This a bad commit message. NO idea.

2022-02-15 14:56:51 -05:00
parent 4a8ab6fc84
commit 3fb974987c
62 changed files with 421 additions and 1063 deletions
--- a/roles/ikke_t.podman_container_systemd/README.md
+++ b/roles/ikke_t.podman_container_systemd/README.md
@@ -98,6 +98,7 @@ Dependencies
 ------------

 * [containers.podman](https://galaxy.ansible.com/containers/podman) (collection)
+* [ansible.posix](https://galaxy.ansible.com/ansible/posix) (collection)

 Example Playbook
 ----------------
--- a/roles/ikke_t.podman_container_systemd/defaults/main.yml
+++ b/roles/ikke_t.podman_container_systemd/defaults/main.yml
@@ -7,7 +7,7 @@ container_state: running
 # see man systemd.service for info
 # by default we want to restart failed container
 container_restart: on-failure
-service_files_dir: /etc/systemd/system
+service_files_dir: /usr/local/lib/systemd/system
 systemd_scope: system
 systemd_TimeoutStartSec: 15
 systemd_RestartSec: 30
@@ -17,6 +17,15 @@ container_run_as_user: root
 container_run_as_group: root
 container_stop_timeout: 15

+# SystemD dependencies (some are hardcoded; see templates)
+systemd_After: [network.target]
+systemd_Before: []
+systemd_Conflicts: []
+systemd_RequiredBy: []
+systemd_Requires: []
+systemd_WantedBy: []
+systemd_Wants: []
+
 # systemd service name
 service_name: "{{ container_name }}-container-pod-{{ container_run_as_user }}.service"

--- a/roles/ikke_t.podman_container_systemd/meta/.galaxy_install_info
+++ b/roles/ikke_t.podman_container_systemd/meta/.galaxy_install_info
@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:54 2021
-version: 2.1.0
+install_date: Fri Oct 15 18:59:22 2021
+version: 2.2.0
--- a/roles/ikke_t.podman_container_systemd/meta/main.yml
+++ b/roles/ikke_t.podman_container_systemd/meta/main.yml
@@ -36,7 +36,8 @@ dependencies:
    when: >
      (ansible_distribution == 'Debian' and
      ansible_distribution_release == 'buster') or
-      ansible_distribution == 'Ubuntu'
+      (ansible_distribution == 'Ubuntu' and
+      ansible_distribution_version is version('21.04', '<'))

 collections:
  - containers.podman
--- a/roles/ikke_t.podman_container_systemd/requirements.yml
+++ b/roles/ikke_t.podman_container_systemd/requirements.yml
@@ -1,3 +1,4 @@
 ---
 collections:
+  - ansible.posix
  - containers.podman
--- a/roles/ikke_t.podman_container_systemd/tasks/main.yml
+++ b/roles/ikke_t.podman_container_systemd/tasks/main.yml
@@ -38,11 +38,20 @@
 - name: set systemd scope to system if needed
  set_fact:
    systemd_scope: system
-    service_files_dir: '/etc/systemd/system'
+    service_files_dir: /usr/local/lib/systemd/system
    xdg_runtime_dir: "/run/user/{{ container_run_as_uid.stdout }}"
  when: container_run_as_user == "root"
  changed_when: false

+- name: create local systemd directory
+  when: service_files_dir == '/usr/local/lib/systemd/system'
+  file:
+    group: root
+    mode: u=rwX,go=rX
+    owner: root
+    path: /usr/local/lib/systemd/system/
+    state: directory
+
 - name: check if service file exists already
  stat:
    path: "{{ service_files_dir }}/{{ service_name }}"
@@ -95,6 +104,7 @@
    # https://github.com/containers/libpod/issues/5570
    # command: podman inspect -f {{.Id}} "{{ container_image }}"
    command: "podman image inspect -f '{{ '{{' }}.Id{{ '}}' }}' {{ item }}"
+    changed_when: false
    register: pre_pull_id
    ignore_errors: true
    when:
@@ -121,6 +131,7 @@
  - name: running single container, get image Id if it exists
    command:
      "podman image inspect -f '{{ '{{' }}.Id{{ '}}' }}'  {{ item }}"
+    changed_when: false
    become: true
    become_user: "{{ container_run_as_user }}"
    register: post_pull_id
@@ -204,6 +215,18 @@
      - service_file_before_template.stat.exists
      - service_file.changed

+  - name: ensure auto update is running for images
+    become: true
+    become_user: "{{ container_run_as_user }}"
+    environment:
+      XDG_RUNTIME_DIR: "{{ xdg_runtime_dir }}"
+    systemd:
+      name: podman-auto-update.timer
+      daemon_reload: true
+      scope: "{{ systemd_scope }}"
+      state: started
+      enabled: true
+
  when: container_state == "running"

 - name: configure firewall if container_firewall_ports is defined
@@ -247,7 +270,7 @@

  - name: ensure container's exposed ports firewall state
    tags: firewall
-    firewalld:
+    ansible.posix.firewalld:
      port: "{{ item }}"
      permanent: true
      immediate: true
--- a/roles/ikke_t.podman_container_systemd/templates/systemd-service-pod.j2
+++ b/roles/ikke_t.podman_container_systemd/templates/systemd-service-pod.j2
@@ -1,6 +1,20 @@
 [Unit]
 Description={{ container_name }} Podman Container
-After=network.target
+{% for unit in systemd_After %}
+After={{ unit }}
+{% endfor %}
+{% for unit in systemd_Before %}
+Before={{ unit }}
+{% endfor %}
+{% for unit in systemd_Conflicts %}
+Conflicts={{ unit }}
+{% endfor %}
+{% for unit in systemd_Requires %}
+Requires={{ unit }}
+{% endfor %}
+{% for unit in systemd_Wants %}
+Wants={{ unit }}
+{% endfor %}

 [Service]
 Type=forking
@@ -18,6 +32,7 @@ ExecReload=-/usr/bin/podman pod rm -f {{ container_name }}
 ExecStop=-/usr/bin/podman pod rm -f {{ container_name }}
 Restart={{ container_restart }}
 RestartSec={{ systemd_RestartSec }}
+Environment=PODMAN_SYSTEMD_UNIT=%n

 [Install]
 {% if container_run_as_user == 'root' %}
@@ -26,3 +41,9 @@ WantedBy=multi-user.target
 {% if container_run_as_user != 'root' %}
 WantedBy=default.target
 {% endif %}
+{% for unit in systemd_RequiredBy %}
+RequiredBy={{ unit }}
+{% endfor %}
+{% for unit in systemd_WantedBy %}
+WantedBy={{ unit }}
+{% endfor %}
--- a/roles/ikke_t.podman_container_systemd/templates/systemd-service-single.j2
+++ b/roles/ikke_t.podman_container_systemd/templates/systemd-service-single.j2
@@ -1,10 +1,26 @@
 [Unit]
 Description={{ container_name }} Podman Container
-After=network.target
+{% for unit in systemd_After %}
+After={{ unit }}
+{% endfor %}
+{% for unit in systemd_Before %}
+Before={{ unit }}
+{% endfor %}
+{% for unit in systemd_Conflicts %}
+Conflicts={{ unit }}
+{% endfor %}
+{% for unit in systemd_Requires %}
+Requires={{ unit }}
+{% endfor %}
+{% for unit in systemd_Wants %}
+Wants={{ unit }}
+{% endfor %}

 [Service]
 Type=simple
 TimeoutStartSec={{ systemd_TimeoutStartSec }}
+ExecStartPre=-/usr/bin/podman stop -t {{ container_stop_timeout|quote }} {{ container_name|quote }}
+ExecStartPre=-/usr/bin/podman rm -f {{ container_name|quote }}
 ExecStartPre=-/usr/bin/rm -f {{ pidfile }} {{ cidfile }}
 {% if container_run_as_user == 'root' %}
 User={{ container_run_as_user }}
@@ -22,6 +38,7 @@ Restart={{ container_restart }}
 RestartSec={{ systemd_RestartSec }}
 KillMode=mixed
 PIDFile={{ pidfile }}
+Environment=PODMAN_SYSTEMD_UNIT=%n

 [Install]
 {% if container_run_as_user == 'root' %}
@@ -30,3 +47,9 @@ WantedBy=multi-user.target
 {% if container_run_as_user != 'root' %}
 WantedBy=default.target
 {% endif %}
+{% for unit in systemd_RequiredBy %}
+RequiredBy={{ unit }}
+{% endfor %}
+{% for unit in systemd_WantedBy %}
+WantedBy={{ unit }}
+{% endfor %}