daniel/ansible-podman
1
0
Fork 0
Code Pull Requests Activity

Enhance Podman configuration and management

Browse Source 
- Update pruning options to include filters for containers, images, networks, and volumes.
- Modify handlers to restart Podman resources based on new conditions.
- Expand Molecule tests to verify networks, volumes, pods, and containers.
- Adjust service management tasks for Podman services and auto-update.
- Refactor tasks for better clarity and maintainability.
This commit is contained in:
Daniel Akulenok
2026-02-20 14:49:22 +01:00
parent d30423013a
commit b1a627f2ee
12 changed files with 399 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
molecule/default/converge.yml
View File

@@ -1,13 +1,24 @@
---
- name: Converge
hosts: all
pre_tasks:
- name: Install curl for verification
ansible.builtin.apt:
update_cache: true
name: curl
state: present
vars:
podman_networks:
- name: test_network
driver: bridge
- name: test_network_custom
driver: bridge
podman_volumes:
- name: test_volume
driver: local
- name: test_volume_2
driver: local
podman_pods:
- name: test_pod
hostname: test-pod
publish: "8090:8080"
podman_containers:
- name: test_container
image: docker.io/nginx:latest
@@ -15,5 +26,24 @@
ports:
- "8080:80"
- "8443:443"
networks:
- test_network
- name: pod_container
image: docker.io/nginx:latest
systemd: true
pod: test_pod
networks:
- test_network_custom
- name: volume_test_container
image: docker.io/alpine:latest
systemd: false
volumes:
- test_volume:/data
networks:
- test_network
command: sleep 3600
roles:
- ansible-podman

2
molecule/default/molecule.yml
View File

@@ -18,6 +18,8 @@ platforms:
cgroupns_mode: host
provisioner:
name: ansible
ansible_args:
- "--connection=podman"
env:
ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/..
config_options:

6
molecule/default/prepare.yml
View File

@@ -2,3 +2,9 @@
- name: Prepare
hosts: all
tasks:
- name: Install dependencies for verification
ansible.builtin.apt:
update_cache: true
name:
- curl
state: present

276
molecule/default/verify.yml
View File

@@ -1,59 +1,259 @@
---
- name: Verify
hosts: all
- name: Verify debian trixie (quadlet containers)
hosts: debian-trixie
gather_facts: true
tasks:
- name: Verify quadlet .container file exists on Debian Trixie
ansible.builtin.stat:
path: "/etc/containers/systemd/test_container.container"
register: quadlet_file
- name: Assert quadlet file exists on Trixie
ansible.builtin.assert:
that:
- quadlet_file.stat.exists
fail_msg: "Expected quadlet .container file not found for test_container"
- name: Verify test container service is active
ansible.builtin.systemd_service:
name: "test_container"
state: started
ignore_errors: yes
- name: Verify debian bookworm (systemd-service containers)
hosts: debian-bookworm
gather_facts: true
tasks:
- name: Verify systemd service file exists on Debian Bookworm
stat:
path: "/etc/systemd/system/{{ test_container }}.service"
ansible.builtin.stat:
path: "/etc/systemd/system/container-test_container.service"
register: systemd_service
when: inventory_hostname == 'debian-bookworm'
- name: Assert systemd service exists on Bookworm
assert:
ansible.builtin.assert:
that:
- systemd_service.stat.exists
fail_msg: "Expected systemd service file not found for {{ test_container }}"
when: inventory_hostname == 'debian-bookworm'
- name: Verify quadlet .container file exists on Debian Trixie
stat:
path: "/etc/containers/systemd/{{ test_container }}.container"
register: quadlet_file
when: inventory_hostname == 'debian-trixie'
- name: Assert quadlet file exists on Trixie
assert:
that:
- quadlet_file.stat.exists
fail_msg: "Expected quadlet .container file not found for {{ test_container }}"
when: inventory_hostname == 'debian-trixie'
fail_msg: "Expected systemd service file not found for test_container"
- name: Verify test container service is active
systemd:
name: "podman-{{ test_container }}"
ansible.builtin.systemd_service:
name: "container-test_container"
state: started
register: container_service
ignore_errors: yes
- name: Check container is running
command: podman ps --filter "name={{ test_container }}" --format="{{.Names}}"
register: running_containers
- name: Verify Podman networks
hosts: all
gather_facts: true
tasks:
- name: List all Podman networks
containers.podman.podman_network_info:
register: network_info
become: true
- name: Verify test_network exists
ansible.builtin.assert:
that:
- network_info.networks | selectattr('name', 'equalto', 'test_network') | list | length > 0
fail_msg: "Network 'test_network' not found"
- name: Verify test_network_custom exists
ansible.builtin.assert:
that:
- network_info.networks | selectattr('name', 'equalto', 'test_network_custom') | list | length > 0
fail_msg: "Network 'test_network_custom' not found"
- name: Verify test_network_custom driver type
ansible.builtin.assert:
that:
- (network_info.networks | selectattr('name', 'equalto', 'test_network_custom') | first)['driver'] == 'bridge'
fail_msg: "test_network_custom driver is not bridge"
- name: Verify test_macvlan driver type
ansible.builtin.assert:
that:
- (network_info.networks | selectattr('name', 'equalto', 'test_macvlan') | first)['driver'] == 'macvlan'
fail_msg: "test_macvlan driver is not macvlan"
when: (network_info.networks | selectattr('name', 'equalto', 'test_macvlan') | list | length) > 0
- name: Verify Podman volumes
hosts: all
gather_facts: true
tasks:
- name: List all Podman volumes
containers.podman.podman_volume_info:
register: volume_info
become: true
- name: Verify test_volume exists
ansible.builtin.assert:
that:
- volume_info.volumes | selectattr('Name', 'equalto', 'test_volume') | list | length > 0
fail_msg: "Volume 'test_volume' not found"
- name: Verify test_volume_2 exists
ansible.builtin.assert:
that:
- volume_info.volumes | selectattr('Name', 'equalto', 'test_volume_2') | list | length > 0
fail_msg: "Volume 'test_volume_2' not found"
- name: Get volume details
ansible.builtin.shell:
cmd: podman volume inspect test_volume
register: volume_inspect
become: true
changed_when: false
- name: Assert test container is running
assert:
- name: Verify volume is properly configured
ansible.builtin.assert:
that:
- test_container in running_containers.stdout
fail_msg: "Test container {{ test_container }} is not running"
- '"test_volume" in volume_inspect.stdout'
fail_msg: "Volume 'test_volume' details not found"
- name: Verify Podman pods
hosts: all
gather_facts: true
tasks:
- name: List all Podman pods
containers.podman.podman_pod_info:
register: pod_info
become: true
- name: Verify test_pod exists
ansible.builtin.assert:
that:
- pod_info.pods | selectattr('Name', 'equalto', 'test_pod') | list | length > 0
fail_msg: "Pod 'test_pod' not found"
- name: Get pod status
ansible.builtin.shell:
cmd: "{% raw %}podman pod ls --format='{{.Name}} {{.Status}}'{% endraw %}"
register: pod_list
become: true
changed_when: false
- name: Verify test_pod status
ansible.builtin.assert:
that:
- '"test_pod" in pod_list.stdout'
fail_msg: "Pod 'test_pod' not in podman pod ls output"
- name: Verify pod_container is in test_pod
ansible.builtin.shell:
cmd: "podman pod inspect test_pod | grep -o '\"Name\": \"[^\"]*\"' | grep pod_container"
register: pod_container_check
become: true
failed_when: pod_container_check.rc not in [0, 1]
changed_when: false
- name: Assert pod_container is in test_pod
ansible.builtin.assert:
that:
- pod_container_check.rc == 0
fail_msg: "Container 'pod_container' not found in pod 'test_pod'"
when: ansible_distribution_major_version | int < 13
- name: Verify Podman containers
hosts: all
gather_facts: true
tasks:
- name: List all Podman containers
containers.podman.podman_container_info:
register: container_info
become: true
- name: Verify test_container exists
ansible.builtin.assert:
that:
- container_info.containers | selectattr('Name', 'equalto', 'test_container') | list | length > 0
fail_msg: "Container 'test_container' not found"
- name: Verify volume_test_container exists and uses test_volume
ansible.builtin.assert:
that:
- container_info.containers | selectattr('Name', 'equalto', 'volume_test_container') | list | length > 0
fail_msg: "Container 'volume_test_container' not found"
- name: Get volume_test_container mounts
ansible.builtin.shell:
cmd: "{% raw %}podman inspect volume_test_container --format='{{.Mounts}}'{% endraw %}"
register: container_mounts
become: true
changed_when: false
- name: Verify test_volume is mounted in volume_test_container
ansible.builtin.assert:
that:
- '"test_volume" in container_mounts.stdout'
fail_msg: "Volume 'test_volume' not mounted in container 'volume_test_container'"
- name: Verify common checks across all systems
hosts: all
gather_facts: true
tasks:
- name: Verify nginx responds on localhost
command: curl -fsS http://127.0.0.1:8080
register: curl_result
ansible.builtin.uri:
url: http://127.0.0.1:8080
register: nginx_get_uri
failed_when:
- nginx_get_uri.msg is not match("OK")
- nginx_get_uri.content_length | int <= 0
- nginx_get_uri.failed
- nginx_get_uri.status != 200
- name: Verify Podman package is installed
ansible.builtin.package_facts:
manager: auto
- name: Assert Podman is installed
ansible.builtin.assert:
that:
- "'podman' in ansible_facts.packages"
fail_msg: "Podman package is not installed"
- name: Verify Podman daemon is available
ansible.builtin.shell:
cmd: podman --version
register: podman_version
changed_when: false
- name: Assert nginx returned content
assert:
that:
- curl_result.stdout | length > 0
fail_msg: "Expected nginx to return content on http://127.0.0.1:8080"
- name: Print Podman version
ansible.builtin.debug:
msg: "Podman version: {{ podman_version.stdout }}"
- name: Get total container count
ansible.builtin.shell:
cmd: "{% raw %}podman ps -a --format='{{.Names}}' | wc -l{% endraw %}"
register: container_count
become: true
changed_when: false
- name: Get total network count
ansible.builtin.shell:
cmd: "{% raw %}podman network ls --format='{{.Name}}' | tail -n +2 | wc -l{% endraw %}"
register: network_count
become: true
changed_when: false
- name: Get total volume count
ansible.builtin.shell:
cmd: "{% raw %}podman volume ls --format='{{.Name}}' | tail -n +2 | wc -l{% endraw %}"
register: volume_count
become: true
changed_when: false
- name: Get total pod count
ansible.builtin.shell:
cmd: "{% raw %}podman pod ls --format='{{.Name}}' | tail -n +2 | wc -l{% endraw %}"
register: pod_count
become: true
changed_when: false
- name: Print resource summary
ansible.builtin.debug:
msg: |
Podman Resource Summary:
- Total Containers: {{ container_count.stdout | trim }}
- Total Networks: {{ network_count.stdout | trim }}
- Total Volumes: {{ volume_count.stdout | trim }}
- Total Pods: {{ pod_count.stdout | trim }}