Role - tripleo-podman¶
Role Documentation¶
Welcome to the “tripleo-podman” role documentation.
Role Defaults¶
This section highlights all of the defaults and variables set within the “tripleo-podman” role.
# All variables intended for modification should be placed in this file.
tripleo_container_registry_insecure_registries: []
tripleo_container_registry_login: false
tripleo_container_registry_logins: {}
tripleo_container_default_pids_limit: 4096
tripleo_podman_packages: '{{ _tripleo_podman_packages | default([]) }}'
tripleo_buildah_packages: '{{ _tripleo_buildah_packages | default([]) }}'
tripleo_podman_purge_packages: '{{ _tripleo_podman_purge_packages | default([]) }}'
tripleo_podman_tls_verify: true
tripleo_podman_debug: false
tripleo_podman_buildah_login: false
# this is the default network configuration except the range has been moved
# from 10.88.0.0/16 to 10.255.255.0/24 to try and prevent a conflict in an
# existing cloud
tripleo_podman_default_network_config:
cniVersion: 0.4.0
name: podman
plugins:
- type: bridge
bridge: cni-podman0
isGateway: true
ipMasq: true
hairpinMode: true
ipam:
type: host-local
routes:
- dst: 0.0.0.0/0
ranges:
- - subnet: 10.255.255.0/24
gateway: 10.255.255.1
- type: portmap
capabilities:
portMappings: true
- type: firewall
- type: tuning
tripleo_container_events_logger_mechanism: journald
tripleo_podman_unqualified_search_registries:
- registry.redhat.io
- registry.access.redhat.com
- registry.fedoraproject.org
- registry.centos.org
- docker.io
tripleo_podman_insecure_registries: '{{ tripleo_container_registry_insecure_registries
}}'
# tripleo_podman_registries requires a list of dictionaries
# Example:
# tripleo_podman_registries:
# - prefix: docker.io
# insecure: false
# location: docker.io
# mirrors:
# - location: 192.168.0.1:8787
# insecure: true
# - prefix: registry.redhat.io
# insecure: false
# location: registry.redhat.io
# mirrors:
# - location: 192.168.0.2:8787
# insecure: false
# - prefix: registry.fedoraproject.org
# blocked: true
tripleo_podman_registries: []
tripleo_container_default_runtime: runc
Role Variables: redhat-9.yml¶
tripleo_container_default_runtime: crun
Role Variables: redhat-7.yml¶
_tripleo_podman_packages:
- podman
_tripleo_podman_purge_packages:
- docker
- docker-ce
Role Variables: redhat.yml¶
_tripleo_podman_packages:
- podman
_tripleo_buildah_packages:
- buildah
_tripleo_podman_purge_packages:
- docker
- docker-ce
Role Variables: centos-7.yml¶
_tripleo_podman_packages:
- podman
_tripleo_podman_purge_packages:
- docker
- docker-ce
Molecule Scenarios¶
Molecule is being used to test the “tripleo-podman” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.
- Driver: delegated
- Driver: delegated
- Driver: delegated
Scenario: install¶
Molecule Options¶
managed: false
login_cmd_template: >-
ssh
-o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no
-o Compression=no
-o TCPKeepAlive=yes
-o VerifyHostKeyDNS=no
-o ForwardX11=no
-o ForwardAgent=no
{instance}
ansible_connection_options:
ansible_connection: ssh
Molecule Inventory¶
hosts:
all:
hosts:
instance:
ansible_host: localhost
Example install playbook¶
- name: Converge
hosts: all
vars:
tripleo_podman_default_network_config:
cniVersion: 0.4.0
name: podman
plugins:
- type: bridge
bridge: cni-podman0
isGateway: true
ipMasq: true
hairpinMode: true
ipam:
type: host-local
routes:
- dst: 0.0.0.0/0
ranges:
- - subnet: 10.255.255.0/24
gateway: 10.255.255.1
- type: portmap
capabilities:
portMappings: true
- type: firewall
- type: tuning
tasks:
- name: Run install
include_role:
name: tripleo-podman
tasks_from: tripleo_podman_install.yml
vars_from: redhat.yml
# https://bugs.launchpad.net/bugs/1889510
- name: Test podman network ls
become: true
command: podman network ls
Scenario: default¶
Molecule Options¶
managed: false
login_cmd_template: >-
ssh
-o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no
-o Compression=no
-o TCPKeepAlive=yes
-o VerifyHostKeyDNS=no
-o ForwardX11=no
-o ForwardAgent=no
{instance}
ansible_connection_options:
ansible_connection: ssh
Molecule Inventory¶
hosts:
all:
hosts:
instance:
ansible_host: localhost
Example default playbook¶
- name: Converge
hosts: all
roles:
- role: tripleo-podman
Scenario: login¶
Molecule Options¶
managed: false
login_cmd_template: >-
ssh
-o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no
-o Compression=no
-o TCPKeepAlive=yes
-o VerifyHostKeyDNS=no
-o ForwardX11=no
-o ForwardAgent=no
{instance}
ansible_connection_options:
ansible_connection: ssh
Molecule Inventory¶
hosts:
all:
hosts:
instance:
ansible_host: localhost
Example login playbook¶
- name: Converge
hosts: all
vars:
tripleo_podman_buildah_login: true
tripleo_podman_tls_verify: false
tripleo_container_registry_logins:
localhost:5000:
testuser: testpassword
tasks:
- include_role:
name: tripleo-podman
tasks_from: tripleo_podman_login.yml
- include_role:
name: tripleo-podman
tasks_from: tripleo_podman_buildah_login.yml