Ansible Role podman_containers

This role installs Podman and deploys Quadlets to configure containers, networks and volumes. The role supports running rootless containers.

Mandatory Requirements

• When running rootless containers, make sure to create a user with lingering enabled. This can be done using the linuxfabrik.lfops.login role:

login__users__host_var:
  - name: 'example'
    home: '/opt/example'
    state: 'present'
    linger: true

Tags

Tag	What it does	Reload / Restart
podman_containers	Installs Podman, deploys Quadlets and manages their state	-
podman_containers:containers	Deploys and removes container Quadlets	-
podman_containers:networks	Deploys and removes network Quadlets	-
podman_containers:state	Manages the state of the containers, networks and volumes	-
podman_containers:volumes	Deploys and removes volume Quadlets	-

Optional Role Variables

Variable	Description	Default Value
podman_containers__containers__host_var / podman_containers__containers__group_var	List of dictionaries describing the Podman containers. Subkeys: enabled: Boolean, optional. Set true to start the container at boot. Defaults to true. name: String, mandatory. Name of the quadlet file. Will be suffixed with -container.service. raw_container: String, optional. Raw block in the [Container] section. Defaults to unset. raw_install: String, optional. Raw block in the [Install] section. Defaults to unset. raw_service: String, optional. Raw block in the [Service] section. Defaults to unset. raw_unit: String, optional. Raw block in the [Unit] section. Defaults to unset. state: String, optional. State of the container. Possible options: present, absent, started (implies present), stopped (implies present). Defaults to started. user: String, optional. Set this to run the container as rootless. Defaults to unset Defaults to unset (rootful). wanted_by: String, optional. Unit for the WantedBy directive. Only effective if enabled: true is set. Defaults to default.target.	[]
podman_networks__networks__host_var / podman_networks__networks__group_var	List of dictionaries describing the Podman networks. Subkeys: enabled: Boolean, optional. Set true to start the network at boot. Defaults to true. name: String, mandatory. Name of the quadlet file. Will be suffixed with -network.service. raw_network: String, optional. Raw block in the [Network] section. Defaults to unset. raw_install: String, optional. Raw block in the [Install] section. Defaults to unset. raw_service: String, optional. Raw block in the [Service] section. Defaults to unset. raw_unit: String, optional. Raw block in the [Unit] section. Defaults to unset. state: String, optional. State of the network. Possible options: present, absent, started (implies present), stopped (implies present). Defaults to started. user: String, optional. Set this to run the corresponding container as rootless. Defaults to unset (rootful). wanted_by: String, optional. Unit for the WantedBy directive. Only effective if enabled: true is set. Defaults to default.target.	[]
podman_volumes__volumes__host_var / podman_volumes__volumes__group_var	List of dictionaries describing the Podman volumes. Subkeys: enabled: Boolean, optional. Set true to start the volume at boot. Defaults to true. name: String, mandatory. Name of the quadlet file. Will be suffixed with -volume.service. raw_volume: String, optional. Raw block in the [Volume] section. Defaults to unset. raw_install: String, optional. Raw block in the [Install] section. Defaults to unset. raw_service: String, optional. Raw block in the [Service] section. Defaults to unset. raw_unit: String, optional. Raw block in the [Unit] section. Defaults to unset. state: String, optional. State of the volume. Possible options: present, absent, started (implies present), stopped (implies present). Defaults to started. user: String, optional. Set this to run the corresponding container as rootless. Defaults to unset (rootful). wanted_by: String, optional. Unit for the WantedBy directive. Only effective if enabled: true is set. Defaults to default.target.	[]

Example:

# optional
podman_containers__containers__host_var:
  - name: 'rocketchat'
    raw_container: |
      AutoUpdate=registry
      ContainerName=rocketchat
      EnvironmentFile=/opt/rocketchat/rocketchat.env
      HealthCmd=curl --fail --show-error --silent --max-time 2 http://localhost:3000
      HealthInterval=30s
      HealthOnFailure=kill
      HealthRetries=5
      HealthStartPeriod=5s
      HealthTimeout=10s
      Image=registry.rocket.chat/rocketchat/rocket.chat:latest
      LogDriver=journald
      Network=rocketchat.network
      PublishPort=3000:3000/tcp
      User=rocketchat
      UserNS=keep-id:uid=1000,gid=1000
    raw_service: |
      Restart=always
    user: 'rocketuser'
podman_containers__networks__host_var:
  - name: 'rocketchat'
    user: 'rocketuser'
podman_containers__volumes__host_var:
  - name: 'rocketchat'
    user: 'rocketuser'

Troubleshooting

Failed to enable unit: Unit ... is transient or generated.: Since the units are generated, systemctl enable/disable has no effect. Autostarting is handled by the podman-system-generator based on the WantedBy setting in the quadlet. Have a look at man podman-systemd.unit for details.

License

The Unlicense

Author Information

Linuxfabrik GmbH, Zurich