heat_template_version: rocky description: > Configures podman on the host parameters: DockerInsecureRegistryAddress: description: Optional. The IP Address and Port of an insecure docker namespace that will be configured in /etc/sysconfig/docker. The value can be multiple addresses separated by commas. type: comma_delimited_list default: [] EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json ContainerImageRegistryLogin: type: boolean default: false description: Flag to enable container registry login actions during the deployment. Setting this to true will cause login calls to be performed during the deployment. ContainerImageRegistryCredentials: type: json hidden: true default: {} description: | Mapping of image registry hosts to login credentials. Must be in the following example format docker.io: username: pa55word '192.0.2.1:8787': registry_username: password SystemdDropInDependencies: default: true description: tell the container manager (e.g. paunch) to inject additional ordering dependencies for the systemd scopes associated to podman containers. type: boolean conditions: insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]} systemd_drop_in_dependencies_enabled: {get_param: SystemdDropInDependencies} outputs: role_data: description: Role data for the podman service value: service_name: podman config_settings: {} step_config: '' host_prep_tasks: - name: Install and configure Podman block: &install_and_configure_podman - name: Set login facts set_fact: container_registry_insecure_registries: if: - insecure_registry_is_empty - [] - {get_param: DockerInsecureRegistryAddress} container_registry_login: {get_param: ContainerImageRegistryLogin} # default that is overwritten by the heat -> dict conversion container_registry_logins: {} container_registry_logins_json: {get_param: ContainerImageRegistryCredentials} - name: Convert logins json to dict set_fact: container_registry_logins: "{{ container_registry_logins_json | from_json }}" when: - container_registry_logins_json is string - container_registry_login | bool - (container_registry_logins_json | length) > 0 - name: Set registry logins set_fact: container_registry_logins: "{{ container_registry_logins_json }}" when: - container_registry_logins_json is mapping - container_registry_login | bool - (container_registry_logins_json | length) > 0 - name: Run podman install include_role: name: tripleo_podman tasks_from: tripleo_podman_install.yml vars_from: "redhat.yml" vars: tripleo_container_registry_insecure_registries: "{{ container_registry_insecure_registries }}" - name: Run podman login include_role: name: tripleo_podman tasks_from: tripleo_podman_login.yml vars: tripleo_container_registry_logins: "{{ container_registry_logins }}" tripleo_container_registry_login: "{{ container_registry_login | bool }}" - if: - systemd_drop_in_dependencies_enabled - - name: Configure paunch to generate systemd drop-in dependencies copy: dest: /etc/sysconfig/podman_drop_in content: | This file makes paunch generate additional systemd dependencies for containers that have special start/stop ordering constraints. It ensures that those constraints are enforced on reboot/shutdown. - - name: Configure paunch to not generate drop-in dependencies file: path: /etc/sysconfig/podman_drop_in state: absent service_config_settings: {} upgrade_tasks: - name: system_upgrade_prepare step 2 tags: - never - system_upgrade - system_upgrade_prepare when: - (step | int) == 2 block: - name: Check if pcs is present stat: path: /usr/sbin/pcs register: pcs_stat - name: Stop pacemaker cluster before stopping all docker containers pacemaker_cluster: state=offline when: pcs_stat.stat.exists - name: Destroy pacemaker cluster command: /usr/sbin/pcs cluster destroy when: pcs_stat.stat.exists - name: Stop all services by stopping all docker containers include_role: name: tripleo_podman tasks_from: tripleo_docker_stop.yml tags: - never - system_upgrade - system_upgrade_prepare - name: Run podman install when: - (step | int) == 1 include_role: name: tripleo_podman tasks_from: tripleo_podman_install.yml vars_from: "redhat.yml" post_upgrade_tasks: - name: Purge everything about docker on the host when: - (step | int) == 3 include_role: name: tripleo_podman tasks_from: tripleo_docker_purge.yml - name: Stop docker include_role: name: tripleo_podman tasks_from: tripleo_docker_stop.yml - name: Purge Podman when: - (step | int) == 3 - container_cli == 'podman' include_role: name: tripleo_podman tasks_from: tripleo_podman_purge.yml post_update_tasks: - name: Purge Podman when: - (step | int) == 3 - container_cli == 'podman' include_role: name: tripleo_podman tasks_from: tripleo_podman_purge.yml