From 17a87b6083f0c5a4c8d23029e75b31827e44175c Mon Sep 17 00:00:00 2001 From: Lennard Brinkhaus Date: Wed, 13 Sep 2023 23:40:39 +0200 Subject: [PATCH] fix: many bugs --- defaults/main.yml | 2 +- tasks/configure.yml | 47 ++++++++++++++++++++++------------ tasks/install_aardvark_dns.yml | 4 +-- tasks/install_netavark.yml | 4 +-- tasks/install_podman.yml | 2 -- tasks/main.yml | 1 + tasks/systemd-services.yml | 14 ++++++++++ templates/storage.conf | 5 ++++ vars/debian.yml | 2 ++ 9 files changed, 58 insertions(+), 23 deletions(-) create mode 100644 tasks/systemd-services.yml create mode 100644 templates/storage.conf diff --git a/defaults/main.yml b/defaults/main.yml index c46bd42..fedae75 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,7 +13,7 @@ podman_crun_buildpath: "{{ podman_buildpath }}/crun" podman_podman_buildpath: "{{ podman_buildpath }}/podman" podman_netavark_buildpath: "{{ podman_buildpath }}/netavark" -podman_containers_config: "/etc/containers" +podman_containers_config: "/usr/share/containers/" podman_netavark_repopath: "https://github.com/containers/netavark.git" podman_aardvark_dns_repopath: "https://github.com/containers/aardvark-dns.git" diff --git a/tasks/configure.yml b/tasks/configure.yml index 37bb64b..e4eb2f9 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -2,50 +2,65 @@ file: path: "{{ podman_containers_config }}" state: directory - mode: 'u=rwx,g=rx,o=' + mode: '755' + +- name: "Create conatiners folder" + file: + path: "/etc/containers" + state: directory + mode: '755' - name: "Create config and data directory" ansible.builtin.file: path: "{{ item }}" state: directory - mode: '0755' + mode: '755' with_items: - "{{ podman_containers_config }}" - "{{ podman_containers_config }}/registries.conf.d" + - "/etc/containers/registries.conf.d" - name: Copy policy.json ansible.builtin.template: src: policy.json - dest: "{{ podman_containers_config }}/policy.json" - mode: 0600 + dest: "/etc/containers/policy.json" + mode: '755' - name: Copy registries.json ansible.builtin.template: src: registries.conf - dest: "{{ podman_containers_config }}/registries.conf" - mode: 0600 + dest: "/etc/containers/registries.conf" + mode: '755' -- name: Copy registries.json +- name: Copy containers.conf ansible.builtin.template: src: containers.conf dest: "{{ podman_containers_config }}/containers.conf" - mode: 0600 - -- name: "Create registries.conf.d folder" - file: - path: "{{ podman_containers_config }}/registries.conf.d" - state: directory - mode: 'u=rwx,g=rx,o=' + mode: '755' +- name: Copy storage.conf + ansible.builtin.template: + src: storage.conf + dest: "{{ podman_containers_config }}/storage.conf" + mode: '755' - name: Copy registries.json ansible.builtin.template: src: registries.conf.d/shortnames.conf - dest: "{{ podman_containers_config }}/registries.conf.d/shortnames.conf" - mode: 0600 + dest: "/etc/containers/registries.conf.d/shortnames.conf" + mode: '755' + +- name: set ping group range permissions + ansible.builtin.lineinfile: + path: "/etc/sysctl.d/podman_ping_group.conf" + line: "net.ipv4.ping_group_range=0 2000000" + create: true - name: Add podman folder to $PATH ansible.builtin.copy: dest: /etc/profile.d/podman.sh content: 'PATH=$PATH:/usr/libexec/podman' + +- name: Exec lingur + shell: loginctl enable-linger 1000 diff --git a/tasks/install_aardvark_dns.yml b/tasks/install_aardvark_dns.yml index 8bfddd0..bd3f3c2 100644 --- a/tasks/install_aardvark_dns.yml +++ b/tasks/install_aardvark_dns.yml @@ -16,7 +16,7 @@ file: path: "/usr/libexec/podman" state: directory - mode: 'u=rwx,g=rx,o=' + mode: '755' - name: Copy aardvark-dns file ansible.builtin.copy: @@ -24,4 +24,4 @@ dest: "/usr/libexec/podman/aardvark-dns" force: true remote_src: true - mode: +x + mode: u=rx,g=rx,o=rx diff --git a/tasks/install_netavark.yml b/tasks/install_netavark.yml index 4c48df2..a8915db 100644 --- a/tasks/install_netavark.yml +++ b/tasks/install_netavark.yml @@ -19,7 +19,7 @@ file: path: "/usr/libexec/podman" state: directory - mode: 'u=rwx,g=rx,o=' + mode: '755' - name: Copy netavark file ansible.builtin.copy: @@ -27,4 +27,4 @@ dest: "/usr/libexec/podman/netavark" force: true remote_src: true - mode: +x + mode: u=rx,g=rx,o=rx diff --git a/tasks/install_podman.yml b/tasks/install_podman.yml index d648909..256737c 100644 --- a/tasks/install_podman.yml +++ b/tasks/install_podman.yml @@ -18,8 +18,6 @@ make: chdir: "{{ podman_podman_buildpath }}" target: install - params: - PREFIX: "/usr" - name: Setup systemd service ansible.builtin.template: diff --git a/tasks/main.yml b/tasks/main.yml index 8a1f316..5b8b744 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -4,3 +4,4 @@ - include_tasks: install.yml +- include_tasks: systemd-services.yml diff --git a/tasks/systemd-services.yml b/tasks/systemd-services.yml new file mode 100644 index 0000000..131f4d2 --- /dev/null +++ b/tasks/systemd-services.yml @@ -0,0 +1,14 @@ +- name: Setup podman-docker service + systemd_service: + enabled: true + state: started + daemon_reload: true + name: podman-docker + +- name: Setup podman.sock + remote_user: alphyron + systemd_service: + enabled: true + name: podman.sock + state: started + scope: "user" diff --git a/templates/storage.conf b/templates/storage.conf new file mode 100644 index 0000000..0b1afb0 --- /dev/null +++ b/templates/storage.conf @@ -0,0 +1,5 @@ +[storage] +driver = "overlay" + +[storage.options.overlay] +mount_program = "/usr/bin/fuse-overlayfs" diff --git a/vars/debian.yml b/vars/debian.yml index cd1e151..affc7fb 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -22,6 +22,8 @@ podman_build_deps: - libselinux1-dev - libapparmor-dev - protobuf-compiler + - slirp4netns + - fuse-overlayfs crun_build_deps: - build-essential