Initial commit

Basic roles for installing podman, creating containers, networks and
services

roles/container/defaults/main.yaml

@@ -0,0 +1,11 @@
+---
+container_command: []
+container_user: ""
+container_mounts: []
+container_publish_ports: []
+container_networks: []
+container_env: {}
+container_auto_start: true
+container_auto_update: true
+container_requires: []
+container_wants: []

roles/container/handlers/main.yaml

@@ -0,0 +1,7 @@
+---
+- name: "Restart container service {{ container_name }}"
+  ansible.builtin.systemd_service:
+    name: "{{ container_name }}.service"
+    state: restarted
+    daemon_reload: true
+  ignore_errors: '{{ ansible_check_mode }}'

roles/container/meta/argument_specs.yaml

@@ -0,0 +1,101 @@
+---
+argument_specs:
+  main:
+    short_description: Sets up podman container with systemd units (quadlet)
+    options:
+      container_name:
+        description: Name of the container. Must be unique within a host.
+        type: str
+        required: true
+      container_image:
+        description: "The image to run in the container, in FQIN format (registry/imagename:tag)"
+        type: str
+        required: true
+      container_command:
+        description: Command to start the container with.
+        type: list
+        required: false
+        default: []
+        elements: str
+      container_user:
+        description: The UID to run as inside the container
+        type: str
+        required: false
+        default: ""
+
+      container_mounts:
+        description: List of bind mounts or volumes to be mounted inside the container.
+        type: list
+        required: false
+        default: []
+        elements: dict
+        options:
+          type:
+            description: Type of volume
+            type: str
+            required: true
+            choices:
+              - volume
+              - bind
+          source:
+            description:
+              - Mount source.
+              - If mount type is volume, name of the volume.
+              - If mount type is bind, host path to bind mount inside the container.
+            type: str
+            required: true
+          destination:
+            description: Path inside the container to mount at
+            type: str
+            required: true
+          readonly:
+            description: If true, volume will be mounted as read only inside the container
+            type: bool
+            required: false
+            default: false
+
+      container_publish_ports:
+        description: "A list of published ports in docker format (<host listen address>:<host port>:<container port>)"
+        type: list
+        required: false
+        default: []
+        elements: str
+      container_networks:
+        description: A list of podman networks for the container.
+        type: list
+        required: false
+        default: []
+        elements: str
+      container_env:
+        description: A dict of environment variables for the container
+        type: dict
+        required: false
+        default: {}
+
+      container_requires:
+        description: >
+          List of systemd units (like other containers) this one depends on.
+          You should ensure they are created before this one, or at least within
+          the same play, before handlers are flushed.
+        type: list
+        required: false
+        default: []
+        elements: str
+      container_wants:
+        description: >
+          List of systemd units (like other containers) this one wants.
+          You should ensure they are created within the same play, before handlers are flushed.
+        type: list
+        required: false
+        default: []
+        elements: str
+      container_auto_start:
+        description: Set to false to not start the container automatically on boot or restart on failure.
+        type: bool
+        required: false
+        default: true
+      container_auto_update:
+        description: Whether to let podman automatically update the container whenever the specified image gets updated
+        type: bool
+        required: false
+        default: true

roles/container/meta/main.yaml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: podman

roles/container/tasks/main.yaml

@@ -0,0 +1,16 @@
+---
+- name: Create networks for container {{ container_name }}
+  ansible.builtin.include_role:
+    name: network
+  vars:
+    network_name: "{{ network }}"
+  loop: "{{ container_networks }}"
+  loop_control:
+    loop_var: network
+
+- name: Create container service {{ container_name }}
+  ansible.builtin.template:
+    src: container.j2
+    dest: "/etc/containers/systemd/{{ container_name }}.container"
+    mode: "0600"
+  notify: "Restart container service {{ container_name }}"

roles/container/templates/container.j2

@@ -0,0 +1,46 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=Container {{ container_name }}
+{% for requirement in container_requires %}
+Requires={{ requirement }}
+After={{ requirement }}
+{% endfor %}
+{% for want in container_wants %}
+Requires={{ want }}
+Before={{ want }}
+{% endfor %}
+
+[Container]
+Image={{ container_image }}
+ContainerName={{ container_name }}
+{% if container_command | length > 0 %}
+Exec="{{ container_command | join('" "') }}"
+{% endif %}
+{% if container_user | length > 0 %}
+User={{ container_user }}
+{% endif %}
+{% for mount in container_mounts %}
+Mount={% for key, value in mount.items() %}{{ key }}={{ value }}{% if not loop.last %},{% endif %}{% endfor %}
+
+{% endfor %}
+{% for network in container_networks %}
+Network={{ network }}.network
+{% endfor %}
+{% for port in container_publish_ports %}
+PublishPort={{ port }}
+{% endfor %}
+{% for key, value in container_env.items() %}
+Environment={{ key }}={{ value }}
+{% endfor %}
+{% if container_auto_update %}
+AutoUpdate=registry
+{% endif %}
+
+{% if container_auto_start %}
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+{% endif %}