--- - name: Ensure required packages are installed ansible.builtin.package: name: "{{ item }}" state: "present" loop: - podman - container-selinux - bash-completion - name: Install Podman bash-completion ansible.builtin.command: cmd: "podman completion bash -f /etc/bash_completion.d/podman" creates: "/etc/bash_completion.d/podman" - name: Deploy container configuration ansible.builtin.template: src: etc/containers/containers.conf.j2 dest: /etc/containers/containers.conf owner: root group: root mode: "0644" - name: Deploy storage configuration ansible.builtin.template: src: etc/containers/storage.conf.j2 dest: /etc/containers/storage.conf owner: root group: root mode: "0644" - name: Set SELinux booleans ansible.posix.seboolean: name: "{{ item.name }}" state: "{{ item.state | bool }}" persistent: "{{ item.persistent | default(True) | bool }}" loop: "{{ podman_sebooleans }}" loop_control: label: "{{ item.name }}: {{ item.state | bool }}" - name: Configure namespace id range ansible.builtin.lineinfile: dest: "{{ item }}" regexp: "^containers:" line: "containers:{{ podman_nsremap_range_start }}:{{ podman_nsremap_range_length }}" loop: - /etc/subuid - /etc/subgid - name: Handle registry logins containers.podman.podman_login: registry: "{{ item.registry }}" username: "{{ item.username }}" password: "{{ item.password }}" when: item.active | default(True) | bool loop: "{{ podman_registries }}" loop_control: label: "{{ item.registry }}" - name: Handle registry logouts containers.podman.podman_logout: registry: "{{ item.registry }}" when: not item.active | default(True) | bool loop: "{{ podman_registries }}" loop_control: label: "{{ item.registry }}" - name: Enable podman socket ansible.builtin.service: name: podman.socket daemon_reload: True enabled: "{{ podman_socket_enabled | bool }}" masked: "{{ not podman_socket_enabled | bool }}" state: "{{ podman_socket_enabled | bool | ternary('started', 'stopped', 'started') }}"