--- - block: - name: Ensure required packages are installed package: name: "{{ item }}" state: "present" loop: - podman - slirp4netns - fuse-overlayfs - crun - container-selinux - name: Deploy container configuration template: src: etc/containers/containers.conf.j2 dest: /etc/containers/containers.conf owner: root group: root mode: 0644 - name: Deploy storage configuration template: src: etc/containers/storage.conf.j2 dest: /etc/containers/storage.conf owner: root group: root mode: 0644 - name: Set SELinux booleans seboolean: name: "{{ item.name }}" state: "{{ item.state | bool }}" persistent: "{{ item.persistent | default(True) | bool }}" loop: "{{ podman_sebooleans }}" loop_control: label: "{{ item.name }}: {{ item.state | bool }}" - name: Create journal log dir file: path: /var/log/journal state: directory owner: root group: root mode: 02755 - name: Create home basedir for systemd users file: path: "{{ podman_systemd_home_basedir }}" state: directory owner: root group: root mode: 0755 register: __podman_home_basedir become: True become_user: root - block: - name: Set SELinux context for home basedir command: semanage fcontext -a -e /home "{{ podman_systemd_home_basedir }}" register: __podman_home_fcontext failed_when: - __podman_home_fcontext.rc != 0 - "'already exists' not in __podman_home_fcontext.stderr" - name: Apply new SELinux file context to filesystem command: restorecon -R "{{ podman_systemd_home_basedir }}" when: __podman_home_basedir.changed become: True become_user: root