refactor: drop rootless support
All checks were successful
continuous-integration/drone/pr Build is passing
All checks were successful
continuous-integration/drone/pr Build is passing
This commit is contained in:
parent
01e1b5f008
commit
2872f74770
@ -7,4 +7,16 @@ podman_sebooleans:
|
||||
podman_containers_logger: journald
|
||||
podman_engine_event_logger: journald
|
||||
|
||||
podman_systemd_home_basedir: /var/lib/rootless
|
||||
podman_nsremap_range_start: 231072
|
||||
podman_nsremap_range_length: 65536
|
||||
|
||||
# @var podman_registries:description: List of docker registries to auto login
|
||||
# @var podman_registries:example: >
|
||||
# podman_registries:
|
||||
# - registry: myregistry.example.com (optional)
|
||||
# username: docker
|
||||
# password: secure
|
||||
# reauthorize: False
|
||||
# state: present
|
||||
# @end
|
||||
podman_registries: []
|
||||
|
@ -8,13 +8,12 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||
).get_hosts("all")
|
||||
|
||||
|
||||
@pytest.mark.parametrize("package", ["podman", "crun", "slirp4netns"])
|
||||
def test_podman_installed(host, package):
|
||||
assert host.package(package).is_installed
|
||||
def test_podman_installed(host):
|
||||
assert host.package("podman").is_installed
|
||||
|
||||
|
||||
def test_podman_run(host):
|
||||
cmd = host.run("/usr/bin/podman info")
|
||||
|
||||
assert "cgroupVersion: v1" in cmd.stdout
|
||||
assert "cgroupVersion: v2" in cmd.stdout
|
||||
assert cmd.succeeded
|
||||
|
@ -6,9 +6,6 @@
|
||||
state: "present"
|
||||
loop:
|
||||
- podman
|
||||
- slirp4netns
|
||||
- fuse-overlayfs
|
||||
- crun
|
||||
- container-selinux
|
||||
- bash-completion
|
||||
|
||||
@ -42,35 +39,23 @@
|
||||
loop_control:
|
||||
label: "{{ item.name }}: {{ item.state | bool }}"
|
||||
|
||||
- name: Create journal log dir
|
||||
file:
|
||||
path: /var/log/journal
|
||||
state: directory
|
||||
owner: root
|
||||
group: systemd-journal
|
||||
mode: 02755
|
||||
- name: Configure namespace id range
|
||||
lineinfile:
|
||||
dest: "{{ item }}"
|
||||
regexp: "^containers:"
|
||||
line: "containers:{{ podman_nsremap_range_start }}:{{ podman_nsremap_range_length }}"
|
||||
loop:
|
||||
- /etc/subuid
|
||||
- /etc/subgid
|
||||
|
||||
- name: Create home basedir for systemd users
|
||||
file:
|
||||
path: "{{ podman_systemd_home_basedir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
register: __podman_home_basedir
|
||||
become: True
|
||||
become_user: root
|
||||
|
||||
- block:
|
||||
- name: Set SELinux context for home basedir
|
||||
command: semanage fcontext -a -e /home "{{ podman_systemd_home_basedir }}"
|
||||
register: __podman_home_fcontext
|
||||
failed_when:
|
||||
- __podman_home_fcontext.rc != 0
|
||||
- "'already exists' not in __podman_home_fcontext.stderr"
|
||||
|
||||
- name: Apply new SELinux file context to filesystem
|
||||
command: restorecon -R "{{ podman_systemd_home_basedir }}"
|
||||
when: __podman_home_basedir.changed
|
||||
- name: Handle registry logins
|
||||
containers.podman.podman_login:
|
||||
registry: "{{ item.url | default(omit) }}"
|
||||
username: "{{ item.username }}"
|
||||
password: "{{ item.password }}"
|
||||
state: '{{ item.state | default("present") }}'
|
||||
loop: "{{ podman_registries }}"
|
||||
loop_control:
|
||||
label: "{{ item.url }}"
|
||||
become: True
|
||||
become_user: root
|
||||
|
@ -1,6 +1,5 @@
|
||||
#jinja2: lstrip_blocks: True
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
# The containers configuration file specifies all of the available configuration
|
||||
# command-line options/flags for container engine tools like Podman & Buildah,
|
||||
# but in a TOML format that can be easily modified and versioned.
|
||||
@ -19,7 +18,6 @@
|
||||
|
||||
[containers]
|
||||
default_capabilities = [
|
||||
"NET_RAW",
|
||||
"CHOWN",
|
||||
"DAC_OVERRIDE",
|
||||
"FOWNER",
|
||||
@ -30,7 +28,6 @@ default_capabilities = [
|
||||
"SETGID",
|
||||
"SETPCAP",
|
||||
"SETUID",
|
||||
"SYS_CHROOT"
|
||||
]
|
||||
|
||||
default_sysctls = [
|
||||
@ -38,7 +35,7 @@ default_sysctls = [
|
||||
]
|
||||
|
||||
log_driver = "{{ podman_containers_logger }}"
|
||||
rootless_networking = "slirp4netns"
|
||||
userns = "auto"
|
||||
|
||||
[secrets]
|
||||
|
||||
@ -48,7 +45,6 @@ rootless_networking = "slirp4netns"
|
||||
|
||||
[engine]
|
||||
events_logger = "{{ podman_engine_event_logger }}"
|
||||
infra_image = "registry.access.redhat.com/ubi8/pause"
|
||||
runtime = "crun"
|
||||
|
||||
[engine.runtimes]
|
||||
|
@ -7,14 +7,14 @@ driver = "overlay"
|
||||
|
||||
runroot = "/run/containers/storage"
|
||||
graphroot = "/var/lib/containers/storage"
|
||||
rootless_storage_path = "$HOME/.local/share/containers/storage"
|
||||
|
||||
[storage.options]
|
||||
additionalimagestores = [
|
||||
]
|
||||
|
||||
pull_options = {enable_partial_images = "false", use_hard_links = "false", ostree_repos=""}
|
||||
|
||||
[storage.options.overlay]
|
||||
mount_program = "/usr/bin/fuse-overlayfs"
|
||||
mountopt = "nodev,metacopy=on"
|
||||
|
||||
[storage.options.thinpool]
|
||||
|
Loading…
Reference in New Issue
Block a user