refactor: drop rootless support
All checks were successful
continuous-integration/drone/pr Build is passing
All checks were successful
continuous-integration/drone/pr Build is passing
This commit is contained in:
parent
01e1b5f008
commit
2872f74770
@ -7,4 +7,16 @@ podman_sebooleans:
|
|||||||
podman_containers_logger: journald
|
podman_containers_logger: journald
|
||||||
podman_engine_event_logger: journald
|
podman_engine_event_logger: journald
|
||||||
|
|
||||||
podman_systemd_home_basedir: /var/lib/rootless
|
podman_nsremap_range_start: 231072
|
||||||
|
podman_nsremap_range_length: 65536
|
||||||
|
|
||||||
|
# @var podman_registries:description: List of docker registries to auto login
|
||||||
|
# @var podman_registries:example: >
|
||||||
|
# podman_registries:
|
||||||
|
# - registry: myregistry.example.com (optional)
|
||||||
|
# username: docker
|
||||||
|
# password: secure
|
||||||
|
# reauthorize: False
|
||||||
|
# state: present
|
||||||
|
# @end
|
||||||
|
podman_registries: []
|
||||||
|
@ -8,13 +8,12 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|||||||
).get_hosts("all")
|
).get_hosts("all")
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize("package", ["podman", "crun", "slirp4netns"])
|
def test_podman_installed(host):
|
||||||
def test_podman_installed(host, package):
|
assert host.package("podman").is_installed
|
||||||
assert host.package(package).is_installed
|
|
||||||
|
|
||||||
|
|
||||||
def test_podman_run(host):
|
def test_podman_run(host):
|
||||||
cmd = host.run("/usr/bin/podman info")
|
cmd = host.run("/usr/bin/podman info")
|
||||||
|
|
||||||
assert "cgroupVersion: v1" in cmd.stdout
|
assert "cgroupVersion: v2" in cmd.stdout
|
||||||
assert cmd.succeeded
|
assert cmd.succeeded
|
||||||
|
@ -6,9 +6,6 @@
|
|||||||
state: "present"
|
state: "present"
|
||||||
loop:
|
loop:
|
||||||
- podman
|
- podman
|
||||||
- slirp4netns
|
|
||||||
- fuse-overlayfs
|
|
||||||
- crun
|
|
||||||
- container-selinux
|
- container-selinux
|
||||||
- bash-completion
|
- bash-completion
|
||||||
|
|
||||||
@ -42,35 +39,23 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.name }}: {{ item.state | bool }}"
|
label: "{{ item.name }}: {{ item.state | bool }}"
|
||||||
|
|
||||||
- name: Create journal log dir
|
- name: Configure namespace id range
|
||||||
file:
|
lineinfile:
|
||||||
path: /var/log/journal
|
dest: "{{ item }}"
|
||||||
state: directory
|
regexp: "^containers:"
|
||||||
owner: root
|
line: "containers:{{ podman_nsremap_range_start }}:{{ podman_nsremap_range_length }}"
|
||||||
group: systemd-journal
|
loop:
|
||||||
mode: 02755
|
- /etc/subuid
|
||||||
|
- /etc/subgid
|
||||||
|
|
||||||
- name: Create home basedir for systemd users
|
- name: Handle registry logins
|
||||||
file:
|
containers.podman.podman_login:
|
||||||
path: "{{ podman_systemd_home_basedir }}"
|
registry: "{{ item.url | default(omit) }}"
|
||||||
state: directory
|
username: "{{ item.username }}"
|
||||||
owner: root
|
password: "{{ item.password }}"
|
||||||
group: root
|
state: '{{ item.state | default("present") }}'
|
||||||
mode: 0755
|
loop: "{{ podman_registries }}"
|
||||||
register: __podman_home_basedir
|
loop_control:
|
||||||
become: True
|
label: "{{ item.url }}"
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Set SELinux context for home basedir
|
|
||||||
command: semanage fcontext -a -e /home "{{ podman_systemd_home_basedir }}"
|
|
||||||
register: __podman_home_fcontext
|
|
||||||
failed_when:
|
|
||||||
- __podman_home_fcontext.rc != 0
|
|
||||||
- "'already exists' not in __podman_home_fcontext.stderr"
|
|
||||||
|
|
||||||
- name: Apply new SELinux file context to filesystem
|
|
||||||
command: restorecon -R "{{ podman_systemd_home_basedir }}"
|
|
||||||
when: __podman_home_basedir.changed
|
|
||||||
become: True
|
become: True
|
||||||
become_user: root
|
become_user: root
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
#jinja2: lstrip_blocks: True
|
#jinja2: lstrip_blocks: True
|
||||||
{{ ansible_managed | comment }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
# The containers configuration file specifies all of the available configuration
|
# The containers configuration file specifies all of the available configuration
|
||||||
# command-line options/flags for container engine tools like Podman & Buildah,
|
# command-line options/flags for container engine tools like Podman & Buildah,
|
||||||
# but in a TOML format that can be easily modified and versioned.
|
# but in a TOML format that can be easily modified and versioned.
|
||||||
@ -19,7 +18,6 @@
|
|||||||
|
|
||||||
[containers]
|
[containers]
|
||||||
default_capabilities = [
|
default_capabilities = [
|
||||||
"NET_RAW",
|
|
||||||
"CHOWN",
|
"CHOWN",
|
||||||
"DAC_OVERRIDE",
|
"DAC_OVERRIDE",
|
||||||
"FOWNER",
|
"FOWNER",
|
||||||
@ -30,7 +28,6 @@ default_capabilities = [
|
|||||||
"SETGID",
|
"SETGID",
|
||||||
"SETPCAP",
|
"SETPCAP",
|
||||||
"SETUID",
|
"SETUID",
|
||||||
"SYS_CHROOT"
|
|
||||||
]
|
]
|
||||||
|
|
||||||
default_sysctls = [
|
default_sysctls = [
|
||||||
@ -38,7 +35,7 @@ default_sysctls = [
|
|||||||
]
|
]
|
||||||
|
|
||||||
log_driver = "{{ podman_containers_logger }}"
|
log_driver = "{{ podman_containers_logger }}"
|
||||||
rootless_networking = "slirp4netns"
|
userns = "auto"
|
||||||
|
|
||||||
[secrets]
|
[secrets]
|
||||||
|
|
||||||
@ -48,7 +45,6 @@ rootless_networking = "slirp4netns"
|
|||||||
|
|
||||||
[engine]
|
[engine]
|
||||||
events_logger = "{{ podman_engine_event_logger }}"
|
events_logger = "{{ podman_engine_event_logger }}"
|
||||||
infra_image = "registry.access.redhat.com/ubi8/pause"
|
|
||||||
runtime = "crun"
|
runtime = "crun"
|
||||||
|
|
||||||
[engine.runtimes]
|
[engine.runtimes]
|
||||||
|
@ -7,14 +7,14 @@ driver = "overlay"
|
|||||||
|
|
||||||
runroot = "/run/containers/storage"
|
runroot = "/run/containers/storage"
|
||||||
graphroot = "/var/lib/containers/storage"
|
graphroot = "/var/lib/containers/storage"
|
||||||
rootless_storage_path = "$HOME/.local/share/containers/storage"
|
|
||||||
|
|
||||||
[storage.options]
|
[storage.options]
|
||||||
additionalimagestores = [
|
additionalimagestores = [
|
||||||
]
|
]
|
||||||
|
|
||||||
|
pull_options = {enable_partial_images = "false", use_hard_links = "false", ostree_repos=""}
|
||||||
|
|
||||||
[storage.options.overlay]
|
[storage.options.overlay]
|
||||||
mount_program = "/usr/bin/fuse-overlayfs"
|
|
||||||
mountopt = "nodev,metacopy=on"
|
mountopt = "nodev,metacopy=on"
|
||||||
|
|
||||||
[storage.options.thinpool]
|
[storage.options.thinpool]
|
||||||
|
Loading…
Reference in New Issue
Block a user