: root
mode: "0644"
backup: true
when: podman_configure_registries
notify:
- restart podman
- name: Configure container storage
ansible.builtin.template:
src: storage.conf.j2
dest: "{{ podman_storage_conf_path }}"
owner: root
group: root
mode: "0644"
backup: true
when: podman_configure_storage
notify:
- restart podman
- name: Configure container policy
ansible.builtin.template:
src: policy.json.j2
dest: "{{ podman_policy_path }}"
owner: root
group: root
mode: "0644"
backup: true
when: podman_configure_policy
notify:
- restart podman
- name: Ensure storage directories exist
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: "0755"
loop:
- "{{ podman_storage_runroot }}"
- "{{ podman_storage_graphroot }}"
when: podman_configure_storage

241
tasks/containers.yml Normal file
View File

@@ -0,0 +1,241 @@
---
# Manage Podman containers
- name: Manage Podman containers
containers.podman.podman_container:
name: "{{ item.name }}"
image: "{{ item.image }}"
state: "{{ item.state | default('present') }}"
# Basic container configuration
command: "{{ item.command | default(omit) }}"
entrypoint: "{{ item.entrypoint | default(omit) }}"
user: "{{ item.user | default(omit) }}"
workdir: "{{ item.working_dir | default(omit) }}"
hostname: "{{ item.hostname | default(omit) }}"
# Container runtime options
detach: "{{ item.detach | default(true) }}"
interactive: "{{ item.interactive | default(false) }}"
tty: "{{ item.tty | default(false) }}"
rm: "{{ item.auto_remove | default(false) }}"
rmi: "{{ item.remove_image | default(false) }}"
privileged: "{{ item.privileged | default(false) }}"
read_only: "{{ item.read_only | default(false) }}"
read_only_tmpfs: "{{ item.read_only_tmpfs | default(true) }}"
init: "{{ item.init | default(false) }}"
init_path: "{{ item.init_path | default(omit) }}"
# Networking
network: "{{ item.networks | default(omit) }}"
publish: "{{ item.ports | default(omit) }}"
publish_all: "{{ item.publish_all | default(false) }}"
expose: "{{ item.expose | default(omit) }}"
ip: "{{ item.ip | default(omit) }}"
ip6: "{{ item.ip6 | default(omit) }}"
mac_address: "{{ item.mac_address | default(omit) }}"
network_aliases: "{{ item.network_aliases | default(omit) }}"
dns: "{{ item.dns | default(omit) }}"
dns_option: "{{ item.dns_options | default(omit) }}"
dns_search: "{{ item.dns_search | default(omit) }}"
etc_hosts: "{{ item.add_hosts | default(omit) }}"
no_hosts: "{{ item.no_hosts | default(false) }}"
# Storage and volumes
volume: "{{ item.volumes | default(omit) }}"
volumes_from: "{{ item.volumes_from | default(omit) }}"
mount: "{{ item.mounts | default(omit) }}"
tmpfs: "{{ item.tmpfs | default(omit) }}"
image_volume: "{{ item.image_volume | default(omit) }}"
# Environment variables
env: "{{ item.env | default(omit) }}"
env_file: "{{ item.env_files | default(omit) }}"
env_host: "{{ item.env_host | default(false) }}"
env_merge: "{{ item.env_merge | default(omit) }}"
unsetenv: "{{ item.unsetenv | default(omit) }}"
unsetenv_all: "{{ item.unsetenv_all | default(false) }}"
# Resource constraints
memory: "{{ item.memory | default(omit) }}"
memory_reservation: "{{ item.memory_reservation | default(omit) }}"
memory_swap: "{{ item.memory_swap | default(omit) }}"
memory_swappiness: "{{ item.memory_swappiness | default(omit) }}"
kernel_memory: "{{ item.kernel_memory | default(omit) }}"
cpus: "{{ item.cpus | default(omit) }}"
cpu_shares: "{{ item.cpu_shares | default(omit) }}"
cpu_period: "{{ item.cpu_period | default(omit) }}"
cpu_quota: "{{ item.cpu_quota | default(omit) }}"
cpu_rt_period: "{{ item.cpu_rt_period | default(omit) }}"
cpu_rt_runtime: "{{ item.cpu_rt_runtime | default(omit) }}"
cpuset_cpus: "{{ item.cpuset_cpus | default(omit) }}"
cpuset_mems: "{{ item.cpuset_mems | default(omit) }}"
blkio_weight: "{{ item.blkio_weight | default(omit) }}"
blkio_weight_device: "{{ item.blkio_weight_device | default(omit) }}"
oom_kill_disable: "{{ item.oom_kill_disable | default(false) }}"
oom_score_adj: "{{ item.oom_score_adj | default(omit) }}"
pids_limit: "{{ item.pids_limit | default(omit) }}"
# Device access
device: "{{ item.devices | default(omit) }}"
device_cgroup_rule: "{{ item.device_cgroup_rule | default(omit) }}"
device_read_bps: "{{ item.device_read_bps | default(omit) }}"
device_read_iops: "{{ item.device_read_iops | default(omit) }}"
device_write_bps: "{{ item.device_write_bps | default(omit) }}"
device_write_iops: "{{ item.device_write_iops | default(omit) }}"
gpus: "{{ item.gpus | default(omit) }}"
# Security options
security_opt: "{{ item.security_opt | default(omit) }}"
cap_add: "{{ item.cap_add | default(omit) }}"
cap_drop: "{{ item.cap_drop | default(omit) }}"
seccomp_policy: "{{ item.seccomp_policy | default(omit) }}"
userns: "{{ item.userns | default(omit) }}"
uidmap: "{{ item.uidmap | default(omit) }}"
gidmap: "{{ item.gidmap | default(omit) }}"
subuidname: "{{ item.subuidname | default(omit) }}"
subgidname: "{{ item.subgidname | default(omit) }}"
group_add: "{{ item.groups | default(omit) }}"
group_entry: "{{ item.group_entry | default(omit) }}"
passwd: "{{ item.passwd | default(omit) }}"
passwd_entry: "{{ item.passwd_entry | default(omit) }}"
# Namespaces
ipc: "{{ item.ipc_mode | default(omit) }}"
pid: "{{ item.pid_mode | default(omit) }}"
uts: "{{ item.uts | default(omit) }}"
cgroupns: "{{ item.cgroupns | default(omit) }}"
# Cgroups
cgroups: "{{ item.cgroups | default(omit) }}"
cgroup_parent: "{{ item.cgroup_parent | default(omit) }}"
cgroup_conf: "{{ item.cgroup_conf | default(omit) }}"
# System configuration
sysctl: "{{ item.sysctl | default(omit) }}"
systemd: "{{ item.systemd | default(omit) }}"
ulimit: "{{ item.ulimits | default(omit) }}"
umask: "{{ item.umask | default(omit) }}"
# Shared memory and tmpfs
shm_size: "{{ item.shm_size | default(omit) }}"
shm_size_systemd: "{{ item.shm_size_systemd | default(omit) }}"
# Pods
pod: "{{ item.pod | default(omit) }}"
pod_id_file: "{{ item.pod_id_file | default(omit) }}"
# Logging
log_driver: "{{ item.log_driver | default(omit) }}"
log_opt: "{{ item.log_options | default(omit) }}"
log_level: "{{ item.log_level | default(omit) }}"
# Health checks
healthcheck: "{{ item.healthcheck | default(omit) }}"
healthcheck_interval: "{{ item.healthcheck_interval | default(omit) }}"
healthcheck_timeout: "{{ item.healthcheck_timeout | default(omit) }}"
healthcheck_start_period: "{{ item.healthcheck_start_period | default(omit) }}"
healthcheck_retries: "{{ item.healthcheck_retries | default(omit) }}"
healthcheck_failure_action: "{{ item.healthcheck_failure_action | default(omit) }}"
no_healthcheck: "{{ item.no_healthcheck | default(false) }}"
# Startup health checks
health_startup_cmd: "{{ item.health_startup_cmd | default(omit) }}"
health_startup_interval: "{{ item.health_startup_interval | default(omit) }}"
health_startup_timeout: "{{ item.health_startup_timeout | default(omit) }}"
health_startup_retries: "{{ item.health_startup_retries | default(omit) }}"
health_startup_success: "{{ item.health_startup_success | default(omit) }}"
# Metadata and labels
label: "{{ item.labels | default(omit) }}"
label_file: "{{ item.label_file | default(omit) }}"
annotation: "{{ item.annotations | default(omit) }}"
# Container lifecycle
restart_policy: "{{ item.restart_policy | default('no') }}"
restart_time: "{{ item.restart_time | default(omit) }}"
stop_signal: "{{ item.stop_signal | default(omit) }}"
stop_time: "{{ item.stop_time | default(omit) }}"
stop_timeout: "{{ item.stop_timeout | default(omit) }}"
timeout: "{{ item.timeout | default(omit) }}"
# Pull and image options
pull: "{{ item.pull | default('missing') }}"
image_strict: "{{ item.image_strict | default(false) }}"
arch: "{{ item.arch | default(omit) }}"
os: "{{ item.os | default(omit) }}"
platform: "{{ item.platform | default(omit) }}"
variant: "{{ item.variant | default(omit) }}"
# Registry and authentication
authfile: "{{ item.authfile | default(omit) }}"
tls_verify: "{{ item.tls_verify | default(omit) }}"
decryption_key: "{{ item.decryption_key | default(omit) }}"
# File operations
cidfile: "{{ item.cidfile | default(omit) }}"
conmon_pidfile: "{{ item.conmon_pidfile | default(omit) }}"
pid_file: "{{ item.pid_file | default(omit) }}"
# Special options
attach: "{{ item.attach | default(omit) }}"
detach_keys: "{{ item.detach_keys | default(omit) }}"
sig_proxy: "{{ item.sig_proxy | default(true) }}"
http_proxy: "{{ item.http_proxy | default(true) }}"
# Advanced options
chrootdirs: "{{ item.chrootdirs | default(omit) }}"
hooks_dir: "{{ item.hooks_dir | default(omit) }}"
hostuser: "{{ item.hostuser | default(omit) }}"
init_ctr: "{{ item.init_ctr | default(omit) }}"
personality: "{{ item.personality | default(omit) }}"
preserve_fd: "{{ item.preserve_fd | default(omit) }}"
preserve_fds: "{{ item.preserve_fds | default(omit) }}"
rdt_class: "{{ item.rdt_class | default(omit) }}"
requires: "{{ item.requires | default(omit) }}"
rootfs: "{{ item.rootfs | default(false) }}"
sdnotify: "{{ item.sdnotify | default(omit) }}"
secrets: "{{ item.secrets | default(omit) }}"
timezone: "{{ item.timezone | default(omit) }}"
# Retry options
retry: "{{ item.retry | default(omit) }}"
retry_delay: "{{ item.retry_delay | default(omit) }}"
# Systemd generation
generate_systemd: "{{ item.generate_systemd | default(omit) }}"
# Quadlet options
quadlet_dir: "{{ item.quadlet_dir | default(omit) }}"
quadlet_filename: "{{ item.quadlet_filename | default(omit) }}"
quadlet_file_mode: "{{ item.quadlet_file_mode | default(omit) }}"
quadlet_options: "{{ item.quadlet_options | default(omit) }}"
# Control options
cmd_args: "{{ item.cmd_args | default(omit) }}"
executable: "{{ item.executable | default('podman') }}"
recreate: "{{ item.recreate | default(false) }}"
force_restart: "{{ item.force_restart | default(false) }}"
force_delete: "{{ item.force_delete | default(true) }}"
delete_depend: "{{ item.delete_depend | default(false) }}"
delete_time: "{{ item.delete_time | default(omit) }}"
delete_volumes: "{{ item.delete_volumes | default(false) }}"
debug: "{{ item.debug | default(false) }}"
loop: "{{ podman_containers }}"
loop_control:
label: "{{ item.name }}"
register: podman_container_results
- name: Enable and start container systemd services
ansible.builtin.systemd:
name: "container-{{ item.item.name }}"
enabled: true
state: started
daemon_reload: true
loop: "{{ podman_container_results.results }}"
loop_control:
label: "{{ item.item.name }}"
when:
- item.item.generate_systemd is defined
- item.item.generate_systemd
- item.item.state | default('present') in ['present', 'started']

14
tasks/install.yml Normal file
View File

@@ -0,0 +1,14 @@
---
# Install Podman packages
- name: Update package cache (Debian/Ubuntu)
ansible.builtin.apt:
cache_valid_time: 3600
when: ansible_os_family == "Debian"
- name: Install Podman and related packages
ansible.builtin.package:
name: "{{ podman_packages }}"
state: present
notify:
- restart podman

48
tasks/main.yml Normal file
View File

@@ -0,0 +1,48 @@
---
# tasks file for podman
- name: Install Podman packages
ansible.builtin.include_tasks: install.yml
tags:
- podman
- podman-install
- name: Configure Podman
ansible.builtin.include_tasks: configure.yml
tags:
- podman
- podman-configure
- name: Manage Podman services
ansible.builtin.include_tasks: services.yml
tags:
- podman
- podman-services
- name: Manage Podman networks
ansible.builtin.include_tasks: networks.yml
when: podman_networks | length > 0
tags:
- podman
- podman-networks
- name: Manage Podman volumes
ansible.builtin.include_tasks: volumes.yml
when: podman_volumes | length > 0
tags:
- podman
- podman-volumes
- name: Manage Podman pods
ansible.builtin.include_tasks: pods.yml
when: podman_pods | length > 0
tags:
- podman
- podman-pods
- name: Manage Podman containers
ansible.builtin.include_tasks: containers.yml
when: podman_containers | length > 0
tags:
- podman
- podman-containers

25
tasks/networks.yml Normal file
View File

@@ -0,0 +1,25 @@
---
# Manage Podman networks
- name: Manage Podman networks
containers.podman.podman_network:
name: "{{ item.name }}"
state: "{{ item.state | default('present') }}"
driver: "{{ item.driver | default('bridge') }}"
subnet: "{{ item.subnet | default(omit) }}"
gateway: "{{ item.gateway | default(omit) }}"
ip_range: "{{ item.ip_range | default(omit) }}"
disable_dns: "{{ item.disable_dns | default(false) }}"
internal: "{{ item.internal | default(false) }}"
opt: "{{ item.options | default(omit) }}"
dns: "{{ item.dns | default(omit) }}"
interface_name: "{{ item.interface_name | default(omit) }}"
ipam_driver: "{{ item.ipam_driver | default(omit) }}"
ipv6: "{{ item.ipv6 | default(false) }}"
macvlan: "{{ item.macvlan | default(omit) }}"
net_config: "{{ item.net_config | default(omit) }}"
route: "{{ item.route | default(omit) }}"
recreate: "{{ item.recreate | default(false) }}"
loop: "{{ podman_networks }}"
loop_control:
label: "{{ item.name }}"

66
tasks/pods.yml Normal file
View File

@@ -0,0 +1,66 @@
---
# Manage Podman pods
- name: Manage Podman pods
containers.podman.podman_pod:
name: "{{ item.name }}"
state: "{{ item.state | default('created') }}"
publish: "{{ item.ports | default(omit) }}"
network: "{{ item.networks | default(omit) }}"
volume: "{{ item.volumes | default(omit) }}"
label: "{{ item.labels | default(omit) }}"
hostname: "{{ item.hostname | default(omit) }}"
infra: "{{ item.infra | default(true) }}"
infra_image: "{{ item.infra_image | default(omit) }}"
infra_command: "{{ item.infra_command | default(omit) }}"
infra_name: "{{ item.infra_name | default(omit) }}"
add_host: "{{ item.add_host | default(omit) }}"
dns: "{{ item.dns | default(omit) }}"
dns_opt: "{{ item.dns_opt | default(omit) }}"
dns_search: "{{ item.dns_search | default(omit) }}"
ip: "{{ item.ip | default(omit) }}"
ip6: "{{ item.ip6 | default(omit) }}"
mac_address: "{{ item.mac_address | default(omit) }}"
no_hosts: "{{ item.no_hosts | default(false) }}"
share: "{{ item.share | default(omit) }}"
share_parent: "{{ item.share_parent | default(omit) }}"
userns: "{{ item.userns | default(omit) }}"
uidmap: "{{ item.uidmap | default(omit) }}"
gidmap: "{{ item.gidmap | default(omit) }}"
subuidname: "{{ item.subuidname | default(omit) }}"
subgidname: "{{ item.subgidname | default(omit) }}"
security_opt: "{{ item.security_opt | default(omit) }}"
memory: "{{ item.memory | default(omit) }}"
memory_swap: "{{ item.memory_swap | default(omit) }}"
cpu_shares: "{{ item.cpu_shares | default(omit) }}"
cpus: "{{ item.cpus | default(omit) }}"
cpuset_cpus: "{{ item.cpuset_cpus | default(omit) }}"
cpuset_mems: "{{ item.cpuset_mems | default(omit) }}"
blkio_weight: "{{ item.blkio_weight | default(omit) }}"
blkio_weight_device: "{{ item.blkio_weight_device | default(omit) }}"
device: "{{ item.device | default(omit) }}"
device_read_bps: "{{ item.device_read_bps | default(omit) }}"
device_write_bps: "{{ item.device_write_bps | default(omit) }}"
shm_size: "{{ item.shm_size | default(omit) }}"
shm_size_systemd: "{{ item.shm_size_systemd | default(omit) }}"
sysctl: "{{ item.sysctl | default(omit) }}"
cgroup_parent: "{{ item.cgroup_parent | default(omit) }}"
pid: "{{ item.pid | default(omit) }}"
uts: "{{ item.uts | default(omit) }}"
network_alias: "{{ item.network_alias | default(omit) }}"
volumes_from: "{{ item.volumes_from | default(omit) }}"
exit_policy: "{{ item.exit_policy | default(omit) }}"
restart_policy: "{{ item.restart_policy | default(omit) }}"
pod_id_file: "{{ item.pod_id_file | default(omit) }}"
label_file: "{{ item.label_file | default(omit) }}"
gpus: "{{ item.gpus | default(omit) }}"
generate_systemd: "{{ item.generate_systemd | default(omit) }}"
quadlet_dir: "{{ item.quadlet_dir | default(omit) }}"
quadlet_filename: "{{ item.quadlet_filename | default(omit) }}"
quadlet_file_mode: "{{ item.quadlet_file_mode | default(omit) }}"
quadlet_options: "{{ item.quadlet_options | default(omit) }}"
recreate: "{{ item.recreate | default(false) }}"
debug: "{{ item.debug | default(false) }}"
loop: "{{ podman_pods }}"
loop_control:
label: "{{ item.name }}"

32
tasks/services.yml Normal file
View File

@@ -0,0 +1,32 @@
---
# Manage Podman services
- name: Enable and start Podman socket
ansible.builtin.systemd:
name: podman.socket
enabled: true
state: started
daemon_reload: true
when: podman_enable_socket
- name: Disable Podman socket
ansible.builtin.systemd:
name: podman.socket
enabled: false
state: stopped
when: not podman_enable_socket
- name: Enable and start Podman API service
ansible.builtin.systemd:
name: podman.service
enabled: true
state: started
daemon_reload: true
when: podman_enable_api_service
- name: Disable Podman API service
ansible.builtin.systemd:
name: podman.service
enabled: false
state: stopped
when: not podman_enable_api_service

19
tasks/volumes.yml Normal file
View File

@@ -0,0 +1,19 @@
---
# Manage Podman volumes
- name: Manage Podman volumes
containers.podman.podman_volume:
name: "{{ item.name }}"
state: "{{ item.state | default('present') }}"
driver: "{{ item.driver | default('local') }}"
options: "{{ item.options | default(omit) }}"
label: "{{ item.labels | default(omit) }}"
debug: "{{ item.debug | default(false) }}"
recreate: "{{ item.recreate | default(false) }}"
quadlet_dir: "{{ item.quadlet_dir | default(omit) }}"
quadlet_filename: "{{ item.quadlet_filename | default(omit) }}"
quadlet_file_mode: "{{ item.quadlet_file_mode | default(omit) }}"
quadlet_options: "{{ item.quadlet_options | default(omit) }}"
loop: "{{ podman_volumes }}"
loop_control:
label: "{{ item.name }}"