You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
77 lines
2.2 KiB
77 lines
2.2 KiB
- name: Install podman, podman networking plugins, and python support packages |
|
dnf: |
|
name: ['podman', 'containernetworking-plugins', 'podman-plugins', 'python3-pip', 'systemd-container'] |
|
state: present |
|
|
|
- name: Install podman-compose pip Package |
|
pip: |
|
name: "{{ item }}" |
|
state: present |
|
with_items: |
|
- podman-compose |
|
- pexpect |
|
- ansible-vault |
|
|
|
- name: Create Service Users |
|
user: |
|
name: "{{ item }}" |
|
loop: |
|
"{{ service_users }}" |
|
|
|
- name: Enable systemd-user session initialization over ssh |
|
lineinfile: |
|
dest: /etc/pam.d/sshd |
|
line: "session optional pam_systemd.so" |
|
|
|
- name: Enable remote login session linger |
|
command: |
|
cmd: loginctl enable-linger "{{ item }}" |
|
loop: |
|
"{{ service_users }}" |
|
|
|
- name: Generate podman shell completion scripts for bash |
|
command: "podman completion bash" |
|
|
|
- name: Create machinectl bash alias |
|
lineinfile: |
|
path: "/home/{{ item }}/.bashrc" |
|
regexp: '^su() ' |
|
line: "su() { if [[ $1 == \"-\" ]]; then command machinectl shell --uid \"$2\"; else command machinectl shell --uid \"$1\"; fi; }" |
|
loop: "{{ service_users }}" |
|
|
|
- lineinfile: |
|
path: "/root/.bashrc" |
|
regexp: '^su() ' |
|
line: "su() { if [[ $1 == \"-\" ]]; then command machinectl shell --uid \"$2\"; else command machinectl shell --uid \"$1\"; fi; }" |
|
|
|
- name: Enable permissive_container_t SELinux Context |
|
selinux_permissive: |
|
name: container_t |
|
permissive: true |
|
|
|
- name: Add hosts file entry for hostname |
|
lineinfile: |
|
path: /etc/hosts |
|
regexp: '^127\.0\.0\.1' |
|
line: "127.0.0.1 {{ inventory_hostname }} localhost localhost.localdomain localhost4 localhost4.localdomain4" |
|
owner: root |
|
group: root |
|
mode: 0644 |
|
|
|
- lineinfile: |
|
path: /etc/hosts |
|
regexp: '^::1' |
|
line: "::1 {{ inventory_hostname }} localhost localhost.localdomain localhost6 localhost6.localdomain6" |
|
owner: root |
|
group: root |
|
mode: 0644 |
|
# - name: Copy cni networking driver config into place |
|
# blockinfile: |
|
# name: "/etc/cni/net.d/podman.conflist" |
|
# insertafter: "*\"plugins\": [*" |
|
# block: " { |
|
# \"type\": \"dnsname\", |
|
# \"domainName\": \"dns.podman\", |
|
# \"capabilities\": { |
|
# \"aliases\": true |
|
# }"
|
|
|