Role - tripleo-podman

Role Documentation

Welcome to the “tripleo_podman” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “tripleo_podman” role.

# All variables intended for modification should be placed in this file.
tripleo_podman_hide_sensitive_logs: '{{ hide_sensitive_logs | default(true) }}'
tripleo_podman_debug: '{{ ((ansible_verbosity | int) >= 2) | bool }}'

tripleo_podman_buildah_login: false
tripleo_container_registry_insecure_registries: []
tripleo_container_registry_login: false
tripleo_container_registry_logins: {}
tripleo_podman_packages: '{{ _tripleo_podman_packages | default([]) }}'
tripleo_buildah_packages: '{{ _tripleo_buildah_packages | default([]) }}'
tripleo_podman_purge_packages: '{{ _tripleo_podman_purge_packages | default([]) }}'
tripleo_podman_tls_verify: true
tripleo_podman_enable_socket: false
tripleo_podman_unqualified_search_registries:
- registry.redhat.io
- registry.access.redhat.com
- registry.fedoraproject.org
- registry.centos.org
- quay.io
tripleo_podman_insecure_registries: '{{ tripleo_container_registry_insecure_registries
  }}'
# this is the default network configuration except the range has been moved
# from 10.88.0.0/16 to 10.255.255.0/24 to try and prevent a conflict in an
# existing cloud
tripleo_podman_default_network_config:
  cniVersion: 0.4.0
  name: podman
  plugins:
  - type: bridge
    bridge: cni-podman0
    isGateway: true
    ipMasq: true
    hairpinMode: true
    ipam:
      type: host-local
      routes:
      - dst: 0.0.0.0/0
      ranges:
      - - subnet: 10.255.255.0/24
          gateway: 10.255.255.1
  - type: portmap
    capabilities:
      portMappings: true
  - type: firewall
  - type: tuning
# tripleo_podman_registries requires a list of dictionaries
# Example:
# tripleo_podman_registries:
#   - prefix: quay.io
#     insecure: false
#     location: quay.io
#     mirrors:
#       - location: 192.168.0.1:8787
#         insecure: true
#   - prefix: registry.redhat.io
#     insecure: false
#     location: registry.redhat.io
#     mirrors:
#       - location: 192.168.0.2:8787
#         insecure: false
#   - prefix: registry.fedoraproject.org
#     blocked: true
tripleo_podman_registries: []
tripleo_container_default_pids_limit: 4096
tripleo_container_events_logger_mechanism: journald
tripleo_container_default_runtime: runc
tripleo_container_default_network_backend: cni

# tell the tripleo_container_manage to inject
# additional ordering dependencies for the systemd
# scopes associated to podman containers.
tripleo_podman_systemd_drop_in_dependencies: true

tripleo_podman_service_unit_name: tripleo_podman.service
tripleo_podman_service_unit_description: Podman API service for TripleO purposes
tripleo_podman_socket_path: /var/lib/tripleo-podman/podman.sock

Role Variables: redhat-9.yml

_tripleo_podman_packages:
- podman

_tripleo_buildah_packages:
- buildah

tripleo_container_default_runtime: crun
tripleo_container_default_network_backend: netavark

Role Variables: redhat.yml

_tripleo_podman_packages:
- podman

_tripleo_buildah_packages:
- buildah

_tripleo_podman_purge_packages:
- docker
- docker-ce

Molecule Scenarios

Molecule is being used to test the “tripleo_podman” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: install

Molecule Inventory
hosts:
  all:
    hosts:
      instance:
        ansible_host: localhost
Example install playbook
- name: Converge
  hosts: all
  tasks:
  - name: Run install
    include_role:
      name: tripleo_podman
      tasks_from: tripleo_podman_install.yml
      vars_from: redhat.yml
    # https://bugs.launchpad.net/bugs/1889510
  - name: Test podman network ls
    become: true
    command: podman network ls

Scenario: login

Molecule Inventory
hosts:
  all:
    hosts:
      instance:
        ansible_host: localhost
Example login playbook
- name: Converge
  hosts: all
  vars:
    tripleo_podman_hide_sensitive_logs: false
    tripleo_podman_buildah_login: true
    tripleo_podman_tls_verify: false
    tripleo_container_registry_logins:
      localhost:5000:
        testuser: testpassword
  tasks:
  - include_role:
      name: tripleo_podman
      tasks_from: tripleo_podman_login.yml
  - include_role:
      name: tripleo_podman
      tasks_from: tripleo_podman_buildah_login.yml

Scenario: default

Molecule Inventory
hosts:
  all:
    hosts:
      instance:
        ansible_host: localhost
Example default playbook
- name: Converge
  hosts: all
  roles:
  - role: tripleo_podman