diff options
| -rw-r--r-- | containers.yml | 148 | ||||
| -rw-r--r-- | docs/sample-environment/inventory.yml | 14 | ||||
| -rw-r--r-- | docs/sample-environment/wordpress/wordpress-app.containerfile | 18 | ||||
| -rw-r--r-- | docs/sample-environment/wordpress/wordpress-db.containerfile | 15 | ||||
| -rw-r--r-- | host.yml | 44 |
5 files changed, 239 insertions, 0 deletions
diff --git a/containers.yml b/containers.yml new file mode 100644 index 0000000..5f4a7d7 --- /dev/null +++ b/containers.yml @@ -0,0 +1,148 @@ +- hosts: localhost + + tasks: + - name: Rebuild images + containers.podman.podman_image: + name: "{{ item.name }}:{{ ansible_date_time.date }}-{{ ansible_date_time.hour }}{{ ansible_date_time.minute }}{{ ansible_date_time.second }}" + path: "{{ item.path }}" + build: + file: "{{ item.file }}" + cache: false + tags: rebuild + loop: "{{ containers }}" + + - name: Tag new images to latest + containers.podman.podman_tag: + image: "{{ item.name }}:{{ ansible_date_time.date }}-{{ ansible_date_time.hour }}{{ ansible_date_time.minute }}{{ ansible_date_time.second }}" + target_names: "{{ item.name }}:latest" + tags: rebuild + loop: "{{ containers }}" + + - name: Stop systemd pod service + ansible.builtin.systemd: + name: "pod-{{ pod.name }}.service" + state: stopped + scope: user + ignore_errors: true + tags: + - remove + - service-stop + when: pod is defined + + - name: Remove systemd pod service file + ansible.builtin.file: + path: "~/.config/systemd/user/pod-{{ pod.name }}.service" + state: absent + tags: remove + when: pod is defined + + - name: Stop systemd container service + ansible.builtin.systemd: + name: "container-{{ item.name }}.service" + state: stopped + scope: user + ignore_errors: true + tags: + - remove + - service-stop + loop: "{{ containers }}" + + - name: Remove systemd container service file + ansible.builtin.file: + path: "~/.config/systemd/user/container-{{ item.name }}.service" + state: absent + tags: remove + loop: "{{ containers }}" + + - name: Remove pod + containers.podman.podman_pod: + name: "{{ pod.name }}" + state: absent + tags: + - remove + - container-stop + when: pod is defined + + - name: Remove containers + containers.podman.podman_container: + name: "{{ item.name }}" + state: absent + tags: + - remove + - container-stop + loop: "{{ containers }}" + + - name: Create pod + containers.podman.podman_pod: + name: "{{ pod.name }}" + ports: "{{ pod.ports }}" + state: started + tags: container-start + when: pod is defined + + - name: Start containers + ansible.builtin.shell: "podman container runlabel {{ item.runlabel }} {{ item.name}}:latest" + tags: container-start + loop: "{{ containers }}" + + - name: Generate systemd service file for pod + containers.podman.podman_generate_systemd: + name: "{{ pod.name }}" + dest: "~/.config/systemd/user/" + new: true + tags: generate-systemd + when: pod is defined + + - name: Generate systemd service file for container (when pod is not in use) + containers.podman.podman_generate_systemd: + name: "{{ item.name }}" + dest: "~/.config/systemd/user/" + new: true + tags: generate-systemd + loop: "{{ containers }}" + when: pod is not defined + + - name: Reload systemd daemon + ansible.builtin.systemd: + daemon_reload: true + scope: user + tags: + - remove + - generate-systemd + + - name: Pause for container full startup + ansible.builtin.pause: + seconds: 30 + + - name: Remove pod + containers.podman.podman_pod: + name: "{{ pod.name }}" + state: absent + when: pod is defined + + - name: Remove containers + containers.podman.podman_container: + name: "{{ item.name }}" + state: absent + loop: "{{ containers }}" + + - name: Start systemd pod service + ansible.builtin.systemd: + name: "pod-{{ pod.name}}.service" + state: started + enabled: true + scope: user + tags: start-service + when: pod is defined + + - name: Start systemd container service + ansible.builtin.systemd: + name: "container-{{ item.name }}.service" + state: started + enabled: true + scope: user + tags: start-service + loop: "{{ containers }}" + + - name: Prune old images + ansible.builtin.shell: podman image prune -f diff --git a/docs/sample-environment/inventory.yml b/docs/sample-environment/inventory.yml new file mode 100644 index 0000000..fd933a3 --- /dev/null +++ b/docs/sample-environment/inventory.yml @@ -0,0 +1,14 @@ +pod: + name: wordpress + ports: + - "8080:80" + +containers: + - name: wordpress-db + path: "docs/sample-environment/wordpress" + file: "wordpress-db.containerfile" + runlabel: "start" + - name: wordpress-app + path: "docs/sample-environment/wordpress" + file: "wordpress-app.containerfile" + runlabel: "start" diff --git a/docs/sample-environment/wordpress/wordpress-app.containerfile b/docs/sample-environment/wordpress/wordpress-app.containerfile new file mode 100644 index 0000000..f85fc07 --- /dev/null +++ b/docs/sample-environment/wordpress/wordpress-app.containerfile @@ -0,0 +1,18 @@ +FROM docker.io/library/wordpress:latest + +LABEL start="podman run -d --rm=true --name wordpress-app --pod wordpress \ +-e WORDPRESS_DB_HOST=127.0.0.1 \ +-e WORDPRESS_DB_USER=root \ +-e WORDPRESS_DB_PASSWORD=TESTTESTTEST \ +-e WORDPRESS_DB_NAME=wordpress \ +-e WORDPRESS_TABLE_PREFIX=wp_ \ +wordpress-app:latest" + +#Build +#podman build -t wordpress-app -f wordpress-app.containerfile + +#Manual start +#podman container runlabel start wordpress-app + +#Pod Start +#podman pod create --name wordpress -p 8080:80 diff --git a/docs/sample-environment/wordpress/wordpress-db.containerfile b/docs/sample-environment/wordpress/wordpress-db.containerfile new file mode 100644 index 0000000..3225616 --- /dev/null +++ b/docs/sample-environment/wordpress/wordpress-db.containerfile @@ -0,0 +1,15 @@ +FROM docker.io/mariadb:latest + +LABEL start="podman run -d --rm=true --name wordpress-db --pod wordpress \ +-e MARIADB_DATABASE=wordpress \ +-e MARIADB_ROOT_PASSWORD=TESTTESTTEST \ +wordpress-db:latest" + +#Build +#podman build -t wordpress-db -f wordpress-db.containerfile + +#Manual start +#podman container runlabel start wordpress-db + +#Pod Start +#podman pod create --name wordpress -p 8080:80 diff --git a/host.yml b/host.yml new file mode 100644 index 0000000..b15d9e0 --- /dev/null +++ b/host.yml @@ -0,0 +1,44 @@ +- hosts: localhost + become: true + + tasks: + - name: Create containers user + ansible.builtin.user: + name: containers + + - name: Install systemd-container and podman + ansible.builtin.package: + name: + - systemd-container + - podman + state: present + + - name: Confirm systemd-linger is set for containers user + ansible.builtin.stat: + path: "/var/lib/systemd/linger/containers" + register: linger + + - name: Set systemd-linger for containers user (if necessary) + ansible.builtin.shell: "loginctl enable-linger containers" + when: not linger.stat.exists + + - name: Unprivileged port block + block: + - name: Confirm port 80 and above is allowed for unprivileged use + ansible.builtin.shell: "sysctl net.ipv4.ip_unprivileged_port_start |grep 80" + + rescue: + - name: Set sysctl parameter net.ipv4.ip_unprivileged_port_start=80 + ansible.builtin.lineinfile: + path: "/etc/sysctl.conf" + regexp: "^net.ipv4.ip_unprivileged_port_start=80" + line: "net.ipv4.ip_unprivileged_port_start=80" + + - name: Reload sysctl + ansible.builtin.shell: "sysctl -p /etc/sysctl.conf" + + - name: Confirm port 80 and above is allowed for unprivileged use + ansible.builtin.shell: "sysctl net.ipv4.ip_unprivileged_port_start |grep 80" + tags: + - never + - unprivileged-ports |