From 1ccda61a880616a16c3518d641fc90bc165f173c Mon Sep 17 00:00:00 2001 From: Ricard Illa Date: Sun, 30 Oct 2022 16:32:32 +0100 Subject: [PATCH] podman --- deploy.yml | 9 ++++++- group_vars/all/main.yml | 2 ++ hosts.yml | 4 ++-- roles/podman/tasks/alpine.yml | 44 +++++++++++++++++++++++++++++++++++ roles/podman/tasks/main.yml | 5 ++++ roles/podman/vars/main.yml | 1 + 6 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 roles/podman/tasks/alpine.yml create mode 100644 roles/podman/tasks/main.yml create mode 100644 roles/podman/vars/main.yml diff --git a/deploy.yml b/deploy.yml index 012d4b7..3271139 100644 --- a/deploy.yml +++ b/deploy.yml @@ -39,13 +39,20 @@ - name: docker hosts: - - suricata - caladan - narwhal become: true roles: - docker +- name: podman + hosts: + - suricata + become: true + roles: + - podman + tags: podman + - name: common roles hosts: - caladan diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index f9ebe07..d6e12a1 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -7,3 +7,5 @@ deb_arch_mapping: { "x86_64": "amd64", "i386": "i386" } + +main_user: rilla diff --git a/hosts.yml b/hosts.yml index 42891a7..4b70338 100644 --- a/hosts.yml +++ b/hosts.yml @@ -105,9 +105,9 @@ all: passno: "0" - src: "/dev/mapper/disk0" - path: "/var/lib/docker" + path: "/var/lib/containers" fstype: "btrfs" - opts: "subvol=docker,noatime" + opts: "subvol=containers,noatime" passno: "0" rpi_cfg: diff --git a/roles/podman/tasks/alpine.yml b/roles/podman/tasks/alpine.yml new file mode 100644 index 0000000..efa4c9f --- /dev/null +++ b/roles/podman/tasks/alpine.yml @@ -0,0 +1,44 @@ +--- + +- name: install podman with apk + apk: + name: + - podman + +- name: enable cgroups v2 + lineinfile: + path: /etc/rc.conf + line: 'rc_cgroup_mode="unified"' + regexp: '#?rc_cgroup_mode=".+"' + +- name: start and enable cgroups + service: + name: cgroups + state: started + enabled: true + +- name: set podman storage driver + lineinfile: + path: /etc/containers/storage.conf + line: 'driver = "{{ podman_storage_driver }}"' + regexp: '"driver = ".+"' + +- name: load tun module for rootless podman support + modprobe: + name: tun + state: present + +- name: tun module on startup + lineinfile: + path: /etc/modules + line: tun + insertafter: EOF + +- name: lines for podman rootless support on /etc/subuid and /etc/subgid + lineinfile: + path: "{{ item }}" + line: "{{ main_user }}:100000:65536" + insertafter: EOF + loop: + - /etc/subuid + - /etc/subgid diff --git a/roles/podman/tasks/main.yml b/roles/podman/tasks/main.yml new file mode 100644 index 0000000..56148cd --- /dev/null +++ b/roles/podman/tasks/main.yml @@ -0,0 +1,5 @@ +--- + +- name: 'alpine-specific podman things' + include_tasks: alpine.yml + when: ansible_distribution == "Alpine" diff --git a/roles/podman/vars/main.yml b/roles/podman/vars/main.yml new file mode 100644 index 0000000..a08b787 --- /dev/null +++ b/roles/podman/vars/main.yml @@ -0,0 +1 @@ +podman_storage_driver: btrfs