Chapter 27. Managing containers by using the podman RHEL System Role


With the podman RHEL System Role, you can manage Podman configuration, containers, and systemd services which run Podman containers.

27.1. The podman RHEL System Role

You can use the podman RHEL System Role to manage Podman configuration, containers, and systemd services which run Podman containers.

Additional resources

  • Installing RHEL System Roles
  • For details about the parameters used in podman and additional information about the podman RHEL System Role, see the /usr/share/ansible/roles/rhel-system-roles.podman/README.md file.

27.2. Variables for the podman RHEL System Role

The parameters used for the podman RHEL System Role are:

VariableDescription

podman_kube_spec

Describes a podman pod and corresponding systemd unit to manage.

  • state: (default: created) - denotes an operation to be executed with systemd services and pods:

    • created: create the pods and systemd service, but do not run them
    • started: create the pods and systemd services and start them
    • absent: remove the pods and systemd services
  • run_as_user: (default: podman_run_as_user) - a per-pod user. If not specified, root is used.

    Note

    The user must already exist.

  • run_as_group (default: podman_run_as_group) - a per-pod group. If not specified, root is used.

    Note

    The group must already exist.

  • systemd_unit_scope (default: podman_systemd_unit_scope) - scope to use for the systemd unit. If not specified, system is used for root containers and user for user containers.
  • kube_file_src - name of a Kubernetes YAML file on the controller node which will be copied to kube_file on the managed node

    Note

    Do not specify the kube_file_src variable if you specify kube_file_content variable. The kube_file_content takes precedence over kube_file_src.

  • kube_file_content - string in Kubernetes YAML format or a dict in Kubernetes YAML format. It specifies the contents of kube_file on the managed node.

    Note

    Do not specify the kube_file_content variable if you specify kube_file_src variable. The kube_file_content takes precedence over kube_file_src.

  • kube_file - a name of a file on the managed node that contains the Kubernetes specification of the container or pod. You typically do not have to specify the kube_file variable unless you need to copy the kube_file file to the managed node outside of the role. If you specify either kube_file_src or kube_file_content, you do not have to specify this.

    Note

    It is highly recommended to omit kube_file and instead specify either kube_file_src or kube_file_content and let the role manage the file path and name.

    • The file basename will be the metadata.name value from the K8s yaml, with a .yml suffix appended to it.
    • The directory is /etc/containers/ansible-kubernetes.d for system services.
    • The directory is $HOME/.config/containers/ansible-kubernetes.d for user services.
    • This will be copied to the file /etc/containers/ansible-kubernetes.d/<application_name>.yml on the managed node.

podman_create_host_directories

If true, the role ensures host directories specified in host mounts in volumes.hostPath specifications in the Kubernetes YAML given in podman_kube_specs. The default value is false.

Note

Directories must be specified as absolute paths (for root containers), or paths relative to the home directory (for non-root containers), in order for the role to manage them. Anything else is ignored.

The role applies its default ownership or permissions to the directories. If you need to set ownership or permissions, see podman_host_directories.

podman_host_directories

It is a dict. If using podman_create_host_directories to tell the role to create host directories for volume mounts, and you need to specify permissions or ownership that apply to these created host directories, use podman_host_directories. Each key is the absolute path of the host directory to manage. The value is in the format of the parameters to the file module. If you do not specify a value, the role will use its built-in default values. If you want to specify a value to be used for all host directories, use the special key DEFAULT.

podman_firewall

It is a list of dict. Specifies ports that you want the role to manage in the firewall. This uses the same format as used by the firewall RHEL System Role.

podman_selinux_ports

It is a list of dict. Specifies ports that you want the role to manage the SELinux policy for ports used by the role. This uses the same format as used by the selinux RHEL System Role.

podman_run_as_user

Specifies the name of the user to use for all rootless containers. You can also specify per-container username with run_as_user in podman_kube_specs.

Note

The user must already exist.

podman_run_as_group

Specifies the name of the group to use for all rootless containers. You can also specify a per-container group name with run_as_group in podman_kube_specs.

Note

The group must already exist.

podman_systemd_unit_scope

Defines the systemd scope to use by default for all systemd units. You can also specify per-container scope with systemd_unit_scope in podman_kube_specs. By default, rootless containers use user and root containers use system.

podman_containers_conf

Defines the containers.conf(5) settings as a dict. The setting is provided in a drop-in file in the containers.conf.d directory. If running as root (see podman_run_as_user), the system settings are managed. Otherwise, the user settings are managed. See the containers.conf man page for the directory locations.

podman_registries_conf

Defines the containers-registries.conf(5) settings as a dict. The setting is provided in a drop-in file in the registries.conf.d directory. If running as root (see podman_run_as_user), the system settings are managed. Otherwise, the user settings are managed. See the registries.conf man page for the directory locations.

podman_storage_conf

Defines the containers-storage.conf(5) settings as a dict. If running as root (see podman_run_as_user), the system settings are managed. Otherwise, the user settings are managed. See the storage.conf man page for the directory locations.

podman_policy_json

Defines the containers-policy.conf(5) settings as a dict. If running as root (see podman_run_as_user), the system settings are managed. Otherwise, the user settings are managed. See the policy.json man page for the directory locations.

Additional resources

  • Installing RHEL System Roles
  • For details about the parameters used in podman and additional information about the podman RHEL System Role, see the /usr/share/ansible/roles/rhel-system-roles.podman/README.md file.

27.3. Additional resources

  • For details about the parameters used in podman and additional information about the podman RHEL System Role, see the /usr/share/ansible/roles/rhel-system-roles.podman/README.md file.
  • For details about the ansible-playbook command, see the ansible-playbook(1) man page.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.