diff options
Diffstat (limited to 'ansible_collections/containers/podman/plugins/modules')
18 files changed, 912 insertions, 74 deletions
diff --git a/ansible_collections/containers/podman/plugins/modules/podman_container.py b/ansible_collections/containers/podman/plugins/modules/podman_container.py index 7878352da..51cb57a53 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_container.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_container.py @@ -76,6 +76,15 @@ options: - Add an annotation to the container. The format is key value, multiple times. type: dict + attach: + description: + - Attach to STDIN, STDOUT or STDERR. The default in Podman is false. + type: list + elements: str + choices: + - stdin + - stdout + - stderr authfile: description: - Path of the authentication file. Default is @@ -149,7 +158,11 @@ options: type: raw cpu_period: description: - - Limit the CPU real-time period in microseconds + - Limit the CPU CFS (Completely Fair Scheduler) period + type: int + cpu_quota: + description: + - Limit the CPU CFS (Completely Fair Scheduler) quota type: int cpu_rt_period: description: @@ -180,6 +193,22 @@ options: - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. type: str + delete_depend: + description: + - Remove selected container and recursively remove all containers that depend on it. + Applies to "delete" command. + type: bool + delete_time: + description: + - Seconds to wait before forcibly stopping the container. Use -1 for infinite wait. + Applies to "delete" command. + type: str + delete_volumes: + description: + - Remove anonymous volumes associated with the container. + This does not include named volumes created with podman volume create, + or the --volume option of podman run and podman create. + type: bool detach: description: - Run container in detach mode @@ -262,7 +291,14 @@ options: - Read in a line delimited file of environment variables. Doesn't support idempotency. If users changes the file with environment variables it's on them to recreate the container. - type: path + The file must be present on the REMOTE machine where actual podman is + running, not on the controller machine where Ansible is executing. + If you need to copy the file from controller to remote machine, use the + copy or slurp module. + type: list + elements: path + aliases: + - env_files env_host: description: - Use all current host environment variables in container. @@ -292,6 +328,11 @@ options: default: False aliases: - restart + force_delete: + description: + - Force deletion of container when it's being deleted. + type: bool + default: True generate_systemd: description: - Generate systemd unit file for container. @@ -319,11 +360,21 @@ options: - 'on-watchdog' - 'on-abort' - 'always' - time: + restart_sec: + description: Set the systemd service restartsec value. + type: int + required: false + start_timeout: + description: Override the default start timeout for the container with the given value. + type: int + required: false + stop_timeout: description: - - Override the default stop timeout for the container with the given value. + - Override the default stop timeout for the container with the given value. Called `time` before version 4. type: int required: false + aliases: + - time no_header: description: - Do not generate the header including meta data such as the Podman version and the timestamp. @@ -416,6 +467,17 @@ options: is considered failed. Like start-period, the value can be expressed in a time format such as 1m22s. The default value is 30s type: str + healthcheck_failure_action: + description: + - The action to be taken when the container is considered unhealthy. The action must be one of + "none", "kill", "restart", or "stop". + The default policy is "none". + type: str + choices: + - 'none' + - 'kill' + - 'restart' + - 'stop' hooks_dir: description: - Each .json file in the path configures a hook for Podman containers. @@ -693,6 +755,11 @@ options: * always - Restart containers when they exit, regardless of status, retrying indefinitely type: str + restart_time: + description: + - Seconds to wait before forcibly stopping the container when restarting. Use -1 for infinite wait. + Applies to "restarted" status. + type: str rm: description: - Automatically remove the container when it exits. The default is false. @@ -740,6 +807,11 @@ options: description: - Signal to stop a container. Default is SIGTERM. type: int + stop_time: + description: + - Seconds to wait before forcibly stopping the container. Use -1 for infinite wait. + Applies to "stopped" status. + type: str stop_timeout: description: - Timeout (in seconds) to stop a container. Default is 10. @@ -860,7 +932,7 @@ EXAMPLES = r""" generate_systemd: path: /tmp/ restart_policy: always - time: 120 + stop_timeout: 120 names: true container_prefix: ainer @@ -912,6 +984,16 @@ EXAMPLES = r""" image: busybox log_options: path=/var/log/container/mycontainer.json log_driver: k8s-file + +- name: Run container with complex command with quotes + containers.podman.podman_container: + name: mycontainer + image: certbot/certbot + command: + - renew + - --deploy-hook + - "echo 1 > /var/lib/letsencrypt/complete" + """ RETURN = r""" diff --git a/ansible_collections/containers/podman/plugins/modules/podman_container_exec.py b/ansible_collections/containers/podman/plugins/modules/podman_container_exec.py new file mode 100644 index 000000000..d30e85cdb --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_container_exec.py @@ -0,0 +1,244 @@ +#!/usr/bin/python +# coding: utf-8 -*- + +# Copyright (c) 2023, Takuya Nishimura <@nishipy> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = r''' +module: podman_container_exec +author: + - Takuya Nishimura (@nishipy) +short_description: Executes a command in a running container. +description: + - Executes a command in a running container. +options: + name: + description: + - Name of the container where the command is executed. + type: str + required: true + command: + description: + - The command to run in the container. + - One of the I(command) or I(args) is required. + type: str + argv: + description: + - Passes the command as a list rather than a string. + - One of the I(command) or I(args) is required. + type: list + elements: str + detach: + description: + - If true, the command runs in the background. + - The exec session is automatically removed when it completes. + type: bool + default: false + env: + description: + - Set environment variables. + type: dict + privileged: + description: + - Give extended privileges to the container. + type: bool + default: false + tty: + description: + - Allocate a pseudo-TTY. + type: bool + default: false + user: + description: + - The username or UID used and, optionally, the groupname or GID for the specified command. + - Both user and group may be symbolic or numeric. + type: str + workdir: + description: + - Working directory inside the container. + type: str +requirements: + - podman +notes: + - See L(the Podman documentation,https://docs.podman.io/en/latest/markdown/podman-exec.1.html) for details of podman-exec(1). +''' + +EXAMPLES = r''' +- name: Execute a command with workdir + containers.podman.podman_container_exec: + name: ubi8 + command: "cat redhat-release" + workdir: /etc + +- name: Execute a command with a list of args and environment variables + containers.podman.podman_container_exec: + name: test_container + argv: + - /bin/sh + - -c + - echo $HELLO $BYE + env: + HELLO: hello world + BYE: goodbye world + +- name: Execute command in background by using detach + containers.podman.podman_container_exec: + name: detach_container + command: "cat redhat-release" + detach: true +''' + +RETURN = r''' +stdout: + type: str + returned: success + description: + - The standard output of the command executed in the container. +stderr: + type: str + returned: success + description: + - The standard output of the command executed in the container. +rc: + type: int + returned: success + sample: 0 + description: + - The exit code of the command executed in the container. +exec_id: + type: str + returned: success and I(detach=true) + sample: f99002e34c1087fd1aa08d5027e455bf7c2d6b74f019069acf6462a96ddf2a47 + description: + - The ID of the exec session. +''' + + +import shlex +from ansible.module_utils.six import string_types +from ansible.module_utils._text import to_text +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.containers.podman.plugins.module_utils.podman.common import run_podman_command + + +def run_container_exec(module: AnsibleModule) -> dict: + ''' + Execute podman-container-exec for the given options + ''' + exec_with_args = ['container', 'exec'] + # podman_container_exec always returns changed=true + changed = True + exec_options = [] + + name = module.params['name'] + argv = module.params['argv'] + command = module.params['command'] + detach = module.params['detach'] + env = module.params['env'] + privileged = module.params['privileged'] + tty = module.params['tty'] + user = module.params['user'] + workdir = module.params['workdir'] + + if command is not None: + argv = shlex.split(command) + + if detach: + exec_options.append('--detach') + + if env is not None: + for key, value in env.items(): + if not isinstance(value, string_types): + module.fail_json( + msg="Specify string value %s on the env field" % (value)) + + to_text(value, errors='surrogate_or_strict') + exec_options += ['--env', + '%s="%s"' % (key, value)] + + if privileged: + exec_options.append('--privileged') + + if tty: + exec_options.append('--tty') + + if user is not None: + exec_options += ['--user', + to_text(user, errors='surrogate_or_strict')] + + if workdir is not None: + exec_options += ['--workdir', + to_text(workdir, errors='surrogate_or_strict')] + + exec_options.append(name) + exec_options.extend(argv) + + exec_with_args.extend(exec_options) + + rc, stdout, stderr = run_podman_command( + module=module, executable='podman', args=exec_with_args) + + result = { + 'changed': changed, + 'podman_command': exec_options, + 'rc': rc, + 'stdout': stdout, + 'stderr': stderr, + } + + if detach: + result['exec_id'] = stdout.replace('\n', '') + + return result + + +def main(): + argument_spec = { + 'name': { + 'type': 'str', + 'required': True, + }, + 'command': { + 'type': 'str', + }, + 'argv': { + 'type': 'list', + 'elements': 'str', + }, + 'detach': { + 'type': 'bool', + 'default': False, + }, + 'env': { + 'type': 'dict', + }, + 'privileged': { + 'type': 'bool', + 'default': False, + }, + 'tty': { + 'type': 'bool', + 'default': False, + }, + 'user': { + 'type': 'str', + }, + 'workdir': { + 'type': 'str', + }, + } + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_one_of=[('argv', 'command')], + ) + + result = run_container_exec(module) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_container_info.py b/ansible_collections/containers/podman/plugins/modules/podman_container_info.py index bbdd29fb9..dd361c449 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_container_info.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_container_info.py @@ -50,7 +50,7 @@ EXAMPLES = r""" RETURN = r""" containers: - description: Facts from all or specificed containers + description: Facts from all or specified containers returned: always type: list elements: dict diff --git a/ansible_collections/containers/podman/plugins/modules/podman_containers.py b/ansible_collections/containers/podman/plugins/modules/podman_containers.py index c67aee344..7f418a67b 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_containers.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_containers.py @@ -41,7 +41,7 @@ EXAMPLES = ''' - name: web image: nginx - name: test - image: python:3-alpine + image: python:3.10-alpine command: python -V ''' diff --git a/ansible_collections/containers/podman/plugins/modules/podman_export.py b/ansible_collections/containers/podman/plugins/modules/podman_export.py index e2bb19614..dda0099cb 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_export.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_export.py @@ -24,7 +24,10 @@ options: description: - Container to export. type: str - required: true + volume: + description: + - Volume to export. + type: str force: description: - Force saving to file even if it exists. @@ -48,6 +51,9 @@ EXAMPLES = ''' - containers.podman.podman_export: dest: /path/to/tar/file container: container-name +- containers.podman.podman_export: + dest: /path/to/tar/file + volume: volume-name ''' import os # noqa: E402 @@ -57,8 +63,16 @@ from ..module_utils.podman.common import remove_file_or_dir # noqa: E402 def export(module, executable): changed = False - command = [executable, 'export'] - command += ['-o=%s' % module.params['dest'], module.params['container']] + export_type = '' + command = [] + if module.params['container']: + export_type = 'container' + command = [executable, 'export'] + else: + export_type = 'volume' + command = [executable, 'volume', 'export'] + + command += ['-o=%s' % module.params['dest'], module.params[export_type]] if module.params['force']: dest = module.params['dest'] if os.path.exists(dest): @@ -75,8 +89,8 @@ def export(module, executable): return changed, '', '' rc, out, err = module.run_command(command) if rc != 0: - module.fail_json(msg="Error exporting container %s: %s" % ( - module.params['container'], err)) + module.fail_json(msg="Error exporting %s %s: %s" % (export_type, + module.params['container'], err)) return changed, out, err @@ -84,11 +98,18 @@ def main(): module = AnsibleModule( argument_spec=dict( dest=dict(type='str', required=True), - container=dict(type='str', required=True), + container=dict(type='str'), + volume=dict(type='str'), force=dict(type='bool', default=True), executable=dict(type='str', default='podman') ), supports_check_mode=True, + mutually_exclusive=[ + ('container', 'volume'), + ], + required_one_of=[ + ('container', 'volume'), + ], ) executable = module.get_bin_path(module.params['executable'], required=True) diff --git a/ansible_collections/containers/podman/plugins/modules/podman_generate_systemd.py b/ansible_collections/containers/podman/plugins/modules/podman_generate_systemd.py index 9c9bc7b27..486a18a86 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_generate_systemd.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_generate_systemd.py @@ -27,6 +27,12 @@ options: - Use C(/etc/systemd/system) for the system-wide systemd instance. - Use C(/etc/systemd/user) or C(~/.config/systemd/user) for use with per-user instances of systemd. type: path + force: + description: + - Replace the systemd unit file(s) even if it already exists. + - This works with dest option. + type: bool + default: false new: description: - Generate unit files that create containers and pods, not only start them. @@ -219,7 +225,7 @@ podman_command: import os from ansible.module_utils.basic import AnsibleModule import json - +from ansible_collections.containers.podman.plugins.module_utils.podman.common import compare_systemd_file_content RESTART_POLICY_CHOICES = [ 'no-restart', @@ -388,7 +394,7 @@ def generate_systemd(module): # In case of error in running the command if return_code != 0: - # Print informations about the error and return and empty dictionary + # Print information about the error and return and empty dictionary message = 'Error generating systemd .service unit(s).' message += ' Command executed: {command_str}' message += ' Command returned with code: {return_code}.' @@ -425,7 +431,7 @@ def generate_systemd(module): changed = True # If destination exist but not a directory if not os.path.isdir(systemd_units_dest): - # Stop and tell user that the destination is not a directry + # Stop and tell user that the destination is not a directory message = "Destination {systemd_units_dest} is not a directory." message += " Can't save systemd unit files in." module.fail_json( @@ -446,26 +452,13 @@ def generate_systemd(module): unit_file_name, ) - # See if we need to write the unit file, default yes - need_to_write_file = True - # If the unit file already exist, compare it with the - # generated content - if os.path.exists(unit_file_full_path): - # Read the file - with open(unit_file_full_path, 'r') as unit_file: - current_unit_file_content = unit_file.read() - # If current unit file content is the same as the - # generated content - # Remove comments from files, before comparing - current_unit_file_content_nocmnt = "\n".join([ - line for line in current_unit_file_content.splitlines() - if not line.startswith('#')]) - unit_content_nocmnt = "\n".join([ - line for line in unit_content.splitlines() - if not line.startswith('#')]) - if current_unit_file_content_nocmnt == unit_content_nocmnt: - # We don't need to write it - need_to_write_file = False + if module.params['force']: + # Force to replace the existing unit file + need_to_write_file = True + else: + # See if we need to write the unit file, default yes + need_to_write_file = bool(compare_systemd_file_content( + unit_file_full_path, unit_content)) # Write the file, if needed if need_to_write_file: @@ -506,6 +499,11 @@ def run_module(): 'required': False, 'default': False, }, + 'force': { + 'type': 'bool', + 'required': False, + 'default': False, + }, 'restart_policy': { 'type': 'str', 'required': False, diff --git a/ansible_collections/containers/podman/plugins/modules/podman_image.py b/ansible_collections/containers/podman/plugins/modules/podman_image.py index d66ff5d49..6305a5d5b 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_image.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_image.py @@ -17,7 +17,7 @@ DOCUMENTATION = r''' options: arch: description: - - CPU architecutre for the container image + - CPU architecture for the container image type: str name: description: @@ -132,6 +132,10 @@ DOCUMENTATION = r''' description: - Extra args to pass to build, if executed. Does not idempotently check for new build args. type: str + target: + description: + - Specify the target build stage to build. + type: str push_args: description: Arguments that control pushing images. type: dict @@ -512,6 +516,8 @@ class PodmanImageManager(object): if not self.module.check_mode: self.results['image'], output = self.push_image() self.results['stdout'] += "\n" + output + if image and not self.results.get('image'): + self.results['image'] = image def absent(self): image = self.find_image() @@ -536,12 +542,21 @@ class PodmanImageManager(object): image_name = self.image_name args = ['image', 'ls', image_name, '--format', 'json'] rc, images, err = self._run(args, ignore_errors=True) - images = json.loads(images) + try: + images = json.loads(images) + except json.decoder.JSONDecodeError: + self.module.fail_json(msg='Failed to parse JSON output from podman image ls: {out}'.format(out=images)) + if len(images) == 0: + # Let's find out if image exists + rc, out, err = self._run(['image', 'exists', image_name], ignore_errors=True) + if rc == 0: + inspect_json = self.inspect_image(image_name) + else: + return None if len(images) > 0: inspect_json = self.inspect_image(image_name) - if self._is_target_arch(inspect_json, self.arch) or not self.arch: - return images - + if self._is_target_arch(inspect_json, self.arch) or not self.arch: + return images or inspect_json return None def _is_target_arch(self, inspect_json=None, arch=None): @@ -565,7 +580,10 @@ class PodmanImageManager(object): image_name = self.image_name args = ['inspect', image_name, '--format', 'json'] rc, image_data, err = self._run(args) - image_data = json.loads(image_data) + try: + image_data = json.loads(image_data) + except json.decoder.JSONDecodeError: + self.module.fail_json(msg='Failed to parse JSON output from podman inspect: {out}'.format(out=image_data)) if len(image_data) > 0: return image_data else: @@ -656,6 +674,10 @@ class PodmanImageManager(object): if extra_args: args.extend(shlex.split(extra_args)) + target = self.build.get('target') + if target: + args.extend(['--target', target]) + args.append(self.path) rc, out, err = self._run(args, ignore_errors=True) @@ -812,6 +834,7 @@ def main(): rm=dict(type='bool', default=True), volume=dict(type='list', elements='str'), extra_args=dict(type='str'), + target=dict(type='str'), ), ), push_args=dict( diff --git a/ansible_collections/containers/podman/plugins/modules/podman_import.py b/ansible_collections/containers/podman/plugins/modules/podman_import.py index 5090b177c..6a408c08e 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_import.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_import.py @@ -29,6 +29,10 @@ options: - Set changes as list of key-value pairs, see example. type: list elements: dict + volume: + description: + - Volume to import, cannot be used with change and commit_message + type: str executable: description: - Path to C(podman) executable if it is not in the C($PATH) on the @@ -95,6 +99,9 @@ EXAMPLES = ''' - "CMD": /bin/bash - "User": root commit_message: "Importing image" +- containers.podman.podman_import: + src: /path/to/tar/file + volume: myvolume ''' import json # noqa: E402 @@ -128,25 +135,55 @@ def load(module, executable): return changed, out, err, info, command +def volume_load(module, executable): + changed = True + command = [executable, 'volume', 'import', module.params['volume'], module.params['src']] + src = module.params['src'] + if module.check_mode: + return changed, '', '', '', command + rc, out, err = module.run_command(command) + if rc != 0: + module.fail_json(msg="Error importing volume %s: %s" % (src, err)) + rc, out2, err2 = module.run_command([executable, 'volume', 'inspect', module.params['volume']]) + if rc != 0: + module.fail_json(msg="Volume %s inspection failed: %s" % (module.params['volume'], err2)) + try: + info = json.loads(out2)[0] + except Exception as e: + module.fail_json(msg="Could not parse JSON from volume %s: %s" % (module.params['volume'], e)) + return changed, out, err, info, command + + def main(): module = AnsibleModule( argument_spec=dict( src=dict(type='str', required=True), commit_message=dict(type='str'), change=dict(type='list', elements='dict'), - executable=dict(type='str', default='podman') + executable=dict(type='str', default='podman'), + volume=dict(type='str', required=False), ), + mutually_exclusive=[ + ('volume', 'commit_message'), + ('volume', 'change'), + ], supports_check_mode=True, ) executable = module.get_bin_path(module.params['executable'], required=True) - changed, out, err, image_info, command = load(module, executable) + volume_info = '' + image_info = '' + if module.params['volume']: + changed, out, err, volume_info, command = volume_load(module, executable) + else: + changed, out, err, image_info, command = load(module, executable) results = { "changed": changed, "stdout": out, "stderr": err, "image": image_info, + "volume": volume_info, "podman_command": " ".join(command) } diff --git a/ansible_collections/containers/podman/plugins/modules/podman_login.py b/ansible_collections/containers/podman/plugins/modules/podman_login.py index be417c761..8ae8418a9 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_login.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_login.py @@ -75,7 +75,7 @@ EXAMPLES = r""" username: user password: 'p4ssw0rd' -- name: Login to default registry and create ${XDG_RUNTIME_DIR}/containers/auth.json +- name: Login to quay.io and create ${XDG_RUNTIME_DIR}/containers/auth.json containers.podman.podman_login: username: user password: 'p4ssw0rd' diff --git a/ansible_collections/containers/podman/plugins/modules/podman_network.py b/ansible_collections/containers/podman/plugins/modules/podman_network.py index 846524b65..3f52af4ce 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_network.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_network.py @@ -37,10 +37,22 @@ options: description: - Driver to manage the network (default "bridge") type: str + force: + description: + - Remove all containers that use the network. + If the container is running, it is stopped and removed. + default: False + type: bool gateway: description: - IPv4 or IPv6 gateway for the subnet type: str + interface_name: + description: + - For bridge, it uses the bridge interface name. + For macvlan, it is the parent device on the host (it is the same + as 'opt.parent') + type: str internal: description: - Restrict external access from this network (default "false") @@ -92,7 +104,8 @@ options: required: false parent: description: - - The host device which should be used for the macvlan interface. + - The host device which should be used for the macvlan interface + (it is the same as 'interface' in that case). Defaults to the default route interface. type: str required: false @@ -219,14 +232,15 @@ class PodmanNetworkModuleParams: list -- list of byte strings for Popen command """ if self.action in ['delete']: - return self._simple_action() + return self._delete_action() if self.action in ['create']: return self._create_action() - def _simple_action(self): - if self.action == 'delete': - cmd = ['rm', '-f', self.params['name']] - return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] + def _delete_action(self): + cmd = ['rm', self.params['name']] + if self.params['force']: + cmd += ['--force'] + return [to_bytes(i, errors='surrogate_or_strict') for i in cmd] def _create_action(self): cmd = [self.action, self.params['name']] @@ -270,6 +284,9 @@ class PodmanNetworkModuleParams: def addparam_macvlan(self, c): return c + ['--macvlan', self.params['macvlan']] + def addparam_interface_name(self, c): + return c + ['--interface-name', self.params['interface_name']] + def addparam_internal(self, c): return c + ['--internal=%s' % self.params['internal']] @@ -291,7 +308,6 @@ class PodmanNetworkDefaults: self.version = podman_version self.defaults = { 'driver': 'bridge', - 'disable_dns': False, 'internal': False, 'ipv6': False } @@ -334,6 +350,9 @@ class PodmanNetworkDiff: if LooseVersion(self.version) >= LooseVersion('4.0.0'): before = not self.info.get('dns_enabled', True) after = self.params['disable_dns'] + # compare only if set explicitly + if self.params['disable_dns'] is None: + after = before return self._diff_update_and_compare('disable_dns', before, after) before = after = self.params['disable_dns'] return self._diff_update_and_compare('disable_dns', before, after) @@ -642,7 +661,9 @@ def main(): name=dict(type='str', required=True), disable_dns=dict(type='bool', required=False), driver=dict(type='str', required=False), + force=dict(type='bool', default=False), gateway=dict(type='str', required=False), + interface_name=dict(type='str', required=False), internal=dict(type='bool', required=False), ip_range=dict(type='str', required=False), ipv6=dict(type='bool', required=False), diff --git a/ansible_collections/containers/podman/plugins/modules/podman_play.py b/ansible_collections/containers/podman/plugins/modules/podman_play.py index 04a30441b..10a9a06fa 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_play.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_play.py @@ -29,6 +29,12 @@ options: - Path to file with YAML configuration for a Pod. type: path required: True + annotation: + description: + - Add an annotation to the container or pod. + type: dict + aliases: + - annotations authfile: description: - Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json, @@ -37,6 +43,11 @@ options: Note - You can also override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. export REGISTRY_AUTH_FILE=path type: path + build: + description: + - Build images even if they are found in the local storage. + - It is required to exist subdirectories matching the image names to be build. + type: bool cert_dir: description: - Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. @@ -51,6 +62,11 @@ options: Kubernetes configmap YAMLs type: list elements: path + context_dir: + description: + - Use path as the build context directory for each image. + Requires build option be true. + type: path seccomp_profile_root: description: - Directory path for seccomp profiles (default is "/var/lib/kubelet/seccomp"). @@ -68,6 +84,28 @@ options: description: - Set logging driver for all created containers. type: str + log_opt: + description: + - Logging driver specific options. Set custom logging configuration. + type: dict + aliases: + - log_options + suboptions: + path: + description: + - specify a path to the log file (e.g. /var/log/container/mycontainer.json). + type: str + required: false + max_size: + description: + - Specify a max size of the log file (e.g 10mb). + type: str + required: false + tag: + description: + - specify a custom log tag for the container. This option is currently supported only by the journald log driver in Podman. + type: str + required: false log_level: description: - Set logging level for podman calls. Log messages above specified level @@ -128,6 +166,18 @@ EXAMPLES = ''' kube_file: ~/kube.yaml state: started +- name: Recreate pod from a kube file with options + containers.podman.podman_play: + kube_file: ~/kube.yaml + state: started + recreate: true + annotations: + greeting: hello + greet_to: world + userns: host + log_opt: + path: /tmp/my-container.log + max_size: 10mb ''' import re # noqa: F402 try: @@ -148,6 +198,9 @@ class PodmanKubeManagement: self.command = [self.executable, 'play', 'kube'] creds = [] # pod_name = extract_pod_name(module.params['kube_file']) + if self.module.params['annotation']: + for k, v in self.module.params['annotation'].items(): + self.command.extend(['--annotation', '"{k}={v}"'.format(k=k, v=v)]) if self.module.params['username']: creds += [self.module.params['username']] if self.module.params['password']: @@ -160,11 +213,16 @@ class PodmanKubeManagement: if self.module.params['configmap']: configmaps = ",".join(self.module.params['configmap']) self.command.extend(['--configmap=%s' % configmaps]) + if self.module.params['log_opt']: + for k, v in self.module.params['log_opt'].items(): + self.command.extend(['--log-opt', '{k}={v}'.format(k=k.replace('_', '-'), v=v)]) start = self.module.params['state'] == 'started' self.command.extend(['--start=%s' % str(start).lower()]) for arg, param in { '--authfile': 'authfile', + '--build': 'build', '--cert-dir': 'cert_dir', + '--context-dir': 'context_dir', '--log-driver': 'log_driver', '--seccomp-profile-root': 'seccomp_profile_root', '--tls-verify': 'tls_verify', @@ -264,15 +322,22 @@ class PodmanKubeManagement: def main(): module = AnsibleModule( argument_spec=dict( + annotation=dict(type='dict', aliases=['annotations']), executable=dict(type='str', default='podman'), kube_file=dict(type='path', required=True), authfile=dict(type='path'), + build=dict(type='bool'), cert_dir=dict(type='path'), configmap=dict(type='list', elements='path'), + context_dir=dict(type='path'), seccomp_profile_root=dict(type='path'), username=dict(type='str'), password=dict(type='str', no_log=True), log_driver=dict(type='str'), + log_opt=dict(type='dict', aliases=['log_options'], options=dict( + path=dict(type='str'), + max_size=dict(type='str'), + tag=dict(type='str'))), network=dict(type='list', elements='str'), state=dict( type='str', diff --git a/ansible_collections/containers/podman/plugins/modules/podman_pod.py b/ansible_collections/containers/podman/plugins/modules/podman_pod.py index ab475de99..7b57fd302 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_pod.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_pod.py @@ -42,6 +42,18 @@ options: type: list elements: str required: false + blkio_weight: + description: + - Block IO relative weight. The weight is a value between 10 and 1000. + - This option is not supported on cgroups V1 rootless systems. + type: str + required: false + blkio_weight_device: + description: + - Block IO relative device weight. + type: list + elements: str + required: false cgroup_parent: description: - Path to cgroups under which the cgroup for the pod will be created. If the path @@ -61,6 +73,16 @@ options: Unlike `cpus` this is of type string and parsed as a list of numbers. Format is 0-3,0,1 required: false type: str + cpuset_mems: + description: + - Memory nodes in which to allow execution (0-3, 0,1). Only effective on NUMA systems. + required: false + type: str + cpu_shares: + description: + - CPU shares (relative weight). + required: false + type: str device: description: - Add a host device to the pod. Optional permissions parameter can be used to specify @@ -74,6 +96,12 @@ options: elements: str required: false type: list + device_write_bps: + description: + - Limit write rate (in bytes per second) to a device. + type: list + elements: str + required: false dns: description: - Set custom DNS servers in the /etc/resolv.conf file that will be shared between @@ -123,11 +151,21 @@ options: - 'on-watchdog' - 'on-abort' - 'always' - time: + restart_sec: + description: Set the systemd service restartsec value. + type: int + required: false + start_timeout: + description: Override the default start timeout for the container with the given value. + type: int + required: false + stop_timeout: description: - - Override the default stop timeout for the container with the given value. + - Override the default stop timeout for the container with the given value. Called `time` before version 4. type: int required: false + aliases: + - time no_header: description: - Do not generate the header including meta data such as the Podman version and the timestamp. @@ -242,6 +280,18 @@ options: - Set a static MAC address for the pod's shared network. type: str required: false + memory: + description: + - Set memory limit. + - A unit can be b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes). + type: str + required: false + memory_swap: + description: + - Set limit value equal to memory plus swap. + - A unit can be b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes). + type: str + required: false name: description: - Assign a name to the pod. diff --git a/ansible_collections/containers/podman/plugins/modules/podman_prune.py b/ansible_collections/containers/podman/plugins/modules/podman_prune.py index ee4c68a93..3fe3b7539 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_prune.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_prune.py @@ -66,17 +66,17 @@ options: type: dict system: description: - - Wheter to prune unused pods, containers, image, networks and volume data + - Whether to prune unused pods, containers, image, networks and volume data type: bool default: false system_all: description: - - Wheter to prune all unused images, not only dangling images. + - Whether to prune all unused images, not only dangling images. type: bool default: false system_volumes: description: - - Wheter to prune volumes currently unused by any container. + - Whether to prune volumes currently unused by any container. type: bool default: false volume: diff --git a/ansible_collections/containers/podman/plugins/modules/podman_runlabel.py b/ansible_collections/containers/podman/plugins/modules/podman_runlabel.py new file mode 100644 index 000000000..e5b6cf32f --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_runlabel.py @@ -0,0 +1,86 @@ +#!/usr/bin/python +# coding: utf-8 -*- + +# Copyright (c) 2023, Pavel Dostal <@pdostal> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r''' +module: podman_runlabel +short_description: Run given label from given image +author: Pavel Dostal (@pdostal) +description: + - podman container runlabel runs selected label from given image +options: + image: + description: + - Image to get the label from. + type: str + required: true + label: + description: + - Label to run. + type: str + required: true + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +requirements: + - "Podman installed on host" +''' + +RETURN = ''' +''' + +EXAMPLES = ''' +# What modules does for example +- containers.podman.podman_runlabel: + image: docker.io/continuumio/miniconda3 + label: INSTALL +''' + +from ansible.module_utils.basic import AnsibleModule # noqa: E402 + + +def runlabel(module, executable): + changed = False + command = [executable, 'container', 'runlabel'] + command.append(module.params['label']) + command.append(module.params['image']) + rc, out, err = module.run_command(command) + if rc == 0: + changed = True + else: + module.fail_json(msg="Error running the runlabel from image %s: %s" % ( + module.params['image'], err)) + return changed, out, err + + +def main(): + module = AnsibleModule( + argument_spec=dict( + image=dict(type='str', required=True), + label=dict(type='str', required=True), + executable=dict(type='str', default='podman') + ), + supports_check_mode=False, + ) + + executable = module.get_bin_path(module.params['executable'], required=True) + changed, out, err = runlabel(module, executable) + + results = { + "changed": changed, + "stdout": out, + "stderr": err + } + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_save.py b/ansible_collections/containers/podman/plugins/modules/podman_save.py index bc7ce252c..e23f31021 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_save.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_save.py @@ -20,7 +20,8 @@ options: image: description: - Image to save. - type: str + type: list + elements: str required: true compress: description: @@ -70,9 +71,14 @@ RETURN = ''' EXAMPLES = ''' # What modules does for example - containers.podman.podman_save: - dest: /path/to/tar/file - compress: true - format: oci-dir + image: nginx + dest: /tmp/file123.tar +- containers.podman.podman_save: + image: + - nginx + - fedora + dest: /tmp/file456.tar + multi_image_archive: true ''' import os # noqa: E402 @@ -92,7 +98,8 @@ def save(module, executable): for param in module.params: if module.params[param] is not None and param in cmd_args: command += cmd_args[param] - command.append(module.params['image']) + for img in module.params['image']: + command.append(img) if module.params['force']: dest = module.params['dest'] if os.path.exists(dest): @@ -116,7 +123,7 @@ def save(module, executable): def main(): module = AnsibleModule( argument_spec=dict( - image=dict(type='str', required=True), + image=dict(type='list', elements='str', required=True), compress=dict(type='bool'), dest=dict(type='str', required=True, aliases=['path']), format=dict(type='str', choices=['docker-archive', 'oci-archive', 'oci-dir', 'docker-dir']), diff --git a/ansible_collections/containers/podman/plugins/modules/podman_secret.py b/ansible_collections/containers/podman/plugins/modules/podman_secret.py index fc8ec1f1d..a31aae9dc 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_secret.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_secret.py @@ -61,6 +61,15 @@ options: choices: - absent - present + labels: + description: + - Labels to set on the secret. + type: dict + debug: + description: + - Enable debug mode for module. + type: bool + default: False ''' EXAMPLES = r""" @@ -91,19 +100,75 @@ EXAMPLES = r""" """ from ansible.module_utils.basic import AnsibleModule +from ansible_collections.containers.podman.plugins.module_utils.podman.common import LooseVersion +from ansible_collections.containers.podman.plugins.module_utils.podman.common import get_podman_version +diff = {"before": '', "after": ''} -def podman_secret_create(module, executable, name, data, force, skip, - driver, driver_opts): - if force: - module.run_command([executable, 'secret', 'rm', name]) - if skip: + +def podman_secret_exists(module, executable, name, version): + if version is None or LooseVersion(version) < LooseVersion('4.5.0'): rc, out, err = module.run_command( [executable, 'secret', 'ls', "--format", "{{.Name}}"]) - if name in [i.strip() for i in out.splitlines()]: - return { - "changed": False, - } + return name in [i.strip() for i in out.splitlines()] + rc, out, err = module.run_command( + [executable, 'secret', 'exists', name]) + return rc == 0 + + +def need_update(module, executable, name, data, driver, driver_opts, debug, labels): + + cmd = [executable, 'secret', 'inspect', '--showsecret', name] + rc, out, err = module.run_command(cmd) + if rc != 0: + if debug: + module.log("PODMAN-SECRET-DEBUG: Unable to get secret info: %s" % err) + return True + try: + secret = module.from_json(out)[0] + # We support only file driver for now + if (driver and driver != 'file') or secret['Spec']['Driver']['Name'] != 'file': + if debug: + module.log("PODMAN-SECRET-DEBUG: Idempotency of driver %s is not supported" % driver) + return True + if secret['SecretData'] != data: + diff['after'] = "<different-secret>" + diff['before'] = "<secret>" + return True + if driver_opts: + for k, v in driver_opts.items(): + if secret['Spec']['Driver']['Options'].get(k) != v: + diff['after'] = "=".join([k, v]) + diff['before'] = "=".join( + [k, secret['Spec']['Driver']['Options'].get(k)]) + return True + if labels: + for k, v in labels.items(): + if secret['Spec']['Labels'].get(k) != v: + diff['after'] = "=".join([k, v]) + diff['before'] = "=".join( + [k, secret['Spec']['Labels'].get(k)]) + return True + except Exception: + return True + return False + + +def podman_secret_create(module, executable, name, data, force, skip, + driver, driver_opts, debug, labels): + podman_version = get_podman_version(module, fail=False) + if (podman_version is not None and + LooseVersion(podman_version) >= LooseVersion('4.7.0') + and (driver is None or driver == 'file')): + if not skip and need_update(module, executable, name, data, driver, driver_opts, debug, labels): + podman_secret_remove(module, executable, name) + else: + return {"changed": False} + else: + if force: + podman_secret_remove(module, executable, name) + if skip and podman_secret_exists(module, executable, name, podman_version): + return {"changed": False} cmd = [executable, 'secret', 'create'] if driver: @@ -112,6 +177,10 @@ def podman_secret_create(module, executable, name, data, force, skip, if driver_opts: cmd.append('--driver-opts') cmd.append(",".join("=".join(i) for i in driver_opts.items())) + if labels: + for k, v in labels.items(): + cmd.append('--label') + cmd.append("=".join([k, v])) cmd.append(name) cmd.append('-') @@ -121,6 +190,10 @@ def podman_secret_create(module, executable, name, data, force, skip, return { "changed": True, + "diff": { + "before": diff['before'] + "\n", + "after": diff['after'] + "\n", + }, } @@ -150,6 +223,8 @@ def main(): skip_existing=dict(type='bool', default=False), driver=dict(type='str'), driver_opts=dict(type='dict'), + labels=dict(type='dict'), + debug=dict(type='bool', default=False), ), ) @@ -165,9 +240,11 @@ def main(): skip = module.params['skip_existing'] driver = module.params['driver'] driver_opts = module.params['driver_opts'] + debug = module.params['debug'] + labels = module.params['labels'] results = podman_secret_create(module, executable, name, data, force, skip, - driver, driver_opts) + driver, driver_opts, debug, labels) else: results = podman_secret_remove(module, executable, name) diff --git a/ansible_collections/containers/podman/plugins/modules/podman_secret_info.py b/ansible_collections/containers/podman/plugins/modules/podman_secret_info.py new file mode 100644 index 000000000..ebe854241 --- /dev/null +++ b/ansible_collections/containers/podman/plugins/modules/podman_secret_info.py @@ -0,0 +1,121 @@ +#!/usr/bin/python +# Copyright (c) 2024 Red Hat +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r''' +module: podman_secret_info +author: + - "Sagi Shnaidman (@sshnaidm)" +short_description: Gather info about podman secrets +notes: [] +description: + - Gather info about podman secrets with podman inspect command. +requirements: + - "Podman installed on host" +options: + name: + description: + - Name of the secret + type: str + showsecret: + description: + - Show secret data value + type: bool + default: False + executable: + description: + - Path to C(podman) executable if it is not in the C($PATH) on the + machine running C(podman) + default: 'podman' + type: str +''' + +EXAMPLES = r""" +- name: Gather info about all present secrets + podman_secret_info: + +- name: Gather info about specific secret + podman_secret_info: + name: specific_secret +""" + +RETURN = r""" +secrets: + description: Facts from all or specified secrets + returned: always + type: list + sample: [ + { + "ID": "06068c676e9a7f1c7dc0da8dd", + "CreatedAt": "2024-01-28T20:32:08.31857841+02:00", + "UpdatedAt": "2024-01-28T20:32:08.31857841+02:00", + "Spec": { + "Name": "secret_name", + "Driver": { + "Name": "file", + "Options": { + "path": "/home/user/.local/share/containers/storage/secrets/filedriver" + } + }, + "Labels": {} + } + } + ] +""" + +import json +from ansible.module_utils.basic import AnsibleModule + + +def get_secret_info(module, executable, show, name): + command = [executable, 'secret', 'inspect'] + if show: + command.append('--showsecret') + if name: + command.append(name) + else: + all_names = [executable, 'secret', 'ls', '-q'] + rc, out, err = module.run_command(all_names) + name = out.split() + if not name: + return [], out, err + command.extend(name) + rc, out, err = module.run_command(command) + if rc != 0 or 'no secret with name or id' in err: + module.fail_json(msg="Unable to gather info for %s: %s" % (name or 'all secrets', err)) + if not out or json.loads(out) is None: + return [], out, err + return json.loads(out), out, err + + +def main(): + module = AnsibleModule( + argument_spec=dict( + executable=dict(type='str', default='podman'), + name=dict(type='str'), + showsecret=dict(type='bool', default=False), + ), + supports_check_mode=True, + ) + + name = module.params['name'] + showsecret = module.params['showsecret'] + executable = module.get_bin_path(module.params['executable'], required=True) + + inspect_results, out, err = get_secret_info(module, executable, showsecret, name) + + results = { + "changed": False, + "secrets": inspect_results, + "stderr": err, + } + + module.exit_json(**results) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/containers/podman/plugins/modules/podman_volume.py b/ansible_collections/containers/podman/plugins/modules/podman_volume.py index c533091e1..b4d5062fa 100644 --- a/ansible_collections/containers/podman/plugins/modules/podman_volume.py +++ b/ansible_collections/containers/podman/plugins/modules/podman_volume.py @@ -327,7 +327,13 @@ class PodmanVolume: # pylint: disable=unused-variable rc, out, err = self.module.run_command( [self.module.params['executable'], b'volume', b'inspect', self.name]) - return json.loads(out)[0] if rc == 0 else {} + if rc == 0: + data = json.loads(out) + if data: + data = data[0] + if data.get("Name") == self.name: + return data + return {} def _get_podman_version(self): # pylint: disable=unused-variable |