diff --git a/.drone.jsonnet b/.drone.jsonnet index b58970d..e70684c 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -41,7 +41,7 @@ local PipelineLinting = { }, }; -local PipelineDeployment(scenario='rocky8') = { +local PipelineDeployment(scenario='rocky9') = { kind: 'pipeline', name: 'testing-' + scenario, platform: { @@ -115,7 +115,7 @@ local PipelineDocumentation = { ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'], }, depends_on: [ - 'testing-rocky8', + 'testing-rocky9', ], }; @@ -153,7 +153,7 @@ local PipelineNotification = { [ PipelineLinting, - PipelineDeployment(scenario='rocky8'), + PipelineDeployment(scenario='rocky9'), PipelineDocumentation, PipelineNotification, ] diff --git a/.drone.yml b/.drone.yml index ab5cbeb..5d9780e 100644 --- a/.drone.yml +++ b/.drone.yml @@ -36,7 +36,7 @@ trigger: --- kind: pipeline -name: testing-rocky8 +name: testing-rocky9 platform: os: linux @@ -53,7 +53,7 @@ steps: - name: ansible-molecule image: thegeeklab/molecule:4 commands: - - molecule test -s rocky8 + - molecule test -s rocky9 environment: HCLOUD_TOKEN: from_secret: hcloud_token @@ -107,7 +107,7 @@ trigger: - refs/pull/** depends_on: - - testing-rocky8 + - testing-rocky9 --- kind: pipeline @@ -147,6 +147,6 @@ depends_on: --- kind: signature -hmac: 0a198d7d6b43b7f522c4ee73dc7464ff4b5dc379f9555b4b49ea5b3dd6e8c1cb +hmac: c29456b152af21f872f70b8477cc3ac8edadb3e058c994cbc564319a66469851 ... diff --git a/molecule/default b/molecule/default index 62ea184..afa9fc6 120000 --- a/molecule/default +++ b/molecule/default @@ -1 +1 @@ -rocky8 \ No newline at end of file +rocky9 \ No newline at end of file diff --git a/molecule/rocky8/converge.yml b/molecule/rocky9/converge.yml similarity index 100% rename from molecule/rocky8/converge.yml rename to molecule/rocky9/converge.yml diff --git a/molecule/rocky8/create.yml b/molecule/rocky9/create.yml similarity index 100% rename from molecule/rocky8/create.yml rename to molecule/rocky9/create.yml diff --git a/molecule/rocky9/default b/molecule/rocky9/default new file mode 120000 index 0000000..331d858 --- /dev/null +++ b/molecule/rocky9/default @@ -0,0 +1 @@ +default \ No newline at end of file diff --git a/molecule/rocky8/destroy.yml b/molecule/rocky9/destroy.yml similarity index 100% rename from molecule/rocky8/destroy.yml rename to molecule/rocky9/destroy.yml diff --git a/molecule/rocky8/molecule.yml b/molecule/rocky9/molecule.yml similarity index 91% rename from molecule/rocky8/molecule.yml rename to molecule/rocky9/molecule.yml index 0d085dd..73cfed1 100644 --- a/molecule/rocky8/molecule.yml +++ b/molecule/rocky9/molecule.yml @@ -9,8 +9,8 @@ dependency: driver: name: delegated platforms: - - name: rocky8-podman - image: rocky-8 + - name: rocky9-podman + image: rocky-9 server_type: cx11 lint: | /usr/local/bin/flake8 diff --git a/molecule/rocky8/prepare.yml b/molecule/rocky9/prepare.yml similarity index 100% rename from molecule/rocky8/prepare.yml rename to molecule/rocky9/prepare.yml diff --git a/molecule/rocky8/tests/test_default.py b/molecule/rocky9/tests/test_default.py similarity index 100% rename from molecule/rocky8/tests/test_default.py rename to molecule/rocky9/tests/test_default.py diff --git a/tasks/main.yml b/tasks/main.yml index 1f69f7a..5200370 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,2 +1,76 @@ --- -- include_tasks: setup.yml +- block: + - name: Ensure required packages are installed + package: + name: "{{ item }}" + state: "present" + loop: + - podman + - slirp4netns + - fuse-overlayfs + - crun + - container-selinux + - bash-completion + + - name: Install Podman bash-completion + command: + cmd: "podman completion bash -f /etc/bash_completion.d/podman" + creates: "/etc/bash_completion.d/podman" + + - name: Deploy container configuration + template: + src: etc/containers/containers.conf.j2 + dest: /etc/containers/containers.conf + owner: root + group: root + mode: 0644 + + - name: Deploy storage configuration + template: + src: etc/containers/storage.conf.j2 + dest: /etc/containers/storage.conf + owner: root + group: root + mode: 0644 + + - name: Set SELinux booleans + seboolean: + name: "{{ item.name }}" + state: "{{ item.state | bool }}" + persistent: "{{ item.persistent | default(True) | bool }}" + loop: "{{ podman_sebooleans }}" + loop_control: + label: "{{ item.name }}: {{ item.state | bool }}" + + - name: Create journal log dir + file: + path: /var/log/journal + state: directory + owner: root + group: systemd-journal + mode: 02755 + + - name: Create home basedir for systemd users + file: + path: "{{ podman_systemd_home_basedir }}" + state: directory + owner: root + group: root + mode: 0755 + register: __podman_home_basedir + become: True + become_user: root + +- block: + - name: Set SELinux context for home basedir + command: semanage fcontext -a -e /home "{{ podman_systemd_home_basedir }}" + register: __podman_home_fcontext + failed_when: + - __podman_home_fcontext.rc != 0 + - "'already exists' not in __podman_home_fcontext.stderr" + + - name: Apply new SELinux file context to filesystem + command: restorecon -R "{{ podman_systemd_home_basedir }}" + when: __podman_home_basedir.changed + become: True + become_user: root diff --git a/tasks/setup.yml b/tasks/setup.yml deleted file mode 100644 index 5200370..0000000 --- a/tasks/setup.yml +++ /dev/null @@ -1,76 +0,0 @@ ---- -- block: - - name: Ensure required packages are installed - package: - name: "{{ item }}" - state: "present" - loop: - - podman - - slirp4netns - - fuse-overlayfs - - crun - - container-selinux - - bash-completion - - - name: Install Podman bash-completion - command: - cmd: "podman completion bash -f /etc/bash_completion.d/podman" - creates: "/etc/bash_completion.d/podman" - - - name: Deploy container configuration - template: - src: etc/containers/containers.conf.j2 - dest: /etc/containers/containers.conf - owner: root - group: root - mode: 0644 - - - name: Deploy storage configuration - template: - src: etc/containers/storage.conf.j2 - dest: /etc/containers/storage.conf - owner: root - group: root - mode: 0644 - - - name: Set SELinux booleans - seboolean: - name: "{{ item.name }}" - state: "{{ item.state | bool }}" - persistent: "{{ item.persistent | default(True) | bool }}" - loop: "{{ podman_sebooleans }}" - loop_control: - label: "{{ item.name }}: {{ item.state | bool }}" - - - name: Create journal log dir - file: - path: /var/log/journal - state: directory - owner: root - group: systemd-journal - mode: 02755 - - - name: Create home basedir for systemd users - file: - path: "{{ podman_systemd_home_basedir }}" - state: directory - owner: root - group: root - mode: 0755 - register: __podman_home_basedir - become: True - become_user: root - -- block: - - name: Set SELinux context for home basedir - command: semanage fcontext -a -e /home "{{ podman_systemd_home_basedir }}" - register: __podman_home_fcontext - failed_when: - - __podman_home_fcontext.rc != 0 - - "'already exists' not in __podman_home_fcontext.stderr" - - - name: Apply new SELinux file context to filesystem - command: restorecon -R "{{ podman_systemd_home_basedir }}" - when: __podman_home_basedir.changed - become: True - become_user: root