- name: Install podman, podman networking plugins, and python support packages dnf: name: ['podman', 'containernetworking-plugins', 'podman-plugins', 'python3-pip', 'systemd-container'] state: present - name: Install podman-compose pip Package pip: name: "{{ item }}" state: present with_items: - podman-compose - pexpect - ansible-vault - name: Create Service Users user: name: "{{ item }}" loop: "{{ service_users }}" - name: Enable systemd-user session initialization over ssh lineinfile: dest: /etc/pam.d/sshd line: "session optional pam_systemd.so" - name: Enable remote login session linger command: cmd: loginctl enable-linger "{{ item }}" loop: "{{ service_users }}" - name: Generate podman shell completion scripts for bash command: "podman completion bash" - name: Create machinectl bash alias lineinfile: path: "/home/{{ item }}/.bashrc" regexp: '^su() ' line: "su() { if [[ $1 == \"-\" ]]; then command machinectl shell --uid \"$2\"; else command machinectl shell --uid \"$1\"; fi; }" loop: "{{ service_users }}" - lineinfile: path: "/root/.bashrc" regexp: '^su() ' line: "su() { if [[ $1 == \"-\" ]]; then command machinectl shell --uid \"$2\"; else command machinectl shell --uid \"$1\"; fi; }" - name: Enable permissive_container_t SELinux Context selinux_permissive: name: container_t permissive: true - name: Add hosts file entry for hostname lineinfile: path: /etc/hosts regexp: '^127\.0\.0\.1' line: "127.0.0.1 {{ inventory_hostname }} localhost localhost.localdomain localhost4 localhost4.localdomain4" owner: root group: root mode: 0644 - lineinfile: path: /etc/hosts regexp: '^::1' line: "::1 {{ inventory_hostname }} localhost localhost.localdomain localhost6 localhost6.localdomain6" owner: root group: root mode: 0644 # - name: Copy cni networking driver config into place # blockinfile: # name: "/etc/cni/net.d/podman.conflist" # insertafter: "*\"plugins\": [*" # block: " { # \"type\": \"dnsname\", # \"domainName\": \"dns.podman\", # \"capabilities\": { # \"aliases\": true # }"