Role - tripleo-podman

Role Documentation

Welcome to the “tripleo-podman” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “tripleo-podman” role.

# All variables intended for modification should be placed in this file.

tripleo_container_registry_insecure_registries: []
tripleo_container_registry_login: false
tripleo_container_registry_logins: {}
tripleo_container_default_pids_limit: 4096
tripleo_podman_packages: '{{ _tripleo_podman_packages | default([]) }}'
tripleo_buildah_packages: '{{ _tripleo_buildah_packages | default([]) }}'
tripleo_podman_purge_packages: '{{ _tripleo_podman_purge_packages | default([]) }}'
tripleo_podman_tls_verify: true
tripleo_podman_debug: false
tripleo_podman_buildah_login: false
# this is the default network configuration except the range has been moved
# from 10.88.0.0/16 to 10.255.255.0/24 to try and prevent a conflict in an
# existing cloud
tripleo_podman_default_network_config:
  cniVersion: 0.4.0
  name: podman
  plugins:
  - type: bridge
    bridge: cni-podman0
    isGateway: true
    ipMasq: true
    hairpinMode: true
    ipam:
      type: host-local
      routes:
      - dst: 0.0.0.0/0
      ranges:
      - - subnet: 10.255.255.0/24
          gateway: 10.255.255.1
  - type: portmap
    capabilities:
      portMappings: true
  - type: firewall
  - type: tuning
tripleo_container_events_logger_mechanism: journald
tripleo_podman_unqualified_search_registries:
- registry.redhat.io
- registry.access.redhat.com
- registry.fedoraproject.org
- registry.centos.org
- docker.io
tripleo_podman_insecure_registries: '{{ tripleo_container_registry_insecure_registries
  }}'
# tripleo_podman_registries requires a list of dictionaries
# Example:
# tripleo_podman_registries:
#   - prefix: docker.io
#     insecure: false
#     location: docker.io
#     mirrors:
#       - location: 192.168.0.1:8787
#         insecure: true
#   - prefix: registry.redhat.io
#     insecure: false
#     location: registry.redhat.io
#     mirrors:
#       - location: 192.168.0.2:8787
#         insecure: false
#   - prefix: registry.fedoraproject.org
#     blocked: true
tripleo_podman_registries: []
tripleo_container_default_runtime: runc

Role Variables: redhat-9.yml

tripleo_container_default_runtime: crun

Role Variables: redhat-7.yml

_tripleo_podman_packages:
- podman

_tripleo_podman_purge_packages:
- docker
- docker-ce

Role Variables: redhat.yml

_tripleo_podman_packages:
- podman

_tripleo_buildah_packages:
- buildah

_tripleo_podman_purge_packages:
- docker
- docker-ce

Role Variables: centos-7.yml

_tripleo_podman_packages:
- podman

_tripleo_podman_purge_packages:
- docker
- docker-ce

Molecule Scenarios

Molecule is being used to test the “tripleo-podman” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: install

Driver: delegated
Molecule Options
managed: false
login_cmd_template: >-
  ssh
  -o UserKnownHostsFile=/dev/null
  -o StrictHostKeyChecking=no
  -o Compression=no
  -o TCPKeepAlive=yes
  -o VerifyHostKeyDNS=no
  -o ForwardX11=no
  -o ForwardAgent=no
  {instance}
ansible_connection_options:
  ansible_connection: ssh
Molecule Inventory
hosts:
  all:
    hosts:
      instance:
        ansible_host: localhost
Example install playbook
- name: Converge
  hosts: all
  vars:
    tripleo_podman_default_network_config:
      cniVersion: 0.4.0
      name: podman
      plugins:
      - type: bridge
        bridge: cni-podman0
        isGateway: true
        ipMasq: true
        hairpinMode: true
        ipam:
          type: host-local
          routes:
          - dst: 0.0.0.0/0
          ranges:
          - - subnet: 10.255.255.0/24
              gateway: 10.255.255.1
      - type: portmap
        capabilities:
          portMappings: true
      - type: firewall
      - type: tuning
  tasks:
  - name: Run install
    include_role:
      name: tripleo-podman
      tasks_from: tripleo_podman_install.yml
      vars_from: redhat.yml
    # https://bugs.launchpad.net/bugs/1889510
  - name: Test podman network ls
    become: true
    command: podman network ls

Scenario: default

Driver: delegated
Molecule Options
managed: false
login_cmd_template: >-
  ssh
  -o UserKnownHostsFile=/dev/null
  -o StrictHostKeyChecking=no
  -o Compression=no
  -o TCPKeepAlive=yes
  -o VerifyHostKeyDNS=no
  -o ForwardX11=no
  -o ForwardAgent=no
  {instance}
ansible_connection_options:
  ansible_connection: ssh
Molecule Inventory
hosts:
  all:
    hosts:
      instance:
        ansible_host: localhost
Example default playbook
- name: Converge
  hosts: all
  roles:
  - role: tripleo-podman

Scenario: login

Driver: delegated
Molecule Options
managed: false
login_cmd_template: >-
  ssh
  -o UserKnownHostsFile=/dev/null
  -o StrictHostKeyChecking=no
  -o Compression=no
  -o TCPKeepAlive=yes
  -o VerifyHostKeyDNS=no
  -o ForwardX11=no
  -o ForwardAgent=no
  {instance}
ansible_connection_options:
  ansible_connection: ssh
Molecule Inventory
hosts:
  all:
    hosts:
      instance:
        ansible_host: localhost
Example login playbook
- name: Converge
  hosts: all
  vars:
    tripleo_podman_buildah_login: true
    tripleo_podman_tls_verify: false
    tripleo_container_registry_logins:
      localhost:5000:
        testuser: testpassword
  tasks:
  - include_role:
      name: tripleo-podman
      tasks_from: tripleo_podman_login.yml
  - include_role:
      name: tripleo-podman
      tasks_from: tripleo_podman_buildah_login.yml