75 lines
2.1 KiB
YAML
75 lines
2.1 KiB
YAML
---
|
|
- name: Ensure required packages are installed
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: "present"
|
|
loop:
|
|
- podman
|
|
- container-selinux
|
|
- bash-completion
|
|
|
|
- name: Install Podman bash-completion
|
|
ansible.builtin.command:
|
|
cmd: "podman completion bash -f /etc/bash_completion.d/podman"
|
|
creates: "/etc/bash_completion.d/podman"
|
|
|
|
- name: Deploy container configuration
|
|
ansible.builtin.template:
|
|
src: etc/containers/containers.conf.j2
|
|
dest: /etc/containers/containers.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: Deploy storage configuration
|
|
ansible.builtin.template:
|
|
src: etc/containers/storage.conf.j2
|
|
dest: /etc/containers/storage.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: Set SELinux booleans
|
|
ansible.posix.seboolean:
|
|
name: "{{ item.name }}"
|
|
state: "{{ item.state | bool }}"
|
|
persistent: "{{ item.persistent | default(True) | bool }}"
|
|
loop: "{{ podman_sebooleans }}"
|
|
loop_control:
|
|
label: "{{ item.name }}: {{ item.state | bool }}"
|
|
|
|
- name: Configure namespace id range
|
|
ansible.builtin.lineinfile:
|
|
dest: "{{ item }}"
|
|
regexp: "^containers:"
|
|
line: "containers:{{ podman_nsremap_range_start }}:{{ podman_nsremap_range_length }}"
|
|
loop:
|
|
- /etc/subuid
|
|
- /etc/subgid
|
|
|
|
- name: Handle registry logins
|
|
containers.podman.podman_login:
|
|
registry: "{{ item.registry }}"
|
|
username: "{{ item.username }}"
|
|
password: "{{ item.password }}"
|
|
when: item.active | default(True) | bool
|
|
loop: "{{ podman_registries }}"
|
|
loop_control:
|
|
label: "{{ item.registry }}"
|
|
|
|
- name: Handle registry logouts
|
|
containers.podman.podman_logout:
|
|
registry: "{{ item.registry }}"
|
|
when: not item.active | default(True) | bool
|
|
loop: "{{ podman_registries }}"
|
|
loop_control:
|
|
label: "{{ item.registry }}"
|
|
|
|
- name: Enable podman socket
|
|
ansible.builtin.service:
|
|
name: podman.socket
|
|
daemon_reload: True
|
|
enabled: "{{ podman_socket_enabled | bool }}"
|
|
masked: "{{ not podman_socket_enabled | bool }}"
|
|
state: "{{ podman_socket_enabled | bool | ternary('started', 'stopped', 'started') }}"
|