Role - tripleo-podman¶
Role Documentation¶
Welcome to the “tripleo_podman” role documentation.
Role Defaults¶
This section highlights all of the defaults and variables set within the “tripleo_podman” role.
# All variables intended for modification should be placed in this file.
tripleo_podman_hide_sensitive_logs: '{{ hide_sensitive_logs | default(true) }}'
tripleo_podman_debug: '{{ ((ansible_verbosity | int) >= 2) | bool }}'
tripleo_podman_buildah_login: false
tripleo_container_registry_insecure_registries: []
tripleo_container_registry_login: false
tripleo_container_registry_logins: {}
tripleo_podman_packages: '{{ _tripleo_podman_packages | default([]) }}'
tripleo_buildah_packages: '{{ _tripleo_buildah_packages | default([]) }}'
tripleo_podman_purge_packages: '{{ _tripleo_podman_purge_packages | default([]) }}'
tripleo_podman_enable_socket: false
tripleo_podman_unqualified_search_registries:
- registry.redhat.io
- registry.access.redhat.com
- registry.fedoraproject.org
- registry.centos.org
- quay.io
tripleo_podman_insecure_registries: '{{ tripleo_container_registry_insecure_registries
}}'
# this is the default network configuration except the range has been moved
# from 10.88.0.0/16 to 10.255.255.0/24 to try and prevent a conflict in an
# existing cloud
tripleo_podman_default_network_config:
cniVersion: 0.4.0
name: podman
plugins:
- type: bridge
bridge: cni-podman0
isGateway: true
ipMasq: true
hairpinMode: true
ipam:
type: host-local
routes:
- dst: 0.0.0.0/0
ranges:
- - subnet: 10.255.255.0/24
gateway: 10.255.255.1
- type: portmap
capabilities:
portMappings: true
- type: firewall
- type: tuning
# tripleo_podman_registries requires a list of dictionaries
# Example:
# tripleo_podman_registries:
# - prefix: quay.io
# insecure: false
# location: quay.io
# mirrors:
# - location: 192.168.0.1:8787
# insecure: true
# - prefix: registry.redhat.io
# insecure: false
# location: registry.redhat.io
# mirrors:
# - location: 192.168.0.2:8787
# insecure: false
# - prefix: registry.fedoraproject.org
# blocked: true
tripleo_podman_registries: []
tripleo_container_default_pids_limit: 4096
tripleo_container_events_logger_mechanism: journald
tripleo_container_default_runtime: runc
tripleo_container_default_network_backend: cni
# tell the tripleo_container_manage to inject
# additional ordering dependencies for the systemd
# scopes associated to podman containers.
tripleo_podman_systemd_drop_in_dependencies: true
tripleo_podman_service_unit_name: tripleo_podman.service
tripleo_podman_service_unit_description: Podman API service for TripleO purposes
tripleo_podman_socket_path: /var/lib/tripleo-podman/podman.sock
Role Variables: redhat.yml¶
_tripleo_podman_packages:
- podman
_tripleo_buildah_packages:
- buildah
_tripleo_podman_purge_packages:
- docker
- docker-ce
Role Variables: redhat-9.yml¶
_tripleo_podman_packages:
- podman
_tripleo_buildah_packages:
- buildah
tripleo_container_default_runtime: crun
tripleo_container_default_network_backend: netavark
Molecule Scenarios¶
Molecule is being used to test the “tripleo_podman” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.
Scenario: default¶
Molecule Inventory¶
hosts:
all:
hosts:
instance:
ansible_host: localhost
Example default playbook¶
- name: Converge
hosts: all
roles:
- role: tripleo_podman
Scenario: login¶
Molecule Inventory¶
hosts:
all:
hosts:
instance:
ansible_host: localhost
Example login playbook¶
- name: Converge
hosts: all
vars:
tripleo_podman_hide_sensitive_logs: false
tripleo_podman_buildah_login: true
tripleo_container_registry_logins:
localhost:5000:
testuser: testpassword
tasks:
- include_role:
name: tripleo_podman
tasks_from: login.yml
- include_role:
name: tripleo_podman
tasks_from: buildah_login.yml
Scenario: install¶
Molecule Inventory¶
hosts:
all:
hosts:
instance:
ansible_host: localhost
Example install playbook¶
- name: Converge
hosts: all
tasks:
- name: Run install
include_role:
name: tripleo_podman
tasks_from: install.yml
vars_from: redhat.yml
# https://bugs.launchpad.net/bugs/1889510
- name: Test podman network ls
become: true
command: podman network ls
