Asara/infra
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix up podman

Browse source
This commit is contained in:
Amarpreet Minhas 2022-03-26 18:06:26 -04:00
parent ecdcef3e02
commit d55cf675ea
4 changed files with 71 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
ansible/roles/nomad_client/files/containers.conf Normal file
View file

@ -0,0 +1,29 @@
[containers]
default_capabilities = [
"CHOWN",
"DAC_OVERRIDE",
"FOWNER",
"FSETID",
"KILL",
"NET_BIND_SERVICE",
"SETFCAP",
"SETGID",
"SETPCAP",
"SETUID",
"SYS_CHROOT"
]
default_sysctls = [
"net.ipv4.ping_group_range=0 1",
]
[engine]
runtime = "crun"
cgroup_manager = "cgroupfs"
events_logger = "journald"
#[storage]
#driver = "overlay"
#
#[storage.options]
#mount_program = "/usr/bin/fuse-overlayfs"

5
ansible/roles/nomad_client/tasks/nomad.yml
View file

@ -59,6 +59,11 @@
group: root group: root
notify: daemon_reload notify: daemon_reload
- name: get podman from passwd
getent:
database: passwd
key: podman
- name: template nomad config - name: template nomad config
template: template:
src: templates/nomad.hcl.j2 src: templates/nomad.hcl.j2

39
ansible/roles/nomad_client/tasks/podman.yml
View file

@ -15,6 +15,7 @@
- name: ensure podman is installed - name: ensure podman is installed
apt: apt:
name: name:
- catatonit
- fuse-overlayfs - fuse-overlayfs
- podman - podman
- slirp4netns - slirp4netns
@ -22,18 +23,50 @@
state: present state: present
- name: ensure containers.conf is configured - name: ensure containers.conf is configured
file: copy:
src: containers.conf src: containers.conf
dest: /etc/containers/containers.conf dest: /etc/containers/containers.conf
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
- name: Check if podman lingers
stat: path=/var/lib/systemd/linger/podman
register: linger
- name: enable lingering for podman
command: loginctl enable-linger podman
when: not linger.stat.exists
- name: enable podman - name: enable podman
systemd: systemd:
name: podman name: podman
state: started state: started
enabled: False enabled: True
daemon_reload: True scope: user
changed_when: False changed_when: False
become: True
become_user: podman
- name: check if subuid is configured
shell: grep podman /etc/subuid
register: subuid
changed_when: False
check_mode: False
failed_when: False
- name: check if subgid is configured
shell: grep podman /etc/subgid
register: subgid
changed_when: False
check_mode: False
failed_when: False
- name: configure subuid
shell: usermod --add-subuids 200000-201000 podman
when: subuid.rc != 0
- name: configure subgid
shell: usermod --add-subgids 200000-201000 podman
when: subgid.rc != 0
... ...

2
ansible/roles/nomad_client/templates/nomad.hcl.j2
View file

@ -39,6 +39,6 @@ plugin_dir = "/opt/nomad_plugins"
plugin "nomad-driver-podman" { plugin "nomad-driver-podman" {
enabled = true enabled = true
config { config {
socket_path = "unix:///run/user/1000/podman/podman.sock" socket_path = "unix:///run/user/{{ getent_passwd.podman[1] }}/podman/podman.sock"
} }
} }