diff options
| author | spmfox <spmfox@foxwd.com> | 2025-05-15 17:16:45 -0400 |
|---|---|---|
| committer | spmfox <spmfox@foxwd.com> | 2025-05-15 17:16:45 -0400 |
| commit | e53c324dae5957a99f6ecbb0ad88246c204da42f (patch) | |
| tree | 7def0197925f600c92092ee43573eaf309abc1bf /README.md | |
| parent | 9af1708e2f67af6c44e800d6960ad3fc962b3386 (diff) | |
Updating readme, documentation, and a localhost warning - formalizing changes made for remote runsHEADmain
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 35 |
1 files changed, 26 insertions, 9 deletions
@@ -8,35 +8,52 @@ This repo contains two roles, `host` and `containers`, that automate the deploym Quadlet files and some understanding of quadlet and/or systemd is required to use this tool. ## Usage + git clone https://github.com/spmfox/PodPlaybook.git && cd PodPlaybook + ansible-galaxy install -r collections/requirements.yml ansible-playbook host.yml + sudo machinectl shell containers@ - ansible-playbook -i docs/sample-environment/wordpress/wordpress.yml containers.yml + git clone https://github.com/spmfox/PodPlaybook.git && cd PodPlaybook + ansible-playbook -i docs/sample-environment/wordpress/wordpress.yml containers-local.yml ## Features - Designed for rootless Podman - Easily deploy/remove quadlet files and stop/start quadlet services - Define your application's quadlet files so they are treated as one entity with Ansible +- Optionally configure your host with common settings like firewall, timezone, mounts, etc ## Sample Environment A fully working pod with Wordpress and a MariaDB database are in the `docs/sample-environment/wordpress` directory. The environment variables are in `wordpress.yml`, you'll also find the containerfiles and the quadlet files. +## Example Inventory +A example inventory is included in `docs/example-inventory.yml` showing all of the common host configuration variables as well as multiple quadlets. + ## Requirements - Ansible - Podman - User with `sudo` rights (to create unprivileged user) ## Operation -- **Note:** `host.yml` and `containers.yml` will default to execute on localhost if a host isn't provided - - This means you can either create a full inventory with a host and variables or just variables that will be run against localhost -- `host.yml` - installs the needed packages and creates the `containers` unprivileged user - use with a privileged account -- `containers.yml` - will copy the quadlet files and start the quadlet - use with the unprivileged account +- `host.yml` - configures the host - can be run remotely or locally + - Default operation is to install podman and create+configure the containers user + - Can be used for configuring: + - hostname + - timezone + - mounts + - additional packages + - unprivileged users port access + - automatic patching + - ssh hardening + - firewall +- `containers-local.yml` - automates Quadlet file deployment and systemd Quadlet service start/stop + - Used on localhost only + - Designed to be run as the unprivileged containers user, but can be run as any user +- `containers-remote.yml` - same functionality as the local, except its designed to be run remotely + - Because `machinectl` has to be used to manage the Quadlet systemd services, you are forced to use the root user for ssh ## Tags -- `host.yml`: - - `unprivileged-port` - configures host to allow unprivileged accounts to use privileged ports, defaults to `80` - - `cpanel-dnsonly` - changes only needed when running on a dnsonly cPanel instance, check `roles/host/tasks/cpanel-dnsonly.yml` for details -- `containers.yml`: +- `containers-local.yml` & `containers-remote.yml`: - `create` - create quadlet files - `remove` - remove quadlet files - `start` - start quadlet services |