xoxys.podman/tasks/setup.yml

71 lines
1.9 KiB
YAML
Raw Normal View History

2022-03-18 18:07:25 +00:00
---
- block:
- name: Ensure required packages are installed
package:
name: "{{ item }}"
state: "present"
loop:
- podman
- slirp4netns
- fuse-overlayfs
- crun
2022-03-20 14:56:56 +00:00
- container-selinux
2022-03-18 18:07:25 +00:00
- name: Deploy container configuration
template:
src: etc/containers/containers.conf.j2
dest: /etc/containers/containers.conf
owner: root
group: root
mode: 0644
- name: Deploy storage configuration
template:
src: etc/containers/storage.conf.j2
dest: /etc/containers/storage.conf
owner: root
group: root
mode: 0644
2022-03-20 14:56:56 +00:00
- name: Set SELinux booleans
2022-03-18 18:07:25 +00:00
seboolean:
name: "{{ item.name }}"
state: "{{ item.state | bool }}"
persistent: "{{ item.persistent | default(True) | bool }}"
loop: "{{ podman_sebooleans }}"
loop_control:
label: "{{ item.name }}: {{ item.state | bool }}"
- name: Create journal log dir
file:
path: /var/log/journal
state: directory
owner: root
group: root
2022-03-20 14:56:56 +00:00
mode: 02755
2022-03-18 18:07:25 +00:00
- name: Create home basedir for systemd users
file:
path: "{{ podman_systemd_home_basedir }}"
state: directory
owner: root
group: root
mode: 0755
register: __podman_home_basedir
become: True
become_user: root
- block:
- name: Set SELinux context for home basedir
command: semanage fcontext -a -e /home "{{ podman_systemd_home_basedir }}"
register: __podman_home_fcontext
failed_when:
- __podman_home_fcontext.rc != 0
- "'already exists' not in __podman_home_fcontext.stderr"
- name: Apply new SELinux file context to filesystem
command: restorecon -R "{{ podman_systemd_home_basedir }}"
when: __podman_home_basedir.changed
become: True
become_user: root