2022-03-18 18:07:25 +00:00
|
|
|
---
|
|
|
|
- block:
|
|
|
|
- name: Ensure required packages are installed
|
|
|
|
package:
|
|
|
|
name: "{{ item }}"
|
|
|
|
state: "present"
|
|
|
|
loop:
|
|
|
|
- podman
|
|
|
|
- slirp4netns
|
|
|
|
- fuse-overlayfs
|
|
|
|
- crun
|
2022-03-20 14:56:56 +00:00
|
|
|
- container-selinux
|
2022-03-18 18:07:25 +00:00
|
|
|
|
|
|
|
- name: Deploy container configuration
|
|
|
|
template:
|
|
|
|
src: etc/containers/containers.conf.j2
|
|
|
|
dest: /etc/containers/containers.conf
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
|
|
|
|
|
|
|
- name: Deploy storage configuration
|
|
|
|
template:
|
|
|
|
src: etc/containers/storage.conf.j2
|
|
|
|
dest: /etc/containers/storage.conf
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
|
|
|
|
2022-03-20 14:56:56 +00:00
|
|
|
- name: Set SELinux booleans
|
2022-03-18 18:07:25 +00:00
|
|
|
seboolean:
|
|
|
|
name: "{{ item.name }}"
|
|
|
|
state: "{{ item.state | bool }}"
|
|
|
|
persistent: "{{ item.persistent | default(True) | bool }}"
|
|
|
|
loop: "{{ podman_sebooleans }}"
|
|
|
|
loop_control:
|
|
|
|
label: "{{ item.name }}: {{ item.state | bool }}"
|
|
|
|
|
2022-03-20 14:36:54 +00:00
|
|
|
- name: Create journal log dir
|
|
|
|
file:
|
|
|
|
path: /var/log/journal
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
group: root
|
2022-03-20 14:56:56 +00:00
|
|
|
mode: 02755
|
2022-03-20 14:36:54 +00:00
|
|
|
|
2022-03-18 18:07:25 +00:00
|
|
|
- name: Create home basedir for systemd users
|
|
|
|
file:
|
|
|
|
path: "{{ podman_systemd_home_basedir }}"
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0755
|
|
|
|
register: __podman_home_basedir
|
|
|
|
become: True
|
|
|
|
become_user: root
|
|
|
|
|
|
|
|
- block:
|
|
|
|
- name: Set SELinux context for home basedir
|
|
|
|
command: semanage fcontext -a -e /home "{{ podman_systemd_home_basedir }}"
|
|
|
|
register: __podman_home_fcontext
|
|
|
|
failed_when:
|
|
|
|
- __podman_home_fcontext.rc != 0
|
|
|
|
- "'already exists' not in __podman_home_fcontext.stderr"
|
|
|
|
|
|
|
|
- name: Apply new SELinux file context to filesystem
|
|
|
|
command: restorecon -R "{{ podman_systemd_home_basedir }}"
|
|
|
|
when: __podman_home_basedir.changed
|
|
|
|
become: True
|
|
|
|
become_user: root
|