chasinglogic.podman

Ansible Role for Podman

Manage services and containers with Podman.

Usage

This role will install Podman according to the Podman documentation and do any other setup needed to make it work on supported platforms.

Important Note: For Ubuntu and Debian systems, it will run an apt upgrade after adding the repository. This upgrade will only happen if the repository is newly added or changed, and will not occur in subsequent runs.

Additionally, it can set up and configure Podman containers as SystemD services.

Example Playbook

- hosts: all
  roles:
    - role: podman

Automatic Service Deployment

Podman containers intended to run as services are generally similar. Therefore, this role includes a variable to deploy and configure containers as SystemD services. More complex setups, like configuring multiple containers as a pod, are not yet supported. To use this feature, define a variable podman_services, which is a list of configurations structured as follows:

podman_services:
  ## Podman Variables
  - image_name: nginx                      # Required: The image name to download
    image_tag: mainline                    # Optional: The tag/version to download, defaults to 'latest'
    description: Web host                   # Optional: Description for the SystemD service file
    publish:                               # Optional: List of ports to publish (host-port:container-port)
      - '80:80'
    network: somenetwork                   # Optional: Network name, created if it doesn't exist
    volumes:                               # Optional: List of volumes to mount
      - '/tmp:/usr/share/nginx/html:ro'
    hostname: chasinglogic.io               # Optional: Define a hostname for the container
    secrets:                               # Optional: List of secrets to mount (name required)
      - name: secret
        type: mount
        target: /run/secrets/secret
        uid: 0
        gid: 0
        mode: 0
    env_vars:                              # Optional: List of environment variables to add
      - SOME_VAR=SOME_VALUE
    flags:                                  # Optional: Arbitrary arguments to add
      - '--cap-add=NET_ADMIN'

    ## SystemD Variables
    restart: always                         # Optional: Restart policy for this service, default is always
    restart_sec: 30                        # Optional: Time to wait between restarts in seconds, default is 30
    service_name: nginx                     # Optional: Name for the SystemD service
    after:                                  # Optional: Services this SystemD service must start after
      - network.target
    timeout_start_sec: 5m                  # Optional: Timeout for starting the service, default is 5 minutes
    install:                                # Optional: Install section for the SystemD service
      wanted_by:
        - multi-user.target
    user: root                              # Optional: User for the service file, defaults to root
    group: root                             # Optional: Group for the service file, defaults to root

Networking

Currently, Ansible does not have a module for Podman networking like it does for Docker. If you're using the network option, ensure the network exists before this role runs. Future updates may add Podman networking support to Ansible.