tripleo-ansible/tripleo_ansible/roles/tripleo-podman/tasks/tripleo_podman_install.yml

---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Load vars id needed
  when: tripleo_podman_packages is undefined or tripleo_podman_packages|length == 0
  import_tasks: load_vars.yaml

- name: Install block
  become: true
  block:
    - name: ensure podman and deps are installed
      package:
        name: "{{ tripleo_podman_packages }}"
        state: latest

    - name: Ensure we get the ansible_interfaces fact
      when:
        - ansible_interfaces is undefined
      setup:
        gather_subset:
          - '!all'
          - '!min'
          - 'network'
        filter: 'ansible_interfaces'

    - name: Delete legacy cni0 interface (podman < 1.6)
      command: ip link delete cni0
      when:
        - '"cni0" in ansible_interfaces'

    # don't update the network config if the network is already running
    # meaning cni-podman0 is running somewhere
    - name: Update default network configuration if possible
      copy:
        dest: /etc/cni/net.d/87-podman-bridge.conflist
        content: "{{ tripleo_podman_default_network_config | to_json }}"
        mode: '0644'
        owner: root
        group: root
      when:
        - '"cni-podman0" not in ansible_interfaces'


    - name: configure insecure registries /etc/containers/registries.conf
      ini_file:
        path: /etc/containers/registries.conf
        section: 'registries.insecure'
        option: registries
        value: "{{ tripleo_container_registry_insecure_registries }}"
      when:
        - (tripleo_container_registry_insecure_registries | length) > 0

    - name: Write containers.conf
      ini_file:
        path: /etc/containers/containers.conf
        owner: root
        group: root
        setype: etc_t
        mode: '0644'
        create: true
        section: containers
        option: pids_limit
        value: "{{ tripleo_container_default_pids_limit }}"