4446cbcd19
Instead of blanking out the file, we need to configure it. An empty file causes the `podman network` to not function and prevents us from using containers without --net=host. While we don't use this in tripleo today, it is beneficial to not leave podman in a broken state on the undercloud or standalone if we actually wanted to use podman networking for an external container. This change won't remove the network if the interface has been configured and is in use as to not break 'podman network' It should be noted that the default interface was changed in later versions from cni0 to cni-podman0 see podman 3755 (podman > 1.6). Change-Id: Id3ba3a531b8f86d411c843683c94a9d632cbf217 Closes-Bug: #1889510 Closes-Bug: #1898120
79 lines
2.6 KiB
YAML
79 lines
2.6 KiB
YAML
---
|
|
# Copyright 2019 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
# All variables intended for modification should be placed in this file.
|
|
tripleo_podman_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
|
|
tripleo_podman_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
|
|
|
|
tripleo_podman_buildah_login: false
|
|
tripleo_container_registry_insecure_registries: []
|
|
tripleo_container_registry_login: false
|
|
tripleo_container_registry_logins: {}
|
|
tripleo_podman_packages: "{{ _tripleo_podman_packages | default([]) }}"
|
|
tripleo_buildah_packages: "{{ _tripleo_buildah_packages | default([]) }}"
|
|
tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([]) }}"
|
|
tripleo_podman_tls_verify: true
|
|
tripleo_podman_unqualified_search_registries:
|
|
- registry.redhat.io
|
|
- registry.access.redhat.com
|
|
- registry.fedoraproject.org
|
|
- registry.centos.org
|
|
- docker.io
|
|
tripleo_podman_insecure_registries: "{{ tripleo_container_registry_insecure_registries }}"
|
|
# this is the default network configuration except the range has been moved
|
|
# from 10.88.0.0/16 to 10.255.255.0/24 to try and prevent a conflict in an
|
|
# existing cloud
|
|
tripleo_podman_default_network_config:
|
|
cniVersion: 0.4.0
|
|
name: podman
|
|
plugins:
|
|
- type: bridge
|
|
bridge: cni-podman0
|
|
isGateway: true
|
|
ipMasq: true
|
|
hairpinMode: true
|
|
ipam:
|
|
type: host-local
|
|
routes:
|
|
- dst: 0.0.0.0/0
|
|
ranges:
|
|
- - subnet: 10.255.255.0/24
|
|
gateway: 10.255.255.1
|
|
- type: portmap
|
|
capabilities:
|
|
portMappings: true
|
|
- type: firewall
|
|
- type: tuning
|
|
# tripleo_podman_registries requires a list of dictionaries
|
|
# Example:
|
|
# tripleo_podman_registries:
|
|
# - prefix: docker.io
|
|
# insecure: false
|
|
# location: docker.io
|
|
# mirrors:
|
|
# - location: 192.168.0.1:8787
|
|
# insecure: true
|
|
# - prefix: registry.redhat.io
|
|
# insecure: false
|
|
# location: registry.redhat.io
|
|
# mirrors:
|
|
# - location: 192.168.0.2:8787
|
|
# insecure: false
|
|
# - prefix: registry.fedoraproject.org
|
|
# blocked: true
|
|
tripleo_podman_registries: []
|