|
|
|
- name: Install podman, podman networking plugins, and python support packages
|
|
|
|
dnf:
|
|
|
|
name: ['podman', 'containernetworking-plugins', 'podman-plugins', 'python3-pip', 'systemd-container']
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Install podman-compose pip Package
|
|
|
|
pip:
|
|
|
|
name: "{{ item }}"
|
|
|
|
state: present
|
|
|
|
with_items:
|
|
|
|
- podman-compose
|
|
|
|
- pexpect
|
|
|
|
- ansible-vault
|
|
|
|
|
|
|
|
- name: Create Service Users
|
|
|
|
user:
|
|
|
|
name: "{{ item }}"
|
|
|
|
loop:
|
|
|
|
"{{ service_users }}"
|
|
|
|
|
|
|
|
- name: Enable systemd-user session initialization over ssh
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/pam.d/sshd
|
|
|
|
line: "session optional pam_systemd.so"
|
|
|
|
|
|
|
|
- name: Enable remote login session linger
|
|
|
|
command:
|
|
|
|
cmd: loginctl enable-linger "{{ item }}"
|
|
|
|
loop:
|
|
|
|
"{{ service_users }}"
|
|
|
|
|
|
|
|
- name: Create machinectl bash alias
|
|
|
|
lineinfile:
|
|
|
|
path: "/home/{{ item }}/.bashrc"
|
|
|
|
regexp: '^su() '
|
|
|
|
line: "su() { if [[ $1 == \"-\" ]]; then command machinectl shell --uid \"$2\"; else command machinectl shell --uid \"$1\"; fi; }"
|
|
|
|
loop: "{{ service_users }}"
|
|
|
|
|
|
|
|
- lineinfile:
|
|
|
|
path: "/root/.bashrc"
|
|
|
|
regexp: '^su() '
|
|
|
|
line: "su() { if [[ $1 == \"-\" ]]; then command machinectl shell --uid \"$2\"; else command machinectl shell --uid \"$1\"; fi; }"
|
|
|
|
|
|
|
|
- name: Enable permissive_container_t SELinux Context
|
|
|
|
selinux_permissive:
|
|
|
|
name: container_t
|
|
|
|
permissive: true
|
|
|
|
|
|
|
|
- name: Add hosts file entry for hostname
|
|
|
|
lineinfile:
|
|
|
|
path: /etc/hosts
|
|
|
|
regexp: '^127\.0\.0\.1'
|
|
|
|
line: "127.0.0.1 {{ inventory_hostname }} localhost localhost.localdomain localhost4 localhost4.localdomain4"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
|
|
|
|
|
|
|
- lineinfile:
|
|
|
|
path: /etc/hosts
|
|
|
|
regexp: '^::1'
|
|
|
|
line: "::1 {{ inventory_hostname }} localhost localhost.localdomain localhost6 localhost6.localdomain6"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0644
|
|
|
|
# - name: Copy cni networking driver config into place
|
|
|
|
# blockinfile:
|
|
|
|
# name: "/etc/cni/net.d/podman.conflist"
|
|
|
|
# insertafter: "*\"plugins\": [*"
|
|
|
|
# block: " {
|
|
|
|
# \"type\": \"dnsname\",
|
|
|
|
# \"domainName\": \"dns.podman\",
|
|
|
|
# \"capabilities\": {
|
|
|
|
# \"aliases\": true
|
|
|
|
# }"
|