Add security related podman options
These options can be used instead of the --privileged option with
some containerised services in TripleO.
Change-Id: If1d97e5f1697fdc1d6a7b845cf116d54b1897245
(cherry picked from commit fbacb3752f
)
This commit is contained in:
parent
a3dc676d6b
commit
3bfbb34d71
|
@ -35,6 +35,7 @@
|
|||
loop_control:
|
||||
loop_var: container_data
|
||||
podman_container:
|
||||
annotation: "{{ lookup('dict', container_data).value.annotation | default(omit) }}"
|
||||
cap_add: "{{ lookup('dict', container_data).value.cap_add | default(omit) }}"
|
||||
cap_drop: "{{ lookup('dict', container_data).value.cap_drop | default(omit) }}"
|
||||
command: "{{ lookup('dict', container_data).value.command | default(omit) }}"
|
||||
|
@ -43,6 +44,7 @@
|
|||
# cpuset_cpus: "{{ lookup('dict', container_data).value.cpuset_cpus | default(omit) }}"
|
||||
debug: true
|
||||
detach: "{{ lookup('dict', container_data).value.detach | default(true) }}"
|
||||
device: "{{ lookup('dict', container_data).value.device | default(omit) }}"
|
||||
entrypoint: "{{ lookup('dict', container_data).value.entrypoint | default(omit) }}"
|
||||
env: "{{ lookup('dict', container_data).value.environment | default(omit) }}"
|
||||
env_file: "{{ lookup('dict', container_data).value.env_file | default(omit) }}"
|
||||
|
@ -71,6 +73,7 @@
|
|||
state: present
|
||||
stop_signal: "{{ lookup('dict', container_data).value.stop_signal | default(omit) }}"
|
||||
stop_timeout: "{{ lookup('dict', container_data).value.stop_grace_period | default(omit) | int }}"
|
||||
sysctl: "{{ lookup('dict', container_data).value.sysctl | default(omit) }}"
|
||||
tty: "{{ lookup('dict', container_data).value.tty | default(false) }}"
|
||||
ulimit: "{{ lookup('dict', container_data).value.ulimit | default(omit) }}"
|
||||
user: "{{ lookup('dict', container_data).value.user | default(omit) }}"
|
||||
|
|
Loading…
Reference in New Issue