Ansible Role podman_containers

This role installs Podman and deploys Quadlets to configure containers, networks and volumes. The role supports running rootless containers.

Mandatory Requirements

When running rootless containers, make sure to create a user with lingering enabled. This can be done using the linuxfabrik.lfops.login role:

login__users__host_var:
  - name: 'example'
    home: '/opt/example'
    state: 'present'
    linger: true

Tags

Tag	What it does
`podman_containers`	Installs Podman, deploys Quadlets and manages their state
`podman_containers:containers`	Deploys and removes container Quadlets
`podman_containers:networks`	Deploys and removes network Quadlets
`podman_containers:state`	Manages the state of the containers, networks and volumes
`podman_containers:volumes`	Deploys and removes volume Quadlets

Optional Role Variables

Variable

Description

Default Value

podman_containers__containers__host_var /
podman_containers__containers__group_var

List of dictionaries describing the Podman containers. Subkeys:

enabled: Boolean, optional. Set true to start the container at boot. Defaults to true.
name: String, mandatory. Name of the quadlet file. Will be suffixed with -container.service.
raw_container: String, optional. Raw block in the [Container] section. Defaults to unset.
raw_install: String, optional. Raw block in the [Install] section. Defaults to unset.
raw_service: String, optional. Raw block in the [Service] section. Defaults to unset.
raw_unit: String, optional. Raw block in the [Unit] section. Defaults to unset.
state: String, optional. State of the container. Possible options: present, absent, started (implies present), stopped (implies present). Defaults to started.
user: String, optional. Set this to run the container as rootless. Defaults to unset Defaults to unset (rootful).
wanted_by: String, optional. Unit for the WantedBy directive. Only effective if enabled: true is set. Defaults to default.target.

[]

podman_networks__networks__host_var /
podman_networks__networks__group_var

List of dictionaries describing the Podman networks. Subkeys:

enabled: Boolean, optional. Set true to start the network at boot. Defaults to true.
name: String, mandatory. Name of the quadlet file. Will be suffixed with -network.service.
raw_network: String, optional. Raw block in the [Network] section. Defaults to unset.
raw_install: String, optional. Raw block in the [Install] section. Defaults to unset.
raw_service: String, optional. Raw block in the [Service] section. Defaults to unset.
raw_unit: String, optional. Raw block in the [Unit] section. Defaults to unset.
state: String, optional. State of the network. Possible options: present, absent, started (implies present), stopped (implies present). Defaults to started.
user: String, optional. Set this to run the corresponding container as rootless. Defaults to unset (rootful).
wanted_by: String, optional. Unit for the WantedBy directive. Only effective if enabled: true is set. Defaults to default.target.

[]

podman_volumes__volumes__host_var /
podman_volumes__volumes__group_var

List of dictionaries describing the Podman volumes. Subkeys:

enabled: Boolean, optional. Set true to start the volume at boot. Defaults to true.
name: String, mandatory. Name of the quadlet file. Will be suffixed with -volume.service.
raw_volume: String, optional. Raw block in the [Volume] section. Defaults to unset.
raw_install: String, optional. Raw block in the [Install] section. Defaults to unset.
raw_service: String, optional. Raw block in the [Service] section. Defaults to unset.
raw_unit: String, optional. Raw block in the [Unit] section. Defaults to unset.
state: String, optional. State of the volume. Possible options: present, absent, started (implies present), stopped (implies present). Defaults to started.
user: String, optional. Set this to run the corresponding container as rootless. Defaults to unset (rootful).
wanted_by: String, optional. Unit for the WantedBy directive. Only effective if enabled: true is set. Defaults to default.target.

[]

Example:

# optional
podman_containers__containers__host_var:
  - name: 'rocketchat'
    raw_container: |
      AutoUpdate=registry
      ContainerName=rocketchat
      EnvironmentFile=/opt/rocketchat/rocketchat.env
      HealthCmd=curl --fail --show-error --silent --max-time 2 http://localhost:3000
      HealthInterval=30s
      HealthOnFailure=kill
      HealthRetries=5
      HealthStartPeriod=5s
      HealthTimeout=10s
      Image=registry.rocket.chat/rocketchat/rocket.chat:latest
      LogDriver=journald
      Network=rocketchat.network
      PublishPort=3000:3000/tcp
      User=rocketchat
      UserNS=keep-id:uid=1000,gid=1000
    raw_service: |
      Restart=always
    user: 'rocketuser'
podman_containers__networks__host_var:
  - name: 'rocketchat'
    user: 'rocketuser'
podman_containers__volumes__host_var:
  - name: 'rocketchat'
    user: 'rocketuser'

Troubleshooting

Failed to enable unit: Unit ... is transient or generated.: Since the units are generated, systemctl enable/disable has no effect. Autostarting is handled by the podman-system-generator based on the WantedBy setting in the quadlet. Have a look at man podman-systemd.unit for details.

License

The Unlicense

Author Information

Linuxfabrik GmbH, Zurich