infrastructure/roles/podman/tasks/Fedora.yml
2024-09-12 22:51:03 +02:00

123 lines
3.8 KiB
YAML

- name: Ensure podman is installed.
ansible.builtin.package:
name:
- "podman"
state: "present"
become: true
- name: Ensure needed packages for podman machine are installed.
ansible.builtin.package:
name:
- "qemu-system-x86-core"
- "qemu-img"
- "podman-gvproxy"
state: "present"
become: true
when: podman_install_machine_packages
- name: Enable sebool container_manage_cgroup.
ansible.posix.seboolean:
name: container_manage_cgroup
state: true
persistent: true
become: true
- name: Ensure 'containers' system user exists
ansible.builtin.user:
name: "containers"
comment: "system user which holds subuids/subgids used by podman for rootful usernamespaced containers"
create_home: false
password: "*"
state: present
system: true
become: true
- name: Ensure the 'containers' user has subuids/subgids configured
ansible.builtin.lineinfile:
path: "{{ item.path }}"
regexp: "^containers:[0-9]+:[0-9]+$"
line: "containers:{{ podman_usernamespace_uid_start }}:{{ podman_usernamespace_uid_amount }}"
loop:
- path: "/etc/subuid"
- path: "/etc/subgid"
become: true
- name: Setup default container timezone
when: podman_default_timezone is defined
block:
- name: Ensure timezone is set in containers.conf
community.general.ini_file:
path: /etc/containers/containers.conf
backup: true
create: true
state: present
mode: "0644"
owner: root
group: root
option: tz
section: containers
value: "'{{ podman_default_timezone }}'"
register: podman_updated_containers_conf
become: true
- name: Validate containers.conf
ansible.builtin.command:
cmd: podman info
changed_when: false
become: true
rescue:
# This is needed if there was no containers.conf to begin with.
# In that case there would be no backup file and the bad containers.conf would stay behind
# even after the `copy` module below.
- name: Remove bad containers.conf
ansible.builtin.file:
path: "/etc/containers/containers.conf"
state: absent
become: true
when: podman_updated_containers_conf is changed # noqa: no-handler
- name: Restore backup file
ansible.builtin.copy:
remote_src: true
dest: /etc/containers/containers.conf
src: "{{ podman_updated_containers_conf.backup_file }}"
mode: "0644"
owner: root
group: root
become: true
when: podman_updated_containers_conf is changed # noqa: no-handler
- name: Containers.conf could not be validated after setting default timezone
ansible.builtin.debug:
msg: Please make sure that `podman_default_timezone` is either an IANA timezone or 'local'
always:
- name: Remove backup file
ansible.builtin.file:
path: "{{ podman_updated_containers_conf.backup_file }}"
state: absent
become: true
when: podman_updated_containers_conf is changed # noqa: no-handler
- name: Ensure default network configuration exists
when: podman_default_network_ipv6_prefix is defined
block:
- name: Ensure default network config directory exists
ansible.builtin.file:
path: "/etc/containers/networks"
state: directory
owner: root
group: root
mode: "0755"
become: true
- name: Ensure default network config file exists
ansible.builtin.template:
src: "podman-network.json.j2"
dest: "/etc/containers/networks/podman.json"
owner: root
group: root
mode: "0600"
become: true
- name: Ensure podman auto update is enabled
ansible.builtin.systemd:
name: podman-auto-update.timer
enabled: true
state: started
become: true