Add Podman deployment configuration
This commit is contained in:
parent
ccf6b10a0e
commit
d954c64e23
GPG Key ID:
105B748C1362EB96
14
dev/host_vars/podman.yml
Normal file
14
dev/host_vars/podman.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
# base
|
||||||
|
allow_reboot: false
|
||||||
|
manage_network: false
|
||||||
|
|
||||||
|
users:
|
||||||
|
kris:
|
||||||
|
uid: 1001
|
||||||
|
gid: 1001
|
||||||
|
home: true
|
||||||
|
|
||||||
|
# podman
|
||||||
|
user_namespaces:
|
||||||
|
- kris
|
||||||
|
|
||||||
8
dev/podman.yml
Normal file
8
dev/podman.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
- name: Install Podman server
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
vars_files:
|
||||||
|
- host_vars/podman.yml
|
||||||
|
roles:
|
||||||
|
- base
|
||||||
|
- podman
|
||||||
@ -16,10 +16,12 @@
|
|||||||
regex: "^bind-address"
|
regex: "^bind-address"
|
||||||
line: "bind-address = {{ ansible_facts.docker0.ipv4.address }}"
|
line: "bind-address = {{ ansible_facts.docker0.ipv4.address }}"
|
||||||
notify: restart_mariadb
|
notify: restart_mariadb
|
||||||
|
when: ansible_facts.docker0 is defined
|
||||||
|
|
||||||
- name: Flush handlers to ensure MariaDB restarts immediately
|
- name: Flush handlers to ensure MariaDB restarts immediately
|
||||||
ansible.builtin.meta: flush_handlers
|
ansible.builtin.meta: flush_handlers
|
||||||
tags: restart_mariadb
|
tags: restart_mariadb
|
||||||
|
when: ansible_facts.docker0 is defined
|
||||||
|
|
||||||
- name: Allow database connections from Docker
|
- name: Allow database connections from Docker
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
|
|||||||
62
roles/podman/tasks/main.yml
Normal file
62
roles/podman/tasks/main.yml
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
- name: Install Podman
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: ["podman", "podman-compose", "podman-docker"]
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Get user info for namespace users
|
||||||
|
ansible.builtin.getent:
|
||||||
|
database: passwd
|
||||||
|
key: "{{ item }}"
|
||||||
|
loop: "{{ user_namespaces }}"
|
||||||
|
register: user_info
|
||||||
|
|
||||||
|
- name: Configure /etc/subuid for rootless users
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: "/etc/subuid"
|
||||||
|
line:
|
||||||
|
"{{ item.item }}:{{ 100000 +
|
||||||
|
((item.ansible_facts.getent_passwd[item.item][1] | int - 1000) * 65536)
|
||||||
|
}}:65536"
|
||||||
|
regexp: "^{{ item.item }}:"
|
||||||
|
create: true
|
||||||
|
backup: true
|
||||||
|
mode: "0644"
|
||||||
|
loop: "{{ user_info.results }}"
|
||||||
|
|
||||||
|
- name: Configure /etc/subgid for rootless users
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: "/etc/subgid"
|
||||||
|
line:
|
||||||
|
"{{ item.item }}:{{ 100000 +
|
||||||
|
((item.ansible_facts.getent_passwd[item.item][1] | int - 1000) * 65536)
|
||||||
|
}}:65536"
|
||||||
|
regexp: "^{{ item.item }}:"
|
||||||
|
create: true
|
||||||
|
backup: true
|
||||||
|
mode: "0644"
|
||||||
|
loop: "{{ user_info.results }}"
|
||||||
|
|
||||||
|
- name: Create nodocker file to disable Docker CLI emulation message
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/containers/nodocker
|
||||||
|
state: touch
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Create global containers config directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/containers
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Configure global containers.conf for rootless
|
||||||
|
ansible.builtin.copy:
|
||||||
|
content: |
|
||||||
|
[engine]
|
||||||
|
cgroup_manager = "cgroupfs"
|
||||||
|
events_logger = "journald"
|
||||||
|
runtime = "crun"
|
||||||
|
dest: /etc/containers/containers.conf
|
||||||
|
mode: "0644"
|
||||||
|
backup: true
|
||||||
Loading…
x
Reference in New Issue
Block a user