daniel/ansible-podman
1
0
Fork 0
Code Pull Requests Activity

Enhance Podman configuration and management

Browse Source 
- Update pruning options to include filters for containers, images, networks, and volumes.
- Modify handlers to restart Podman resources based on new conditions.
- Expand Molecule tests to verify networks, volumes, pods, and containers.
- Adjust service management tasks for Podman services and auto-update.
- Refactor tasks for better clarity and maintainability.
This commit is contained in:
Daniel Akulenok
2026-02-20 14:49:22 +01:00
parent d30423013a
commit b1a627f2ee
12 changed files with 399 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@@ -211,10 +211,21 @@ podman_auto_remove: true
podman_prune_enabled: true podman_prune_enabled: true
podman_prune_options: podman_prune_options:
container: true # Remove stopped containers container: true # Remove stopped containers
container_filters:
until: "24h" # Keep containers newer than this age
executable: "podman"
image: true # Remove unused images image: true # Remove unused images
image_filters:
until: "24h" # Keep images newer than this age
network: true # Remove unused networks network: true # Remove unused networks
network_filters:
until: "24h" # Keep networks newer than this age
volume: true # Remove unused volumes volume: true # Remove unused volumes
system: true # Full system cleanup volume_filters:
until: "24h" # Keep volumes newer than this age
system: false # Full system cleanup. Always returns 'changed'
system_all: false
system_volumes: false
``` ```
#### Storage Configuration #### Storage Configuration
@@ -226,7 +237,7 @@ podman_storage_graphroot: /var/lib/containers/storage
podman_storage_runroot: /run/containers/storage podman_storage_runroot: /run/containers/storage
``` ```
#### API & Socket Services #### Podman auto update
```yaml ```yaml
podman_enable_auto_update: true # Enable automatic container updates podman_enable_auto_update: true # Enable automatic container updates

14
defaults/main.yml
View File

@@ -663,8 +663,18 @@ podman_systemd_options:
podman_prune_enabled: true podman_prune_enabled: true
podman_prune_options: podman_prune_options:
container: true # Remove stopped containers container: true # Remove stopped containers
container_filters:
until: "24h" # Keep containers newer than this age
executable: "podman" # Podman binary path
image: true # Remove unused images image: true # Remove unused images
image_filters:
until: "24h" # Keep images newer than this age
network: true # Remove unused networks network: true # Remove unused networks
system: true # Prune all unused data network_filters:
system_all: true # Prune all unused data including build cache until: "24h" # Keep networks newer than this age
system: false # Prune all unused data. This flag implicitly prunes all container, image, network and volumes. Always returns 'changed'
system_all: false # Prune all unused data including build cache
system_volumes: false # When system=true, also prune unused volumes
volume: true # Remove unused volumes volume: true # Remove unused volumes
volume_filters:
until: "24h" # Keep volumes newer than this age

32
handlers/main.yml
View File

@@ -16,8 +16,11 @@
name: "{{ item }}-network" name: "{{ item }}-network"
state: restarted state: restarted
listen: Reload systemd listen: Reload systemd
loop: | loop: "{{
{{ podman_network_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }} (podman_networks | map(attribute='name') | list)
if (podman_use_quadlet | bool)
else (podman_network_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list)
}}"
loop_control: loop_control:
label: "{{ item }}" label: "{{ item }}"
when: when:
@@ -30,8 +33,11 @@
name: "{{ item }}-volume" name: "{{ item }}-volume"
state: restarted state: restarted
listen: Reload systemd listen: Reload systemd
loop: | loop: "{{
{{ podman_volume_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }} (podman_volumes | map(attribute='name') | list)
if (podman_use_quadlet | bool)
else (podman_volume_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list)
}}"
loop_control: loop_control:
label: "{{ item }}" label: "{{ item }}"
when: when:
@@ -41,20 +47,23 @@
- name: Restart Podman pods - name: Restart Podman pods
ansible.builtin.systemd: ansible.builtin.systemd:
name: | name: >-
{{ (podman_systemd_options.pod_prefix if podman_generate_systemd | bool else '') {{ (podman_systemd_options.pod_prefix if podman_generate_systemd | bool else '')
~ item ~ ('-pod' if not podman_generate_systemd | bool else '') }} ~ item ~ ('-pod' if not podman_generate_systemd | bool else '') }}
state: restarted state: restarted
listen: Reload systemd listen: Reload systemd
loop: | loop: "{{
{{ podman_pod_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list }} (podman_pods | map(attribute='name') | list)
if (podman_use_quadlet | bool)
else (podman_pod_output.results | selectattr('changed', 'equalto', true) | map(attribute='item.name') | list)
}}"
loop_control: loop_control:
label: "{{ item }}" label: "{{ item }}"
when: when:
- podman_pod_output is defined - podman_pod_output is defined
- podman_pod_output.results | length > 0 - podman_pod_output.results | length > 0
- name: Restart Podman containers - name: Restart changed Podman containers without pod assignment
ansible.builtin.systemd: ansible.builtin.systemd:
name: >- name: >-
{{ (podman_systemd_options.container_prefix {{ (podman_systemd_options.container_prefix
@@ -62,9 +71,12 @@
state: restarted state: restarted
listen: Reload systemd listen: Reload systemd
loop: >- loop: >-
{{ podman_container_output.results | {{ (podman_container_output.results |
selectattr('changed', 'equalto', true) | selectattr('changed', 'equalto', true) |
map(attribute='item.name') | list }} map(attribute='item.name') | list) |
intersect(podman_containers |
rejectattr('pod', 'defined') |
map(attribute='name') | list) }}
loop_control: loop_control:
label: "{{ item }}" label: "{{ item }}"
when: when:

42
molecule/default/converge.yml
View File

@@ -1,13 +1,24 @@
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
pre_tasks:
- name: Install curl for verification
ansible.builtin.apt:
update_cache: true
name: curl
state: present
vars: vars:
podman_networks:
- name: test_network
driver: bridge
- name: test_network_custom
driver: bridge
podman_volumes:
- name: test_volume
driver: local
- name: test_volume_2
driver: local
podman_pods:
- name: test_pod
hostname: test-pod
publish: "8090:8080"
podman_containers: podman_containers:
- name: test_container - name: test_container
image: docker.io/nginx:latest image: docker.io/nginx:latest
@@ -15,5 +26,24 @@
ports: ports:
- "8080:80" - "8080:80"
- "8443:443" - "8443:443"
networks:
- test_network
- name: pod_container
image: docker.io/nginx:latest
systemd: true
pod: test_pod
networks:
- test_network_custom
- name: volume_test_container
image: docker.io/alpine:latest
systemd: false
volumes:
- test_volume:/data
networks:
- test_network
command: sleep 3600
roles: roles:
- ansible-podman - ansible-podman

2
molecule/default/molecule.yml
View File

@@ -18,6 +18,8 @@ platforms:
cgroupns_mode: host cgroupns_mode: host
provisioner: provisioner:
name: ansible name: ansible
ansible_args:
- "--connection=podman"
env: env:
ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/.. ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/..
config_options: config_options:

6
molecule/default/prepare.yml
View File

@@ -2,3 +2,9 @@
- name: Prepare - name: Prepare
hosts: all hosts: all
tasks: tasks:
- name: Install dependencies for verification
ansible.builtin.apt:
update_cache: true
name:
- curl
state: present

276
molecule/default/verify.yml
View File

@@ -1,59 +1,259 @@
--- ---
- name: Verify - name: Verify debian trixie (quadlet containers)
hosts: all hosts: debian-trixie
gather_facts: true
tasks:
- name: Verify quadlet .container file exists on Debian Trixie
ansible.builtin.stat:
path: "/etc/containers/systemd/test_container.container"
register: quadlet_file
- name: Assert quadlet file exists on Trixie
ansible.builtin.assert:
that:
- quadlet_file.stat.exists
fail_msg: "Expected quadlet .container file not found for test_container"
- name: Verify test container service is active
ansible.builtin.systemd_service:
name: "test_container"
state: started
ignore_errors: yes
- name: Verify debian bookworm (systemd-service containers)
hosts: debian-bookworm
gather_facts: true gather_facts: true
tasks: tasks:
- name: Verify systemd service file exists on Debian Bookworm - name: Verify systemd service file exists on Debian Bookworm
stat: ansible.builtin.stat:
path: "/etc/systemd/system/{{ test_container }}.service" path: "/etc/systemd/system/container-test_container.service"
register: systemd_service register: systemd_service
when: inventory_hostname == 'debian-bookworm'
- name: Assert systemd service exists on Bookworm - name: Assert systemd service exists on Bookworm
assert: ansible.builtin.assert:
that: that:
- systemd_service.stat.exists - systemd_service.stat.exists
fail_msg: "Expected systemd service file not found for {{ test_container }}" fail_msg: "Expected systemd service file not found for test_container"
when: inventory_hostname == 'debian-bookworm'
- name: Verify quadlet .container file exists on Debian Trixie
stat:
path: "/etc/containers/systemd/{{ test_container }}.container"
register: quadlet_file
when: inventory_hostname == 'debian-trixie'
- name: Assert quadlet file exists on Trixie
assert:
that:
- quadlet_file.stat.exists
fail_msg: "Expected quadlet .container file not found for {{ test_container }}"
when: inventory_hostname == 'debian-trixie'
- name: Verify test container service is active - name: Verify test container service is active
systemd: ansible.builtin.systemd_service:
name: "podman-{{ test_container }}" name: "container-test_container"
state: started state: started
register: container_service
ignore_errors: yes ignore_errors: yes
- name: Check container is running - name: Verify Podman networks
command: podman ps --filter "name={{ test_container }}" --format="{{.Names}}" hosts: all
register: running_containers gather_facts: true
tasks:
- name: List all Podman networks
containers.podman.podman_network_info:
register: network_info
become: true
- name: Verify test_network exists
ansible.builtin.assert:
that:
- network_info.networks | selectattr('name', 'equalto', 'test_network') | list | length > 0
fail_msg: "Network 'test_network' not found"
- name: Verify test_network_custom exists
ansible.builtin.assert:
that:
- network_info.networks | selectattr('name', 'equalto', 'test_network_custom') | list | length > 0
fail_msg: "Network 'test_network_custom' not found"
- name: Verify test_network_custom driver type
ansible.builtin.assert:
that:
- (network_info.networks | selectattr('name', 'equalto', 'test_network_custom') | first)['driver'] == 'bridge'
fail_msg: "test_network_custom driver is not bridge"
- name: Verify test_macvlan driver type
ansible.builtin.assert:
that:
- (network_info.networks | selectattr('name', 'equalto', 'test_macvlan') | first)['driver'] == 'macvlan'
fail_msg: "test_macvlan driver is not macvlan"
when: (network_info.networks | selectattr('name', 'equalto', 'test_macvlan') | list | length) > 0
- name: Verify Podman volumes
hosts: all
gather_facts: true
tasks:
- name: List all Podman volumes
containers.podman.podman_volume_info:
register: volume_info
become: true
- name: Verify test_volume exists
ansible.builtin.assert:
that:
- volume_info.volumes | selectattr('Name', 'equalto', 'test_volume') | list | length > 0
fail_msg: "Volume 'test_volume' not found"
- name: Verify test_volume_2 exists
ansible.builtin.assert:
that:
- volume_info.volumes | selectattr('Name', 'equalto', 'test_volume_2') | list | length > 0
fail_msg: "Volume 'test_volume_2' not found"
- name: Get volume details
ansible.builtin.shell:
cmd: podman volume inspect test_volume
register: volume_inspect
become: true
changed_when: false changed_when: false
- name: Assert test container is running - name: Verify volume is properly configured
assert: ansible.builtin.assert:
that: that:
- test_container in running_containers.stdout - '"test_volume" in volume_inspect.stdout'
fail_msg: "Test container {{ test_container }} is not running" fail_msg: "Volume 'test_volume' details not found"
- name: Verify Podman pods
hosts: all
gather_facts: true
tasks:
- name: List all Podman pods
containers.podman.podman_pod_info:
register: pod_info
become: true
- name: Verify test_pod exists
ansible.builtin.assert:
that:
- pod_info.pods | selectattr('Name', 'equalto', 'test_pod') | list | length > 0
fail_msg: "Pod 'test_pod' not found"
- name: Get pod status
ansible.builtin.shell:
cmd: "{% raw %}podman pod ls --format='{{.Name}} {{.Status}}'{% endraw %}"
register: pod_list
become: true
changed_when: false
- name: Verify test_pod status
ansible.builtin.assert:
that:
- '"test_pod" in pod_list.stdout'
fail_msg: "Pod 'test_pod' not in podman pod ls output"
- name: Verify pod_container is in test_pod
ansible.builtin.shell:
cmd: "podman pod inspect test_pod | grep -o '\"Name\": \"[^\"]*\"' | grep pod_container"
register: pod_container_check
become: true
failed_when: pod_container_check.rc not in [0, 1]
changed_when: false
- name: Assert pod_container is in test_pod
ansible.builtin.assert:
that:
- pod_container_check.rc == 0
fail_msg: "Container 'pod_container' not found in pod 'test_pod'"
when: ansible_distribution_major_version | int < 13
- name: Verify Podman containers
hosts: all
gather_facts: true
tasks:
- name: List all Podman containers
containers.podman.podman_container_info:
register: container_info
become: true
- name: Verify test_container exists
ansible.builtin.assert:
that:
- container_info.containers | selectattr('Name', 'equalto', 'test_container') | list | length > 0
fail_msg: "Container 'test_container' not found"
- name: Verify volume_test_container exists and uses test_volume
ansible.builtin.assert:
that:
- container_info.containers | selectattr('Name', 'equalto', 'volume_test_container') | list | length > 0
fail_msg: "Container 'volume_test_container' not found"
- name: Get volume_test_container mounts
ansible.builtin.shell:
cmd: "{% raw %}podman inspect volume_test_container --format='{{.Mounts}}'{% endraw %}"
register: container_mounts
become: true
changed_when: false
- name: Verify test_volume is mounted in volume_test_container
ansible.builtin.assert:
that:
- '"test_volume" in container_mounts.stdout'
fail_msg: "Volume 'test_volume' not mounted in container 'volume_test_container'"
- name: Verify common checks across all systems
hosts: all
gather_facts: true
tasks:
- name: Verify nginx responds on localhost - name: Verify nginx responds on localhost
command: curl -fsS http://127.0.0.1:8080 ansible.builtin.uri:
register: curl_result url: http://127.0.0.1:8080
register: nginx_get_uri
failed_when:
- nginx_get_uri.msg is not match("OK")
- nginx_get_uri.content_length | int <= 0
- nginx_get_uri.failed
- nginx_get_uri.status != 200
- name: Verify Podman package is installed
ansible.builtin.package_facts:
manager: auto
- name: Assert Podman is installed
ansible.builtin.assert:
that:
- "'podman' in ansible_facts.packages"
fail_msg: "Podman package is not installed"
- name: Verify Podman daemon is available
ansible.builtin.shell:
cmd: podman --version
register: podman_version
changed_when: false changed_when: false
- name: Assert nginx returned content - name: Print Podman version
assert: ansible.builtin.debug:
that: msg: "Podman version: {{ podman_version.stdout }}"
- curl_result.stdout | length > 0
fail_msg: "Expected nginx to return content on http://127.0.0.1:8080" - name: Get total container count
ansible.builtin.shell:
cmd: "{% raw %}podman ps -a --format='{{.Names}}' | wc -l{% endraw %}"
register: container_count
become: true
changed_when: false
- name: Get total network count
ansible.builtin.shell:
cmd: "{% raw %}podman network ls --format='{{.Name}}' | tail -n +2 | wc -l{% endraw %}"
register: network_count
become: true
changed_when: false
- name: Get total volume count
ansible.builtin.shell:
cmd: "{% raw %}podman volume ls --format='{{.Name}}' | tail -n +2 | wc -l{% endraw %}"
register: volume_count
become: true
changed_when: false
- name: Get total pod count
ansible.builtin.shell:
cmd: "{% raw %}podman pod ls --format='{{.Name}}' | tail -n +2 | wc -l{% endraw %}"
register: pod_count
become: true
changed_when: false
- name: Print resource summary
ansible.builtin.debug:
msg: |
Podman Resource Summary:
- Total Containers: {{ container_count.stdout | trim }}
- Total Networks: {{ network_count.stdout | trim }}
- Total Volumes: {{ volume_count.stdout | trim }}
- Total Pods: {{ pod_count.stdout | trim }}

2
tasks/containers.yml
View File

@@ -205,7 +205,7 @@
retry_delay: "{{ container_item.retry_delay | default(omit) }}" retry_delay: "{{ container_item.retry_delay | default(omit) }}"
# Systemd generation # Systemd generation
generate_systemd: "{{ container_item.generate_systemd | default(podman_systemd_options) }}" generate_systemd: "{{ container_item.generate_systemd | default(omit) }}"
# Quadlet options # Quadlet options
quadlet_dir: "{{ container_item.quadlet_dir | default(omit) }}" quadlet_dir: "{{ container_item.quadlet_dir | default(omit) }}"

72
tasks/pods.yml
View File

@@ -6,63 +6,91 @@
pod_item: "{{ podman_pod_defaults | default({}) | combine(item) }}" pod_item: "{{ podman_pod_defaults | default({}) | combine(item) }}"
containers.podman.podman_pod: containers.podman.podman_pod:
name: "{{ pod_item.name }}" name: "{{ pod_item.name }}"
state: "{{ pod_item.state | default('created') }}" state: "{{ pod_item.state | default('present') }}"
# Pod networking and publishing
publish: "{{ pod_item.ports | default(omit) }}" publish: "{{ pod_item.ports | default(omit) }}"
network: "{{ pod_item.networks | default(omit) }}" network: "{{ pod_item.networks | default(omit) }}"
volume: "{{ pod_item.volumes | default(omit) }}" network_alias: "{{ pod_item.network_alias | default(omit) }}"
label: "{{ pod_item.labels | default(omit) }}" ip: "{{ pod_item.ip | default(omit) }}"
hostname: "{{ pod_item.hostname | default(omit) }}" ip6: "{{ pod_item.ip6 | default(omit) }}"
infra: "{{ pod_item.infra | default(omit) }}" mac_address: "{{ pod_item.mac_address | default(omit) }}"
infra_image: "{{ pod_item.infra_image | default(omit) }}" no_hosts: "{{ pod_item.no_hosts | bool | default(omit) }}"
infra_command: "{{ pod_item.infra_command | default(omit) }}"
infra_name: "{{ pod_item.infra_name | default(omit) }}"
add_host: "{{ pod_item.add_host | default(omit) }}" add_host: "{{ pod_item.add_host | default(omit) }}"
dns: "{{ pod_item.dns | default(omit) }}" dns: "{{ pod_item.dns | default(omit) }}"
dns_opt: "{{ pod_item.dns_opt | default(omit) }}" dns_opt: "{{ pod_item.dns_opt | default(omit) }}"
dns_search: "{{ pod_item.dns_search | default(omit) }}" dns_search: "{{ pod_item.dns_search | default(omit) }}"
ip: "{{ pod_item.ip | default(omit) }}"
ip6: "{{ pod_item.ip6 | default(omit) }}" # Pod storage and volumes
mac_address: "{{ pod_item.mac_address | default(omit) }}" volume: "{{ pod_item.volumes | default(omit) }}"
no_hosts: "{{ pod_item.no_hosts | default(omit) }}" volumes_from: "{{ pod_item.volumes_from | default(omit) }}"
# Infrastructure container
infra: "{{ pod_item.infra | bool | default(omit) }}"
infra_image: "{{ pod_item.infra_image | default(omit) }}"
infra_command: "{{ pod_item.infra_command | default(omit) }}"
infra_name: "{{ pod_item.infra_name | default(omit) }}"
share_parent: "{{ pod_item.share_parent | bool | default(omit) }}"
# Pod configuration
hostname: "{{ pod_item.hostname | default(omit) }}"
share: "{{ pod_item.share | default(omit) }}" share: "{{ pod_item.share | default(omit) }}"
share_parent: "{{ pod_item.share_parent | default(omit) }}" label: "{{ pod_item.labels | default(omit) }}"
label_file: "{{ pod_item.label_file | default(omit) }}"
annotation: "{{ pod_item.annotations | default(omit) }}"
# Namespaces
userns: "{{ pod_item.userns | default(omit) }}" userns: "{{ pod_item.userns | default(omit) }}"
uidmap: "{{ pod_item.uidmap | default(omit) }}" uidmap: "{{ pod_item.uidmap | default(omit) }}"
gidmap: "{{ pod_item.gidmap | default(omit) }}" gidmap: "{{ pod_item.gidmap | default(omit) }}"
subuidname: "{{ pod_item.subuidname | default(omit) }}" subuidname: "{{ pod_item.subuidname | default(omit) }}"
subgidname: "{{ pod_item.subgidname | default(omit) }}" subgidname: "{{ pod_item.subgidname | default(omit) }}"
pid: "{{ pod_item.pid | default(omit) }}"
uts: "{{ pod_item.uts | default(omit) }}"
# Security options
security_opt: "{{ pod_item.security_opt | default(omit) }}" security_opt: "{{ pod_item.security_opt | default(omit) }}"
# Resource constraints
memory: "{{ pod_item.memory | default(omit) }}" memory: "{{ pod_item.memory | default(omit) }}"
memory_swap: "{{ pod_item.memory_swap | default(omit) }}" memory_swap: "{{ pod_item.memory_swap | default(omit) }}"
cpu_shares: "{{ pod_item.cpu_shares | default(omit) }}"
cpus: "{{ pod_item.cpus | default(omit) }}" cpus: "{{ pod_item.cpus | default(omit) }}"
cpu_shares: "{{ pod_item.cpu_shares | default(omit) }}"
cpuset_cpus: "{{ pod_item.cpuset_cpus | default(omit) }}" cpuset_cpus: "{{ pod_item.cpuset_cpus | default(omit) }}"
cpuset_mems: "{{ pod_item.cpuset_mems | default(omit) }}" cpuset_mems: "{{ pod_item.cpuset_mems | default(omit) }}"
blkio_weight: "{{ pod_item.blkio_weight | default(omit) }}" blkio_weight: "{{ pod_item.blkio_weight | default(omit) }}"
blkio_weight_device: "{{ pod_item.blkio_weight_device | default(omit) }}" blkio_weight_device: "{{ pod_item.blkio_weight_device | default(omit) }}"
# Device access
device: "{{ pod_item.device | default(omit) }}" device: "{{ pod_item.device | default(omit) }}"
device_read_bps: "{{ pod_item.device_read_bps | default(omit) }}" device_read_bps: "{{ pod_item.device_read_bps | default(omit) }}"
device_write_bps: "{{ pod_item.device_write_bps | default(omit) }}" device_write_bps: "{{ pod_item.device_write_bps | default(omit) }}"
gpus: "{{ pod_item.gpus | default(omit) }}"
# Shared memory and system configuration
shm_size: "{{ pod_item.shm_size | default(omit) }}" shm_size: "{{ pod_item.shm_size | default(omit) }}"
shm_size_systemd: "{{ pod_item.shm_size_systemd | default(omit) }}" shm_size_systemd: "{{ pod_item.shm_size_systemd | default(omit) }}"
sysctl: "{{ pod_item.sysctl | default(omit) }}" sysctl: "{{ pod_item.sysctl | default(omit) }}"
cgroup_parent: "{{ pod_item.cgroup_parent | default(omit) }}" cgroup_parent: "{{ pod_item.cgroup_parent | default(omit) }}"
pid: "{{ pod_item.pid | default(omit) }}"
uts: "{{ pod_item.uts | default(omit) }}" # Pod lifecycle management
network_alias: "{{ pod_item.network_alias | default(omit) }}"
volumes_from: "{{ pod_item.volumes_from | default(omit) }}"
exit_policy: "{{ pod_item.exit_policy | default(omit) }}" exit_policy: "{{ pod_item.exit_policy | default(omit) }}"
restart_policy: "{{ pod_item.restart_policy | default(omit) }}" restart_policy: "{{ pod_item.restart_policy | default(omit) }}"
pod_id_file: "{{ pod_item.pod_id_file | default(omit) }}" pod_id_file: "{{ pod_item.pod_id_file | default(omit) }}"
label_file: "{{ pod_item.label_file | default(omit) }}"
gpus: "{{ pod_item.gpus | default(omit) }}" # Systemd and Quadlet generation
generate_systemd: "{{ pod_item.generate_systemd | default(omit) }}" generate_systemd: "{{ pod_item.generate_systemd | default(omit) }}"
quadlet_dir: "{{ pod_item.quadlet_dir | default(omit) }}" quadlet_dir: "{{ pod_item.quadlet_dir | default(omit) }}"
quadlet_filename: "{{ pod_item.quadlet_filename | default(omit) }}" quadlet_filename: "{{ pod_item.quadlet_filename | default(omit) }}"
quadlet_file_mode: "{{ pod_item.quadlet_file_mode | default(omit) }}" quadlet_file_mode: "{{ pod_item.quadlet_file_mode | default(omit) }}"
quadlet_options: "{{ pod_item.quadlet_options | default(omit) }}" quadlet_options: "{{ pod_item.quadlet_options | default(omit) }}"
recreate: "{{ pod_item.recreate | default(omit) }}"
debug: "{{ pod_item.debug | default(omit) }}" # Control and debugging options
recreate: "{{ pod_item.recreate | bool | default(omit) }}"
force_restart: "{{ pod_item.force_restart | bool | default(omit) }}"
force_delete: "{{ pod_item.force_delete | bool | default(omit) }}"
executable: "{{ pod_item.executable | default('podman') }}"
debug: "{{ pod_item.debug | bool | default(omit) }}"
loop: "{{ podman_pods }}" loop: "{{ podman_pods }}"
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"

18
tasks/prune.yml
View File

@@ -3,10 +3,16 @@
- name: Prune Podman resources - name: Prune Podman resources
containers.podman.podman_prune: containers.podman.podman_prune:
container: "{{ podman_prune_options.container }}" container: "{{ podman_prune_options.container | default(omit) }}"
image: "{{ podman_prune_options.image }}" container_filters: "{{ podman_prune_options.container_filters | default(omit) }}"
network: "{{ podman_prune_options.network }}" executable: "{{ podman_prune_options.executable | default(omit) }}"
system: "{{ podman_prune_options.system }}" image: "{{ podman_prune_options.image | default(omit) }}"
system_all: "{{ podman_prune_options.system_all }}" image_filters: "{{ podman_prune_options.image_filters | default(omit) }}"
volume: "{{ podman_prune_options.volume }}" network: "{{ podman_prune_options.network | default(omit) }}"
network_filters: "{{ podman_prune_options.network_filters | default(omit) }}"
system: "{{ podman_prune_options.system | default(omit) }}"
system_all: "{{ podman_prune_options.system_all | default(omit) }}"
system_volumes: "{{ podman_prune_options.system_volumes | default(omit) }}"
volume: "{{ podman_prune_options.volume | default(omit) }}"
volume_filters: "{{ podman_prune_options.volume_filters | default(omit) }}"
when: podman_prune_enabled | bool when: podman_prune_enabled | bool

20
tasks/services.yml
View File

@@ -1,29 +1,23 @@
--- ---
# Manage Podman services # Manage Podman services
ansible.builtin.systemd_service: - name: Enable Podman service
name: podman.socket
enabled: true
state: started
daemon_reload: true
- name: Enable and start Podman API service
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: podman.service name: podman.service
enabled: true enabled: true
state: started
daemon_reload: true
- name: Enable and start Podman auto-update service - name: Enable Podman socket
ansible.builtin.systemd_service:
name: podman.socket
enabled: true
- name: Enable Podman auto-update service
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: podman-auto-update.service name: podman-auto-update.service
enabled: true enabled: true
state: started
daemon_reload: true
when: podman_enable_auto_update when: podman_enable_auto_update
- name: Disable Podman auto-update service - name: Disable Podman auto-update service
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: podman-auto-update.service name: podman-auto-update.service
enabled: false enabled: false
state: stopped
when: not podman_enable_auto_update when: not podman_enable_auto_update

4
tasks/systemd.yml
View File

@@ -23,10 +23,8 @@
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"
when: when:
- podman_generate_systemd | bool
- podman_containers is defined - podman_containers is defined
- podman_containers | length > 0 - podman_containers | length > 0
- (item.systemd is defined) or (item.generate_systemd is defined)
notify: Reload systemd notify: Reload systemd
- name: Generate systemd service files for pods - name: Generate systemd service files for pods
@@ -51,8 +49,6 @@
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"
when: when:
- podman_generate_systemd | bool
- podman_pods is defined - podman_pods is defined
- podman_pods | length > 0 - podman_pods | length > 0
- (item.systemd is defined) or (item.generate_systemd is defined)
notify: Reload systemd notify: Reload systemd