Merge "ensure-podman: add tasks to configure socket group"
This commit is contained in:
Zuul
Gerrit Code Review
commit
ff7c769173
@ -6,3 +6,16 @@ Install podman container manager
|
|||||||
:default: false
|
:default: false
|
||||||
|
|
||||||
Used to enable validation of podman engine.
|
Used to enable validation of podman engine.
|
||||||
|
|
||||||
|
.. zuul:rolevar:: ensure_podman_socket
|
||||||
|
:default: false
|
||||||
|
|
||||||
|
Enabling this will cause the role to configure a group and add the
|
||||||
|
user to it in order to have access to the root-owned system-level
|
||||||
|
compatability socket.
|
||||||
|
|
||||||
|
.. zuul:rolevar:: ensure_podman_group
|
||||||
|
:default: podman
|
||||||
|
|
||||||
|
Only used if `ensure_podman_socket` is set. Configures the group
|
||||||
|
name to use.
|
||||||
|
|||||||
@ -1 +1,3 @@
|
|||||||
ensure_podman_validate: false
|
ensure_podman_validate: false
|
||||||
|
ensure_podman_socket: false
|
||||||
|
ensure_podman_group: podman
|
||||||
|
|||||||
22
roles/ensure-podman/tasks/Ubuntu-24.04.yaml
Normal file
22
roles/ensure-podman/tasks/Ubuntu-24.04.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
- name: Install podman
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- podman
|
||||||
|
- uidmap
|
||||||
|
- slirp4netns
|
||||||
|
- fuse-overlayfs
|
||||||
|
- containernetworking-plugins
|
||||||
|
# This enables container network dns resolution:
|
||||||
|
- golang-github-containernetworking-plugin-dnsname
|
||||||
|
state: present
|
||||||
|
become: yes
|
||||||
|
- name: Create containers config dir
|
||||||
|
file:
|
||||||
|
path: '{{ ansible_user_dir }}/.config/containers'
|
||||||
|
state: directory
|
||||||
|
- name: Force cgroup manager to cgroupfs for Ubuntu
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
[engine]
|
||||||
|
cgroup_manager = "cgroupfs"
|
||||||
|
dest: '{{ ansible_user_dir }}/.config/containers/containers.conf'
|
||||||
@ -26,3 +26,7 @@
|
|||||||
podman info
|
podman info
|
||||||
podman ps
|
podman ps
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Set up docker compatability socket
|
||||||
|
when: ensure_podman_socket
|
||||||
|
include_tasks: "root-socket.yaml"
|
||||||
|
|||||||
43
roles/ensure-podman/tasks/root-socket.yaml
Normal file
43
roles/ensure-podman/tasks/root-socket.yaml
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
# We have a podman group, like the docker group, for controlling
|
||||||
|
# access to the root-owned podman service.
|
||||||
|
- name: Ensure "podman" group exists
|
||||||
|
become: true
|
||||||
|
group:
|
||||||
|
name: "{{ ensure_podman_group }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Add user to podman group
|
||||||
|
become: true
|
||||||
|
user:
|
||||||
|
name: "{{ ansible_user }}"
|
||||||
|
groups:
|
||||||
|
- "{{ ensure_podman_group }}"
|
||||||
|
append: yes
|
||||||
|
|
||||||
|
- name: Ensure systemd config directory exists
|
||||||
|
become: true
|
||||||
|
file:
|
||||||
|
path: /etc/systemd/system/podman.socket.d
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Add podman socket override config
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
src: podman.socket.override.conf.j2
|
||||||
|
dest: /etc/systemd/system/podman.socket.d/override.conf
|
||||||
|
|
||||||
|
- name: Reset ssh connection to pick up podman group
|
||||||
|
meta: reset_connection
|
||||||
|
|
||||||
|
- name: Assure podman.socket service is running
|
||||||
|
become: true
|
||||||
|
service:
|
||||||
|
name: podman.socket
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Correct group ownership on podman sock
|
||||||
|
become: true
|
||||||
|
file:
|
||||||
|
path: /run/podman/podman.sock
|
||||||
|
group: "{{ ensure_podman_group }}"
|
||||||
@ -0,0 +1,3 @@
|
|||||||
|
[Socket]
|
||||||
|
SocketGroup={{ ensure_podman_group }}
|
||||||
|
|
||||||
@ -505,6 +505,110 @@
|
|||||||
run: test-playbooks/ensure-podman/main.yaml
|
run: test-playbooks/ensure-podman/main.yaml
|
||||||
vars:
|
vars:
|
||||||
ensure_podman_validate: true
|
ensure_podman_validate: true
|
||||||
|
tags:
|
||||||
|
- debuntu-platforms
|
||||||
|
- exclude-ubuntu-focal
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: zuul-jobs-test-ensure-podman-debian-bookworm
|
||||||
|
description: Test the ensure-podman role on debian-bookworm
|
||||||
|
parent: zuul-jobs-test-ensure-podman
|
||||||
|
tags: auto-generated
|
||||||
|
nodeset:
|
||||||
|
nodes:
|
||||||
|
- name: debian-bookworm
|
||||||
|
label: debian-bookworm
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: zuul-jobs-test-ensure-podman-debian-bullseye
|
||||||
|
description: Test the ensure-podman role on debian-bullseye
|
||||||
|
parent: zuul-jobs-test-ensure-podman
|
||||||
|
tags: auto-generated
|
||||||
|
nodeset:
|
||||||
|
nodes:
|
||||||
|
- name: debian-bullseye
|
||||||
|
label: debian-bullseye
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: zuul-jobs-test-ensure-podman-ubuntu-jammy
|
||||||
|
description: Test the ensure-podman role on ubuntu-jammy
|
||||||
|
parent: zuul-jobs-test-ensure-podman
|
||||||
|
tags: auto-generated
|
||||||
|
nodeset:
|
||||||
|
nodes:
|
||||||
|
- name: ubuntu-jammy
|
||||||
|
label: ubuntu-jammy
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: zuul-jobs-test-ensure-podman-ubuntu-noble
|
||||||
|
description: Test the ensure-podman role on ubuntu-noble
|
||||||
|
parent: zuul-jobs-test-ensure-podman
|
||||||
|
tags: auto-generated
|
||||||
|
nodeset:
|
||||||
|
nodes:
|
||||||
|
- name: ubuntu-noble
|
||||||
|
label: ubuntu-noble
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: zuul-jobs-test-ensure-podman-socket
|
||||||
|
description: |
|
||||||
|
Test the ensure-podman role with the socket option
|
||||||
|
|
||||||
|
This job tests the ensure-podman role. It is not meant to be
|
||||||
|
used directly but rather run on changes to roles in the
|
||||||
|
zuul-jobs repo.
|
||||||
|
abstract: true
|
||||||
|
files:
|
||||||
|
- roles/ensure-podman/.*
|
||||||
|
- roles/ensure-package-repositories/.*
|
||||||
|
- test-playbooks/ensure-podman/.*
|
||||||
|
run: test-playbooks/ensure-podman/main.yaml
|
||||||
|
vars:
|
||||||
|
ensure_podman_validate: true
|
||||||
|
ensure_podman_socket: true
|
||||||
|
tags:
|
||||||
|
- debuntu-platforms
|
||||||
|
- exclude-ubuntu-focal
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: zuul-jobs-test-ensure-podman-socket-debian-bookworm
|
||||||
|
description: Test the ensure-podman role with the socket option on debian-bookworm
|
||||||
|
parent: zuul-jobs-test-ensure-podman-socket
|
||||||
|
tags: auto-generated
|
||||||
|
nodeset:
|
||||||
|
nodes:
|
||||||
|
- name: debian-bookworm
|
||||||
|
label: debian-bookworm
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: zuul-jobs-test-ensure-podman-socket-debian-bullseye
|
||||||
|
description: Test the ensure-podman role with the socket option on debian-bullseye
|
||||||
|
parent: zuul-jobs-test-ensure-podman-socket
|
||||||
|
tags: auto-generated
|
||||||
|
nodeset:
|
||||||
|
nodes:
|
||||||
|
- name: debian-bullseye
|
||||||
|
label: debian-bullseye
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: zuul-jobs-test-ensure-podman-socket-ubuntu-jammy
|
||||||
|
description: Test the ensure-podman role with the socket option on ubuntu-jammy
|
||||||
|
parent: zuul-jobs-test-ensure-podman-socket
|
||||||
|
tags: auto-generated
|
||||||
|
nodeset:
|
||||||
|
nodes:
|
||||||
|
- name: ubuntu-jammy
|
||||||
|
label: ubuntu-jammy
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: zuul-jobs-test-ensure-podman-socket-ubuntu-noble
|
||||||
|
description: Test the ensure-podman role with the socket option on ubuntu-noble
|
||||||
|
parent: zuul-jobs-test-ensure-podman-socket
|
||||||
|
tags: auto-generated
|
||||||
|
nodeset:
|
||||||
|
nodes:
|
||||||
|
- name: ubuntu-noble
|
||||||
|
label: ubuntu-noble
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: zuul-jobs-test-ensure-skopeo
|
name: zuul-jobs-test-ensure-skopeo
|
||||||
@ -635,6 +739,14 @@
|
|||||||
- zuul-jobs-test-ensure-kubernetes-podman-ubuntu-noble
|
- zuul-jobs-test-ensure-kubernetes-podman-ubuntu-noble
|
||||||
- zuul-jobs-test-ensure-kubernetes-microk8s-ubuntu-jammy
|
- zuul-jobs-test-ensure-kubernetes-microk8s-ubuntu-jammy
|
||||||
- zuul-jobs-test-ensure-kubernetes-microk8s-debian-bookworm
|
- zuul-jobs-test-ensure-kubernetes-microk8s-debian-bookworm
|
||||||
|
- zuul-jobs-test-ensure-podman-debian-bookworm
|
||||||
|
- zuul-jobs-test-ensure-podman-debian-bullseye
|
||||||
|
- zuul-jobs-test-ensure-podman-ubuntu-jammy
|
||||||
|
- zuul-jobs-test-ensure-podman-ubuntu-noble
|
||||||
|
- zuul-jobs-test-ensure-podman-socket-debian-bookworm
|
||||||
|
- zuul-jobs-test-ensure-podman-socket-debian-bullseye
|
||||||
|
- zuul-jobs-test-ensure-podman-socket-ubuntu-jammy
|
||||||
|
- zuul-jobs-test-ensure-podman-socket-ubuntu-noble
|
||||||
- zuul-jobs-test-ensure-skopeo-debian-bookworm
|
- zuul-jobs-test-ensure-skopeo-debian-bookworm
|
||||||
- zuul-jobs-test-ensure-skopeo-debian-bullseye
|
- zuul-jobs-test-ensure-skopeo-debian-bullseye
|
||||||
- zuul-jobs-test-ensure-skopeo-ubuntu-focal
|
- zuul-jobs-test-ensure-skopeo-ubuntu-focal
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user